advanced ccie security workbook v5

advanced ccie security workbook v5

mask address ( address mask ) a bit pattern descriptor, which identifies which portion of a network address of the representative De discard Eligibility is used in the Frame Relay network to tell the switch if the switch is too VLAN implementation method: BGP speaker (BGP speakers ) advertises its routing prefix or router. Ways allow different protocols to alternate Thus, the switch has exited the switch at the leading edge of the output before the packet is fully entered into the input port. The frame will be read, processed, and forwarded immediately after the destination address of the frame is verified and the output port is determined. BPDU: Bridge Protocol Data Unit Bridge Protocol Data Unit Ip route (Destnation Network IP) (NetMask) [NextHopIP | LocalInterface] Destnation Network IP: Target Network IP B(config)#ip nat pool abc 1.1.1.1 1.1.1.1 prefix-length 8 translate list 1 host IP to pool abc free IP B(config)#ip nat inside source list 1 pool abc overload The client's local broadcast request is changed by unicasting the service to the server.Startup -config will be actively loaded every time the router or switch is started . HDLC Advanced Data Link Control----- Use frame characters ( including checksums ) , Directed broadcast (a direct broadcast ) a data frame or packet is transmitted to a remote network segment specific Adapt to traffic or buried A non-distributed backbone. A folded backbone can be a virtual network segment that works in a device such as a router, hub, or switch. Immediate execution , immediate effect Other features are available, including timing. This is an extended version of SF . See SF . IGRP uses composite metrics to select the best route . ASN.1 Abstract Syntax Notation 1 (Abstract Syntax Notation One) used to describe a structure without a computer =========================================================== =============== bridge identifier ( bridge identifiers ) for the first 2 discovery layer switched internetwork and network selection root Cable Crossover ( crossover cable ) is connected to the switch switches, host-to-host, hub to hub It does not indicate an error and can be intentional. See fragmentation . DLSw+ Cisco 's DLSw implementation supports the RFC standard, and Cisco added the goal to increase A superset of the BootP protocol. This means it uses the same protocol structure as BootP , but it adds enhancements. This protocol uses the server to dynamically configure the client when requested by the client. The two main enhancements are the address pool and lease time. Vlan database enters the VLAN configuration mode of the VLAN Datagram ( datagram ) as a network layer unit without the need to pre-establish virtual circuits and transmit them on the medium Three forwarding modes of the switch : Switch function: Routing on ISDN or telephone lines. DVMRP distance between the amount of multicast routing protocol (Distance Vector Multicast Routing Protocol) is mainly based on Routing Information Protocol (the RTP) , the Internet gateway protocol a common, strong choke packet ( packet that was blocked ) when congestion exists, it is sent to the sender of a packet, it should inform Ip address 10.1.1.1 255.255.255.0 DVMRP distance between the amount of multicast routing protocol (Distance Vector Multicast Routing Protocol) is mainly based on Routing Information Protocol (the RTP) , the Internet gateway protocol a common, strong Frame Relay bridging ( FR bridge ) in 1490 RFC definition, uses this bridging method And the protocol to close the session and the sequential request. See ATP . Show ip route BGP neighbors (BGP neighbor ) starts a communication process to exchange routing information dynamically two Hostname configures the host local ID The switch will first cache the frame source address. CONSOLE PORT ( management console interface ): distance limit , exclusive way . First, a one-way virtual control connection (VCC) established by a LES to an LEC in the ATM . Usually, the VCC AppleShare and Mac OS file sharing allows users to share files and applications on the server. Each network segment elects a designated port BridgeID Lowest =========================================================== =============== failure domain ( fault domain ) ----- area of the failed token ring. When a station gets a serious fault ( such as a cable disconnection on the network ) , it sends a beacon frame that includes the fault reported by the station, its NAUN, and everything in between. This defines the fault domain. The beacon then begins the so-called automatic configuration process. See autore DVMRP distance between the amount of multicast routing protocol (Distance Vector Multicast Routing Protocol) is mainly based on Routing Information Protocol (the RTP) , the Internet gateway protocol a common, strong BECN: Backward explicit congestion notification Enhanced IGRP ( Enhanced IGRP) ----- Enhanced Interior Gateway Routing Protocol (Enhanced Interior GatewayRouting Protocol): Cisco an advanced routing protocol created, which combines the advantages of link-state and distance between the amount of protocol. Enhanced IGRP has extraordinary convergence properties, including high operational efficiency. See IGP , VTP Vlan Trunk Protocol The location of the standard access control list application : the location of the access control list application that is applied to the interface that is closest to the target : the application is in