Question:Define the term "DMZ" as it pertains to network security, and name three different common network devices that

are typically found there. Answer: It's easy to think of your network as the "inside", and everything else as "outside". However, we've got a third area when it comes to firewalls - the DMZ. From an IT standpoint, the DMZ is the part of our network that is exposed to outside networks. It's common to find the following devices in a DMZ: FTP server Email server E-commerce server DNS servers Web servers

Stateful packet filtering does monitor the connection state, and that's particularly important when it comes to preventing TCP attacks. A stateful firewall will not only monitor the state of the TCP connection, but also the sequence numbers. Stateful firewalls accomplish this by keeping a session table, or state table. Question:Configuring ACLs is an important part of working with the IOS Firewall. What wildcard masks are replaced in ACLs by the words host and any? Answer: We have the option of using the word host to represent a wildcard mask of 0.0.0.0. Consider a configuration where only packets from IP source 10.1.1.1 should be allowed and all other packets denied. The following ACLs both do that. R3#conf t R3(config)#access-list 6 permit 10.1.1.1 0.0.0.0 R3(config)#conf t R3(config)#access-list 7 permit host 10.1.1.1 The keyword any can be used to represent a wildcard mask of 255.255.255.255. Both of the following lines permit all traffic. R3(config)#access-list 15 permit any R3(config)#access-list 15 permit 0.0.0.0 255.255.255.255 There's no "right" or "wrong" decision to make when you're configuring ACLs in the real world. For your exam, though, I'd be very familiar with the proper use of host and any. Question:What does the dollar sign in the following ACL line indicate?
R1(config)#$ 150 deny ip 172.50.50.0 0.0.0.255 172.50.100.0 0.0.0.255

Answer: The dollar sign simply indicates that part of the command you're entering or viewing can't be shown because the entry is so long. It does not mean the command is illegal. Question:Basically, how does an IOS Firewall prevent a TCP SYN attack? Answer: The IOS Firewall can use any or all of the following values to detect when a TCP SYN attack is underway Overall total of incomplete TCP sessions Number of incomplete TCP sessions in a certain amount of time

Number of incomplete TCP sessions on a per-host basis When any of these thresholds are reached, either of the following actions can be taken: Block all incoming SYN packets for a certain period of time Transmit a RST to both parties in the oldest incomplete session Question: We'll start with a question you learned the answer to in your CCNA studies. When you have an enable secret and an enable password set, which takes precedence over the other? Answer: A. The enable secret always takes precedence over the enable password 13-Question: What port does NTP use? Answer: NTP uses UDP port 123. Remember that when you're configuring your ACLs! Question: What authentication option is available for Telnet that is not available with SSH? Answer: You can use a line password for Telnet, but not for SSH. For SSH, you'll need to use AAA or a locally configured database Question Which RFC refers to all of the following network address ranges, and how do these ranges relate to network security? 0.0.0.0 /8 10.0.0.0 /8 127.0.0.0 /8 172.16.0.0 /12 192.168.0.0 /16 224.0.0.0 /4 240.0.0.0 /4 Answer: RFC 3704 (an updated version of RFC 2827) recommends that packets sourced from those address ranges not be allowed to enter your network Blocking these address ranges for incoming traffic on your network's perimeter routers is sometimes called "2827 filtering" or "3704 filtering", referring to the original and updated RFCs that discuss this topic in a great deal of detail. Question Which of the following are considered reconnaissance attacks, and which are access attacks? A. ping sweep , B. port scan , C. password attack, D. trust exploitation, E. DSL query
Answer: Recon attacks: ping sweeps, port scans, DSL queries. Access attacks: password attacks and trust exploitation

Question The term "port redirection" refers to which type of network attack ? Answer: Port redirections are a type of trust exploitation. Question why are following disabled by default when you run Autosecure? A. PAD , B. UDP and TCP Small Servers , C. BootP, D. CDP , E. NTP Answer : Finger - recon attack possibility PAD - known vulnerabilities

UDP and TCP Small Servers - attacker can request large number of UDP diagnostics BootP - known vulnerabilitiest HTTP services, Identification Service (queries TCP port), CDP, NTP and IP source routing are also disabled globally. Question As it relates to how they are spread, what is the major difference between a worm and a virus? Answer: The terms virus and worm are often used interchangeably, but they're not quite the same thing. A major difference between the two is that a worm can spread from its entry point to the rest of your network without the "help" of a human being. A common worm attack is carried out by the worm finding your email address book and then sending a copy of itself to every recipient in that book. The worm executes its code and then continues to send copies of itself. A virus can't be spread without an end user helping out, generally by forwarding an infected file or attachment. Q :Difference between RADIUS and TACACS+? A: 1. RADIUS uses UDP while TACACS+ uses TCP

2. RADIUS encrypts only the password in the access-request packet, from the client to the server While TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header. 3. RADIUS does not allow users to control which commands can be executed on a router and which cannot; therefore, it is not as useful for router management or as flexible for terminal services.
Question: In terms of their position in the flow of traffic, what's the major difference between an IPS and an IDS? Answer: An IDS is not in the direct flow of network traffic. Instead, the traffic flows are mirrored to the IDS. When infected traffic does hit the network, the IDS will see this and take appropriate action. In contrast, the Intrusion Prevention System (IPS) does sit in the middle of the traffic flow - in this case, the IPS will actually be our Cisco router. When the IPS detects a problem, the IPS itself can prevent the traffic from entering the network Question: What is "3704 filtering", and what does it have to do with network security? Answer: RFC 3704 (an updated version of RFC 2827) recommends that packets from the following network ranges be prohibited from entering your network: 0.0.0.0 /8 10.0.0.0 /8 (RFC 1918 Class A private range) 127.0.0.0 /8 (loopback address range) 172.16.0.0 /12 (RFC 1918 Class B private range) 192.168.0.0 /16 (RFC 1918 Class C private range) 224.0.0.0 /4 (reserved for IP multicasts)

