MAHESH SARJERAO GIRHE

Linkedln:-
https://www.linkedin.com/in/maheshgirhe787
5
  OSI (Open system interconnect)
1.Explain OSI Layer?
▪ Open systeminterconnect (OSI) was developedby the international organization for
standardization (ISO) and introduced in 1984.
▪ It’s a consists of sevenlayers
▪ Application layer, Presentationlayer, Sessionlayer, Transport layer, Network layer,
Data link layer, Physical layer.
2.Which Layer is Responsiblefor ReliableConnection?
The transport layer guarantees a reliable end-to-end connection
3.What are Different protocol works at each of the Layer in OSI model?
Application layer
It’s responsiblefor providing an interfacefor the userto interact with application services or network
services. Ex-Webbrowser(HTTP), Telnet
Presentation layer
It’s responsiblefor defining a standardformat to the data.
The major functions described at this layer are: -
Encoding-Decoding Ex- AVI-(video), WAV-(voice), JPEG(graphite), ASCII (text)
Encryption-Decryption
Session layer
It’s responsiblefor establishing, maintaining, andterminating thesessions. Session
ID is used to identify a sessionor interaction.
Ex-Remoteprocedural call, Apple talksessionprotocol
TransportLayer
It provides data delivery mechanismbetween applications in the network.
Transport layeris the major function layer In OSI layer
Identifying service
Multiplexing&De-multiplexing
Segmentation, Errorcorrection, flow control
Transport layerprotocols?
The protocols which takes careof data transport at transport layerareTCP/UDP
Different between TCP/UDP
TCP UDP
TransmissionControlProtocol Userdatagramprotocol
Connection Oriented Connectionless
Support acknowledgements No support for acknowledgements
Reliable communication Unreliablecommunication
Protocol no.6 Protocol no.17
Ex-HTTP, FTP, SMTP DNS, DHCP, TFTP
NetworkLayer

1
It provides logical addressing pathdetermination (routing)
The protocols that work in this layer are: -Routed Protocol, Routing Protocol Routed
ProtocolsUsedtocarryuserdata between data.
RoutingProtocolsusedperforms pathdeterminisationrouting.
Datalink layer
It provides communication with network layer.
Mac(media access control) it provides reliable transit of data across a physical link.
Physicallayer
It defines the electrical, mechanicalfunctional specification for communication betweenthe network
devices.
5.What is the port number and give some example?
A port number is a way toidentify a specific process towhich an Internet or othernetwork message
is to be forwarded when it arrives at a server. Forthe TransmissionControlProtocol and the User
DatagramProtocol, a port number is a 16-bit integerthat is put in the headerappended to a
messageunit.
▪ FTP-File TransferProtocol (TCP-20,21)
▪ SSH-SecureShell SSH Secure Login (TCP-22)
▪ Telnetremote login service, unencrypted text messages (23)
▪ SMTP-Simple MailTransferProtocol E-mail routing (TCP-25)
▪ DNS-DomainName System(TCP/UDP-53)
▪ DHCP-Dynamic Host ConfigurationProtocol IP-(67server)-68(client).
▪ HTTP-Hypertext TransferProtocol (TCP-80)used in theWorld Wide Web (TCP-80)
▪ POP3-Post Office Protocol POP3 (TCP-110)
▪ NTP-Network Time Protocol (UDP-123)
▪ SNMP-Simple NetworkManagement Protocol (UDP-161/162)
▪ HTTPS-Secure (HTTPS) HTTPover TLS/SSL(TCP-443)

6.What is the range of port Number?

Well known Ports – 0 to 1023
RegisteredPorts-1024 to 49151
Open Poerts-49152 to 65535

7.What is a Protocol Number and give some examples?

The protocol number is a singlebyte in the third word of thedatagramheader. Thevalue identifies
the protocol in the layerabove IP to which the data should be passed. Protocol ProtocolNumber
▪ ICMP--------------------1
▪ IGMP--------------------2
▪ IPV4---------------------4 ▪ TCP----------------------6 ▪ EGP----------------------8
▪ IGP-----------------------9
▪ UDP---------------------17
▪ IPV6---------------------41
▪ GRE---------------------47
▪ EIGRP-------------------88
▪ OSPF--------------------89
▪ BGP---------------------179
8.What is the Unicast, Multicast and Broadcast?

2
Unicast
In computer networking, unicast is a one-to-one transmission.
Multicast
In computer networking, multicast is group communication.
Broadcast
In computer networking, one-to-many
9.What is the different betweenHalf-duplexand Fullduplex?
Half Duplex-Data can flow in both direction but not simultaneously. At a time, Data can flow
only in one directional Ex-HUB.
Full Duplex-Data can flow both directional simultaneously-Switch.
10.What is the MAC format?
It is a 12 Digits 48 Bit(6byte) Hardware addresswritten in Hexadecimal format.
It consists of two parts: -
▪ The first 24 Bits OUI (Organizationally Unique Identifier) is assigned by IEEE.
▪ The last 24 Bits is Manufacturing-assigned Code.

11.What is a Frame?
The Data link layer formats the message into pieces, each called a data frame and adds a
customized header containing the hardware source and destination address.

12.What is the TCP/IP Model?

TCP/IP is four-layer standard model.
The four layers of TCP/IP model are: -Application layer, Transport layer, internet layer,
Networkaccess layer.

13.What are the protocols that are includeby each layer of the TCP/IP model?
▪ Application layer-DNS,DHCP, FTP, TFTP, SMTP, HTTP,Telnet,SSH.
▪ Transport layer-TCP, UDP
▪ Internet layer-IP, ICMP,IGMP
▪ Network access layer-Ethernet,Token Ring, FDDI,X.25,Frame Relay,ARP,RARP.

 ARP (AddressResolutionProtocol)
14.What is the ARP?
AddressResolution Protocol (ARP) is a networkprotocol, which is used to map a network
layer protocol address(IP address) to a data link layer hardware address (MAC address).
ARP basically resolvesIP address to the corresponding MAC address.

15.ARP work at Which layer and Why?

ARP work at the data link layer (layer 2) ARPIs implemented by the network protocol driver and its
packets areencapsulatedby ethernet headers and transmitted.
16.What is an ARP Table(cache)?
An ARP cache is a collection of Address Resolution Protocol entries (mostly dynamic) that
are created when an IP address is resolved to a MAC address (so the computer can

3
effectivelycommunicate with the IP address)An ARP cache helps the attackers hide behind
a fake IP address.
17.What is the size of an ARP request and ARP reply packet?
The size of an ARP request or reply packet is 28 bytes.
18.What is Proxy ARP?
Proxy ARP is the process in which one device respondsto the ARP requestfor another devices.
Ex-Host A send an ARP requestto resolve the IP addressof Host B. Instead of Host B, Host C
respondsto this ARP request.
21.What is Reverse ARP?
ReverseARPis used toobtain thedevice’s IP address when its MAC address is already known.

22.What is Inverse ARP?

InverseARPdynamically maps local DLCIs toremoteIP address when frameRelay is configured.
 TCP (TransmissionControlProtocol)

23.What is (TransmissionControlProtocol)TCP?
It is one of the most used protocols within digital network communications and ensures end-
to-enddata delivery. TCP organizes data so that it can be transmitted betweena server and a
client. It guarantees the integrity of the data being communicated over a network.

24.Explain TCP Three-Way handshake process?

TCP 3-way handshake is a process which is usedin a TCP/IPnetwork to make a connection
betweenthe serverand client. It is a three-stepprocessthat requires both the client and
serverto exchange synchronization and acknowledgment packets before the real data
communication process starts.

25.What is the propose of RST bit?

When the connection is not allowed by destination connection is reset
26.What are the TCP Flags?
TCP Flags are usedto influence the flow of Data across a TCP connection.
▪ 1.PUSH(PSH)-It pushes the buffered data to the receiver’s application. If data is tobe send on
theimmediate basic, wewill push it.
▪ 2.Reset(RST)- It Reset theconnection.
▪ 3.Finish (FIN)- It Finishes the session. It means NoMore Data form the sender.
▪ 4.Urgent(URG)- It is used to set the priority to tell the receiverthat this data is important for
you.

