INTERVIEW QUESTIONS

FIREWALL
1.What is a firewall?
Firewall is a device that is placed between a trusted and an untrusted network.It denies or
permit traffic that enters or leaves the network based on pre-configured policies.Firewall
protects inside network from unauthorized access by users on an outside network.A firewall
can also protect the inside network from each other.
Eg.by keeping a management network separate from a user network.
2.difference between gateway and firewall?
Gateway joins 2 networks together and a network firewall protects a network against the
unauthorized incoming or outgoing access.Network firewall may be hardware device or
software programs.
3.At which layers may be a firewall works?
Firewall works at 3,4 &7 layers
4.difference between statefull and stateless firewall?
Statefull firewall:a statefull firewall is aware of the connections that pass through it.It adds
and maintains the informations about the users connextions in the state table,reffered to as a
connection table.It then uses this connection table to implement the security policies for user
connections.eg;PIX,ASA,CHECKPOINT
Stateless firewall:(packet filtering) does not look at the state of connections but just at the
packets themselves.
Eg:extended acl on cisco ios routers.
5.what information a statefull firewall maintains?
Source ip address,destination ip address,ip protocol like tcp,udp.ip protocol informations like
tcp udp port numbers,tcp sequence numbers,tcp flags.
6. what are the security levels in cisco ASA?
Used to determine the trustworthiness of the network attached to the respective
interface.Security levels can be configured between 0 to 100 where higher numbers are more
trusted than lower.By default ASA allows traffic from higher security level to the lower
security level only.
7. How can we allow packets from a lower security level to a higher security level?
(override security level)We uses ACL.
8. Do same security level is allowed or denied in ASA?
By default it is not allowed.To allow this we use ASA(config)same-security-traffic permit
inter-interfsce
9. What is the security level of inside and outside interface by default?
The security level of inside interface by default is 100.for outside interfce by default is 0.
10. What protocols are inspected by ASA?
By default TCP and UDP are inspected by ASA
11. Does ASA inspects ICMP?
No.ASA does not inspects ICMP by default
12. Explain DMZ(Demilitarized zone)server?
If we need some network resources such as a web server or FTP server to be available to
outside users we place these resources on a separate network behind the firewall called a
demilitarized zone (DMZ).The firewall allows limited access to the DMZ.but because the
DMZ only includes the public servers ,an attack there only affects the servers and does not
affect the inside network
13. How does a firewall process a packet?
When a packet is received on the ingress interface, the ASA checks if it matches an existing
entry in the connection table. If it does, protocol inspection is carried out on that packet. ------
If it does not match an existing connection and the packet is either a TCP-SYN packet or
UDP packet, the packet is subjected to ACL checks. The reason it needs to be a TCP-SYN
packet is that an SYN packet is the first packet in the TCP 3-way handshake. Any other TCP
packet that isn’t part of an existing connection is likely an attack.
If the packet is allowed by ACLs and is also verified by translation rules, the packet goes
through protocol inspection.
Then, the IP header is translated if NAT is used and if the NAT rule specifies an egress
interface, the ASA will virtually forward the packet to this egress interface and then perform
a route lookup.
If a route is found that specifies the egress interface, then the Layer-2 header of the packet is
re-written and the packet is forwarded out the egress interface
14. What are the values for timeout of the TCP session, UDP session, ICMP session?
TCP session - 60 minutes UDP session - 2 minutes ICMP session - 2 seconds
15. Explain TCP Flags?
While troubleshooting TCP connections through the ASA, the connection flags shown for
each TCP connection provide information about the state of TCP connections to the ASA.
15.What is the command to see timeout timers? #
show run timeout
16. What is the Difference between ports in ASA 8.4 and ASA 8.2?
In ASA 8.4 all ports are Gig ports and in ASA 8.2 all are Ethernet ports.
17. What is the command to check the connection table?
# show conn
18. How ASA works in reference to Traceroute?
ASA does not decrement the TTL value in traceroute because it does not want to give its
information to others for security purpose. It forwards it without decrementing the TTL
Value.
19. What if we apply ACL as global in ASA?
It will be applied on all interfaces towards inbound. The global option is only in ASA 8.4 not
in ASA 8.2
20. What is the difference in ACL on ASA than on Router?
In the router, if we delete one access-control entry whole ACL will be deleted. In ASA, if we
will delete one access-control entry whole ACL will not be deleted.
21. Name some concepts that cannot be configured on ASA?
Line VTY cannot be configured on ASA. Wildcard mask concept is not present in ASA.
Loopback cannot be configured on ASA.
22. What is the command to capture packets in ASA?
To capture packet from inside interface:- # capture abc interface inside To see it:- # show
capture abc
23. What is the command to enable HTTP on ASA?
# http server enable
24. How to give static route on ASA?
# route outside < Next Hop>
25. How to give default route on ASA?
# route outside 0 0 < Next Hop>
26. What are the different types of ACL in the Firewall?
1. Standard ACL 2. Extended ACL 3. Ethertype ACL (Transparent Firewall) 4. Webtype
ACL (SSL VPN)
27. What is Transparent Firewall?
In Transparent Mode, ASA acts as a Layer 2 device like a bridge or switch and forwards
Ethernet frames based on destination MAC-address.
28. What is the need for a Transparent Firewall?
If we want to deploy a new firewall into an existing network it can be a complicated process
due to various issues like IP address reconfiguration, network topology changes, current
firewall etc. We can easily insert a transparent firewall in an existing segment and control
traffic between two sides without having to readdress or reconfigure the devices.
29. What are the similarities between the switch and ASA (in Transparent mode)?
Both learn which mac addresses are associated with which interface and store them in the
local mac address table.
30. What are the differences between a switch and ASA (in Transparent mode)?
ASA does not flood unknown unicast frames that are not found in the mac address table.
ASA does not participate in STP. Switch process traffic at layer 1 & layer 2 while ASA can
process traffic from layer 1 to layer 7. 31.What are the features that are not supported in
Transparent mode?
1. Dynamic Routing. 2. Multicasting. 3. QOS. 4. VPNs like IPSec and WebVPN cannot be
terminated. 5. ASA cannot act as a DHCP relay agent
31. Explain Ether-Type ACL?
In Transparent mode, unlike TCP/IP traffic for which security levels are used to permit or
deny traffic all non-IP traffic is denied by default. We create Ether-Type ACL to allow NON-
IP traffic. We can control traffic like BPDU, IPX etc with Ether-Type ACL.
32. What is the command to convert ASA into Transparent mode?
# firewall transparent
33. What is the command to see mode (routed or transparent)?
# show firewall
34. Explain Failover?
Failover is a Cisco proprietary feature. It is used to provide redundancy. It requires two
identical ASAs to be connected to each other through a dedicated failover link. The health of
active interfaces and units are monitored to determine if a failover has occurred or not.
35. What are the types of Failover?
1. Active/Standby Failover. 2. Active/Active Failover.
36. What information is exchanged between ASAs over a Failover link?
1. State - Active or standby. 2. Hello Messages. 3. Network Link Status. 4. Mac Addresses. 5.
Configuration Replication and Synchronization
37. What is the difference between Stateful failover and Stateless failover? Stateless Failover
- When failover occurs all active connections are dropped. Clients need to re-establish
connections when the new active unit takes over. Stateful Failover - The active unit
continually passes per-connection state information to the standby unit. After a failover
occurs, the same connection information is available at the new active unit. Clients are not
required to reconnect to keep the same communication session.
38. What Information Active unit passes to the standby unit in Stateful Failover?
NAT translation table, TCP connection states, The ARP table, The Layer 2 bridge table
(when running in transparent firewall mode), ICMP connection state etc.
39. What are the Failover Requirements between two devices?
Hardware Requirements - The two units in a failover configuration must be the same model,
should have the same number and types of interfaces. Software Requirements - The two units
in a failover configuration must be in the same operating modes (routed or transparent single
or multiple contexts). They must have the same software version.
40. Explain Active/Standby Failover?
In Active/Standby Failover, one unit is the active unit which passes traffic. The standby unit
does not actively pass traffic. When failover occurs, the active unit fails over to the standby
unit, which then becomes active. We can use Active/Standby Failover for ASAs in both
single or multiple context mode
41. Explain Active/Active Failover?
It is only available for ASAs in multiple context mode. In an Active/Active failover
configuration, both ASAs can pass network traffic. In Active/Active Failover, we divide the
security contexts on the ASA into Failover Groups. A Failover Group is simply a logical
group of one or more security contexts. Each group is assigned to be active on a specific ASA
in the failover pair. When Failover occurs, it occurs at the Failover group level.
42. What is the command to enable Failover?
# failover
43. What is the command to see Failover?
# show failover
44. Explain Unit Health Monitoring in Failover? How Failover occurs?
The ASA unit determines the health of the other unit by monitoring the failover link. When a
unit does not receive three consecutive hello messages on the failover link, it sends hello
messages on each interface, including the failover interface, to find whether or not the other
unit is responsive. Based upon the response from the other unit it takes following actions: 1.
If the ASA receives a response on the failover interface, then it does not failover. 2. If the
ASA does not receive a response on the failover link, but it does receive a response on
another interface, then the unit does not failover. The failover link is marked as failed. 3. If
the ASA does not receive a response on any interface, then the standby unit switches to active
mode and classifies the other unit as failed.
45. How active unit is determined in Active/Standby Failover?
1. If a unit boots and detects another unit already running as active, it becomes the standby
unit. 2. If a unit boots and does not detect active unit, it becomes the active unit. 3. If both
units boot simultaneously, then the primary unit becomes the active unit, and the secondary
unit becomes the standby unit.
46. Name some commands replicated to standby unit?
All configuration commands except for mode, firewall, and failover LAN unit are replicated
to standby unit.
# copy running-config startup-config
# write memory
47. Name some commands that are not replicated to the standby unit?
All forms of the copy command except for
# copy running-config startup-config all forms of the write command except for
# write memory Explain Active/Standby failover & Active/Active failover in terms of
preemption? In Active/Standby failover there is no preemption. In Active/Active failover
preemption is optional.
48. Explain the Security Context?
We can partition a single ASA into multiple virtual devices, known as Security Contexts.
Each context acts as an independent device, with its own security policy, interfaces, and
administrators. Multiple contexts are similar to having multiple standalone devices.
49. What features are supported in multiple context mode?
Routing tables, Firewall features, IPS, and Management.
50. What features are not supported in multiple context mode? VPN and Dynamic Routing
Protocols.
51. Explain System area?
When we boot up in multiple mode from the CLI, we are taken into the system area. The
system area is used to create and manage the contexts, configure the physical properties of
the interfaces, create VLANs for trunking, create resource classes to restrict the context
system resource usage.
52. What is the admin context?
When the appliance boots up, one context is automatically created called Admin Context
which defaults to being the administrative context. Any context can be made administrative
context. One of the contexts on our appliance must be the administrative context. An “*”
beside a context name indicates that the context is the administrative context.
53. How ASA classifies packets?
The packet that enters is to be processed by which context is classified by ASA as follows:-
1. Unique Interfaces - If only one context is associated with the ingress interface, the ASA
classifies the packet into that context. 2. Unique MAC Addresses - If multiple contexts share
an interface, then the interface MAC address is used as a classifier. ASA lets us assign a
different MAC address in each context to the same shared interface. By default, shared
interfaces do not have unique MAC addresses. We can set the MAC addresses manually or
we can automatically generate MAC addresses by # mac-address auto command 3. NAT
Configuration - If we do not use unique MAC addresses, then the mapped addresses in our
NAT configuration are used to classify packets.
54. What is the command to switch to multiple context Mode?
# mode multiple
After entering this command the appliance will reboot itself and our current configuration is
automatically backed up to flash in case we want to switch back to single mode. The file is
called “old_running.cfg.”
55. What is the command to switch back to single mode?
# mode single
56. What are different types of NAT in ASA?
Static NAT - A consistent mapping between a real and mapped IP address. It allows
Bidirectional traffic initiation.
Dynamic NAT - A group of real IP addresses are mapped to a (usually smaller) group of
mapped IP addresses on a first come first served basis. It allows only Unidirectional traffic
initiation.
Dynamic Port Address Translation (PAT) - A group of real IP addresses are mapped to a
single IP address using a unique source port of that IP address. Identity NAT - A real address
is statically translated to itself, essentially bypassing NAT.
57. What is Policy NAT?
Policy NAT allows you to NAT by specifying both the source and destination addresses in an
extended access list. We can also optionally specify the source and destination ports. Regular
NAT can only consider the source addresses, not the destination address. In Static NAT it is
called as Static Policy NAT. In Dynamic NAT it is called Dynamic Policy NAT.
58. Give the order of preference between different types of NAT?
1. Nat exemption. 2. Existing translation in Xlate. 3. Static NAT
- Static Identity NAT - Static Policy NAT - Static NAT - Static PAT
4. Dynamic NAT - NAT
Zero - Dynamic Policy NAT - Dynamic NAT - Dynamic PAT
59. What is the difference between Auto NAT & Manual NAT?
Auto NAT (Network Object NAT) - It only considers the source address while performing
NAT. So, auto NAT is only used for static or dynamic NAT. Auto NAT is configured within
an object. Manual NAT (Twice NAT) - Manual NAT considers either only the source address
or the source and destination address while performing NAT. It can be used for almost all
types of NAT like NAT exempt, policy NAT etc. Unlike auto NAT that is configured within
an object, manual NAT is configured directly from the global configuration mode.
60.Give NAT Order in terms of Auto NAT & Manual NAT?
NAT is ordered in 3 sections.
Section 1 – Manual NAT Section 2 – Auto NAT Section 3 – Manual Nat After-Auto
60. What is the command to see NAT Translations?
# show xlate
# show nat
61. What is the command to see both NAT Table and Connection Table?
# show local-host.
VPN
1. What is VPN?
Virtual Private Network (VPN) creates a secure network connection over a public network
such as the internet. It allows devices to exchange data through a secure virtual tunnel. It uses
a combination of security features like encryption, authentication, tunneling protocols, and
data integrity to provide secure communication between participating peers.
2. What is Authentication, Confidentiality & Integrity?
Authentication - Verifies that the packet received is actually from the claimed sender. It
verifies the authenticity of the sender. Pre-shared Key, Digital Certificate are some methods
that can be used for authentication. Integrity - Ensures that the contents of the packet have not
been altered in between by man-in-middle. Hashing Algorithm includes MD5, SHA.
Confidentiality - Encrypts the message content through encryption so that data is not
disclosed to unauthorized parties. Encryption algorithms include DES (Data Encryption
Standard), 3DES (Triple-DES), AES (Advanced Encryption Standard).
3. What is Symmetric and Asymmetric Encryption?
In symmetric encryption, a single key is used both to encrypt and decrypt traffic. It is also
referred to as a shared key or shared secret encryption. Symmetric encryption algorithms
include DES, 3DES, AES. In Asymmetric encryption, two keys are used to encrypt and
decrypt traffic, one for encryption and one for decryption. The most common asymmetric
encryption algorithm is RSA.
4. What is IPSec VPN?
IP Security Protocol VPN means VPN over IP Security. It allows two or more users to
communicate in a secure manner by authenticating and encrypting each IP packet of a
communication session. IPSec provides data confidentiality, data integrity and data
authentication between participating peers.
5. At which layer IPSec works?
IPSec secures IP traffic at the Layer 3 (Network Layer) of the OSI model
6. Name a major drawback of IPSec?
IPSec only supports unicast IP traffic.
7. What is the difference between Transport and Tunnel mode?
Tunnel mode - Protects data in network-to-network or site-to-site scenarios. It encapsulates
and protects the entire IP packet—the payload including the original IP header and a new IP
header (protects the entire IP payload including user data). Transport mode - Protects data in
host-to-host or end-to-end scenarios. In transport mode, IPsec protects the payload of the
original IP datagram by excluding the IP header (only protects the upper-layer protocols of IP
payload (user data)). IPSec protocols AH and ESP can operate in either transport mode and
tunnel mode.
8. What are the three main security services that IPSec VPN provides?
IPSec offers the following security services: 1. Peer Authentication. 2. Data confidentiality.
3. Data integrity.
9.Define Digital Signatures?
A digital signature is an attachment to an electronic message used for security purposes. It is
used to verify the authenticity of the sender.
10.What is Authorization?
Authorization is a security mechanism used to determine user/client privileges or access
levels related to network resources, including firewalls, routers, switches and application
features. Authorization is normally preceded by authentication and during authorization, It’s
