ITC 465 Chapter 13
Hot Standby Router Protocol (HSRP)
A Cisco-proprietary protocol that allows two (or more) routers to share the duties of being the default router on a subnet, with an active/standby model, with one router acting as the default router and the other sitting by waiting to take over that role if the first router fails.
Intercloud Exchange
A WAN service that provides connectivity between public cloud providers and their customers, so that customers can install and keep the WAN connections, even when migrating from one cloud provider to another.
Point-To-Point Tunneling Protocol (PPTP)
A protocol that works with PPP to provide a secure data link between computers using encryption.
Virtual router
A router that is implemented in software within a virtual machine. The scalability of a virtual machine makes it easy to add capacity to the router when it is needed. Virtual routers are easily managed and are highly scalable without requiring the purchase of additional network hardware.
Virtual firewalls
A software or hardware firewall that has been specifically created to operate in the virtual environment.
Standby router
A standby router becomes the active router if the existing active router fails
Network diagrams
There are two types of network diagrams: Physical diagrams show the physical location of every network device. The diagram shows each device, its connections, and how each device is physically connected to others. Logical diagrams show larger network components such as subnets and VLANs. They show how data flows across the network.
Network device documentation
This documentation contains all up-to-date information on every network device. The following information should be included in this document: OS version IP address MAC address VLAN Port information Any other pertinent information
Gateway Load Balancing Protocol (GLBP)
This is a Cisco-proprietary FHRP that protects data traffic from a failed router or circuit, like HSRP and VRRP, while also allowing load balancing (also called load sharing) between a group of redundant routers.
Trap
The SNMP Agent can communicate based on traps, which are thresholds for certain parameters. Whenever an agent detects that its associated device has exceeded one of these thresholds, it sends an SNMP trap message to the SNMP Manager (instead of waiting to be polled). Trap messages are sent on UDP port 162. Set messages set variables in SNMP.
Poll
The SNMP Manager can poll (query) the SNMP Agents for specific information regarding their associated devices. These are referred to as get messages. The SNMP Manager consolidates this information and makes it available to the system administrator. Poll messages are sent on UDP port 161.
Rapid elasticity
The ability to seamlessly provision resources and scale resource usage back depending on demand.
Controller
The controller (sometimes called a software-defined network controller) is a software platform that contains several smaller applications, each of which performs some type of control plane functionality. Controllers have the following functions: Monitor network traffic. Communicate with network devices. Learn about the network topology. Manage network configurations. Some networks might use controllers to monitor traffic, but not to make configuration changes.
Transport mode
The data payload is protected - IPSec
Broad network access
The service needs to be provided over a network, typically the internet, and be available in multiple platforms, such as mobile phones, tablets, laptops, and workstations.
Secure Socket Tunneling Protocol (SSTP)
VPN tunnel that provides a mechanism to transport PPP or L2TP traffic through an SSL 3.0 channel. SSL provides transport-level security with key-negotiation, encryption and traffic integrity checking. Available for Linux, BSD, and Windows. Use of Port 443 allows it to easily pass through firewalls. AKA SSL VPN (similar to OpenVPN)
Router#show ntp status
Verifies that the local time is synchronized with the NTP time provider specified in the ntp server command. Offset and dispersion statistics are displayed as well.
Layer 2 Tunneling Protocol with Internet Protocol Security (L2TP/IPsec)
Was developed by Microsoft and Cisco in the 1990s. Pairs L2TP with IPsec to make it one of the more secure VPN methods. Is slower than PPTP due to higher encryption standards.
Dynamic Multipoint VPNs
When an organization needs to add more sites, other VPN types may not be sufficient. Dynamic Multipoint VPN (DMVPN) is a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable manner. DMVPN uses a hub-and-spoke configuration to establish a full mesh topology. This simplifies the VPN tunnel configuration and provides a flexible option to connect to the central site. Each site uses Multipoint Generic Routing Encapsulation (mGRE). The mGRE tunnel interface allows a single GRE interface to dynamically support multiple IPsec tunnels. Spoke sites can also obtain information about each other and alternatively build direct tunnels between themselves (spoke-to-spoke tunnels).
