Shulou(Shulou.com)06/01 Report--

1. Please write the line sequence of 568A and 568B:

T568A White Green, Green, White Orange, Blue White Blue, Orange White Brown, Brown

T568B: White orange, orange white green, blue white blue, green white brown, brown

two。 What is layer 3 switching and what is the difference between talking and routing?

Layer 3 switch and router can work in the third layer of the network, according to the ip address for packet forwarding (or switching), there is not much difference in principle, these two terms tend to be unified, we can think that layer 3 switch is a multi-port router. But traditional routers have three characteristics: single-step clock processing mechanism based on CPU, and ability to handle complex routing algorithms and protocols. The low-speed data link mainly used in the wide area network is in the layer 3 switch, and the layer 3 routing hardware module related to the router is also plugged into the high-speed backplane / bus. this way enables the routing module to switch data at high speed with its other module blocks that need to be routed. It suddenly breaks the speed limit of the external router interface of the transmission system (10Mbit/s---100Mbit/s).

3. Please write down the default ports POP3, SMTP, FTP,dns,https,Oracle, ssh used by the following services:

POP3 110, SMTP 25, FTP 21/20,dns u53,https 443,oracle 1521,ssh 22

4. What is the application layer of the ISO/OSI layer 7 model:

Presentation layer, session layer, Transport layer, Network layer, data Link layer, physical layer

5. What does integrated cabling include? integrated cabling includes six subsystems: building complex connection subsystem

Equipment connection Subsystem Trunk (Vertical) Subsystem Management Subsystem horizontal Subsystem Workarea Subsystem

Including network wiring system, monitoring system, closed-circuit television system

6. Routers and switches belong to several layers of equipment.

Routers belong to layer 3 devices, and switches (usually referred to as) belong to layer 2 devices

7. With regard to the knowledge of routing, the other party asked an open question: briefly explain the routing protocols you know. Routes can be divided into static-dynamic routes. Static routes are manually maintained by administrators; dynamic routing protocols are automatically maintained. The necessary steps of the routing algorithm: 1, to transmit routing information to other routers; 2, to receive routing information from other routers

3. Calculate the optimal path to each destination network according to the received routing information, and generate a routing table; 4. Respond in time according to the changes in the network topology, adjust the route to generate a new routing table, and announce the topology changes to other routers in the form of routing information.

Two main algorithms: distance vector method (Distance Vector Routing) and link-state algorithm (Link-State Routing).

It can be divided into distance vectors (such as RIP, IGRP, EIGRP) & link-state routing protocols (such as OSPF, IS-IS). Routing protocol is a mechanism for routing information sharing between routers, which allows routers to exchange with each other and maintain their own routing tables. When the routing table of a router changes for some reason, it needs to know the change to other routers connected to it in time to ensure the correct transmission of data. Routing protocols do not undertake the task of data transmission between end users on the network.

8. If you want to get the MAC of IP 192.168.1.2 in the local area network, how to do it in the command prompt of the XP system?

First ping 192.168.1.2 you can get [available nbtstat-a 192.168.1.2 at one time] by viewing the arp list with the ARP-a command.

9. View and edit the local policy and what you can enter at the start / run

Gpedit.msc

10. What is the command to convert FAT32 to NTFS partition

Convert x: / fs:ntfs x: indicates the partition to be converted

11. Manually update what is the IP address assigned by DHCP

Ipconfig / renew

12. What is a hidden directory with a System Volume Information name under each partition of XP? And

Pagefile.sys file?

System Volume Information this directory is used by XP's automatic restore function and stores restore point files. Pagefile.sys is PF, the file of virtual memory.

13. By default, there is no way to set user permissions for file sharing in XP. Only one allows network users to change my file options, but what should I do if I need to set different user rights for this shared folder?

Open Explorer-tools-folder options-View-use simple file sharing (recommended) to uncheck the previous box, or open Group Policy Editor-computer configuration-windows Settings-Local Policy-Security options-Network access: shared security mode for local accounts, or change this property to "Codex" mode.

