Cables between Networking Devices

• Router and Switch --> Straight Cable
• Switch and Switch --> Crossover Cable
• Router and Router --> Crossover Cable
• Switch and PC ---> Straight Cable

Thumbs Rule :

Similar devices --> Crossover Cable

Different devices ---> Straight Cable

CCNA Interview Questions and Answers

 CCNA Interview Questions and Answers 

Question 1 – Tell us something about OSI Model ?

❑ OSI stands for Open Systems Interconnection.

❑ It has been developed by ISO – ‘International Organization of Standardization‘, in the year 1984.

❑ It is a reference model and have  7 layer architecture with each layer having specific functionality to perform.

 

Question 2 – What are the 7 layers in OSI Model ? 

❑ Layer 1 - Physical Layer       

❑ Layer 2 - Data Link Layer 

❑ Layer 3 - Network Layer

❑ Layer 4 - Transport Layer 

❑ Layer 5 - Session Layer

❑ Layer 6 - Presentation Layer

❑ Layer 7 - Application Layer ❑Please Do Not Tell Sales People Anything

Question 3 –What is a IP Address?

❑Internet Protocol (IP Address) is a 32-bits to 128-bits identifier for a device on TCP/IP protocol. 

❑IP address of a device must be uniquely defined for communication. 

❑And it has two versions which are IPv4 (32-bits) and IPv6 (128-bits).

 

Question 4 – What are the difference between a hub, switch and a router ?

❑ A hub is a basic networking device that connects multiple devices in a LAN but operates at the physical layer (Layer 1).

❑ A switch is a more intelligent device that operates at the data link layer (Layer 2) and uses MAC addresses to forward frames to the appropriate ports.

❑ A router operates at the network layer (Layer 3) and connects different networks, making forwarding decisions based on IP addresses.

 

Question 5 – What is a RJ45 ?

❑RJ45 is the type of the connector used for Ethernet cables.

 

 

Question 6 – By using which command you can trace an IP address 10.1.1.1 on a Router ?

❑traceroute 10.1.1.1 

Question 7 –What is Routing and types of Routing ?

❑ Routing is a process of forwarding packets from one network to another network by selecting best path  & which is performed by a layer 3 i.e network layer devices.

❑ Types of Routing 

❑ 1) Default Routing 

❑ 2) Static Routing 

❑ 3) Dynamic Routing 

Question 8 – What is PING used for?

❑PING is packet Internet groper. 

❑It is used to test the Layer 3 i.e Network Layer reachability of a host on a network. 

 

 

Question 9 – What is the AD Value ?

❑ Administrative Distance AD Value defines the trustworthiness of a routing protocol. 

❑ i.e How reliable the route/s of the routing protocol are !  

❑ Range - <0 - 255>  

Question 10 – What is  AD Value of OSPF?

❑ 110 

AD Values 

❑ Connected interface - 0 

❑ Static route  - 1

❑ External BGP - 20 

❑ EIGRP - 90 

❑ OSPF - 110

❑ RIP - 120 

❑ Internal BGP - 200 

❑ Unknown - 255 (This route is not used)

 

Question 11 – What is the purpose of creating VLANS ?

❑ Broadcast control is the main purpose of creating vlans Other purpose of creating VLANs

❑ VLANs provides Network Security

❑ VLANs provides Segmention

❑ VLANs provides Flexibility - a user can easily move across the physical location and still remain in the same vlan

Question 12 – What is meant by Inter-Vlan Routing ?

❑ VLAN divides the broadcast domains so the hosts can communicate with the other hosts in the same vlan.

❑ When the hosts from one vlans wants to communicate with hosts in other vlan the traffic must be routed between them.

❑ This is known as Inter-Vlan Routing

❑ Inter-Vlan Routing can be achieve either by creating SVI or using Router-on Stick.

 

Question 13 – What is an Autonomous System ?

❑ An Autonomous System (AS) is a group of networks under a single administrative control.

❑ An AS can be Internet Service Provider (ISP) or a large Enterprise Organization.

❑ Each AS will have an ASN

❑ Autonomous System Number (ASN) - 16 bit binary number & we can represent (2^16) numbers, which is equal to 65536 in decimals.