the system that verifies an authenticated user’s access rules and either grant or refuses
resource access.
11. What is Site to Site and Remote Access VPN?
A site-to-site VPN allows offices in multiple locations to establish secure connections with
each other over a public network such as the Internet. Remote Access VPN allows Remote
users to connect to the Headquarters through a secure tunnel that is established over the
Internet. The remote user is able to access internal, private web pages and perform various
IP-based network tasks. There are two primary methods of deploying Remote Access VPN:
1. Remote Access IPSec VPN. 2. Remote Access Secure Sockets Layer (SSL) VPN.
12. What are the 3 protocols used in IPSec?
1. Authentication Header (AH). 2. Encapsulating Security Payload (ESP). 3. Internet Key
Exchange (IKE).
13.Explain IPSec Protocol Headers?
1. Encapsulating Security Payload (ESP) - It is an IP-based protocol which uses port 50 for
communication between IPSec peers. ESP is used to protect the confidentiality, integrity and
authenticity of the data and offers anti-replay protection. Drawback - ESP does not provide
protection to the outer IP Header. 2. Authentication Header (AH) - It is also an IP-based
protocol that uses port 51 for communication between IPSec peers. AH is used to protect the
integrity and authenticity of the data and offers anti-replay protection. Unlike ESP, AH
provides protection to the IP header also. Drawback - AH does not provide confidentiality
protection.
14.How ESP & AH provides anti-replay protection?
Both ESP and AH protocols provide anti-replay protection based on sequence numbers. The
sender increments the sequence number after each transmission, and the receiver checks the
sequence number and rejects the packet if it is out of sequence.
15. What is IKE?
It is a hybrid protocol that implements Oakley and SKEME key exchanges inside the Internet
Security Association and Key Management Protocol (ISAKMP) framework. It defines the
mechanism for creating and exchanging keys. IKE derives authenticated keying material and
negotiates SAs that are used for ESP and AH protocols.
16. Which protocol does IKE use?
IKE uses UDP port 500.
17. Explain how IKE/ISAKMP Works?
IKE is a two-phase protocol: Phase 1 IKE phase 1 negotiates the following:- 1. It protects the
phase 1 communication itself (using crypto and hash algorithms). 2. It generates Session key
using Diffie-Hellman groups. 3. Peers will authenticate each other using pre-shared, public
key encryption, or digital signature. 4. It also protects the negotiation of phase 2
communication. There are two modes in IKE phase 1: Main mode - Total Six messages are
exchanged in the main mode for establishing phase 1 SA. Aggressive mode - It is faster than
the main mode as only Three messages are exchanged in this mode to establish phase 1 SA. It
is faster but less secure. At the end of phase 1, a bidirectional ISAKMP/IKE SA (phase 1 SA)
is established for IKE communication. Phase 2 IKE phase 2 protects the user data and
establishes SA for IPSec. There is one mode in IKE phase 2: Quick mode - In this mode,
Three messages are exchanged to establish the phase 2 IPSec SA. At the end of phase 2
negotiations, two unidirectional IPSec SAs (Phase 2 SA) are established for user data—one
for sending and another for receiving encrypted data.
18. Explain the messages exchange between the peers in IKE/ISAKMP?
Phase 1 - Main Mode MESSAGE 1: Initiator offers Policy proposal which includes
encryption, authentication, hashing algorithms (like AES or 3DES, PSK or PKI, MD5 or
RSA). MESSAGE 2: Responder presents policy acceptance (or not). MESSAGE 3: Initiator
sends the Diffie-Helman key and nonce. MESSAGE 4: Responder sends the Diffie-Helman
key and nonce. MESSAGE 5: Initiator sends ID, preshare key or certificate exchange for
authentication. MESSAGE 6: Responder sends ID, preshare key or certificate exchange for
authentication. Only First Four messages were exchanged in clear text. After that, all
messages are encrypted. Phase 2 - Quick Mode MESSAGE 7: Initiator sends Hash, IPSec
Proposal, ID, nonce. MESSAGE 8: Responder sends Hash, IPSec Proposal, ID, nonce.
MESSAGE 9: Initiator sends signature, hash, ID. All messages in Quick mode are encrypted.
19. What is Diffie-Hellman?
DH is a public-key cryptography protocol which allows two parties to establish a shared
secret over an insecure communications channel. Diffie-Hellman is used within IKE to
establish session keys and is a component of Oakley.
20.How Diffie-Hellman works?
Each side has a private key which is never passed and a Diffie-Hellman Key (Public Key
used for encryption). When both sides want to do a key exchange they send their Public Key
to each other. for example Side A get the Public Key of Side B, then using the RSA it creates
a shared key which can only be opened on Side B with Side B's Private Key So, even if
somebody intercepts the shared key he will not be able to do reverse engineering to see it as
only the private key of Side B will be able to open it.
21.What are Security Associations?
The SAs define the protocols and algorithms to be applied to sensitive packets and specify
the keying material to be used by the two peers. SAs are unidirectional and are established
per security protocol (AH or ESP). 22.What is Transform set?
An IKE transform set is a combination of security protocols and algorithms. During the IPsec
SA negotiation, the peers agree to use a particular transform set for protecting a particular
data flow.
23. What are Crypto access lists?
Crypto access lists specify which IP traffic is protected by crypto and which traffic is not
protected by crypto. To protect IP traffic "permit" keyword is used in an access list. If the
traffic is not to be protected then "deny" keyword is used in the access list.
24.What is Crypto map?
Crypto map is used to pull together the various parts used to set up IPSec SAs including: 1.
Which traffic should be protected by IPSec (crypto access list). 2. Where IPSec-protected
traffic should be sent (remote IPSec peer). 3. What IPSec SA should be applied to this traffic
(transform sets). Multiple interfaces can share the same crypto map set in case we want to
apply the same policy to multiple interfaces. If more than one crypto map is created for a
given interface then use the sequence number of each map entry to rank the map entries, the
lower the seq-num argument the higher the priority.
25.How do you check the status of the tunnel’s phase 1 & 2?
Use following commands to check the status of tunnel phases: Phase 1 - # show crypto
isakmp sa Phase 2 - # show crypto ipsec sa What is IPsec 26.Virtual Tunnel Interface?
IPSec VTI is the concept of using a dedicated IPsec interface called IPSec Virtual Tunnel
Interface for highly scalable IPSec-based VPNs. IPSec VTI provides a routable interface for
terminating IPSec tunnels. VTI also allows the encrypting of multicast traffic with IPSec.
27. What is the difference between Static Crypto Maps and Dynamic Crypto Maps?
Static Crypto Maps are used when peers are predetermined. It is basically used in IPSec site
to site VPNs. Dynamic crypto maps are used with networks where the peers are not always
predetermined. It is basically used in IPSec Remote Access VPNs. There are two types of
IPSec VTI interfaces: 1. Static VTI (SVTI): This can be used for site-to-site IPsec-based
VPNs. 2. Dynamic VTI (DVTI): DVTI replaces dynamic crypto maps. It can be used for
remote-access VPNs.
28. What is Cisco Easy VPN?
Remote Access VPN, when implemented with IPsec is called Cisco Easy VPN. The Easy
VPN is easy to set up, with minimal configuration required at the remote client site. Cisco
Easy VPN allows us to define centralized security policies at the head-end VPN device (VPN
Server) which are then pushed to the remote site VPN device upon connection.
29. What is DMVPN?
DMVPN allows IPSec VPN networks to better scale hub-to-spoke and spoke-to-spoke
topologies optimizing the performance and reducing latency for communications between
sites. It offers the following benefits: 1. It Optimizes network performance. 2. It Reduces
router configuration on the hub. 3. Support for dynamic routing protocols running over the
DMVPN tunnels. 4. Support for multicast traffic from hub to spokes. 5. The capability of
establishing direct spoke-to-spoke IPsec tunnels for communication between sites without
having the traffic to go through the hub.
30.What are the three phases of DMVPN?
Phase 1 - In phase 1 we use NHRP so that spokes can register themselves with the hub. Only
Hub uses a multipoint GRE interface, all spokes will be using regular point-to-point GRE
tunnel interfaces which means that there will be no direct spoke-to-spoke communication, all
traffic has to go via the hub. The only advantage of the phase I setup is the fact the hub
router’s configuration is much simpler. Summarization is possible in phase 1. Phase 2 - In
phase 2 all spokes routers also use multipoint GRE tunnels so we do have direct spoke to
spoke tunneling. When a spoke router wants to communicate to another spoke it will send an
NHRP resolution request to the hub to find the NBMA IP address of the other spoke.
Summarization is not possible in phase 2. Full Process: 1. Spoke 1 forwards a packet with a
next hop which is another spoke (spoke 2). There is no NHRP map entry for this spoke so an
NHRP resolution request is sent to the hub. 2. The request from spoke 1 contains the tunnel
IP address of the spoke 2 so the hub relays the request to spoke 2. 3. Spoke 2 receives the
request, adds its own address mapping to it and sends it as an NHRP reply directly to spoke 1.
4. Spoke 2 then sends its own NHRP resolution request to the hub that relays it to spoke 1. 5.
Spoke 1 receives the request from spoke 2 via the hub and replies by adding its own mapping
to it and sending it directly to spoke 2. Spoke to Spoke tunnel is established.
Phase 3 - In phase 3 NHRP redirect configured on the hub tells the initiator spoke to look for
a better path to the destination spoke. On receiving the NHRP redirect message the spokes
communicate with each other over the hub and they have their NHRP replies for the NHRP
Resolution Requests that they sent out. NHRP Shortcut configured on the spoke updates the
CEF table. It basically changes the next-hop value for a remote spoke from the initial hub
tunnel IP address to the NHRP resolved tunnel IP address of remote spoke. Summarization is
possible in phase 3.
31. Explain Next Hop Resolution Protocol (NHRP)?
It is a Layer 2 protocol which is used to map a tunnel IP address to an NBMA address. It
functions similar to ARP. Hub maintains the NHRP database of the public addresses for each
spoke. When the spoke boots up, it registers its real address to the hub and queries the NHRP
database for real addresses of other spokes so that they can build direct tunnels.
32.What is GRE?
Generic Routing Encapsulation Protocol is a tunneling protocol developed by Cisco designed
to encapsulate IP unicast, multicast and broadcast packets. It uses IP protocol number 47.
33. Name a major drawback of both GRE & L2TP?
No encryption.
34. What is SSL VPN? How it is different from IPSec VPN?
SSL VPN provides remote access connectivity from any internet enabled device through a
standard web browser and its native SSL encryption. It does not require any special client
software at a remote site. In IPSec VPN connection is initiated using a pre-installed VPN
client software so it requires the installation of special client software. In SSL VPN
connection is initiated through a web browser so it does not requires any special purpose
VPN client software, only a web browser is required.
35. At which Layer does SSL VPN operate?
SSL is an Application layer (Layer 7) cryptographic protocol that provides secure
communications over the Internet for web browsing, e-mail and other traffic. It uses TCP port
443.
36. What are different SSL VPN Modes?
SSL VPN can be deployed in one of the following three modes:-
1. Clientless mode - It works at Layer 7, Clientless mode provides secure access to web
resources and web-based content. This mode can be used for accessing most content that you
would expect to access in a web browser such as Internet, databases and online tools.
Clientless mode also supports the common Internet file system (CIFS). Clientless mode is
limited to web-based content only. It does not provide access to TCP connections such as
SSH or Telnet.
2. Thin client mode - It works at Layer 7 and is also known as port forwarding. Thin client
mode provides remote access to TCP-based services such as Telnet, Secure Shell (SSH),
Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP) and Post
Office Protocol (POP3) applications. Thin client is delivered via a Java applet that is
dynamically downloaded from the SSL VPN appliance upon session establishment.
3. Thick client mode - It works at Layer 3 and is also known as tunnel mode or full tunneling
client. The thick client mode provides extensive application support through dynamically
downloaded SSL VPN Client software or the Cisco AnyConnect VPN client software from
the VPN server appliance. This mode delivers a lightweight, centrally configured, and easy-
to-support SSL VPN tunneling client that provides full network layer (Layer 3) access to
virtually any application.
37. Explain SSL Handshake?
 1. The client initiates by sending a CLIENT-HELLO message which contains SSL version
that the client supports, in what order the client prefers the versions, Ciphersuits
(Cryptographic Algorithms) supported by the client, Random Number.
2. The server will send back a SERVER-HELLO message Which contains Version Number
(Server selects SSL version that is supported by both the server and the client), Cipher Suits
(selected by server the best cipher suite version that is supported by both of them), Session
ID, Random Data. 3. The server also sends PKI certificate for authenticating himself signed
and verified by Certificate Authority along with the public key for encryption.
4. The server will then send Server Hello Done indicating that the server has finished
sending its hello message, and is waiting for a response from the client.
5. Client will send its certificate if the server has also requested for client authentication in
server hello message.
6. Client will send the Client Key Exchange message after calculating the premaster secret
with the help of the random values of both the server and the client. This message is sent by
encrypting it with the server's public key which was shared through the hello message. The
server will decrypt the premaster secret with its private key. Now both client and server will
perform a series of steps to generate session keys (symmetric) which will be used for
encryption and decryption of data exchanges during SSL session and also to verify its
integrity.
7. Client will send CHANGE CIPHER SUITE message informing the server that future
messages will be encrypted using session key.
8. Client will send CLIENT FINISH (DONE) message indicating that the client is done.
9. The server will also send CHANGE CIPHER SUITE message.
10. Client will also send CLIENT FINISH (DONE) message.
ACL
1. What is ACL?
Access Control List is a packet filtering method that filters the IP packets based on source
and destination address. It is a set of rules and conditions that permit or deny IP packets to
exercise control over network traffic.
2. What are different Types of ACL?
There are two main types of access lists:- 1. Standard Access List. 2. Extended Access List.
3. Explain Standard Access List?
Standard access list examines only the source IP address in an IP packet to permit or deny
that packet. It cannot match other fields in the IP packet. The standard access list can be
created using the access-list numbers 1-99 or in the expanded range of 1300-1999. The
standard access list must be applied close to the destination. As we are filtering based only on
source address, if we put the standard access-list close to the source host or network then
nothing would be forwarded from source. Example'
R1(config)# access-list 10 deny host 192.168.1.1
R1(config)# int fa0/0
R1(config-if)#ip access-group 10 in
4. Explain Extended Access List?
Extended Access List filters the network traffic based on the Source IP address, Destination
IP address, Protocol Field in the Network layer, Port number field at the Transport layer.
Extended Access List ranges from 100 to 199, In expanded range 2000-2699. Extended
Access List should be placed as close to the source as possible. Since extended access list
filters the traffic based on specific addresses (Source IP, Destination IP) and protocols we
don’t want our traffic to traverse the entire network just to be denied wasting the bandwidth.
Example
R1(config)# access-list 110 deny tcp any host 192.168.1.1 eq 23
R1(config)# int fa0/0
R1(config-if)# ip access-group 110 in
5.Explain Named ACL and its advantages over Number ACL?
Named ACL is just another way of creating standard and extended ACL. In Named ACL
names are given to identify access-list. It has the following advantage over number ACL - In
Name ACL we can give sequence number which means we can insert a new statement in the
middle of ACL. Example
R1(config)# ip access-list extended CCNA
R1(config)# 15 permit tcp host 10.1.1.1 host 20.1.1.1 eq 23
R1(config)# exit This will insert above statement at Line 15.
R1(config)# int fa0/0
R1(config-if)#ip access-group ccna in
6.What is Wildcard Mask?
The wildcard mask is used with ACL to specify an individual host, a network, or the range of
the network. Whenever a zero is present, it indicates that octet in the address must match the
corresponding reference exactly. Whenever a 255 is present, it indicates that octet need not be
evaluated. The wildcard mask is completely opposite to subnet mask.
Example- For /24 Subnet Mask - 255.255.255.0 Wildcard Mask - 0.0.0.255
7.How to permit or deny specific Host in ACL?
1. Using a wildcard mask "0.0.0.0" Example- 192.168.1.1 0.0.0.0 or 2. Using keyword
"Host" Example- Host 192.168.1.1
In which directions we can apply an Access List?
 We can apply an access list in two directions:- IN - ip access-group 10 in OUT - ip access-
group 10 out
8.Difference between inbound access-list and outbound access-list?
When an access-list is applied to inbound packets on an interface, those packets are first
processed through ACL and then routed. Any packets that are denied won’t be routed. When
an access-list is applied to outbound packets on an interface, those packets are first routed to
outbound interface and then processed through ACL
9. Difference between #sh access-list command and #sh run access-list command?
#sh access-list shows the number of hit counts.
#sh run access-list does not show the number of hit counts.
10.How many access lists can be applied to an interface on a Cisco router?
We can assign only one access list per interface per protocol per direction which means that
when creating an IP access lists, we can have only one inbound access list and one outbound
access list per interface. Multiple access lists are permitted per interface, but they must be for
a different protocol.
11. How are access lists processed?
Access lists are processed in sequential, logical order, evaluating packets from the top down,
one statement at a time. As soon as a match is made, the permit or deny option is applied, and
the packet is not evaluated against any more access list statements. Because of this, the order
of the statements within any access list is significant. There is an implicit “deny” at the end of
each access list which means that if a packet doesn’t match the condition on any of the lines
in the access list, the packet will be discarded.