14. What is the basic network transport protocol used by instant messaging software such as QQ?

UDP and TCP protocols are adopted, UDP is mainly used in QQ, TCP is used in some cases, and instant messaging is mostly used.

UDP protocol

15. Which folders are only displayed under the C disk of the XP system that has just been installed?

Only windows,program files, documents and settings,System Volume.

Information (with hidden attributes), RECYCLER (with hidden attributes).

16. What are the important documents recorded in the Windows XP system disk C root catalogue (hidden text)

Ntldr, ntdetect.com,boot.ini

17. When the computer is turned on, there is a ticking sound in the mainframe, and the display does not have any signal. What may be the cause of this phenomenon and how to deal with it? May be caused by memory problems, generally loose memory, more dust. Can do dust cleaning, re-insert memory and other operations. According to the different calling body, we can also judge that it is other hardware and other problems.

18. If the computer system is paralyzed (the XP system disk is C), the normal startup cannot enter the system, and there are important documents in the C disk, how can you save it and how to do it? May be caused by memory problems, generally loose memory, more dust. Can do dust cleaning, re-insert memory and other operations. According to the different calling body, we can also judge that it is other hardware and other problems.

19. What should I pay attention to before reinstalling the system to format the C disk? Disk space allows you to back up the entire windows directory. Mainly back up program files directory, my document directory, documents and settings directory. In addition: backup some software installation information and so on.

20. How to set up a broadband router (basic steps)

For the setting of broadband routing, there are several steps that are not complicated: set the dialing properties, usually the user name and password provided by PPPOE,ISP, set the legal IP address of the private network, and recommend starting the firewall function.

21. What is VLAN, how to add a VLAN to the CISCO switch, and how to delete it?

VLAN, also known as virtual local area network, refers to the division of the local area network at the network layer. A VLAN forms a logical subnet, that is, an independent broadcast domain. The broadcast network traffic generated by each subnet is limited to each subnet, which reduces the collision rate of data frames. It can cover multiple network devices. Allow network users in different geographical locations to join a logical subnet. Add a VLAN 2 command to the CISCO switch as follows:

Switch > enable Switch#vlan database Switch (vlan) # vlan 2

Switch (vlan) # exit

/ / set the vlan port as follows:

Switch (config) # int e0ram 6 / / set port 6 slave vlan 2

Switch1 (config-if) # vlan-membership static 2

Switch#vlan database

Switch (vlan) # no vlan 2

Switch (vlan) # exit

Switch > no int vlan 2t

twenty-two。 How many levels of disk RAID are there, and what are they? Which ones do you know or use? please give a general description and difference between them. There are the following RAID levels: NRAID,JBOD,RAID0,RAID1,RAID0+1,RAID3,RAID5 and so on. At present, RAID0,RAID1,RAID3,RAID5 and RAID (031) are commonly used. The differences are roughly as follows:

RAID 0 has the fastest access speed but no fault tolerance

RAID 1 is fully fault tolerant but expensive, with 50% disk utilization. RAID 3 has the best write performance but no multitasking

RAID 5 has overhead when writing with multitasking and fault tolerance

RAID 0room1 is fast, fully fault tolerant, but expensive

23. Do you know the popular SAN network platform? It is mainly a solution for which field of computer.

Case?

SAN refers to the storage area network, which is a high-speed network or subnetwork that provides data transmission between the computer and the storage system. A SAN network is composed of communication structure responsible for network connection, management layer responsible for organizing connection, storage components and computer system, so as to ensure the security and strength of data transmission.

24. Please name several dynamic routing protocols and talk about the difference between dynamic routing and static routing.

(1) RIP routing protocol

RIP protocol was originally designed for the Xerox parc general protocol of Xerox network system, and it is a commonly used routing protocol in Internet. RIP uses the distance vector algorithm, that is, the router chooses a route according to the distance, so it is also called the distance vector protocol. The router collects all the different paths that can reach the destination and keeps path information about the minimum number of sites to reach each destination, discarding any information except the best path to the destination. At the same time, the router also notifies the neighboring routers of the collected routing information using RIP protocol. In this way, the correct routing information gradually spread to the whole network.

RIP is widely used. It is simple, reliable, and easy to configure. However, RIP is only suitable for small, homogeneous networks, because the maximum number of sites it allows is 15, any destination with more than 15 sites is marked as unreachable. And the routing information broadcast of RIP every 30 seconds is also one of the important reasons for the broadcast storm of the network.

(2) OSPF routing protocol

0SPF is a link-state-based routing protocol that requires each router to send link-state broadcast information to all other routers in the same management domain. All interface information, all metrics, and other variables are included in the link-state broadcast of OSPF. The router using 0SPF must first collect the relevant link state information and calculate the shortest path to each node according to a certain algorithm. Distance vector-based routing protocols only send routing updates to their neighboring routers.

Different from RIP, OSPF subdivides an autonomous domain into zones, that is, there are two types of routing methods: local routing when the source and destination are in the same area, and interval routing when the source and destination are in different areas. This greatly reduces the network overhead and increases the stability of the network. When the router in an area fails, it does not affect the normal work of the routers in other areas in the autonomous domain, which also brings convenience to the management and maintenance of the network.

(3) BGP and BGP4 routing protocols

BGP is an external gateway protocol designed for TCP/IP Internet, which is used between multiple autonomous domains. It is neither based on pure link-state algorithm, nor based on pure distance vector algorithm. Its main function is to exchange network reachable information with BGP of other autonomous domains. Each autonomous domain can run different internal gateway protocols. The BGP update information includes pairwise information of the network number / autonomous domain path. The autonomous domain path includes the autonomous domain string that must be passed to a specific network, and these update messages are transmitted through TCP to ensure the reliability of transmission.

In order to meet the growing needs of Internet, BGP is still developing. In the latest BGP4, similar routes can also be merged into a single route.

(4) IGRP and EIGRP protocols

EIGRP and the early IGRP protocol are both invented by Cisco and are dynamic routing protocols based on distance vector algorithm. EIGRP (Enhanced Interior Gateway Routing Protocol) is an enhanced version of the IGRP protocol. It belongs to dynamic interior gateway routing protocol and still uses vector-distance algorithm. However, its implementation has been greatly improved compared with IGRP, and its convergence and operation efficiency are significantly higher than those of IGRP.

Its convergence property is based on DUAL (Distributed Update Algorithm) algorithm. DUAL algorithm makes it impossible for the path to form a loop in routing calculation. Its convergence time can compete with any other routing protocols that already exist.

The main differences between Enhanced IGRP and other routing protocols include convergence wide speed (Fast Convergence), support for variable length subnet mask (Subnet Mask), local updates, and multi-network layer protocols. The router that performs the Enhanced IGRP stores all of its adjacent routing tables so that it can quickly take advantage of various selective paths (Alternate Routes). If

Without a suitable path, Enhanced IGRP queries its neighbors to get the desired path. Until the right path is found, Enhanced

The IGRP query will be terminated, otherwise it will continue.

EIGRP protocol aggregates all EIGRP routes with arbitrary mask length, thus reducing the transmission of routing information and saving bandwidth. In addition, the EIGRP protocol can be configured to support route aggregation on the bit boundary router of any interface.

EIGRP does not make periodic updates. Instead, when the path metric changes, Enhanced IGRP sends only local update (Partial Updates) information. The transmission of local update information is automatically limited, so that only those routers that need information will be updated. Based on these two performances, Enhanced IGRP consumes much less bandwidth than IGRP.

Using the enhanced interior gateway routing protocol, a router maintains a copy of the routing table of its neighboring routers. If it cannot find a route to its destination from these tables, it asks its neighboring routers for a route and they take turns asking their neighboring routers until a route is found. In order to keep all routers paying attention to the state of neighboring routers, each router sends out "handshake" packets regularly. A router that does not receive a "handshake" packet within a certain time interval is considered invalid.

A static route is a route in which the routing table is manually set by the network manager. The advantage of static routing is that the network is addressed quickly and is suitable for network systems with little change in the network.