❑ Range of ASN – 0 to 65535

❑ 0 , 65535 - Reserved

❑ 1 – 64511 - Internet Routing – ISP AS

❑ 64512 – 65534 Private Use - Private AS

Question 14 – What is the difference between TCP and UDP?

❑ TCP (Transmission Control Protocol) is a connection-oriented protocol that ensures reliable and ordered delivery of data.

❑ UDP (User Datagram Protocol) is a connectionless protocol that does not guarantee reliable delivery but offers faster transmission. 

❑ TCP is used for applications that require reliable data delivery, while UDP is suitable for real-time applications like streaming and gaming.

Question 15 – What is the purpose of ACLs (Access Control Lists) in networking?

❑ ACLs are used to control and filter traffic based on specified criteria, such as source or destination IP addresses, ports, or protocols.

 

Question 16 – Explain the concept of latency in networking  ?

❑ Latency is the time delay between the transmission of data from the source and its reception at the destination. 

Question 17 – What is ARP?

❑ Address Resolution Protocol (ARP) is a network protocol, which is used to map a network layer protocol address (IP Address) to a data link layer hardware address (MAC Address). 

❑ ARP basically resolves IP address to the corresponding MAC address.  

Question 18 – What is the metric in EIGRP?

❑ Composite Metric.

❑ It don’t consider single criteria to calculate the metric but uses number of criteria which includes Bandwidth , Load , Delay ,Reliability and MTU.

❑ The weightage of these criteria's is defined by something know as K values i.e. Metric Weight. 

❑ By default K values for Bandwidth and Delay are 1 . 

❑ Hence while calculating the metric only Bandwidth and Delay are considered.

Question 19 – What is the metric in OSPF?

❑ Metric is Cost.

❑ Cost depends upon Bandwidth of the link .

❑ Cost is Inversely proportional to the Bandwidth.

❑ Means Greater the Bandwidth less the cost and better the path.

❑ Cost = 100 / Bandwidth (in Mbps)

Question 20 – What is MTU (Maximum Transmission Unit) in a router ?

❑ The maximum transmission unit (MTU) of an interface tells router the largest IP packet that can be forwarded out on that interface. 

Question 21 – What is BGP?

❑Border Gateway Protocol is an Exterior Gateway Routing Protocol which runs between two or more Automous system.

❑ BGP is also known as Routing Protocol of Internet.

 

Question 22 –What is the role of a firewall in networking?

❑ A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a secure internal network and untrusted external networks.

 

Question 23– What is the purpose of DNS?

❑ DNS (Domain Name System) translates domain names into IP addresses, allowing users to access websites using human readable names instead of numerical IP addresses.

 

Question 24 – What are the port numbers used by Telnet and SSH?

❑ Telnet – 23

❑ SSH - 22

 

 

 

Best of Luck !!!!

 

NES

OSI 7 LAYERS

 The OSI (Open Systems Interconnection) model is a conceptual framework used to understand and describe how different networking protocols and technologies interact with each other. It consists of seven layers, each responsible for specific functions in data communication. These layers, from top to bottom, are:

1. **Application Layer (Layer 7):** This layer interacts with software applications that implement a communicating component. It provides services directly to user applications, enabling network services such as email, file transfer, and remote access.

2. **Presentation Layer (Layer 6):** The presentation layer is responsible for data translation, encryption, compression, and formatting. It ensures that data sent from the application layer of one system can be read by the application layer of another system.

3. **Session Layer (Layer 5):** The session layer establishes, manages, and terminates communication sessions between devices. It controls dialogues (connections) between computers, including synchronization and checkpointing.

4. **Transport Layer (Layer 4):** This layer manages end-to-end communication, ensuring that data packets are delivered error-free, in sequence, and without loss or duplication. It also handles flow control and error checking.

5. **Network Layer (Layer 3):** The network layer is responsible for logical addressing and routing, determining the best path for data to travel from the source to the destination across multiple networks. It deals with IP addresses and performs routing of packets.

6. **Data Link Layer (Layer 2):** This layer provides node-to-node data transfer, framing, error detection, and flow control across a physical link. It ensures that data transmitted between adjacent network nodes is error-free and manages access to the physical media.

7. **Physical Layer (Layer 1):** The physical layer deals with the physical connection between devices. It specifies the hardware requirements for transmitting data on a network, including cables, switches, connectors, and network interface cards (NICs).

