350-401 Exam Dumps - Implementing Cisco Enterprise Network Core Technologies (ENCOR)

Cisco Express Forwarding (CEF) switching is a proprietary form of scalable switching intended to tackle the problems associated with demand caching. With CEF switching, the information which is conventionally stored in a route cache is split up over several data structures. The CEF code is able to maintain these data structures in the Gigabit Route Processor (GRP), and also in slave processors such as the line cards in the 12000 routers. The data structures that provide optimized lookup for efficient packet forwarding include:

• The Forwarding Information Base (FIB) table - CEF uses a FIB to make IP destination prefix-based switching decisions. The FIB is conceptually similar to a routing table or information base. It maintains a mirror image of the forwarding information contained in the IP routing table. When routing or topology changes occur in the network, the IP routing table is updated, and these changes are reflected in the FIB. The FIB maintains next-hop address information based on the information in the IP routing table.

Because there is a one-to-one correlation between FIB entries and routing table entries, the FIB contains all known routes and eliminates the need for route cache maintenance that is associated with switching paths such as fast switching and optimum switching.

• Adjacency table - Nodes in the network are said to be adjacent if they can reach each other with a single hop across a link layer. In addition to the FIB, CEF uses adjacency tables to prepend Layer 2 addressing information. The adjacency table maintains Layer 2 next-hop addresses for all FIB entries.

CEF can be enabled in one of two modes:

• Central CEF mode - When CEF mode is enabled, the CEF FIB and adjacency tables reside on the route processor, and the route processor performs the express forwarding. You can use CEF mode when line cards are not available for CEF switching, or when you need to use features not compatible with distributed CEF switching.
• Distributed CEF (dCEF) mode - When dCEF is enabled, line cards maintain identical copies of the FIB and adjacency tables. The line cards can perform the express forwarding by themselves, relieving the main processor - Gigabit Route Processor (GRP) - of involvement in the switching operation. This is the only switching method available on the Cisco 12000 Series Router.

dCEF uses an Inter-Process Communication (IPC) mechanism to ensure synchronization of FIBs and adjacency tables on the route processor and line cards.

For more information about CEF switching, see Cisco Express Forwarding (CEF) White Paper.

During operation, an Egress Tunnel Router (ETR) sends periodic Map-Register messages to all its configured map servers.

A 401 error response indicates that the client tried to operate on a protected resource without

providing the proper authorization. It may have provided the wrong credentials or none at all.

Note: answer 'HTTP Status Code 200' 4xx code indicates a “client error” while a 5xx code indicates

a “server error”.

EIGRP is based on DUAL (Diffusing Update Algorithm) while OSPF uses Dijkstra's Shortest Path Algorithm with the major difference in how they calculate the shortest routing path.

OSPF has capability to calculate the best shortest path to each reachable subnet/network using an algorithm called SFP (Shortest Path First) also known as Dijkstra algorithm. “Neighbor Table” that contain all discovered OSPF neighbour with whom routing information will be interchanged.

As these wireless networks grow especially in remote facilities where IT professionals may not always be onsite, it becomes even more important to be able to quickly identify and resolve potential connectivity issuesideally before the users complain or notice connectivity degradation. To address these issues we have created Cisco’s Wireless Service Assurance and a new AP mode called “sensor”mode. Cisco’s Wireless Service Assurance platform has three components, namely, Wireless PerformanceAnalytics, Real-time Client Troubleshooting, and Proactive Health Assessment. Using a supported AP ordedicated sensor the device can actually function much like a WLAN client would associating andidentifying client connectivity issues within the network in real time without requiring an IT or technician to beon site.

RSSI, or “Received Signal Strength Indicator,” is a measurement of how well your device can hear a signal from an access point or router. It’s a value that is useful for determining if you have enough signal to get a good wireless connection.

This value is measured in decibels (dBm) from 0 (zero) to -120 (minus 120). The closer to 0 (zero) the stronger the signal is which means it’s better, typically voice networks require a -65db or better signal level while a data network needs -80db or better.

Explanation

The top SD-WAN benefits are:

+ Increased bandwidth at a lower cost

+ Centralized management across branch networks

+ Full visibility into the network

+ Providing organizations with more connection type options and vendor selection when building a network.

