Cheat Sheet? 3

[lerdalt]

I consider this my cheat sheet, but its more like my own braindump for when I've been sitting for the cisco exams. Got a couple of Mnemonic devices to help remember some of the items:

OSPF:
Start,Init,2-way,Exstart,Exchange,Full

LSA1 = network
LSA2 = router
LSA3 = summary abr
LSA4 = summary asbr
LSA5 = external asbr

ISIS:
clns route = L2 information
isis route = L1 information

BGP:
Women Laugh At Me = Weight, Local Preference, AS-Path, MED

message types = open, keepalive, update, notification

EIGRP:
Bob Doesn't Really Like Me = Bandwidth, Delay, Reliability, Load, MTU
How Queer Randy Usually Acts = Hello, Query, Reply, Update, Acknowledgement

Spanning-tree:
Disabled, Blocking, Listening, Learning, Forwarding
Rapid Spanning-Tree:
Discarding, Learning, Forwarding

HSRP:
Initial, Learn, Listen, Speak, Standby, Active

Troubleshooting Steps:
Gather (analyze, ownership, scope, determine, document)
Isolate
Correct

I also will right down a hex to binary to decimal conversion chart as soon as I run into a question that requires it, as well as a chart I have for helping with subnetting.

 

[helpdeskdan]

Well Lerdalt, you probably won't run into a question that requires complex subnetting. I'm almost positive you won't run into one that requires hex! Nevertheless, good cheap sheat!

 

[gwildfire]

Nice sheet

This is mine, but its mainly for telephone interviews in case of a moment of blankness; the formatting is messed up but paste in into word size 6 font and it fits on 3 A4s

OSPF
Type 1 - Router LSA - the router lists the links to other routers or networks in the same area, together with the metric.
Type 2 - Network LSA - the designated router on a broadcast segment (e.g. Ethernet) lists which routers are joined together by the segment.
Type 3 - Summary LSA - an Area Border Router (ABR) takes information it has learned on one of its attached areas and summarizes it before sending it out on other areas it is connected to..
Type 4 - ASBR-Summary LSA - this is needed because Type 5 External LSAs are flooded to all areas and the detailed next-hop information may not be available in those other areas.
Type 5 - External LSA - these LSAs contain information imported into OSPF from other routing processes.
Type 6 - Group Membership LSA - this was defined for Multicast extensions to OSPF (MOSPF), a multicast routing protocol which is not in general use.
Type 7 - Routers in a Not-so-stubby-area (NSSA) do not receive external LSAs from Area Border Routers, but are allowed to send external routing information for redistribution..
Type 8 - a link-local only LSA for the IPv6 version of OSPF, which is known as OSPFv3. A type 8 LSA is used to give information about link-local addresses and a list of IPv6 addresses on the link.
Type 9 - a link-local "opaque" LSA (defined by RFC2370) in OSPFv2 and the Inter-Area-Prefix LSA in OSPFv3.
Type 10 - an area-local "opaque" LSA as defined by RFC2370.
Type 11 - an "opaque" LSA defined by RFC2370, which is flooded everywhere except stub areas.
Dijkstra's algorithm is used to calculate the shortest path tree. It uses cost as its routing metric
stub area is an area which does not receive external routes
totally stubby area does not allow summary routes in addition to the external routes
not-so-stubby area (NSSA) is a type of stub area that can import autonomous system

Enhanced Interior Gateway Routing Protocol (EIGRP)
Delay Bandwidth Reliability Load MTU (though not actually used in the calculation)
Bandwidth for EIGRP = (10000000/Bandwidth)
A successor (or next hop) is a primary route that is used to reach a destination
A feasible successor(FS) is a backup route

BGP neighbors, or peers, are established by manual configuration between routers to create a TCP session on port 179
iBGP routes have an administrative distance of 200
BGP (EBGP Exterior Border Gateway Protocol), and it has an administrative distance of 20
BGP router that routes IBGP traffic is called a transit router. Routers that sit on the boundary of an AS and that use EBGP to exchange information with the ISP are border or edge routers
all routers within a single AS and participating in BGP routing must be configured in a full mesh: each router must be configured as peer to every other router
Route reflectors reduce the number of connections required in an AS
Confederations are used in very large networks where a large AS can be configured to encompass smaller more manageable internal Ass
"damping" is built into many BGP implementations in an attempt to mitigate the effects of route flapping
A network black hole can occur in BGP intentionally or through mis-configuration. Intentional black holing of routes through BGP is a technique to discard traffic silently across an ASN. The mis-configuration is commonly due to ASN's with incomplete routing tables.
Ibgp = 200 AD Ebgp = 20 AD
Path selection 1. Weight 2. Local Pref 3. Local path 4. AS_Path 5.Local Origionated Route 6. MED 7. Ebgp over IBGP 8. Lowest IGP metric 9 . multipath 10. Oldest

