1. Refer to the exhibit. All routers in the exhibit are running RIP v1. The network administrator issues the show ip route command on router A. What routes would appear in the routing table output if the network is converged? (Choose two).
R 192.168.2.0/24 [120/1]
R 10.10.1.0/24 [120/2]
2. Refer to the exhibit. The Ethernet interface on Router2 goes down and the administrator notices that the route is still valid in the routing table of Router1. How much longer will it take for Router1 to mark the route invalid by setting the metric to 16?
155 seconds
3. Refer to the exhibit. The network that is shown is running RIPv1. The 192.168.10.0/24 network was recently added and will only contain end users. What command or set of commands should be entered on Router1 to prevent RIPv1 updates from being sent to the end user devices on the new network while still allowing this new network to be advertised to other routers?
Router1(config-router)# passive-interface fastethernet 0/0
4. Which of the following is considered a limitation of RIP v1?
RIP v1 does not send subnet mask information in its updates.
5. Refer to the exhibit. What can be concluded from the routing table output of router B?
The default-information originate command has been entered on A.
6. Refer to the exhibit. A network consists of multiple routers. What can be verified when the show ip protocols command is issued on one of the routers in the network?
routing protocol configuration in use for IP on this router
7. The following line was displayed in the output of the show ip route command.
R 192.168.3.0/24 [120/3] via 192.168.2.2, 00:00:30, Serial0/0
What is the value of the routing metric?
3
8. Which of the following would be the correct command sequence to enable RIP on Router B for all connected networks?
RouterB(config)# router rip
RouterB(config-router)# network 198.16.4.0
RouterB(config-router)# network 210.36.7.0
RouterB(config-router)# network 220.17.29.0
9. Which two statements are true regarding the characteristics of RIPv1? (Choose two).
It is a distance vector routing protocol.
The data portion of a RIP message is encapsulated into a UDP segment.
10. What are three characteristics of the RIPv1 routing protocol? (Choose three.)
uses hop count as a metric
considers a metric of 16 as infinity
calculates metrics using the Bellman Ford algorithm
11. Refer to the exhibit. All routers that are shown are running the RIP routing protocol. All unknown IP traffic must be forwarded to the ISP. What router or set of routers are recommended to have both a default route and the default-information originate command issued to implement this forwarding policy?
only the gateway router
12. What is the default update period in seconds for the RIP routing protocol?
30
13. Refer to the exhibit. Router1 and Router2 are running the RIPv1 protocol. The network administrator configures the command network 10.1.0.0 on Router1. What network will Router1 advertise to Router2?
10.0.0.0/8
14. Refer to the exhibit. All routers are configured with valid interface addresses in the indicated networks and are running RIPv1. The network is converged. Which routes are present in the routing tables?
All routers have all /30 routes. Routers A and E also have some of the /24 routes in their routing table.
15. What will happen if an interface IP address is entered for the address portion of the network command in a RIPv1 configuration instead of a network address?
All interfaces in the same classful network as the configured address will be included in the RIPv1 routing process.
16. Refer to the exhibit. Router1 is running RIPv1. What command was entered into Router1 to configure the gateway of last resort?
ip route 0.0.0.0 0.0.0.0 S0/0/1
17. Refer to the output from the show ip route command. What can be concluded from the output of this router command?
There are two equal cost paths to network 1.0.0.0.
18. Which command will display RIP activity as it occurs on a router?
debug ip rip
19. Which command or set of commands will stop the RIP routing process?
RouterB(config)# no router rip
Sunday, July 31, 2011
CCNA v4 - E2 - Module 4 (100/100)
1. A network administrator is evaluating RIP versus EIGRP for a new network. The network will be sensitive to congestion and must respond quickly to topology changes. What are two good reasons to choose EIGRP instead of RIP in this case? (Choose two.)
EIGRP only updates affected neighbors.
EIGRP updates are partial.
2. Which event will cause a triggered update?
a route is installed in the routing table
EIGRP only updates affected neighbors.
EIGRP updates are partial.
2. Which event will cause a triggered update?
a route is installed in the routing table
How the Application Layer Works
In the previous section we reviewed several aspects of the Transport Layer. We learned a great deal of information; covering sockets, ports, TCP, UDP, segments, and datagrams. Now we will take a look at the fourth and final layer of the TCP/IP stack: the Application Layer.
Enable Passwords On Cisco Routers Via Enable Password And Enable Secret
Security is a part of every good technical administrator’s game plan. Luckily the good folks at Cisco have made the task of securitizing a Cisco router fairly straightforward in design- with support given for up to five types of passwords. Taking advantage of these passwords is vital to a network’s internal security, and should be implemented where permitted.
Enable Password – The Most Basic Of Security Features
The two most basic of passwords a Cisco router can provide support for is the enable password and enable secret commands. Depending on the IOS version, administrators will likely only need to setup the enable secret command.
For Cisco routers running IOS versions before version 10.3, enable password is going to be used. It is the outdated version of the two, and we’ll see why it isn’t used in average applications after we enable it. You can enable this basic password following the commands seen below.