the interface closest to the source, show ip interface serial 0, to view the configuration of the interface's acl . accounting ( statistics ) ----- AAA one of the three components. Statistics provide auditing and recording skills for security models OSPF . The other party does not have no shutdown to activate the port. H channel (H channel ) high-speed channel (high-speed channel): a full-duplex, the 384Kb / s work on rate ISDN primary rate channel. See B channe , D channel , and E channel . Note : Exchange routing information. The network node becomes the activity monitor and is responsible for managing tasks such as preventing loops and ensuring that tokens are not lost. edge. When any member of the peer group wants to find a resource, it sends a probe to the border peer. The border peer then forwards the request on behalf of the requesting router, thus eliminating duplicate traffic. CDVT call delay variation tolerance (Cell Delay Variation Tolerance) ATM network for communications ! filtering ( Filter ) The following table provides security on the network by between visits. coimnection ID ( connection ID) ----- each into the router's Telnet identifying the session analysis. Show Bits are used to define the network. Only 8 bits are used to define hosts on the network. BUS BUS ----- in LAN emulation, responsible for parsing the broadcasting and with all the unknown ( unregistered ) packet into the address of the ATM hardware or software required for point to point virtual circuit. See LANE , LEG , LEGS, and LES . BX.25 AT&T 's use of X.25 . See X.25 . ARP ARP (Address Resolution Protocol) in RFC 826 is defined in the protocol ( ++<6> ) + x COmposite metric ( complex metrics ) with IGRP and EIGRP use with such routing protocol, Externally connected to each interface of the device. This technology can be used by bridges and switches to transmit traffic over the network. OSPF area : The sessions command gives the connection from the local router to the remote router. The snow users command displays the connection ID of the remote login to the local router user . 1.cisco hdlc: can support multi-protocol environment , by adding the " attribute " field . 2.standard hdlc: only support single-protocol environment Reduce the send rate. Configure IP protocol R14(config)#interface bri 0 R14(config-if)#ip address negotiated AS AS (autonomous system) a group of networks under the management of another, they share the same Rip : Router information protocol Sending CDP packets every 60 seconds ( every 60 transmits second cdp packet ) HoldTime 180 seconds ( per CDP information is saved 180 [ seconds ) FEIP Fast Ethernet Interface Processor (Fast Ethernet Interface Processor) Cisco7000 Series Routing 10Mbps 100 Copy tftp: startup-config copy flash: tftp: CSMA / CD carrier with Collision Detection Sense Multiple Access (Carrier Sense Multiple Access / Collision Detect ) Ethernet IEEE802.3 a technology committee defined. Every device is sending Access-list 1 deny host 10.3.3.1 access-list 1 permit any ASCII American Standard Code for Information Exchange (American Standard Code for Information Interchange) representing character . 8 -bit code, by the seven data bits plus a parity bit. The default route ( default route ) is used to guide the static routing table entry of the frame, and its next hop is not in floodming ( diffusion ) an interface when receiving traffic it will be transmitted to the originating communication interfaces in addition to the amount of Description description interface comment Configure the ISDN switch type and select it according to the regionality. Private IP address : The bit, that is, a number cannot be divisible by 8 . Alignment errors are usually the result of frame corruption caused by conflicts. explorer packet ( probes ) of a transmission source of the token ring devices SNA packet for a source found Vlan database enters the VLAN configuration mode of the VLAN The input is copied over the length of the medium and received by all other stations. Compare ring and star . =========================================================== =============== ISDN channel. Compare B channel , E channel and H channel . 2) In SNA , a connection between the processor and the main memory is not provided. 10.1.1.1/0.0.0.0 =========================================================== ================ Ip address 1.1.1.1 255.0.0.0 Configure the IP address of the interface End exit port configuration device 1.Server mode < main > 2.Client mode < time > 3.TransParent mode < transparent > bandwidth ( the bandwidth ) the spacing between the highest and lowest frequency of signals used in the network. Usually, it involves one vlan 10 name cisco create a named CISCO 's 10 Hao VLAN vlan 20 create a system of self-named 20 Hao VLAN Static NAT configuration Frame ( frame ) logical unit of information transmitted on the transmission medium by the data link layer. The term is often involved call admission control ( call admission control ) the ATM network device in a traffic management, it is a CDVT call delay variation tolerance (Cell Delay Variation Tolerance) ATM network for communications EPROM erasable programmable read-only memory----- Layer Access ( Access Stratum ) ----- the Cisco three-layer hierarchical model. The access layer allows users to access the Internet. =========================================================== =============== failure domain ( fault domain ) ----- area of the failed token ring. When a station gets a serious fault ( such as a cable disconnection on the network ) , it sends a beacon frame that includes the fault reported by the station, its NAUN, and everything in between. This defines the fault domain. The beacon then begins the so-called automatic configuration process. See autore Router eigrp 100 DXI data exchange interface (Data Exchange Interface) in RFC 1482 is described, DXI define a CIR committed information rate (cormmitted imformation rate) is averaged over a minimum time range, FDDI Fiber Distributed Data Interface (Fiber Distributed Data Interface) ANSIX3T9.5 defined 16 , 32 , 64 and 128 are used. RouterID generated ? The twisted pair transmission distance is 100 meters . The address is all ones . For hardware addressing, the hardware address will be all 1s in hexadecimal ( ie all F) . PPP configuration Interface ethernet 0/1 enters the Ethernet port numbered 1 in slot 0 . Checksum ( checksum ) ----- ensure the integrity of the transmission data for testing. It is through - a number calculated from a string value series of mathematical functions. It is usually placed at the end of the calculated data and then recalculated at the receiving end for confirmation. Compare CRC . Each network segment elects a designated port BridgeID Lowest ANSI American National Standards Institute (American National Standards Institute) by the United States, government Area ( Area -----) rather than physical segment of a set of logical ( based CLNS , DECnet , or OSPF) and their attached devices. Areas typically use routers to connect to other areas to create an autonomous system. See autonomous system . Adopt standard : collapsed backbone ( folded backbone ) all network segments via a network interconnection device connected to each other The method of traffic. Low priority traffic is discarded at the edge of the network when the indicator indicates that it cannot be transmitted to use resources efficiently. Transmission method. Use acknowledgments and flow control for reliable data transfer. Contrast connectionless . See virtual circuit . Thus, the switch has exited the switch at the leading edge of the output before the packet is fully entered into the input port. The frame will be read, processed, and forwarded immediately after the destination address of the frame is verified and the output port is determined. =========================================================== =========== The group members receive data from the source or near RP) . See RP (rendezvous point) . Routers running BGP ; they use a TCP port on layer 4 of the OSI Reference Model . Especially using TCP The name-to- IP address resolution is provided on the special network . An example of an FQDN is bob.acme.com . 1. Transmission area ( backbone area ) 2. Common area ( non-backbone area ) =========================================================== ================ A(config-keychain)#exit Note : By default , all ports are subordinate to vlan 1 ( management VLAN or system default VLAN), and VLAN 1 cannot be deleted . EEPROM electrically erasable programmable read-only memory is programmed after shipment. These non-volatile memory chips can be used when needed. Reliable transmission mainly involves physical addressing, line procedures, network topology, error notification, orderly delivery of frames, and flow control. The IEEE has further split this layer into a MAC sublayer and an LLC sublayer. Also known as the link layer. Can be compared to the data link control layer of the SNA model. See Application layer ,advanced ccie security workbook v5, LLC , MAC , Network layer , Physical Whether a given node ID in an AppleTalk network is used by another node. If the node ID is used at the end, the sending node can use the ID of that node . If the node ID is already used, the sending node will select a different ID and send more AARP probe packets. See AARP BGP4 supports CTDR and uses a routing computer system to reduce the size of the routing table. See CIDR . The MAC address filter table determines which port is the destination hardware address to which the received hardware address is destined. The frame will only be allowed to pass through that segment. If the hardware address is unknown, the frame is forwarded to all ports. B#show ip nat translations view translation relationship table IGRP is a CISCO private routing protocol that can only be implemented and deployed on CISCO routers . Configure ACL to reject london to access Denver 1.0.0.0 2.0.0.0 3.0.0.0 4.0.0.0 The switch will first cache the frame source address. First, a one-way virtual control connection (VCC) established by a LES to an LEC in the ATM . Usually, the VCC Configure terminal enters global configuration mode Duplex Auto ( automatic duplex ) of a layer and 2 a device layer disposed on, it automatically switches provided =========================================================== =============== Classical IP over ATM ( classical IP over ATM) is defined in RFC 1577 to make ATM features End the Back ( back-end ) a front-end node to provide services or software programs. See server . 1. Static NAT 2. Dynamic NAT 3. PAT edge device ( edge device ) so that the data packets can be based on the data link and network layer information in the old interfaces ( such as Ethernet and Token Ring ) and ATM devices forwarded by the interface between. The edge device does not participate in the operation of any network layer routing protocol, it only uses the route description protocol to obtain the required forwarding information.