Dynamic routing refers to the way that the routing table is not manually set by the network manager, but is automatically generated by the router through port address learning. The advantage of dynamic routing is that it has strong adaptability to network changes and is suitable for network systems with great changes in network environment.

In a router, static and one or more dynamic routes can be configured at the same time. The routing tables maintained by each of them are provided to the forwarder, but conflicts may occur between the entries of these routing tables. This conflict can be resolved by configuring the priority of each route table. Usually, static routes have the default highest priority, and when other routing table entries contradict it, they are forwarded according to static routes.

25. What is the difference between RIP version 1 and version 2?

Answer: ① RIP-V1 is a classful routing protocol, RIP-V2 is a classless routing protocol ② RIP-V1 broadcast routing updates, RIP-V2 multicast routing updates ③ RIP-V2 routing updates carry more information than RIP-V1

twenty-six。 Describe RIP and OSPF, their differences and characteristics

RIP protocol is a traditional routing protocol, which is suitable for relatively small networks, but with the rapid development and rapid expansion of Internet network, RIP protocol can not adapt to today's network.

The OSPF protocol was formulated when the Internet network expanded rapidly, and it overcame many shortcomings of the RIP protocol.

RIP is a distance vector routing protocol; OSPF is a link-state routing protocol.

The RIP&OSPF administrative distances are 120,110, respectively.

1.RIP protocol A route has a limit of 15 hops (gateway or router), if a RIP network route spans more than 15

Hop (router), it considers the network unreachable, while OSPF has no limit on the number of routers across.

2.OSPF protocol supports variable length subnet mask (VLSM), but RIP does not, which makes RIP protocol lack of support for the lack of current IP address and the flexibility of variable length subnet mask.

3.RIP protocol broadcasts the routing table regularly rather than the actual situation of the network, which is a great waste of network bandwidth resources, especially for large-scale wide area networks. The routing broadcast update of OSPF protocol only occurs when the route state changes. IP multicasting is used to send link-state update information, which is a saving of bandwidth.

4.RIP network is a flat network, there is no layering for the network. OSPF establishes a hierarchical concept in the network, which can divide the network domain in the autonomous domain, limit the broadcast of the route to a certain range, and avoid the waste of link relay resources.

5.OSPF adopts authorization mechanism when routing broadcast, which ensures the security of the network.

The difference between the above two shows the characteristics of OSPF protocol that comes from behind, and its advanced nature and complexity make it adapt to today's increasingly.

Huge Internet network and become the main Internet routing protocol

twenty-seven。 What is HSRP? How does it work?

A: HSRP is a hot backup routing protocol, proprietary to Cisco. Through HSRP, a group of routers can work together to represent a virtual router, and the backup group works like a router, with a virtual IP address and a MAC address. From the end host, the virtual primary router is a router with its own IP address and MAC address, which is different from the actual physical router. If one router in this group fails, the other router takes over. Routing is business as usual.

twenty-eight。 Introduce ACL and NAT? How many ways are there for NAT?

ACL:1 and access control list (ACL) are instruction lists (rules) applied to the router interface to tell the router which packets can be received and forwarded and which packets need to be rejected. 2. How ACL works: read the information in layer 3 and layer 4 headers and filter packets according to predefined rules 3. Use ACL to realize network control: the core technology to realize access control list is packet filtering; 4. Two basic types of ACL (standard access control list; extended interview control list)

NAT: change the IP header so that the destination address, source address, or two addresses are replaced by different addresses in the header. Static NAT, dynamic NAT, PAT

twenty-nine。 What is the main purpose of the STP protocol? Why use STP?

Main uses: 1. STP eliminates path loops that may exist in the bridged network by blocking redundant links; 2. When the current active path fails, STP activates redundant links to restore network connectivity. Cause: when there is a loop in the switching network: broadcast loop (broadcast storm); bridge table damage

thirty。 VPN has three solutions, and users can choose according to their own situation. The three solutions are: remote access virtual network (AccessVPN), enterprise internal virtual network (IntranetVPN) and enterprise extended virtual network.

(ExtranetVPN), these three types of VPN correspond to the traditional remote access network, the Intranet within the enterprise, and the Extranet composed of the enterprise network and the enterprise network of related partners.