4
 ▪ 5.Acknowlagement-(ACK)-Allpackets afterSYS packet sent by the client should have this flag
set.ACK=10means host has received0 through 9 and is expecting byte 10 next. ▪
6.Synchronize(SYN)-It initiateda connection. It Synchronize sequencenumber.

28.What is the importance of SequenceNumber and Acknowledgement Number?

▪ Sequence Number is a 32-bit field which indicates the amount of data that is send during a
TCPsession. Bysequence number, thesender canbe assuredthat thereceiver receivedthe data
becausethe receiveruses this sequencenumber as theacknowledgement number in the next
segment it sends to acknowledge thereceived data. When the TCPsession starts, the initial
sequences number can be any number in the rangeof 0-4294967295.
▪ Acknowledgement number is usedto Acknowledge the received data and is equal to the
received sequencenumber plus 1.
29.Which is the importance of the identification fieldin the IP Packets?
This is used to identify eachfragmentedpacket sothat destination device can rearrangethewhole
communication in order.
30.What is the MTU (Maximum Transmission Unit)?
A maximum transmission unit (MTU) is the largest packet or frame size, specifiedin octets
(eight-bit bytes) that can be sentin a packet- or frame-basednetworksuch as the internet.
The internet's transmission control protocol (TCP) usesthe MTU to determine the
maximum size of each packet in any transmission.

31.What is the Fragmentation?

Fragmentation is a process of breaking the IP packet into smaller pieces (fragment).
Fragmentation is required whenthe datagram is larger than the MTU. Each fragment then
becomesa datagram and transmitted independentlyfrom source.These datagrams are
reassembledby the destination.

32.How the packet is reassembled?

IP fragmentation is an InternetProtocol (IP) process that breaks packets into smaller pieces
(fragments),so that the resulting piecescan pass through a link with a smaller maximum
transmission unit (MTU) than the original packet size. The fragments are reassembled by the
receiving host.

33.What is the Importance of DF, FM Flag?

If DF bit is set,fragmentation is not allowed. When a router needsto forward a packet larger
than the outgoing interface's MTU, the router either fragmentthe packet or discards it.

34.What is the purpose of a fragment offset?

It is usedto define the size of each fragmentation packet.

35.What is the important of TTL Value?

It defineshow long a packet can travel in the network.It is the number of hops that the IP
datagram will go through before being discarded. At every hop, the TTL value is
decrementedby 1. When this field become zero,the datagram is discarded. This behaviour
helps preventrouting loops. The typical value for a TTL field is 32 or 64.

5
  Routing
37.What is the Routing?
The function of routing is to route packet betweennetworks that are not locally attached.

38.What is the Router?

▪ It’s is a device which enablescommunication betweentwoor more
differentlogical network.
▪ It’s a network layer-3 device.

39.What are the differenttypes of Memory in the router?

▪ RAM-Running configuration file: running -config is store in RAM.
▪ NVRAM-Start-up configuration file: start-up configuration is storedin
NVRAM
▪ Flash Memory-IOS is stored in Flash memory
▪ ROM-Instruction for Post, Bootstrap, Mini-IOS is Stored in ROM
40.What are the possible location of IOS Image?
▪ FLASH and TFTP Server.

41.What are differentmodes in the router?

User mode: -
▪ Only some basic monitoring and limited show commands work in this mode.
▪ Ex-Enable, ping, traceroute, etc. Router> Privilegemode: -
▪ Monitoring Troubleshooting and verification commands work in this mode.
▪ Ex-show,configure terminal, write, etc Router# Global Configuration mode:
-
▪ Global Configuration made in this mode affects the operation of the device.
▪ Ex-Hostname,etc. Router(config)#

42.What is the command to reboot a router?

▪ #reload

43.What is the command to backup IOS to TFTP server?

▪ #copy flash tftp

44.What is the command to copy running config to startup config?

▪ #copy running-config start-up-config

45.Define static routing?

▪ In static routing, route manually configured on the router by network
administrator
Advantages Disadvantages
Secured Noautomatic updates
Reliable Needof destination networkID for the Configuration

6
Faster Administrative work is more
No wastage of bandwidth Usedin small network

46.What is a default route?

A default route specifies a path that the router should take if the destination is unknow. All
the IP datagrams with unknow destination address are send to default route.

47.What is a Dynamic routing?

In Dynamic routing, route is learned by using a routing protocols will learn about routers
from other neighbouring router running the same routing protocol Ex-OSPF, EIGRP,BGP.

48.What is the Routed protocol?

A routed protocol carries data from one network to another network.Routed protocol
carries user traffic such as file transfer,web traffic, e-mail. Ex-IP,IPX and apple talk.

49.What is the Routing Protocol?

Routing protocols learn the routes and provide the bestroute from one network to another
network. Ex-EIGRP, OSPF,RIP.
50.What is IGP?
An Interior Gateway Protocol refer to a routing protocol that handles routing a single
autonomous system. Ex-RIP, EIGRP,OSPF.

51.What is EGP?
An Exterior Gateway Protocol referto a routing protocol that handles routing between
differentAutonomousSystem (AS) Ex-BorderGateway Protocol (BGP).

52.What is an Autonomous System?

An AutonomousSystem (AS) is a group of networks undera single administrative control.

53.What is Administrative Distance?

Administrative Distance is the trustworthiness of a routing protocol. Routers use AD value
to select the bestpath whenthere are two or more differentroutes to the same destination
learned two differentrouting protocols.

54.What is the Range of AD Values?

▪ 0-255, Where 0 is the best and 255 is the worst. Routing Protocol Administrative
Distance
▪ Direct connect 0 ▪ Static route - 1
▪ EIGRP (summary route) 5
▪ eBGProute 20 ▪ EIGRP route 90
▪ OSPF route 110
▪ RIP route 120
▪ Exterior EIGRP 170
▪ iBGP 200

7
55.What is Distance-Vector Routing Protocol?
Distance vector routing protocol use the distance or hops as the metric to find path to
destination.
▪ Ex-RIP, EIGRP

56.What is Link-State Routing Protocol?

Link state routing is a technique in which each router shares the knowledge of its
neighbourhood with everyother router in the internetwork. Every router that receivesthe
packet sendsthe copies to all its neighbours. Finally, each router receives a copy of the
same information ▪ Ex-OSPF

57.What is Hybrid Routing Protocol?

Hybrid Routing Protocol (HRP) is a network routing protocol that combines Distance Vector
Routing Protocol (DVRP) and Link State Routing Protocol (LSRP) features.
▪ Ex-EIGRP
58.What is a Routing Metric?
Routing Protocol usesroute metric value to find the best path when there are two or more
differentroute to the same destination.
Differentrouting protocols use route metric to compute the destination.
▪ Ex-RIP-Hop count, OSPF-Cost,EIGRP-Bandwidth,Delay, Reliability, Load, MTU.

59.What is Hop Count?

Hop count is the number of routers from the sources though which data must pass to reach
the destination network.

60.What is Bandwidth, Delay, Reliability,Load?

▪ Bandwidth- It is the Data capacity of a link in Kbps.
▪ Delay- It is the time takes to reach the destination.
▪ Reliability- The path with the least amount of errors or downtime.
▪ Load- It is the amount of utilization of a path
▪ MTU- maximum transmission unit (MTU) define the maximum size of the packet that
can be sentover a medium.

61. Define Bandwidth and Latency?

Bandwidth looks at the amount of data being transferredwhile latency looks at the amount
of time it takes data to transfer.These two terms come togetheras throughput, which
refersto the amount of data that is being transferred over a set period.

62.What is Cost?
Cost is the inverse proportion of bandwidth of the links.

63.What is CDP?
Cisco Discovery Protocol is a Cisco proprietary protocol to help administrators in collection
about information both locally attached and remote devices.

8
  EIGRP (Enhanced InteriorGatewayRoutingProtocol)
64.Explain EIGRP Routing Protocol?
▪ Enhanced Interior GatewayRouting Protocol (EIGRP Protocol) is an enhanced
distance vector routing protocol which uses DiffusedUpdate Algorithm (DUAL) to
calculate the shortest path. Is also considered as a hybrid routing protocol because
it has characteristic of both Distance vector & Link State Routing Protocol.
▪ EIGRP support classless routing & VLSM, route summarization, incremental updates,
load balancing and other future.
65.What are the requirement Neighborship in EIGRP?
The following field in a hello packet must for routers to become neighbours: -
▪ AutonomousSystem number ▪ K-values.
▪ Authentication.
▪ Primary address should be used.
▪ If static neighborship them should be define on both sides.
66.What table do EIGRP routers maintain?
EIGRP router stores routing and topology information in Three tables: ▪
Neighbour Table- Store information about EIGRP neighbours.
▪ Topology Table- Store routing information which is learn from neighbours’routers.
▪ Routing Table- Store the bestpath to all networks.

