zanny sandy – Network Interview QnA

What is difference between LTM vs GTM

LTM load balances servers as well as does caching , compression, persistence, many more. GTM load-balances data centers. In a normal deployment, a customer will have two data centers, each with GTM and LTM devices. For GTM to work efficiently, customers delegate DNS resolution to GTM. So, a user might just type into their browser [...]

Must have Wireshark filters for troubleshooting

To filter traffic on Source or Destination IP address Ip.src==10.10.10.10 Ip.dst==10.10.10.10 Now you notice in the background any time that you get a syntax right then you’ll see that the background turns green that means that you got it correct you got the right syntax for what you’re looking for Now if you type something [...]

Wireshark Display Filters

Wireshark uses display filters for general packet filtering while viewing and for its ColoringRules. Below are the Cheatsheets [...]

F5 LTM Troubleshooting- Things to check if Pool member is down

Check if the server is reachable from the F5 Load balancer [root@bigip118:Active:Standalone] config # ping 172.16.20.10 PING 172.16.20.10 (172.16.20.10) 56(84) bytes of data. 64 bytes from 172.16.20.10: icmp_seq=1 ttl=255 time=3.83 ms 64 bytes from 172.16.20.10: icmp_seq=2 ttl=255 time=2.88 ms ———————————————————— If you want to ping from particular vlan you can specify vlan name after –I [...]

In Palo Alto Firewall-How to test Security, NAT, and PBF Rules via the CLI

The following arguments will always be needed to run the test Security policy , NAT policy and PBF policy : • source – source IP address • destination – destination IP address • destination port – specify the destination port number • protocol – specify the IP protocol number expected for the packet between 1 [...]

OSPF,VLAN and TCP cheatsheets

OSPF TCP VLAN Cheatsheets by aurummme.com

Wireshark TCP troubleshooting to find out slowness issue

During packet capture we get lot of packets to get the high level view of the packet capture, we can do this going to Analyze–>Expert Info Composite it will show you the all the errors and warnings sorted in the list e.g In the below image you can see we are getting Window is full [...]

What is difference between PortFast, UplinkFast and BackboneFast?

Portfast: With conventional STP operation a laptop computer after booting have to wait at least 30 secs ( fifteen listening ,fifteen learning ) for transmit and or receive data . Portfast facilitate the laptop computer to be online going past the listening & learning state of switch port . To configure the PortFast in Switch [...]

What are the Cisco ASA failover types?

The Cisco ASA supports two types of failover Regular failover Stateful failover Regular failover The instant a failover happens , all active connections are dropped . Clients will need to reestablish connections when the new active device takes over Stateful failover When Stateful Failover is enabled , the active device continually passes per-connection state [...]

Benefits of VLANs

The significant benefits of VLAN are listed below . • Broadcast Control : Broadcasts are needed for the regularly function of a network . Many protocols and application rely on broadcast communication to function properly . A layer 2 switched network is basically in a single broadcast domain and the broadcasts can reach the network [...]

What are the daemons in the F5 LTM? What are there impact if they are not running?

To review logs using tmsh Log in to the BIG-IP command line. Change to the /var/log directory by typing the following command: cd /var/log or cd (go to respective directory of daemon) Use a Linux utility such as cat, or less, to review the desired log file. For example, to view the ltm log file, [...]

VTP- Level 2 question and answers

How many Switches can act in Server mode, for a single VTP domain? Can we have more than one VTP server in the environment? Should we configure them as Primary or Secondary? Till VTP version 2 We can have multiple switches acting in Server mode There is no logic of Primary and Secondary. Both the [...]

VTP- Level 1 question and answers

What is VTP? What is the purpose of VTP? VTP is Vlan Trunking Protocol, which is configured for managing vlans. Example 100 switches are configured in network. To manage vlans, it might be required to login to number of devices, which is a hectic task. So, VTP comes into picture. We define VTP server which [...]

F5 troubleshooting using the tcpdump command

The tcpdump utility is a command line packet sniffer with many features and options. For a full description, refer to the tcpdump man pages by typing the following command: man tcpdump Running the tcpdump utility Following are examples of commands used to run the tcpdump utility: Selecting an Interface or VLAN The tcpdump utility’s interface [...]

Automatically backup and restore configuration on Cisco Router from FTP/TFTP server

Backing up configuration – Configuration & IOS file of router or switch can be backed up in a ftp or tftp server. In the below example we will use the FTP server 1. Create a FTP server with user id & password authentication 2. On the Router give command ‘copy startup-config ftp://username:password1@172.16.20.201’ 3. To save [...]