13.What is at the end of each Access List?

At the end of each access list, there is an implicit deny statement denying any packet for
which the match has not been found in the access list.
NAT
1. What is NAT?
Network Address Translation translates the private addresses into public addresses before
packets are routed to a public network. It allows a network device such as a router to translate
addresses between the private and public network.
2. What are the Situations where NAT is required?
1. When we need to connect to the internet and our hosts don't have globally unique IP
addresses.
2. When we want to hide internal IP addresses from outside for security purpose.
3. A company is going to merge in another company which uses same address space.
3.What are the advantages of Nat?
1. It conserves legally registered IP addresses.
2. It prevents address overlapping.
3. Provides security by hiding internal (private) IP addresses.
4. Eliminates address renumbering as a network evolves.

4.What are different types of NAT?

There are mainly three types of NAT:-
1. Static NAT
2. Dynamic NAT
3. Port Address Translation (Overloading)
5.What is Static NAT?
Static NAT allows for one to one mapping that is it translates one private IP address to one
public IP address.
R1(config)# ip nat inside source static 10.1.1.1 15.36.2.1
R1(config)# int fa0/0
R1(config-if)#ip nat inside (It identifies this interface as the inside interface)
R1(config)# int fa0/1
R1(config-if)#ip nat outside (It identifies this interface as the outside interface)
In ip nat inside source command, we can see that the command is referencing the inside
interface as source or starting point of the translation.
6.What is Dynamic NAT?
It maps an unregistered IP address to a registered IP address from out of a pool of registered
IP addresses.
R1(config)# ip nat pool CCNA 190.1.1.5 190.1.1.254 netmask 255.255.255.0 R1(config)#ip
nat inside source list 10 pool CCNA
R1(config)# int fa0/0
R1(config-if)#ip nat inside (It identifies this interface as the inside interface)
R1(config)# int fa0/1
R1(config-if)#ip nat outside (It identifies this interface as the outside interface)
R1(config)# access-list 10 permit 192.168.1.0 0.0.0.255 (To specify which unregistered
addresses needs to be translated)
7.What is Port Address Translation (Overloading)?
It maps multiple unregistered IP addresses to a single registered IP address using different
port numbers. PAT allows thousands of users to connect to internet using one public address
only.
R1(config)# ip nat pool CCNA 190.1.1.5 190.1.1.254 netmask 255.255.255.0 R1(config)#ip
nat inside source list 10 pool CCNA overload R1(config)# int fa0/0
R1(config-if)#ip nat inside (It identifies this interface as the inside interface)
R1(config)# int fa0/1
R1(config-if)#ip nat outside (It identifies this interface as the outside interface)

R1(config)# access-list 10 permit 192.168.1.0 0.0.0.255 (To specify which unregistered

addresses needs to be translated)
8.What are Inside Local, Inside Global, Outside Local, Outside Global address?
An Inside local address is an IP address of host before translation. Inside Global address is
the public IP address of host after translation. Outside Local address is the address of router
interface connected to ISP. Outside Global address is the address of the outside destination
(ultimate destination).

BASIC ROUTING
1. What is Routing?
The function of routing is to route packets between networks that are not locally attached.
2. What is a Router?
A Router is a networking device that performs routing which means it routes packets between
devices that are on different networks. A router is a Layer 3 device.
3. What are the different types of memory in the router?
RAM - Running configuration file: running-config is stored in RAM NVRAM - Startup
Configuration file: startup-config is stored in NVRAM Flash Memory - IOS is stored in Flash
Memory ROM - Instructions for POST, Bootstrap program, Mini-IOS is stored in ROM
4. What are the possible locations of IOS image?
FLASH and TFTP Server.
5. What is ROM Monitor?
If the Bootstrap program is not able to find a valid IOS image, it will act as ROM Monitor.
ROM Monitor is capable of performing certain configuration task such as:-
1. Recovering a lost password
2. Changing the configuration register value etc.
3. Downloading IOS image using TFTP
6. What are the different modes in the router?
1. User Exec Mode - In User Exec mode, we can only view the configuration settings on the
device but cannot make any changes to the device configuration. IOS prompt in user exec
mode is Router>
2. Privilege Mode - In Privilege mode, we can both view and make changes to the
configuration of a router. IOS prompt in Privilege Mode is Router# Command to navigate to
privilege mode from user exec mode:- Router>enable Router#
3. Global Configuration Mode - In Global Configuration mode we can make global changes.
Global changes are the changes which affect the router (device) as a whole such as changing
the hostname of a device. IOS prompt in Privilege Mode is Router (config) # Command to
navigate to Global Configuration mode from Privilege mode:- Router# configure terminal
Router (config) #
4. Specific Configuration Mode - We can navigate to a number of sub prompt from global
configuration, such as the interface prompts to configure the properties of a specific interface
and the router mode to configure routing protocols. IOS prompt in specific configuration
mode for interface prompt is Router (config-if) # Example:- Router (config) # interface fa0/0
Router (config-if) #

7. What is the command to enter PRIVILEGE mode from USER mode?

> enable
8.What is the command to enter Global Configuration mode from PRIVILEGE Mode? #
configure terminal
9. What is the command to reboot a router?
# reload
10.What is the command to backup IOS to TFTP server?
# copy flash tftp
11. What is the command to copy running-config to startup config?
# copy running-config startup-config
12.What is the command to display the current running configuration?
# show running-config
 13. Define static routing?
In static routing, routes are manually configured on the router by a network administrator.
Advantages:-
1. There is no overhead on the router CPU.
2. There is no bandwidth usage between routers.
3. It is secure as the administrator can choose to allow routing access to certain networks only.
Disadvantages:-
1. The administrator must really understand the internetwork and how each router is
connected in order to configure routes correctly.
2. It is not feasible in large networks because maintaining it is a full-time job.
14.What is Default Route?
A default route specifies a path that the router should take if the destination is unknown. All
the IP datagrams with unknown destination address are sent to the default route.
15.What is a Dynamic Routing?
In Dynamic routing, routes are learned by using a routing protocol. Routing protocols will
learn about routes from other neighboring routers running the same routing protocol.
Example- OSPF, EIGRP, RIP.
16.What is a Routed Protocol?
A Routed Protocol carries data from one network to another network. Routed protocol carries
user traffic such as file transfers, web traffic, e-mails etc. Example- IP (Internet Protocol), IPX
(Internetwork Packet Exchange) and AppleTalk.
17.What is Routing Protocol?
Routing Protocols learn the routes and provide the best routes from one network to another
network. Example - RIP (Routing Information Protocol), EIGRP (Enhanced Interior Gateway
Routing Protocol) and OSPF (Open Shortest Path First).
18.What is IGP?
An Interior Gateway Protocol refers to a routing protocol that handles routing within a single
autonomous system. Example- RIP, IGRP, EIGRP, and OSPF. What is EGP? An Exterior
Gateway Protocol refers to a routing protocol that handles routing between different
Autonomous Systems (AS). Example:- Border Gateway Protocol (BGP).
19.What is an Autonomous System?
An Autonomous System (AS) is a group of networks under a single administrative control.
20.What is Administrative Distance (AD)?
 Administrative Distance is the trustworthiness of a routing protocol. Routers use AD value
to select the best path when there are two or more different routes to the same destination
learned through two different routing protocols.
21. What is the Range of AD values?
0 to 255, where 0 is the Best and 255 is the worst. Routing Protocol Administrative Distance
Value Directly Connected 0 Static route 1 EIGRP 90 OSPF 110 RIP 120
22.What is Distance-Vector Routing Protocol?
Distance vector routing protocols use the distance or hops as the metric to find paths to
destinations. Example- Routing Information Protocol (RIP), Interior Gateway Routing
Protocol (IGRP)
23.What is Link-State Routing Protocol?
Each router running a link state routing protocol originates information about the router, its
directly connected links, and the state of those links. This information is sent to all the routers
in the network as multicast messages. Link-state routing always tries to maintain full networks
topology by updating itself incrementally only when network topology changes. Example-
Open Shortest Path First (OSPF)
24.What is Hybrid Routing Protocol?
A Hybrid Routing protocol takes the advantages of both Distance Vector and Link State
Routing protocols.
1. It sends traditional Distance Vector updates.
2. It has Link State characteristics also which means it synchronizes routing tables between
neighbors at startup, and then it sends specific updates when network topology changes.
Example- Enhanced Interior Gateway Routing Protocol (EIGRP)
25.What is a Route metric?
Routing Protocol uses route metric value to find the best path when there are two or more
different routes to the same destination. Different routing protocols use route metric to
compute the distance to destination. RIP - Hop Count, OSPF - Cost, EIGRP - Bandwidth,
Delay, Reliability, Load, MTU.
26.What is Hop Count?
Hop count is the number of routers from the source through which data must pass to reach the
destination network.
27.What is Bandwidth, Delay, Reliability, Load?
1. Bandwidth - It is the Data capacity of a link in Kbps.
2. Delay - It is the time takes to reach the destination.
3. Reliability - The path with the least amount of errors or downtime.
4. Load - It is the amount of utilization of a path.
 5. MTU - Maximum transmission unit (MTU) defines the maximum size of the packet that
can be sent over a medium.
28.Define Bandwidth and Latency?
Bandwidth (throughput) and Latency (Delay) are used to measure network performance.
The bandwidth of a network is the number of bits that can be transmitted over the network
in a certain period of time. Latency is the time taken for a message to travel from one end of
a network to the other end. It is measured in terms of time.
29.What is Cost?
Cost is the inverse proportion of bandwidth of the links.
30. What is CDP?
31. Cisco Discovery Protocol is a Cisco proprietary protocol to help administrators in
collecting information about both locally attached and remote devices.
RIP
1. What is RIP?
RIP is a Distance-Vector Routing protocol. It is a classful routing protocol (classful routing
protocols do not send subnet mask information with their routing updates). It does not support
VLSM (Variable Length Subnet Masking). RIP uses hop count as its metric to determine the
best path to a remote network and it supports maximum hop count of 15. Any router farther
than 15 hops away is considered as unreachable. It sends its complete routing table out of all
active interfaces every 30 seconds.
2.What are the four timers in RIP?
Route update timer (30 seconds) - It is the time interval between periodic routing updates in
which the router sends a complete copy of its routing table out to all neighbors.
Route invalid timer (180 seconds) - It is the time interval before a router determines that a route
has become invalid. A route will become invalid if it hasn’t heard any updates about a particular
route for that period.
Hold down timer (180 seconds) - It is the amount of time during which routing information is
suppressed. Routes will enter into the holddown state when an update packet is received that
indicated the route is unreachable. This continues either until an update packet is received with
a better metric or until the holddown timer expires.
Route flush timer (240 seconds) - It is the time between a route becoming invalid and its
removal from the routing table. Before it's removed from the table, the router notifies its
neighbors of that invalid route. The value of the route invalid timer must be less than that of
the route flush timer.
3.What is the difference between RIPV1 & RIPV2?
RIPV1 RIPV2
RIPV1 is a classful protocol. RIPV2 is a classless protocol.
RIPV1 use broadcasts for updates. RIPv2 uses multicasts for updates.
RIPV1 broadcasts updates every 30 seconds. RIPv2 supports triggered updates (when
a change occurs).
RIPV1 does not support variable VLSM. RIPV2 supports VLSM.
RIPV1 does not supports authentication. supports authentication.
4.Explain Load-Balancing in RIP?
RIP can perform load balancing over upto six equal-cost paths.
5. Explain Split Horizon?
The Split Horizon feature prevents a route learned on one interface from being advertised back
out of that same interface.

6.What is route poisoning?

With route poisoning, when a distance vector routing protocol notices that a route is no longer
valid, the route is advertised with an infinite metric, signifying that the route is bad. In RIP, a
metric of 16 is used to signify infinity.
7.How do you stop RIP updates from propagating out an interface on a router?
Sometimes we dont want RIP updates to propagate across the network, wasting valuable
bandwidth. For this purpose, we can use passive-interface command to stop RIP updates from
propagating out an interface.
8.Which port number and protocol RIP use?
RIP uses UDP (user datagram protocol) port number 520.
9.What is the administrative distance of RIP?
RIP has an administrative distance of 120.
10. What is the multicast address of RIP?
224.0.0.9
11.How do we configure RIP?
Router(config)# router rip
Router(config-router)# network 192.168.1.0
Router(config-router)# version 2 (to convert it into RIPV2)
12. What is the difference between RIPng and RIP?
RIPng is for IPv6 and RIP is for IPv4
 EIGRP
1. Explain EIGRP Routing Protocol?
Enhanced Interior Gateway Routing Protocol (EIGRP Protocol) is an enhanced distance vector
routing protocol which uses Diffused Update Algorithm (DUAL) to calculate the shortest path.
It is also considered as a Hybrid routing protocol because it has characteristics of both Distance
Vector and Link State Routing Protocols. EIGRP supports classless routing and VLSM, route
summarization, incremental updates, load balancing and other features.
2. What are the requirements for neighborship in EIGRP?
The following fields in a hello packet must match for routers to become neighbors:- 1.
Autonomous System number. 2. K-values. 3. Authentication.
3. The primary address should be used. 5. If static neighborship then should be defined on both
sides.
3.What tables do EIGRP routers maintain?
EIGRP router stores routing and topology information in three tables:- 1. Neighbor table -
Stores information about EIGRP neighbors. 2. Topology table - Stores routing information
which is learned from neighbor routers. 3. Routing table - Stores the best paths to all networks.
4.Why no auto-summary command is used in EIGRP?
By default, EIGRP behaves like a classful routing protocol which means it does not advertise
the subnet mask information along with the routing information. No auto-summary command
will ensure that EIGRP sends the subnet mask information along with the routing information.
5. What metric does EIGRP use?
EIGRP calculates its metric by using Bandwidth, Load, Delay, Reliability and MTU.
6. What are the EIGRP Hello and Hold timer?
Hello Time - Router will send a hello to its neighbor every 5 seconds (Hello time). Hold Time
- If a Router does not receive hello for 15 seconds (Hold time) then it will assume that link is
down and it will drop the neighborship.
7. What are the default values EIGRP Hello and Hold timer?
Hello Time - 5 seconds Hold Time - 15 seconds
8.What is a Successor?
A successor is the best path to reach a destination in the topology table. 9.What is the Feasible
successor?
A feasible successor is the second best path to reach a destination after successor. It acts as a
backup for the successor.
10. What is the Feasible distance?
Feasible distance is the distance (metric) to reach the destination network. The route with this
metric will be in the routing table as it is the best route to reach a remote (destination) network.
11.What is Advertised Distance/Reported Distance?
Advertised distance is the distance (metric) of a neighbor router to reach the destination
network. This is the metric of a destination network as reported by a neighbor.
12.What authentication does EIGRP support?
EIGRP supports Only MD5.
13. Give the Formula EIGRP uses to calculate Metric?
((10^7/least bandwidth of link) + cumulative delay)*256
14.What is the Different Administrative Distance that EIGRP use?
1. Internal - 90 2.External - 170 3.Summary - 5