The Design area is where you create the structure and framework of your network, including the physical topology, network settings, and device type profiles that you can apply to devices throughout your network. Use the Design workflow if you do not already have an existing infrastructure. If you have an existing infrastructure, use the Discovery feature.

https://www.cisco.com/c/en/us/td/docs/clou d-systems-management/network-automation-and-management/dna-center/2-1-2/user_guide/b_cisco_dna_center_ug_2_1_2/b_cisco_dna_center_ug_2_1_1_chapter_0110.html

“The next step is to configure the WLC for the Internal web authentication. Internal web authentication is the defaultweb authentication type on WLCs.”

In step 4 of the link above, we will configure Security as described in this question. Therefore we can deduce thisconfiguration is for Internal web authentication.

This paragraph was taken from the link https://www.ci sco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html#c5 :

option interface-table

This command causes the periodic sending of an options table, which will allow the collector to map the interface SNMP indexes provided in the flow records to interface names. The optional timeout can alter the frequency at which the reports are sent.

Router(config)# flow exporter FLOW-EXPORTER-1

Router(config-flow-exporter)# option interface-table

https://www.cisco.c om/c/en/us/td/docs/ios/fnetflow/command/reference/fnf_book/fnf_02.html

Lines (CON, AUX, VTY) default to level 1 privileges.

Graphical user interface, text Description automatically generated

C:\Users\SANJAY~1\AppData\Local\Temp\SNAGHTML492d5ca9.PNG

The last two-digit hex value in the MAC address presents the HSRP group number. In this case 16 in decimal is 10 in hexadecimal

A picture containing diagram Description automatically generated

The AP will attempt to resolve the DNS name CISCO-CAPWAP-CONTROLLER.localdomain. When the AP is able to resolve this name to one or more IP addresses, the AP sends a unicast CAPWAP Discovery Message to the resolved IP address(es). Each WLC that receives the CAPWAP Discovery Request Message replies with a unicast CAPWAP Discovery Response to the AP.

Generally, a signal with an SNR value of 20 dB or more is recommended for data networks where as an SNR value of 25 dB or more is recommended for networks that use voice applications

https://doc umentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Signal-to-Noise_Ratio_(SNR)_and_Wireless_Signal_Strength#:~:text=Generally%2C%20a%20signal%20with%20an,networks%20that%20use%20voice%20applications.

• Step 1. Create the loopback interface using the interface loopback number global configuration command.
• Step 2. Add a description. Although optional, it is a necessary component for documenting a network.
• Step 3. Configure the IP address.

For example, the following commands configure a loopback interface of the R1 router shown in (shown earlier in the chapter):

R1# configure terminal

R1(config)# interface loopback 0

R1(config-if)# ip address 10.0.0.1 255.255.255.0

R1(config-if)# exit

R1(config)#

If the DF bit is set, routers cannot fragment packets. From the output below, we learn

that the maximum MTU of R2 is 1492 bytes while we sent ping with 1500 bytes.

Therefore these ICMP packets were dropped.

Note: Record option displays the address(es) of the hops (up to nine) the packet

goes through.

Separation of Privilege: Granting permissions to an entity should not be purely based on a single condition, a combination of conditions based on the type of resource is a better idea.

https://restfulapi.net/security-essentials/#:~:tex t=REST%20Security%20Design%20Principles&text=Least%20Privilege%3A%20An%20entity%20should,when%20no%20longer%20in%20use.

When should I use the master controller mode on a WLC? – When there is a master controller enabled, all newly added access points with no primary, secondary, or tertiary controllers assigned associate with the master controller on the same subnet.

Example: Configuring an ERSPAN Source Session on a WAN Interface

The following example shows how to configure more than one WAN interface in a single ERSPAN source monitor session. Multiple interfaces have been separated by a commas.

monitor session 100 type erspan-source

source interface Serial 0/1/0:0, Serial 0/1/0:6

Example: Configuring an ERSPAN Destination Session

The following example shows how to configure an ERSPAN destination session:

monitor session 2 type erspan-destination

destination interface GigabitEthernet1/3/2

destination interface GigabitEthernet2/2/0

source

erspan-id 100

ip address 10.10.0.1

A TLOC is a Transport Locator that represents an attachment point where a Cisco WAN Edge device connects to a WAN transport. A TLOC is uniquely identified by a tuple of three values - (System-IP address, Color, Encapsulation).