240.0.0.0 /4 (RFC 1918 Class E private range) Blocking these address ranges for incoming traffic on your network's perimeter routers is sometimes called "2827 filtering" or "3704 filtering", referring to the original and updated RFCs that discuss this topic in a great deal of detail Question: What is the purpose of the 256MB.sdf file? What does the "256" refer to? Answer: This is one of three preconfigured Signature Definition Files. Cisco's website recommends running the Intruder Prevention System (IPS) with the preconfigured files - attack-drop.sdf, 128MB.sdf, and 256MB.sdf. The "128MB" and "256MB" refer to the amount of memory necessary to use these particular files.. Question: Which of the following does not use encryption? A. SSH B. SSL C. NTP v 3 D. Telnet E. SMTP v 3 Answer: D. The other four all use encryption in some form. Question: What is the anomaly method? Answer: "This is the IPS method of identifying malicious traffic where differences from normal traffic patterns are sought and detected." Question: What's the purpose of the attack-drop.sdf file? Answer: The attack-drop.sdf file is a Signature Definition File that contains the latest and greatest IPS signatures. Question: There are three basic methods IPS uses to identify potentially

malicious traffic. Name all three and give a brief definition of each. Answer: Both the IPS and IDS can base their identification of dangerous and malicious traffic on the following: Policy, where a configured policy may ban particular IP addresses, ports, or even websites Signature, where byte patterns are considered along with other values. Anomaly, where differences from normal traffic patterns are sought and detected.
Question: What's the purpose of the ip inspect tcp idle-time command? Answer: ip inspect tcp idle-time sets the amount of time an idle TCP connection is kept in the state table. Default is 3600 seconds. Question: In terms of network security, what purpose does a honeypot serve?

Answer: A honeypot is a network device that is purposely left open to attack. The attack methods are then analyzed in order to develop a defense against that attack type. (Obviously, this will not be a production server!) Question: In SDM, what does an asterisk indicate when it's used in a graphical representation of an ACL? Answer: An asterisk represents the ACL option "any". Question: What are the two options you should expect to see IOS Help display in the following command? R1(config)#ip tcp intercept mode ?

Answer: You can run TCP interfcept in intercept or passive mode. Question: You're using the Authentication Proxy. Where can you store the user-specific security profiles? Answer: The profiles can be downloaded from a TACACS+ or RADIUS server. Note : An Intrusion Prevention System will be in the direct path of traffic, but an Intrusion Detection System will not be found there. Question: Describe an IP Spoofing attack. Answer: You may remember from your ISDN studies that when an ISDN line was pretending to be up, it was said to be spoofing. When a network intruder uses the IP address of a trusted device in order to gain access to your network, that's IP Spoofing. IP Spoofing can be used against your network in several ways: 1. To inject a stream of malicious code and/or commands into your network 2. To trick legitimate network hosts into sending sensitive data to the attacker 3. As part of a reconnaissance attack, an attack that in itself may not be damaging, but is used to gather information for future, more destructive attacks.
Question: Briefly describe the purpose of a "SYN cookie". Answer: One defense against SYN attacks, a SYN cookie verifies the client address before actually allocating resources to that client. Question: Briefly describe the term "teardrop attack". Answer: IP fragments with large payloads are the method of attack. Issues with the TCP fragmentation reassembly code of Windows NT, 96, and 3.1x (among others) created this opening. Question: In a typical Network Management block, what switch layers are represented? A. Access B. Distribution C. Core Answers: A, B. In addition to network management devices, both Access and Distribution switches will be found here. Question: Briefly describe a "DDoS" attack. Answer: A Distributed Denial-Of-Service attack is a typical DoS attack, but one that is carried out by a large number of attackers rather than a single host. Question: What term is given to the network attack that occurs when an intruder gathers information in preparation for a larger attack in the future? Answer: That is a network reconnaissance attack. Recon attacks are generally not destructive in themselves, since the actual point of a recon attack is to avoid notice. It's the information gathered during the recon attack that we're concerned about, since that info can and probably will be used in a future attack - and that attack will be destructive. Question: You want to display a message to users who connect to your router via Telnet. What command will you use to do so?

Answer: Use the banner login command. Question: You're defining inspection rules on a Cisco firewall. What command are you using? Answer: The global ip inspect command

Question: You're ensuring that only the devices in a VPN that should see the data in unencrypted format will see the data that way. Which of the following are you practicing? a) data confidentiality b) data integrity c) replay attack protection d) data origin authentication Answer: A. Data Confidentiality means that only the devices that should see the data in an unencrypted form will see the data that way. Data Integrity means that the recipient of the data can guarantee that the received data is the same as the transmitted data - in short, that the data was not altered during transport. Data Origin Authentication guarantees that the data originated from a specific endpoint. Anti-replay protection (sometimes just called "replay protection") protects against replay attacks, a malicious repeat and/or delay of a valid transmission.

Note :
Port Mirroring Port Mirroring is used on a network switch to send a copy of network
packet seen one switch port to a network monitoring connection on another switch port. Generally referred as the SPAN ( Switch port Analyzer) Layer 3 Switch High Performance devices. Layer 3 switch very little differ from routers. A layer 3 switch support the routing protocols Both inspect the incoming & outgoing packet and dest Layer 2 switch, frames are based on the MAC address information, Layer 3 switch frames are based on the network-layer information. Layer 2 switching does not look inside a packet for network-layer information. Layer 2 switching is performed by looking at destination MAC address within a frame. Layer 2 switch maintain the MAC address table. Layer 2 switch broadcast the frames and received the information. Layer 3 switching operates at the network layer. It examines packet information and forward packets based on their network- layer destination address.

VRF :
1. Virtual Routing and forwarding is used on the MPLS network. 2. VRF is maintain the multiple routing table on the single router. 3. Virtual routing and forwarding is a technology included in IP ( Internet Protocol) network routers that allow multiple instances of the routing table to exist in a router and work simultaneously.

4. Increases functionally by allowing network paths to be segmented without using multiple devices. 5. VRF acts like a Logical router , but while a logical router may include many routing tables. 6. Virtual routing and forwarding is a technology implemented in the IP network routers that allow multiple instances of a routing table to exist on the same router in the same time 7. Multi protocol Label Switching ( MPLS) VPN technology. 8. Virtual Network enable administrator to split a physical link into multiple virtual link completely isolated one from the others. Virtual Link will be dedicated to traffic from a specific application or customer. MPLS functionally based on P ( Provider) router, PE ( Provider Edge) router and CE ( Customer edge) router. One PE router can hold and manage multiple virtual routing. If you are running in a private environment , you can use MPLS VPN to separate services. The Route distinguisher (RD ) is a number which help identify a VPN in a provider network and allow for overlapping IP space. The Route target (RT) indicates the VPN membership of a route and allow VPN routes to be imported or exported into or out of your VRF