15. What multicast address does EIGRP use?

EIGRP routers use the multicast address of 224.0.0.10
16. How we configure EIGRP?
Router(config)# router eigrp 100
Router(config-router)# network 172.16.1.0 0.0.0.255
Router(config-router)# network 10.16.1.0 0.0.0.255
Router(config-router)# no auto-summary
17.Give some commands to troubleshoot EIGRP?
#show ip route - It shows full Routing Table
. #show ip route eigrp - It shows only EIGRP routes (routes learned through EIGRP protocol
in the routing table).
#show ip eigrp neighbors - It shows EIGRP Neighbor Table.
#show ip eigrp topology - It shows EIGRP Topology Table.
1. What is EIGRP?
Enhanced Interior Gateway Routing Protocol (EIGRP) is an enhanced distance vector routing
protocol which uses Diffused Update Algorithm (DUAL) to calculate the shortest path. It is
also considered as a Hybrid Routing Protocol because it has characteristics of both Distance
Vector and Link State Routing Protocols. EIGRP supports classless routing and VLSM, route
summarization, incremental updates, load balancing and other features.
2.
2.What are the requirements for neighborship in EIGRP?
The following fields in a hello packet must match for routers to become neighbors:- 1.
Autonomous System number. 2. K-values. 3. Authentication. 4. The primary address should
be used. 5. If static neighborship then should be defined on both sides.
3. What is the metric of the EIGRP protocol & its default values?
1. Bandwidth (K1=1) 2. Load (K2=0) 3. Delay (K3=1) 4. Reliability (K4=0) 5. Maximum
Transmission Unit (K5=0) By default, EIGRP only uses Bandwidth (K1) and Delay (K3) to
calculate metrics.
4. Give the formula by which EIGRP calculates metric?
Metric = 256 * [(10^7 / lowest-bandwidth) + cumulative-delay] The lowest bandwidth is the
lowest-bandwidth link in the route, using a unit of Kilobits per second. The cumulative-delay
value used in the formula is the sum of all the delay values for all links in the route, with a unit
of tens of microseconds.
5.What are the four basic components of EIGRP?
The four basic components of EIGRP are - 1. The Protocol Dependent Module - It supports
IP, IPv6, IPX, Apple Talk. 2. The Reliable Transport Protocol - RTP is used in EIGRP for
detecting packet loss and to ensure ordered delivery of the packets. 3. The Neighbor Discovery
and Recovery Module - Hello messages are used for Neighbor Discovery and Recovery. 4. The
Diffusing Update Algorithm - It is an algorithm used by EIGRP for selecting the lowest cost
loop-free path for each possible destination.
6. What are the different packet types used by EIGRP?
The packet types used by EIGRP are:-
1. Hello - Neighborship is discovered and maintained by Hello Packets.
2. Acknowledgement - ACK packets are used to acknowledge the receipt of an update, query
and reply packets. Acknowledgement packets are Unicast.
3. Update - EIGRP uses Update messages to send routing information to neighbors. Update
packets can be sent to a single neighbor using unicast or to a group of neighbors using multicast.
4. Query - Query packets are used when EIGRP router has lost path (Successor) to a certain
network and does not have any backup paths (Feasible Successor). The router sends query
packets to its neighbors asking them if they have information about this particular network.
Query packets are multicast.
5. Reply - Reply packets are used in response to the query packets. Reply packets are unicast
to the originator of the query.
7.What is Reliable Transport Protocol?
EIGRP uses RTP (Reliable Transport Protocol) to deliver EIGRP packets between neighbors
in a reliable and ordered way. If the packet with RTP enable sent, gets lost in the transit it will
be sent again (resend).
8.What packets are RTP enabled?
1. Update Packet. 2. Query Packet. 3. Reply Packet.
9.Explain what will happen if the packet is not acknowledged?
If a packet is not acknowledged, EIGRP will retransmit the packet to the non-responding
neighbor as a unicast. No other traffic is sent to this neighbor until it responds. After 16
unacknowledged re-transmissions, the neighbor is removed from the neighbor table.
10.Explain EIGRP Router ID?
In EIGRP, duplicate RIDs do not prevent routers from becoming neighbors and two EIGRP
routers with the same router ID will still form a neighbor relationship. The only time the value
of EIGRP RIDs consider is when injecting external (redistributed) routes into EIGRP. In this
case, the routers injecting the external routes should have unique RIDs to avoid confusion. To
manually configures the router ID
R1(config)# router eigrp 10
R1(config-router)# eigrp router-id 1.1.1.1
11.Explain Unequal Cost Load Balancing in EIGRP?
By default, EIGRP will automatically load-balance across equal-metric routes. EIGRP also
supports loadbalancing across routes with an unequal metric. Unequal cost load balancing in
EIGRP is the concept by which load sharing can take place on paths that do not have the equal
metric. In EIGRP variance is used for Unequal cost load balancing. Variance is specified as
an integer in the range of 1 through 128. The router then multiplies the variance by the
successor route’s FD (metric of the best route to reach that subnet). Any Feasible Successor
route whose metric is less than or equal to the product of the variance by the successors FD
are considered to be equal routes and can be placed into the routing table for load sharing.
Router(config)# router eigrp 100
Router(config-router)# variance 2 In this case, variance is 2.
12.Explain Split Horizon?
The Split Horizon feature prevents a route learned on one interface from being advertised
back out of that same interface. It is used to prevent loop in EIGRP.
13.Explain Null Zero?
It is a loop avoidance mechanism entry stored in the routing table only in case of
summarization (auto & manual). It terminates or flushes unwanted packets, if any traffic goes
towards null0 it will be drop by EIGRP.
14.What is Active State and Passive State?
Routes for which the successor route fails and no feasible successor routes exist moves to an
active state forcing the EIGRP to send out query packets and reconverge. A route is in a
passive state for which the router has a successor route, and no failure has yet occurred. A
stable EIGRP network will have all routes in a Passive state.
 15.Explain Stuck in Active?
When for a certain prefix, successor route fails and no feasible successor route exists then
the router begins a process of finding any loop-free alternative routes to reach that prefix by
sending Query messages to all of its neighbors requesting path to the lost prefix. If the
neighbor routers do not have information about the lost prefix, they will forward the query
message to further routers. Within a large network, particularly when routers exist several
router hops away, the number of Queries might not only be large, but there also might be a
string of routers that all must wait on multiple Reply messages before they can, in turn, issue
a Reply. To deal with this long time problem, Cisco IOS first sets a limit on how long it should
take to receive all such replies. This timer is called the active timer and is set to 3 minutes by
default. Routes for which a router does not receive a Reply within the active timer are
considered to be Stuck-in-Active (SIA) routes. The router sends an SIA-Query (Stuckin-
Active Query) EIGRP message to each neighbor that has yet to send back a Reply. The
purpose of the message is to either get an SIA-Reply back indicating that the neighbor really
is still waiting for replies to its own queries meaning the neighbor is alive and still working
& there is no need to kill the neighborship or to get nothing in reply meaning neighbor was
not able to reply, so the action of failing the neighborship is reasonable.
16.What are Graceful Shutdown and GoodBye message in EIGRP?
When an EIGRP process is shut down, the router sends out “goodbye” messages to its
neighbors. The neighbors can then immediately begin recalculating paths to all the
destinations that went through that shutdown router without having to wait for the hold timer
to expire.
17.How Passive Interface command works in EIGRP?
With EIGRP running on a network, the passive-interface command stops sending outgoing
hello packets, hence the router cannot form any neighbor relationship via the passive interface.
This behavior stops both outgoing and incoming routing updates. However, EIGRP still
advertises the connected subnets if matched with an EIGRP network command.
# router eigrp 1
# passive-interface fastethernet0/0 Command to see list of passive-interfaces
# show ip protocols How can we change Hello and Hold time in EIGRP? # interface Fa0/0
# ip hello-interval eigrp 100 3
# ip hold-time eigrp 100 12 These commands will make hello interval 3 seconds and hold
time 12 seconds.
# show ip eigrp interfaces detail (To verify)

18.What is the Feasibility Condition in EIGRP?

For any route to be a feasible successor it has to fulfil feasibility condition which is as follows:-
The advertised distance of Feasible successor should be less than Feasible distance of
Successor AD of feasible successor < FD of successor.
19.What is the Multicast IP address used by EIGRP?
EIGRP uses the multicast address 224.0.0.10

