Sunday, July 27, 2008

Here are the answers to yesterday's questions! All questions were short answer.

CCNA Certification:

Identify the numeric ranges for standard and extended ACLs.

Answer: Here's the IOS Help readout that shows all of our ACL ranges. Standard ranges are bolded.

R1(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1100-1199> Extended 48-bit MAC address access list
<1300-1999> IP standard access list (expanded range)
<200-299> Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<700-799> 48-bit MAC address access list
dynamic-extended Extend the dynamic ACL absolute timer
rate-limit Simple rate-limit specific access list

CCENT Certification:

What's the basic purpose of the exec-timeout 0 0 command?

Answer: This disables the console session default inactivity timeout of 5 minutes and 0 seconds.

If you want to change that timer rather than disabling it, the first number represents the number of minutes in the inactivity timer and the second number is the number of seconds.

R1(config)#line con 0
R1(config-line)#exec-timeout ?
<0-35791> Timeout in minutes

R1(config-line)#exec-timeout 0 ?
<0-2147483> Timeout in seconds

R1(config-line)#exec-timeout 0 0 (disables the inactivity timer)

This command can also be configured on the VTY lines to set or disable the inactivity timer for Telnet and SSH users. Here, we'll set the VTY line inactivity timer to 10 minutes, double the default time.

R1(config)#line vty 0 4
R1(config-line)#exec-timeout ?
<0-35791> Timeout in minutes

R1(config-line)#exec-timeout 0 ?
<0-2147483> Timeout in seconds

R1(config-line)#exec-timeout 10 ?
<0-2147483> Timeout in seconds

R1(config-line)#exec-timeout 10 0

They're great commands for your present or future home lab, and I also recommend you know them for your CCENT and CCNA exams!

CCNA Security Certification / CCNP ISCW Exam:

What's the purpose of the ip inspect tcp idle-time command?

Answer: ip inspect tcp idle-time sets the amount of time an idle TCP connection is kept in the state table. Default is 3600 seconds.

CCNP Certification / BSCI Exam:

When you enter the command shown below, what is the first thing that will happen?

R1(config)#interface serial0
R1(config-if)#ip summary-address eigrp 100

Answer: When you configure EIGRP address summarization, any and all EIGRP adjacencies formed via that interface will be torn down. That little detail gets left out of a lot of BSCI study guides, but it's obviously an important point!

Don't just take my word for it - here's the proof! The EIGRP adjacency message even indicates why the adjacency was torn down:

R1(config)#interface ethernet0
R1(config-if)#ip summary-address eigrp 100

2d11h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor (Serial0) is down: summary configured
2d11h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor (Serial0) is down: summary configured

CCNP Certification / BCMSN Exam:

What is the net effect of the following command?

SW2(config)#errdisable recovery cause all

Answer: A switch port will be placed into error-disabled state, referred to on the switch as err-disabled, under certain circumstances such as a violation of port security.

By default, a port in err-disabled state has to be manually reopened. (The port LED will go out as well; as you'd suspect, a green LED indicates an active port.)

You may have a situation where you want the port to re-enable itself after a certain period of time, and this can be configured with the errdisable recovery interval command.

Before doing so, though, you must define the causes from which the port can recover automatically. We'll use the "all" option here to allow the port to autorecover from any err-disabled state.

SW2(config)#errdisable recovery cause all

SW2(config)#errdisable recovery interval ?
<30-86400> timer-interval(sec)

SW2(config)#errdisable recovery interval 300

As with any command involving time, you should first check the unit of time this particular command uses. Some Cisco commands use seconds, some use minutes, some use hours. If you want a five-minute interval before the port re-enables, you need to enter 300, not 5.

CCNP / ONT Exam:

Define per-hop behavior as the term relates to DiffServ.

DiffServ doesn't use RSVP, but instead uses Per-Hop Behavior (PHB) to allow each router across the network to examine the packet and decide what service level it should receive.

With DiffServ, one router along the path from source to destination could consider a packet to be of the highest priority, while another router could consider it "just another packet".

There is no advance signaling with DiffServ - no "hey, here comes a really important packet!" advance notice. Each hop along the way from source to destination makes its own decision as to how important a packet is or isn't.

This lack of advance signaling is why DiffServ is considered more scalable than IntServ, since no bandwidth is reserved in advance of the actual transmission.

I'll have brand-new questions for you later today here on the blog, a new CCNA / CCENT practice exam on the main website, and the answers to the first in my upcoming series of CCNA Security pracitce exams as well.

Visit my CCNA Security Certification Resource Page for new practice exams and fully-illustrated tutorials!

To your success,

Chris Bryant
CCIE #12933

No comments:

Blog Archive