Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
46 Cards in this Set
- Front
- Back
What are some of the options on how to connect a branch office to an enterprise office? |
|
|
Leased Lines, Frame-relay, MPLS, VPNs, and Metro Ethernet all have one thing in common. What is it? |
They are all private |
|
What is a way to connect branch offices using public connections |
DSL and Cable modems |
|
What is the main difference between public and private connections? |
When we use public connections we need to think more about security. |
|
If we are using IPv4 what do we need to configure to make sure our devices can reach the internet? |
NAT |
|
If you have a single router connected to the enterprise network via a router what are some things you should configure? |
|
|
What does the Cisco ISR stand for? |
Integrated Services Router |
|
What does the Cisco ISR do ?
|
routers offer more than just routing; you can have a
built-in switch IOS Firewall IPSEC VPN Wireless VoIP all in a single box |
|
With a medium size branch what kind of connection would you use? |
Private |
|
What are some things to consider when setting up a medium size branch office? |
NOTE: Larger branch offices have more redundacy |
|
What does broadband mean today. |
It is used for any high speed Internet Access
|
|
Ethernet does not offer __________________. |
Authentication |
|
What do Broadband ISP's often use to offer authentication? |
PPPOE
PPP over Ethernet |
|
What are some forms of PPP Authentication? |
NOTE: These are used to identify the customer and use accounting to log statistics |
|
What do DSL ISP's use for authentication?
|
PPPoA
PPP over ATM |
|
If you get a dynamic public IP address and you configure DHCP, what protocols need to be configured? |
It will require NAT in combination with PAT to make sure that our hosts can access the Internet. |
|
What are some security options to protect a branch router form the outside world?
|
(Reflexive) Access-List
IOS Firewall |
|
What is (Reflexive) Access-List? |
This is really the "poor man's" firewall to protect your router.
NOTE: A reflexive access-list can be used to drop all traffic from the Internet unless it originated from the inside. |
|
What is an IOS Firewall? |
Cisco ISR routers are able to use Context Based Access Control (CBAC), XBF (Zone Based Firewall) and even IPS feature (Intrusion Prevention System) |
|
To stop from having to change the firewall rules in your network every time you get a new dynamic address what can you do? |
Use Tunneling between the branch router and the enterprise network. |
|
If you use a tunnel between the branch and enterprise packet how does it send the IP packet? |
|
|
When the VPN server receives and IP packet sent through tunneling. What happens? |
|
|
What is IPSEC?
|
It is a framework that defines what we exactly do with the tunnel.
EXAMPLE: We can choose between 3DES or AES for encyption, pre-shared key or certificates and more. |
|
With a simple setup the router has 2 decisions to make what are they? |
|
|
When you have medium to large branch offices what are the two options when it comes to routing? |
|
|
When we use IGP and we run into the problem IPSEC doesn't support multicast traffic what is the solution? |
We can use GRE (Generic Routing Encapsulation) tunnel that runs over the IPSEC tunnel |
|
How does GRE support multicasts |
Generic Routing Encapsulation
By encapsulating it in unicast packets so that's how we can tunnel IGP's |
|
Name 4 features of GRE? |
|
|
How does GRE act like a layer 3 point-to-point protocol? |
Generic Routing Encapsulation
You can configure IP addresses on the tunnel interface. |
|
What can GRE tunnels be encrypted with? |
Generic Routing Encapsulation
IPSEC to make secure tunnels |
|
When we configure a GRE tunnel we will have two layer 3 paths that the router can choose from: |
|
|
If a Branch has a GRE tunnel and a Leased line configured what do Network Engineers often choose as their primary. |
Leased Line is Primary
GRE as the backup |
|
What does it mean to implement a floating static route? |
If the leased line fails the routing information from the IGP will be removed from the routing table and the static routing will be inserted. |
|
What is a telco local loop? |
Used in DSL
This is the phone line between the customer site and the phone company facility.
NOTE: It uses the same phone line as what we have been using for analog phones. |
|
Analog phones use the frequency |
below 4000Hz |
|
The digital signal for DSL uses the frequency |
above 4000 Hz |
|
How does the telephone company separate voice and DSL? |
DSLAM
Digital Subscriber Line Access Multiplexor |
|
How does a DSLAM work? |
It will split the analog single to a voice switch that handles voice and the digital signal to the router. |
|
What is ATM? |
Asynchronous Transfer Mode
This is an older protocol that controls the physical data link layer when using DSL. |
|
Why would you use PPP over ATM? |
Chap Authentication |
|
Where does the ATM PVC run? |
It runs between the DSL modem and the ISP router
NOTE: This PVC is similar to Frame-relay |
|
What is the difference between ATM PVC and Frame-relay PVC? |
Frame-relay uses DLCI to identify the PVC and ATM uses something similar called VPI/VCI
Virtual Path Identified/Virtual Connection Identifier |
|
What are the 5 things that must happen to configure DSL? |
|
|
In DSL what command tells the dialer interface that when it wants to setup a connection, it has to use a member interface of the "dialer pool"? |
"dialer pool" command |
|
Are VPI/VCI the same numbers everytime? |
No, you must contact your service provider to find out these values? |
|
What is the final step to activate a crypto map? |
You must apply it to the interface. |