1. Prefer the path with the highest WEIGHT.
2. Prefer the path with the highest LOCAL_PREF.
Note: A path without LOCAL_PREF is considered to have had the value set with the bgp default local-preference command, or to have a value of 100 by default.
3. Prefer the path that was locally originated via a network or aggregate BGP subcommand or through redistribution from an IGP.
4. Prefer the path with the shortest AS_PATH.
5. Prefer the path with the lowest origin type.
Note: IGP is lower than Exterior Gateway Protocol (EGP), and EGP is lower than INCOMPLETE.
6. Prefer the path with the lowest multi-exit discriminator (MED).
7. Prefer eBGP over iBGP paths.
8. Prefer the path with the lowest IGP metric to the BGP next hop.
9. Determine if multiple paths require installation in the routing table for BGP Multipath.
10. When both paths are external, prefer the path that was received first (the oldest one).
The local preference attribute is used to prefer an exit point from the local autonomous system (AS).
MED) or metric attribute is used as a suggestion to an external AS regarding the preferred route into the AS
The FSM consists of six states - Idle, Connect, Active, OpenSent, OpenConfirm, and Established
Hot Standby Routing Protocol (HSRP) is a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway
HSRP sends its hello messages to the multicast address 224.0.0.2 (all routers) using UDP port 1985
Shares mac and IP
Uses Standby Groups
Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol that attempts to overcome the limitations of existing redundant router protocols by adding basic load balancing functionality. In addition to being able to set priorities on different gateway routers, GLBP also allows a weighting parameter to be set. Based on this weighting (compared to others in the same virtual router group), ARP requests will be answered with MAC addresses pointing to different routers. Thus, load balancing is not based on traffic load, but rather on the number of hosts that will use each gateway router
The spanning tree network protocol provides a loop free topology for any bridged LAN
STP is used in switched networks to prevent loops, and has been standardised by IEEE 802.1D. As the
• Elect a root bridge.
• Find least cost (measured as hopcount) paths to root bridge.
• Disable links that are not part of those paths
• Listening - The switch processes BPDUs and determines the network topology
• Learning - The switch builds a switching table that maps MAC addresses to port numbers
• Blocking - A port that would cause a switching loop, no user data is sent or received but it may go into forwarding mode if the trunk link in use were to fail. BPDU data is still sent and received in blocking mode
• Forwarding - A port receiving and sending data, normal operation
• Disabled - Not strictly part of STP, a network administrator can manually disable a port
IP Multicast is a method of forwarding IP datagrams to a group of interested receivers
Uses IGMP to request to join a group
Multicast Mac 01:00:5e
The Internet Group Management Protocol is a communications protocol used to manage the membership of Internet Protocol multicast groups
Protocol-Independent Multicast (PIM) is a family of multicast routing protocols that can provide one-to-many and many-to-many distribution of data over the Internet
• PIM Sparse Mode (PIM-SM) explicitly builds unidirectional shared trees rooted at a Rendezvous Point (RP) per group, and optionally creates shortest-path trees per source. PIM-SM generally scales fairly well for wide-area usage. see experimental rfc 2362
• PIM Dense Mode (PIM-DM) implicitly builds shortest-path trees by flooding multicast traffic domain wide, and then pruning back branches of the tree where no receivers are present.
VTP stands for VLAN Trunking Protocol, a protocol used for configuring and administering VLANs on Cisco network devices.
VTP operates on Cisco switches in one of three modes:
• Client.
• Server.
• Transparent.
VTP also maintains a map of VLANs and switches, enabling traffic to be directed only to those switches known to have ports on the intended VLAN
QOS
Early work used the "IntServ" philosophy of reserving network resources. In this model, applications used the Resource Reservation Protocol (RSVP) to request and reserve resources through a network. While IntServ mechanisms do work, it was realized that in a broadband network typical of a larger service provider, Core routers would be required to accept, maintain, and tear down thousands or possibly tens of thousands of reservations. It was believed that this approach would not scale with the growth of the Internet, and in any event was antithetical to the notion of designing networks so that Core routers do little more than simply switch packets at the highest possible rates.
The second and currently accepted approach is "DiffServ" or differentiated services. In the DiffServ model, packets are marked according to the type of service they need. In response to these markings, routers and switches use various queuing strategies to tailor performance to requirements. (At the IP layer, differentiated services code point (DSCP) markings use the 6 bits in the IP packet header. At the MAC layer, VLAN IEEE 802.1q and IEEE 802.1D can be used to carry essentially the same information)
Routers supporting DiffServ use multiple queues for packets awaiting transmission from bandwidth constrained (e.g., wide area) interfaces. Router vendors provide different capabilities for configuring this behavior, to include the number of queues supported, the relative priorities of queues, and bandwidth reserved for each queue
• queuing
o fair-queuing
o first in first out (FIFO)
o weighted round robin, WRR
o class based weighted fair queuing
o weighted fair queuing
• buffer tuning
• congestion avoidance
o RED, WRED - Lessens the possibility of port queue buffer tail-drops and this lowers the likelihood of TCP global synchronization
• policing and Traffic shaping
SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use, only the server is authenticated (i.e. its identity is ensured) while the client remains unauthenticated; mutual authentication requires public key infrastructure (PKI) deployment to clients. The protocols allow client/server applications to communicate in a way designed to prevent eavesdropping, tampering, and message forgery.
SSL involves three basic phases:
1. Peer negotiation for algorithm support
2. Public key encryption-based key exchange and certificate-based authentication
3. Symmetric cipher-based traffic encryption
During the first phase, the client and server negotiation uses cryptographic algorithms. Current implementations support the following choices:
• for public-key cryptography: RSA, Diffie-Hellman, DSA or Fortezza;
• for symmetric ciphers: RC2, RC4, IDEA, DES, Triple DES or AES;
• for one-way hash functions: MD5 or SHA.
IPsec (IP security) is a standardized framework for securing Internet Protocol (IP) communications by encrypting and/or authenticating each IP packet in data stream.
There are two modes of IPsec operation: transport mode and tunnel mode.
In transport mode only the payload (message) of the IP packet is encrypted. It is fully-routable since the IP header is sent as plain text; however, it can not cross NAT interfaces, as this will invalidate its hash value. Transport mode is used for host-to-host communications over a LAN.
In tunnel mode, the entire IP packet is encrypted. It must then be encapsulated into a new IP packet for routing to work. Tunnel mode is used for network-to-network communications (secure tunnels between routers) or host-to-network and host-to-host communications over the Internet.
IPsec is implemented by a set of cryptographic protocols for (1) securing packet flows and (2) Internet key exchange. Of the former, there are two:
• Authentication Header (AH),
which provides authentication, payload (message) and IP header integrity and with some cryptography algorithm also non-repudiation , but does not offer confidentiality; and
• Encapsulating Security Payload (ESP),
which provides data confidentiality, payload (message) integrity and with some cryptography algorithm also authentication.
In some countries message encryption is prohibited by law and ESP protocol can not be used. In this case AH provides entire IPsec functionality (without confidentiality).
Originally AH was only used for integrity and ESP was used only for encryption; authentication functionality was added subsequently to ESP. Currently only one key exchange protocol is defined, the IKE (Internet Key Exchange) protocol.
IPsec protocols operate at the network layer, layer 3 of the OSI model. Other Internet security protocols in widespread use, such as SSL and TLS, operate from the transport layer up (OSI layers 4 - 7). This makes IPsec more flexible, as it can be used for protecting both TCP and UDP-based protocols, but increases its complexity and processing overhead, as it cannot rely on TCP (layer 4 OSI model) to manage reliability and fragmentation.
Frame-Relay
Committed Information Rate (CIR)
Frames that are sent in excess of the CIR are marked as "discard eligible" (DE)
Committed Burst Size (BC). The maximum number of information units transmittable during the interval T.
Excess Burst Size (BE). The maximum number of uncommitted information units (in bits) that the network will attempt to carry during the interval


