Foundation Summary

The "Foundation Summary" Section is a collection of quick reference information that provides a convenient review of many key concepts in this chapter. For those of you who already feel comfortable with the topics in this chapter, this summary will help you recall a few details. For those of you who just read this chapter, this review should help solidify some key facts. For any of you doing your final preparations before the exam, these tables and figures will be a convenient way to review the day before the exam.

Tables 2-4 through 2-7 summarize the main points of the chapter. Because much of this chapter is a review of CCNA-level material, some of the points are not directly related to the exam objectives. Points that are directly associated with the Routing exam are marked with an "*." The intention is that the tables be used to remind you of the key points of the most important subjects that are covered in this chapter; refer to the body of the chapter for detail on points marked with an "*." The additional information is of use to the advanced student, who will see the chapter subjects in a wider context.

Table 2-4 identifies the reasons for congestion within a network and the solution that Cisco proposes. The subsequent tables deal with access lists, including their configuration and application.

Table 2-4 Network Congestion: Causes and Cisco Solutions

Causes of Network Congestion Cisco Solutions

Excessive application traffic * Use priority queuing across slow serial links.

* Ensure appropriate server location in network design.

Use compression across slow serial links.

Use traffic shaping for Frame Relay with BECN.

Use serial backup commands for dual point-to-point links.

Adjust application and other timers so that they do not time out and retransmit.

Increase the bandwidth using EtherChannel.

Use load balancing, policy routing for IP .

Broadcast traffic due to large network * Filter unnecessary networks from routing updates.

Use snapshot routing across dialup lines.

Manually configure static routes.

Use a sophisticated routing protocol with incremental updates (for example EIGRP, OSPF).

Split large networks into smaller subnets.

Use address summarization.

continues

Table 2-4 Network Congestion: Causes and Cisco Solutions (Continued)

Causes of Network Congestion Cisco Solutions

Broadcast traffic due to large client/server * Filter unnecessary servers/services/zones from service network updates.

Use a sophisticated routing protocol (for example, EIGRP).

Table 2-5 Access List Features

Access List Feature

Purpose

Decision to forward based on:

* Determine packet movement through network or

Layer 3 source address only (standard

"what if?" programming.

access list)

Layer 3 and above (extended access list)

Capability to filter on port numbers, packet

* Give a high level of granularity.

size, and Layer 3 addresses

Named access lists (IOS v 11.2)

Provide ease of management.

Keywords for ports and wildcards

Provide ease of management.

Capability to apply access list as inbound * Use flexibility in design considerations. or outbound

Capability to prevent ICMP messages from Provide increased security by making spoofing more being generated when a packet is denied difficult.

access

Use of the established parameter to allow Allow users to Telnet into the Internet while preventing outgoing TCP applications but to restrict access to anyone trying to initiate a connection from the incoming attempts outside.

Capability to filter in TCP/IP by Speed up the propagation of traffic by sorting traffic by precedence the precedence bits in the IP header. QoS is determined so that certain traffic types can be manipulated through the network by this means.

Lock and key Allow users normally blocked to gain temporary access after the user is authenticated.

Reflexive access list

Provide dynamic filtering at the IP session layer.

Table 2-6 Applications for Access Lists

Type of Access List

Purpose

Standard

* Handles packet movement through the network or

"what if?" programming

Virtual terminal access

* Restricts access to and from the vty line interfaces on

the router

Distribute lists

Filters networks from the routing updates

Service filtering (for example, IPX SAP,

Filters services from the server updates or from the

GNS or AppleTalk ZIP, or GetZoneList

replies to client requests

filters)

Queuing (for example, priority or custom

* Prioritizes traffic leaving an interface

queuing)

Dial-on-demand routing (DDR) Determines traffic that is defined as important enough to dial the remote the site

Table 2-7

Points to Remember When Configuring Access Lists

Point to Remember

Consideration

The access list is processed as a top-down link list. The list will be tested for a match.

When the first match is found, the deny or permit will be applied, and the process will be terminated.

There is an implicit deny any at the end of every list.

The wildcard uses zeros to indicate bits of the address to match, and uses ones for those to ignore.

Additional criteria statements are added to the bottom of the access list.

* Place the most specific criteria first. If more than one criteria is specific, place the most frequent match first.

* There must be at least one permit statement. If reverse logic is used in the design of the access list (for example, deny these addresses but permit all other traffic), there must be a permit any at the end of the access list.

This is the reverse of the use of the subnet mask and is easily confused. Where a subnet mask would use 213.99.32.0 with a mask of 255.255.224.0, a wildcard mask would use 0.0.31.255.

Because there is no editing, and because placement of the criteria is important, it is advisable to save the access list configuration to a TFTP server where it can be edited with ease.

The access list is not active until applied to the interface.

* The access list will not work.

Was this article helpful?

0 0

Post a comment