NTP service
When implementing NTP on a Cisco router, be aware of the following protocol characteristics: NTP runs over UDP port 123. NTP is an efficient protocol. Only one packet per minute is necessary to synchronize two machines to an accuracy of within a millisecond of one another. NTP corrects the time, keeps track of consistent time variations, and automatically adjusts for time drift on the client. By default, NTP services are disabled on all interfaces on a Cisco router. NTP is enabled globally when you enter any NTP command. NTP packets are received on all interfaces when NTP is enabled.
Virtual switches
Works the same as physical switch but allows multiple switches to exist on the same host (saving the implementation of additional hardware). Regularly used with VLAN implementations.
SSL VPN
A type of VPN that uses SSL encryption. Clients connect to the VPN server using a standard Web browser, with the traffic secured using SSL. The two most common types of SSL VPNs are SSL portal VPNs and SSL tunnel VPNs.
Remote access VPN
A user-to-LAN virtual private network connection used by remote users.
Virtual network interfaces
A virtual network interface is a software version of a physical network adapter, which is used in a virtual machine to allow it to connect to a network (either physical or virtual).
Virtual routers
A virtual router is a software-based routing framework, which allows the host machine to perform as a typical hardware router over a local area network.
Additional HSRP member routers
Additional HSRP member routers are neither active nor standby, but are configured to participate in the same HSRP group. These routers forward any packets addressed to their assigned interface IP addresses, but do not forward packets destined for the virtual router because they are not the active router.
Router(config)#ntp server [address]
Allows the software clock to be synchronized with the specified NTP time server.
Tunnel mode
An IPsec mode that encrypts both the header and the data portion.
Authentication Header (AH)
An IPsec protocol that authenticates that packets received were sent from the source identified in the header of the packet.
Encapsulating Security Payload (ESP)
An IPsec protocol that provides authentication, integrity, and encryption services.
Active router
An active router forwards traffic destined to the virtual IP address
Application Programming Interface (API)
An application program interface (API) is a standardized way for different types of software or technology to communicate with each other. On a controller, the API designates the accepted method of communication between the controller, network devices, and installed applications. Controllers use two different types of APIs: Northbound APIs are used by software applications on the controller to obtain information about the network. Northbound APIs can be written by any developer in order to fulfill a particular function. Southbound APIs are used to communicate with physical network devices. Cisco OpenFlow is the primary API used by Cisco. Because of APIs, devices from different manufacturers are able to communicate with each other through the controller.
OpenVPN
An open source VPN software that is available for multiple platforms. OpenVPN requires more effort to set up than software embedded in the OS, but it is extremely adaptable and generally more secure than other options.
Troubleshooting Model
Bottom-up This model starts at the bottom of the OSI model and the technician works through each layer. This is a good approach to use when the problem is suspected to be a physical one. Top-down This model starts at the top of the OSI model and the technician works through each layer. Use this approach for simpler problems, or when the problem is suspected to be with a piece of software. Divide-and-conquer This model starts at a middle layer (layer 3 or 4) and tests in both directions from that layer. Follow-the-path This model is used to discover the traffic path from source to destination to reduce the scope of troubleshooting. Substitution In this model, the technician physically swaps a suspected problematic device with a known, working one. Comparison Attempts to resolve the problem by comparing a nonoperational element with the working one. Educated guess Success of this method varies based on the troubleshooting experience and ability of the technician.
Sequence number
Can be used instead of a timestamp. Identifies the order of log generation.
HSRP for IPv6
Cisco-proprietary FHRP which is the same as HSRP, periodic RAs are sent to the HSRP
Site-to-site IPsec VPNs
Clients send and receive normal unencrypted TCP/IP traffic through a VPN gateway. The VPN gateway encapsulates and encrypts outbound traffic from a site and sends the traffic through the VPN tunnel to the VPN gateway at the target site. The receiving VPN gateway strips the headers, decrypts the content, and relays the packet toward the target host inside its private network.