A TLOC route consists of all required information needed by a remote peer in order to establish an overlay tunnel with that TLOC. This includes private and public IP addresses and ports, site-id, preference, weight, status, encapsulation info such as encryption and authentication parameters, and much more.

https://www.aspiretransforms.com/2018/06/06/ insider-guide-cisco-sd-access/

A picture containing table Description automatically generated

A control plane node maintains a host tracking database (HTDB), and also uses Locator/ID Separation Protocol (LISP) to provide a map server, populating the HTDB from fabric edge registration messages; and a map resolver to respond to queries from edge devices requesting location information about destination nodes.

A system should validate access rights to all its resources to ensure that they are allowed and should not rely on the cached permission matrix. If the access level to a given resource is being revoked, but that is not being reflected in the permission matrix, it would be violating security.

https://medium.com/strike-sh/rest-security-desig n-principles-434bd6ee57ea

Orchestration

 Orchestration means arranging or coordinating multiple systems. It’s also used to mean “running the same tasks on a bunch of servers at once, but not necessarily all of them.”

 Configuration Management

Config Management is part of provisioning. Basically, that’s using a tool like Chef, Puppet or Ansible to configure our server. “Provisioning” often implies it’s the first time we do it. Config management usually happens repeatedly.

Configuration management (CM) is a systems engineering process for establishing and maintaining consistency of a product’s performance, functional, and physical attributes with its requirements, design, and operational information throughout its life Configuration management is all about bringing consistency in the infrastructure.

Configuration Orchestration vs Configuration Management

The first thing that should be clarified is the difference between “configuration orchestration” and “configuration management” tools, both of which are considered IaC tools and are included on this list.

Configuration orchestration tools, which include Terraform and AWS CloudFormation, are designed to automate the deployment of servers and other infrastructure. Configuration management tools like Chef, Puppet, and the others on this list help configure the software and systems on this infrastructure that has already been provisioned.

We cannot filter traffic that is originated from the local router (R3 in this case) so we can only configure the ACL on R1 or R2. “Weekend hours” means from Saturday morning through Sunday night so we have to configure: “periodic weekend 00:00 to 23:59”.Note: The time is specified in 24-hour time (hh:mm), where the hours range from 0 to 23 and the minutes range from 0 to 59.

Operation Modes

There are two modes of operation for the FlexConnect AP.

• Connected mode: The WLC is reachable. In this mode the FlexConnect AP has CAPWAP connectivity with its WLC.
• Standalone mode: The WLC is unreachable. The FlexConnect has lost or failed to establish CAPWAP connectivity with its WLC. A WAN-link outage between a branch and its central site is a example of such a mode of operation.

FlexConnect States

A FlexConnect WLAN, depending on its configuration and network connectivity, is classified as being in one of the following defined states.

• Authentication-Central/Switch-Central: This state represents a WLAN that uses a centralized authentication method such as 802.1X, VPN, or web. User traffic is sent to the WLC via CAPWAP (Central switching). This state is supported only when FlexConnect is in connected mode.
• Authentication Down/Switching Down: Central switched WLANs no longer beacon or respond to probe requests when the FlexConnect AP is in standalone mode. Existing clients are disassociated.
• Authentication-Central/Switch-Local: This state represents a WLAN that uses centralized authentication, but user traffic is switched locally. This state is supported only when the FlexConnect AP is in connected mode.
• Authentication-Down/Switch-Local: A WLAN that requires central authentication rejects new users. Existing authenticated users continue to be switched locally until session time-out if configured. The WLAN continues to beacon and respond to probes until there are no more existing users associated to the WLAN. This state occurs as a result of the AP going into standalone mode.
• Authentication-local/switch-local: This state represents a WLAN that uses open, static WEP, shared, or WPA2 PSK security methods. User traffic is switched locally. These are the only security methods supported locally if a FlexConnect goes into standalone mode. The WLAN continues to beacon and respond to probes. Existing users remain connected and new user associations are accepted. If the AP is in connected mode, authentication information for these security types is forwarded to the WLC.

Cisco DNA Center creates the backup files and posts them to a remote server. Each backup is uniquely stored using the UUID as the directory name.To support Assurance data backups, the server must be a Linux-based NFS server that meets the following requirements:– Support NFS v4 and NFS v3.– Cisco DNA Center stores backup copies of Assurance data on an external NFS device and automation data on an external remote sync (rsync) target location.– The remote share for backing up an Assurance database (NDP) must be an NFS share.

Layer2 Flooding

Cisco SD-Access fabric provides many optimizations to improve unicast traffic flow, and to reduce the unnecessary flooding of data such as broadcasts. But, for some traffic and applications, it may be desirable to enable broadcast forwarding within the fabric.