70.Why no auto-summary command used in EIGRP?

By default ,EIGRP behaveslike a classful routing protocol which means it doesnot advertise
the subnetmask information along with the routing information .No auto-summary
command will ensure that EIGRP sentthe subnetmask information along with the routing
information.

71.What metric does EIGRP used?

EIGRP calculated its metric by using Bandwidth, Load, Delay, Reliability and MTU.

72.What are the EIGRP Hello& Hold Timer?

▪ HelloTimer- Router will senda hello to its neighbours every5 seconds (hello time)
▪ Hold Timer- If Router doesnot receive hello for 15 seconds (hold timer) then it will
assume that link down and it will drop neighborship.

73.What is a Successor?
A successor is the bestpath to reach a destination in the topology table.

74.What is the Feasiblesuccessor?

A Feasible successor is the second-bestpath to reach a destination after successor. It acts as
a backup for the successor.

75.What is the Feasibledistance?

9
Feasible distance is the distance (metric) to reach the destination network. The route with
this metric will be in the routing table as it is the best route to reach a remote(destination)
Network.

76.What is advertised Distance & Reported Distance?

Advertiseddistance is the distance (metric) of a neighbour router to reach the destination
network.This is the metric of a destination network as reported by a neighbour.

77.What authentication does EIGRP support?

EIGRP support only MD5 authentication.

78.What is the Formula EIGRP used to Calculate Metric?

((10^7/least bandwidth of link) +cumulative delay) *256

79.What is the Different Administrative Distance that EIGRP used?

▪ Internal-90
▪ Extranal-170
▪ Summary -5
80.What is the EIGRP packet types?
Hello— Usedfor discovery of EIGRP neighbours and for detecting when a neighbour is no
longer available
Request— Usedtoget specific information from one or more neighbours
Update— Usedto transmit routing and reachabilityinformation with other EIGRPneighbours
Query—Sent out to searchfor another pathduring convergence Reply—Sent
in responseto a query packet

81.Whatis theEIGRP named mode?

The named mode is the new wayof configuring EIGRPthis mode allows EIGRPconfigurations to be
enteredin a hierarchicalmanner under the router mode. Each named mode configuration can have
multiple address families and autonomous systemnumber combinations.

82.What is the EIGRP Passive interface?

With EIGRP running on a network, the passive-interface command stops both outgoing and
incoming routing updates

83.What is EIGRP variance values?

EIGRPprovides a mechanismto load balanceover unequal cost paths through
VarianceCommand. Varianceis a number (1 to 128), multiplied by the local best metric then
includes the routes with the lesserorequal metric. Thedefault Variancevalueis 1, which means
equal-cost load balancing.

84. What is the EIGRP Convergence?

Regarding convergence, EIGRP maintains a backup route.In case the current path to the
destination network fails, it can immediately switch over to using the backup route, the
feasible successor leading to faster convergence.

10
85. How do I fixEIGRP stuck in active?
EIGRP maintains a timer called “active timer” which has a default value of 3 minutes(180
seconds).EIGRP waits half of the active timer value (90 seconds) for a reply. If the router
does not receive a response within 90 seconds, the originating router sends a stuck in active
(SIA) queryto EIGRP neighbours that did not respond

86. What is leak map in EIGRP?

The leak-map just allows you to advertise a specific prefix within the range of a summary
advertisement,as well as the summary itself. Basically, all routers justhave EIGRP 100
running & auto-summary disabled.

87. What is the EIGRP stub router?

Stub routing is an EIGRPfeatureprimarily designedto conserve local routerresources, suchas
memory and CPU, and improve network stability. Thestub routing featureis most used in hub-
andspoke networks.

88.What is split horizon in EIGRP?

Split horizon is oneof themethods used by distancevector routing protocols to avoid routing loops.
The principle is simple – a routerwill not advertisea route back onto theinterface from which it was
learned. Split horizon is enabled on interfaces by default.
89.What multicast address does EIGRP used? EIGRP
router use the multicast address of 224.0.0.10

90.How Configure EIGRP?

▪ Router (Config)#routereigrp 100
▪ Router (Config-router) #network172.16.1.0 0.0.0.255
▪ Router (Config-router) #network10.16.1.0 0.0.0.255
▪ Router (Config-router) #noauto-summary

91.How to configuration EIGRP named mode?

▪ R1(Config)#router eigrp name IBMHyd
▪ R1(Config-router)#address-familyipv4 autonomous-system12
▪ R1(Config-router-af)# Network 192.168.12.0 ▪ R1(Config-router-af)#af-
interfaceFastehternet 0/0

92.Tell me some commands to troubleshoot EIGRP?

▪ #show ip route  It Shows full Routing Table
▪ #show router ip eigrp  It Shows only EIGPR Routes
▪ #show ip eigrp neighbours  It Shows EIGPRNeighbours Table
▪ #show ip eigrp topology  It Shows EIGPRTopology Table

 OSPF(Open ShortestPath First)

93.What is the OSPF routing protocol?

11
Open ShortestPath First (OSPF) is a link-state routing protocol that is usedto find the best
path betweenthe source and the destination router using its own Shortest Path First (SPF).
OSPF is developedbyInternetEngineering Task Force (IETF) as one of the Interior Gateway
Protocol (IGP),i.e,the protocol which aims at moving the packet within a large autonomous
systemor routing domain. It is a networklayer protocol which works on the protocol number
89 and usesAD value 110. OSPFuses multicast address 224.0.0.5 for normal communication
and 224.0.0.6 for update to designated router (DR)/Backup Designated Router (BDR).

94.What is the area in OSPF?

An area is a logical collection of OSPF networks,routers, and links that have the same area
identification. A router within an area must maintain a topological database for the area
to which it belongs.

95.What is the Intra-area route?

Intra-area routes referto updatesthat are passedwithin the area.

96.What is an Area border router (ABR)?

An area border router is in the OSPF boundary betweentwo areas. Both sides of any link
always belong to the same OSPF area.
97.What is the Backbone area?
The backbone area (Area 0) is the core of an OSPF network. All other areas are connected to
it and all traffic betweenareas must traverse it. All routing between areas is distributed
through the backbone area

98.What is an Autonomous System Boundary Router ASBR?

An AutonomousSystem Boundary Router (ASBR) is a router that is running multiple
protocols and servesas a gateway to routers outside the OSPF domain and those operating

12
with differentprotocols. The ASBR can import and translate differentprotocol routes into
OSPF through a process knownas redistribution.

99.Why area is used in OSPF?

OSPF usesareas to simplify administration and optimize traffic and resource utilization.

100.What is the Router ID (RID)?

Every router running OSPF within a networkmust have a unique router ID (RID). This
identification is a 32-bit number that identifies one router to another router within an AS.

101.What is OSPF Hellointerval?

OSPF useshello packets and two timers to check if a neighbour is still alive or not: Hello
interval (10 sec)

102.What is OSPF Dead interval?

Dead interval: this defineshow long we should wait for hello packets before we declare the
neighbour dead. (40 Sec)

103.What is the OSPF interface priority?

Default priority for an OSPF interface is 1. The range is from 0 to 255. 0 means that the
interface does not involve in the DR/BDR election.
104.What is the passive interface?
▪ Passive Interface is a feature usedby routing protocol to stop sending updates on the
interface.
▪ If an interface is configured as a passive interface, it does not participate in OSPF and
does not establish adjacencies or sendrouting updates.However,the interface is
announced as part of the routing network
105.What are the Requirements of neighbor adjacency?
Establish neighbour adjacencies: OSPF-enabledrouters must form adjacencies with their
neighbour before they can share information with that neighbour.
▪ The devices must be in the same area.
▪ The devices must have the same authentication configuration.
▪ The devices must be on the same subnet.
▪ The MTUs on the interfaces must match.
▪ The devices hello and deadintervals must match.
▪ The devices must have matching stub flags.
106.How do I reset my OSPF neighbour?
Use the clear ip ospf neighbour command to clear neighbour

107.What is Designated Router (DR)?