Spanning Tree
1. STP is the link layer network protocols that ensure a loop free topology. 2. Basic functionally of the STP is prevent bridge loop and ensuring broadcast radiation. a. Select Root Bridge We need to select the root bridge with the smallest bridge ID, Each bridge has a unique identifier and configure the selected ID . Based on the priority value the bridge b. Determine the least cost paths to the root bridgec. Bridge Protocol Data Unit ( BPDU ) BPDU frame using the Bridge ID and MAC address of the port itself and Source and Destination address. i. BPDU exchange regularly and enable switch keep track of network changes and start and stop forwarding at ports as required. ii. BPDU are exchanged regularly ( every 2 sec) 3, Blocking ,Listening Switch process BPDU and awaiting new possible information., Learning ,Forwarding ,Disabled Spanning tree protocol is a link management protocol that provide path redundancy while prevening undesirable loops in the network. Multiple active paths between stations cause loops in the network. If the loop exists in the network topology, the potential exists for duplication of message. Election of the Root Switch 1. The election of a unique root switch for the table 2. The election of a designated switch for every switched LAN segment. 3. The removal of loops in the switched network BPDU 1. The Unique switch identifier ( MAC address) associated with each switch. 2. The path cost to the root 3. The port identifier with each switch. BPDU One switch is elected as the root switch. The shortest destination to the root switch calculated for each switch. Blocking, Listening, Learning, Forwarding, Disabled. VTP

VTP ( VLAN Trunking Protocol) Cisco proprietary Layer 2 messaging protocol that manage the addition, deletion and renaming of VLAN on a network wide basis. VTP reduce the administration in a switch network. VLAN information distributed to all switches by VTP domain. VTP Operation on three mode 1. Server In the VTP mode , create, modify the VLANS 2. Client VTP client is works like Server, but not able to create , delete 3. Transparent The switch does not participate in VTP, A VTP transparent switch will not advertise its VLAN configuration and does not synchronize. VTP sends message between trunked switches to maintain VLAN on these switch Port Security 1. Port security can do based on the MAC address 1. MAC blocking 2. MAC learning

Firewall
A firewall is a program or hardware device that filters the inbound and outbound traffic. Three method of controlling the traffic. 1. Packet Filtering - Packets are analyszed against a set of filters. Packets that make it through the filters are sent to the requesting systems and all others are discarded. 2. Proxy Service Information from the internet is retrieved by the firewall and then sent to the requesting system and vice versa. 3. State full Inspection It does not examine the content of each packet but instead compares certain key parts of the packet to a database of trusted information. Inbound and outbound are monitored for specific characteristic, then incoming information is compared to these characteristic. If the comparison yeald the reasonable match, the traffic allowed thought, otherwise its discarded

Security Level. PIX have very simple mechanisms to control traffic between interface. The ASA allow traffic pass from trusted to untrusted , but not the reverse. The traffic
can pass from interface with high security levels to interfaces with lower security levels. ASA block the lower level to high level. Security level 100The highest possible level, it is used by the inside interface by default. Using the trusted-untrusted terminology, this level is considered the most trusted. Security level 0The lowest possible level, it's used by the outside interface by default, making it the most untrusted interface. Traffic can pass from this interface to other interfaces only if manually configured to do so. Security levels 199 Can be assigned to any other interface on the PIX. On a threepronged PIX firewall, the inside is typically 100, the outside is 0, and the third interface could be 50. Traffic from interfaces between 1 and 99 can pass through to the outside (0), but it is prevented from passing to the inside (100). This is because the interface has a lower security level setting than the inside.

Static Routing Vs Dynamic Routing.

Static routing is not really a protocol, simply the process of manually entering routes into the routing table via a configuration file that is loaded when the routing devices starts up.

Static route is a route that is created manually by the network adminstrator. Dynamic route are created by routing protocol. Static routing administrative distance is one. IGRP default administrative distance is 100 Static routing is manually entering the route based on the best path consideration. Dynamic routing is Dynamic routing protocols are software application that dynamically discover network. A router will learn routes to all directly connected network. It will learn routes from other routers that run the same routing protocols. The router will then sort through its list of routes and select the best path.

EIGRP ( Enhanced Interior Gateway Routing Protocol)

1. It is link state routing protocol. 2. Cisco Preparatory routing protocol & Distance vector routing protocol. 3. Routing optimisation is based on the Diffusing update algaritham (DUAL) 4. Distance Vector Routing Protocol Bellman Ford algorithm to find shortest paths. The exchange a vector of distance to all destination. No future topology information exchange. 5. Link state routing protocols Based on the algorithm find the shortest path. They work by exchanging a description of each node and its exact connections to its neighbours. 6. EIGRP allows for equal cost load balancing, incremental routing updates and formal neighbour relationship 7. EIGRP reduces bandwidth usage. Its updates only when topology changes occur. 8. Support of Variable Length subnet Masks (VLSM) 9. Using Hello messages, EIGRP sessions establish and maintain neighbor relationships with neighboring routers. 10.EIGRP format packet ( hello / ACk, Updates, Queries, Replies, Request ) 11.EIGRP administrative distance is 120 12.EIGRP only send the updated information if any network changes. 13.EIGRP Default hop count is 224 14.IGRP default hop count s 111 15.EIGRP use reduce the bandwidth 16.EIGRP will learn the successor and feasible successor. 17.EIGRP maintain three database Neigbor DB, toptoplogy DB, IP routing table 18.EIGRP default hold time is three times of Hello packets. 19.RTP ( Reliable Transport Protocol) is responsible for guarabteed 20.Default hello interval is 5 second. 21.Update, query & replay packet , replay Acknowledgement oriented. 22.Hello, ACK are NON Acknowledgment oriented. 23.EIGRP DUAL a. Tracks all routs advertised by neighbour. b. Select the loop free successor and select the feasible successor. c. If successor is fails , select the feasible successor. 24.DUEL is used to select the best path

OSPF
1. Its is link state routing protocol. Generate routing update when any network changes. 1. Response quickly as the network changes. 2. Send triggered update when network changes occurs 3. Send periodic update, link-state refresh, and such every 30 min 2. Neighbour Table, Topology table, Routing table Link state data structure. 3. Digistra algoritham calculate the all possible routes.