By default, this is disabled in the Cisco SD-Access architecture. If broadcast, Link local multicast and Arp flooding is required, it must be specifically enabled on a per-subnet basis using Layer 2 flooding feature.

Layer 2 flooding can be used to forward broadcasts for certain traffic and

application types which may require leveraging of Layer 2 connectivity, such as silent hosts, card readers, door locks, etc.

Causes of Errdisable

This feature was first implemented in order to handle special collision situations in which the switch detected excessive or late collisions on a port. Excessive collisions occur when a frame is dropped because the switch encounters 16 collisions in a row. Late collisions occur after every device on the wire should have recognized that the wire was in use. Possible causes of these types of errors include:

• A cable that is out of specification (either too long, the wrong type, or defective)
• A bad network interface card (NIC) card (with physical problems or driver problems)
• A port duplex misconfiguration

A port duplex misconfiguration is a common cause of the errors because of failures to negotiate the speed and duplex properly between two directly connected devices (for example, a NIC that connects to a switch). Only half-duplex connections should ever have collisions in a LAN. Because of the carrier sense multiple access (CSMA) nature of Ethernet, collisions are normal for half duplex, as long as the collisions do not exceed a small percentage of traffic.

https://www.rapidtables.com/convert/number/hex-to-decimal.html

(19)₁₆ = (1 × 16¹) + (9 × 16⁰) = (25)₁₀

The established keyword is only applicable to TCP access list entries to match TCP segments that have the ACK and/or RST control bit set (regardless of the source and destination ports), which assumes that a TCP connection has already been established in one direction only. Let’s see an example below:

Suppose you only want to allow the hosts inside your company to telnet to an outside server but not vice versa, you can simply use an ― ”established” access-list like this:

access-list 100 permit tcp any any established

access-list 101 permit tcp any any eq telnet

!

interface S0/0

ip access-group 100 in

ip access-group 101 out

Note: Suppose host A wants to start communicating with host B using TCP. Before they can send real data, a three-way handshake must be established first. Let‘s see how this process takes place:

1. First host A will send a SYN message (a TCP segment with SYN flag set to 1, SYN is short for SYNchronize) to indicate it wants to setup a connection with host B. This message includes a sequence (SEQ) number for tracking purpose. This sequence number can be any 32-bit number (range from 0 to 232) so we use ―”x” to represent it.

2. After receiving SYN message from host A, host B replies with SYN-ACK message (some books may call it ―SYN/ACK‖ or ―SYN, ACK‖ message. ACK is short for ACKnowledge). This message includes a SYN sequence number and an ACK number:

+ SYN sequence number (let‘s called it “y”) is a random number and does not have any relationship with Host A‘s SYN SEQ number.

+ ACK number is the next number of Host A‘s SYN sequence number it received, so we represent it with “x+1″. It means ―I received your part. Now send me the next part (x + 1)”.

The SYN-ACK message indicates host B accepts to talk to host A (via ACK part). And ask if host A still wants to talk to it as well (via SYN part).

3. After Host A received the SYN-ACK message from host B, it sends an ACK message with ACK number “y+1” to host B. This confirms host A still wants to talk to host B.

Fabric Enabled WLC:

Fabric enabled WLC is integrated with LISP control plane. This WLC is responsible for AP image /Config, Radio Resource Management, Client Session management and roaming and all other wireless control plane functions.

For WLC Fabric Integration:

• Wireless Client MAC address is used as EID
• It inform about Wireless MAC address with its other information like SGT and Virtual Network Information
• VN information is mapped to VLAN on FEs
• WLC is responsible for updating Host Database tracking DB with roaming information

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html#FabricWLC

Both fabric WLCs and non-fabric WLCs provide AP image and configuration management, client session management, and mobility services. Fabric WLCs provide additional services for fabric integration such as registering MAC addresses of wireless clients into the host tracking database of the fabric control plane nodes during wireless client join events and supplying fabric edge node RLOC-association updates to the HTDB during client roam events.

Suppose a transmitter is configured for a power level of 10 dBm. A cable with 5-dB loss connects the transmitter to an antenna with an 8-dBi gain. The resulting EIRP of the system is EIRP = 10 dBm – 5 dB + 8 dBi = 13 dBm.

In contrast to type 1 hypervisor, a type 2 hypervisor (or hosted hypervisor) runs on top of an operating system and not the physical hardware directly. A big advantage of Type 2 hypervisors is that management console software is not required. Examples of type 2 hypervisor are VMware Workstation (which can run on Windows, Mac and Linux) or Microsoft Virtual PC (only runs on Windows).