Router> enableRouter# config terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# enable password mypassword
In this example, mypassword is the new password that is going to be set on the router. Try typing exit and navigate to the privileged mode, as seen below.
Router> enablePassword:
You’ll notice that before we can get into privileged mode, we have to enter the password we set earlier. If you followed the above example, you should be able to input mypassword and press Enter. You are now authenticated for privileged mode!
So why don’t we use the enable password command in most cases? The answer is simple: it’s an outdated format that anyone can have ample opportunity to take advantage of. Try following the below steps and note what you see.
Router# show running-configBuilding configuration…Current configuration : 162 bytes!version 12.2no service password-encryption!hostname Router!!enable password mypassword!
As you can see, anyone can see the password in plain view. This is because it is stored as plain text- no encryption is being used! To help cover this vast security hole, Cisco created the enable secret command. As you can probably guess, it makes use of encryption this time around.
Enable Secret – An Evolved Form Of The Previous Example
Encryption can be a tough subject to tackle. But Cisco has made the process of enabling an encrypted password just as easy as the previous example. In fact, we are only changing one word in the process!
Router#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#enable secret mypassword
Note that many routers will alert the user at this point if they have made the enable secret and the enable password values the same in terms of the password. Although the message that results is just a warning, and administrators can indeed set both to the same thing (although this is not recommended as it will almost defeat the purpose of the enable secret command).
Now let’s go back to the very beginning, and try logging back into privileged mode once more. We’ll take a look at the running configuration in the below example.
Router# show running-configBuilding configuration…Current configuration : 209 bytes!version 12.2no service password-encryption!hostname Router!!enable secret 5 $1$mERr$7sOd0mgRuXYhHwfWsV4QZ/enable password mypassword!
Notice how the enable secret password is unreadable, while the outdated command enable password is being displayed in plain view! Obviously, it comes as to no surprise that Cisco decided to do away with the command in order to improve network security.
Closing Comments
We’ve discussed only two of the five different passwords that Cisco allows network administrators to take advantage of. If you’d like to take security a step further, be sure to check out the next section that discusses subjects such as Telnet passwords, console passwords, and even auxiliary passwords!
The Basics of Network Cable Testing
If 90% of all problems in a network are on the Physical Layer, then it isn’t any surprise that cable testing has become quite important in the industry. And although it may sound simple to test a pair of cables for faults, actually troubleshooting wire maps, crosstalk, propagation delay, or insertion loss can be more than headache-worthy. And thus, understanding how to troubleshoot these problems saves time, yet also supplies good information to prevent common mistakes in the future.
How to Avoid Crosstalk
You’ll come to find that the most common mistakes are usually the simplest to avoid. For instance, crosstalk is very commonly created when connectors are not installed properly at both ends of the cable. Crosstalk is the effect we get when electromagnetic energy from one cable leaves an imprint on adjacent cables. (You’ll often see this referred to as “noise.”)This usually isn’t a problem, however, since we twist wires inside Ethernet cable to cancel out this effect. So how, then, does crosstalk become such a problem?
Saturday, July 30, 2011
RIPv2 Summary
The characteristics of RIPv2 follow:
- Distance-vector protocol.
- Use UDP port 520.
- Makes Automatic summarization on network Class boundary.
- Classless protocol (supports VLSMs).
- Have the power to shut the Auto-summarization And make a configured manual Summarization.
- Supports VLSMs.
- Metric is router hop count.
- Maximum hop count is 15; infinite (unreachable) routes have a metric of 16.
- Periodic route updates sent every 30 seconds to multicast address 224.0.0.9.
- 25 routes per RIP message (24 if authentication is used).
- Invalid route marked after 180 sec.
- Flush timer is 280 sec.
- Hold-down timer 180 sec.
- Supports authentication.
- Implements split horizon with poison reverse.
- Implements triggered updates.
- Subnet mask included in route entry.
- Administrative distance for RIPv2 is 120.
- Used in small, flat networks or at the edge of larger networks.
RIPv2 Convergence
The steps for RIPv2 convergence are as follows:
1- When the local router sees a connected route disappear, it sends a
Flash update and removes the route entry from its table. This is
Called a triggered update with poison reverse.
2- The receiving routers send a Flash update and put the affected route
in holddown.
3- The originating router queries its neighbor (DC) for alternative routes.
If the neighbor has an alternative route, it is sent; otherwise, the
Poisoned route is sent.
4- The originating router installs the best alternative route that it
hears because it has purged the original routes, and Send the new updates in
its periodic routing update timer (30 sec).
5- Routers that are in holddown ignore only the alternative route.
6- When the other routers emerge from holddown, they will accept
the alternative route.
7- Convergence takes the time for detection, plus holddown, plus the
number of routing updates (equal to the hop-count diameter of the network).
This could take a long time.
