From: karim jamali (karim.jamali@gmail.com)
Date: Fri Feb 06 2009 - 16:42:49 ARST
Dear Experts,
I have MANY questions I would like to pose.I would be really glad for your
help and support.
*TOPIC 1: BRIDGING*
1) I do understand how to configure bridging i.e. the three main types
a) transparent ( it constitutes of forming a bridge-group and assigning the
interfaces to that bridge-group)
b) CRB ( A BVI represents the bridged domain to the Layer 3 domain. You can
run OSPF/RIP/EIGRP..etc on the BVI to communicate with other L3 devices.
But if another interface on that same router is running a routing
protocol,there will be no communication between the two domains , i.e. You
can't come in through the BVI to reach
the routes learned from the other interface and vice-versa
c) IRB: similar to CRB but the problem of the communication between the two
domains is solved.
But i don't have a thorough understanding of How BRIDGING Works?If anyone
can provide me a link/document/explanation i will be thankful.
*TOPIC 2: MULTICAST*
1) When Using Auto-RP do i need the rp-announce-filter command if i already
set the ip pim send-rp-announce (associated with an access-list)?Is there
any use of having it on both sides?
2) ip igmp access-group under an interface will determine whether hosts can
join/not a certain multicast group.Please correct me if i am wrong.
3) What is the difference Between using access-list to deny traffic for
certain groups and using ip multicast-boundary?
*TOPIC 3: NAC(Network Admission Control)*
The 3 players which i know about in NAC are Network Access Device( in R&S
the router),Cisco Trust Agent( software which runs on end point
clients),ACS.
The NAC (Router) will challenge the host about its antivirus state, the
Cisco trust agent is the one responsible for collecting statistics on the
end machine and sending it
to the Router.
FROM DOC CD simply
The endpoint system is then challenged for its antivirus state over an
EAPoUDP association. The endpoint system gains access to the network if it
complies with the network admission control policy as evaluated by the Cisco
Secure ACS. If the endpoint system does not comply, the device is either
denied access or quarantined.
**
*Is this the concept behind NAC?Is it only used for Antivirus checking ??*
**
*TOPIC 4: IP PREFIX-LISTS*
I am fine with using simple prefix lists 192.168.1.0/24 or matching simple
stuff (default route /match any...etc) 0.0.0.0/0 ...0.0.0.0/0 le 32
But Can someone explain to me for instance 192.168.44.0/22 gt 23 le 26 ? How
can i figure out what exactly i am matching?
*TOPIC 5: Protocol Numbers*
I got a task that says to match SMTP/POP3...etc. Should i memorize the port
numbers?is there a way i can figure it out?I would be grateful for any
reference.
TOPIC 6: *PPP OVER FRAME-RELAY*
When I am running PPP Over FRAME-RELAY ON A MULTIPOINT SUBINTERFACE with two
DLCIs (101,102) for instance, I noticed i had two virtual-access interfaces
came up for each of the two dlcis. show ip route to any route in the domain
showed me the route repeated twice one per
dlci(virtual-access1,virtual-access2) . Is this normal behavior?
How will the router know where to recurse to? What if it recurses to the
virtual-access interface which corresponds to the wrong dlci. I had
reachability problems due to this when testing. If someone knows anything
about this please explain.
I will be grateful for any help i will get.
-- KJBlogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:10 ARST