An example of configuring NTP authentication is shown below:

Router1(config)#ntp authentication-key 2 md5 itexamanswersRouter1(config)#ntp authenticateRouter1(config)#ntp trusted-key 2

The Option 43 hexadecimal string is assembled as a sequence of the TLV values for the Option 43 suboption: Type + Length + Value. Type is always the suboption code 0xf1. Length is the number of controller management IP addresses times 4 in hex. Value is the IP address of the controller listed sequentially in hex.

On this question, there is 1 controller with management interface IP addresses 172.16.50.5/24. The type is 0xf1. The length is 1 * 4 = 8 = 0x04. The mgmt IP addresses 172.16.50.5 translate to ac.10.32.05 (0xac103205). When the string is assembled, it yields f108c0a80a05c0a80a14. The Cisco IOS command that is added to the DHCP scope is:

option 43 hex f104ac103205

These message logs inform that the radio channel has

been reset (and the AP must be down briefly). With

dynamic channel assignment (DCA), the radios can

frequently switch from one channel to another but it also

makes disruption. The default DCA interval is 10 minutes,

which is matched with the time of the message logs. By

increasing the DCA interval, we can reduce the number of

times our users are disconnected for changing radio

channels.

SW3 does not have VLAN 60 so it should not receive traffic for this VLAN (sent from SW2).

Therefore we should configure VTP Pruning on SW3 so that SW2 does not forward VLAN 60 traffic

to SW3. Also notice that we need to configure pruning on SW1 (the VTP Server), not SW2.

The Cisco TrustSec solution simplifies the provisioning and management of network access control through the use of software-defined segmentation to classify network traffic and enforce policies for more flexible access controls. Traffic classification is based on endpoint identity, not IP address, enabling policy change without net-work redesign.

With BGP, we must advertise the correct network and subnet mask in the “network” command (in

this case network 10.1.1.0/24 on R1 and network 10.2.2.0/24 on R2). BGP is very strict in the

routing advertisements. In other words, BGP only advertises the network which exists exactly in

the routing table. In this case, if you put the command “network x.x.0.0 mask 255.255.0.0” or

“network x.0.0.0 mask 255.0.0.0” or “network x.x.x.x mask 255.255.255.255” then BGP will not

advertise anything.

It is easy to establish eBGP neighborship via the direct link. But let’s see what are required when

we want to establish eBGP neighborship via their loopback interfaces. We will need two

commands:

+ the command “neighbor 10.1.1.1 ebgp-multihop 2” on R1 and “neighbor 10.2.2.2 ebgpmultihop

2” on R1. This command increases the TTL value to 2 so that BGP updates can reach the

BGP neighbor which is two hops away.

+ Answer ‘R1 (config) #router bgp 1

R1 (config-router) #neighbor 192.168.10.2 remote-as 2

R1 (config-router) #network 10.1.1.0 mask 255.255.255.0

R2 (config) #router bgp 2

R2 (config-router) #neighbor 192.168.10.1 remote-as 1

R2 (config-router) #network 10.2.2.0 mask 255.255.255.0

Quick Wireless Summary

Cisco Access Points (APs) can operate in one of two modes: autonomous or lightweight

+ Autonomous: self-sufficient and standalone. Used for small wireless networks.

+ Lightweight: A Cisco lightweight AP (LAP) has to join a Wireless LAN Controller (WLC) to function.

LAP and WLC communicate with each other via a logical pair of CAPWAP tunnels.

– Control and Provisioning for Wireless Access Point (CAPWAP) is an IETF standard for control

messaging for setup, authentication and operations between APs and WLCs. CAPWAP is similar to

LWAPP except the following differences:

+CAPWAP uses Datagram Transport Layer Security (DTLS) for authentication and encryption to

protect traffic between APs and controllers. LWAPP uses AES.

+ CAPWAP has a dynamic maximum transmission unit (MTU) discovery mechanism.

+ CAPWAP runs on UDP ports 5246 (control messages) and 5247 (data messages)

An LAP operates in one of six different modes:

+ Local mode (default mode): measures noise floor and interference, and scans for intrusion

detection (IDS) events every 180 seconds on unused channels

+ FlexConnect, formerly known as Hybrid Remote Edge AP (H-REAP), mode: allows data traffic

to be switched locally and not go back to the controller. The FlexConnect AP can perform standalone

client authentication and switch VLAN traffic locally even when it’s disconnected to the WLC (Local

Switched). FlexConnect AP can also tunnel (via CAPWAP) both user wireless data and control traffic to

a centralized WLC (Central Switched).

