zanny sandy – Page 3 – Network Interview QnA

Cisco ASA troubleshooting commands

AAA debug radius debug tacacs show aaa-server protocol PROTOCOL_NAME test aaa-server Access Control Lists show access-list show run | include ACCESS_LIST_NAME show run object-group show run time-range Application Inspection show conn state STATE_TYPE detail show service-policy Configuring Interfaces show firewall show int show int ip brief show ip show mode show nameif show run interface [...]

OSPF Neighbourship conditions

What is the use of default route?

In computer networking, the default route is a setting on a computer that defines the packet forwarding rule to use when no specific route can be determined for a given Internet Protocol (IP) destination address. All packets for destinations not established in the routing table are sent via the default route. The default route generally [...]

SNMP

Simple Network Management Protocol (SNMP) is an application–layer protocol defined by the Internet Architecture Board (IAB) in RFC1157 for exchanging management information between network devices. It is a part of Transmission Control Protocol⁄Internet Protocol (TCP⁄IP) protocol suite. SNMP is one of the widely accepted protocols to manage and monitor network elements. Most of the professional–grade [...]

How ARP works?

ARP stands for Address Resolution Protocol. When you try to ping an IP address on your local network, say 192.168.1.1, your system has to turn the IP address 192.168.1.1 into a MAC address. This involves using ARP to resolve the address, hence its name. Systems keep an ARP look-up table where they store information about [...]

How Load balancer works?

A load balancer is a device that acts as a reverse proxy and distributes network or application traffic across a number of servers. Load balancers are used to increase capacity (concurrent users) and reliability of applications. They improve the overall performance of applications by decreasing the burden on servers associated with managing and maintaining application and [...]

TCP- Three way handshake

The Three-way handshake begins with the initiator sending a TCP segment with the SYN control bit flag set. TCP allows one side to establish a connection. The other side may either accept the connection or refuse it. If we consider this from application layer point of view, the side that is establishing the connection is [...]

SPAN

The SPAN feature, which is sometimes called port mirroring or port monitoring, selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe device or other Remote Monitoring (RMON) probe.

How to troubleshoot access issues in Cisco ASA?

Using packet-tracer it is possible to trace the lifespan of a packet through the security appliance to see if it is behaving as expected. packet-tracer input [src_int] protocol src_addr src_port dest_addr dest_port [detailed] [xml] The packet-tracer command lets you do the following: -Debug all packet drops in production network. -Verify the configuration is working as [...]

How to configure Site-to-Site VPN on Cisco ASA?

Access-Lists Add the ACLs which we will need to NAT, the encryption domain and the group policy. access-list Example_Policy_ACL extended permit tcp object-group Local_LAN object-group Remote_LAN eq 80 access-list Example_Policy_ACL extended deny ip any any access-list Example_VPN_ACL permit ip object-group Local_LAN object-group Remote_LAN Group Policy Create your group policy which will restrict traffic between hosts [...]

How to troubleshoot if OSPF neighbors are stuck in the two-way state

When Open Shortest Path First (OSPF) is enabled on a router or when a router configured for OSPF is powered up, it tries to discover its OSPF neighbors and synchronize its database with them. Routers are said to be OSPF neighbors when they see their router ID in the received hello packet and the status [...]

What is PBR and How to configure it?

Introduction: Policy-Based Routing (PBR) provides a method to forward packets by overriding the information available in the IP routing table. By using PBR, customers can implement policies that selectively cause packets to take different paths. Traditional IP routing forwards packets based only on the destination IP address in the packet. PBR can be configured to [...]

How packet flow in Palo Alto Firewall?

Basic: Initial Packet Processing —-> Security Pre-Policy —-> Application —-> Security Policy —-> Post Policy Processing Advance: Initial Packet Processing —-> Source Zone/Source Address —-> Forward Lookup —-> Destination Zone/Destination Address —-> NAT policy evaluated Security Pre-Policy —-> Check Allowed Ports —-> Session Created Application —-> Check for Encrypted Traffic —-> Decryption Policy —-> Application Override Policy —-> Application ID [...]

How packet flows in Checkpoint firewall?

Checkpoint process the packet in the ingress and the egress using two CHAINS. Basic: -Physical layer – ingress interface -Data Link Layer/Ethernet -Inspect Driver [inspect Engine] -Network Layer/IP Routing -Inspect Driver -Data Link Layer/Ethernet -Physical layer – egress interface Advance: 1. NIC hardware -The network card receives electrical signalling from the link partner. 2. NIC [...]

What are basic steps in configuring SSL VPN on checkpoint firewall?

