Friday, August 15, 2008

It's Friday, August 15, and here are the answers to Thursday's questions!

CCNA Certification And CCENT Certification:

Define the purpose of ARP, Proxy ARP, and Inverse ARP.

Answer: ARP acquires a remote host's MAC address when the IP address is known.

Proxy ARP allows a router to answer an ARP Request on behalf of a host on the "other side" of the router. This is necessary because routers do not forward broadcasts, and an ARP Request is a broadcast.

Inverse ARP dynamically maps Frame Relay DLCIs to a remote host's IP address. Inverse ARP is commonly turned off in Frame Relay deployments; to do so, use the no frame-relay inverse-arp command.

CCNA Security Certification / CCNP ISCW Exam:

In regards to the IOS Firewall set, what is generic inspection? What's so "generic" about it?

Answer; I'm not going to show you the entire IOS Help readout for the following command, but believe me - it's a long, long list. On this particular router, I had over 150 options.

R1(config)#ip inspect name CCNP ?

802-11-iapp IEEE 802.11 WLANs WG IAPP
ace-svr ACE Server/Propagation
appfw Application Firewall
appleqtc Apple QuickTime
bgp Border Gateway Protocol
biff Bliff mail notification
bootpc Bootstrap Protocol Client

If you want to inspect all TCP and/or UDP connections, you can specify TCP and/or UDP as the inspected protocol, rather than a more-specific entry. This is generic inspection and is configured by entering tcp or udp at that same point in the ip inspect command.

tcp Transmission Control Protocol

udp User Datagram Protocol

This will inspect any TCP and/or UDP protocol traffic, even if the specific application isn't named in the inspection rule. Generic inspection is designed to allow return traffic for all TCP and/or UDP connections that are initiated on the inside network.

So why don't we just configure all TCP and UDP traffic to be inspected generically and leave it at that?

Application-specific commands are not interpreted by generic inspection, and that means that the return packets may not be allowed to enter the inside network. If the return traffic is using a different port number than the original traffic, generic inspection may not allow that return traffic to enter the network.

CCNP Certification / BSCI Exam:

You want to perform a BGP reset with a neighbor at You do not want the current adjacency to come down. Can this be done? If so, how can you do it?

Answer: We can perform a BGP soft reset with the clear ip bgp command; using IOS Help shows us there are quite a few options with this command.

R5#clear ip bgp ?
* Clear all connections
<1-65535> AS number of the peers
A.B.C.D BGP neighbor address to clear
dampening Clear route flap dampening information
flap-statistics Clear route flap statistics
peer-group Clear BGP connections of peer-group

R5#clear ip bgp ?
flap-statistics Clear flap statistic
soft Soft reconfiguration

R5#clear ip bgp soft ?
in soft reconfigure inbound update
out soft reconfigure outbound update

R5#clear ip bgp soft out

The BGP adjacency is not torn down as a result of this command.

CCNP Certification / BCMSN Exam:

You've configured an SVI on your multilayer switch, but your pings are not going through. This is the first SVI configured on the switch. What's the first thing you should check?

Answer: Make sure IP routing is on!

CCNP / ONT Exam: (My ONT Study Package will be released on Monday!)

Transactional, management, and routing are the three sub-classes of what major traffic class in SDM?

A. Realtime

B. Business-critical

C. Best Effort

D. Priority

Answer: B. These are all subclasses of the Business-critical class.

There's a new CCNA Security exam on the main site today, as well as a new networking models exam for you CCNA and CCENT candidates - be sure to read today and yesterday's blog posts for links to those and other free Cisco exam resources!

To your success,

Chris Bryant
CCIE #12933

No comments:

Blog Archive