Router(config)#snmp-server group [name] version [version#] [auth]
Configures a new Simple Network Management Protocol (SNMP) group. name is the name of the group. version# is the security model and can be 2 or 3. auth is the authentication of the packet, including: noauth - no authentication auth - authentication without encryption priv - authentication with encryption
Router(config)#snmp-server user [username] [groupname] version [version#] auth [auth-option] [auth-password] [auth] [encryption] [priv-password]
Configures a new user to a Simple Network Management Protocol (SNMP) group. username is the name of the user on the host that connects to the agent. groupname is the group to which the user belongs. version# is the security model and can be 2 or 3. auth specifies which authentication level should be used. Options include: md5 - HMAC-MD5-96 authentication level sha - HMAC-SHA-96 authentication level auth-password specifies a string that enables the agent to receive packets from the host. auth is the authentication of the packet, including: noauth - no authentication auth - authentication without encryption priv - authentication with encryption encryption specifies the encryption algorithm, including: des - 56-bit Digital Encryption Standard (DES) 3des - 168-bit 3DES algorithm aes - Advanced Encryption Standard (AES) 128 - 128-bit AES algorithm 192 - 192-bit AES algorithm 256 - 256-bit AES algorithm priv-password specifies a string that specifies the privacy user password.
Router(config)#snmp-server engineID
Configures the Simple Network Management Protocol (SNMP) engine ID.
Router(config)#ntp master [stratum-value]
Configures the device as an NTP master clock to which peers synchronize when an external NTP source is not available: stratum-value is an optional number ranging from 1 to 15. The value indicates the number of hops away a device is from an authoritative time source. This command will override valid time sources, especially if a low stratum number is configured.
Router(config)#ip flow-export destination [address] [port]
Configures the router to export NetFlow records to the NetFlow Collector configured with the IP address and UDP port specified. This command can be entered multiple times to configure records to be sent to multiple NetFlow collectors for redundancy purposes.
Internet Key Exchange v2 (IKEv2)
Consists of three protocols: IPsec tunnel mode, Encapsulating Security Payload (ESP), and IKEv2 Mobility and Multihoming (MOBIKE).
Controller Interface
Controllers use two software interfaces to communicate with network devices and applications. The northbound interface is used by the applications on the controller in order to obtain information about the network. For example, an application that creates a graphical representation of the network topology would use the Northbound interface to obtain this information. The southbound interface is used to communicate with all of the physical network devices on the network. For example, information about MAC addresses or routing tables are sent and received through this interface.
Troubleshooting process
Define the problem Verify that there is a problem and then properly define what the problem is. Gather information Identify, access, and gather information from targets (i.e., hosts and devices). Analyze information Identify possible causes using network documentation, network baselines, knowledge bases, and peers. Eliminate probable causes Progressively eliminate possible causes to identify the most probable cause. Propose hypothesis Identify the most probable cause and formulate a solution. Test hypothesis Assess the urgency of the problem, create a rollback plan, implement the solution, and verify outcome. Solve the problem Inform all involved. Then document the cause and solution to help solve future problems.
Router#show ip cache flow
Displays information on flows monitored by the NetFlow router. Several key statistics are displayed for each flow: Packet size distribution for the flow: IP packet size distribution (128 total packets): 1-32 64 96 128 160 192 ... 448 480 .000 .000 .000 1.00 .000 .000 ... .000 .000 Size of the IP flow switching cache: IP Flow Switching Cache, 4194304 bytes Size of the sub flow cache: IP Sub Flow Cache, 524288 bytes Source interface, source IP address, destination interface, destination IP address, priority, source port, destination port, and packet count of the flow: SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Fa0/0 192.168.1.1 S0/0/0 172.17.8.2 01 0200 0050 128
Router#show logging
Displays logging settings on the device, as well as the number of messages logged.
Router#show ip flow export
Displays the NetFlow Collector host and also shows the source interface for NetFlow records.
Router#show ntp associations
Displays time synchronization statistics. One line is displayed for each NTP time provider the system has been configured to synchronize time with. On each line, the following information is displayed: NTP time provider address Delay Time offset Dispersion
Router#show ip flow interface
Displays which interface(s) NetFlow is enabled on and in which direction traffic is being monitored.
Device-Based SDN
Each network device is programmed by applications running on the device itself or on a networked server.
Severity Codes
Emergencies 0 System unstable Alerts 1 Immediate action needed Critical 2 Critical conditions Errors 3 Error conditions Warnings 4 Warning conditions Notifications 5 Normal but significant condition Informational 6 Informational messages only Debugging 7 Debugging messages
Router(config)#feature ntp
Enables NTP on the device.
Router(config-if)#ip flow {ingress | egress}
Enables NetFlow monitoring on the router interface: ingress configures ingress NetFlow accounting to monitor incoming packets on the interface. egress configures egress NetFlow accounting to monitor outgoing packets on the interface.
