Foundation Summary

The "Foundation Summary" is a condensed collection of material for a convenient review of this chapter's key concepts. If you are already comfortable with the topics in this chapter and decided to skip most of the "Foundation Topics" material, the "Foundation Summary" will help you recall a few details. If you just read the "Foundation Topics" section, this review should help further solidify some key facts. If you are doing your final preparation before the exam, the "Foundation Summary" offers a convenient and quick final review.

Table 2-6 DNS Concepts



Well-known port numbers

UDP port 53, TCP port 53

ip host name [tcp-port-number] ip-address1 [ip-address2...ip-address8]

Configured locally to assign a host name with up to eight IP addresses

no ip domain-lookup

Disables the IP DNS-based host name-to-address translation

ip domain-name name

Defines a default domain name that the Cisco IOS Software uses to complete unqualified host names; also part of the fully qualified DNS name

ip domain-list name

Defines a list of default domain names to complete unqualified host names

ip name-server ip-address

Specifies the address of one or more name servers to use for name and address resolution; up to six name servers permitted

Table 2-7 TFTP Concepts



Well-known port numbers

UDP port 69 (UDP is typically the only supported protocol for TFTP produced by vendors) and TCP port 69

copy tftp flash

Cisco IOS command to copy images from a TFTP server


Only filename and directory names created on the server provide the only method used to secure transfers

Table 2-8 HTTPs and SSL Concepts



Well-known port number

TCP port 443-SSL.


HTTP traffic runs over a secure connection.

Service/client authentication

SSL uses a client/server model where clients request secure connections to a host device, such as with a credit card transaction over the World Wide Web.

Table 2-9 SNMP Concepts



Well-known port numbers

UDP 161 (SNMP servers) and UDP 162 (SNMP clients).

SNMP managed device

A network node that contains an SNMP agent and resides on a managed network. Managed devices collect and store management information and make this information available to the network management system using SNMP.

SNMP agent

A network management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP.

Table 2-10 SMTP Concepts



Well-known port numbers

TCP 25 (commonly used) and UDP 25

HELO command

Used in communications between host and client

Table 2-11 NTP Concepts



Well-known port numbers

TCP 123 and UDP 123 (commonly used).

ntp master 1-15

Defines stratum value between 1 and 15.

clock set hh:mm:ss day month year

Manually sets clock on a Cisco router.

ntp peer ip-address [version number] [key keyid] [source interface] [prefer]

Defines NTP peers.

ntp server ip-address

Defines where the device will source the clock from.

ntp authenticate

Enables authentication.

ntp authentication-key number md5 value

Defines NTP authentication key and password.

ntp trusted-key key-number

Defines NTP to authenticate NTP session; key-number is the authentication key to be trusted.

Table 2-12 Cisco IOS SSH Configurations Steps*




Configure the hostname command.


Configure the DNS domain.


Generate the public RSA key to be used.


Enable SSH transport support for the vtys.

SSH transport is enabled by default. Also, the final step (not documented at is to create a local username/password pair or enable AAA authentication.

*For an example of this configuration, visit technologies_tech_note09186a00800949e2.shtml.

*For an example of this configuration, visit technologies_tech_note09186a00800949e2.shtml.

The Q & A questions are designed to help you assess your readiness for the topics covered on the CCIE Security written exam and those topics presented in this chapter. This format should help you assess your retention of the material. A strong understanding of the answers to these questions will help you on the CCIE Security written exam. You can also look over the questions at the beginning of the chapter again for further review. As an additional study aid, use the CD-ROM provided with this book to take simulated exams, which draw from a database of over 500 multiple-choice questions.

Answers to these questions can be found in Appendix A, "Answers to Quiz Questions."

1. According to RFC 1700, what is the well-known TCP/UDP port used by DNS?

2. What does the Cisco IOS command no ip domain-lookup accomplish?

3. What is the correct Cisco IOS syntax to specify local host mapping on a Cisco router?

4. TFTP uses what well-known, defined TCP/UDP port?

5. Define the two modes of FTP.

6. FTP uses what TCP port numbers?

7. What well-known port do Secure Sockets Layer (SSL) and Secure Shell (SSH) use?

8. Define SNMP and give an example of how SNMP traps can be used to identify problems with Cisco IOS routers.

9. What well-known UDP ports are used by SNMP?

10. What Cisco IOS command enables SNMP on a Cisco IOS router?

11. Which TCP/UDP port numbers are defined for use by the Network Time Protocol (NTP)?

12. When defining a stratum value on a Cisco router, what is the range and what value is closest to an atomic clock?

13. Secure Shell (SSH) allows what to be accomplished when in use?

14. What is the difference between an SNMP inform request and an SNMP trap?

15. What does the SNMP MIB refer to?

16. What is the SNMP read-write community string for the following router configuration?

snmp-server community simon ro snmp-server community Simon rw

17. Before you can TFTP a file from a Cisco router to a UNIX- or Windows-based system, what is the first step you must take after enabling the TFTP server daemon on either platform?

18. What Cisco IOS command can be implemented to restrict SNMP access to certain networks by applying access-lists? Can you apply standard, extended, or both to these access lists?

19. Does TFTP have a mechanism for username and password authentication?

20. Can you use your Internet browser to configure a Cisco router? If so, how?

21. Suppose that a network administrator defines a Cisco router to allow HTTP requests but forgets to add the authentication commands. What is the default username and password pairing that allows HTTP requests on the default TCP port 80? Can you predefine another TCP port for HTTP access other than port 80?

22. What are the four steps to enable Cisco IOS SSH for a SSH server?

Scenario: Configuring DNS, TFTP, NTP, and SNMP 145

0 0

Post a comment