Each layer has its own specific functions and protocols that help facilitate communication between different devices across a network. The OSI model serves as a reference point for understanding and designing network systems, allowing different network technologies to work together effectively.

DMVPN

DMVPN (Dynamic Multipoint VPN) is a technique used to build scalable and secure VPNs over the internet or any untrusted network. 

Multicast support within DMVPN is achieved through the use of GRE (Generic Routing Encapsulation) tunnels and protocols like NHRP (Next Hop Resolution Protocol) for dynamic discovery of tunnel endpoints.

Enabling multicast over DMVPN involves additional configurations to support multicast traffic. 

Typically, protocols like PIM (Protocol Independent Multicast) Sparse Mode or Dense Mode are used for multicast routing over the DMVPN network. 

These protocols help in the distribution of multicast traffic efficiently among the tunnel endpoints.

To implement DMVPN with multicast support, you'd typically configure your devices to support multicast routing (using PIM), set up the GRE tunnels between sites, and ensure NHRP is properly functioning to manage the mapping between tunnel IP addresses and physical addresses.

Each site's router participating in the DMVPN network needs to be configured to support multicast routing and have the necessary configurations to ensure that multicast traffic can traverse the tunnels between sites.

To set up DMVPN with multicast support, here are the high-level steps and configuration components:

1. **Basic DMVPN Configuration:**

   - Configure the basic DMVPN setup using GRE tunnels and NHRP for dynamic discovery of tunnel endpoints.

   - Set up the hub and spoke topology, designating a hub router and connecting spoke routers.

2. **Enable Multicast Routing Protocol:**

   - Decide on a multicast routing protocol (PIM Sparse Mode or Dense Mode).

   - Enable multicast routing on the routers:

     - For PIM Sparse Mode:

       - Configure the router to support PIM on the interfaces connected to the DMVPN tunnels.

       - Designate a rendezvous point (RP) for the multicast group.

       - Enable sparse-mode on the tunnel interfaces.

     - For PIM Dense Mode:

       - Enable dense-mode on the tunnel interfaces.

   

3. **Tunnel Configuration:**

   - Ensure that the GRE tunnels support multicast traffic by configuring them appropriately.

   - Assign tunnel source and destination addresses.

   - Enable multicast-specific parameters on the tunnel interfaces, depending on the chosen multicast routing protocol.

4. **NHRP Configuration:**

   - Verify and ensure that NHRP is properly configured to resolve tunnel endpoint mappings.

Here's an example configuration snippet for PIM Sparse Mode on a Cisco router for multicast support over DMVPN:

```markdown

interface Tunnel0

 ip address 192.168.1.1 255.255.255.0

 ip pim sparse-mode

interface Tunnel1

 ip address 192.168.2.1 255.255.255.0

 ip pim sparse-mode

interface <outgoing interface>

 ip pim sparse-mode

ip multicast-routing

ip pim rp-address <RP address>

```

Replace `<outgoing interface>` with the appropriate interface connected to the DMVPN network and `<RP address>` with the actual address of the rendezvous point.

This configuration assumes two tunnels (Tunnel0 and Tunnel1) and enables PIM sparse-mode on those interfaces and the outgoing interface towards the DMVPN network.

Understanding Default , Static and Floating Static Routing

1) Default Routing:

Default routing is a method used by routers to forward packets when there is no specific route entry in the routing table for the destination network. Instead of dropping the packet, the router forwards it based on a pre-defined default route. This route is often referred to as the "gateway of last resort" or "default gateway".

For example, if a router receives a packet for a network it doesn't have a specific route for, it will use the default route to send the packet to another router or gateway that has a better understanding of where to send it next.

Default routes are useful in cases where a router doesn't have specific knowledge of all possible networks but knows at least one router that does.

2) Static Routing:

Static routing involves manually configuring the routes in a router's routing table. These routes are configured by a network administrator.

With static routing, the routes don't change unless a network administrator makes changes to them. It's a simple and efficient method for small networks where the network topology doesn't change frequently.

Static routing is less flexible than dynamic routing protocols (like OSPF, EIGRP, BGP, etc.) because it doesn't adapt to changes in the network automatically. It's typically used in scenarios where the network is relatively stable.