Router(config)#snmp-server enable traps [keyword] Router(config)#snmp-server enable traps cpu Router(config)#snmp-server enable traps config Router(config)#snmp-server enable traps snmp
Enables all Simple Network Management Protocol (SNMP) notification types that are available on the device.
Router(config)#logging on
Enables the message logging process.
Router(config)#ip flow-export version [number]
Formats records using the specified NetFlow version number. You can specify a version value of 1, 5, or 9.
Internet Key Exchange (IKE)
IKE negotiates the connection. As two end points are securing an IPsec network, they have to negotiate a Security Association (SA). An inbound and outbound SA is necessary for each connection with a remote endpoint. IKE uses the following functions: Internet Security Association Key Management Protocol (ISAKMP) establishes a framework for the negotiation. The Diffie-Hellman key exchange generates symmetric keys used for the encryption of the negotiation of the SA. The Diffie-Hellman key exchange: Provides for key distribution, but does not provide any cryptographic services. Is based on calculating discreet logarithms in a finite field. Is used in many algorithms and standards, such as DES. Is subject to man-in-the-middle attacks and requires strong authentication to validate the endpoints. Provides three key length configurations: DH-1 (768-bit key), DH-2 (1024-bit key), and DH-5 (1536-bit key).
IPsec Virtual Tunnel Interface
IPsec Virtual Tunnel Interface (VTI) simplifies the configuration process required to support multiple sites and remote access. IPsec VTI: Applies configurations to a virtual interface instead of a physical interface. Is capable of sending and receiving both IP unicast and multicast encrypted traffic. Can be configured between sites or in a hub-and-spoke topology.
Infrastructure as a Service(IaaS)
IaaS delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments. The client deploys and runs software without purchasing servers, data center space, or network equipment.
Facility
Identifies the facility that created the message, as in this example: %LINEPROTO
Severity level
Indicates the severity level of the message, as in this example: -5-
Timestamp
Indicates when the message was generated, as in this example: *Aug 8 11:18:12.081:
Service Provider Multi-Protocol Label Switching (MPLS) VPNs
Many VPN service providers utilize MPLS in their core networks. Traffic is forwarded through the MPLS backbone using labels. Traffic is secure because service provider customers cannot see each other's traffic. MPLS can provide clients with managed VPN solutions. Securing traffic between client sites is the responsibility of the service provider. There are two types of MPLS VPN solutions supported by service providers: Layer 3 MPLS VPN - the service provider participates in customer routing by establishing a peering between the customer's routers and the provider's routers. Layer 2 MPLS VPN - the service provider is not involved in the customer routing. Instead, the provider deploys a Virtual Private LAN Service (VPLS) to emulate an Ethernet multi-access LAN segment over the MPLS network. No routing is involved. The customer's routers effectively belong to the same multi-access network.
Private WAN connection
Most organizations will use their existing internet connection for external cloud services. However, some external cloud services consume very large amounts of bandwidth, and others require a minimum quality of service (e.g., a third-party VoIP service). To accommodate these types of services, many organizations purchase a private WAN connection. Private WAN connections: Create a high-speed, point-to-point connection between the private network and the cloud service. Reduce the risk of slow or intermittent connections. Often come with an SLA (service-level agreement) that specifies the expected quality of service.
Virtual VLANs
Most virtual switch implementations support VLANs. You can define VLANs within the virtual switch and associate specific hosts with a specific VLAN. However, because virtual hosts are not physically connected to the switch with cables, VLAN membership is defined within the configuration of each virtual machine.
Resource pooling
Multiple resources can be used by multiple users. These resources can be physical or virtual, but they need to be able to scale dynamically according to demand.
NTP stratum
NTP uses the concept of stratum. Observe the following: The higher the stratum number, the lower it is in the stratum hierarchy, and the less precedence it has in relation to other time providers with a lower number. Stratum 0 is the highest level in the hierarchy. Stratum 0 is the authoritative time device itself, such as a GPS time source or atomic clock. Stratum 1 is the server connected to the authoritative time device. Stratum 2 providers synchronize their time with stratum 1 providers. Stratum 3 providers synchronize their time with stratum 2 providers, and so on until the stratum level of 15 is reached (the maximum allowed).