OSPF
1. What is the OSPF Routing protocol?
Open shortest path first is an Open Standard Link State routing protocol which works by using
the Dijkstra algorithm to initially construct the shortest paths and follows that by populating
the routing table with resulting best paths.
2. Mention some characteristics of OSPF?
1. OSPF is a classless routing protocol that supports VLSM and CIDR. 2. It allows for the
creation of areas and autonomous system. 3. OSPF uses cost as its metric, which is computed
based on the bandwidth of the link. 4. It has no hop-count limit. It supports unlimited Hop
count. 5. OSPF supports both IPV4 & IPV6. 6. OSPF routes have an administrative distance
of 110. 3.What is the need for dividing the autonomous system into various areas?
We would divide the autonomous system into various areas to keep route updates to a
minimum (reduce the number of routing updates in the network) to conserve resources and to
keep problems from propagating throughout the network.
4.What is the benefit of dividing the entire network into areas?
The following are benefits of dividing the entire network into areas:- 1. Decrease routing
overhead. 2. Speed up convergence. 3. Confine network instability to single areas of the
network.
5.What is Backbone Area?
While configuring multi-area OSPF, one area must be called area 0, referred to as backbone
area. All other areas must connect to backbone area as inter-area traffic is sent through the
backbone area.
6. Explain Area Border Router(ABR)?
It is the router that connects other areas to the backbone area within an autonomous system.
ABR can have its interfaces in more than one area.
7. What is an Autonomous System Border Router (ASBR)?
The router that connects different Autonomous Systems is known as the autonomous system
border router.
8. What is OSPF Router ID?
Router Id is used to identify the router. The highest IP address of the router's loopback
interfaces is chosen as the Router ID, If no loopback is present then the highest IP address of
the router's physical interfaces will be chosen as the Router ID.
9. What Parameters must match for two routers to become neighbors?
The following parameters must be the same on both routers in order for routers to become
neighbors:- 1. Subnet 2. Area id 3. Hello and Dead interval time 4. Authentication
10. How OSPF DR & BDR is elected? •
The router with the Highest Priority becomes the DR and router with the second highest priority
becomes the BDR. If there is a tie in priority, the router with the Highest Router ID will become
DR. • By default priority on Cisco routers is 1. We can manually change it. • If the Router
priority is set to 0 (Zero), that router will not participate in the DR/BDR election. • DR election
process is not preemptive. If a router with a higher priority is added to the network, it will not
become DR until we clear OSPF process and DR/BDR election takes place again. Command
to change the priority on an interface
router(config)# interface fa0/0
router(config-if)# ip ospf priority 100
11. Why DR and BDR are elected in OSPF?
All OSPF routers will form adjacencies with the DR and BDR. If link-state changes, the update
will be sent only to the DR, which then forwards it to all other routers. This greatly reduces the
flooding of LSAs, therefore, conserving the bandwidth.
12. Explain the various OSPF states?
OSPF routers need to go through several states before establishing a neighbor relationship:-
1. Down - No Hello packets have been received on the interface.
2. Attempt - In Attempt state neighbors must be configured manually. It applies only to non-
broadcast multiaccess (NBMA) networks.
3. Init state - Router has received a Hello message from the other OSPF router.
4. 2way state - The neighbor has received the Hello message and replied with a Hello message
of his own. Bidirectional Communication has been established. In Broadcast network DR-
BDR election can occur after this point.
5. Exstart state – DR & BDR establish adjacencies with each router in the network. A master-
slave election will take place (Master will send its DBD first).
6. Exchange state – Routing information is exchanged using DBD (Database Descriptor)
packets, Link-State Request (LSR). Link-State Update packets may also be sent.
7. Loading state – LSRs (Link State Requests) are send to neighbors for every network it
doesn't know about. The Neighbor replies with the LSUs (Link State Updates) which contain
information about requested networks. The requested information has been received, other
neighbor goes through the same process.
 8. Full state - All neighbor routers have the synchronized database and adjacencies has been
established.
13. Explain OSPF LSA, LSU and LSR? The LSAs (Link-State Advertisements) are used by
OSPF routers to exchange routing and topology information. When two neighbors decide to
exchange routes, they send each other a list of all LSA in their respective topology database.
Each router then checks its topology database and sends Link State Request (LSR) message
requesting all LSAs that was not found in its topology table. Other router responds with the
Link State Update (LSU) that contains all LSAs requested by the neighbor.
14. What are the steps required to change Neighborship into adjacency?
1. Two-way communication (using Hello Protocol) 2. Database Synchronization which
means exchange of Database Description (DD) packets, Link State Request (LSR) packets,
Link State Update (LSU) packets. 3. After Database synchronization is complete, the two
routers are considered adjacent.
15.Explain OSPF timers?
Hello interval - This defines how often OSPF router will send the hello packet to other OSPF
router. Dead interval - This defines how long a router will wait for hello packets before it
declares the neighbor dead.
16.What is the default Hello Interval?
The default Hello Interval for OSPF is 10 seconds.
17. What is the default Dead Interval?
The Dead Interval is four times the Hello Interval. By default, it is 40 seconds.
18. What multicast address does OSPF use?
OSPF use the multicast address of 224.0.0.5 & 224.0.0.6.
19.Tables maintained by OSPF? Router participating in OSPF routing protocol maintains three
OSPF tables:-
1.Neighbor table - Stores information about OSPF neighbors. command to see # show ip ospf
neighbor
2.Topology table - Stores the topology structure of a network. command to see # show ip ospf
topology
3.Routing table - Stores the best routes to all known networks. command to see # show ip route
ospf
20. What are different OSPF LSA types ?
1. Router LSA (Type1) - Each router generates a Type 1 LSA that lists its active interfaces, IP
addresses, neighbors and the cost. LSA Type 1 is flooded only within an area.
2. Network LSA (Type2) - Type 2 LSA is sent out by the designated router (DR) and lists all
the routers on the segment it is adjacent to. Type 2 LSA are flooded only within an area. It
contains the information about DR's.
3. Summary LSA (Type3) - Type 3 LSAs are generated by Area Border Routers (ABRs) to
advertise networks from one area to the rest of the areas in Autonomous System. It contains
the information about inter-area routes.
4. Summary ASBR LSA (Type4) - It is generated by the ABR and contains routes to ASBRs.
5. External LSA (Type5) - External LSAs are generated by ASBRs and contain routes to
networks that are external to current AS.
6. Not-So-Stubby Area LSA (Type7) - Stub areas do not allow Type 5 LSAs. A Not So Stubby
Area (NSSA) allows advertisement of Type 5 LSA as Type 7 LSAs. Type LSA is generated
by an ASBR inside a Not So Stubby Area (NSSA) to describe routes redistributed into the
NSSA.
21.How do we configure the OSPF Routing Protocol?
router(config)# router ospf 10
router(config-router)# network 12.1.1.0 0.0.0.255 area 0
router(config-router)# network 23.1.0.0 0.0.255.255 area 1
router(config-router)# exit
• Router ospf 10 command enables the OSPF process. Here “10” indicates the OSPF process
ID and can be different on neighbor routers. Process ID allows multiple OSPF processes to run
on the same router.
• The second command configures 12.1.1.0/24 network in area 0.
• The third command configures 23.1.0.0/16 network in area 1.
1. What is the OSPF Routing Protocol?
Open shortest path first is an Open Standard Link State routing protocol which works by using
the Dijkstra algorithm to initially construct the shortest paths and follows that by populating
the routing table with resulting best paths.
2. What are the steps required to change neighborship into adjacency?
1. Two-way communication (using Hello Protocol).
2. Database Synchronization which means exchange of Database Description (DD) packets,
Link State Request (LSR) packets, Link State Update (LSU) packets. After Database
synchronization is complete, the two routers are considered adjacent.
3. Explain LSA (Link-State Advertisement), LSU (Link State Update) and LSR (Link State
Request)?
The LSAs (Link-State Advertisements) are used by OSPF routers to exchange routing and
topology information. When two neighbors decide to exchange routes, they send each other a
list of all LSAs in their respective topology database. Each router then checks its topology
database and sends Link State Request (LSR) message requesting all LSAs that was not found
in its topology table. Other router responds with the Link State Update (LSU) that contains all
LSAs requested by the neighbor.
4. Explain OSPF Router ID?
Router Id is used to identify the Router. The highest IP address of the router's loopback
interfaces is chosen as the Router ID, If no loopback is present then the highest IP address of
the router's physical interfaces will be chosen as the Router ID. OSPF prevents neighborships
between routers with duplicate RIDs. All OSPF RIDs in a domain should be unique. OSPF
Router ID should not be changed after the OSPF process is started and the OSPF neighborships
are established. If you change the OSPF router ID, we need to either reload the IOS or use
"clear ip ospf process" command (restart the OSPF process) for changed Router ID to take
effect. To manually configure the router ID
R1(config)# router ospf 5
R1(config-router)# router-id 5.5.5.5
5.Can we use OSPF without backbone area?
Yes, but then only intra-area communication is possible. Inter-area communication is not
possible without the backbone area.
6.What is the difference between an OPPF neighbor and an adjacent neighbor? LSAs are
exchanged only among adjacent routers not among neighbor routers.
7.What are different neighbour states in OSPF?
OSPF routers need to go through several states before establishing a neighbor relationship:-
1. Down - No Hello packets have been received on the interface.
2. Attempt - In Attempt state neighbors must be configured manually. It applies only to
nonbroadcast multiaccess (NBMA) networks.
3. Init - Router has received a Hello message from the other OSFP router.
4. 2way - Neighbor has received the Hello message and replied with a Hello message of his
own. Bidirectional Communication has been established. In Broadcast network DR-BDR
election can occur after this point.
5. Exstart - DR & BDR establish adjacencies with each router in the network. A master-slave
election will take place (Master will send its DBD first).
6. Exchange - Routing information is exchanged using DBD (Database Descriptor) packets,
Link-State Request (LSR) and Link-State Update packets may also be sent.
7. Loading - LSRs (Link State Requests) are send to neighbors for every network it doesn't
know about. The Neighbor replies with the LSUs (Link State Updates) which contains
information about requested networks. After all the requested information have been received,
other neighbor goes through the same process.
8. Full - All neighbor routers have the synchronized database and adjacencies has been
established.
8. Explain different OSPF LSA Types?
 1. Router LSA (Type1) - Each router generates a Type 1 LSA that lists its active interfaces,
IP addresses, neighbors and the cost. LSA Type 1 is flooded only within an area.
2. Network LSA (Type2 - Type2 LSA is sent out by the designated router (DR) and lists all
the routers on the segment it is adjacent to. Type 2 LSA are flooded only within an area.
3. Summary LSA (Type3) - Type 3 LSAs are generated by Area Border Routers (ABRs) to
advertise networks from one area to the rest of the areas in Autonomous System.
4. Summary ASBR LSA (Type4) - Generated by the ABR. It contains routes to ASBRs.
5. External LSA (Type5) - External LSAs are generated by ASBRs and contain routes to
networks that are external to the current Autonomous System.
6. Not-So-Stubby Area LSA (Type7) - Stub areas do not allow Type 5 LSAs. A Not So
Stubby Area (NSSA) allows advertisement of Type 5 LSA as Type 7 LSAs. Type LSA is
generated by an ASBR inside a Not So Stubby Area (NSSA) to describe routes redistributed
into the NSSA.
9.Why does the master slave need to be elected between two neighbour interface?
Master sends its DBD (Database Description) First.
10. Explain different OSPF Network types?
1. Broadcast 2. Non-Broadcast (NBMA) 3. Point-to-Point 4. Point-to-multipoint 5. Point-to-
multipoint non-broadcast
11. What is the requirement of doing summarization?
1. Reduces the amount of information stored in routing tables.
2. Allocates an existing pool of addresses more economically.
3. Lessens the load on router processor and memory resources.
4. Less number of update messages.
5. Less bandwidth.
12. How routes are selected in OSPF according to preference?
Intra-Area routes(0)> Inter-Area routes(0-IA)> External-Type-1(E1)> External-Type-2(E2)>
NSSA-1(N1)> NSSA-2(N2).
13. What is Route Redistribution?
Route redistribution is the process of taking routes learned via one routing protocol and
injecting those routes into another routing protocol domain. For example, two companies
might merge, one company is using Enhanced Interior Gateway Routing Protocol (EIGRP)
and the other is using Open Shortest Path First (OSPF). Route redistribution allows
exchanging of routes between the two routing domains with a minimal amount of
configuration and with little disruption to the existing networks.
14. What is the default redistribution OSPF cost?
 Redistribution into OSPF uses the following defaults:-
1. When taking from BGP, use a default metric of 1.
2. When taking from another OSPF process, take the source route’s metric. 3. When taking
from all other sources, use a default metric of 20.
15. What is the difference between Type-1 (E1) & Type-2 (E2) redistribution?
Type-2 is the default route type for routes learned via redistribution. The key with E2 routes is
that the cost of these routes reflects only the redistributed cost. E2 = only redistributed cost.
Type-1 redistributed routes reflects the cost to reach ASBR + redistributed cost. E1 = Cost to
reach ASBR + redistributed cost
16.Explain OSPF Virtual Link?
OSPF requires the use of a backbone area (area 0) with each area connecting to area 0 through
an ABR. However, in some cases, the regular area might not have a convenient point of
connection to the backbone area. In this case, OSPF uses the virtual link to connect that regular
area to the backbone area virtually. An OSPF virtual link allows two ABRs that connect to
the same non-backbone area to form a neighbor relationship through that non-backbone area,
even when separated by many other routers and subnets. This virtual link acts as a virtual
point-to-point connection between the two routers, with that link inside area 0. The routers
form a neighbor relationship, inside area 0, and flood LSAs over that link.
17.Explain OSPF Stub Area and different types of Stub Areas?
Stub Area Sometimes we need to control the advertisement of external routes into an area.
This area is called Stub area. Stub areas are not capable of importing routes external to OSPF.
Type 4 & Type 5 LSA are filtered from Stub areas and a default route is injected into that area
by ABR in place of external routes.
To make area stub we have to give # area 1 stub command on all routers of that area. Three
restrictions apply to OSPF stub areas
1. No virtual links are allowed in the stub area.
2. Stub area cannot be a backbone area.
3. No Autonomous System Boundary Routers are allowed. Totally Stubby Area Like stub
areas, totally stubby areas do not receive type 4 or 5 LSAs from their ABRs. However, they
also do not receive type 3 LSAs. It only allows advertisement of internal routes in that area.
To make area totally stubby area we have to give # area 1 stub no-summary command on
ABR. Not-So-Stubby Areas The motivation behind NSSA is to allow OSPF stub areas to
carry external routes. External routes are imported into OSPF NSSA as Type 7 LSA by ASBR.
Type 7 LSA cannot go into area 0 so it is converted back into Type 5 LSA by ABR and
injected into area 0. To make area Not-So-Stubby Area we have to give # area 1 NSSA
command on all routers of that area. Totally NSSA Along with Type 4 & Type 5 LSA, Type
3 LSA will also be filtered in Totally NSSA. To make area Totally Not-So-Stubby Area we
have to give # area 1 nssa no-summary command on ABR of that area.
18.How do I change the reference bandwidth in OSPF?
We can change the reference bandwidth using the OSPF auto-cost reference-bandwidth
command under router OSPF. By default, reference bandwidth is 100 Mbps.
19.How does OSPF calculate its metric or cost?
OSPF uses Cost as its metric. The formula to calculate the OSPF cost is reference bandwidth
divided by interface bandwidth. For example, in the case of Ethernet, it is 100 Mbps / 10
Mbps = 10. If # ip ospf cost _ command is used on the interface, it overrides this formulated
cost. 20.Explain OSPF Authentication?
These are the three different types of authentication supported by OSPF to secure routing
updates.
1. Null Authentication - also called Type 0. It means no authentication information is
included in the packet header. It is the default.
2. Plain Text Authentication - also called Type 1. It uses simple clear-text passwords.
3. MD5 Authentication - also called Type 2. It uses MD5 cryptographic passwords. Plain
Text Authentication Step1 - To configure plain text authentication, first we have to enable
authentication. Authentication can be enabled either under area or for a specific interface.
To enable authentication for area
Router(config)# router ospf 100
Router(config-router)# network 192.168.1.0 0.0.0.255 area 0
Router(config-router)# area 0 authentication This will enable authentication for all the
interfaces of the router in area 0. OR If we don't want to enable authentication for an area, we
can enable it for the specific interface. This is useful if different interfaces that belong to the
same area need to use different authentication methods. Router(config)# interface fa0/1
Router(config-if)# ip ospf authentication Step2 - Next, We have to configure authentication
key on the interface
Router(config)# interface fa0/1
Router(config-if)# ip ospf authentication-key Cisco123 Here Cisco123 is the password value.
MD5 Authentication Step1 - To configure MD5 authentication, first we have to enable
authentication.
Router(config)# router ospf 1
Router(config-router)# network 192.168.1.0 0.0.0.255 area 0
Router(config-router)# area 0 authentication message-digest OR Router(config)# interface
fa0/1
Router(config-router)# ip ospf authentication message-digest Step2 - Next, We have to
configure authentication key on the interface
Router(config)# interface fa0/1
 Router(config-router)# ip ospf message-digest-key 10 md5 Cisco123 Here Cisco123 is the
password value and 10 is the Key ID (number). It doesn’t matter which key ID you choose
but it has to be the same on both ends. Authentication passwords do not have to be the same
throughout an area. However, they must be the same between neighbors.
21.Which command enables OSPF for IPv6 on a router?
# ipv6 router ospf process-id
22.What is the link-state retransmit interval, and what is the command to set it?
OSPF must send an acknowledgement of each newly received link-state advertisement (LSA).
LSAs are retransmitted until they are acknowledged. The link-state retransmit interval defines
the time between retransmissions. We can use the command ip ospf retransmit-interval to set
the retransmit interval. The default value is 5 seconds.
23.When routes are redistributed between OSPF processes, are all shortest path first algorithm
(SPF) metrics preserved or is the default metric value used?
The SPF metrics are preserved. The redistribution between them is like redistribution between
any two IP routing processes.
24.How do I stop individual interfaces from developing adjacencies in an OSPF network?
To stop routers from becoming OSPF neighbors on a particular interface, issue the passive-
interface command at the interface.
25.When I have two Type 5 link-state advertisements (LSAs) for the same external network
in the OSPF database, which path should be installed in the routing table?
When you have two Type 5 LSAs for the same external network in the OSPF database, prefer
the external LSA that has the shortest path to the Autonomous System Boundary Router
(ASBR) and install that into the IP routing table. Use the show ip ospf border-routers
command to check the cost to the ASBR.
26.Should I use the same process number while configuring OSPF on multiple routers within
the same network?
OSPF, unlike Border Gateway Protocol (BGP) or Enhanced Interior Gateway Routing
Protocol (EIGRP), does not check the process number (or autonomous system number) when
adjacencies are formed between neighboring routers and routing information is exchanged.
27. Can we have OSPF run over a GRE tunnel?
Yes, we can have OSPF run over a GRE tunnel

BGP
1. Explain the Border Gateway Protocol (BGP)?
Border Gateway Protocol advertises, learns and chooses the best paths inside the global
Internet.
2. When two ISPs connect, they typically use BGP to exchange routing information.
Enterprises also sometimes use BGP to exchange routing information with ISPs, allowing the
enterprise routers to learn internet routes. when we have multiple Internet connections and we
want to influence some packets to take one path and some packets to take another we use BGP.
3.Can Routers on different subnet become BGP neighbors?
BGP does not require neighbors to be attached to the same subnet. Instead, BGP routers use a
TCP connection between the routers to pass BGP messages allowing neighboring routers to be
on the same or different subnet.
4.What TCP port number BGP use for connection?
BGP uses TCP port 179 for the connection.
5. Difference between eBGP and iBGP neighbor?
In iBGP, neighborship is formed between routers within the same AS (autonomous system)
whereas in eBGP, neighborship is formed between routers within different AS.
6. What Administrative Distance BGP uses for iBGP & eBGP?
AD for iBGP = 200, AD for eBGP = 20.
7. Explain Loop prevention mechanism in BGP?
BGP uses two mechanisms to prevent loops:- 1. When a router learns routes from an iBGP
peer, that router does not advertise the same routes to another iBGP peer. 2. By using
AS_PATH - When advertising to an eBGP peer, a BGP router adds its own ASN to the
AS_PATH. If a BGP router receives an update and the route advertisement lists an AS_PATH
with its own ASN, the router ignores that route. Note - A BGP router does not add its ASN
when advertising to an iBGP peer.
8. Do we need to follow the 3-way handshake process to establish BGP communication?
Yes
9. What is the difference between the hard reset and soft reset in BGP?
In case of hard reset the local router brings down the neighborship, brings down the underlying
TCP connection and all the BGP table entries learned from that neighbor are removed.
#clear ip bgp * command is used for hard reset. In case of a soft reset, the router does not bring
down the BGP neighborship or the underlying TCP connection. However, the local router
resends outgoing Updates and reprocesses incoming Updates adjusting the BGP table based on
the current configuration.
#clear ip bgp * soft command is used for soft reset.
10. What are different BGP Message Types?
1. Open - It is Used to establish a neighbor relationship and exchange parameters, including
autonomous system number and authentication values. 2. Keepalive - It is Sent periodically
to maintain the neighbor relationship. If the Keepalive message is not received within the
negotiated hold timer then BGP neighborship will be turned down.
3.Update - It exchanges Path Attributes and the associated prefix/length (NLRI) that use those
attributes.
4. Notification - It is Used to report BGP error. It results in a reset of neighbor relationship.

11.Explain various states of BGP?

1. Idle - The BGP process is either administratively down or waiting for the next retry
attempt.
2. Connect - The BGP process is waiting for the TCP connection to be completed. If it is
successful, it will continue to the OpenSent state. In case it fails, it will continue to the active
state.
3. Active - BGP will try another TCP three-way handshake to establish a connection with the
remote BGP neighbor. If it is successful, it will move to the OpenSent state.
4. Opensent - The TCP connection exists, and a BGP Open message has been sent to the peer,
but the matching Open message has not yet been received from the other router.
5. Openconfirm - An Open message has been both sent to and received from the other router.
Next step is to receive a BGP Keepalive message (to confirm that all neighbor-related
parameters match) or a BGP Notification message (to learn that there is some mismatch in
neighbor parameters).
6. Established - All neighbor parameters matched, the neighbor relationship has been
established and the peers can now exchange Update messages
12.Explain BGP Path Attributes?
BGP supports a wide variety of Path Attributes. BGP use these path attributes to examine the
competing BGP paths (routes) in the BGP table to choose the best path(route).
1. Next Hop - It lists the next-hop IP address used to reach a prefix. If Next hop is reachable?
If no route to reach Next Hop, the router cannot use this route.
2. Weight - It is a numeric value set by a router when receiving updates to influence the route
for a prefix. It is not advertised to any BGP peers. Bigger is preferred
3. Local Preference - It is a numeric value set and communicated within a single AS for the
purpose of choosing the best route for all routers in that AS to reach a certain network. Bigger
is preferred
4. Locally injected routes - Locally injected routes (routes injected using network command)
are better than iBGP/eBGP learned.
5. AS Path - It is the number of ASNs in the AS Path. Smaller is preferred.
6. Origin - Preferred I over E & E over ?. It implies that the route was injected into BGP as I
(IGP), E (EGP) or? (incomplete information).
7. Multi-Exit Discriminator (MED) - Allows an AS to tell a neighboring AS the best path to
forward packets into the first AS. Smaller is preferred.
8. Neighbor type - eBGP is preferred over iBGP.
9. IGP metric - Route with nearest IGP neighbor (lowest IGP metric) is preferred.
10. eBGP route - Oldest (longest known) route is preferred.
11. Neighbor Router ID - Lowest is preferred.
12. Neighbor IP address - Lowest is preferred. Trick to Remember - N WLLA OMNI
13.Explain BGP Weight attribute?
The weight attribute is a Cisco proprietary attribute that is used in the path selection process
when there is more than one route to the same destination. A path with the Higher weight
value is preferred. The default value for weight is 0. The weight attribute is local to the router
and is not propagated to any BGP peers. The weight attribute is set by a router when receiving
updates influencing that one router’s route for a prefix.
14.Explain BGP Local preference?
Local preference is an indication to the AS about which path has a preference to exit the AS
in order to reach a certain network. A path with a higher local preference is preferred more.
By default value for local preference is 100 and can be changed manually. Unlike the weight
attribute, which is only relevant to the local router, local preference attribute is communicated
throughout a single AS for the purpose of influencing the choice of best path to exit the AS.
15.Explain BGP MED?
The purpose of MED is to influence how other autonomous systems enter into your AS to
reach a certain prefix. BGP MED is an attribute which is not propagated throughout the whole
network but just to adjacent AS. The lower the MED the more the path will be preferred.
16. What is Recursive Lookup?
The router looks up the BGP route and the next hop to reach a destination in the remote AS.
Then the router looks up the route to reach the next hop. In this way router has to perform
lookup twice to reach to a destination, this process is called recursive lookup.
17.What is route reflector and why it is required?
In BGP, route learned from an iBGP neighbor will not be advertised to another iBGP
neighbor. To overcome this situation route reflector is used. It acts as a route reflector server
and makes IBGP neighbors as route reflector clients enabling route advertisements between
them.

18.What is the difference between Local Preference and MED?

