IPv6 Router Messages and Address Allocation

Questions and Answers

What is the primary function of a Backbone router in OSPF?

To aggregate routes from multiple areas into one.

To act as a central point of communication for the backbone area. (correct)

To serve as a backup router for area 0.

To connect different areas at an external level.

Which router type advertises networks learned from type 1 LSAs to other areas?

Autonomous System Boundary Router (ASBR)

Backbone router

Area Border Router (ABR) (correct)

Internal Router

What distinguishes a type 1 LSA from other LSA types in OSPF?

Type 1 LSAs are flooded only within the originating area. (correct)

Type 1 LSAs summarize routing information from multiple areas.

Type 1 LSAs contain information about routes to external ASes.

Type 1 LSAs can be flooded into external networks.

What does an Autonomous System Boundary Router (ASBR) do?

It has at least one interface connected to an external internetwork.

Which statement is true about the classification of routers in OSPF?

Routers can be classified as more than one router type.

What is the default action for SSH when both SSH and Telnet are allowed?

Both SSH and Telnet are accepted.

Which command forces the use of the local database for username/password authentication?

login local

What happens when port security is enabled and an unknown MAC address sends data?

A security violation occurs.

Which method allows MAC addresses to be dynamically learned and saved to the configuration?

Sticky secure MAC addresses

What is the outcome of using the 'restrict' violation mode in port security?

Data from unknown MAC addresses is dropped, and a notification is sent.

What default number of secure MAC addresses is allowed on a port with port security?

1

What occurs when a port is set to the 'shutdown' violation mode?

The port becomes error-disabled and LED turns off.

Which command can be used to apply settings to several switch ports at once?

interface range command

What does a router inform an originating host about the destination host on a different network prefix?

The destination host is on the same link as itself.

Which of the following is NOT a method for dynamic address allocation in IPv6?

IPv4 Static Addressing

What does Option 1 in ICMPv6 Router Advertisement indicate?

SLAAC without any DHCPv6 configuration.

What is the primary purpose of a Router Solicitation message in IPv6?

To request IPv6 addressing information from routers.

What does the 'O' flag represent in Router Advertisement options?

The router does not use DHCPv6 for address configuration.

Which configuration would use Stateful DHCPv6 according to the RA message options?

All addressing except the default gateway uses DHCPv6.

Which statement is true about SLAAC?

It automatically configures IPv6 addresses without DHCPv6.

Which DHCPv6 configuration option indicates that the router may not be required?

Other Configuration Flag.

What is the purpose of the Router Solicitation message in ICMPv6?

To solicit router information from neighboring routers

Which address is used by the router as its link-local address?

fe80::1

What type of address is 'ff02::2' classified as?

All-IPv6-routers multicast address

How often are ND router advertisements sent in the analyzed configuration?

Every 200 seconds

What is indicated by the MTU value of 1500 bytes in a router interface?

Maximum packet size the interface can handle

What does the Source link-layer address option in an ICMPv6 message provide?

The MAC address of the sending device

What happens to the life span of ND router advertisements after they are sent?

They expire after 1800 seconds

Which component of the router advertisement message allows hosts to use stateless auto-configuration?

M and O flags

What is the first step in configuring port security on a switch port?

Place the port in access mode

Which command is used to verify the maximum number of MAC addresses allowed on a port?

show port-security interface

What must be done to a port after a port security violation occurs before re-enabling it?

Investigate the security threat

Which mode must a switch port be set to in order to utilize port security?

Access mode

What command allows you to see MAC addresses learned on a specific port?

show port-security address

How should you react to a port being in an error-disabled state due to a security violation?

Check the port security settings and shut it down

What happens to the port link status after a port security violation?

It changes to down

Which command is used to see learned MAC addresses added to the configuration?

show running-config

Study Notes

IPv6 Router Solicitation and Router Advertisement Messages

• IPv6 Router Solicitation is a message sent by a host to find IPv6 routers on the local link.
• IPv6 Router Advertisement is a message sent by a router to provide information to hosts on the local link.
• Router advertisements include information about the router’s link-local address, its preferred lifetime, and whether or not it supports stateless address autoconfiguration (SLAAC).