"take a Cisco router as an example, do you write down the configuration command for router-on-a-stick? Answer: router (config) # interface f0ip 1.1

Router (config-if) # encapsulation dotlQ 100 router (config-if) # ip add 192.168.1.1 255.255.255.0 router (config-if) # no shutdown

Router (config-if) # interface f0bin1.2 router (config-if) # i encapsulation dotlQ 200 router (config-if) # i ip add 192.168.2.1 255.255.255.0 router (config-if) # no shutdown

thirty-one。 What is VPN?

VPN (V irtual Private Network): virtual private network is a new network technology, which provides us with a way to securely access the private network in the enterprise through the public network.

thirty-two。 The encryption technology of VPN. The encryption technology used by VPN depends on the type of VPN server, so it can be divided into two cases.

1. For PPTP servers, MPPE encryption technology will be used. MPPE can support a standard encryption scheme with a 40-bit key and

Enhanced encryption scheme for 128-bit keys. Data is encrypted by MPPE only after MS-CHAP, MS-CHAP v2, or EAP/TLS authentication is negotiated, and MPPE requires public client and server keys generated by these types of authentication.

2. For L2TP servers, the IPSec mechanism will be used to encrypt data. IPSec is a suite of cryptographic protection services and security protocols. IPSec provides machine-level authentication and data encryption for VPN connections that use the L2TP protocol. Before a L2TP connection to protect passwords and data is established, IPSec negotiates between the computer and its remote VPN server. The encryption available for IPSec includes the data encryption standard DES for 56-bit keys and triple DES (3DES) for 56-bit keys

thirty-three。 Authentication method of VPN:

1. Authentication method of PPP

2. CHAP:CHAP negotiates a secure form of encrypted authentication by using MD5, an industry standard hash scheme. CHAP uses a challenge-response mechanism and an one-way MD5 hash when responding. In this way, you can prove to the server that the client knows the password, but you don't have to actually send the password to the network.

3. MS-CHAP: similar to CHAP, Microsoft developed MS-CHAP to authenticate remote Windows workstations. It uses challenge-response mechanism and one-way encryption when responding. And MS- CHAP does not require the use of original text or reversible encrypted passwords.

4. MS-CHAP v2:MS-CHAP v2 is the second version of the challenge handshake authentication protocol developed by Microsoft, which provides mutual authentication and stronger initial data keys, and different keys are used for sending and receiving. If the VPN connection is configured to use MS-CHAP v2 as the only authentication method, both the client and the server side will prove their identity, and if the connected server does not provide authentication of their own identity, the connection will be disconnected.

5. EAP:EAP is developed to meet the growing demand for remote access users using other security devices to authenticate. By using EAP, you can increase support for many authentication schemes, including token cards, one-time passwords, public key authentication using smart cards, certificates, and other authentication. For VPN, using EAP protects against brute force or dictionary attacks and password guessing, providing greater security than other authentication methods, such as CHAP.

6. In Windows system, EAP authentication method will be used for authentication by smart card, and CHAP, MS-CHAP or MS-CHAP v2 authentication method will be used for authentication by secret code.

thirty-four。 What's the difference between VLAN and VPN? On which layer of OSI is it implemented?

VPN is a three-layer encapsulation encryption technology, and VLAN is a second-layer marking technology (although ISL uses encapsulation), although the user views are somewhat similar, they should not be the same level of concept.

VLAN (V irtual Local Area Network), namely virtual local area network, is a new technology to realize virtual working group by dividing the devices in the local area network into network segments logically rather than physically.

The implementation of VLAN on the switch can be roughly divided into two categories: static VLAN;2 based on port partition and dynamic VLAN based on MAC address | IP. At present, it is mainly the implementation of static VLAN.

VLAN communication across switches is achieved through the use of Dot1Q or ISL encapsulation (identification) technology on TRUNK links. VPN (Virtual Private Network) is defined as establishing a temporary and secure connection through a public network (usually the Internet). It is a secure and stable tunnel through a chaotic public network.

