Comparison of IGMPv1 IGMPv2 and IGMPv3

Table 16-5 compares the important features of IGMPvl, IGMPv2, and IGMPv3. First Octet Value for the Query Message Destination Address for the General Query Joining multicast group address and source address Is Report Suppression Mechanism Available Can Maximum Response Time Be Configured Can a Host Send a Leave Group Message Destination Address for the Leave Group Message Can a Router Send a Group-Specific Query Can a Host Send Source-and Group-Specific Reports Can a Router Send Source- and...

General Layer 3 Security Considerations

This section explains a few of the more common ways to avoid Layer 3 attacks. Smurf Attacks, Directed Broadcasts, and RPF Checks A smurf attack occurs when a host sends a large number of ICMP Echo Requests with some atypical IP addresses in the packet. The destination address is a subnet broadcast address, also known as a directed broadcast address. Routers forward these packets based on normal matching of the IP routing table, until the packet reaches a router connected to the destination...

Switch Security Best Practices for Unused and User Ports

Ethernet 802 Frame Types

The first three items in the list of best practices for unused and user ports are mostly covered in earlier chapters. For a brief review, Example 18-7 shows an example configuration on a Cisco 3550 switch, with each of these items configured and noted. In this example, fa0 1 is a currently unused port. CDP has been disabled on the interface, but it remains enabled globally, on the presumption that some ports still need CDP enabled. DTP has been disabled as well, and STP Root Guard and BPDU...

Mutual Redistribution at Multiple Routers

When multiple routers redistribute between the same two routing protocol domains, several potential problems can occur. One type of problem occurs on the redistributing routers, because those routers will learn a route to most subnets via both routing protocols. That router uses the AD to determine the best route when comparing the best routes from each of the two routing protocols this typically results in some routes using suboptimal paths. For example, Figure 10-4 shows a sample network,...

Modified Deficit Round Robin

MDRR is a queuing feature implemented only in the Cisco 12000 series router family. Because the 12000 series does not support CBWFQ and LLQ, MDRR serves in place of these features. Its main claims to fame are better fairness than legacy queuing methods such as priority queuing and custom queuing, and that it supports a priority queue (like LLQ). For the CCIE Routing and Switching qualifying exam, you need to understand how MDRR works at the conceptual level, but you don't need to know how to...