Network engineer routing questions
the authentication method
1) Password Authentication Protocol (PAP)
PAP is a simple plain text verification method. The NAS (Network Access Server) requires the user to provide a username and password. The PAP returns the user information in clear text. Obviously, this authentication method is less secure, and the third party can easily obtain the transmitted username and password and use this information to establish a connection with the NAS to obtain all the resources provided by the NAS. Therefore, once the user password is stolen by a third party, PAP cannot provide protection against third-party attacks.
2) Challenge - Handshake Authentication Protocol (CHAP)
CHAP is an encrypted authentication method that avoids transmitting the user's real password when establishing a connection. Of course, if you encounter cisco CCNP questions, you can go to the authoritative website to ask for help, or consult SPOTO's course consultant, then you will get a good answer.The NAS sends a challenge password to the remote user, including the session ID and an arbitrary generated challenge string (arbitrary challenge string). The remote client must use the MD5 one-way hashing algorithm to return the username and encrypted challenge password, session ID, and user password, where the username is sent in a non-hash manner. CHAP has improved the PAP and no longer sends clear text passwords directly over the link. Instead, it uses a challenge password to encrypt the password with a hash algorithm. Because the server has the client's clear text password, the server can repeat the operation performed by the client and compare the result with the password returned by the user. CHAP randomly generates a challenge string for each verification to prevent replay attacks. During the entire connection process, CHAP will repeatedly send the challenge password to the client from time to time, so as to avoid the third party posing as a remote client impersonation.
the application of PPP protocol
The PPP protocol is one of the most widely used protocols on the WAN. It has the advantages of simplicity, user authentication capability, and IP address resolution. Home dial-up is to establish a communication link between the client and the operator's access server through PPP. At present, broadband access is becoming a trend to replace the dial-up Internet. In today's fast-changing broadband access technology, PPP has also spawned new applications. A typical application is in the ADSL (Asymmetric Digital Subscriber Loop) access mode. PPP and other protocols jointly derive a new protocol that meets the broadband access requirements, such as PPPoE (PPP over Ethernet). PPPoA (PPP over ATM). The method of running PPP on the Ethernet to perform user authentication access using Ethernet (Ethernet) resources is called PPPoE. PPPoE protects the Ethernet resources of the user side and completes the access requirements of ADSL. It is the most widely used technology in the current ADSL access mode.
standard. Similarly, the way to run the PPP protocol on ATM (Asynchronous Transfer Mode) network to manage user authentication is called PPPoA. It has the same principle and the same func
tion as PPPoE; the difference is that it is on the ATM network, and PPPoE is running on the Ethernet network, so it has to adapt to the ATM standard and the Ethernet standard respectively.
The simple and complete PPP protocol ha
s made it widely used, and it is believed that it can play a greater role in the development of future network technologies.
※What are the types of VLANs?
A: There are two types, one is a port-based static VLAN; the other is a dynamic VLAN based on MAC address.
※ Briefly explain TRUNK?
A: There are two types of links in the switching environment. One is the access link and the other is the trunk link. The access link belongs to only one VLAN. The trunk can carry multiple VLANs. When VLAN identification is performed, there are mainly two encapsulation modes: IEEE802.1Q and ISL.
※How to provide backup between the two switches?
A: Enable Spanning Tree (STP) over redundant links. Also used as a channel technology (CHANNEL), bundled multiple links. Used to implement backup
※Do you know one-arm routing?
A: I know. The one-arm route is the port from which the packet enters, and from which port, unlike the traditional network topology, the data packet enters the router from one interface and leaves the router from another interface.
※ Take the Cisco router as an example, write the configuration command for one-arm routing?
Router(config)#interfacef0/1.1
Router(config-if)#encapsulation dotlQ 100
Router(config-if)#ip add 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#interfacef0/1.2
Router(config-if)#encapsulation dotlQ 200
Router(config-if)#ip add 192.168.2.1 255.255.255.0
Router(config-if)#no shutdown
※What is the role of VLAN?
Answer: 1 broadcast control; 2 improve security; 3 increase bandwidth utilization; 4 reduce delay;
※ What is the difference between static routing and dynamic routing?
A: Static routes are manually configured by the administrator. They are suitable for simple networks or require special routing control. And dynamic routing. It is automatically maintained by the dynamic routing protocol, without manual intervention, and is suitable for relatively large and complex networks.
※Do you know the management distances of OSPF, RIP, and static routes?
A: They are: 110, 120, 1
※Do you know what L2 Cache is? what's the effect?