VPN uses three technologies to ensure the security of communication: tunneling protocol, data encryption and authentication.

■ VPN uses two tunneling protocols: point-to-point tunneling protocol (PPTP) and layer 2 tunneling protocol (L2TP).

The encryption technology used by ■ VPN depends on the type of VPN server, so it can be divided into two cases.

For the PPTP server, the MPPE encryption technology MPPE can support the standard encryption scheme of 40-bit key and the enhanced encryption scheme of 128-bit key. Data is encrypted by MPPE only after MS-CHAP, MS-CHAP v2, or EAP/TLS authentication is negotiated, and MPPE requires public client and server keys generated by these types of authentication. For L2TP servers, the data will be encrypted using the IPSec mechanism. IPSec is a suite of cryptographic protection services and security protocols. IPSec provides machine-level authentication and data encryption for VPN connections that use the L2TP protocol. IPSec negotiates between the computer and its remote VPN server before the L2TP connection between the protection password and the data is established. The encryption available to IPSec includes the data encryption standard DES for 56-bit keys and triple DES (3DES) for 56-bit keys.

Authentication method of ■ VPN

It has been mentioned earlier that the authentication of VPN uses the authentication method of PPP, so here are several methods of authentication for VPN.

CHAP CHAP negotiates a secure form of encrypted authentication by using MD5, an industry standard hashing scheme. CHAP uses a challenge-response mechanism and an one-way MD5 hash when responding. In this way, you can prove to the server that the client knows the password, but you don't have to actually send the password to the network.

MS-CHAP is similar to CHAP. Microsoft developed MS-CHAP to authenticate remote Windows workstations. It uses a challenge-response mechanism and one-way encryption when responding. And MS-CHAP does not require the use of original text or reversible encryption codes.

MS-CHAP v2 MS-CHAP v2 is the second version of the challenge handshake authentication protocol developed by Microsoft. It provides mutual authentication and stronger initial data keys, and different keys are used for sending and receiving. If the VPN connection is configured to use MS-CHAP v2 as the only authentication method, both the client and the server have to prove their identity, and if the connected server does not provide authentication of their own identity, the connection will be disconnected.

EAP EAP was developed to meet the growing need to authenticate remote access users using other security devices. By using EAP, you can increase support for many authentication schemes, including token cards, one-time passwords, public key authentication using smart cards, certificates, and other authentication. For VPN, using EAP protects against brute force or dictionary attacks and password guessing, providing greater security than other authentication methods, such as CHAP. In Windows systems, EAP authentication will be used for authentication using smart cards, and CHAP, MS-CHAP, or MS-CHAP v2 authentication will be used for authentication by password.

thirty-five。 What is a static route? What is dynamic routing? What are their respective characteristics?

A static route is a fixed route manually configured by the administrator in the router. The route clearly specifies the path that the packet must take to reach its destination. Unless the network administrator intervenes, the static route will not change. Static routes can not respond to the changes of the network, so it is generally said that static routes are used in networks with small scale and relatively fixed topology. Static routing characteristics

1. It allows precise control over the behavior of routes

2. Reduced network traffic

3. It is one-way

4. The configuration is simple. Dynamic routing is a process in which routers in the network communicate with each other, transmit routing information, and update the router table with the routing information received. Is based on some kind of routing protocol. Common routing protocol types are distance vector routing protocols (such as RIP) and link-state routing protocols (such as OSPF). Routing protocols define rules for routers to communicate with other routers. Dynamic routing protocols generally have routing algorithms. The necessary steps of its routing algorithm

1. Pass routing information to other routers

2. Receive routing information from other routers

3. Calculate the optimal path to each destination network according to the received routing information, and generate a routing table.

4. Make a timely response according to the change of the network topology, adjust the route to generate a new routing table, and announce the topology change to other routers in the form of routing information.