When you enable the SSL VPN blade in Checkpoint firewall: You are automatically given a 30 day trial license for 10 users. Start the SSL VPN Wizard: -Configure your firewall access rules to permit SSL VPN traffic. The actual rules needed depend on your configuration. -A rule allowing HTTPS (TCP/443) traffic is automatically added to [...]

How to configure QoS on Cisco ASA firewall

There are three steps for configuring the QoS on Cisco ASA firewall 1.Identify the traffic or define the traffic classes. To identify the traffic first create a new access-list to match the traffic. Once access-list is created call it in the class-map ciscoasa(config)#access-list qos extended permit tcp any any eq 25 ciscoasa(config)#class-map qos ciscoasa(config-cmap)#match access-list [...]

How configuration rollback feature works in Nexus Switches

The rollback feature allows you to take a snapshot, or user checkpoint, of the Cisco NX-OS configuration and then reapply that configuration to your device at any point without having to reload the device. This checkpoint can be extremely useful when a new change is being tested and want immediate return to an original/stable configuration [...]

Can two different VTP Domain communicate with each other. If yes then how

Two different VTP domains cannot exchange VLAN database information. In fact, splitting a switched network into more VTP domains is one of the few ways how to make one part of the network independent from another with respect to VTP. If two switches are supposed to synchronise their VLAN databases via VTP, they must be [...]

Cisco ASA firewall common troubleshooting commands part 1

Check the system status myfirewall/pri/act# show firewall Firewall mode: Router myfirewall/pri/act# show version Cisco Adaptive Security Appliance Software Version 9.1(1) Device Manager Version 7.1(1)52 Compiled on Wed 28-Nov-12 10:38 by builders System image file is “disk0:/asa911-k8.bin” Config file at boot was “startup-config” myfirewall up 218 days 1 hour failover cluster up 5 years 10 days [...]

Palo Alto-CLI cheat sheet

Device management: Show general system-health information –> show system info Show percent usage of disk partitions –> show system disk-space Show the maximum log file size –> show system logdb-quota Show running processes –> show system software status Show processes running in the management plane –> show system resources Show resource utilization in the dataplane [...]

Checkpoint firewall common commands part 3

For administration and configuration tasks: cpconfig -Menu based configuration tool. Options depend on the installed products and modules. sysconfig -Start SPLAT OS and Check Point product configuration tool. cp_conf admin add <user> <pass> <perm> -Add admin user with password pass and permissions perm where w is read/write access and r is read only. Note:permission w [...]

Checkpoint firewall common commands part 2

For basic firewall informaton gathering: fgate stat-Status and statistics of Flood-Gate-1. fwaccel <stat|stats|conns> – View status, statistics or connection table of SecureXL. fw getifs-Show list of configured interfaces with IP and netmask. cpstat <app_flag> [-f flavour] -View OS, HW and CP application status. Issue cpstat without any options to see all possible application flags <app_flag> and [...]

Checkpoint firewall common commands part1

For starting or stopping firewall services cpstop-Stop all Check Point services except cprid . You can also stop specific services by issuing an option with cpstop. For instance cpstop FW1 stops FW-1/VPN-1 or use cpstop WebAccess to stop WebAccess. cpstart-Start all Check Point services except cprid . cpstart works with the same options as cpstop [...]

common Switch troubleshooting commands

For CPU related issues: Show process cpu sorted Show process cpu history Show platform port-asic stats drop Show controllers cpu-interface Debug platform cpu-queues Show plat for ip For memory issues Show memory statistics Show process memory sorted Show buffers For link issues Show interface status | inc connected Test cable-diagnostics tdr interface <> Show cable-diagnostic [...]

What needs to be done if changes in BGP are not taking effect

Routing policies for a peer include all the configurations such as route-map, distribute-list, prefix-list, & filter-list that may impact inbound or outbound routing table updates. Whenever there is a change in the routing policy, the BGP session must be cleared, or reset, for the new policy to take effect. There are two types of reset, [...]

IPSEC

IPsec consist of several protocols IPsec modes Configuration on Cisco Routers/Firewall Encryption Algorithms Hashing Algorithems IKE Phases Terminilogy Troubleshooting

Etherchannel

There are three types of Etherchannels negotiation mechanism PAgP (Port Aggregation Protocol)- Cisco’s proprietary negotiation protocol LACP (Link Aggregation Protocol) – Standards-based negotiation protocol Static Persistence (“On”) – No negotiation protocol is used There are two types of Etherchannels 1) Layer2 2) Layer3 1) Layer2 Etherchannels: Switch1(config)# interface range gigabitethernet0/1 -4 Switch1(config-if-range)# switchport access [...]

EIGRP

Protocol Header Formula Configuration Attributes