A: The role of the secondary cache is to store data that is used by the CPU for processing, and that cannot be stored by the primary cache.
※How do you interoperate between two VLANs?
A: It is implemented through three layers of routing.
※ Now the company is connected by routing and external. Some employees are not allowed to access the Internet. Some allow it. How to set it on the router?
A: By setting the ACL control.
※What do you think about network maintenance?
A: First, the network infrastructure: to ensure physical security, such as computer room, server, routing and switching equipment, user PC; Second, the network operating system: anti-vulnerabilities, anti-intrusion, permissions, users, key management; third is the network Application: user, authority, installation control; fourth is user (user) basic security operation training education; fifth is to develop a sound network operation and maintenance documents, log management; sixth is system, data disaster recovery mechanism.
※What is VTP English, the role?
A: VLAN Trunk Protocol: VTP Chinese means VLAN Trunking Protocol, which is used to manage VLAN information uniformly.
※What are the modes of VTP?
A: There are three modes: server mode, client mode, and transparent mode.
※What is the main purpose of the STP agreement? Why use STP?
A: Main use: 1. STP eliminates the path loop that may exist in the bridged network by blocking redundant links. 2. When the current active path fails, STP activates the redundant link to restore network connectivity.
Cause: The switch network is caused by a loop: broadcast loop (broadcast storm); bridge table is damaged.
※ Introduce ACL and NAT? How many ways does NAT have?
Answer: ACL: 1. The access control list (ACL) is an instruction list (rules) applied to the router interface. It is used to tell the router which packets can be forwarded and which packets need to be rejected. 2. How ACL works: Read The information in the third layer and the fourth layer header is filtered according to the predefined rules; 3. The ACL is used to implement network control: the core technology for implementing the access control list is packet filtering; 4. The two basic types of ACL (Standard Access Control List; Extended Access Control List) NAT: Change the IP header to make the destination address, source address or two addresses replaced by different addresses in the header.
Static NAT, dynamic NAT, PAT
※What are the layers of the TCP/IP reference model?
A: Application layer, transport layer, internet layer, network interface layer.
※What are the connection-oriented agreements?
A: TCP.
※What information security management system do you know?
A: ISO17799 and BS7799.
※10 of ISO17799
1) Password Authentication Protocol (PAP)
PAP is a simple plain text verification method. The NAS (Network Access Server) requires the user to provide a username and password. The PAP returns the user information in clear text. Obviously, this authentication method is less secure, and the third party can easily obtain the transmitted username and password and use this information to establish a connection with the NAS to obtain all the resources provided by the NAS. Therefore, once the user password is stolen by a third party, PAP cannot provide protection against third-party attacks.
2) Challenge - Handshake Authentication Protocol (CHAP)
CHAP is an encrypted authentication method that avoids transmitting the user's real password when establishing a connection. Of course, if you encounter cisco CCNP questions, you can go to the authoritative website to ask for help, or consult SPOTO's course consultant, then you will get a good answer.The NAS sends a challenge password to the remote user, including the session ID and an arbitrary generated challenge string (arbitrary challenge string). The remote client must use the MD5 one-way hashing algorithm to return the username and encrypted challenge password, session ID, and user password, where the username is sent in a non-hash manner. CHAP has improved the PAP and no longer sends clear text passwords directly over the link. Instead, it uses a challenge password to encrypt the password with a hash algorithm. Because the server has the client's clear text password, the server can repeat the operation performed by the client and compare the result with the password returned by the user. CHAP randomly generates a challenge string for each verification to prevent replay attacks. During the entire connection process, CHAP will repeatedly send the challenge password to the client from time to time, so as to avoid the third party posing as a remote client impersonation.
the application of PPP protocol
The PPP protocol is one of the most widely used protocols on the WAN. It has the advantages of simplicity, user authentication capability, and IP address resolution. Home dial-up is to establish a communication link between the client and the operator's access server through PPP. At present, broadband access is becoming a trend to replace the dial-up Internet. In today's fast-changing broadband access technology, PPP has also spawned new applications. A typical application is in the ADSL (Asymmetric Digital Subscriber Loop) access mode. PPP and other protocols jointly derive a new protocol that meets the broadband access requirements, such as PPPoE (PPP over Ethernet). PPPoA (PPP over ATM). The method of running PPP on the Ethernet to perform user authentication access using Ethernet (Ethernet) resources is called PPPoE. PPPoE protects the Ethernet resources of the user side and completes the access requirements of ADSL. It is the most widely used technology in the current ADSL access mode.
standard. Similarly, the way to run the PPP protocol on ATM (Asynchronous Transfer Mode) network to manage user authentication is called PPPoA. It has the same principle and the same func
tion as PPPoE; the difference is that it is on the ATM network, and PPPoE is running on the Ethernet network, so it has to adapt to the ATM standard and the Ethernet standard respectively.
