Lesson List

Unit 1: Network Infrastructure
This will allow you to demonstrate your networking skills, knowledge, and abilities, with a focus on enterprise-level switching, routing, and multicast components that support cross-platform (inter)operability and integration with the most recent software-defined technologies.

How does a switch learn MAC Addresses
Static MAC Address Table Entry
Errdisable recovery
L2 MTU
Cisco Discovery Protocol (CDP)
Link Layer Discovery Protocol (LLDP)
Unidirectional Link Detection (UDLD)
Introduction to VLANs
Configuration of Vlan
Vlan Types
Trunk ports (802.1Q)
The Distinction Between Native VLAN and Default VLAN
Access Ports
Voice Vlan
VTPv1, VTPv2
VTPv3
VTP Pruning & Manual Pruning
EtherChannel Configuration Modes
Layer 2 EtherChannel
Layer 3 EtherChannel
Introduction to Spanning Tree
Types of Spanning Tree Protocol
Spanning Tree Cost Calculation
Spanning Tree Port States
Spanning Tree Protocol Timers
Spanning Tree Protocol Topology Changes
Portfast Configuration
Spanning Tree UplinkFast
Spanning Tree BackboneFast
Spanning Tree Protocol RSTP Proposal – Agreement Process
Spanning Tree Protocol: RSTP Inferior BPDU Handling
Spanning Tree Protocol – RSTP BPDU Format
Spanning Tree BPDU Guard
Spanning Tree BPDU Filter
Spanning Tree Loop Guard
Spanning Tree Root Guard
STP Dispute
Spanning Tree Bridge Assurance
Explanation of IP routing
Administrative distance
Static routing
VRF-Lite
Routing protocol authentication
Bidirectional Forwarding Detection
L2 MTU and L3 MTU
Introduction to EIGRP
Format of EIGRP Packet
EIGRP Neighbor Adjacency
The EIGRP Neighbor and Topology Table
EIGRP Configuration
EIGRP Static Neighbor
EIGRP Passive Interface
EIGRP Summarization
EIGRP Classic Metrics
EIGRP Wide Metrics
EIGRP FSM (Finite State Machine)00:00
Understanding EIGRP Topology Table
EIGRP RTP Protocol and Packet Types
Stuck- in- Active (EIGRP)
EIGRP Graceful Shutdown
EIGRP load balancing
EIGRP Variance
EIGRP Add-Path Support
EIGRP Named Mode
EIGRP Stub Explanation
EIGRP Leak-Maps
Introduction to OSPF
OSPF Configuration
Setting up Cisco Multi-Area OSPF
Troubleshooting OSPFv2 Neighbor Adjacencies
OSPF LSA Types Explained
OSPF Non-Broadcast Network
OSPF Broadcast Network Type
OSPF Point-to-Point Network Type
OSPF Point-to-Multipoint
OSPF Point-to-Multipoint Non-Broadcast Network Type
OSPFv3 Protocol on IPv4
OSPF Route Summarization
OSPF Reference Bandwidth
OSPF Hello and Dead Interval
OSPF Router ID
OSPF Neighbor Forming Process
OSPF Neighbor States
DR and BDR in OSPF
OSPF Passive Interface
OSPF Graceful Shutdown
OSPF LSA & SPF Throttling
OSPF Single Hop LFA / IP FRR
OSPF Prefix Suppression
Introduction to BGP
BGP Neighbor Adjacency States
BGP Messages
BGP Peer Groups and Peer Templates
BGP 4-Byte AS Number
BGP Private and Public AS Range
BGP Weight Attribute
BGP Local Preference Attribute
BGP Attribute Locally Originated
BGP AS Path Prepending
BGP Origin Code Attribute
BGP MED Attribute
Prefer eBGP over iBGP
BGP Attributes and Path Selection
BGP Multipath load sharing iBGP and eBGP
Go to course home
Routing protocol authentication

Methods of Authentication

There is both a key and a key number in the routing updates. (The key number is 0 if the routing protocol doesn’t allow more than one key.)

The key is sent to the other router, which checks it against its own.

It gets the update if the keys and key numbers match.

  • Which routing protocols are capable of supporting authentication using plain text?

 RIPv2, OSPFv2, IS-IS

  • In the event of routing updates, how does hash authentication operate?

 An algorithm for hashing is executed on a routing update by making use of the key that was configured. The outcome is incorporated into the final portion of the routing update.

The hash digest is produced as a result of the neighbor applying a hashing algorithm to the received update and its local key respectively.

In the event that the hash digest that was constructed is identical to the hash digest that was received, the router will accept the update.