+ Monitor mode: does not handle data traffic between clients and the infrastructure. It acts like a

sensor for location-based services (LBS), rogue AP detection, and IDS

+ Rogue detector mode: monitor for rogue APs. It does not handle data at all.

+ Sniffer mode: run as a sniffer and captures and forwards all the packets on a particular channel to

a remote machine where you can use protocol analysis tool (Wireshark, Airopeek, etc) to review the

packets and diagnose issues. Strictly used for troubleshooting purposes.

+ Bridge mode: bridge together the WLAN and the wired infrastructure together.

Mobility Express is the ability to use an access point (AP) as a controller instead of a real WLAN

controller. But this solution is only suitable for small to midsize, or multi-site branch locations where

you might not want to invest in a dedicated WLC. A Mobility Express WLC can support up to 100 Aps

When you click Deploy, Cisco DNA Center requests the Cisco Identity Services Engine (Cisco ISE) to send notifications about the policy changes to the network devices.

The ISAKMP SA has been authenticated. If the router initiated this exchange, this state transitions immediately to QM_IDLE, and a Quick Mode exchange begins.

https://www.ciscopress.com/articles/article.asp?p=606584

Graphical user interface, application Description automatically generated with medium confidence

Type of service, when we talk about PACKET, means layer 3

A fabric edge node provides onboarding and mobility services for wired users and devices (including fabric-enabled WLCs and APs) connected to the fabric. It is a LISP tunnel router (xTR) that also provides the anycast gateway, endpoint authentication, and assignment to overlay host pools (static or DHCP), as well as group-based policy enforcement (for traffic to fabric endpoints).

From Cisco's guide, under SDA roaming - When a client on a fabric enabled WLAN, roams from an access point to another access point on a different access-switch, it is called Inter-xTR, like a highway. Intra is within intra is between. Like interstate highways. That's how I remember. https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/mobility.html

Diagram, line chart Description automatically generated

Local preference is an indication to the AS about which path has preference to exit

the AS in order to reach a certain network. A path with a higher local preference is

preferred. The default value for local preference is 100.

Unlike the weight attribute, which is only relevant to the local router, local

preference is an attribute that routers exchange in the same AS. The local

preference is set with the “bgp default local-preference value” command.

In this case, both R3 & R4 have exit links but R4 has higher local-preference so R4

will be chosen as the preferred exit point from AS 200.

This JSON can be written as follows:

{

'switch': {

'name': 'dist1',

'interfaces': ['gig1', 'gig2', 'gig3']

}

}

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BR KEWN-3010.pdf

Graphical user interface Description automatically generated with low confidence

CoPP protects the route processor on network devices by treating route processor

resources as a separate entity with its own ingress interface (and in some

implementations, egress also). CoPP is used to police traffic that is destined to the

route processor of the router such as:

+ routing protocols like OSPF, EIGRP, or BGP.

+ Gateway redundancy protocols like HSRP, VRRP, or GLBP.

+ Network management protocols like telnet, SSH, SNMP, or RADIUS.

Therefore we must apply the CoPP to deal with SSH because it is in the

management plane. CoPP must be put under “control-plane” command.

Table Description automatically generated

+ accepts LISP encapsulated map requests: LISP map resolver

+ learns of EID prefix mapping entries from an ETR: LISP map server

+ receives traffic from LISP sites and sends it to non-LISP sites: LISP

proxy ETR

+ receives packets from site-facing interfaces: LISP ITR

Explanation

ITR is the function that maps the destination EID to a destination RLOC and then

encapsulates the original packet with an additional header that has the source IP address of

the ITR RLOC and the destination IP address of the RLOC of an Egress Tunnel Router (ETR).

After the encapsulation, the original packet become a LISP packet.

ETR is the function that receives LISP encapsulated packets, decapsulates them and

forwards to its local EIDs. This function also requires EID-to-RLOC mappings so we need to

point out an “map-server” IP address and the key (password) for authentication.

A LISP proxy ETR (PETR) implements ETR functions on behalf of non-LISP sites. A PETR is

typically used when a LISP site needs to send traffic to non-LISP sites but the LISP site is

connected through a service provider that does not accept no routable EIDs as packet

sources. PETRs act just like ETRs but for EIDs that send traffic to destinations at non-LISP

sites.

