26.0 The process of joining a Multicast group is same
in both IGMP v1 and IGMP v2. However, IGMP leave was added in IGMP
version 2. The command 'show ip igmp interface' displays whether
IGMP is enabled on the interface, IGMP version, CGMP status among
other things.
The frame format for IGMP version 1 and version
2 are different.
27.0 The following are the Cisco recommended security
measures for controlling access to a campus network:
1. Access
Layer: This is the layer at which users log into the network and
access network resources. The recommended security measures at Access
Layer are:
1.1 Controlling physical access to network devices
(This applies to all layers),
1.2 Port security, also known as
'MAC address lockdown' is Cisco feature that enables the switch
to prevent input from a port when the MAC address of a station trying
to access the port is different from the configured MAC address
for that port.
1.3 Passwords: A properly managed network should
have login and password for each network device. There are several
ways of accessing Cisco devices such as Console, vty, TFTP servers
etc. Each of these should have properly defined passwords to control
access to the network.
2. Distribution Layer: The security at
distribution layer is implemented by using Access Policies. These
in turn make use of Access Control Lists. There are two types of
IP access lists:
2.1 Standard
2.2 Extended
In addition
to security, Distribution layer is responsible for sending only
the data that need to reach the Core Layer. This not only achieves
security, but also makes sure that Core Layer is not burdened with
unnecessary traffic. This is achieved by applying Access Control
Lists.
Core Layer Security: Core layer is responsible
for transmitting data efficiently. For this reason, Cisco recommends
that there is little or no policy at Core layer.
True, Cisco recommends that management VLAN (VLAN 1) be moved to another VLAN. Another way to handle the problem is to disable the ports that are not being used, and secure physical access to the networking devices.
Cisco switches can be managed out-of-band or In-band. Examples
of Out-of-band management are:
1. Console 0
2. Auxiliary 0
Examples of in-band management are;
1. TFTP servers
2. Network
management software like CiscoWorks,
3. Virtual terminal (vty)
ports.
28.0 Troubleshooting:
Ping command can be used to test the connectivity to remote hosts.
The command for pinging the remote host 192.34.36.2 is:
Switch#
ping 192.34.36.2
A ping command may result in one of the following
responses:
1. Success rate is 100 percent ( Every time a probe
is sent, response is received.)
2. Destination does not respond
3. Unknown host
4. Destination unreachable
5. Network or host
unreachable.
When troubleshooting, the ping command is useful to test the connectivity to the Multicast group members. A Multicast ping command pings all members of the group, and all members respond.
29.0 Security:
The line configuration command
time-out <value in
seconds>
is used to specify how long the management console remains
logged in but inactive. Once time-out occurs, the console requires
a new login.
time
The value in seconds can be from 30 to 65500
seconds. A value of 0 is the default and the console session never
expires.
30.0 Quality of Service:
There are 3 basic types of QoS:
1. Best effort delivery
2. Integrated Services Model
3. Differentiated Services Model
1. Best Effort Delivery: The best effort delivery method does
not distinguish between a priority traffic and a non-priority traffic.
The packets are forwarded in the order that they arrive. However,
the routers or switches put their best effort to forward the packets
that are received.
2. Integrated Services (IntServ) Model: The
protocol that does scheduling and reserving adequate path bandwidth
(end-to-end bandwidth) for application is know as Resource Reservation
Protocol (RSVP). The source application requests QoS parameters
through RSVP from the network devices along the route to destination.
The minimum set of commonly agreed parameters is arrived at, and
the source is informed of the same. RSVP enables traffic prioritization
according to a pre-determined set of rules.
3. Differentiated
Services Model (DiffServ): In the DiffServ model, the resources
are dynamically arranged. The advantage over IntServ model is that
the bandwidth utilization is more efficient in DiffServ. With IntServ,
QoS is applied on a per-flow basis, whereas it is applied on a per-hop
basis on DiffServ.
<--Previous 0 1 2 3 4 5 6 7 8 9 Next-->