▪ Designated Router (DR) – It is electedto minimize the number of adjacencies
formed.DR distributes the LSAs to all the other routers. DR is electedin a broadcast
networkto which all the other routers sharestheir DBD. In a broadcast network,

13
 router requestsfor an update to DR and DR will respond to that request with an
update.
108.What is Backup-Designated Router (BDR)?
Backup Designated Router (BDR) – BDR is backup to DR in a broadcast network. When DR
goes down,BDR becomesDR and performsits functions.

109.How OSPF DR and BDR are elected?

DR and BDR election– DR and BDR election takesplace in broadcast networkor multiaccess
network. Here are the criteria for the election:
▪ Router having the highest router priority will be declared as DR.
▪ If there is a tie in router priority, thenhighest router I’dwill be considered. First, the
highest loopback address is considered. If no loopback is configured, then the highest
active IP addresson the interface of the router is considered.
110.What is the OSPF packet types?
OSPF usesthe assigned IPv4 protocol 89 and multicast addresses224.0.0.5 (All routers) and
224.0.0.6 (DR routers) where possible to reduce unnecessary traffic.
▪ Hello- neighbourdiscovery, build neighbour adjacencies and maintain them.
▪ DBD (Database description)-This packet is used to check if the LSDB between 2
routers is the same. The DBD is a summary of the LSDB.
▪ LSR (Link-state request) -Requestsspecific link-state records from an OSPF neighbour.
▪ LSU (Link-state update)- Sendsspecific link-state records that were requested.This
packet is like an envelope with multiple LSAs in it.
▪ LSAck (Link-state acknowledgments)- OSPF is a reliable protocol so we have a packet
to acknowledge the others.
111.What is the OSPF neighbor states?
OSPF must get through 7 states to become neighbour here they are:
▪ Down – In this state,no hello packet has been receivedon the interface. Note – The
Down state doesn’tmean that the interface is physically down.Here, it means that
OSPF adjacency process has not started yet.
▪ INIT – In this state, hello packet has beenreceivedfrom the other router.
▪ 2WAY – In the 2WAY state, both the routers have receivedthe hello packets from
other routers. Bidirectional connectivity has beenestablished.
Note – In betweenthe 2WAY state and Exstart state, the DR and BDR election takes
place.
▪ Exstart – In this state, NULL DBD are exchanged.Inthis state, master and slave
election take place. The router having the higher router I’d becomesthe master while
other becomes the slave. This election decides Which router will send it’s DBD first
(routerswho have formedneighborship will take part in this election). ▪ Exchange –
In this state,the actual DBDs are exchanged.
▪ Loading – In this state,LSR, LSU and LSA (Link State Acknowledgement) are
exchanged.
Important – When a router receives DBD from another router, it compares its own
DBD with the other router DBD. If the receivedDBD is more updatedthan its own

14
 DBD then the router will sendLSR to the other router stating what links are needed.
The other router replies with the LSU containing the updatesthat are needed.In
return to this, the router replies with the Link State Acknowledgement.
▪ Full – In this state, synchronization of all the information takes place. OSPF routing
can begin only after the Full state.

113.Whatisthe OSPFnetwork types?

The default OSPF networktype is based on media usedfor the connection. Can be changed
independentlyof media used.Cisco provides five OSPF networktypes,as listed in Table 8

114.Whatisthe OSPFAuthentication?
OSPF supports three types of authentication: null, simple password authentication and
MD5 authentication. OSPF MD5 authentication can be configured globally or by
interface. OSPF authentication is for security purpose.

115.Whatisthe RouterLSA (link-stateadvertisement)?

LSA Type 1 (Router LSA) packets are sentbetweenrouters within the same area of origin
and do not leave the area. An OSPF router uses LSA Type 1 packets to describe its own
interfaces but also carries information about its neighbours to adjacent routers in the same
area.

LSA Type 1 Packets exchangedbetween OSPF routers within the samearea

116.What is theNetwork LSA?

15
LSA Type 2 (Network LSA) packets are generated by the Designated Router (DR) to
describe all routers connected to its segmentdirectly. LSA Type 2 packets are
floodedbetween neighbours in the same area of origin and remain within that area.

LSA Type 2 Packets exchangedbetween OSPF DR and neighbour routers

117.Whatisthe Summary LSA?

LSA Type 3 (Summary LSA) packets are generated by Area Border Routers (ABR) to
summarize its directly connected area, and advertise inter-area router information to other
areas the ABR is connected to, with the use of a summary prefix . (e.g.192.168.0.0/22) LSA
Type 3 packetsare floodedto multiple areas throughout the networkand help with OSPF’s
scalability with the use of summary prefixes.

LSA Type 3 - An OSPF ABR router advertises thesummarizedroute192.168.2.0/24to Area 0

118.Whatisthe ASBRSummaryLSA?
LSA Type 4 (ASBR Summary LSA) packets are the LSAs that advertise the presence of an
Autonomous SystemBorder Router (ASBR) to other areas. In the example below whenR2
(ABR) receives the LSA Type 1 packet from R1 it will create a LSA Type 4 (Summary ASBR
LSA) packet, which advertises the ASBR route received from Area 1, and inject it into Area
0.

16
While LSA Type4packets areused by ABRs toadvertisethe ASBR routethrough theirareas, it will not
be used by the ASBR itselfwithin its local area (Area1); ASBR uses LSA Type1to inform its
neighbours (R2 in this case)within its networks.

119.Whatisthe ASBRExternalLSA?
LSA Type 5 (ASBR External LSA) packets are generatedby the ASBR to advertise external
redistributed routes into the OSPF’s AS. A typical example of an LSA Type 5 would be an
external prefix e.g. 192.168.10.0/24 or default route (internet) as shown below:

LSA Type 5 packets advertisethe default route to all OSPF routers

This externalroute/prefix is redistributedin to the OSPF network by the ASBR (R1) and seen as O
E1or E2 entries in other OSPF routers routing tables.

120.What is the NSSA external LSA?

LSA Type 7 (NSSA External LSA) packets are used for some special area typesthat do not
allow external distributed routes to go through and thus block LSA Type 5 packets from
flooding through them, LSA Type 7 packets act as a mask for LSA Type 5 packets to allow
them to move through these special areas and reach the ABR that is able to translate LSA
Type 7 packetsback to LSA Type 5 packets.

121.What does the Table maintain by OSPF?

OSPF router stores routing and topology information in three tables:
▪ Neighbour table – stores information about OSPF neighbours
▪ Topology table – stores the topology structure of a network
▪ Routing table – stores the bestroutes
122.Explain OSPF Virtual Link?
A virtual link is not a physical link. It is a logical link using the least cost path betweenthe ABR
of the non-backbone connected area and the backbone ABR of the transit area.
A virtual adjacency across the virtual link is formed,and routing information is exchanged.

123.Explain Stub Area and differenttypes of Stub area?

Stub Area
Sometimeswe needto control the advertisementof external routes into an area. This area
is called stub area. Stub area are not capable of importing routes externalto OSPF.Type 4,
& Type 5 LSA are filtered from stub areas and a default route is injectedinto that area by
ABR in place of externalroutes.

17
Three restriction apply to OSPF stub area: • 1.No
virtual links are allowed in the stub area.
• 2.Stub area cannot be a backbone area.
• 3.No Autonomous SystemBoundary Router are allowed
Totally Stubby Area
Like stub areas, totally stubbyarea doesnot receive type4 and type5 LSA from their ABRs.
However,they also do not receive type 3 LSAs. It allows advertisementof internal router in
that area.
Not-So-Stubby Areas
The motivation behind NSSA is to allow OSPF stub area to carry external routes.External
router is imported into OSPF NSSA as Type 7 LSA by ASBR. Type 7 LSA cannot go into area
0 so it is convertedback into Type 5 LSA by ABR and injected into area 0.
Totally NSSA
Along with Type4 & Type5, Type3 LSA will also be filtered in Totally NSSA

124.Can we have OSPF run over a GRE Tunnel? Yes,

we can have OSPF run over a GRE tunnel.