NTP terminology
NTP uses the following terminology: Skew is the measurement of the difference (in hertz) between a clock's time and the official NTP time. Slam is the act of immediately correcting a clock's time. Slew is the act of gradually adjusting clock's time until it displays the correct time. Dispersion is the measurement of how scattered the time offsets (in seconds) are from a given time server. Drift measures how quickly the skew of a clock changes (in Hertz per second). Jitter is the small, rapid variations in a system clock.
Network baseline data
Network baseline data is used to establish normal network performance. Establishing a network performance baseline requires collecting performance data from the ports and devices that are essential to network operation. The steps to establish a baseline are: Determine the type of data that needs to be collected. This can include CPU utilization, bandwidth utilization, etc. Identify key devices and ports to monitor. Determine the time limit for the the baseline. This should typically be between two to four weeks
NTP host roles
Network hosts that are configured to use the NTP protocol to synchronize time function in the following roles: An NTP time provider provides time to clients. An NTP time client seeks time from a time provider. A host can be an NTP time provider and an NTP time client at the same time. It can receive time from one host while providing time to another host. An NTP client can be configured to synchronize time from any NTP time provider. Several NTP configurations are commonly used: All NTP clients on the network can be configured to synchronize time with a public NTP source on the internet. A master NTP time provider can be configured on one internal host that synchronizes time with a public time provider on the internet. This master NTP time provider becomes an internal authoritative time source. All other NTP clients on the network are configured to get time from this host. If the network is isolated from the internet, a master NTP time provider can be configured on one internal host to get time from its own internal clock, creating an internal authoritative time source. All other NTP clients are configured to get time from this host.
Platform as a Service(PaaS)
PaaS delivers everything a developer needs to build an application. The deployment comes without the cost and complexity of buying and managing the underlying hardware and software layers.
Message text
Provides a description of the event, as in this example: Line protocol on Interface FastEthernet0/0, changed state to down
Mnemonic
Provides a mnemonic to help the administrator quickly identify the nature of the message, as in this example: UPDOWN:
VRRPv3
Provides the capability to support IPv4 and IPv6 addresses. VRRPv3 works in multi-vendor environments and is more scalable than VRRPv2.
Classification system
QoS prioritizes traffic from different data streams by using one of two classification systems: Class of Service (COS) Individual frames are marked and classified at Layer 2. A priority value between 0 and 7 is assigned to the 3-bit COS field. Each priority value specifies a specific traffic type: 0 - Best effort (default) 1 - Background 2 - Excellent effort 3 - Critical applications 4 - Video (< 100ms latency) 5 - Voice (< 10ms latency) 6 - Internetwork control 7 - Network control Differentiated Services Code Point (DSCP) Classification occurs at Layer 3. Precedence values are inserted in the DiffServ field of an IP packet. Up to 64 different classifications are possible, but most networks use only the following classes: Default - best effort. Expedited Forwarding (EF) - low loss, low latency. Assured Forwarding (AF) - assured delivery under prescribed conditions. Class Selector - maintains backward compatibility with IP Precedence field.
Queue schedulers
Queue schedulers are used for congestion management and define how a device will work through its queue. Queue schedulers are special algorithms that determine which outgoing packets should receive priority and how the remaining packets in the queue should be handled. The following are the most commonly used queue schedulers: The Round Robin algorithm systematically rotates through each queue and processes and sends the next available packet. The Weighted Round Robin algorithm also rotates through each queue, but one queue is labeled as higher priority. When the scheduler gets to this queue, it sends out multiple packets instead of just one. The Class-Based Weighted Fair Queuing algorithm assigns each queue a minimum bandwidth percentage. This algorithm is not ideal for time-sensitive communications.
Measured service
Resources can be controlled and optimized automatically. This also means that information about server usage can be collected and analyzed.
Software as a Service(SaaS)
SaaS delivers software applications to the client either over the internet or on a local area network. SaaS can be: A simple multi-tenancy implementation in which customers have their own resources that are segregated from other customers. A fine grain multi-tenancy implementation in which resources are shared, but data is segregated from other customers.
Router(config)#clock timezone [zone] [offset]
Sets the time zone and offset for display purposes: zone is the name of the time zone (for example, PDT for Pacific Daylight Time). offset is the number of hours to be added to or subtracted from the system UTC time (such as -8 for PST).