 The Local Preference attribute is to influence your own AS how to get or exit to another AS.
MED is to influence other AS how to enter your own AS. What is the command to
administratively disable BGP neighborship?
# neighbor neighbor-ip shutdown
# no neighbor neighbor-ip shutdown (to enable it again)
BASIC SWITCHING
1.What is Switching?
The function of Switching is to switch data packets between devices on the same network.
2.What is Switch?
A Switch is a device which is used to connect multiple devices inside Local Area Network
(LAN). Unlike hubs, a switch examines each packet and process it accordingly rather than
simply repeating the signal to all ports. Switches operate at Layer Two (Data Link Layer) of
the OSI model.
3.What is the difference between a HUB, Switch & Router?
Hub is designed to connect hosts to each other with no understanding of what it is
transferring. When a Hub receives a packet of data from a connected device, it broadcasts that
data packet to all other ports regardless of the destination port. HUB operates at Layer 1
(Physical Layer). Switch also connects hosts to each other like a hub.
Switch differs from a hub in the way it handles packets. When a switch receives a packet, it
determines what hosts the packet is intended for and sends it to that hosts only. It does not
broadcast the packet to all the hosts as a hub does which means bandwidth is not shared and
makes the network more efficient. A switch operates at Layer 2 (Data Link Layer). A Router
is different from a switch or hub since its function is to route data packets to other networks,
instead of just the local network. Routers operate at Layer 3 (Network Layer).
4.What are the functions of a Switch?
The Switch performs three major functions:- 1. Address learning. 2. Packet
forwarding/filtering. 3. Loop avoidance by Spanning Tree Protocol.
5.What is Sub Interface?
To support ISL or 802.1Q routing on a Fast Ethernet interface, the router’s interface is divided
into logical interfaces—one for each VLAN. These are called subinterfaces.
6.What is a Broadcast Domain and a Collision Domain?
Broadcast Domain - Broadcast is a type of communication, where the sending device sends a
single copy of data and that copy of data will be delivered to every other device in the network
segment. A Broadcast Domain consists of all the devices that will receive every broadcast
packet originating from any device within the network segment. All ports on a hub or a switch
are by default in the same broadcast domain. All ports on a router are in the different broadcast
domains and routers don't forward broadcast. Collision Domain - It is a network scenario
where one particular device sends a packet on a network segment forcing every other device
 on that same segment to pay attention to it. At the same time, if a different device tries to
transmit simultaneously, it will lead to a collision after which both devices must retransmit,
one at a time. This situation is often in a hub environment because each port on a hub is in the
same collision domain. By contrast, Each port on a bridge, a switch or router is in a separate
collision domain.

7.Compare HUB and Switch with respect to broadcast and collision domain?
In the hub, there is one collision domain and one broadcast domain. In a switch, there is
multiple collision domains and one broadcast domain.
8.What is a MAC address table and how a switch will build a MAC table?
To switch frames between LAN ports efficiently, the switch maintains an address table called
MAC address Table or CAM Table (Content Addressable Memory Table). When the switch
receives a frame, source MAC address is learned and recorded in the CAM table along with
the port of arrival, VLAN and time stamp. The switch dynamically builds the MAC address
table by using the Source MAC address of the frames received. This table is then used by the
switch to determine where to forward traffic on a LAN.
9.How does Switch learn Mac Address?
When a frame reaches to the port of a switch, the switch reads the MAC address of the source
device from the Ethernet frame and compares it to its MAC address table (also known as
CAM (Content Addressable Memory) table). If the switch does not find a corresponding entry
in the MAC address table, the switch will add the address to the table with the port number at
which the Ethernet frame is received. If the MAC address is already available in the MAC
address table, the switch compares the incoming port with the port already available in the
MAC table. If the port numbers are different, the switch updates the MAC address table with
the new port number.
10.How does Switch perform forwarding function?
When a Layer 2 Ethernet frame reaches a port on the switch, it not only reads the source MAC
address of the Ethernet frame as a part of learning function but also reads the destination MAC
address as a part of forwarding function. The destination MAC address is important to
determine the port to which the destination device is connected. As the destination MAC
address is found on the MAC address table, the switch forwards the Ethernet frame via the
corresponding port of the MAC address.
11. Explain Flooding?
If the destination MAC address is not found in the MAC address table, the switch forwards
the frame out all of its ports except the port on which the frame was received. This is known
as flooding.

VLAN
1. What is a VLAN and How does it reduce the broadcast traffic?
 A VLAN is a logical grouping of network users and resources connected to administratively
defined ports on a switch. VLAN divides the broadcast domain So, the frames that will be
broadcasted onto the network are only switched between the ports logically grouped within the
same VLAN.
2. What is the difference between an access port and a trunk port?
Access port - Access port belongs to and carries the traffic of only one VLAN. Anything
arriving on an access port is simply assumed to belong to the VLAN assigned to the port. Any
device attached to an access link is unaware of a VLAN membership as switches remove any
VLAN information from the frame before it’s forwarded out to an access-link device. Access-
link devices can’t communicate with devices outside their VLAN unless the packet is routed.
Trunk Port - Trunk port can carry the traffic of multiple VLANs from 1 to 4094 VLANs at a
time. Normally Trunk link is used to connect switches to other switches or to routers. Trunk
ports support tagged and untagged traffic simultaneously.
3. What is Frame Tagging and different types of Frame Tagging?
Frame tagging method uniquely assigns a VLAN ID to each frame. It is used to identify the
VLAN that the Frame belongs to. There are mainly two types of Frame Tagging Method:-
1.Inter-Switch Link (ISL) 2.802.1Q These are also known as Frame Encapsulation Protocols.
4. Explain the difference between 802.1Q and ISL?
802.1Q - It is an open standard created by the Institute of Electrical and Electronics Engineers
(IEEE). To Identify to which VLAN a frame belongs to, a field is inserted into the frame's
header. It is a Light Weighted Protocol & adds only 4 Byte within Frame's Header. ISL (Inter-
Switch Link) - This protocol is Cisco proprietary which means unlike 802.1Q, it can be used
only between Cisco switches. ISL works by adding Header (26 Bytes) and Trailer(4 Bytes)
with Original Ethernet Frame.
5. What is a Native VLAN and What type of traffic will go through Native VLAN?
The Trunk port is assigned a default VLAN ID for a VLAN that all untagged traffic will travel
on. This VLAN is called the Native VLAN and is always VLAN 1 by default (but can be
changed to any VLAN number). Similarly, any untagged or tagged traffic with unassigned
VLAN ID is assumed to belong to the Native VLAN.
6. What is Inter-VLAN Routing?
VLANs divide broadcast domains in a LAN environment So, by default only Hosts that are
members of the same VLAN can communicate. Whenever hosts in one VLAN need to
communicate with hosts in another VLAN, the traffic must be routed between them. This is
known as Inter-VLAN routing. This can be done by two methods - Router-On-Stick & Switch
Virtual Interfaces (SVI) 7.Give the commands to create VLAN?
Switch(config)# vlan 10
Switch(config-vlan)# name sales
Switch(config-vlan)# exit
8.How can we add an interface to a VLAN?
Switch(config)# interface fastethernet0/0
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
9. How to configure trunk link?
Switch(config)# interface fa0/24
Switch(config-if)# switchport trunk encapsulation
Switch(config-if)# switchport mode trunk
10. How can we change Native VLAN?
Switch(config)# interface fa0/0
Switch(config-if)#switchport trunk native vlan 100
11. Which command is used to see trunk interfaces?
Switch# show interface trunk
12. Which command is used to see all VLANs information?
Switch# show vlan

STP
1. What is STP and Redundant Links?
Spanning Tree Protocol (STP) is a protocol which prevents layer 2 loops. STP enables switches
to become aware of each other so that they can negotiate a Loop-Free path through the network.
In practical Scenario, Redundant links are created to avoid complete network failure in an event
of failure of one link.
2. How STP works?
STP chooses a reference point (Root Bridge) in the network and calculates all the redundant
paths to that reference point. Then it picks one path which to forward frames and blocks other
redundant paths. When blocking happens, Loops are prevented.
3. What are the different port states?
1. Disabled - A port in the disabled state does not participate in the STP. 2. Blocking - A
blocked port does not forward frames. It only listens to BPDUs. The purpose of the blocking
state is to prevent the use of looped paths.
2. Listening - A port in the listening state prepares to forward data frames without populating
the MAC address table. The port also sends and listens to BPDUs to make sure no loops occur
on the network.
3. Learning - A port in learning state populates the MAC address table but doesn’t forward data
frames. The port still sends and receives BPDUs as before.
4. Forwarding - The port now can send and receive data frames, collect MAC addresses in its
address table, send and receive BPDUs. The port is now a fully functioning switch port within
the spanning-tree topology.
4. What is STP Timer and Explain different types of STP Timers?
STP uses three timers to make sure that a network converges properly before a bridging loop
can form. Hello timer - The time interval between configuration BPDUs sent by the root bridge.
It is 2 seconds by default. Forward Delay timer - The time interval that a switch port spends in
both the Listening and Learning states. The default value is 15 seconds. Max (Maximum) Age
timer - Maximum length of time a BPDU can be stored without receiving an update. It can also
be defined as a time interval that a switch stores a BPDU before discarding it. It is 20 seconds
by default. 5.Explain types of STP Port Roles?
Root port - The root port is always the link directly connected to the root bridge, or the shortest
path to the root bridge. It is always on Non-Root Bridge. Designated port - A designated port
is one that has been determined as having the best (lowest) cost. A designated port will be
marked as a forwarding port. It can be on both the root Bridge & non-root Bridge. All ports of
root bridge are designated port. Forwarding port - A forwarding port forwards frames. Blocked
port - A blocked port is the port that is used to prevent loops. It only listens to BPDUs. Any
port other than root port & designated port is a blocked port.
6.What is BPDU?
All the switches exchange information to select root bridge as well as for configuration of the
network. This is done through the Bridge Protocol Data Unit (BPDU). Each switch compares
the parameters in the BPDU that it sends to one neighbor with the one that it receives from
another neighbor.
7. What is the destination MAC address used by Bridge Protocol Data Units (BPDUs)?
Bridge Protocol Data Units (BPDUs) frames are sent out as at multicast destination MAC
address 01:80:c2:00:00:00.
8. What are Types of BPDU?
Two types of BPDU exist:- Configuration BPDU - This type of BPDU is used for spanning-
tree computation. Topology Change Notification (TCN) BPDU - This type of BPDU is used to
announce changes in the network topology.
9. How Root bridge is elected?
The bridge ID is used to elect the root bridge in the STP domain. This ID is 8 bytes long and
includes both the priority and the MAC address of the device. Switch with the lowest Bridge
ID is elected as the root bridge which means switch with the lowest priority will become root
bridge if two or more switches have same priority then switch with lowest mac address will
become root Bridge.
10. What is Path Cost or Spanning Tree Path Cost value?
 The Spanning Tree Cost Value is inversely proportional to the bandwidth of the link and
therefore a path with a low cost value is preferable than a path with high cost value. Link
Bandwidth Cost Value 10 Gbps 2 1 Gbps 4 100 Mbps 19 10 Mbps 100
11. What is Root Port?
Once the Root Switch is elected, every other Switch in the network must select a single port
on itself to reach the Root Switch. The port with the lowest root path cost (lowest cumulative
cost to reach the root switch) is elected as the root port and is placed in the forwarding state.
Root bridge will never have a root port.
12. What is Extended System ID?
The Extended System ID is utilized by spanning-tree to include the VLAN ID information
inside 16-bit STP Bridge Priority value. Extended System ID is the least significant 12-bits in
16-bit STP Bridge Priority value.
1. What is STP & Redundant Links?
Spanning Tree Protocol (STP) is a protocol which prevents layer 2 loops. STP enables
switches to become aware of each other so that they can negotiate a Loop-Free path through
the network. In practical Scenario, Redundant links are created to avoid complete network
failure in an event of failure of one link.
2. How STP works?
STP chooses a reference point (Root Bridge) in the network and calculates all the redundant
paths to that reference point. Then it picks one path by which to forward frames and blocks
other redundant paths.
3. What are the different port states?
1. Disabled - A port in the disabled state does not participate in the STP. 2. Blocking - A
blocked port does not forward frames. It only listens to BPDUs. The purpose of the blocking
state is to prevent the use of looped paths.
2. Listening - A port in the listening state prepares to forward data frames without populating
the MAC address table. The port also sends and listens to BPDUs to make sure no loops occur
on the network.
3. Learning - A port in learning state populates the MAC address table but doesn’t forward data
frames. The port still sends and receives BPDUs as before.
4. Forwarding - The port now can send and receive data frames, collect MAC addresses in its
address table, send and receive BPDUs. The port is now a fully functioning switch port within
the spanning-tree topology.

4. What is the default time a port takes to transition from the blocking state to the forwarding
state?
The default time a port takes to transition from the blocking state to the forwarding state is 50
seconds: 20 seconds for Max Age, 15 seconds for listening, and 15 seconds for learning.
5.What are STP Timers and Explain different types of STP Timers?
STP uses three timers to make sure that a network converges properly before a bridging loop
can form.
1. Hello - The time interval between Configuration BPDUs sent by the root bridge. It is 2
seconds by default.
2. Forward Delay - The time interval that a switch port spends in both the Listening and
Learning states. The default value is 15 seconds.
3. Max Age - Maximum length of time, a BPDU can be stored without receiving an update. It
can also be defined as a time interval that a switch stores a BPDU before discarding it. It is 20
seconds by default.
6. Explain types of STP Port Roles?
1. Root port - The root port is always the link directly connected to the root bridge, or the
shortest path to the root bridge. It is always on Non-Root Bridge.
2. Designated port - A designated port is one that has been determined as having the best
(lowest) cost. A designated port will be marked as a forwarding port. It can be on both the Root
Bridge & Non-Root Bridge. All ports of Root Bridge are Designated Port.
3. Forwarding port - A forwarding port forwards frames
4. Blocked port - A blocked port is the port that is used to prevent loops. It only listens to
frames. Any port other than Root port & Designated port is Block Port.
7.What is the STP blocking state?
When a switch starts, all ports are in the blocking state to prevent any loop in the network. If
there is a better path to the root bridge, the port remains in the blocked state. Ports in the blocked
state cannot send or receive traffic, but they can receive BPDUs.
8.What is BPDU?
All the switches exchange information to select Root Bridge as well as for configuration of
the network. This is done through the Bridge Protocol Data Unit (BPDU). Each switch
compares the parameters in the BPDU that it sends to one neighbor with the one that it receives
from another neighbor.
9.How often do Bridges send BPDUs on active ports?
The default time that bridges send BPDUs is 2 seconds.
10.What is the destination MAC address used by Bridge Protocol Data Units (BPDUs)?
Bridge Protocol Data Units (BPDUs) frames are sent out as at multicast destination MAC
address 01:80:c2:00:00:00.
11.What are Types of BPDU?
Two types of BPDU exist:- 1. Configuration BPDU - It is used for Spanning-Tree
Computation. 2. Topology Change Notification (TCN) BPDU - It is used to announce changes
in the Network Topology.
12. How Root bridge is elected?
The Bridge ID is used to elect the root bridge in the STP domain. This ID is 8 bytes long and
includes both the priority and the MAC address of the device. Switch with the lowest Bridge
ID is elected as the Root bridge which means switch with the lowest priority will become Root
Bridge if two or more switches have same priority then switch with lowest mac address will
become Root Bridge.
13.Explain Root path cost?
Root path cost is the Cumulative Cost of all links to the Root Bridge.
14.How Root Ports are elected?
Non Root Bridges use Root path cost to determine which port will be the Root port. The port
with the lowest root path cost is elected as the root port and is placed in the forwarding state.
15.What is the difference between Path cost and Root Path cost?
Path cost is the value assigned to each port. It is added to BPDUs received on that port to
calculate the root path cost. Root path cost is defined as the cumulative cost to reach the root
bridge. This value is calculated by adding the receiving port's path cost to the value contained
in the BPDU. In a BPDU, the Root path cost is transmitted not the path cost.
16. What is Path Cost or Spanning Tree Path Cost value?
The Spanning Tree Cost Value is inversely proportional to the associated bandwidth of the
link and therefore a path with a low-cost value is more preferable than a path with high-cost
value. Link Bandwidth Cost Value 10 Gbps 2 1 Gbps 4 100 Mbps 19 10 Mbps 100
17.What is Root Port?
Once the root switch is elected, every other Switch in the network must select a single port on
itself to reach the Root Switch. The single selected port on a Switch with least Path Cost to
reach the Root Bridge is called the Root Port. Root Bridge will never have a Root Port.
18.What is Extended System ID?
The Extended System ID is utilized by spanning-tree to include the VLAN ID information
inside 16-bit STP Bridge Priority value. Extended System ID is the least significant 12-bits in
16-bit STP Bridge Priority value.
19. Explain Root Guard? Root guard is used to protecting the root bridge. Root Guard stops a
new switch introduced in the network with a lower bridge ID to become the root bridge. If a
port with Root Guard feature enabled receives a superior BPDU, it moves the port into a root-
inconsistent state (equal to a listening state) thus maintaining the current Root Bridge status. It
is enabled on interface level.
switch(config-if)# spanning-tree guard root
20.What is the BPDU Guard?
When we enable portfast on a port, we do not expect BPDU's on that port. Suppose a switch is
connected by mistake on the port where portfast is enabled, a loop can form. An even greater
consequence is that connected switch has the potential to become the root bridge. The BPDU
Guard feature was developed to protect the integrity of switch ports that have PortFast enabled.
If any BPDU (superior to the current root or not) is received on a port where BPDU Guard is
enabled, that port immediately is put into the error-disable state. The port is shut down in an
error condition and must be either manually re-enabled or automatically recovered through the
error-disable timeout function. BPDU Guard can be enabled on both interface & global level.
It is basically enabled on access layer switches. In this, all VLANs are effected.
Switch(config)# spanning-tree portfast bpduguard default
Switch(config-if)# spanning-tree bpduguard enable Explain
21.Sudden Loss of BPDUs?
Suppose switch does not receive BPDUs, it will think that the topology must have changed,
so blocked ports can be unblocked again. What if the absence of BPDUs is actually a mistake
and not a topology change, bridging loops easily can form. There are two features that help
detect or prevent the unexpected loss of BPDUs:- 1. Loop Guard 2. Unidirectional Link
Detection (UDLD)
22.What is Loop Guard?
Loop Guard keeps track of the BPDU activity on non-designated ports. It does not allow non-
designated ports to become designated ports in case of sudden loss of BPDUs. While BPDUs
are received, the port is allowed to behave normally. When BPDUs go missing, Loop Guard
moves the port into the loop-inconsistent state (port is effectively blocking at this point to
prevent a loop from forming and to keep it in the non-designated role). When BPDUs are
received on the port again, Loop Guard allows the port to move through the normal STP states
and become active. It can be enabled on both interface & global level. It affects per VLAN
basis.
Switch(config)# spanning-tree loopguard default
Switch(config-if)# spanning-tree guard loop
23.What is BPDU Filter?
STP runs on a switch to prevent loops. However, in special cases when we need to prevent
BPDUs from being sent or processed on one or more switch ports, we can use BPDU filtering
to effectively disable STP on those ports. It prevents the port from sending and receiving
BPDUs. It can be enabled on both interface & global level.
Switch(config)# spanning-tree portfast bpdufilter default
Switch(config-if)# spanning-tree bpdufilter { enable | disable }
24.What is the difference between the BPDU Guard and BPDU Filter?
BPDU Guard works aggressively and puts the port in the error-disable state while BPDU filter
does not shut the port, it only filters BPDU. BPDU Guard only prevents receiving BPDUs
while BPDU filter prevents both sending and receiving BPDU. If Both BPDU Guard and
BPDU Filter is enabled on a port then only BPDU filter will work.
 RSTP and MST

