Example:
Your goal is to allow FTP access to the HR server from the internet, while blocking out all other traffic. Which of the access list configurations below will fulfill your goal?
A. Access-list 101 Permit tcp any 192.168.44.252 0.0.0.0 eq 21
B. Access-list 101 Permit tcp any 192.168.44.252 0.0.0.0 eq 20
C. Access-list 101 Permit tcp 192.168.44.252 0.0.0.0 any eq 20
D. Access-list 101 Permit tcp 192.168.44.252 0.0.0.0 any eq 21
E. Access-list 101 Deny tcp any 192.168.44.255 0.0.0.0 gt 21
F. Access-list 101 Permit tcp 192.168.44.255 0.0.0.0 any gt 21
Answer: A, B
Saturday, January 6, 2007
Named Access List
If your router is running IOS 11.2 or higher, you can create named access lists. Instead of choosing a number between 1-99 for standard IP access lists, you can use a custom name allowing for more lists and more convenient management. The commands to create a named access list are different for standard and extended access lists.
To create a named access list, use the following command in global configuration mode:router(config)#ip access-list {standard extended} name
This command will take you into access-list configuration mode where you can define the deny and permit rules. For example to create a named access list with the name wwwfilter and permit only access from the networks 192.168.132.0, 172.17.0.0 and 10.0.0.0 use the following commands:
router(config)#ip access-list standard wwwfilter
router(config-std-nacl)#permit 192.168.132.0 0.0.0.255
router(config-std-nacl)#permit 172.17.0.0 0.0.255.255
router(config-std-nacl)#permit 10.0.0.0 0.255.255.255
Use the exit command to exit access-list configuration mode.A named list is applied to an interface in the same way as with numbered lists:
router(config-if)#ip access-group wwwfilter out
Which of the following answer choices are correct characteristics of named access list?
A. You can delete individual statements in a named access list
B. Named access lists require a numbered range from 1000 to 1099.
C. Named access lists must be specified as standard or extended.
D. You can use the ip access-list command to create named access lists.
E. You cannot delete individual statements in a named access list.
F. You can use the ip name-group command to apply named access lists.
Answer: A, C, D
To create a named access list, use the following command in global configuration mode:router(config)#ip access-list {standard extended} name
This command will take you into access-list configuration mode where you can define the deny and permit rules. For example to create a named access list with the name wwwfilter and permit only access from the networks 192.168.132.0, 172.17.0.0 and 10.0.0.0 use the following commands:
router(config)#ip access-list standard wwwfilter
router(config-std-nacl)#permit 192.168.132.0 0.0.0.255
router(config-std-nacl)#permit 172.17.0.0 0.0.255.255
router(config-std-nacl)#permit 10.0.0.0 0.255.255.255
Use the exit command to exit access-list configuration mode.A named list is applied to an interface in the same way as with numbered lists:
router(config-if)#ip access-group wwwfilter out
Which of the following answer choices are correct characteristics of named access list?
A. You can delete individual statements in a named access list
B. Named access lists require a numbered range from 1000 to 1099.
C. Named access lists must be specified as standard or extended.
D. You can use the ip access-list command to create named access lists.
E. You cannot delete individual statements in a named access list.
F. You can use the ip name-group command to apply named access lists.
Answer: A, C, D
Friday, January 5, 2007
Subnet Masks to Remember and their decimal notations
I find that it's really time wasting something to derive the decimal notations from the / notation. In exam, its time-contraint. So better to remember the common ones:
/ Notation <-> Decimal (last octet)
30 <-> 252
29 <-> 248
28 <-> 240
27 <-> 224
26 <-> 192
25 <-> 128
/ Notation <-> Decimal (last octet)
30 <-> 252
29 <-> 248
28 <-> 240
27 <-> 224
26 <-> 192
25 <-> 128
EIGRP is Distance Vector or Link State?
According to cisco, EIGRP is consider Distance Vector. Search Cisco, and you will know.
This link provides all answers on EIGRP (Must Go Through!)
http://www.cisco.com/en/US/tech/tk1330/tsd_technology_support_technical_reference_chapter09186a00807598ad.html
This link provides all answers on EIGRP (Must Go Through!)
http://www.cisco.com/en/US/tech/tk1330/tsd_technology_support_technical_reference_chapter09186a00807598ad.html
EIGRP Tables - sure come out in exam!
•Like OSPF, EIGRP keeps this information in several tables, or databases.
–Neighbor table
–Topology table
–Routing table
–Successor
–Feasible Successor
•Successor – Current Route
–A successor is a route selected as the primary route to use to reach a destination.
–Successors are the entries kept in the routing table.
•Feasible Successor - A backup route
–A feasible successor is a backup route.
–These routes are selected at the same time the successors are identified, but they are kept in the topology table.
–Multiple feasible successors for a destination can be retained in the topology table.
Neighbor table - lists adjacent routers
Topology table - contain Feasible Successor
Routing table - contain Successor
–Neighbor table
–Topology table
–Routing table
–Successor
–Feasible Successor
•Successor – Current Route
–A successor is a route selected as the primary route to use to reach a destination.
–Successors are the entries kept in the routing table.
•Feasible Successor - A backup route
–A feasible successor is a backup route.
–These routes are selected at the same time the successors are identified, but they are kept in the topology table.
–Multiple feasible successors for a destination can be retained in the topology table.
Neighbor table - lists adjacent routers
Topology table - contain Feasible Successor
Routing table - contain Successor
Thursday, January 4, 2007
Routing Metrices
By default, IGRP chooses a route based on bandwidth and delay.
But it can support Bandwidth, Delay, Reliability, Load, MTU.
Be default OSPF uses bandwidth for its metric.
Q. How does OSPF calculate its metric or cost?
A. OSPF uses a reference bandwidth of 100 Mbps for cost calculation. The formula to calculate the cost is reference bandwidth divided by interface bandwidth. For example, in the case of Ethernet, it is 100 Mbps / 10 Mbps = 10.
The formulat is cost=10 Power 8 / bandwidth
RIP uses hop count.
But it can support Bandwidth, Delay, Reliability, Load, MTU.
Be default OSPF uses bandwidth for its metric.
Q. How does OSPF calculate its metric or cost?
A. OSPF uses a reference bandwidth of 100 Mbps for cost calculation. The formula to calculate the cost is reference bandwidth divided by interface bandwidth. For example, in the case of Ethernet, it is 100 Mbps / 10 Mbps = 10.
The formulat is cost=10 Power 8 / bandwidth
RIP uses hop count.
Spanning Tree Protocol Timers
There are several STP timers, as this list shows:
hello—The hello time is the time between each bridge protocol data unit (BPDU) that is sent on a port. This time is equal to 2 seconds (sec) by default, but you can tune the time to be between 1 and 10 sec.
forward delay—The forward delay is the time that is spent in the listening and learning state. This time is equal to 15 sec by default, but you can tune the time to be between 4 and 30 sec.
max age—The max age timer controls the maximum length of time that passes before a bridge port saves its configuration BPDU information. This time is 20 sec by default, but you can tune the time to be between 6 and 40 sec.
hello—The hello time is the time between each bridge protocol data unit (BPDU) that is sent on a port. This time is equal to 2 seconds (sec) by default, but you can tune the time to be between 1 and 10 sec.
forward delay—The forward delay is the time that is spent in the listening and learning state. This time is equal to 15 sec by default, but you can tune the time to be between 4 and 30 sec.
max age—The max age timer controls the maximum length of time that passes before a bridge port saves its configuration BPDU information. This time is 20 sec by default, but you can tune the time to be between 6 and 40 sec.
Subscribe to:
Posts (Atom)