CCNP Archives - Page 4 of 10 - Anthony Sequeira's Blog Home

In many of our Cisco courses, we learn that networking best practices often point to the non-use of the Native VLAN. But why is this?

It turns out there are security vulnerabilities that could result from having a VLAN not tagged across your trunk links. For example, there is the VLAN hopping attack.

Here is how this attack could work:

Step 1: A bad person at a customer site wants to send frames into a VLAN that they are not part of.

Step 2: This person double tags the frame (Q-in-Q) with the outer frame matching the native VLAN in use at the provider edge switch.

Step 3: The provider edge switch strips off the outer tag (because it matches the native VLAN), and send this frame across the trunk.

Step 4: The next switch in the path examines the frame and reads the inner VLAN tag and forwards the frame accordingly.

Notice this attack is unidirectional. The attacker can send traffic into the VLAN, but traffic will not return. Even still, this is obviously not something we want taking place.

What are possible solutions?

Use ISL trunks in the cloud – this becomes less and less possible as ISL trunks fade away.
Use a Native VLAN that is outside of the range permitted for the customer.
Tag the native VLAN in the cloud.

IPv6

This latest quiz is focused on IPv6 with a bias to Cisco Systems. These questions are what one could expect on a CCNP or CCIE exam across various tracks. Enjoy!

IPv6 Quiz - Cisco Bias

Please wait while the activity loads.
If this activity does not load, try refreshing your browser. Also, this page requires javascript. Please visit using a browser with javascript enabled.

If loading fails, click here to try again

Start

Congratulations - you have completed IPv6 Quiz - Cisco Bias. You scored %%SCORE%% out of %%TOTAL%%. Your performance has been rated as %%RATING%%

Your answers are highlighted below.

Question 1

What is the minimum MTU size that is required for an IPv6 packet?

A	576 Bytes
B	1280 Bytes
C	1500 Bytes
D	1460 Bytes

Question 1 Explanation:

While the minimum supported MTU size was 576 Bytes with IPv4, with IPv6 this minimum has increased to 1280 Bytes.

Question 2

What is the interface configuration mode command that is used to enable RIPng?

A	ipv6 router ripng
B	ipv6 ripng enable
C	ipv6 rip enable
D	ipv6 router rip

Question 2 Explanation:

RIP (like other IPv6 routing protocols) is enabled on the interface, this is done with the ipv6 rip name enable command. The ipv6 router rip name command is used to change process-wide variables (like maximum paths). Another example is OSPF. This is configured under an interface with ipv6 ospf 1 area 0, for example. Notice the process ID is set to 1 and the area is the backbone (0).

Question 3

Which of the following command would correctly permit SSH traffic from any IPv6 source to the 2001::/64 network?

A	permit tcpv6 2001::/64 any eq ssh
B	permit tcpv6 any 2001::/64 eq ssh
C	permit tcp 2001::/64 any eq ssh
D	permit tcp any 2001::/64 eq ssh

Question 3 Explanation:

IPv6 ACL statements are very similar to IPv4 ACL statements except wildcard marks are not used; in this case the permit tcp any 2001::/64 eq ssh statement accomplishes the goals, allowing traffic from any source to pass to the 2000::/64 network over SSH.

Question 4

What is the command that is used to enable an IPv6 DHCP Relay Agent?

A	ipv6 helper-address ipv6-address
B	ipv6 forwarding-address ipv6-address
C	ipv6 dhcp relay ipv6-address
D	ipv6 dhcp relay destination ipv6-address

Question 4 Explanation:

The need for a DHCP relay agent with IPv6 is the same as it is with IPv4; the configuration is slightly different but the operation is similar at a high level. The ipv6 dhcp relay destination ipv6-address command is used on the router that connects to the client segment and points to the unicast address of the DHCP server.

Question 5

What is the name of the feature that can be used to translate between an outside IPv6 global prefix to an inside unique local or separate global prefix?

A	NAT-PT
B	NAT66
C	NPTv6
D	NAT64

Question 5 Explanation:

The Network Prefix Translation (NPTv6) feature is used to translate between an outside IPv6 global prefix to an inside unique local or separate global prefix.

Question 6

Which of the following DNS record types resolves hostnames into IPv6 addresses?

A	CNAME
B	NS
C	MX
D	AAAA

Question 6 Explanation:

A Hosts (AAAA) record is used to resolve a Fully Qualified Domain Name (FQDN) to a IPv6 address.

Once you are finished, click the button below. Any items you have not completed will be marked incorrect. Get Results

There are 6 questions to complete.

←

List

→

Return

Shaded items are complete.

1	2	3	4	5
6	End

Return

Anthony Sequeira's Blog Home

Serving the Internet Information Technology training for decades!

Category Archives: CCNP

An Example of a Security Exploit Due to the Native VLAN

IPv6 Quiz – Cisco Bias

IPv6 Quiz - Cisco Bias

Share this:

IPv6 Quiz - Cisco Bias

Share this: