zanny sandy – Page 2 – Network Interview QnA

Are OSPF routing protocol exchanges authenticated?

Yes, OSPF can authenticate all packets exchanged between neighbors. Authentication may be through simple passwords or through MD5 cryptographic checksums. To configure simple password authentication for an area, use the command ip ospf authentication-key to assign a password of up to eight octets to each interface attached to the area. Then, issue the area x [...]

A receiving host computes the checksum on a frame and determines that the frame is damaged. The frame is then discarded. At which OSI layer did this happen?

The Data Link layer provides the physical transmission of the data and handles error notification, network topology, and flow control. The Data Link layer formats the message into pieces, each called a data frame, and adds a customized header containing the hardware destination and source address. Protocols Data Unit (PDU) on Datalink layer is called [...]

What is the difference between HSRP & VRRP?

HSRP * Cisco proprietary * 1 Active & 1 standby router & 1 or more listening routers * use virtual ip address as gateway * hello 3 sec & holddown timer 10 sec * we can enable preempt manually (standby 1 preempt) 6) multicast at:224.0.0.2 (ver1), multicast at:224.0.0.102 (ver2). Both versions use udp port 1985 [...]

If there are multiple EIGRP and OSPF neighborship flap over the GRE tunnel what could be the problem and how would solve it?

If in the logging you are getting the error message %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing It means that GRE Router tunnel has found a recursive routing problem. The symptoms of this issue include the continous flapping of tunnel interface as well as EIGRP,OSPF & BGP neighbours when neighbours are over the GRE. [...]

What are the types of BGP Routing table?

There are three types of BGP Routing tables: a) Adj-RIB-in b) Adj-RIB-out c) Loc-RIB Adj-RIB-in stores the unprocessed information received from its peers. Here the best path selection occurs as per BGP attributes and after conformation path is entered into the local bgp table i.e Loc-RIB. From the local RIB table it conform the next-hop [...]

In Nexus 7000 what is use of vPC auto recovery feature ?

-If there is a data center outage or power outage, both vPC peers consisting of Nexus 7000 Switches are down. Sometimes, only one of the peers can be restored. Since the other Nexus 7000 is still down, vPC peer-link as well as vPC peer-keepalive link are also down. In this scenario, vPC will not come [...]

How to configure GLBP?

Gateway Load Balancing Protocol (GLBP) provides redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first hop router failures, while allowing packet load sharing between a group of redundant routers. GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Each host is [...]

Suppose if you have two internet links if one gets down, how you will set up redundancy?

To check the connectivity we can use the IP SLA feature in Cisco IOS which will be constantly pinging the internet address as soon as the icmp check will fail it will change the priority of the route so the traffic will get out through the other link. First we create our IP SLA cinfig. [...]

What is VSS?

The Virtual Switching System (VSS) is a clustering technology that combines two Cisco Catalyst 4500 or 6500 Series into a single virtual switch. In a VSS, the data plane of both clustered switches is active at the same time in both chassis. VSS members are connected by virtual switch links (VSLs) using standard Gigabit or 10 Gigabit [...]

What is the difference in Route Distinguisher vs Route Target?

Route Distinguisher We know VRFs allow IP address space to be reused among isolated routing domains. For example, assume you have to connect to three customer sites, all of which are using 192.168.10.0/24 as their local network. We can assign each customer its own VRF so that the overlapping networks are kept isolated from one [...]

Useful BGP commands on Cisco Routers

When BGP is not behaving correctly, a “trick” to temporarily stop peering with a neighbor is to use the following command: router bgp 194 neighbor<ipaddress> password xxx Since the other router doesn’t have the same password, the two routers will stop talking to one another, without you having to do anything else. Later, when the [...]

How to use the embedded wireshark in Cisco 3850 switches to capture the traffic

On the 3850 switches has embedded wireshark that can be used to packet capture during the troubleshooting this negate the need of SPAN to capture the traffic. -Define your source monitor capture mycap interface GigabitEthernet1/0/1 both -Set your match statement monitor capture mycap access-list myacl monitor capture mycap match ipv4 any any -Set your destination [...]

What are the modes in which interfaces on Palo Alto can be configured?

When configuring the Ethernet ports on your firewall, you can choose from virtual wire, Layer 2, or Layer 3 interface deployments. In addition, to allow you to integrate into a variety of network segments, you can configure different types of interfaces on different ports. The following sections provide basic information on each type of deployment. [...]

How to enable logging in Palo Alto Networks Firewall?

When it comes to live troubleshooting or to ensure certain traffic is either blocked or allowed one relies heavily on logs, Palo Alto Network Firewalls does provides very good logging options and fields. Its quite easy to read them and understands them. By default when some one creates any security policy Palo Alto Networks Firewall [...]

What does Virtual Wire interface in Palo Alto firewall used for?

We all know Palo Alto Network Firewalls offers quite flexibility deployment options, one can also deploy Palo Alto Networks in Virtual Wire or V-Wire mode. This is the beauty of Palo Alto Networks Firewalls , the flexibility it offers cannot be matched by some of the leading firewall vendors. Though other vendors offers the same [...]

What is BFD?

Bidirectional Forwarding Detection (BFD) provides a low-overhead, short-duration method of detecting failures in the forwarding path between two adjacent routers, including the interfaces, data links, and forwarding planes. BFD is a detection protocol that you enable at the interface and routing protocol levels. Cisco supports the BFD asynchronous mode, which depends on the sending of [...]

Can two different VTP Domain communicate with each other. If yes then how?

Two different VTP domains cannot exchange VLAN database information. In fact, splitting a switched network into more VTP domains is one of the few ways how to make one part of the network independent from another with respect to VTP. If two switches are supposed to synchronise their VLAN databases via VTP, they must be [...]

Palo Alto CLI cheat sheet

Device management: Show general system-health information –> show system info Show percent usage of disk partitions –> show system disk-space Show the maximum log file size –> show system logdb-quota Show running processes –> show system software status Show processes running in the management plane –> show system resources Show resource utilization in the dataplane –> show running resource-monitor Show the [...]

What is VDC’s in Nexus Switches?

Cisco Nexus 7000 Series switches can be segmented into virtual devices based on customer requirements. VDCs offer several benefits e.g. fault isolation, administration plane, separation of data traffic, and enhanced security. This logical separation provides the following benefits: Administrative and management separation Change and failure domain isolation from other VDCs Address, VLAN, VRF, and vPC isolation Each VDC acts as an [...]

What is the difference between F1 & F2 modules in Nexus 7000 Switch?

The F2 still provide all the built-in features of F1 line card. It actually take the operation further to provide better bandwidth. Currently, the F2 card will give wire-rate speed. This means that 48 port populated with 10G links will run in non-blocking architecture. Something new that was not possible in the older line cards, [...]

What is the difference between M1 & M2 module on Nexus 7000 series ?

The main difference is that the M1 cards will do major and all Layer 3 related features and operations. The M2 cards will give the data center the expansion to run 40G and 100G infrastructure. The initial series of line cards launched by cisco for Nexus 7000 series switches were M1 and F1. M1 series [...]

OSI layer in short with example

7. Application layer-Responsible for initiating or services the request. e.g SMTP, DNS, HTTP, and Telnet 6. Presentation layer-Formats the information so that it is understood by the receiving system e.g Compression and encryption depending on the implementation 5. Session layer– Responsible for establishing, managing, and terminating the session e.g NetBIOS 4. Transport layer-Breaks information into [...]

Important CLI commands for F5 LTM

TMOS commands run util bash -enable shell show sys self-ip -show self IP’s show ltm persistence persist-records -show persistence records list ltm node [node_address] -show node status modify ltm node [node_address] down -disable node modify ltm node [node_address] up -enable node modify net packet-filter all logging enabled -enable logging for all packet filters delete ltm [...]

How does an arp attack work?

we already know that the purpose of ARP requests in the network is to give the device an appropriate mapping of MAC address to IP address. So, How does an ARP attack works? ARP attack is done through ARP spoofing, where it is done by modifying the ARP tables which are small databases linking to [...]

Common switch chassis errors & troubleshooting

How Switch Chassis looks like? Voltage Failure Voltage Termination (VTT) module terminates signals on the Catalyst switching bus. There are three voltage regulators (VTT) in the backplane. If one VTT module fails, it is a minor alarm. If two fail, there is a major problem and the corrective action shuts down the system. Example Command [...]

Hardware terms

Bandwidth Bandwidth refers to the amount of information that can be transmitted over a network in a given amount of time, usually expressed in bits per second or bps Protocol Protocols are the set of rules / algorithm used to learn routes, so that network traffic can be passed from a source to the destination. [...]