Map Server (MS) processes the registration of authentication keys and EID-to-RLOC

mappings. ETRs sends periodic Map-Register messages to all its configured Map Servers.

Map Resolver (MR): a LISP component which accepts LISP Encapsulated Map Requests,

typically from an ITR, quickly determines whether or not the destination IP address is part

of the EID namespace

The BFD (Bidirectional Forwarding Detection) is a protocol that detects link failures as part of the Cisco SD-WAN (Viptela) high availability solution, is enabled by default on all vEdge routers, and you cannot disable it.

In this case, we are using your EtherChannel without a negotiation protocol on Switch2. As a result, if the opposite switch is not also configured for EtherChannel operation on the respective ports, there is a danger of a switching loop. The EtherChannel Misconfiguration Guard tries to prevent that loop from occuring by disabling all the ports bundled in the EtherChannel.

Sw1

Config t

Archive

Log config

Logging enable

Notify syslog

R1

Config t

Ip flow-top-talkers

Match source address 172.16.2.1/30

Int et0/2

Ip flow ingress

Copy run start

Option A is the properly formatted JSON script. JSON (JavaScript Object Notation) is a standard text-based format for representing structured data based on JavaScript object syntax. It is commonly used for transmitting data in web applications (e.g., sending some data from the server to the client, so it can be displayed on a web page, or vice versa). The JSON syntax rules are as follows12:

• Data is in name/value pairs, separated by commas. A name/value pair consists of a field name (in double quotes), followed by a colon, followed by a value: "name": "value".
• Curly braces hold objects. An object can contain multiple name/value pairs: {"name": "value", "name": "value", ...}.
• Square brackets hold arrays. An array can contain multiple values, separated by commas: ["value", "value", ...].
• Values can be strings (in double quotes), numbers, booleans (true or false), null, objects, or arrays.

Option A follows these rules and is a valid JSON script. It defines an object with four name/value pairs: "name", "age", "hobbies", and "address". The value of "name" is a string, the value of "age" is a number, the value of "hobbies" is an array of strings, and the value of "address" is another object with two name/value pairs: "city" and "country". The object is enclosed in curly braces and the name/value pairs are separated by commas.

Option B is not a valid JSON script because it uses single quotes instead of double quotes for the field names and string values. JSON requires double quotes for strings12.

Option C is not a valid JSON script because it does not use commas to separate the name/value pairs. JSON requires commas to separate the data elements within an object or an array12.

Option D is not a valid JSON script because it uses a semicolon instead of a colon to separate the field name and the value. JSON requires a colon to separate the name and the value in a name/value pair12. References: 1: JSON Introduction, 2: JSON Syntax

The workstation was configured with a static IP that is the same as the server. This is because if two devices on the same network have the same IP address, they will cause an IP address conflict, which will prevent them from communicating with other devices on the network. The users who were moved to different desks may have been assigned static IP addresses that were not updated after the move, and they may have accidentally used the same IP address as the server. The source of this answer is the Cisco ENCOR v1.1 course, module 3, lesson 3.1: Implementing IPv4 and IPv6 Addressing.

This is because FlexConnect is a feature that allows wireless access points to operate in standalone mode when they lose connectivity to the wireless LAN controller. FlexConnect enables the access points to switch the data traffic locally, without sending it to the controller, and to perform local authentication, without relying on the central server. FlexConnect also allows the access points to maintain the wireless network functionality, such as SSIDs, security policies, and QoS, even if the wireless controller fails. FlexConnect is suitable for branch locations or remote offices that have limited WAN bandwidth or reliability. The source of this answer is the Cisco ENCOR v1.1 course, module 7, lesson 7.3: Implementing FlexConnect.

 This is because the Cisco DNA Center Template Editor feature is a tool that allows the network administrator to create and deploy configuration templates to multiple network devices. The configuration templates use parameterized elements or variables, which are placeholders for values that can be customized for each device. For example, a variable can represent the hostname, IP address, or interface number of a device. The parameterized elements or variables can be defined manually or automatically using the Cisco DNA Center inventory. The source of this answer is the Cisco ENCOR v1.1 course, module 8, lesson 8.5: Implementing Network Configuration Management.

Graphical user interface, application Description automatically generated

This is because the REST API response shows the details of a network device with the specified MAC address. The GET method is used to retrieve information from the Cisco DNA Center server. The network-device resource is used to access the network device inventory. The macAddress parameter is used to filter the results by the MAC address of the device. The source of this answer is the Cisco ENCOR v1.1 course, module 8, lesson 8.4: Implementing REST API.