1.What are the Port Roles in RSTP?

1. Root port - It is the port on the switch that has the best root path cost to the root bridge.
This is identical to

802.1D.

2. Designated port - The switch port on a network segment that has the best root path cost to
the root.

3. Alternate port - A port that has an alternative path to the root, different from the path the
root port takes. This

path is less desirable than that of the root port.

4. Backup port - A port that provides a redundant (but less desirable) connection to a segment
where another

switch port already connects. If that common segment is lost, the switch might or might not
have a path back to

the root.

2.What are different port states in RSTP?

1. Discarding - Incoming frames simply are dropped; no MAC addresses are learned. This
state combines the

802.1D Disabled, Blocking, and Listening states.

2. Learning - Incoming frames are dropped, but MAC addresses are learned.

3. Forwarding - Incoming frames are forwarded according to MAC addresses that have been
learned.

3.Explain RSTP BPDU's?

RSTP distinguishes its BPDUs from 802.1D BPDUs as RSTP BPDU's version is set to 2.
BPDUs are sent out

every switch port at hello time intervals, regardless of whether BPDUs are received from the
root. When three
BPDUs are missed in a row, that neighbor is presumed to be down and all information related
to the port leading

to the neighbor is aged out. Also, some previously unused bits in the Message Type field are
used in RSTP

BPDU's.

What is Edge Ports and Point to point Ports?

Edge Port - Port on which end devices connect. Portfast is enabled on this port. As loop
cannot form on this port

so it can be placed immediately in the forwarding state. If a BPDU is received on edge port, it
loses its edge port

status.

Point to point Port - These are ports that connect to other switch and becomes designated
port. Full-duplex ports

are considered the point to point because only two switches can be present on the link.

Explain RSTP convergence in terms of proposal and agreement?

In RSTP, BPDUs are exchanged back and forth in the form of a proposal and an agreement.
One switch proposes

that its port becomes a designated port and if the other switch agrees it replies with an
agreement message.

Explain TCN in RSTP?

In RSTP, TCN BPDU is not sent to root bridge instead of the switch on which the change
happens will itself send

TCN BPDU to all other switches. BPDU with their TCN bit set is sent out on all non-edge
designated ports.

What is the command to change the mode to RSTP?

Switch(config)# spanning-tree mode rapid-pvst

Explain MST?

Multiple Spanning Tree Protocol maps one or more VLANs to single STP instance. Multiple
instances of STP can
be used with each instance supporting a different group of VLANs. Instance zero is by
default on a switch. Any

non-mapped VLAN is assigned to instance Zero.

What is the MST region?

Every switch in an MST region runs MST with compatible parameters. Within the region, all
switches must run

the instance of MST that is defined by the following attributes:

1. MST configuration name.

2. MST configuration revision number.

3. MST instance-to-VLAN mapping table.

If two switches have the same set of attributes, they belong to the same MST region.

How two MST regions communicate?

Two MST regions communicate through CST (Common Spanning Tree).

Explain M-Record?

In MST, one switch calculates a hash for a particular instance and send it to another switch.
Another switch will

match priority in that hash with its own calculated hash and root bridge is elected.

Explain MST BPDU's?

The entire MST instance-to-VLAN mapping table is not sent in the BPDUs because the
instance mappings must

be configured on each switch. Instead, a digest or a hash code computed is sent. Switches
compare the received

BPDU hash with its own hash.

How revision number in MST works?

The configuration revision number gives us a means of tracking changes to the MST region
configuration. Each

time we make changes to the configuration, we should increase the number by one. It is not
incremented
automatically.

What is the command to change the mode to MST?

Switch(config)# spanning-tree mode mst.

Give your valuable suggestions and feedback through comme

VTP

1.What is VTP?

VTP (VLAN Trunking Protocol) is a Cisco proprietary protocol used by Cisco switches to
exchange VLAN

information. VTP is used to synchronize VLAN information (Example:-VLAN ID or VLAN

Name) with switches

inside the same VTP domain.

2.What are different VTP modes?

VTP Server mode - By default, every switch is in server mode. Switch in VTP Server Mode
can create, delete

VLANs and will propagate VLAN changes.

VTP Client mode - Switch in VTP client mode cannot create or delete VLANs. VLAN
Trunking Protocol (VTP)

client mode switches listen to VTP advertisements from other switches and modify their
VLAN configurations

accordingly. It listens and forwards updates.

VTP Transparent mode - Switch in VTP Transparent mode does not share its VLAN database
but it forwards

received VTP advertisements. we can create and delete VLANs on a VTP transparent switch
but these changes

are not sent to other switches.

3.What are the requirements to exchange VTP messages between two switches?

1. A switch should be configured as either a VTP server or VTP client.

2. VTP domain name must be same on both switches.

3. VTP versions must match.

4. The link between the switches should be a trunk link.

4.What is VTP Pruning?

VLAN Trunking Protocol (VTP) pruning is a feature in Cisco switches, which stops VLAN
update information

traffic from being sent down trunk links if the updates are not needed. Broadcast frames,
multicast frames or

unicast frames for which the destination MAC address is unknown are forwarded over a trunk
link only if the

switch on the receiving end of the trunk link has ports in the source VLAN. This avoids
unnecessary flooding.

VLAN 1 can never prune because it’s an administrative VLAN.

DTP
1. Explain Dynamic Trunking Protocol (DTP)?
Dynamic Trunking Protocol (DTP) is a Cisco proprietary trunking protocol used for
negotiating trunking on a link between two Cisco Switches. Dynamic Trunking Protocol (DTP)
can also be used for negotiating the encapsulation type of either 802.1q or Cisco ISL (Inter-
Switch Link).
2. Explain dynamic desirable & dynamic auto?
Dynamic Desirable - It initiates negotiation. Switch port configured as DTP dynamic desirable
mode will actively try to convert the link to a trunk link if the port connected to other port is
capable to form a trunk. Dynamic Auto - It does not initiate negotiation but can respond to
negotiation. Switch port configured as DTP dynamic auto is capable to form trunk link if the
other side switch interface is configured to form a trunk interface and can negotiate with trunk
using DTP.
DHCP
1. What is DHCP?
Dynamic Host Configuration Protocol (DHCP) assigns IP addresses to hosts dynamically. It
allows easier administration and works well in small as well as very large network
environments. All types of hardware can be used as a DHCP server including a Cisco router.
2. What information can a DHCP server provide to a host?
A DHCP server can provide the following information:- IP address Subnet mask Default
gateway Domain Name Server WINS information
3. How DHCP Works?
DHCP works on DORA Process (DISCOVER - OFFER - REQUEST -
ACKNOWLEDGEMENT) 1. When a Client needs an IP configuration, it tries to locate a
DHCP server by sending a Broadcast called a DHCP DISCOVER. This message will have a
destination IP of 255.255.255.255 and destination MAC of FF:FF:FF:FF:FF:FF Source IP -
0.0.0.0 , Destination IP - 255.255.255.255, Source Mac - Mac address of Host, Destination
Mac - FF:FF:FF:FF:FF:FF ———————————————— 2. On Receiving DHCP
Discover, the server sends a DHCP OFFER message to the client. The DHCPOFFER is a
proposed configuration that may include IP address, DNS server address, and lease time. This
message will be Unicast and have the destination mac address of DHCP client's mac address.
The source mac address will be that of the DHCP server. Source Mac - Mac address of Server,
Destination Mac - Mac address of Host ———————————————— 3. If the Client
finds the Offer agreeable, it sends DHCP REQUEST Message requesting those particular IP
parameters. This message will be a Broadcast message. Source Mac - Mac address of Host,
Destination Mac - FF:FF:FF:FF:FF:FF ———————————————— 4. The Server
on receiving the DHCP REQUEST makes the configuration official by sending a Unicast
DHCP ACK acknowledgement. Source Mac - Mac address of Server, Destination Mac - Mac
address of Host
4. What is the reason for getting APIPA address?
With APIPA, DHCP clients can automatically self-configure an IP address and subnet mask
when a DHCP server is not available. When DHCP client boots up, it first looks for a DHCP
server in order to obtain an IP address and subnet mask. A client uses the self-configured IP
address until a DHCP server becomes available. The APIPA service also checks regularly for
the presence of a DHCP server. If it detects a DHCP server on the network, APIPA stops and
the DHCP server replaces the APIPA networking addresses with dynamically assigned
addresses.
5.What is the range of APIPA address?
The IP address range is 169.254.0.1 through 169.254.255.254. The client also configures itself
with a default Class B subnet mask of 255.255.0.0.
6.What is the purpose of a relay agent?
A DHCP relay agent is any host that forwards DHCP packets between clients and servers if
they are not on the same physical subnet. Relay agents are used to forwarding requests and
replies between clients and servers when they are not on the same physical subnet. DHCP relay
agent can be configured using the IP helper-address command.
7.What is DHCP decline message?
It is sent by a client to the server indicating network address is already in use (already assigned
to another device).
8.What is a DHCPNAK message?
If the server is unable to satisfy the DHCPREQUEST message (the requested network address
has already been allocated to another device) the server should send DHCPNAK message to
the client. It can also be sent if client's notion of the network address is incorrect (Client has
moved to new a subnet) or client's lease expired.
 SNMP

What is SNMP?

The Simple Network Management Protocol (SNMP) enables a network device to share
information about itself

and its activities. It uses the User Datagram Protocol (UDP) as the transport protocol for
passing data between

managers and agents.

What are the Components of SNMP?

A complete SNMP system consists of the following parts:-

SNMP Manager - A network management system that uses SNMP to poll and receive data
from any number of

network devices. The SNMP manager usually is an application that runs in a central location.

SNMP Agent - A process that runs on the network device being monitored. All types of data
are gathered by the

device itself and stored in a local database. The agent can then respond to SNMP polls and
queries with

information from the database, and it can send unsolicited alerts or “traps” to an SNMP
manager.

Which Ports are used in SNMP?

SNMP uses the UDP port 161 for sending and receiving requests, and port 162 for receiving
traps from managed

devices.

Explain MIB?

MIB is a hierarchical Database Structure for information on the device. Example - serial
numbers are in a

specific location, NIC Statistics etc.

What are different SNMP versions?

There are different versions of SNMP - SNMP V1, SNMP V2c, and SNMP V3.

SNMP version 1 - It is the oldest flavor. It is Easy to set up – only requires a plaintext
community.

SNMP version 2c - It is identical to Version 1, except that it adds support for 64-bit counters.

SNMP version 3 - It adds security to the 64-bit counters. SNMP version 3 adds both
Encryption and

Authentication, which can be used together or separately.

OSI MODEL
1. List the Layers of OSI Model?
Application Layer, Presentation Layer, Session Layer, Transport Layer, Network Layer, Data
Link Layer, Physical Layer.
2. What are the Functions of Transport, Network and Data Link Layer?
Transport layer
1. It segments and reassemble data from upper-layer applications and combines it into the same
data stream.
2. It provides end-to-end data transport services.
3. Establishes the logical connection between the sending host and destination host in an
internetwork.
4. It ensures Data integrity at the Transport layer by maintaining flow control.
Network layer
1. The Network layer (layer 3) manages device addressing.
2. It tracks the location of devices on the network.
3. It determines the best way to move data between devices that are not locally attached.
4. Routers Functions at the Network layer to provide the routing services within an
internetwork.
Data link layer
1. The Data Link layer is responsible for the physical transmission of the data.
2. It handles error notification, flow control.
3. Data Link layer ensures that messages are delivered to the proper device on a LAN using
mac addresses.
4. It translates messages from the Network layer into bits for the Physical layer to transmit.
5. The Data Link layer formats the message into the data frame and adds a customized header
containing the hardware destination and source address.
3.Which Layer is responsible for Reliable connection?
Transport Layer
4.What are the different protocols works at each of the layers in OSI Model?
Physical Layer
ISDN (Integrated Services Digital Network), ADSL (Asymmetric Digital Subscriber Line),
Universal Serial Bus, Bluetooth, Controller Area Network, Ethernet.
Data Link layer
Spanning Tree Protocol, VLan Trunking Protocol, Dynamic Trunking Protocol, HDLC, PPP,
Frame Relay, Token Ring.
Network Layer
ICMP, IGMP, IPV4, IPV6, IPSEC, OSPF, EIGRP, RIP, BGP.
Transport Layer
TCP, UDP, GRE.
Session Layer
NFS (Network File System).
Presentation Layer
Data encryption/decryption, Data compression, Data Conversion Protocols
Application Layer
DNS, DHCP, FTP, HTTP, NTP, SNMP, SMP, TELNET, TFTP, SSH.
5. What is a port number and give some examples?
TCP & UDP must use port numbers to communicate with upper layers because these are what
keep track of different conversations crossing the network simultaneously. PROTOCOLS
PORT NUMBERS FTP 20,
21
TELNET 23
SMTP 25
DNS 53
DHCP 67 (DHCP Server) 68(DHCP Client)
TFTP 69
HTTP 80
POP3 110
NTP 123
IMAP4 143
SNMP 161
BGP 179
HTTPS 443
RIP 520

6.What is the Range Of Port Numbers ?