125.How do we configure the OSPF Routing Protocol?

• Router (Config)#routerospf 100
• Router (Config-router) #network172.16.1.0 0.0.0.255 area 0
• Router (Config-router) #network10.16.1.0 0.0.0.255 area 1
• Router (Config-router) #exit

 BGP (BorderGatewayProtocol)
126.Explain the Border Gateway Protocol (BGP)?
▪ Border GatewayProtocol (BGP) is a standardized exteriorgateway protocol designed
to exchange routing and reachability information among autonomoussystems (AS)
on the Internet.BGP is classified as a path-vector routing protocol, and it makes
routing decisions based on paths, networkpolicies, or rule-setsconfigured by a
networkadministrator.
▪ BGP usedfor routing within an autonomous system is called Interior Border Gateway
Protocol, Internal BGP (iBGP).In contrast, the Internetapplication of the protocol is
called Exterior Border GatewayProtocol, External BGP (eBGP).
127. What are the BGP features?
▪ Path vectorprotocol
▪ Open standardprotocol.
▪ Classless routing protocol.
▪ Usedthe Path vectoralgorithm.
▪ Administrativedistancefor eBGPis 20,iBGP-200
▪ BGPexchangerouter information betweenautonomous system.
▪ Hello timer is 60 sec; hold on timeris 180 sec.
▪ BGPused TCPport number 179.

18
128.Can Router on differentsubnet become BGP Neighbors?
Can does not require neighbours to be attached to the same subnet. Instead,BGP routers
use a TCP connection betweenthe routers to pass BGPmessage allowing neighbouring
routers to be on the same or differentsubnet.

129.Different betweeneBGP & iBGP neighbors?

▪ IBGP- neighborship is formedbetweenrouters within the same AS (autonomous
system)
▪ EBGP-neighborship is formedbetweenroutersdifferentAS (autonomous system)

130.Explain Loop prevention mechanism in BGP?

BGP usedtwo mechanisms to preventloops: -
▪ When a router learns route from an iBGP peer,that router doesnot advertise the
same routes to another iBGP peer.
▪ By using AS_PATH- When advertising to an eBGP peer,a BGP router adds its own ASN
to the AS_PATH.If a BGP router receives an Update and the route advertisementlists
an_AS_PATHwith its own ASN, the router ignores that route. Note:- A BGProuter does
not add its ASN whenadvertising to an iBGP Peer.

131.What is differentbetweenthe hard reset and soft rest in BGP?

▪ Hard Reset-Incase of hard resetthe local router brings downthe neighborship, brings
down the underlying TCP connection and all the BGP table entire learning from
neighbour are removed#clear ip bgp command used for hard reset.
▪ Soft Reset-In case of a softreset the router doesnot bring down the BGP neighborship
or the underlying TCP connection.
▪ However,the local router resendsoutgoing Updates and reprocessesincoming Update
adjusting the BGP table base on the current configuration #clear ip bgp * soft
command usedfor soft reset.

132.What are differentBGP Message Types?

▪ Open-It is Used to establish a neighbour relationship and exchange parameters,
including autonomoussystem number and authentication values.
▪ Keepalive-aresent periodically (every 60 seconds by default) to ensure that the remote peer
is still available. If a routerdoes not receive a KEEPALIVE from a peer for a Hold-time period
(by default, 180 seconds), therouter declares that peer dead.
▪ Update- It exchange Path Attributes and the associated prefix/length(NLRI) that use
those attributes.
▪ Notification- It is usedto report BGP error. It results in a reset of neighbour
relationship.
133.Explain various state of BGP?
▪ Idle- the initial BGP state.

19
 ▪ Connect- The BGP process is waiting for the TCP Connection to be completed. If it is
successful, it will be continuing to the OpenSent State. In case it fails, it will be
continuing to active state.

▪ Active -BGP will try anotherTCP three-wayhandshake to establish a connection with

the remote BGP neighbour. If it successful, it will be move to the OpenSent State.

▪ Open sent- BGP has both established the TCP connection and sent an OPEN Message
and is awaiting a reply OPEN Message.Once it receivesa reply OPEN Message,the BGP
peerwill senda KEEPALIVE message.

▪ Open confirm- BGPlistens for a reply KEEPALIVEmessage

▪ Established- All neighbour parameters matched, the neighbour relationship has

beenestablished and the peerscan now exchange update message.

134.Explain BGP Path Attributes?

BGP utilizes severalattributes to determine the best path to a destination.

▪ Next Hop- It lists the next-hopIP address usedto reach a prefix.If nexthop is
reachable? If no route to reach Nexthop, the router cannot use this route.

▪ Weight- The Weight attribute is applied to inbound routes, dictating the best
outbound path. It is a Cisco-proprietary attribute, and is only locally significant (and
thus, is never passedon to BGPneighbours). The weight value can range from 0 –
65535, and the highest weight is preferred.By default,a route originated on the local

20
 router will be assigned a weight of 32768. All other routeswill be assigned a weight
of 0, by default.
▪ Local Preference- The Local Preference attribute is applied to inbound external
routes, dictating the best outboundpath. Unlike the Weight attribute, Local
Preference is passedon to iBGP peerswhen sending updates.Local Preference informs
iBGP routers how to exit the AS if multiple paths exist.Local Preference is a 32-bit
numberand can range from 0 to 4294967295. The highest Local Preference is
preferred,and the defaultpreference is 100.

▪ Locally injected routes- Locally injectedroutes (routesinjected using network

command) are better than iBGP/eBGPlearned.

▪ AS Path- The AS-Path attribute is applied to outboundroutes, dictating the best

inbound path. Two things can be accomplished with the AS-Pathattribute, prepend
or filter. Smaller is preferred.

▪ Origin- The Origin attribute identifies the originating source of the route. The origin
codes are as follows (listed in order of preference forroute selection): • i (IGP) –
Originated from an interior gateway protocol, such as OSPF. This usually indicates the
route was injectedinto BGP via the network command under the BGP process. An
origin code of “i” is most preferred.• e (EGP) – Originated from an external gateway
protocol. • ? (incomplete) - Unknownorigin. This usually indicates the route was
redistributed into BGP (fromeither connected, static, or IGProutes). An origin code
of “?” is the least preferred.

▪ Multi-Exit Discriminator (MED)- The MED (MultiExit Discriminator) attribute is

applied to outbound routes,dictating the best inbound path into the AS (assuming
multiple paths exist).The MED is identified as the BGP metric when viewing the BGP
routing table. A lower metric is preferred,and the default MED value is 0. Smaller is
preferred.

▪ Neighbour type- eBGPis preferredover iBGP

▪ IGP metric- Route with nearest IGP neighbour (lowest IGPmetric) is preferred.
▪ eBGP route- Oldest (longest known) route is preferred.
▪ Neighbour Router ID- Lowestis preferred.
▪ Neighbour IP Address- Lowestis preferred.
135.Explain BGP Local preference?
The local preference BGP attribute is the second attribute and usedto choose the exit path
to an autonomous systemfrom a local perspective.It is not exchanged between routers;its
default value is 100 and the path with the highest local preference is preferred.

136.Explain BGP MED?

MED is an optional nontransitive attribute. MED is a hint to externalneighbours about the
preferredpath into an autonomous system(AS) that has multiple entry points. The MED is

21
also knownas the externalmetric of a route.A lower MED value is preferredover a higher
value.

137.Explain BGP local preference?

The local preference BGP attribute is the second attribute and usedto choose the exit path
to an autonomous systemfrom a local perspective.It is not exchanged betweenrouters,it's
default value is 100 and the path with the highest local preference is preferred.

138.What is Recursive Lookup?

A Recursive lookup refers to routes for which the router must look up the connectedroute
to a next-hopgatewayto route the packet to its ultimate destination.

139.What is router reflector and why it is required?

In BGP, route learned from an iBGP neighbour will not be advertisedto another iBGP
neighbour. To overcome this situation route reflector is used.It is acts as a route reflector
serverand makes iBGP neighbours as route reflector client enabling route advertisements
betweenthem.

140.What is the command to administratively disable BGP neighborship?