Dynamic Address Allocation in IPv6

• IPv6 address allocation methods include SLAAC, Stateless DHCPv6, and Stateful DHCPv6.
• SLAAC is a stateless address autoconfiguration method where hosts automatically configure their IPv6 addresses using information provided by router advertisements.
• SLAAC with Stateless DHCPv6 is a method where hosts use SLAAC to get their IPv6 addresses and DHCPv6 to get other configuration information, such as DNS server addresses.
• Stateful DHCPv6 is a method where hosts get their IPv6 addresses and other configuration information from a DHCPv6 server.

ICMPv6 Router Advertisement Message Options

• Router Advertisements contain options that provide configuration information to hosts.
• Option 1: SLAAC - No DHCPv6 (Default on Cisco Routers)
  • Option 1 is the default option on Cisco Routers
  • Hosts use SLAAC to get their IPv6 addresses.
  • Hosts do not use DHCPv6 for configuration information.
• Option 2: SLAAC + Stateless DHCPv6 for DNS address
  • Hosts use SLAAC to get their IPv6 addresses.
  • Hosts use Stateless DHCPv6 to get DNS server addresses.
  • Hosts do not use DHCPv6 to get IPv6 addresses..
• Option 3: All addressing except default gateway use DHCPv6
  • Hosts use DHCPv6 to obtain their IPv6 address as well as other configuration information.
  • Hosts do not use SLAAC.

Analyzing a Router Advertisement Message

• Router Advertisements include various information such as:
  • Source address (link-local address of the router)
  • Destination address (All-IPv6-devices multicast address).
  • Next header (ICMPv6 header).
  • Hop limit (255).
  • Other configuration information related to DHCPv6 and SLAAC.

Multiarea OSPF LSA Operation

• OSPF LSAs (Link State Advertisements) are used to advertise details about OSPF networks.
• Each LSA type provides specific information about the OSPF network topology.
• LSAs in combination describe the entire topology of an OSPF network.
• LSA Type 1: Router Link Entries
  • Routers advertise their directly connected OSPF-enabled links in a LSA Type 1.
  • LSA Type 1 are flooded only within the area in which they originated.
  • ABRs advertise the networks learned from the type 1 LSAs to other areas as type 3 LSAs.
  • LSA Type 1 link ID is identified by the router ID of the originating router.

Secure Remote Access

• SSH is a secure protocol for remote access, that uses encryption to protect data.
• SSH is used to communicate with network devices and issue commands.

Switch Port Security

• Switch Port Security limits the number of valid MAC addresses allowed to transmit data through a switch port.
• Port security methods:
  • Static Secure MAC Addresses: Manually configured.
  • Dynamic Secure MAC Addresses: Dynamically learned and removed if the switch restarts.
  • Sticky Secure MAC Addresses: Dynamically learned and added to the running configuration.

Switch Port Security: Violation Modes

• Switch port security violation modes:
  • Protect: Data from unknown MAC addresses is dropped without sending a security notification.
  • Restrict: Data from unknown MAC address is dropped, and a security notification is generated with an increment of the violation counter.
  • Shutdown: The interface is error-disabled; a security notification is generated with an increment of the violation counter.

Switch Port Security: Configuring

• Switch port security features are configured using interface configuration commands.
• The 'switchport port-security' command enables port security on an interface.
• Example configuration:
  • switchport mode access (Configures the port to access mode)
  • switchport port-security (Enables Port Security).
  • switchport port-security maximum 2 (Maximum number of MAC addresses allowed on the port).
  • switchport port-security mac-address sticky 00:00:00:00:00:00 (Adds a static MAC address to the port with sticky learning).
  • switchport port-security violation shutdown (Sets violation mode to shutdown)

Switch Port Security: Verifying

• The show port-security interface command displays information about the port security configuration.
• The show port-security address command lists the learned MAC addresses on the port.
• The show running-config command displays the configured MAC addresses added to the configuration.

Switch Port Security: Ports in Error Disabled State

 - When a port security violation occurs, the switch console will display a message showing the port link status has changed to down.
 - You must first shut down the port and then issue the 'no shutdown' command to re-enable the port after a security violation.
 - Do not re-enable a port until the security threat is investigated and eliminated. 

Description

This quiz covers IPv6 Router Solicitation and Router Advertisement messages, including their roles in dynamic address allocation. It explores methods like SLAAC and DHCPv6 for configuring IPv6 addresses. Test your understanding of the communication between hosts and routers in an IPv6 network environment.