Dynamic routing is suitable for networks with large scale and complex topology. Dynamic routing features:

1. There is no need for manual maintenance by the administrator, which reduces the workload of the administrator.

2. Take up the network bandwidth.

3. Run the routing protocol on the router so that the router can automatically adjust the routing entries according to the changes in the network topology

thirty-six。 Common authentication methods:

1) password Authentication Protocol (PAP)

PAP is a simple method of plaintext verification. NAS (Network access Server, Network Access Server) requires users to provide user names and passwords, and PAP returns user information in clear text. Obviously, the security of this authentication method is poor, and the third party can easily obtain the transmitted user name and password, and use this information to establish a connection with NAS to obtain all the resources provided by NAS. Therefore, once a user's password is stolen by a third party, PAP cannot provide protection from a third party.

2) Challenge-handshake Verification Protocol (CHAP)

CHAP is an encrypted authentication method that avoids sending the user's real password when establishing a connection. NAS remotely

The user sends a challenge password (challenge), which includes a session ID and an arbitrarily generated challenge string (arbitrary challengestring). The remote customer must use the MD5 one-way hash algorithm (one-way hashing algorithm) to return the user name and encrypted challenge password, session ID, and user password, where the user name is sent in a non-hash manner.

CHAP has improved PAP so that instead of sending plaintext passwords directly over the link, the password is encrypted with a hash algorithm using a challenge password. Because the plaintext password of the client exists on the server side, the server can repeat the operation performed by the client and compare the result with the password returned by the user. CHAP generates an arbitrary challenge string for each authentication to protect against reproduction attacks (replay attack). Throughout the connection, CHAP will repeatedly send the challenge password to the client from time to time to prevent the third party from impersonating a remote customer (remote client impersonation).

thirty-seven。 What's the difference between PAT and NAT?

PAT is called port address translation, and NAT is a network address translation, defined by RFC 1631. PAT can be seen as a part of NAT. In NAT, consider a situation where there is only one Public IP and there are multiple Private IP internally. At this time, NAT will track and record different sessions by mapping UDP and TCP port numbers. For example, if users A, B, C visit CSDN at the same time, the NAT router will map user A, B, C access to 1088, 1098, 23100 (for example, it is actually dynamic), which is actually PAT at this time.

From the above inference, PAT can theoretically support (65535-1024) = 64511 connection sessions at the same time. However, in practical use, because the device performance and physical connection characteristics can not be achieved, each Public IP in the router NAT function of CISCO can effectively support about 4000 sessions.

thirty-eight。 How does the switch forward packets?

The switch generates the switch's MAC address table by learning the source MAC address in the data frame, the switch looks at the destination MAC address of the data frame, forwards the data according to the MAC address table, and if the switch does not find a match in the table, it broadcasts the data frame to all ports except the port that received the data frame.

thirty-nine。 This paper briefly describes the function and working principle of STP.

Function: (1) can logically block the loop and generate the topology of the tree structure

(2) can constantly detect the changes of the network, when the main line fault is disconnected, STP can also calculate the active resistance to play a broken port, play the role of link backup.

How it works: STP steps to generate a loop-free topology from a ring network: select the root bridge (Root Bridge)

Select root port (Root Ports) Select designated port (Designated Ports)

Spanning tree mechanism

There is a root bridge in every STP instance. There is a root port on every non-root bridge and a designated port for each network segment.

Non-designated port blocking STP is the focus of switched network, check whether it is understood.

forty。 The difference between traditional multi-layer switching and CEF-based multi-layer switching is briefly described.

To put it simply: traditional multilayer switching: one routing, multiple switching multilayer switching based on CEF: no routing, always switching.

What is the purpose of 48DHCP, and how do you get a DHCP server in vlan to assign IP addresses to the entire enterprise network?

Function: dynamic host configuration protocol, dynamic allocation of IP addresses for clients.

Configure the DHCP relay, that is, the help address. (because DHCP is broadcast-based, vlan or router isolates broadcasts)

forty-one。 None of the users on one switch can get the IP address, but the same vlan on this switch is configured manually

Users can communicate with each other by ping, but ping is not connected to the external network. Please tell us the way to solve the problem.

1: if the end devices on other switches can obtain the IP address, see if the help address is configured correctly

2: whether the switch is encapsulated as Trunk between the switch and the connected switch.