#neighbor neighbor-ip shutdown
# no neighbor neighbor-ip shutdown (to enable to again)

 Switching
141.What is switching?
The function of switching is to switch data packets betweendeviceson the same network.
142.What is switching?
A switch is a device which is used to connect multiple devices inside Local Area Network
(LAN).Unlike hubs, a switch examineseach packet and process it accordingly rather than
simply repeating the signal to all port. Switches operate at Layer Two (Data Link layer) of the
OSI model.
143.What is the differentbetween a HUB, Switch & Router?

144.What are functions of the switch?

The Switch performsthree major function:
▪ Addresslearning ▪ Packet
forwarding.
▪ Loop avoidance by Spanning Tree Protocol
145.What is Sub interface?
To support ISL or 802.1Q routing on a Fast Ethernet interface, the router’s interface is
divided into logical interface-one for each VLAN. These are called Sub interfaces.

146.What is a Broadcast Domain & CollisionDomain?

22
Broadcast Domain- Broadcast is a type of communication, where the sending device
sendsa single copy of data and that copy of data will be delivered to everyother device in
the networksegment.
CollisionDomain- It is a networkscenario where one device sends a packet on a network
segmentforcing everyother device on that same segmentto pay attention to it. At the
same time, if a differentdevice on that same segmentto pay attention to it.

147.What is a MAC address table and how a switch will build a MAC table?
The switch maintains an address table called MAC addresstable to efficiently switch frames
betweeninterfaces.When the switch receives a frame, it associates the MAC address of the
sending device with the switch port on which it was received.

148.How does switch learn Mac address?

A switch can learn MAC address in two ways; statically or dynamically. In the static option,
we must add the MAC addressesin the CAM table manually. In the dynamic option, the
switch learns and adds the MAC addresses in the CAM table automatically. The switch
stores the CAMtable in the RAM.

149.Explain Flooding?
If the destination MAC address is not found in the MAC address table, the switch forwards
the frame out all its ports exceptthe port on which the frame was received.This is known as
flooding

 VLAN (VirtualLAN)
150.What is a VLAN and How does it reduce the broadcast traffic?
A VLAN is a logical grouping of networkusers and resources connectedto administratively
definedports on a switch. VLAN divides the broadcast domain so,the frames that will be
broadcasted onto the network are only switched betweenthe ports logically grouped within
the same VLAN.

151.What is the deferencebetweenan access port and a trunk port?

▪ Access Port- Access port belongsto and carries the traffic of only one VLAN.
Anything arriving on an access port is simply assumedto belong to the VLAN
assigned to the port. Any device attached to an access link is unaware of a VLAN
membershipas switches remove any VLAN information from the frame before its
forwardedout to an access-link device. Access-link device can’t communicate with
devices outside their VLAN unless the packet is routed.

▪ Trunk Port- Trunk port can carry the traffic of multiple VLANs from 1-4094 VLANsat
a time. Normally Trunk link is usedto connect switches to other switches or to
routers. Trunk ports support tagged and untagged traffic simultaneously.
152.What is Frame Tagging and Different types of Tagging?
Frame tagging method uniquely assigns a VLAN ID to each frame.It is used to identify the
VLAN that the Frame belongs to.

23
There are mainly two types of Frame Tagging Method:
▪ Inter-Switch Link (ISL) cisco
▪ 802.1Q OpenStandard

153.Explain the different between802.1Q and ISL?

802.1Q- It’san openstandard created by the Institute of Electrical and Electronics Engineers
(IEEE). To identify to which VLANa frame belongs to, a field is inserted into the frame’s
header.It is a light weightedprotocol & adds only 4 Byte within Frame’s Header.

ISL (Inter-Switch Link)- This protocol is Cisco proprietary which means unlike 802.1Q, it can
be usedonly betweenCisco switches’ works by adding Header (26 Bytes) and Trailer(4Bytes)
with Original Ethernet Frame.

154.What is a Native VLAN and What type of traffic will go through Native VLAN? The trunk
port is assigned a default VLAN ID for a VLAN that all untagged traffic will travel on. This
VLAN is called the Native VLAN and is always VLAN 1 by default (butcan be changed to any
VLAN number).Similarly, any untagged or tagged traffic with unassigned VLAN ID is assumed
to belong to the Native VLAN.

155.What is Inter-VLAN Routing?

VLANsdivide broadcast domain in a LAN environmentSo, by default only Hosts that are
membersof the same VLAN can communicate. Wheneverhost in one VLAN needto
communicate with hosts in another VLAN,the traffic must be routedbetweenthem.This is
known as Inter-VLAN routing.
This can be done by two methods – Router-On-Stick & switch Virtual Interface (SVI)

156.Tell me the commands to create VLAN?

▪ Switch(config)#Vlan10
▪ Switch(config-vlan) #name sale
▪ Switch(config-vlan) #exit

157.How can we add an interface to a VLAN?

▪ Switch(config)#interface fast Ethernet 0/0
▪ Switch(config-if) #switchport mode access ▪ Switch(config-if) #switchport access
vlan 10

158.How to configure trunk link?

▪ Switch(config)#interface fast Ethernet 0/24
▪ Switch(config-if) #switchport trunk encapsulation <dot1q/isl>
▪ Switch(config-if) #switchport mode trunk 159.How can we change Native Vlan?
▪ Switch(config)#interface fast Ethernet f0/0
▪ Switch(config-if) switchport trunk native vlan 100

24
 160.Which command used to trunk
interface? ▪ Switch(config)#show interface
trunk

161.Which command is used to see all VLANs

▪ Switch(config)#show vlan  VTP

(Vlan TrunkingProtocol)

162.What is VTP?
VTP (VLAN Trunking Protocol) is a Cisco proprietary protocol used by Cisco switches to
exchange VLAN information. VTP is used to synchronize VLAN information. Ex- (VLAN ID or
VLAN Name) with switches inside the same VTP domain.

163.What are differentVTP mode?

▪ VTP Server mode- By default, everyswitch is in servermode. Switch in VTP Server
Mode can create, delete VLANs and will propagate VLAN changes.

▪ VTP Clientmode- Switch in VTP client mode cannot create or delete VLANs. VLAN
Trunking Protocol (VTP) client mode switch listen to VTP advertisementsfrom other
switches and modify their VLAN configuration accordingly. It listens and forwards
updates.

▪ VTP Transparent mode- Switch in VTP Transparent mode does not share its VLAN
database but it forwards received VTP advertisements.We can create and delete
VLANson a VTP transparent switch, but these changes are not sentto other switches.

164.What are requirement to exchange VTP message betweentwo switches?

▪ A switch should be configured as either a VTP serveror VTP client.
▪ VTP domain name must be same on both switches.
▪ VTP version must match.
▪ The link betweenthe switches should be a trunk link.

165.Explain Dynamic Trucking Protocol (DTP)?

Dynamic Trunking Protocol (DTP) is a Cisco proprietary trunking protocol used for
negotiating trunking on a look betweentwocisco switches. Dynamic Trunking Protocol
(DTP) can also be used for negotiating the encapsulation type of either 802.18 or Cisco
ISL
(inter-switch-link)

166.Explain Dynamic desirable &Dynamic auto?

DynamicDesirable-It initiates negotiation. Switch port configured as DTP dynamic desirablemode
will actively try to convert thelink to a trunk link if theport connected to other port is capableto
form a trunk.

25
DynamicAuto-It does not initiate negotiationbut can respond to negotiation.
Switch port configured as DTP dynamic auto is capableto form trunk link if the other sideswitch
interfaceis configured to form a trunk interfaceand cannegotiatewith trunk using DTP
 STP (Spanning TreeProtocol)
167.What is STP and Redundant Links?
Spanning Tree protocol (STP) is a protocol which preventslayer2 loops. STP enables
switches to become aware of each other so that theycan negotiate a Loop-Free path
through the network.

In practical Scenario, Redundant links are created to avoid completednetwork failure in an

eventof failure of one link.

168.How STP works?

STP chooses a reference point (Root Bridge) in the network and calculated all the
redundant paths to that reference point. Then it picks one path which to forward
framesand blocks other redundant paths. When blocking happens,Loops are prevented.

169.What are the different port states?

▪ Disabled- A port in the disabled state does not participate in the STP.

▪ Blocking- A blocking port does not forward frames.It only listens to BPDUs. The
purpose of the blocking state is to preventthe use of looped paths.