4. OSPF Area - Characteristics 2. Minimizes routing table entry. 3. Localization impact of any topology changes. 4. Details LSA flooding stop at the area boundry. 5. Require hierarchical network design. 6. Area border router (ABR) 7. OSPF select the DR ( Designated Router) and BDR ( Backup Designated router) 8. OSPF protocol that builds three tables : Neigbour table, LS topology table and routing table. 9. OSPF protocol have five type of packet, hello, database description, Link state Request( LSR), Link State Update (LSU) and ACK. 1. Hello Builds adjucent between neighbours. 2. Database Description ( DBD) check for database syncronization between router. 1.

IGRP..
It is distance vector routing protocol. Its use metric as a bandwith Cisco switch Stack 3750 stack. Catayst 3750 switch that run cisco IOS software relase 12.2 Ling Aggregation Control Protocol ( LACP ) and Port Aggregation Protocol ( PAgP) is a Cisco proprietary protocols that run on Cisco Switch. PAGP cannot be enabled on cross-Stack ether channels. LACP is supported on cross stack etherchannels from Cisco IOS. LACP packets only with partnet interfaces with the active or passive mode configuration. We can configure up to 16 ports form a channel. Eight of the port are in active mode and other eight are in standby mode. New method for collectively utilizing the capabilities of a stack of switch. Switch intelligently join to create a single switch unit with a 32 gbic Switch can be added to and deleted from a working stack without affecting performance. Switch are united into a single logical units using special stack interconnected cables that create bidirectinoal closed loop path. Layer 2 and Layer 3 forwarding layer 2 forwarding is done with a distribution layer. Layer 3 is done in a centralized manner. Cisco Catalyst 3750 series switch has a single IP address and is managed as a single object. The single IP management applies to active fault detection, VLAN creation , Modification and deletion , Security and QoS controls. Cisco stackwise technology units up to nine individual cisco 3750 switch into a single logical units. This single stack will allow share the same network topology, MAC address and routing information

Switching Mode
Fast forwards Fast forwards offers the lowest level of latency by immediately forwarding a packet after receiving the destination address. In Fastforward mode, latency is measured first bit received to first bit transmitted (FIFO) Fragment Free Fregment free switching filters out collision fragments, the majority of packet errors before forwarding begins. Store and Forward. - Complete packet are stored and checked for error prior to transmission. In Sore and forward mode, Latency is measured last bit received to first bit tranmitted or LIFO ( Last in Fast out)

What is administrative distance ?

Adminsitrative distance is the feature that routers use in order to select the best path when there are two or more different routes to the same distinaiton from two different routing protocol. AD define the reliability of a routing protocol. AD distance is the first criterion that a router used to determine which routing protocol to use if two protocols provide route information for the same destination. The smallest administrative distance value is more reliable protocol. Administrative distance is used to select the best path when there are two or more different routes to the same distance from two different routing protocols. Route Source Default DistanceValues Connected interface 0 Static route 1 EIGRP 5 BGP 20 Internal EIGRP 90 IGRP 100 OSPF 110 Intermediate System-to-Intermediate System (IS-IS) 115 RIP 120 Exterior Gateway Protocol (EGP) 140 On Demand Routing (ODR) 160 External EIGRP 170 Internal BGP 200 Unknown* 255 Clock rate The clock rate interface command has been enhanced for the synchronous serial port Subnet A subnet is a identifiable separate part of a organization network. Class Address Class A addresses begin with 0xxx, or 1 to 126 decimal. Class B addresses begin with 10xx, or 128 to 191 decimal. Class C addresses begin with 110x, or 192 to 223 decimal. Class D addresses begin with 1110, or 224 to 239 decimal. Class E addresses begin with 1111, or 240 to 254 decimal.

MPLS

Multiprotocol Label Switching is a mechanisam is high performance

telecommunication network which directs and carries data from one network node to the next. MPLS is a highly scalable, Protocol agnostic, MPLS is an efficient encapsulation mechanisam. MPLS was originally presented as a way of improving the forwarding speed of routers but is now emerging as a crucial standard technology that offers new capabilities for large scale IP network. MPLS terminology, the packet handled nodes or router are called Label switched router (LSR) Is the telecommunication network. MPLS is the standard technology for speeding up network traffic flow and make it easy to manage MPLS VRF ( Virtual Routing and forwarding ) is a technology that allow multiple instances of a routing table .VRF is the key element in the Cisco MPLS VPN technology.

ACL
Empty ACL permit all traffic Standard IP 1?99 ,1300 ?1999 Extended IP 100?199, 2000 ?2699 access-list acl_collector permit icmp any any access-list acl_collector permit ip any any Router( config) # access-list ACL# permit | deny conditions Standard Access Control list (ACL) are Cisco IOS based commands used to filter packets on cisco router based on the source IP address of the packet. Extended access control list have the ability to filter packet based on source and destination IP address. Numbers between 1 and 99, or any number between 1300 and 1999 can be used in a Standard ACL.

CISCO PIX Firewall BASIC

PIX Device Manager ( PDM ) PIX firewall provide wide range of security NAT , Content Filtering, URL filtering, IPSec VPN, DHCP Server / Client, Static NAT NAT NAT is a way to map a range of global address to an inside or peimeter (DMZ) address. 1. Static NAT One to one basis 2. Dynamci NAT Nap a unregistered IP address to a pool of registered IP 3. Overloading is the form of dynamic NAT but maps multiple unregistered IP address to one single registered IP address. This is know as PAT or single address NAT. NAT Terms.. Inside Local Address An IP address assigned to a host inside a network. Inside Global Address A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP address to the outside world. ARP and RARP Address Translation ARP maps IP address into MAC address. And ARP maps MAC address into IP address

BGP.
BGP is a protocol for exchanging routing information between gateway hosts in a network of autonomous systems. The routing table contains a list of known routers, the address they can reach and a cost metric associated with the path to each router. Learns multiple paths via internal and external BGP speakers. Picks the best path and installs in the forwarding table. Best path is sent to external BGP neighbour. Classless Inter Domain routing ( CIDR) BGP Introduction Used for carrying routing informaton between AS's path vector Protocol Incremental Runs over TCP - 179

Conveys Informatoin about AS BGP- General Operation Learns multiple paths via internal and external BGP speakers Picks the best path and installs in the IP forwarding table. Policy applied by influencing the best path selection. Load balancing - BGP does NOT load balancing traffic; it choose & installs a "Best " route BGP Relationship with IGP - BGP carries full internet routing table - IGP are used to carry next hop and interior network information. Autonomous System (AS) - Collection of network with same routing policy. - Single routing protocol BGP Path Selection Algoritham - Do not consider path if not route to next hop. - Sortest algoritham path

RIP..
RIP default behavior is send to ver 1 updateds, but to acceptable from ver 1 and 2. Sending update every 30 seconds Invalid after 180 Sec, Hold down 180 , flushed after 240. Difference between RIP V1 & V2 ? RIP V1 Classful routing protocol RIP V2 Classless routing protocol RIP V1 Subnet mask are NOT included in the routing update. RIP V2 Subnet mask are included in the routing update.

