CCNP Switching Exam Notes: Troubleshooting, Security, And Quality Of Service Using Cisco Routers.
26.0 The process of joining a Multicast group is same in both IGMP v1 and IGMP v2. However, IGMP leave was added in IGMP version 2. The command 'show ip igmp interface' displays whether IGMP is enabled on the interface, IGMP version, CGMP status among other things.
The frame format for IGMP version 1 and version 2 are different.
27.0 The following are the Cisco recommended security measures for controlling access to a campus network:
1. Access Layer: This is the layer at which users log into the network and access network resources. The recommended security measures at Access Layer are:
1.1 Controlling physical access to network devices (This applies to all layers),
1.2 Port security, also known as 'MAC address lockdown' is Cisco feature that enables the switch to prevent input from a port when the MAC address of a station trying to access the port is different from the configured MAC address for that port.
1.3 Passwords: A properly managed network should have login and password for each network device. There are several ways of accessing Cisco devices such as Console, vty, TFTP servers etc. Each of these should have properly defined passwords to control access to the network.
2. Distribution Layer: The security at distribution layer is implemented by using Access Policies. These in turn make use of Access Control Lists. There are two types of IP access lists:
In addition to security, Distribution layer is responsible for sending only the data that need to reach the Core Layer. This not only achieves security, but also makes sure that Core Layer is not burdened with unnecessary traffic. This is achieved by applying Access Control Lists.
Core Layer Security: Core layer is responsible for transmitting data efficiently. For this reason, Cisco recommends that there is little or no policy at Core layer.
True, Cisco recommends that management VLAN (VLAN 1) be moved to another VLAN. Another way to handle the problem is to disable the ports that are not being used, and secure physical access to the networking devices.
Cisco switches can be managed out-of-band or In-band. Examples of Out-of-band management are:
1. Console 0
2. Auxiliary 0
Examples of in-band management are;
1. TFTP servers
2. Network management software like CiscoWorks,
3. Virtual terminal (vty) ports.
Ping command can be used to test the connectivity to remote hosts. The command for pinging the remote host 184.108.40.206 is:
Switch# ping 220.127.116.11
A ping command may result in one of the following responses:
1. Success rate is 100 percent ( Every time a probe is sent, response is received.)
2. Destination does not respond
3. Unknown host
4. Destination unreachable
5. Network or host unreachable.
When troubleshooting, the ping command is useful to test the connectivity to the Multicast group members. A Multicast ping command pings all members of the group, and all members respond.
The line configuration command
time-out <value in seconds>
is used to specify how long the management console remains logged in but inactive. Once time-out occurs, the console requires a new login.
The value in seconds can be from 30 to 65500 seconds. A value of 0 is the default and the console session never expires.
30.0 Quality of Service:
There are 3 basic types of QoS:
1. Best effort delivery
2. Integrated Services Model
3. Differentiated Services Model
1. Best Effort Delivery: The best effort delivery method does not distinguish between a priority traffic and a non-priority traffic. The packets are forwarded in the order that they arrive. However, the routers or switches put their best effort to forward the packets that are received.
2. Integrated Services (IntServ) Model: The protocol that does scheduling and reserving adequate path bandwidth (end-to-end bandwidth) for application is know as Resource Reservation Protocol (RSVP). The source application requests QoS parameters through RSVP from the network devices along the route to destination. The minimum set of commonly agreed parameters is arrived at, and the source is informed of the same. RSVP enables traffic prioritization according to a pre-determined set of rules.
3. Differentiated Services Model (DiffServ): In the DiffServ model, the resources are dynamically arranged. The advantage over IntServ model is that the bandwidth utilization is more efficient in DiffServ. With IntServ, QoS is applied on a per-flow basis, whereas it is applied on a per-hop basis on DiffServ.