▪ Listening- A port in Learning state populates the MAC address table but doesn’t
forward data frames.The port still sends and receivesBPDUs as before.

▪ Forwarding- The port now can send and receive data frames collect MAC addresses
in its address table, send and receive BPDUs. The port is now a fully functioning
switch port within the spanning-tree topology.

170.What is STP timer and explaindifferent types of STP timer?

STP uses three timers to make sure that a networkconverges properly before a bridging loop
can form.

▪ Hellotimer- The timer interval betweenconfiguration BPDUs sendby the root bridge.
Its 2 seconds by default.

▪ Forward Delay timer- The time interval that a switch port spendsin both the
Listening and Leaning states.The default value is 15 seconds.

▪ Max (Maximum) Age timer- Maximum length of time a BPDU can be stored without
receiving an update.It can also be definedas a time interval that a switch stores a
BPDU before discarding it. It is 20 secondsby default.
171.Explain types of STP Port Roles?

26
 ▪ Root port- The root port is always the link directly connectedto the root bridge, or
the shortestpath to the root bridge. It is always on Non-Root Bridge.

▪ Designated port- A designated port is one that has beendeterminedas having the
best(lowest) cost.A designatedport will be marked as a forwarding port. It can be on
both the root Bridge & non-rootBridge. All ports of root bridge are designatedport.
▪ Forwarding port- A forwarding port forwarding frames.

▪ Blocked port- A blocked port is the port that is usedto preventloops. It only listens
to BPDUs. Any port other than root port and designatedport is a blocked port.

172.What is BPDU?
All the switches exchange information to select root bridge as well as for configuration
of the network.This is done through the Bridge Protocol Data Unit (BPDU).Each switch
compares the parameters in the BPDU that it sendsto one neighbor with the one that it
receivesfrom anotherneighbor.
173.What is the destination MAC address used by Bridge Protocol data Unites (BPDUs)?
Bridge Protocol Data Units (BPDUs) frames are sentout as at multicast destination MAC
address 01:80:c2:00:00:00.
174.How Root Bridge is elected?
The bridge ID usedto elect the root bridge in the STP domain. This ID is 8 byteslong and
includes both the priority and the MAC address of the devices.
Switch with the lowest Bridge ID is elected as the root bridge which meansswitch with the
lowest priority will become root bridge if two or more switches have same priority then
switch with lowest mac address will become root Bridge 175.What is the Root Port?
Once the Root switch is elected,everyother switch in the networkmust select a single port
on itself to reach the Root Switch. The port with the lowestroot path cost (lowest
cumulative cost to reach the root switch) is elected as the root port and is placed in the
forwarding state.Root bridge will never have a root port.

 DHCP (DynamicHostConfigurationProtocol)

176.What is DHCP?
Dynamic Host Configuration Protocol (DHCP) assigns IP address to hosts dynamically. It
allows easier administration and works well in small as well as very large network
environments.All typesof hardware can be usedas a DHCP server including a Cisco router.
(Serverport 66/client port 67)
177.What information can a DHCP provide to
Host? A DHCPservercanprovide the following
information: ▪ IP address
▪ Subnet mask
▪ Default gateway
▪ Domain NameServer

27
 ▪ WINS information
178.How DHCP works?
DHCP works on DORA Process (DISCOVER – OFFER – REQUEST -ACKNOWLEDGEMENT)

179.What is the range of APIPA address?

The IP address range is 169.254.0.1 through 169.254.255.254 The client also configures itself
with a default Class B subnet mask of 255.255.0.0

180.What is the purpose of a relay agent?

A DHCP relay agent is any host that forwards DHCP packetsbetweenclients and serversif they
are not on the same physical subnet.Relay agents are usedto forwarding requestsand replies
betweenclients and serverswhenthey are not on the same physical subnet.

181.What is DHCP decline message?

It is sent by a client to the server indicating networkaddress is already in use (already
assigned to another device).

182.What is SNMP?
The Simple NetworkManagementProtocol (SNMP) enablesa networkdevice to share
information about itself and activities. It uses the User Datagram Protocol (UDP) as the
transport protocol for passing data betweenmanagers and agents.

183.Which port are used in SNMP?

SNMP usesthe UDP port 161 for sendingand receiving request,and port 162 for receiving
traps from managed devices.

 VPN (VirtualPrivateNetwork)
184.What is VPN?
Virtual Private Network (VPN) create a secure network connection over a public network
such as the internet.It allows devices to exchange data through a secure virtual tunnel. It
usesa combination of security featureslike encryption, authentication, tunnelling protocols,
and data integrity to provide secure communication betweenparticipating peers.

185.What is IPsec VPN?

IP Security Protocol VPN meansVPN overIP security. It allows two or more users to
communication in a secure manner by authentication and encryption each IP Packet of
a communication session.IPsec provides data confidentiality, data integrity and data
authentication betweenparticipating peers.

186.At which layer IPsec works?

▪ IPsec securesIP traffic at the Layer-3 (NetworkLayer) of OSI model.

187.Name a major drawback of IPsec?

▪ IPsec only supports unicast IP traffic.

28
188.What is the differentbetween Transport & Tunnel mode?
▪ Tunnel mode- Protects data in network-to-networkor site-to-site scenarios. It
encapsulates and protects the entire IP packet-the payload including the original IP
headerand a new IP header(protects the entire IP payload including user data).

▪ Transport mode-Protects data in host-to-hostor end-to-endscenarios. In transport

mode,IPsec protects the payload of the original IP datagram by excluding the IP
header(only protects the upper-layer protocols of IPpayload (user data)

189.What are the three main security services that IPsec VPN provide?
IPsec offersthe following security services:▪
PeerAuthentication.
▪ Data confidentiality. ▪ Data integrity.

190.Define Digital Signature?

A digital signature is an attachment to an electronic message usedfor security purposes. It
is usedto verifythe authenticity of the sender.

191.What is Siteto Site and Remote access VPN?

A site-to-site VPN allows offices in multiple location to establish secure connections with
each other over a public networksuch as the internet.
Remote Access VPN allows Remote users to connect to the Headquarters through a secure
tunnel that is established over the internet. The remote usercan access internal, private
webpages and performvarious IP-basednetworktasks.

There are two primary methods of deploying Remote Access VPN.

▪ Remote Access IPsec VPN.
▪ Remote Access Secure Sockets layer(SSL) VPN.

192.What are the 3-protocol used in IPsec?

▪ Authentication Header (AH).
▪ Encapsulation Security Payload (ESP).
▪ InternetKey Exchange (IKE).

193.How ESP & AH provide anti-replay protection?

Both ESP and AH protocols provide anti-replay protection based on sequence numbers.
The senderincrements the sequencesnumber after each transmission, and the receiver
checks the sequencesnumberafter sequence numberand rejectsthe packet if it is out of
sequence.

194.What is IKE?
It is a hybrid protocol that implements Oakley and SKEME key exchangesinside the Internet
Security Association and KeyManagement Protocol (ISAKMP) framework. It definesthe

29
mechanism for creating and exchanging keys.IKE derives authenticated keying material and
negotiates SAs that are used for ESP and AH protocols.
195.Which protocol does IKE use?
IKE uses UDP port 500.

196.Explain how IKE/ISAKMP Works?

IKE is a two-phase protocol: Phase1
IKE phase 1 negotiates the following: -
▪ It protects the phase 1 communication itself (using cryto and hash algorithms).
▪ It generatessession keyusing Diffie-Hellman groups.
▪ Peerwill authenticate each other using pre-shared,public keyencryption, or digital
signature.
▪ It also protects the negotiation of phase 2 communication.

There are also two modes in IKE phase 1:

▪ Main mode- Total Six message is exchangedin the main mode for establishing phase
1SA.

▪ Aggressive mode- It is fasterthan the main mode as only Three message are
exchangedin this mode to established phase 1 SA. It is faster but less secure.

At the endof phase 1, a bidirectional ISAKMP/IKESA (phase 2 SA) is established for IKE
communication. Phase-2
IKE phase 2 protects the user data and establishesSA for IPsec.
There is one mode in IKE phase 2:
▪ Quick mode- In this mode, three messagesare exchangedto establish the phase 2
IPsec SA.