RIP v2 Configuration
config)# router rip
conf-router)# version 2
conf-router)# no auto-summary
conf-router)# network < classfull Net ID>
conf-router)#passive-interface
conf-router)#maximum –paths (Up to 6 Links for load sharing on a R.B basis, Over equal metric paths default =is 4 paths)
conf-if)# no ip split-horizon (Disables it from a specific interface)
c
onf-router)#distance (Define an administrative distance, default =120)
conf-router)# timers basic < update - invalid –holdown –flush – sleep > (Adjust timers in sec , Sleeptime is a timer used to specify a period, in milliseconds, to delay a regular routing update after receiving a triggered update.)
conf-router)# neighbor < ip add> (Because RIP is a broadcast protocol you may configure RIP to exchange routing information in a Point-Point non-broadcast network such as Frame Relay. In this type of network, RIP must be informed of neighbor RIP routers, Also When it is used in combination with the passive-interface cmd, routing information can be Only exchanged between the router and this nei Ex. Unix server on a LAN )
conf-router)#validate-update-source (This command is applicable only to RIP and IGRP. The software ensures that the source IP address of incoming routing updates is on the same IP network as one of the addresses defined for the receiving interface. Disabling split horizon on the incoming interface will also cause the system to perform this validation check. For unnumbered IP interfaces (interfaces configured as IP unnumbered), no checking is performed. )
conf-router)# no auto-summary
conf-if )# ip summary-address rip < Net ID + mask>
Show Commands
# sh ip route
# sh ip route rip
# sh ip route < Net ID >
# sh ip rip database
# sh ip protocols
#debug ip rip
#debug ip rip events
# no debug all
Hope this might be usefull
- Distance-vector protocol.
- Use UDP port 520.
- Makes Automatic summarization on network Class boundary.
- Classless protocol (supports VLSMs).
- Have the power to shut the Auto-summarization And make a configured manual Summarization.
- Supports VLSMs.
- Metric is router hop count.
- Maximum hop count is 15; infinite (unreachable) routes have a metric of 16.
- Periodic route updates sent every 30 seconds to multicast address 224.0.0.9.
- 25 routes per RIP message (24 if authentication is used).
- Invalid route marked after 180 sec.
- Flush timer is 280 sec.
- Hold-down timer 180 sec.
- Supports authentication.
- Implements split horizon with poison reverse.
- Implements triggered updates.
- Subnet mask included in route entry.
- Administrative distance for RIPv2 is 120.
- Used in small, flat networks or at the edge of larger networks.
RIPv2 Convergence
The steps for RIPv2 convergence are as follows:
1- When the local router sees a connected route disappear, it sends a
Flash update and removes the route entry from its table. This is
Called a triggered update with poison reverse.
2- The receiving routers send a Flash update and put the affected route
in holddown.
3- The originating router queries its neighbor (DC) for alternative routes.
If the neighbor has an alternative route, it is sent; otherwise, the
Poisoned route is sent.
4- The originating router installs the best alternative route that it
hears because it has purged the original routes, and Send the new updates in
its periodic routing update timer (30 sec).
5- Routers that are in holddown ignore only the alternative route.
6- When the other routers emerge from holddown, they will accept
the alternative route.
7- Convergence takes the time for detection, plus holddown, plus the
number of routing updates (equal to the hop-count diameter of the network).
This could take a long time.
RIP v2 Configuration
config)# router rip
conf-router)# version 2
conf-router)# no auto-summary
conf-router)# network < classfull Net ID>
conf-router)#passive-interface
conf-router)#maximum –paths (Up to 6 Links for load sharing on a R.B basis, Over equal metric paths default =is 4 paths)
conf-if)# no ip split-horizon (Disables it from a specific interface)
c
onf-router)#distance (Define an administrative distance, default =120)
conf-router)# timers basic < update - invalid –holdown –flush – sleep > (Adjust timers in sec , Sleeptime is a timer used to specify a period, in milliseconds, to delay a regular routing update after receiving a triggered update.)
conf-router)# neighbor < ip add> (Because RIP is a broadcast protocol you may configure RIP to exchange routing information in a Point-Point non-broadcast network such as Frame Relay. In this type of network, RIP must be informed of neighbor RIP routers, Also When it is used in combination with the passive-interface cmd, routing information can be Only exchanged between the router and this nei Ex. Unix server on a LAN )
conf-router)#validate-update-source (This command is applicable only to RIP and IGRP. The software ensures that the source IP address of incoming routing updates is on the same IP network as one of the addresses defined for the receiving interface. Disabling split horizon on the incoming interface will also cause the system to perform this validation check. For unnumbered IP interfaces (interfaces configured as IP unnumbered), no checking is performed. )
conf-router)# no auto-summary
conf-if )# ip summary-address rip < Net ID + mask>
Show Commands
# sh ip route
# sh ip route rip
# sh ip route < Net ID >
# sh ip rip database
# sh ip protocols
#debug ip rip
#debug ip rip events
# no debug all
Hope this might be usefull
Subscribe to:
Posts (Atom)