 This is because the EEM applet needs to specify the full path of the Tcl script that is stored in the flash memory of the device. The script name is write_backup.tcl and it is used to backup the running configuration to a remote server. The source of this answer is the Cisco ENCOR v1.1 course, module 8, lesson 8.3: Implementing Embedded Event Manager.

This is because flow data is a method of collecting and analyzing information about the traffic flows on a network. Flow data can provide details such as the source and destination IP addresses, ports, protocols, and bytes transferred for each flow. Flow data can help identify the source of the saturation by showing which hosts and applications are generating or consuming the most bandwidth. Flow data can be collected using protocols such as NetFlow, IPFIX, or sFlow. The source of this answer is the Cisco ENCOR v1.1 course, module 10, lesson 10.1: Implementing NetFlow and IPFIX.

https://stackoverflow.com/questions/45834577/turn-python-object-into-json-output

cisco_R2(config-subif)#do debug ip osp adj

OSPF adjacency debugging is on

cisco_R2(config-subif)#ip mtu 1111 <<<<<<<<<<<<<<<<

cisco_R2(config-subif)#

cisco_R2(config-subif)#

cisco_R2(config-subif)#do clear ip ospf

!!!debug shows this:

cisco_R2(config-subif)#

*Dec 23 13:02:27.164: OSPF-1 ADJ Et0/0.10: Rcv DBD from 6.6.6.6 seq 0x19FD opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART <<<<<<<<<<<<<

*Dec 23 13:02:27.164: OSPF-1 ADJ Et0/0.10: Nbr 6.6.6.6 has larger interface MTU <<<<<<<<<

*Dec 23 13:02:27.164: OSPF-1 ADJ Et0/0.10: Rcv DBD from 6.6.6.6 seq 0x26B opt 0x52 flag 0x2 len 112 mtu 1500 state EXSTART

*Dec 23 13:02:27.164: OSPF-1 ADJ Et0/0.10: Nbr 6.6.6.6 has larger interface MTU

*Dec 23 13:02:27.395: OSPF-1 ADJ Et0/0.10: Rcv DBD from 6.6.6.6 seq 0x26B opt 0x52 flag 0x2 len 112 mtu 1500 state EXSTART

ChefRuby syntax in configuration filesAnsible all functions are performed over ssh

YAML configuration language

Based on Python

Option A is the correct configuration to set NetFlow data export and capture on the router. This option enables NetFlow data export to the Cisco DNA Center with the IP address 192.168.23.1 and UDP port 23000, and also enables the ip flow-top-talkers command on the interface Gig0/1. The ip flow-top-talkers command displays the top talkers (the source and destination pairs that are consuming the most bandwidth) on the interface, based on the NetFlow statistics collected by the router12.

Option B is incorrect because it does not enable the ip flow-top-talkers command on the interface Gig0/1, which is required to identify the flows that are consuming the most bandwidth. The collect counter bytes command is used to specify the fields to be collected by Flexible NetFlow, which is a different feature from NetFlow3.

Option C is incorrect because it does not specify the UDP port for the NetFlow data export destination, which is required to send the NetFlow packets to the Cisco DNA Center. The default UDP port for NetFlow is 9996, which does not match the port configured on the Cisco DNA Center4.

Option D is incorrect because it does not enable NetFlow data export on the router, which is required to send the NetFlow statistics to the Cisco DNA Center. The ip flow-export source command is used to specify the source IP address of the NetFlow packets, but it does not enable the NetFlow data export feature4. References: 1: ip flow-top-talkers, 2: Capture NetFlow data, 3: collect counter bytes, 4: ip flow-export destination

CLOUD1 and 3ON-PREMISES2 and 4

Graphical user interface, application Description automatically generated

This is because port mirroring is a feature that allows a switch to copy the traffic from one or more ports to another port, where a passive IDS can be connected. A passive IDS is a device that monitors the network traffic and detects any malicious or suspicious activity, but does not take any action to block or prevent it. Port mirroring can enable a passive IDS to inspect the network traffic without affecting the performance or availability of the network. The source of this answer is the Cisco ENCOR v1.1 course, module 6, lesson 6.2: Implementing SPAN, RSPAN, and ERSPAN.

The inbound direction of G0/0 of SW2 only filter traffic from Web Server to PC-1 so the source IP address and port is of the Web Server.