At the endof phase 2 negotiation, two unidirectional IPsec SAs (Phase 2 SA) are established
for used data – one for sending and another for receiving encrypteddata.
197.Explain the message exchange betweenthe peers in IKE/ISAKMP?
Phase-1– Main mode

▪ MESSAGE 1- Initiator offers policy proposal which includes encryption, authentication,

hashing algorithms (like AES, or 3DES, PAK or PKI, MD5or RSA).
▪ MESSAGE-2- Responderpresents policy acceptance(ornot).
▪ MESSAGE-3- Initiatorsends the Diffie-Helman key and nonce.
▪ MESSAGE-4 Respondersends the Diffie-Helman key and nonce.
▪ MESSAGE-5 Initiatorsends ID, presharekey or certificateexchangefor authentication.
▪ MESSAGE-6 Respondersends ID, presharekey or certificateexchangefor authentication.

Only first four messages wereexchangedincleartext. Afterall messageareencrypted.

Phase-2-Quickmode
▪ MESSAGE-7 Initiator sends Hash, IPsec Proposal, ID, nonce.

30
 ▪ MESSAGE-8 RespondersendsHash, IPsecProposal, ID, nonce.
▪ MESSAGE-9 Initiator sends signature, hash, ID. All messages inQuick mode areencrypted.
198.What is Diffie-Hellman?
DH is a public-key cryptography protocol which allows two parties to establish a shared
secret over an insecure communications channel. Diffie-Hellman is usedwithin IKE to
establish session keysand is a component of Oakley.

199.What are Security Associations?

The SAs define the protocols and algorithms to be applied to sensitive packets and specify
the keying material to be usedby the two peers.SAs are unidirectional and are established
per security protocol (AH or ESP).

200.What is Transform set?

An IKE transform setis a combination of security protocols and algorithms. During yhe IPsec
SA negotiation, the peersagree to use a particular transform set for protecting a particular
data flow.

201.What are Crypto access lists?

Crypto access lists specifywhich IP traffic is protectedby Crypto and which traffic is not
protected by crypto. To protect IP traffic “permit” keywordis used in an access list. If the
traffic is not to be protected, then “deny” keywordis used in the access list.

202.How to Check the status of the tunnel’s phase 1 & 2?

Usefollowing commands to checkthestatusoftunnelphases.
▪ Phase-1 #show crypto isakmp sa
▪ Phase-2 #show crypto ipsec sa

203.What is IPsec Virtual Tunnel Interface?

IPsec VTI is the concept of using a dedicated IPsec interface called IPsec Virtual Tunnel
interface for highly scalable IPsec-basedVPNs. IPsecVTI provides a routable interface for
terminating IPsec tunnels.VTI also allows the encrypting of multicast traffic with IPsec.

204.What is the DMVPN?

DMVPN allows IPsec VPN networks to betterscale hub-to-spokand spok-to-spoktopologies
optimizing the performance and reducing latency for communications betweensites.

It offersthe following benefits:

▪ It Optimizes networkperformance.
▪ It reduces router configuration on the hub.
▪ Support for dynamic routing protocols running over the DMVPN tunnels.
▪ Support for multicast traffic from hub to spokes.
▪ The capability of establishing direct spoke-to-spoke IPsectunnelfor communication
betweensiteswithout having the traffic to go through the hub.
205.What is GRE?

31
Generic Routing Encapsulation Protocol is a tunnelling protocol developedby Cisco designed
to encapsulate IP unicast, multicast and broadcast packets. It usesIP protocol number 47.

206.Name a major drawback of both GRE & L2TP?

No encryption.
207.What is SSL VPN? How it is differentfrom IPsec VPN?
SSL VPN provides remote access connectivity from any internetenabled device though a
standard webbrowser and its native SSL encryption. It doesnot require any special client
software at a remote site. In IPsec VPN connection is initiated using a pre-installed VPN
client software,only a web browseris required.

208.What is a firewall?
Firewall is a device that is placed betweena trusted and untrusted network. It deniesor
permits traffic that entersor leaves networkbased on pre-configured policies.
Firewalls protect inside networksfrom unauthorized access by userson an outside network.
A firewall can also protect inside networks from each other. For Ex-By keepinga
Managementnetwork separate from a user network.

209.What is the difference betweenGateway and Firewall?

A Gatewayjoin two networkstogetherand a network firewall protects a network against
unauthorized incoming or outgoing access. Networkfirewalls may be hardware devices or
software programs.

210.At which Layers does Firewall work?

Firewall works at layer 3,4 & 7.

211.What is the differencebetweenStateful & Stateless Firewall?

Stateful- A stateful firewall is aware of the connections that pass through it. It adds and
maintains information about user’s connection in the state table, referredto as a
connection table. It thenuses this connection table to implement the security policies for
users connection. Example of the stateful firewall is PIX,ASA,Checkpoint.

Stateless firewall- (Packet Filtering) Statelessfirewalls, on the other hand, doesnot look at
the state of connections but just at the packets themselves.
Example of a packet filtering firewall is the ExtendedAccess Control Lists on Cisco IOS
Routers.

212.What information does Stateful firewallmaintain?

Stateful firewallmaintains the following information in its Statetable:▪
Source IP address.
▪ DestinationIPaddress ▪ IP protocol loke TCP, UDP.
▪ IP protocol information suchas TCP/UDPPort Numbers,
TCPSequence Numbers, and TCP
Flags.

32
213.How can we allow packets from a lower security levelto a higher security level
(Override security Levels)?
We use ACLs to allow packets from the lower security level to a higher security level.

214.What is the security levelof inside and outside interface by default?

The security level of the inside interface by defaultis 100. The security level of the outside
interface by default is 0.
215.What protocols are inspected by ASA?
By default, TCP and UDP are inspected by ASA.

216.Does ASA inspect ICMP?

No. ASA does not inspect ICMP by default.
217.Explain DMZ (DemilitarizedZone) Server?
If we needsome networkresources such as a Web serveror FTP serverto be available to
outside users, we place these resourceson a separate networkbehind the firewall called a
demilitarized zone (DMZ). The firewall allows limited access to the DMZ, but because the
DMZ only includes the public servers, an attack there only affectsthe serversand doesnot
affect the inside network.

218.What are the values for timeout of the TCP session, UDP session,ICMP session?
TCP session- 60 mints
UDP session- 2 mints
ICMP session- 2 sec

219.What is the differencein ACL on ASA than on Router?

In the router if we delete one access-control entry whole ACL will be deleted. InASA if we
will delete one access-control entry whole ACL will not be deleted.
220.What are the different types of ACL in the Firewall?
Standard ACL
ExtendedACL
Ether type ACL (Transparent Firewall)
Web type ACL (SSL VPN)
221.What is Transparent Firewall?
In Transparent Mode, ASA acts as a Layer 2 device like a bridge or switch and forwards
ethernetframes basedon destination MAC-address.

222.What is the needfor a Transparent Firewall?

If we want to deploy a new firewall into an existing networkit can be a complicated process
due to various issueslike IP address reconfiguration, network topology changes, current
firewall etc. We can easily insert a transparent firewall in an existing segmentand control
traffic betweentwosides without having to readdress or reconfigure the devices.

223.What are the different betweena switch and ASA (in transparent mode)?
ASA doesnot flood unknown unicast frames that are not foundin the MAC-AddressTable.

33
ASA doesnot participate in STP.
Switch process traffic at layer 1 & layer 2 while ASA can process traffic from layer 1 to layer
7.

224.What information is exchanged betweenASAs over a Failover link?

State- Active or standby.
Hello Messages
NetworkLink Status.
Mac Addresses.
Configuration Replication and Synchronization.
225.Explain Active/Standby Failover?
In Active/StandbyFailover, one unit is the active unit which passe traffic. The standby unit
does not actively pass traffic. When failover occurs, the active unit fails over to the standby
unit, which then becomesactive. We can use Active/StandbyFailover for ASAs in both single
and multiple context mode.

226. What is Policy NAT?

Policy NAT allows you to NAT by specifying both the source and destination addressesin an
extendedaccesslist. We can also optionally specify the source and destination ports.
Regular NAT can only consider the source addresses,not the destination address.

▪ In static NAT it is called as Static Policy NAT.

▪ In Dynamic NAT it is called Dynamic Policy NAT.

34