Cisco 6509 Switch Details. Supports all Catalyst 6500 modules, including all:
Supervisor engines Switch fabric modules Fast Ethernet modules Gigabit Ethernet modules 10 Gigabit Ethernet modules Voice modules Flex Wan Modules ATM modules Multi Gigabit services modules (content services ,firewall, intrusion detection,

IPSec/VPN, network analysis, and SSL acceleration) The Cisco Supervisor engine 720 offer a strong set of security features. The supervisor engine 720 builds on the proven Cisco Express forwarding ( CEF) architecture, by supporting centralized forwarding ( CEF) and distributed forwarding ( dCEF) There are three flavore, PFC3A, PFC3B, PFC3BXL What is the difference between router ACLs and Firewall ACLs? Router are designed to route traffic, not stop Firewall are designed to examine and accept / reject traffic. Both ACL are do the same job. Depending upon our requirement we do our ACL configuration.

What different types of firewall are there ? 1. Packet filters 2. Circuit level gateways 3. Application level gateways 4. Stateful multiplayer inspection firewalls Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. A router is a device that receives packets from one network and forwards them to another network. In a packet filtering firewall each packet is compared to a set of criteria before it is forwarded. Most routers support packet filtering. circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP / IP. This is useful for hiding information about protecting networks. Circuit level gateway are relatively inexpensive and have advantage of hiding information. Application level gateway also called proxies are similar to circuit level gateway expect that they are application specific. The can filter packet at the application layer of the OSI model. Stateful multiplayer inspection firewall. They filter packets at the network layer. What is IP Spoofing? Many firewall examine the source IP address of packet to dertmine if they are legitimate. IP spoofing This is useful technique , since many system define which packet may and which packets may not pass based on the sender IP address.

Distance Vector Routing Protocols Versus Link-State Routing Protocols Distance Vector Link-State
Sends its entire routing table at periodic intervals out of all interfaces (typically, this is based in seconds). Sends triggered updates to reflect changes in the network. Typically involves updates sent using a broadcast address to everyone on the link. Uses a metric based on how distant the remote network is to the router. (IGRP does not conform to this as a proprietary solution.) Has knowledge of the network based on information learned from its neighbors. Includes a routing table that is a database viewed from the perspective of each router. Uses the Bellman Ford algorithm for calculating the best path. Does not consume many router resources, but is heavy in the use of network resources. Maintains one domain in which all the routes are known. Has a hierarchical design of areas that allow for summarization and growth. For effective use, the addressing scheme should reflect the hierarchical design of the network.

Link State Routing Protocols

Sends incremental updates when a change is detected. OSPF will send summary information every 30 minutes, regardless of whether incremental updates have been sent in that time. Typically involves updates sent to those routers participating in the routing protocol domain, via a multicast address. Is capable of using a complex metric, referred to by OSPF and IS-IS as cost. Has knowledge of the network based on information learned from every router in the area. Has a topological database that is the same forevery router in the area. The routing table that is built from this database is unique to each router. Uses the Dijkstra algorithm. Uses many router resources, but is relatively low in its demand for network resources.

Is not restricted by addressing scheme. Involves slower convergence because information of changes must come from the entire network (but indirectly). Each routing table on every intervening router must be updated before the changes reach the remote end of the network.

RIP V1
Is a simple protocol to design, configure, and maintain. Does not require a hierarchical addressing scheme. Does not pass the subnet mask in the routing update and therefore is not capable of classless routing or VLSM. Is limited to a 15-hop diameter network. Does not acknowledge routing updates; just repeats them periodically (every 30 seconds). Has a routing table that is sent out of every interface every 30 seconds (by default). Can transmit information about the network in two messages: the routing update and the triggered update. Uses hop count as a metric, the number of routers to process the data.

OSPF
Is a complex protocol to design and, in some instances, to configure and maintain. If full benefits of the protocol are to be harnessed, should use a hierarchical IP addressing scheme. Carries the mask in the update and therefore can implement VLSM, summarization, and classless routing. Is unlimited in the diameter of the network, although it is suggested that an area not exceed more than 50 networks. Acknowledges updates. Involves updates sent as required (when changes are seen) and every 30 minutes after no change has been seen. Has protocols for discovering neighbors and forming adjacencies, in addition to protocols for sending updates through the network. These protocols alone add up to nine message types. Uses cost as a metric. Cost is not stated in the RFCs, but it has the capacity to be a complex calculation, as seen in Ciscos implementation. Layer 3 Routing Versus Layer 3 Switching It is important to understand the difference between Layer 3 routing and Layer 3 switching. Both terms are open to some interpretation; however, the distinction between both can perhaps be best explained by examining how an IP packet is routed. The process of routing an IP packet can be divided into two distinct processes: What is the Frame Relay? Frame Relay is a packet switching technology. It will operate in the data link layer What is a HELLOW protocol used for? The HELLO protocol used time instead of distance to determine optimal routing. It is an alternative to the routing information protocol. What is difference between ARP and RARP ? The ARP is used to associated the 32 bit ip addrss with the 48 bit physical address, used by a host or a router to find the physical address, used by a host or a router to find the physical addrss of another host on its network by sendigna ARP query packet.

THE RARP allows a host to discover its internet address when it knows only its physical address. What is Multicast routing ? Sending a message to a group is called multicasting, and its routing algorithm is called multicast routing. What is IGP( Interior Gateway Protocl)? It is any routing protocol used within an autonomous system What is OSPF ? It in an internet routing protocol that scales well,can route traffic along multiple paths, and uses k What is Load balancing? If the number of incoming clients requests exceeds the number of processes in a server class, the TP Monitor may dynamically start new ones and this is called Load balancing. What is the difference between TFTP and FTP application layer protocols? The Trivial File Transfer Protocol (TFTP) allows a local host to obtain files from a remote host but does not provide reliability or security. It uses the fundamental packet delivery services offered by UDP. The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying a file from one host to another. It uses the services offered by TCP and so is reliable and secure. It establishes two connections (virtual circuits) between the hosts, one for data transfer and another for control information. What are the advantages and disadvantages of the three types of routing tables? The three types of routing tables are fixed, dynamic, and fixed central. The fixed table must be manually modified every time there is a change. A dynamic table changes its information based on network traffic, reducing the amount of manual maintenance. A fixed central table lets a manager modify only one table, which is then read by other devices. The fixed central table reduces the need to update each machine's table, as with the fixed table. Usually a dynamic table causes the fewest problems for a network administrator, although the table's contents can change without the administrator being aware of the change. What is the difference between routable and non- routable protocols? Routable protocols can work with a router and can be used to build large networks. NonRoutable protocols are designed to work on small, local networks and cannot be used with a router.

