Upgrade to remove ads
Chapter 7 -Tshoot
Terms in this set (68)
BGP is _______ based application
Before BGP neighbor relationship occurs, they must complete a ___________________
TCP three-way handshake
If the isn't a 3-way handshake there will be no BGP relationship what could be the issue ?
no ip connectivity or tcp port 179 being blocked
What does BGP open message include ?
Router ID, ASN, Hold time, and BGP version
BGP neighbors only exchange hello messages unless there is a change; in that case, they send update
(reachable and unreachable)
messages to each other.
The neighbor relationship between two BGP routers can be in one of the following states what are they ?
The router is searching the IP routing table to find a path to
reach the neighbor.
The router is still tying (up to 16 retries) to complete a TCP three-way handshake
The router found a route to the neighbor and has completed the TCP three-way handshake.
After completion of the TCP three-way handshake, the BGP open was message sent to the neighbor.
The router received an open message from the neighbor who has agreed to the parameters for establishing a BGP session
peering is established; update and hello message will follow
Use the _____________________ command to display the state of all BGP
show ip bgp summary
Verify the existence of the IP route to the neighbor's address with the _____________________-command.
show ip route
Discover additional information with the ____________________-command.
show ip bgp neighbor
Verify the the BGP configuration with the command ______________________
show run | section router bgp
Use the _______________ command options to obtain more information and
clues about the problem.
debug ip bgp
___________________--- displays the state transitions for peers.
debug ip bgp events
What are port security violation mode
Port Security - Protect
Drops packets with unknown source addresses until you
remove a sufficient number of secure MAC addresses to drop below the maximum value
Port Security - Restrict
Drops packets with unknown source addresses until you
remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the security violation counter to
Port Security - Shutdown
Puts the interface into the error-disabled state immediately and sends an SNMP trap notification
If the ___________________ command does not reveal a specific MAC address (that you expect) in the MAC address table, most likely the switch is blocking all the frames from that source
show mac address-table
Verify the interface status with the ___________________ command. The access interface connecting the host to the network must be in up/up state.
show interface status
You can see on which interfaces port security is actually applied, what kind of violation mode is set for each interface, and check all the relevant counters what command is used
Verify the status of all the relevant interfaces with the _________ command. The interface must be in the up/up state.
This command enables you to verify which VLANs exist and to view port-to-VLAN mapping. Trunks are not listed because they do not belong to any particular VLAN.
The native VLAN is used to carry_________________________
untagged traffic across an 802.1Q trunk.
The default native VLAN is set to VLAN ___ , but can be changed on each trunk interface.
_____________________monitors the native VLANs and displays a notification if a mismatch is detected. Mismatch messages are displayed every minute and they look like the following: • %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/25 (100), with sw1 GigabitEthernet1/0/25 (300).
Cisco Discovery Protocol (CDP)
Check the IP connectivity to the neighbor with the ping command. Ping the IP address of the neighbor and multicast IP address _______________, which is the destination address for Hello messages
Check the OSPF status on the interface with the __________________________ command. The command reveals all the interfaces where OSPF is enabled also active OSPF interfaces should display a remaining time to the next Hello message
show ip ospf interface
Verify that the router ID of the routers is not the same. If the router receives a Hello packet with the same router ID, the router will ignore this Hello packet. Use the ____________ command to verify the OSPF router ID.
show ip ospf
By default, all protocols are enabled on the vty lines. You can limit the protocols by using the transport input command. To check the enabled protocols, you can use the_____________ command.
You should check the running configuration to find out the AAA mechanisms that are used. The _______________ and the _________commands are also useful for troubleshooting RADIUS and TACACS+ protocols.
To check all the connections to the vty lines, use the show line command. To clear some of the vty lines, use the_____________ command
Make sure that the correct SSH version and _________ are configured.
Error in HSRP group configuration leads to the _____________ problem
duplicate IP address
HSRP virtual IP addresses are configured differently, you will receive _________________
appropriate log messages
Incorrect configuration of the HSRP authentication is also informed through _____________
You can solve most of the HSRP configuration problems by checking the output of the ________________ command.
show standby output, you can view the _______________________
active IP and the MAC address, timers, the active router, and several other parameters.
HSRP messages are sent to multicast IP address _________ and UDP port ____________ in Version ___
HSRP messages are sent to multicast IP address _________ and UDP port 1985 in Version 2
Incorrect routing information can be sourced from
Illegitimate devices participating in the process
Legitimate devices sourcing incorrect information
Manual neighbor configuration and neighbor authentication help avoidance of _____________
OSPF Authentication can be enabled for the whole OSPF area, or on an_________________
interface by-interface basis
Cisco EIGRP makes use of a ___________ for authentication.