What is Cisco ISE (Identity Services Engine)

Today’s enterprise network is rapidly changing, especially when it comes to employee mobility. Employees are no longer tethered to desktop workstations, but instead access enterprise resources via a variety of devices: tablets, smartphones, and personal laptops, just to name a few. Being able to access resources from anywhere greatly increases productivity, but it also increases [...]

What is Node and Pool in F5 Load balancer?

Node- A node is a logical object on the load balancer that identifies the IP address of a physical resource on the network.You can explicitly create a node, or you can instruct Local Traffic Manager to automatically create one when you add a pool member to a load balancing pool. You can find out the [...]

IP address and Subnetting

IP ADDRESS & SUBNETTING Private IP addressing – Subnet Mask calculation – If the CIDR value is /25 then subnet mask will be – 255.255.255.128. In binary – 11111111.11111111.11111111.10000000 (8+8+8+1 = 25) Same way if subnet mask is – 255.255.192.0 the CIDR value will be /18 (8+8+2) Wild card calculation – Whatever the subnet mask [...]

Setup the Palo Alto Firewall from scratch

There are two methods to setup the firewall-CLI and GUI. We will follow the method of using GUI as it’s easier than CLI Connect the Ethernet to the Management port of firewall and connect other end to workstation and setup that workstation ip address in 192.168.1.0/24 network range. When making your first connection to the [...]

What are the STP times?

Hello Timer Forward delay Timer Max-age Timer Hello Timer: How often switches send BPDU’s by default every 2 seconds Forward delay Timer: how much long a port must spend time in both learning and listening state. By default 15 seconds Max-age Timer: How long a switch will retain BPDU information from a neighbor switch [...]

What is the Spanning Tree election criteria? and what are the STP port states?

Spanning Tree Election Criteria: -It selects paths according to the following criteria or 1. Lowest root bridge ID (BID) 2. Lowest cost path to the root 3. Lowest sender bridge ID 4. Lowest sender port ID (PID) Port States Disable Blocking Listening Learning Forwarding Disable: It is considered as non-operational, it will not [...]

What are different area types used in the OSPF?

Area Types -Standard area -Backbone area (area 0) -Stub area -Totally stubby area -Not-so-stubby area (NSSA) -Totally NSSA Stub Area (area stub) -It contain type 1, 2, and 3 LSAs -No LSA type 4 and 5 (E1 or E2) is allowed -Routers can connect to the External routes via the default route that is injected [...]

Why we use Spanning Tree Protocol in the Switches?

Broadcast Storms Duplicate Frame copies Unstable MAC Table Broadcast Storms Without any loop removing mechanism, switches will flood broadcasts endlessly throughout the network. This is known as broadcast storm. Duplicate Frame copies A device could receive duplicate copies of same frame from different switches. It creates additional overhead on the network. Unstable MAC Table [...]

What are the link aggregation protocols in Cisco Switches, what are their modes required to bundle a link?

Dynamic Configuration Cisco switches support two dynamic aggregation protocols: PAgP (Port Aggregation Protocol) – Cisco proprietary aggregating protocol. LACP (Link Aggregation Control Protocol) – IEEE standardized aggregation protocol, originally defined in 802.3ad. PAgP and LACP are not compatible – both sides of an Etherchannel must use the same aggregation protocol. EthernChannel – PAgP It supports [...]

In Cisco Switches for VTP, what frame tagging protocol they support?

Cisco switches support two frame tagging protocols: Inter-Switch Link (ISL) IEEE 802.1Q Inter-Switch Link (ISL) It is Cisco’s proprietary frame tagging protocol. It encapsulates a frame with an additional header (26 bytes) and trailer (4bytes). It increases the size of a frame by 30 bytes. The header contains several fields, including a 15-bit VLAN ID. [...]

What are Switching modes?

Switching Modes 1. Store and Forward Switching 2. Cut-through Switching 3. Fragment-Free Switching 1. Store and Forward Switching Switch copies each complete frame into the switch memory and do a Cyclic Redundancy Check (CRC) for errors. If an error is found, the frame is dropped and if there is no error, the switch forwards the [...]

Are OSPF routing protocol exchanges authenticated?

Yes, OSPF can authenticate all packets exchanged between neighbors. Authentication may be through simple passwords or through MD5 cryptographic checksums. To configure simple password authentication for an area, use the command ip ospf authentication-key to assign a password of up to eight octets to each interface attached to the area. Then, issue the area x [...]