Bridges:
These operate both in the physical and data link layers of LANs of same type. They divide a larger network in to smaller segments. They contain logic that allow them to keep the traffic for each segment separate and thus are repeaters that relay a frame only the side of the segment containing the intended recipent and control congestion. Bridges Software-based L2 Device Learn MAC addresses Segment LANs Floods broadcasts Filters Frames Usually less than 16 ports What is packet filter?

Packet filter is a standard router equipped with some extra functionality. The extra functionality allows every incoming or outgoing packet to be inspected. Packets meeting some criterion are forwarded normally. Those that fail the test are dropped. What is NETBIOS and NETBEUI? NETBIOS is a programming interface that allows I/O requests to be sent to and received from a remote computer and it hides the networking hardware from applications. NETBEUI is NetBIOS extended user interface. A transport protocol designed by microsoft and IBM for the use on small subnets. What is Proxy ARP? is using a router to answer ARP requests. This will be done when the originating host believes that a destination is local, when in fact is lies beyond router. What Is Dynamic DNS? A new feature is Dynamic DNS (DDNS) and as you begin to find out more about how name resolution and service location works, it's a feature you'll be quite thankful for. The basic premise behind DNS is that when a client starts it will register its name-to-IP address mapping with the DNS server that it's configured with. This is a giant change from NT 4.0 when administrators had to enter in all DNS records manually. DDNS works similarly to how WINS worked in NT 4.0 where most, if not all, clients were registered dynamically. NO. NAME ENCAPS / PDU DEVICES 7 Application Raw Data 6 Presentation 5 Session 4 Transport Segments 3 Network Packets Router 2 Data Link Frame Bridges, Switchs 1 Physical Bits HUB,Repeaters

Port Details
1. Shard Folder 445 2. Terminal Server Access (RDP ) 3389 3. Citrix TCP 1494 Dyn >- 1023 and UDP 1604 and Dyn >- 1023 4. Yahoo Messanger TCP 5100 5. Printer Service port TCP 9100 , 515,631 6. Mail TCP 25 SMTP 7. SQL TCP -1433 8. DBS 53 9. TACACS 49 10. sftp TCP 115 11. NTP 123 12. NNTP - 119 13. imap 143 14. Lotus Notes - 1352 tcp 15. Multicast addresses are in the range 224.0.0.0 to 239.255.255.255. 224.0.0.0 NO body 224.0.0.1 EveryBody

224.0.0.0.9 RIP router FCS ( Frame Check Sequence) Uses the standard 16-bit cyclic redundancy check (CRC) for checking frames. The FCS is the number arrived at after running the CRC and this number is placed into the field on the end of the frame. CRC - A mathematical computation to ensure the accuracy of frames transmitted between devices. Loop Avoidance When multiple connections between switches are created for redundancy, network loops can occur. Spanning-Tree Protocol is used to stop loops while allowing redundancy Layer 2 Switching Logic A frame is received: Destination Multicast or Broadcast Flood Destination Unknown Unicast Flood Destination Unicast in MAC Table Forward Destination Unicast Same Port Filter Cut-through: Copies only the destination address into its buffers Fast switching, but will pass corrupted frames Low latency because it begins to forward the frame as soon as it reads the destination address Store-and-Forward: Copies the entire frame into its onboard buffers and computes the cyclic redundancy check (CRC) Latency varies depending on the frame length. Fragment Free (Modified): Waits for the collision window (first 64 bytes) to pass before Forwarding Combines error checking with low latency Address Learning: Building the CAM Table CAM Table is empty at power-on. Switch learns MAC address from Source Address field in Header. Source Address is placed in CAM Table, associated with its port. Can more than one MAC can be associated with a single port? Subsequent frames with Destination Address found in CAM Table are directed to the proper port. Later frames with DA not found in CAM Table are flooded to all ports. CAM entries do age out after a period of inactivity 300 seconds (5 minutes). CAM Table Address Types Dynamic Learned by looking at the SA (source address) of every incoming frame. Aged out periodically Default is 300 seconds Permanent/Static Manually configured. Never aged out of CAM table until an administrator makes a change. L2 Address/Port Switches operate primarily at L2 of the OSI Model.

Summary Switches move frames throughout our networks by checking the DMAC address from the CAM Table and forwarding (or filtering if necessary) to the destination. The switchs CAM Table is built by looking at the Source MAC address of every frame that enters the switch. CAM Table entries are removed after 5 minutes of inactivity (by default). Firewall What is stateful inspection firewall Stateful inspection technology (a.k.a. dynamic packet filtering) in firewalls refers to the ability to track connection "state information" in addition to simple packet filtering for a more robust security. What that means is, the firewall has the ability to base control decisions (e.g. whether to accept/reject/authenticate/encrypt/log attempts) based on previous communication with the external host, as well as other applications connected to it. In other words, stateful inspection allows for a more intelligent decision-making than simple port/packet-based access blocking. A stateful inspection firewall has the ability to retrieve and manipulate information derived from all communication layers and from other applications. Stateful inspection is a firewall architecture that works at the network layer. Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection examines not just the header information but also the contents of the packet up through the application layer in order to determine more about the packet than just information about its source and destination. Firewall Technologies 1. Packet Filtering 2. Application Layer Gateways 3. Stateful Inspection 4. Content filtering Packet Filtering The action a device takes to selectively control the flow of data to and from a network. Packet filters allow or block packets, usually while routing them from one network to another (most often from the Internet to an internal network, and vice versa ). To accomplish packet filtering, you set up a set of rules that specify what types of packets (e.g., those to or from a particular IP address or port) are to be allowed and what types are to be blocked. Packet filtering may occur in a router, in a bridge, or on an individual host A packet filtering router should be able to filter IP packets based on the following foure fields 1. Source IP address 2. Destination IP address 3. TCP / UDP source and Destinition ports Application Level Security Content Filtering The Application data is handed over to a content filtering server that unpacks the dat to see what is inside, and harmful content is then disposed of.. For Example zipped files are unzipped first to see what is inside them, If the content contains a virus it will be discarded or disinfected. File types are identified and undesirable types. E.g executables can be removed, according to the security policy. Different between broadcast domain and collision domain. or explain broadcast domain and collision domain.