Visit

http://www.Cisco-Engineer.com

for free Cisco rack access.

CCNA, CCDA, CCNP, CCDP, CCIE R&S (Written), Net+, MCP, NCTS

 

[helpdeskdan]

Very good! Too many LSA types - know 1-5 and 7. Ignore the rest - Cisco doesn't support them. (According to the exams - actually, I DID see a cisco article on Opaque LSA's) Remember, your brain is a sponge - cram too much in it, and you'll start loosing stuff. Unless you're really bright, like gwildfire, you ONLY want to study what will be on the test.

Also, multicast Mac is exactly that plus 1 bit which I believe is set to 1. You can't computer the addr without it. But, I'm not sure if they are evil enough to actually ask you to compute a mac addr on the test!

Again, good guide.

 

[gwildfire]

Yeah, no need to know the post 7 LSA's, although I did get asked about them in a recent telephone interview, hence I added them, also the multicast mac I was asked too!

Dan, I have added some of your bits to my own, hope you dont mind.

Cisco does now support the higher LSA's but only in OSPFv3 and only in 12.4(10) advanced enterprise and beyond.

Visit

http://www.Cisco-Engineer.com

for free Cisco rack access.

CCNA, CCDA, CCNP, CCDP, CCIE R&S (Written), Net+, MCP, NCTS

 

[helpdeskdan]

Don't need to know 6 LSA either - and I don't mind at all that you are using some of my info, go right ahead! I had a devil of a time finding the correct material to study for these tests.