3: if one-arm routing implements inter-vlan routing, it depends on whether the sub-interface is configured correctly, and if the layer 3 switch implements inter-vlan routing, it depends on whether the vlan is configured with ip address and whether the configuration is correct.

4: see if there is a problem with the cascade connection between this switch and the connected switch

The idea of troubleshooting.

forty-two。 Briefly describe the anti-ring mechanism of RIP:

1. Define the maximum number of hops Maximum Hop Count (15 hops)

two。 Split horizon Split Horizon (all APIs are enabled by default, except the physical APIs of Frame-Relay. You can use sh ip interface to check whether they are enabled or disabled)

3. Poison routing Poizoned Route

4. Poison inversion Poison Reverse (RIP is unreliable based on both UDP,UDP and IP, and does not know whether the other party has received the poison route; similar to the Ack mechanism for poison route)

5. Keep the timer hold-down T imer (prevent frequent flipping of the routing table)

6. Flash update Flash Update

7. Trigger update Triggered Update (need to be started manually, and both sides need to open Router (config-if) # ip rip triggered)

When triggered updates are enabled, RIP no longer follows the periodic update time of 30s, which is different from flash updates.

4 timers of RIP: update timer (update): 30s

Invalid timer (invalid): 180s (if no update is received in 180s, set to possible down status) hold timer (holddown): 180s (only 60s that really works) refresh timer (flush): 240s (if no update is received in 240s, delete this route)

If the route becomes possible down, the number of hops of the route will become 16 hops, marked as unreachable; then holddown

The timer starts.

Do not add to the routing table even if a better route is received during holddown time; this is done to prevent frequent route flipping. When to enable the holddown timer: "when the hop count of a route update is greater than the number of hops of that route recorded in the routing table"

forty-three。 Briefly describe the advantages of PPP protocol. Support for synchronous or asynchronous serial link transmission supports multiple network layer protocols

Supports error detection, supports address negotiation at the network layer, supports user authentication and allows data compression.

forty-four。 You all know those redundant technologies of the network, please explain.

Switch redundancy: spanning-tree, ethernet-channel routing redundancy: HSRP,VRRP,GLBP. (you can introduce it in detail if necessary)

The principle, advantages and disadvantages of 45.NAT.

Principle: translation of internal addresses, translation of external addresses, PAT, address overlap problem.

Advantages: save IP addresses, be able to handle address duplication, increase flexibility, eliminate address renumbering, and hide the interior

IP address.

Disadvantages: increased latency, lost end-to-end IP tracking process, can not support some specific applications (such as: SNMP), need more memory to store a NAT table, need more CPU to deal with NAT process.

forty-six。 Talk about the parsing process of ARP.

Answer: ARP is used to resolve a known IP address to an MAC address for communication at the MAC layer. To determine the MAC address of the destination, first look up the ARP cache table. If the MAC address you are looking for is not in the table, ARP sends a broadcast to discover the MAC address of the destination and record it in the ARP cache table for next look-up.

Some of the following questions are related to experience, and there are no standard answers, which can be answered according to the actual situation (some archduke companies like to ask, and the quality of the answer shows that your experience in this industry has a lot to do with your salary):

Please state the router model you have configured and some of the most commonly used configuration commands. Please introduce several ways to create a virtual host on a web server.

Please introduce several proxy servers you have used. Please provide several plans for the construction of mail servers. 5. Name the database products you have used.

What do you think is the hardest part of SQL2000 database and why? 7. Introduce the network management software you have used and its characteristics.

What do you think is the most important ability of a network engineer?

If you were responsible for connecting all the computers of a company to the Internet, which access method would you choose and why? If you are faced with users who are not familiar with computers, how will you work? Which operating system would you choose to install on your company's computer and why? Which operating systems have you used and briefly describe their characteristics? What kind of network will you choose when building an intranet in your company in the future? What type of router have you used?

15. What do you think are the most common failures in the network? Give a brief introduction to the network you have managed.

What is the function of the DHCP server? What dhcp server construction plan can you provide? what backup methods have you used? Please explain it in detail.

-the above are all found and sorted out on the Internet.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.