Broadcast domain is related to communicate data in another network , it is related with Network layer (IIIrd layer of osi model) , means from single point of network u can broadcast packets to many clients on another netwrok. Collision domain is can be in your same network , switches are producing collision domain breakup , because each port of swith is capable for collision domain breakup. This article discusses the known TCP/IP ports (TCP and/or UDP) that are used by Citrix services. Information Function Ports ICA (Default) TCP: 1494 IMA TCP: 2512 CMC TCP: 2513 SSL TCP: 443 STA (IIS) TCP: 80 TCP Browsing UDP: 1604 XML (Default) TCP: 80 Citrix License Management Console TCP: 8082 Presentation Server Licensing TCP: 27000 ICA session w/ Session Reliability enabled TCP: 2598 BOOTP helps a diskless workstation boot. How does it get a message to the network looking for its IP address and the location of its operating system boot files BOOTP sends a UDP message with a subnetwork broadcast address and waits for a reply from a server that gives it the IP address. The same message might contain the name of the machine that has the boot files on it. If the boot image location is not specified, the workstation sends another UDP message to query the server. What protocol is used by DNS name servers DNS uses UDP for communication between servers. It is a better choice than TCP because of the improved speed a connectionless protocol offers. Of course, transmission reliability suffers with UDP. Explain Kerberos It is an authentication service developed at the Massachusetts Institute of Technology. Kerberos uses encryption to prevent intruders from discovering passwords and gaining unauthorized access to files. Explain attenuation The degeneration of a signal over distance on a network cable is called attenuation. Explain cladding A layer of a glass surrounding the center fiber of glass inside a fiber-optic cable. Explain RAID A method for providing fault tolerance by using multiple hard disk drives. Explain redirector Redirector is software that intercepts file or prints I/O requests and translates them into network requests. This comes under presentation layer Explain Beaconing The process that allows a network to self-repair networks problems. The stations on the network

notify the other stations on the ring when they are not receiving the transmissions. Beaconing is used in Token ring and FDDI networks. Explain terminal emulation, in which layer it comes Telnet is also called as terminal emulation. It belongs to application layer. How Gateway is different from Routers A gateway operates at the upper levels of the OSI model and translates information between two completely different network architectures or data formats. What is IP spoofing? Many firewalls examine the source IP addresses of packets to determine if they are legitimate. A firewall may be instructed to allow traffic through if it comes from a specific trusted host. A malicious cracker would then try to gain entry by "spoofing" the source IP address of packets sent to the firewall. If the firewall thought that the packets originated from a trusted host, it may let them through unless other criteria failed to be met. Of course the cracker would need to know a good deal about the firewall's rule base to exploit this kind of weakness. This reinforces the principle that technology alone will not solve all security problems. Responsible management of information is essential. One of Courtney's laws sums it up: "There are management solutions to technical problems, but no technical solutions to management problems". An effective measure against IP spoofing is the use of a Virtual Private Network (VPN) protocol such as IPSec. This methodology involves encryption of the data in the packet as well as the source address. The VPN software or firmware decrypts the packet and the source address and performs a checksum. If either the data or the source address have been tampered with, the packet will be dropped. Without access to the encryption keys, a potential intruder would be unable to penetrate the firewall. Dijkstra Algorithm : A complex algorithm used by routers running link- state routing protocols to find the shortest path to the destination. Flood : When Network information is flooded, it is send to every network device in the domain. Fully adjacency: When the routing tables of the two neighbors are fully synchronized. Init State : State is which hello packet has been sent from router, which is waiting for a replay to established two way communication. Internal Router : A router that has all its interface in the same area. Layer 2 Switching 1. A table of MAC address and their associated bridges switch ports in build and maintained 2. Broadcast and multicast frames are flooded out to all ports 3. Frame destination to unknown location are flooded out to all ports 4. Switch must forward brad cast domain to all ports ( Draw back) 5. STP can have a slow convergence time with the switch topology changes Layer 3 Switching 1. Packet are forward between Network based on layer 3 address 2. an optimal path has been take to next router 3. An optimal path can eb chosed at any position 4. A route must examine each packet layer -3 header before make a router destination. 5. packet forward involves a table involves table lookup to the destination outward , next hop route address and route own outbound interface 6. Route do now forward a packet , and it forward multicast packet. Layer 3 Switching 1. Packet are forward at layer -3

2. packet are forward with security control and quality of service (Qos) using layer -3 address info 3. layer -3 switch are design and examin and forward packet in high speed LAN environment Layer -4 switching 1. Packet are forward using hardware baed on layer -3 addressing and layer -4 aapplicion info. 2. Layer -4 protocol type (TCP, UDP) in packet hedder are examined 3. Lyaer -4 segment examined applion port no 4. Traffic can be prioritized according to soruce and destenaion address and QoS also defiend in layers 5. Layer -2 and layer -3 device have forward table based on MAC address 6. Layer -4 must keep trace of application protocol. How does Asynchronous Transfer Mode (ATM) work? A: ATM works by transmitting all traffic in small, fixed-sized cells. These small, fixed-size cells reduces queuing delay and can be switched quickly. ATM fits into layer 2 of the OSI model and provides functions for framing and error correction. At the port interface, ATM switches convert cells into frames, and vice versa. ATM provides Quality of Service and traffic shaping. 1. Which Layer does MAC operate in the OSI model? (Data link Layer- L2) 2. What is CSMA/CD and with which technology is it associated? Carrier Sense Multiple Access with Collision Detection - Ethernet 3. Which ring topology provides redundancy? (FDDI) 4. A class A Network address with /24 masks. How many IPs and which are they? (254) (X.X.X.1-254) 5. For a class 10.0.0.0/30, how many host IPs can be allocated? (2 valid node IPs can be configured) 6. What is the Private range of IP addresses? (10.0.0.0/8, 172.16.0.0/16 through 172.31.0.0/16 and 192.168.0.0/24) 7. How do you set the proxy configuration in IE? Tools- Internet Options- Connections- LAN Settings either detect automatically or provide the IP address and the Proxy port no. 8. What is reverse proxy? 9. Standby IP is a terminology used in which technology HSRP 10. What are the different states in which a switch may be configured in a VTP Domain? VTP Server, VTP client, VTP Transparent. Default is VTP Server. 11. What are the different states through which a switch port is when powered on? Blocking, Listening, Learning and Forwarding. 12. Which protocol is used for communication between SNA to Ethernet Networks? DLSW Datalink Switching 13. Use of router priority 1-255 is configured to achieve what purpose and in which protocol? It is used in OSPF to elect DR on broadcast medium. The router with highest priority gets chosen as a DR. The default mechanism is that the router with the highest interface IP address is elected as the DR. In order to manually force the router to be DR is done using the router ospf priority <value> 14.Read, Write, Permanent TRAP are synonymous to which application?