  • A key chain, what is it? What are the benefits of it?

 It’s a group of keys, and each one has a unique key ID that goes with it.

It is possible to set up each key such that it is only used during a particular timewindow = time-based key chain.

  • How is a time-based key chain configured?
key chain TESTKEYCHAIN
key 1
key-string Cisco1 // password of key 1
accept-lifetime 01:00:00 April 1 2024 01:00:00 May 23 2024
send-lifetime 01:00:00 April 1 2024 01:00:00 May 23 2024
key 2
key-string Juniper1
accept-lifetime 01:00:00 April 1 2024 infinite
send-lifetime 01:00:00 April 1 2024 infinite

Authentication with EIGRP

  • When EIGRP authentication is turned on, what kinds of data are checked?

All EIGRP messages.

The routers all make use of the same preshared key (PSK), and according to the PSK, they construct an MD5 digest for each and every EIGRP message.

  • What level of security is provided by EIGRP authentication?

 DoS attacks are less likely to happen.

The EIGRP messages can be read by devices that are not neighbors.

Routers are unable to create a neighboring relationship without a successful EIGRP authentication.

 What is the best way to set up EIGRP to authenticate IPv4 traffic?

key chain ROUTERKEYS
key 1
key-string DRIZZ
key 2
key-string GERALD
!
interface Fa0/0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 ROUTERKEYS

Below is the command syntax:-

ip authentication mode eigrp ASN md5

ip authentication key-chain eigrp ASN name-of-keychain

Key 2 will never be used in this example. It won’t check key 2 if key 1 doesn’t match. If you also set the lifetime, having more than one key is helpful.

  • In order to configure EIGRP for IPv6 authentication, what are the steps?
key chain ROUTERKEYS
key 1
key-string DRIZZ
!
interface Fa0/0
ipv6 eigrp 1
ipv6 authentication mode eigrp 1 md5
ipv6 authentication key-chain eigrp 1 ROUTERKEYS

Below is the command syntax:-

Ipv6 authentication mode eigrp ASN md5

Ipv6 authentication key-chain eigrp ASN name-of-keychain

  • How is named EIGRP authentication configured?
key chain ROUTERKEYS
key 1
key-string DRIZZ
!
router eigrp EIGRP-TEST
!
address-family ipv4 unicast autonomous-system 2
!
af-interface Fa0/0
authentication mode md5
authentication key-chain ROUTERKEYS
exit-af-interface
!
network 0.0.0.0
exit-address-family

The Authentication of OSPF

  • With OSPF authentication enabled, which packets are checked for authenticity?

All OSPF messages are verified, much like EIGRP.

  • What other kinds of authentications are available in OSPF?

 Type 0 = no authentication

Type 1 = plain text authentication (OSPFv3 does not support it)

Type 2 = Hashing authentication

 How do you set up plain text authentication and where is it located?

 It can be configured via an OSPF area or an interface.

!R1
interface Fa0/0
ip address 10.1.1.1 255.255.255.0
ip ospf authentication-key ROUTERKEY
!
router ospf 1
area 0 authentication // enables authentication on an area

!R2
interface Fa0/0
ip address 10.1.1.2 255.255.255.0
ip ospf authentication // enable authentication on an individual interface
ip ospf authentication-key ROUTERKEY
  • In OSPF, what’s the difference between plain text authentication and MD5 authentication?

 With the key-string (which can be up to 16 characters long) and the key-id, an MD5 hash can be computed.

You have the option to use a different key for each interface.

  • How is MD5 authentication configured?
!R1
interface Fa0/0
ip address 10.1.1.1 255.255.255.0
ip ospf message-digest-key 1 md5 ROUTERKEY
!
router ospf 1
area 0 authentication message-digest //enable MD5 auth for all area 0
network 0.0.0.0 255.255.255.255 area 0

!R2
interface Fa0/0
ip address 10.1.1.2 255.255.255.0
ip ospf authentication message-digest //enable MD5 auth for interface
ip ospf message-digest-key 1 md5 ROUTERKEY
!
router ospf 1
 network 0.0.0.0 255.255.255.255 area 0
  • How can you tell which authentication method is being utilized on the interface?

 sho interface interface-id 

  • How does authentication for OSPFv3 operate?

 When OSPFv3 is used with IPSEC for authentication and Encapsulating Security Payload (ESP) for encryption and authentication, the following happens:

ipv6 ospf authentication = only authentication

No Attachment Found
No Attachment Found
Previous
Next
Copyright © 2024 NetworkWords. All rights reserved.