3)Floating Static Routing:

Floating static routing is a technique used to provide a backup or secondary route in case the primary route  becomes unavailable.

It involves configuring a static route with a higher administrative distance so that it is less preferred than other routes in the routing table. If the primary route fails, the floating static route becomes active.

This is commonly used as a backup solution in case the primary connection to a network goes down. 

In summary, default routing is used when no specific route is available, static routing involves manually configuring routes, and floating static routing provides a backup route in case the primary route fails. Each of these techniques has its own use cases and benefits depending on the network environment and requirements.

 

Port Security

+ Port Security is a important feature in Switches.

+ Network Admin is responsible for protecting switchports from unauthorized access.

+ Security Breach happens when someone try to connect there own devices/laptops to office internal switch. 

+So how to protect Internal Network Switchports from unauthorized access, rather what is that thing which would helps Network Admin to achieve Switchport Security. 

  THE ANSWER IS " MAC -ADDRESS"

+ Yes , on basis of MAC Address Network Admin can restrict / allow workstations to access the internal network of the organization.

What all things can a Network Admin control using Port Security - 

+ Limit Max Mac Addresses allowed on the switchport. 

Default value is 1

+ Configure the  MAC address to be allowed on the switchport- 

this can be done Static or  Dynamic (Sticky) 

Static - Means Network Admin define by own which MAC address to be allowed on the switchport.

Dynamic (Sticky) - Dynamic MAC address is learned on the switchport is recorded and that MAC address/es are not only allowed on the switchport.

+ Configure Violation Mode - 

1) Protect - Ignore Unknow mac addresses. DROP 

2) Restrict - DROP + Trap | Also increase the violation counter

3) Shutdown - Err Disable + Trap | Also increase the violation counter 

SHUTDOWN IS DEFAULT AND MOST AGGRESSIVE 

WHERE TO APPLY SWITCHPORT SECURITY ? 

ON TRUNK OR ACCESS --> THE ANSWER IS ACCESS. 

Because on trunk port there is more multiple mac address, so there is no point of allowing or restricting any MAC Address on such port.

LAB 

+ 2 MAC addresses are learned on the interface fa0/1

Switch#sh mac address-table interfaces fa0/1

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

1 0001.c937.98b3 STATIC Fa0/1

1 0002.4ad4.3045 STATIC Fa0/1

+ Default Port Security setting on an switchport

Possible options for Port Security - 

Switch(config)#int fa0/1

Switch(config-if)#switchport mode access

Switch(config-if)#switchport port-security 

Switch(config-if)#switchport port-security ?

aging Port-security aging commands

mac-address Secure mac address

maximum Max secure addresses

violation Security violation mode

<cr>

Switch(config-if)#switchport port-security maximum 2

So now lets violate by adding one more PC on the HUB

Once PC5 is connected the interface fa0/1 of the switch gets into error-dis

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

Switch>show interfaces fa0/1

FastEthernet0/1 is down, line protocol is down (err-disabled)

Hardware is Lance, address is 000a.f313.9701 (bia 000a.f313.9701)

BW 100000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Half-duplex, 100Mb/s

input flow-control is off, output flow-control is off

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:08, output 00:00:05, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue :0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

956 packets input, 193351 bytes, 0 no buffer

Received 956 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 watchdog, 0 multicast, 0 pause input

0 input packets with dribble condition detected

2357 packets output, 263570 bytes, 0 underruns

So the violation has happened !

To recovery let disconnect PC5 and perform shut & no shut on interface fa0/1

Switch(config)#int fa0/1

Switch(config-if)#shut

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

Switch(config-if)#no shut

Switch(config-if)#

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Switch(config-if)#^Z

Switch#

===========

Let see the configuring port-security using static mac address.

Switch#show mac address-table interfaces fa0/2

Mac Address Table

-------------------------------------------

Vlan Mac Address        Type           Ports

----         ----------- -             ------- -----

1    00d0.bc4b.05ad   DYNAMIC  Fa0/2

Switch(config)#int fa0/2

Switch(config-if)#switchport mode access

Switch(config-if)#switchport port-security mac-address 00d0.bc4b.05ad 

Switch#show port-security interface fa0/2

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 1

Sticky MAC Addresses : 0

Last Source Address:Vlan : 0000.0000.0000:0

Security Violation Count : 0

Switch#

Now lets disconnect PC1 and connect PC5 on int fa0/2

The interface gets down. 