SNMP 15. What command is used in Solaris to see the total file size in Kbps df k 16. What is an MX record? MX Mailing exchange record is used to configure your mail servers and IP addresses and advertise it to the external. Preference values may also be set for usage. 17. What is DNS Zone transfer? 18. What are the types of packets exchanged in a 3 Way TCP / IP Handshake between two hosts. Sync, Sync Ack and Ack are the three type of packets used in 3-way TCP/IP handshake. What is SSL? SSL Stands for Secured Sockets Layer. SSL works by using a public key to encrypt data that's transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to safely transmit confidential information, such as credit card numbers. What is Socks? SOCKSv5 is an IETF (Internet Engineering Task Force) approved standard (RFC 1928) generic, proxy protocol for TCP/IP-based networking applications. The SOCKS protocol provides a flexible framework for developing secure communications by easily integrating other security technologies. SOCKS include two components, the SOCKS server and the SOCKS client. The SOCKS server is implemented at the application layer, while the SOCKS client is implemented between the application and transport layers. The basic purpose of the protocol is to enable hosts on one side of a SOCKS server to gain access to hosts on the other side of a SOCKS Server, without requiring direct IP-reachability. When an application client needs to connect to an application server, the client connects to a SOCKS proxy server. The proxy server connects to the application server on behalf of the client, and relays data between the client and the application server. For the application server, the proxy server is the client. What needs to be configured to have multiple VLAN information propagated to other switches? Trunk What is Split Horizon? Routes learnt via a particular interface are not advertised via the same interface. This is used to prevent routing loops in routing. What is the difference between PAT and NAT? PAT is one to many Translations NAT is one to one Translation Should NetBIOS traffic be permitted on a firewall? No. 61. What is the difference between TACACS and TACACS Plus? Answr: Find your self ADC to DC Replication Port details

RPC endpoint mapper 135/tcp, 135/udp NetBIOS name service 137/tcp, 137/udp NetBIOS datagram service 138/udp NetBIOS session service 139/tcp RPC static port for AD replication <AD-fixed-port>/TCP RPC static port for FRS <FRS-fixed-port>/TCP SMB over IP (Microsoft-DS) 445/tcp, 445/udp LDAP 389/tcp LDAP ping 389/udp LDAP over SSL 636/tcp Global catalog LDAP 3268/tcp Global catalog LDAP over SSL 3269/tcp Kerberos 88/tcp, 88/udp DNS 53/tcp, 53/udp WINS resolution (if required) 1512/tcp, 1512/udp WINS replication (if required) 42/tcp, 42/udp There are four major differences between UDP and TCP: 1. TCP can establish a Connection, UDP cannot; 2. TCP provides a stream of unlimited length, UDP sends small packets; 3. TCP guarantees that as long as you have a connection data sent will arrive at the destination, UDP provides no guaranteed delivery; 4. UDP is faster for sending small amounts of data since no connection setup is required, the data can

What is Remote Procedure Call (RPC)?

RPC hides the intricacies of the network by using the ordinary procedure call mechanism familiar to every programmer. A client process calls a function on a remote server and suspends itself until it gets back the results. Parameters are passed like in any ordinary procedure. The RPC, like an ordinary procedure, is synchoronous. The process that issues the call waits until it gets the results. What is anonymous FTP and why would you use it? Anonymous FTP enables users to connect to a host without using a valid login and password. Usually, anonymous FTP uses a login called anonymous or guest, with the password usually requesting the users ID for tracking purposes only. Anonymous FTP is used to enable a large number of users to access files on the host without having to go to the trouble of setting up logins for them all. Anonymous FTP systems usually have strict controls over the areas an anonymous user can access. Q. If there is no priority configured for a standby group, what determines which router is active? A. The priority field is used to elect the active router and the standby router for the specific group. In the case of an equal priority, the router with the highest IP address for the respective group is elected as active. Furthermore, if there are more than two routers in the group, the second highest IP address determines the standby router and the other router/routers are in the listen state. Note: If no priority is configured it uses the default of 100. Which HSRP router requires that I configure preempt?

A. An HSRP-enabled router with preempt configured attempts to assume control as the active router when its Hot Standby priority is higher than the current active router. The standby preempt command is needed in situations when you want an occurring state change of a tracked interface to cause a standby router to take over from the active router. For example, an active router tracks another interface and decrements its priority when that interface goes down. The standby router priority is now higher and it sees the state change in the hello packet priority field. If preempt is not configured, it cannot take over and failover does not occur. Q. I am using HSRP and all hosts are using the active router to forward traffic to the rest of my network. I have noticed that the return traffic comes back through the standby router. Will this cause problems with HSRP or my applications? A. No, normally this is transparent to all hosts and/or servers on the LAN and can be desirable if a router experiences high traffic. You can change this by configuring a more desirable cost for the link you would like the distant router/routers to use. Q. Can I run NAT and HSRP together? A. You can configure network address translation (NAT) and HSRP on the same router. However, arouter that runs NAT holds state information for traffic that is translated through it. If this is the active HSRP router and the HSRP standby takes over, the state information is lost. Q. HSRP stops working when an Access Control List (ACL) is applied. How can I permit HSRP through an ACL? A. HSRP hello packets are sent to multicast address 224.0.0.2 using UDP port 1985. Whenever an ACL is applied to an HSRP interface, ensure that packets destined to 224.0.0.2 on UDP port 1985 are permitted. The Hot Standby Router Protocol (HSRP) provides network redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first hop failures in network edge devices or access circuits.