To exclude segments from routing information exchange, in the router configuration mode make use of the ___________ command.
You can also issue the ____________________ command and treat all the interfaces that are configured to participate in the routing process as passive
Interfaces that are supposed to exchange routing information should be explicitly configured to do so using the ______________ command
Use the______________ command to get a concise overview of the VRRP groups and their basic parameters
show vrrp brief
Use the ___________________ command to view VRRP groups on a specific interface
show vrrp interface
Use the ________________ command to display debugging messages for VRRP errors, events, and state transitions.
debug vrrp all
Use the debug vrrp authentication , debug vrrp error , and debug vrrp state commands to see debug messages specifically related to ___________________________________________________
MD5 authentication, error conditions, and status transitions.
Use the _______________ and _______________commands to view summaryinformation about the sent and the received packets and VRRP events
debug vrrp packets
debug vrrp events
You can configure the switch interface using one of the following three channel-establishment options:
PAgp -- cisco (Desirable-desirable and desirable-passive)
LACP -- Standard-based (Active-active and active-passive)
DHCP snooping is a ______________ that acts like a firewall between untrusted hosts and trusted DHCP servers.
Layer 2 security feature
The primary function of the DHCP snooping is to prevent _____________ in the network.
rogue DHCP servers
With DHCP snooping enabled, the switch also builds a DHCP snooping _____________
Which statement correctly describes the "protect" violation mode?
a. The interface is error-disabled when a security violation occurs.
b. A security violation sends a trap to the network management station.
c. Drops packets with unknown source addresses or when maximum number of MAC addresses is reached.
d. The interface clears all dynamic MAC addresses when a security violation occurs.
Specify the BGP neighbor state (Connect, Open Confirm, Idle, Active) for each of the listed descriptions.
a. Router is trying to build the TCP three-way handshake with its counterpart. _____
b. Router is searching its forwarding table for a path to reach its counterpart. _____
c. Router found a route to its counterpart and has completed the TCP three-way handshake. _____
d. Router received agreement on the parameters for establishing a BGP session. _____
A -- Active
B -- IDEL
C -- Connect
D -- Open confirm
3. In what state will the OSPF neighbor relationship be stuck in the following cases?
a. Neighbor is manually configured, and an ACL is blocking OSPF packets. _____
b. OSPF authentication discrepancy exists between two routers. _____
c. Hello parameters are mismatched. _____
d. There is an MTU mismatch between the routers. _____
A-- No neighbor
B-- Exstart/exchange state
C-- Down state
D-- Init State
In the output of the show ip ssh command, what does version 1.99 indicate?
a. Only SSHv1 is enabled.
b. Only SSHv2 is enabled, but the key size is 512 bits.
c. SSHv2 is enabled, but the server also supports SSHv1 for backward compatibility.
d. The Cisco proprietary SSH version is enabled.
Which multicast address must be allowed in the inbound access list when using HSRP? (Choose two.)
a. 220.127.116.11 when using HSRPv1
b. 18.104.22.168 when using HSRPv1
c. 22.214.171.124 when using HSRPv2
d. 126.96.36.199 when using HSRPv2
A and B
Two routers, R1 and R2, are configured as part of VRRP group 1. They are incorrectly configured with different virtual addresses. R1's virtual IP address is configured as 10.0.1.1. R2's virtual address is configured as 10.0.1.2. What MAC address will each router send in response to an ARP request for its configured virtual IP address?
a. R1 = 0000.5e00.0101, R2 = 0000.5e00.0102
b. R1 = 0000.5e00.0101, R2 = 0000.5e00.0101
c. Its own MAC address
d. R1 = its own MAC address, R2 = 0000.5e00.0101
Review the following partial output of the DHCP snooping configuration. Which of the DHCP messages are allowed on the interface Fast Ethernet 0/2? (Choose two.)
a. DHCP DISCOVER
b. DHCP OFFER
c. DHCP REQUEST
d. DHCP ACK
A and C
Which of the following commands enables you to apply an ACL to vty lines?
a. ip access-group
d. ip access-class
YOU MIGHT ALSO LIKE...
ICND1 Chapter 10
CCNA Practice 3 (Ch 6-8)
Do I Know This Already Chapter 10
CCENT Show Commands
OTHER SETS BY THIS CREATOR
Ethics in IT First Study Guide
Test 3 Geology
OTHER QUIZLET SETS
A&P Test 2 Study Guide
MolGen Module 4 Exam
CVP Exam 2