A receiving host computes the checksum on a frame and determines that the frame is damaged. The frame is then discarded. At which OSI layer did this happen?

The Data Link layer provides the physical transmission of the data and handles error notification, network topology, and flow control. The Data Link layer formats the message into pieces, each called a data frame, and adds a customized header containing the hardware destination and source address. Protocols Data Unit (PDU) on Datalink layer is called [...]

What is the difference between HSRP & VRRP?

HSRP * Cisco proprietary * 1 Active & 1 standby router & 1 or more listening routers * use virtual ip address as gateway * hello 3 sec & holddown timer 10 sec * we can enable preempt manually (standby 1 preempt) 6) multicast at:224.0.0.2 (ver1), multicast at:224.0.0.102 (ver2). Both versions use udp port 1985 [...]

If there are multiple EIGRP and OSPF neighborship flap over the GRE tunnel what could be the problem and how would solve it?

If in the logging you are getting the error message %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing It means that GRE Router tunnel has found a recursive routing problem. The symptoms of this issue include the continous flapping of tunnel interface as well as EIGRP,OSPF & BGP neighbours when neighbours are over the GRE. [...]

What are the types of BGP Routing table?

There are three types of BGP Routing tables: a) Adj-RIB-in b) Adj-RIB-out c) Loc-RIB Adj-RIB-in stores the unprocessed information received from its peers. Here the best path selection occurs as per BGP attributes and after conformation path is entered into the local bgp table i.e Loc-RIB. From the local RIB table it conform the next-hop [...]

In Nexus 7000 what is use of vPC auto recovery feature ?

-If there is a data center outage or power outage, both vPC peers consisting of Nexus 7000 Switches are down. Sometimes, only one of the peers can be restored. Since the other Nexus 7000 is still down, vPC peer-link as well as vPC peer-keepalive link are also down. In this scenario, vPC will not come [...]

How to configure GLBP?

Gateway Load Balancing Protocol (GLBP) provides redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first hop router failures, while allowing packet load sharing between a group of redundant routers. GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Each host is [...]

Suppose if you have two internet links if one gets down, how you will set up redundancy?

To check the connectivity we can use the IP SLA feature in Cisco IOS which will be constantly pinging the internet address as soon as the icmp check will fail it will change the priority of the route so the traffic will get out through the other link. First we create our IP SLA cinfig. [...]

What is VSS?

The Virtual Switching System (VSS) is a clustering technology that combines two Cisco Catalyst 4500 or 6500 Series into a single virtual switch. In a VSS, the data plane of both clustered switches is active at the same time in both chassis. VSS members are connected by virtual switch links (VSLs) using standard Gigabit or 10 Gigabit [...]

What is the difference in Route Distinguisher vs Route Target?

Route Distinguisher We know VRFs allow IP address space to be reused among isolated routing domains. For example, assume you have to connect to three customer sites, all of which are using 192.168.10.0/24 as their local network. We can assign each customer its own VRF so that the overlapping networks are kept isolated from one [...]

Useful BGP commands on Cisco Routers

When BGP is not behaving correctly, a “trick” to temporarily stop peering with a neighbor is to use the following command: router bgp 194 neighbor<ipaddress> password xxx Since the other router doesn’t have the same password, the two routers will stop talking to one another, without you having to do anything else. Later, when the [...]

How to use the embedded wireshark in Cisco 3850 switches to capture the traffic

On the 3850 switches has embedded wireshark that can be used to packet capture during the troubleshooting this negate the need of SPAN to capture the traffic. -Define your source monitor capture mycap interface GigabitEthernet1/0/1 both -Set your match statement monitor capture mycap access-list myacl monitor capture mycap match ipv4 any any -Set your destination [...]

What are the modes in which interfaces on Palo Alto can be configured?

When configuring the Ethernet ports on your firewall, you can choose from virtual wire, Layer 2, or Layer 3 interface deployments. In addition, to allow you to integrate into a variety of network segments, you can configure different types of interfaces on different ports. The following sections provide basic information on each type of deployment. [...]

How to enable logging in Palo Alto Networks Firewall?

When it comes to live troubleshooting or to ensure certain traffic is either blocked or allowed one relies heavily on logs, Palo Alto Network Firewalls does provides very good logging options and fields. Its quite easy to read them and understands them. By default when some one creates any security policy Palo Alto Networks Firewall [...]