The simple and complete PPP protocol ha
s made it widely used, and it is believed that it can play a greater role in the development of future network technologies.
※What are the types of VLANs?
A: There are two types, one is a port-based static VLAN; the other is a dynamic VLAN based on MAC address.
※ Briefly explain TRUNK?
A: There are two types of links in the switching environment. One is the access link and the other is the trunk link. The access link belongs to only one VLAN. The trunk can carry multiple VLANs. When VLAN identification is performed, there are mainly two encapsulation modes: IEEE802.1Q and ISL.
※How to provide backup between the two switches?
A: Enable Spanning Tree (STP) over redundant links. Also used as a channel technology (CHANNEL), bundled multiple links. Used to implement backup
※Do you know one-arm routing?
A: I know. The one-arm route is the port from which the packet enters, and from which port, unlike the traditional network topology, the data packet enters the router from one interface and leaves the router from another interface.
※ Take the Cisco router as an example, write the configuration command for one-arm routing?
Router(config)#interfacef0/1.1
Router(config-if)#encapsulation dotlQ 100
Router(config-if)#ip add 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#interfacef0/1.2
Router(config-if)#encapsulation dotlQ 200
Router(config-if)#ip add 192.168.2.1 255.255.255.0
Router(config-if)#no shutdown
※What is the role of VLAN?
Answer: 1 broadcast control; 2 improve security; 3 increase bandwidth utilization; 4 reduce delay;
※ What is the difference between static routing and dynamic routing?
A: Static routes are manually configured by the administrator. They are suitable for simple networks or require special routing control. And dynamic routing. It is automatically maintained by the dynamic routing protocol, without manual intervention, and is suitable for relatively large and complex networks.
※Do you know the management distances of OSPF, RIP, and static routes?
A: They are: 110, 120, 1
※Do you know what L2 Cache is? what's the effect?
A: The role of the secondary cache is to store data that is used by the CPU for processing, and that cannot be stored by the primary cache.
※How do you interoperate between two VLANs?
A: It is implemented through three layers of routing.
※ Now the company is connected by routing and external. Some employees are not allowed to access the Internet. Some allow it. How to set it on the router?
A: By setting the ACL control.
※What do you think about network maintenance?
A: First, the network infrastructure: to ensure physical security, such as computer room, server, routing and switching equipment, user PC; Second, the network operating system: anti-vulnerabilities, anti-intrusion, permissions, users, key management; third is the network Application: user, authority, installation control; fourth is user (user) basic security operation training education; fifth is to develop a sound network operation and maintenance documents, log management; sixth is system, data disaster recovery mechanism.
※What is VTP English, the role?
A: VLAN Trunk Protocol: VTP Chinese means VLAN Trunking Protocol, which is used to manage VLAN information uniformly.
※What are the modes of VTP?
A: There are three modes: server mode, client mode, and transparent mode.
※What is the main purpose of the STP agreement? Why use STP?
A: Main use: 1. STP eliminates the path loop that may exist in the bridged network by blocking redundant links. 2. When the current active path fails, STP activates the redundant link to restore network connectivity.
Cause: The switch network is caused by a loop: broadcast loop (broadcast storm); bridge table is damaged.
※ Introduce ACL and NAT? How many ways does NAT have?
Answer: ACL: 1. The access control list (ACL) is an instruction list (rules) applied to the router interface. It is used to tell the router which packets can be forwarded and which packets need to be rejected. 2. How ACL works: Read The information in the third layer and the fourth layer header is filtered according to the predefined rules; 3. The ACL is used to implement network control: the core technology for implementing the access control list is packet filtering; 4. The two basic types of ACL (Standard Access Control List; Extended Access Control List) NAT: Change the IP header to make the destination address, source address or two addresses replaced by different addresses in the header.
Static NAT, dynamic NAT, PAT
※What are the layers of the TCP/IP reference model?
A: Application layer, transport layer, internet layer, network interface layer.
※What are the connection-oriented agreements?
A: TCP.
※What information security management system do you know?
A: ISO17799 and BS7799.
※10 of ISO17799
评论
发表评论