Friday, January 1, 2010

CCIE-LAB-ROUTING

1) RIP

a) neighbor - only unicast b) passive-interface (stop sending, still receiving) c) distribute-list - prefix -> deny first and then permit 0.0.0.0/0 le 32 d) authentication (clear or MD5) - on IOS you need key-chain, on ASA you just provide password inline with the key_id (which must match)

2) OSPF v2

a) clear text or MD5 b) you can authenticate per interface or per area c)

3) OSPF v3

a) you can authenticate and encrypt (available on some IOS’)

4) EIGRP

a) only MD5 b) key_chain

5) BGP

a) authentication (tcp) MD5 available b) passing firewall you need to add policy: disable random sequence number and allow tcp option 19 (range 19 19) to pass
 
tcp-map BGP
  tcp-options range 19 19 allow
!
set connection random-sequence-number disable
set connection advanced-options BGP

No comments:

Post a Comment