VLAN, TRUNKING, VTP

Vlan trunking -Vlan divides the broadcast domain -In New switch, Default Vlan = Native Vlan = Vlan 1 -Native Vlan can be changed from Vlan 1 to Vlan10, 20 etc. -Vlan 1 cannot be deleted even after entering command -Vlan 1 carries critical traffic like CDP, VTP etc. -Access port carries traffic of only one [...]

What is asymmetric routing?

Asymmetric routing is when a packet takes one path to the destination and takes another path when returning to the source. For example, review the following diagram. Packets from A to B take one route and packets from B to A take another route. This is not a problem for regular TCP connections because [...]

How DHCP works?

The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on Internet Protocol (IP) networks. The DHCP protocol is controlled by a DHCP server that dynamically distributes network configuration parameters, such as IP addresses, for interfaces and services. A router or a residential gateway can be enabled to act as a DHCP server. [...]

What is UDLD?

Unidirectional Link Detection (UDLD) is a data link (layer 2) protocol from Cisco Systems to monitor the physical configuration of the cables and detect unidirectional links. UDLD allow two switches to verify if they can both send and receive data on a point-to-point connection.UDLD works with the Layer 1 (L1) mechanisms to determine the physical [...]

Spanning Tree Protocol interface states

This is what happens when you plug in a cable: Listening state: Only a root or designated port will move to the listening state. The alternate port will stay in the blocking state. In the listening state the switch tries to figure out what the topology looks like. No data transmission occurs at this state [...]

What is the difference between Forward proxy vs Reverse proxy?

A forward proxy is a proxy configured to handle requests for a group of clients under the local Administrators control to an unknown or arbitrary group of resources that are outside of their control. Usually the word “forward” is dropped and it is referred to simply as a proxy, this is the case in Microsoft’s [...]

What is metro ethernet?

A metropolitan-area Ethernet, Ethernet MAN, or metro Ethernet network is a metropolitan area network (MAN) that is based on Ethernet standards. It is commonly used to connect subscribers to a larger service network or the Internet. Businesses can also use metropolitan-area Ethernet to connect their own offices to each other. An Ethernet interface is much [...]

How HTTP protocol works?

HTTP functions as a request–response protocol in the client–server computing model. A web browser, for example, may be the client and an application running on a computer hosting a web site may be the server. The client submits an HTTP request message to the server. The server, which provides resources such as HTML files and [...]

How to enable multiple context in the Cisco ASA firewall

Cisco ASA firewall is possibly already configured for multiple security contexts dependent upon how you ordered it from Cisco, but if you are upgrading then you might need to convert from single mode to multiple mode. The context mode (single or multiple) is not stored in the configuration file, even though it does endure reboots. [...]

How to setup the internet access through the Cisco ASA firewall?

Basic Guidelines for setting Internet through the Cisco ASA firewall: At first we need to configure the interfaces on the firewall. !— Configure the outside interface. interface GigabitEthernet0/0 nameif outside security-level 0 ip address 10.165.200.226 255.255.255.224 !— Configure the inside interface. interface GigabitEthernet0/1 nameif inside security-level 100 ip address 10.1.1.1 255.255.255.0 The nameif command gives [...]

What are the NAT syntax changes in the Cisco ASA firewall

There are major nat syntax changes after the ASA firewall iOS version 8.3. Regular static NAT: In the pre 8.3- static (inside,outside) 192.168.100.100 10.1.1.6 net mask 255.255.255.255 In the version 8.3 and later- object network obj-10.1.1.6 host 10.1.1.6 nat (inside,outside) static 192.168.100.100 Regular static PAT: In the pre 8.3- static (inside,outside) tcp 192.168.100.100 80 10.1.1.16 [...]

What is ICMP?

ICMP is Internet Control Message Protocol, a network layer protocol of the TCP/IP suite used by hosts and gateways to send notification of datagram problems back to the sender. It uses the echo test / reply to test whether a destination is reachable and responding. It also handles both control and error messages.

How to modify SSH/HTTP/Telnet time out in Cisco ASA firewall?

By default tcp idle timeout is 1:0:0 hh:mm:ss. If in case you need to modify it you can do it by MPF (Modular Policy Framework). Let us setup a custom timeout when traffic is coming from particular host 10.77.241.129. !— Match the traffic using the access-list —! object-group service DM_INLINE_TCP_1 tcp port-object eq www port-object [...]

What are the important topologies for networks?

There are five topologies for networks 1. Ring Topology 2. Star Topology. 3. Bus Topology. 4. Mess Topology. 5. Hybrid Topology.