Exam Preparation
As mentioned in the section, "How to Use This Book," in the Introduction, you have several choices for exam preparation: the exercises here, the memory tables in Appendix D, the final exam preparation chapter, and the exam simulation questions on the CD-ROM. The following questions present a bigger challenge than the exam itself because they use an open-ended question format. By using this more difficult format, you exercise your memory better and prove your conceptual and factual knowledge of this chapter. You can find the answers to these questions in Appendix A, "Answers to the DIKTA Quizzes and Fill in the Blanks Questions."
Review All Key Topics
Review the most important topics in this chapter, noted with the Key Topics icon in the margin of the page. Table 8-6 lists a reference of these key topics and the page numbers on which each is found.
Table 8-6. Key Topics
Key Topic Element |
Description |
Page |
Figure 8-1 |
High-level overview of how an ACL is processed by a router |
188 |
List |
ACL types |
189 |
Table 8-2 |
Protocols and their corresponding number identification for an ACL |
190 |
List |
FPM restrictions |
196 |
List |
FPM class-map types |
198 |
Table 8-3 |
Flexible NetFlow components |
204 |
Table 8-4 |
NetFlow original/NetFlow IPv4 original input format |
205 |
Table 8-5 |
NetFlow IPv4 original output format |
205 |
List |
Flow sampling modes |
208 |
List |
Unicast RPF modes |
210 |
Complete Tables and Lists from Memory
Print a copy of Appendix C, "Memory Tables" (found on the CD), or at least the section for this chapter, and complete the tables and lists from memory. Appendix D, "Memory Table Answers," also on the CD, includes completed tables and lists to check your work.
Define Key Terms
Define the following key terms from this chapter, and check your answers in the Glossary:
- access control list (ACL), stateless
Use Command Reference to Check Your Memory
Table 8-7 lists the important commands from this chapter. To test your memory, cover the right side of the table with a piece of paper, read the description on the left side, and then see how much of the command you can remember.
Table 8-7. Command Reference
Task |
Command Syntax |
Create a standard access list |
access-list access-list-number {permit | deny} {host | source source-wildcard | any} [log] or ip access-list standard {access-list-number | access-list-name} permit {host host | source source-wildcard | any} [log] |
Create an extended access list |
access-list access-list-number [dynamic dynamic-name [timeout minutes]]{deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name] or ip access-list extended {access-list-number | access-list-name} [sequence-number] {deny | permit} protocol source source-wildcard destination destination-wildcard [option option-value] [precedence precedence] [tos tos] [time-range time-range-name] [log] |
Assign an access list to an interface |
ip access-group number {in | out} |
Create a reflexive access list |
ip access-list extended {access-list-number | access-list-name} [sequence-number] {deny | permit} protocol source source-wildcard destination destination-wildcard reflect name and evaluate |
Create a time-based access list |
time-range time-range-name periodic days-of-the-week hh:mm to [days-of-the-week] hh:mm absolute [start time date] [end time date] access-list access-list-number protocol source source-wildcard destination destination-wildcard [time-range time-range-name] or ip access-list extended {access-list-number | access-list-name} [sequence-number] {deny | permit} protocol source source-wildcard destination destination-wildcard [time-range time-range-name] |
Load a specific PHDF file |
load protocol location:filename |
Load a specific TCDF file |
load classification location:filename |
Create an FPM class map |
class-map type [stack | access-control] [match-all | match-any] class-map-name |
Match specific traffic to classify within a class map |
match field protocol protocol-field [eq | neq | gt | lt | range range] value next next-protocol match start [l2-start | l3-start] offset offset size size [eq | neq | gt | lt | range range] value |
Create an FPM policy map |
policy-map type access-control policy-map-name |
Associate a class map with a policy map |
class class-name |
Specify a policy map action |
drop or service-policy policy-map-name |
Assign a policy map to an interface |
service-policy type access-control [input | output] policy-map-name |
Create a user-defined NetFlow flow record format |
flow record flow-record-name |
Specify NetFlow key fields |
match [ipv4 | ipv6 | datalink | routing |flow | interface} options |
Specify NetFlow nonkey fields |
collect [counter | ipv4 | ipv6 | datalink | routing |flow | interface | timestamp] options |
Configure a NetFlow flow monitor |
flow monitor flow-monitor-name |
Specify a NetFlow record format |
record [flow-record-name | netflow | netflow-original] {ipv4 | ipv6} {original-input | original-output} |
Configure a NetFlow flow exporter |
flow exporter flow-exporter-name |
Specify a NetFlow flow exporter server |
destination [hostname | ip-address] |
Specify a NetFlow flow exporter server port |
transport udp port |
Configure a NetFlow flow exporter with a flow monitor |
exporter flow-exporter-name |
Configure a NetFlow flow sampler |
sampler sampler-name |
Specify a NetFlow flow sampler mode |
mode {deterministic | random} 1 out-of window-size |
Associate a NetFlow flow monitor with an interface |
ip flow monitor flow-monitor-name {sampler sampler-name} [input | output] |
Enable CEF |
ip cef {distributed} |
Configure Unicast RPF on a specific interface |
ip verify unicast source reachable-via [rx | any] {access-list} |
Display the contents of all current access lists |
show access-list [access-list-number | access-list-name} |
Display the contents of all current IP access lists |
show ip access-list [access-list-number | access-list-name} |
Display which specific PHDFs are loaded and which fields are supported |
show protocols phdf phdf-name |
Display the current traffic classes configured and their matching criteria |
show class-map type [stack | access-control] |
Display the current traffic policies |
show policy-map type access-control {interface interface} |
Display NetFlow flow monitor configuration |
show flow monitor |
Display NetFlow flow monitor interface configuration |
show flow interface interface |
Display NetFlow flow exporter configuration |
show flow exporter |
Display NetFlow cache |
show flow monitor name flow-monitor-name cache format [csv | record | table] |
Display NetFlow sampler configuration |
show sampler |
Display Unicast RPF status |
show cef interface interface |
Display global Unicast RPF packet count |
show ip traffic |
Display the number of interface Unicast RPF packet drops |
show ip interface interface |
Fill in the Blanks
- There is a(n) _____ at the end of each access list.
- An extended access list can use the number ranges of _____ and _____.
- The wildcard mask that would be used with a subnet mask of 255.255.255.192 would be _____.
- When assigning reflexive access lists to an interface, they are typically placed _____ on an interface facing away from the internal network or _____ on an interface facing toward the internal network.
- Both PHDF and TCDF are formatted using _____.
- When using FPM, traffic can be classified using _____ files or using the _____.
- FPM is only able to inspect _____ unicast packets.
- _____ fields are used by NetFlow to identify specific flows.
- Unicast RPF can operate in _____ or _____ mode.
- When configuring Unicast RPF, the first thing that must be configured is _____.