Switch#

%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down

Now lets recover and change the volitation to protect 

<omitted the steps to recover>

We can see the traffic from PC1 is following 

C:\>ping 10.1.1.3

Pinging 10.1.1.3 with 32 bytes of data:

Reply from 10.1.1.3: bytes=32 time=1ms TTL=128

Reply from 10.1.1.3: bytes=32 time<1ms TTL=128

Switch(config)#int fa0/2

Switch(config-if)#switchport port-security violation restrict 

Now lets disconnect PC1 from port fa0/2 and connect PC5 for volitation . 

The interface fa0/2 is up but the traffic is dropping 

C:\>ping 10.1.1.3

Pinging 10.1.1.3 with 32 bytes of data:

Request timed out.

Request timed out.

Ping statistics for 10.1.1.3:

Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),

Control-C

^C

+Also the Security Violation Count  increased from 0 to 3 

Switch#show port-security interface fa0/2

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Restrict

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 1

Sticky MAC Addresses : 0

Last Source Address:Vlan : 000C.CFA0.731E:1

Security Violation Count : 3

Lets change the volition to Protect

Switch(config-if)#switchport port-security violation protect 

Now lets disconnect PC1 from port fa0/2 and connect PC5 for volitation . 

Traffic drop is observed 

C:\>ping 10.1.1.3

Pinging 10.1.1.3 with 32 bytes of data:

Request timed out.

Ping statistics for 10.1.1.3:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Switch#show port-security interface fa0/2

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Protect

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 1

Sticky MAC Addresses : 0

Last Source Address:Vlan : 000C.CFA0.731E:1

Security Violation Count : 0

Thanks for Reading!!!

NETWORK ENGINEER STUFF

 

CISCO DISCOVERY PROTOCOL (CDP)

CISCO DISCOVERY PROTOCOL (CDP)

+Layer 2 Protocol

+Cisco Properitary Protocol

+Used by Cisco Devices to discover other connected Cisco devices

+CDP Sends advertisements to directly connected devices

+BY DEFAULT ==> CDP IS ENABLED

+ CDP is enabled by default

PUNE_ROUTER>show cdp

Global CDP information:

Sending CDP packets every 60 seconds

Sending a holdtime value of 180 seconds

Sending CDPv2 advertisements is enabled

+ CDP Neighbor Output 

PUNE_ROUTER#show cdp neighbors 

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID    Local Intrfce   Holdtme    Capability   Platform    Port ID

PUNE_LAN_SW  Gig 0/0/0        152            S       2960        Fas 0/1

CHENNAI_ROUTER

             Ser 0/1/0        150            R       ISR4300     Ser 0/1/1

+ CDP Interfaces

PUNE_ROUTER#show cdp interface

Vlan1 is administratively down, line protocol is down

Sending CDP packets every 60 seconds

Holdtime is 180 seconds

GigabitEthernet0/0/0 is up, line protocol is up

Sending CDP packets every 60 seconds

Holdtime is 180 seconds

GigabitEthernet0/0/1 is administratively down, line protocol is down

Sending CDP packets every 60 seconds

Holdtime is 180 seconds

GigabitEthernet0/0/2 is administratively down, line protocol is down

Sending CDP packets every 60 seconds

Holdtime is 180 seconds

Serial0/1/0 is up, line protocol is up

Sending CDP packets every 60 seconds

Holdtime is 180 seconds

Serial0/1/1 is administratively down, line protocol is down

Sending CDP packets every 60 seconds

Holdtime is 180 seconds

PUNE_ROUTER#

+ CDP Disabled Globally

PUNE_ROUTER(config)#no cdp run

PUNE_ROUTER(config)#do wr

Building configuration...

[OK]

PUNE_ROUTER(config)#do show cdp

% CDP is not enabled

PUNE_ROUTER(config)#

+ CDP Disabled on an interface

PUNE_ROUTER(config)#int serial 0/1/0

PUNE_ROUTER(config-if)#no cdp enable 

Thanks for Reading 

NETWORK ENGINEER STUFF