Well Known Ports - 0 to 1023
Registered Ports - 1024 to 49151
Open Ports - 49152 to 65535
7. What is a Protocol Number and give some examples?
In IPV4 There is a Field called Protocol to identify the Next Level Protocol. In IPV6 this Field
is called "Next Header" Field.
PROTOCOL PROTOCOL NUMBER
ICMP 1
IGMP 2
IPV4 4
TCP 6
EGP 8
IGP 9
UDP 17
IPV6 41
GRE 47
EIGRP 88
OSPF 89
VRRP 112
8.Define Unicast, Multicast and Broadcast?
 Broadcast is the term used to describe communication where a piece of information is sent to
all nodes on the network. Multicast is the term used to describe communication where a piece
of information is sent from a single source and transmitted to many devices but not all devices.
Unicast is the term used to describe communication where a piece of information is sent to a
single destination host.
9. What is the difference between Half-duplex and Full-duplex?
Half Duplex - Data can Flow in both Direction but not simultaneously. At a time Data can flow
only in one direction. example - HUB. Full Duplex - Data can Flow in both Direction
Simultaneously. example - Switch.
10.What is the MAC format?
It is a 12 Digits 48 Bit (6 Byte) Hardware address written in Hexadecimal Format. It consists
of two parts - The First 24 Bits OUI (Organizationally Unique Identifier) is assigned by IEEE.
The Last 24 Bits is Manufacturer-assigned Code.
11.What is a Frame?
The Data Link layer formats the message into pieces, each called a data frame, and adds a
customized header containing the hardware source and destination address.
12.What is the TCP/IP Model?
TCP/IP is four layer standard model. The four layers of TCP/IP model are Application layer,
Transport layer, Internet layer, Network access layer.
13.What are the protocols that are included by each layer of the TCP/IP model?
Layers of the TCP/IP model Protocols
Application Layer DNS, DHCP, FTP, TFTP, SMTP, HTTP,Telnet, SSH
Transport Layer TCP, UDP
Internet Layer IP, ICMP, IGMP
Network access layer Ethernet, Token Ring, FDDI, X.25, Frame Relay,
ARP, RARP
ARP
1. What is ARP?
Address Resolution Protocol (ARP) is a network protocol, which is used to map a network
layer protocol address (IP Address) to a data link layer hardware address (MAC Address).
ARP basically resolves IP address to the corresponding MAC address.
2. ARP works at which layer and Why?
ARP works at the data link layer (Layer 2). ARP is implemented by the network protocol
driver and its packets are encapsulated by Ethernet headers and transmitted.
3. Explain the use of ARP?
 If a host in an Ethernet network wants to communicate with another host, it can
communicate only if it knows the MAC address of other hosts. ARP is used to get the Mac
address of a host from its IP address.
4. What is an ARP Table (cache)?
ARP maintains a table that contains the mappings between IP address and MAC address.
This Table is called ARP Table.
5. What are the source & destination IP address in ARP request and ARP reply packet?
ARP Request Source - Mac Address of Host which transmitted the ARP Request packet.
(Senders MAC address) Destination - FF:FF:FF:FF:FF:FF Broadcast ARP Reply Source -
Mac address of Host replying for ARP Request. Destination - Mac Address of Host which
generated the ARP Request packet.
6. What is the size of an ARP request and ARP reply packet?
The size of an ARP request or ARP reply packet is 28 bytes.
7. How can we differentiate between an ARP request packet and an ARP reply packet?
We can differentiate ARP request packet from an ARP reply packet using the 'operation'
field in the ARP packet. For ARP request it is 1 and for ARP reply it is 2.
8. What is Proxy ARP?
Proxy ARP is the process in which one device responds to the ARP request for another
device. Example - Host A sends an ARP request to resolve the IP address of Host B. Instead
of Host B, Host C responds to this ARP request. What is Gratuitous ARP?
9. Why it is used?
When a Host sends an ARP request to resolve its own IP address, it is called Gratuitous ARP.
In the ARP request packet, the source IP address and destination IP address are filled with the
same source IP address itself. The destination MAC address is the broadcast address
(FF:FF:FF:FF:FF:FF). Gratuitous ARP is used by the host after it is assigned an IP address
by DHCP Server to check whether another host in the network does not have the same IP
address. If the host does not get ARP reply for a gratuitous ARP request, It means there is no
another host which is configured with the same IP address. If the host gets ARP reply then it
means another host is also configured with the same IP address.
10.What is Reverse ARP?
Reverse ARP is used to obtain the device's IP address when its MAC address is already
known.
10. What is Inverse ARP?
Inverse ARP dynamically maps local DLCIs to remote IP addresses when Frame Relay is
configured.
IP ADDRESSING
1. What is the IP address and its format?
An IP address is a is a software address assigned to each machine on an IP network. It specifies
the location of a device on the network. It allows hosts on one network to communicate with a
host on a different network. It is 32 bits of information. These 32 bits are divided into four
sections referred to as octets or bytes. Each octet contains 1 byte (8 bits). An IP address can be
depicted using one of three methods:
1. Dotted - decimal, example - 172.16.30.56
2. 2. Binary - 10101100.00010000.00011110.00111000
3. 3. Hexadecimal - AC.10.1E.38
2. What are the different Classes of IP address and give the range of each class?
There are five classes of IP addresses:-
Class A - 1 to 127 (127 cannot be used as it is loopback Address)
Class B - 128 to 191
Class C - 192 to 223
Class D - 224 to 239 (MULTICAST ADDRESSES)

Class E - 240 to 255 (RESEARCH & DEVELOPMENT)

Class A address 127.0.0.0 to 127.255.255.255 are reserved for loopback addresses.
3. What are Private addresses and Give the range of Private Addresses?
These addresses can be used only on the private network. They cannot be routed through the
Internet. Private IP addresses are designed for security and they also save valuable IP address
space. Class A - 10.0.0.0 to 10.255.255.255
Class B - 172.16.0.0 to 172.31.255.255
Class C - 192.168.0.0 to 192.168.255.255
4. What is the subnet mask?
A subnet mask is a 32-bit value that allows the recipient of IP packets to distinguish the
network ID portion of the IP address from the host ID portion of the IP address.
IP HEADER
1. Which is the importance of the identification field in the IP packet?
This is used to identify each fragmented packet so that destination device can rearrange the
whole communication in order.
2.Which device can reassemble the packet?
This is done only by the ultimate destination of the IP message.
3.What is IP datagram?
IP datagram can be used to describe a portion of IP data. Each IP datagram has a set of fields
arranged in order. IP datagram has following fields Version, Header length, Type of service,
Total length, checksum, flag, protocol, Time to live, Identification, Source IP Address and
Destination Ip Address, Padding, Options and Payload.
4.What is MTU (Maximum Transmission Unit)?
The maximum transmission unit (MTU) of an interface tells Cisco IOS the largest IP packet
that can be forwarded out on that interface.
5.What is Fragmentation?
Fragmentation is a process of breaking the IP packets into smaller pieces (fragments).
Fragmentation is required when the datagram is larger than the MTU. Each fragment then
becomes a datagram in itself and transmitted independently from source. These datagrams are
reassembled by the destination.
6. How the packet is reassembled?
1. When a host receives an IP fragment, it stores this fragment in a reassembly buffer based
on its fragment offset field.
2. Once all the fragments of the original IP datagram are received, the datagram is processed.
3. On receiving the first fragment, a reassembly timer is started.
4. If this reassembly timer expires before all the fragments are received then the datagram is
discarded.
7.What is the importance of DF, MF flag?
Don’t fragment bit If DF bit is set, fragmentation is not allowed. When a router needs to
forward a packet larger than the outgoing interface’s MTU, the router either fragment the
packet or discards it. If the IP header’s Do Not Fragment (DF) bit is set, means fragmentation
is not allowed and the router discards the packet. If the DF bit is not set, means fragmentation
is allowed and the router can perform Layer 3 fragmentation on the packet. More fragments bit
If MF Bit is set to 1 means more fragments are coming. If it is set to 0 means this is the last
Fragment. All fragments that belong to an IP datagram will have more fragments bit set except
for the final fragment. The final fragment does not have the more fragment bit set indicating
that this is the last fragment. This is how the end hosts come to know that it has collected all
the fragments of the IP datagram.
8.What is the purpose of a fragment offset?
It is used to define the size of each fragmented packet.
9. What is the importance of TTL value?
It defines how long a packet can travel in the network. It is the number of hops that the IP
datagram will go through before being discarded. At every hop, the TTL value is decremented
by 1. When this field becomes zero, the datagram is discarded. This behaviour helps prevent
routing loops. The typical value for a TTL field is 32 or 64.
11. What does the protocol field determine in the IP packet?
12. The Protocol field is an 8-bit field that identifies the next level protocol. It indicates to
which upper-layer protocol this datagram should be delivered.
Example - TCP, UDP.

TCP
1. What is TCP?
Transmission Control Protocol is a connection-oriented protocol. This means that before any
data transfer can take place, certain parameters have to be negotiated in order to establish the
connection.
2. Explain TCP Three-Way Handshake process?
For Reliable connection, the transmitting device first establishes a connection-oriented
(reliable) session with its peer system, which is called three-way handshake. Data is then
transferred. When the Data transfer is finished, the connection is terminated and a virtual circuit
is torn down.
1. In the First part of Three-way Handshake, the source sends a TCP SYN segment with the
initial sequence number X indicating the desire to open the connection. —————————
———————
2. In Second Part, when destination receives TCP SYN, It acknowledges this with Ack (X+1)
as well as its own SYN Y (It informs Source what sequence number it will start its data with
and will use in further messages). This response is called SYN/ACK. ——————————
——————
3. In the Third Part, the source sends an ACK (ACK = Y+1) segment to the destination
indicating that the connection is set up. Data transfer can then begin. During this 3 way
Handshake, devices are negotiating parameters like Window Size etc.
3.What does Window Size indicate?
It is 16-bit Window field which indicates the number of bytes a sender will send before
receiving an acknowledgement from the receiver.
4. What is the purpose of RST bit?
When the connection is not allowed by destination connection is reset. What are TCP Flags?
TCP Flags are used to influence the Flow of Data across a TCP Connection.
1. PUSH (PSH) - It Pushes the buffered data to the receiver's application. If data is to be sent
on the immediate basis we will push it.
2. Reset (RST) - It Resets the connection.
3. Finish (FIN) - It Finishes the session. It means No More Data from the sender.
4. Urgent (URG) - It is use to set the priority to tell the receiver that this data is important for
you.
 5. Acknowledgement (ACK) - All packets after SYN packet sent by the client should have
this flag Set. ACK=10 means host has received 0 through 9 and is expecting byte 10 next.
6. Synchronize (SYN) - It initiates a connection. It Synchronizes the sequence number.
5. What is the difference between PUSH and URG flag?
The PSH flag in the TCP header informs the receiving host that the data should be pushed up
to the receiving application immediately. The URG flag is used to inform a receiving station
that certain data within a segment is urgent and should be prioritized.
7. What is the importance of Sequence Number and Acknowledgement Number?
Sequence Number is a 32-bit field which indicates the amount of data that is sent during a
TCP session. By sequence number, the sender can be assured that the receiver received the
data because the receiver uses this sequence number as the acknowledgement number in the
next segment it sends to acknowledge the received data. When the TCP session starts, the
initial sequence number can be any number in the range 0– 4,294,967,295. Acknowledgement
number is used to acknowledge the received data and is equal to the received sequence number
plus 1.
ICMP
1. What is the Internet Control Message Protocol?
ICMP is basically a management protocol and messaging service provider for IP. It can provide
Hosts with information about network problems.
2. At which layer do ICMP works?
It works at Network Layer.
3.Which two fields in the ICMP header is used to identify the intent of ICMP message?
Type and Code.
3. What are various ICMP messages?
1. Destination Unreachable. 2. Buffer Full. 3. Hops/Time Exceeded. 4. Ping. 5. Traceroute.
4. Explain how traceroute works in detail?
1. Firstly, traceroute creates a UDP packet from the source to destination with a TTL value of
1.
2. Packet reaches the first router where the router decrements the value of TTL by 1, making
packet’s TTL value 0 because of which the packet gets dropped.
3. As the packet gets dropped, it sends an ICMP message Hop/Time exceeded back to the
source.
4. This is how traceroute comes to know the first router’s address and the time taken for the
round-trip.
5. It sends two more packets in the same way to get average round-trip time. First, round-trip
takes longer than the other two due to the delay in ARP finding the physical address, the
 address stays in the ARP cache during the second and the third time and hence the process
speeds up.
6. These steps take place again and again until the destination has been reached. The only
change that happens is that the TTL is incremented by 1 when the UDP packet is to be sent to
the next router/host.
7. Once the destination is reached, time exceeded ICMP message is not sent back this time
because the destination has already been reached.
8. But, the UDP packet used by traceroute specifies the destination port number that is not
usually used for UDP. So, when the destination verifies the headers of the UDP packet, the
packet gets dropped because of an improper port being used and an ICMP message
Destination Unreachable is sent back to the source.
9. When traceroute encounters this message, it understands that the destination is reached.
Also, The destination is reached 3 times to get the average round-trip time.
5.Why there are three columns in traceroute results?
Three probes (change with -q flag) are sent at each TTL setting and a line ***is printed
showing the TTL, the address of the gateway and round trip time of each probe( so three * ).
6.Which ICMP message confirms the traceroute is completed?
Destination Unreachable Message

Router ID Significance in EIGRP, OSPF & BGP

EIGRP

The EIGRP RID is a 32-bit number in dotted decimal format. In EIGRP, duplicate RIDs do
not prevent routers

from becoming neighbors and two EIGRP routers with the same router ID will still form a
neighbor relationship.

The only time the value of EIGRP RIDs consider is when injecting external (redistributed)
routes into EIGRP. In

this case, the routers injecting the external routes should have unique RIDs to avoid
confusion.

To manually configures the router ID

R1(config)# router eigrp 10

R1(config-router)# eigrp router-id 1.1.1.1

OSPF

Every OSPF router within the network will have a 32-bit number router ID that uniquely
identifies it to the other

routers on the network. Unlike EIGRP, OSPF prevents neighborships between routers with
duplicate RIDs. All

OSPF RIDs in a domain should be unique. OSPF Router ID should not be changed after the
OSPF process is

started and the OSPF neighborships are established. If you change the OSPF router ID, we
need to either reload

the IOS or use "clear ip ospf process" command (restart the OSPF process) for changed RID
to take effect.

To manually configure the router ID

R1(config)# router ospf 5

R1(config-router)# router-id 5.5.5.5

BGP

Like OSPF, BGP also prevents neighborship between routers with same router ID. The BGP
router IDs of the two

routers should not be same. Router ID also acts as a tie-breaker for BGP path selection. If all
other attributes

(weight, local preference, origin, AS path etc) till router ID are equal then the decision is
made based on lowest

router ID.

To manually configure the router ID

R1(config)# router bgp 100

R1(config-router)# bgp router-id 9.9.9.9

In all of the above routing protocols, the Router ID is determined according to the following
general rules -

Step 1. Use the router ID defined in the router-id x.x.x.x OSPF router subcommand.

Step 2. Use the highest IP address of any up loopback interface.

Step 3. Use the highest IP address of any up physical interface.

Passive Interface command Behavior in RIP, EIGRP & OSPF

RIP

In RIP passive-interface command will disable sending multicast updates via a specific
interface but will allow

listening to incoming updates from other RIP speaking neighbors.

R1# router rip

R1# passive-interface fa0/0

Command to see the list of passive-interfaces

R1# show ip protocols

EIGRP

When an interface is passive, EIGRP quits sending any outgoing hello packets, so the router
can not form any

neighbor relationship via a passive interface. This behavior stops both outgoing and incoming
routing updates.

However, EIGRP still advertises the connected subnets if matched with an EIGRP network
command.

R1# router eigrp 1

R1# passive-interface fa0/0

Command to see the list of passive-interfaces

R1# show ip protocols

OSPF

It works just like it works with EIGRP. When a router configures an interface as passive to
OSPF, OSPF stops

sending outgoing hello packets, so the router can not form any neighbor relationship via the
passive interface.

This behavior stops both outgoing and incoming routing updates. However, OSPF still
advertises the connected
subnets if matched with an OSPF network command.

R1# router ospf 3

R1# passive-interface fa0/0

Command to see the list of passive-interfaces

R1# show ip protocols

List of Protocols which works on TCP and UDP?

TCP UDP

TELNET, HTTP, HTTPS, DHCP, TFTP, DNS, RIP, SNMP,

FTP, SMTP, BGP, VOIP.

POP3, IMAP,

NFS.

Comparison of RIP, EIGRP & OSPF?

RIP EIGRP OSPF

Type Distance Vector Advanced Distance Vector

Link state

Subnet Mask Classful (By Default) Classful (By Default) Classless

Algorithm Bellman-Ford Diffusing Update (DUAL) Dijkstra

AD Value 120 90 110

Maximum Hops 15 100 to 255 Unlimited

Layer Transport Layer Network Layer Works on Network Layer

Port/ Protocol No 520 88 89

Metric Hop Counts K-Values Cost

MulticastAddress 224.0.0.9 224.0.0.10 224.0.0.5, 224.0.0.6

Neighborship
Requirements ----- - AS, K-Values, Authentication. Area ID, Hello
Interval,Dead
Time,Authenticat
ion.

Timers Update - 30 sec, Hello-5 HELLO-10,DEAD 40

Hold - 180 sec Hold-15

Invalid - 180 sec

Flush -240sec

Copyright © Networker Interview. All rights reserved.

CCNA CCNP CCIE QUIC