Router(config)#clock summer-time [zone]
Sets the time zone to display during summer time (e.g., PDT for Pacific Daylight Time).
Policy-Based SDN
Similar to controller-based SDN, where a centralized controller has a view of all devices in the network. A policy-based SDN includes an additional Policy layer that operates at a higher level. It uses built-in applications that automate advanced configuration tasks via a guided workflow and user-friendly GUI. No programming skills are required.
ICMP Router Discovery Protocol (IRDP)
Specified in RFC 1256, IRDP is a legacy FHRP solution. IRDP allows IPv4 hosts to locate routers that provide IPv4 connectivity to other (non-local) IP networks.
Router(config)#logging host [address] Router(config)#logging host [hostname]
Specifies the host IP address or hostname of the syslog server that will receive the messages.
Router(config)#snmp-server source-interface traps [type] [number]
Specifies the interface from which a Simple Network Management Protocol (SNMP) trap originates the informs or traps.
Router(config)#ip flow-export source [type] [number]
Specifies the interface on the router to use as the source of the packets sent to the NetFlow connector. By default, NetFlow uses the IP address of the interface that packets are sent from as the source IP address for records.
Router(config)#logging trap [severity-level] Router(config)#logging trap [0-7]
Specifies the messages that will be redirected to the syslog server based on severity. Messages that are equal to or less than the specified level are logged. System logging message severity levels include the following: {Emergencies | 0} - System unusable {Alerts | 1} - Immediate action needed {Critical | 2} - Critical conditions {Errors | 3} - Error conditions {Warnings | 4} - Warning conditions {Notifications | 5} - Normal but significant conditions {Informational | 6} - Informational messages only {Debugging | 7} - Debugging messages
Router(config)#logging source-interface [type] [number]
Specifies the source IP address of system logging packets.
GLBP for IPv6
This is a Cisco-proprietary FHRP that provides the same functionality of GLBP, but in an IPv6 environment. GLBP for IPv6 provides automatic router backup for IPv6 hosts configured with a single default gateway on a LAN. Multiple first-hop routers on the LAN combine to offer a single virtual first-hop IPv6 router while sharing the IPv6 packet forwarding load.
Virtual Router Redundancy Protocol version 2 (VRRPv2)
This is a non-proprietary election protocol that dynamically assigns responsibility for one or more virtual routers to the VRRP routers on an IPv4 LAN. This allows several routers on a multiaccess link to use the same virtual IPv4 address. In a VRRP configuration, one router is elected as the virtual router master, with the other routers acting as backups in case the virtual router master fails.
On-demand self service
Users must be able to dynamically obtain resources
Controller-Based SDN
Uses a centralized controller. The applications on the controller can communicate with network devices and handle traffic flows.
GRE over IPsec (GRE)
eneric Routing Encapsulation is an unsecure site-to-site VPN tunneling protocol. A GRE tunnel: Can encapsulate various network layer protocols as well as multicast and broadcast traffic. Does not support encryption, but the GRE packet can be encapsulated into an IPsec packet to forward it securely to the destination VPN gateway. Can use a GRE standard IPsec VPN (non-GRE) to create secure tunnels for unicast traffic. Can encapsulate GRE into IPsec to allow multicast routing protocol updates to be secured through a VPN. The terms used to describe the encapsulation of GRE over IPsec tunnel are: Passenger protocol - this is the original packet that is to be encapsulated by GRE. It could be an IPv4 or IPv6 packet, a routing update, or another packet ype. Carrier protocol - GRE is the carrier protocol that encapsulates the original passenger packet. Transport protocol - This is the protocol that is used to forward the packet. This could be IPv4 or IPv6.
Minimum level of quality
ertain types of transmissions require a minimum level of quality to provide adequate communication services. Below are the minimum metric specifications required for both voice and real-time video communications as defined by Cisco: Video: Metric Description Bandwidth > 384 Kbps Delay < 400 ms Jitter < 50 ms Loss < .1%-1% VoIP: Metric Description Bandwidth N/A Delay < 150 ms Jitter < 30 ms Loss < 1%
Hybrid cloud
includes two or more private, public, or community clouds, but each cloud remains separate and is only linked by technology that enables data and application portability
Router(config)#snmp-server host [a.b.c.d] traps version [version#] [auth]
pecifies the recipient of a Simple Network Management Protocol (SNMP) notification operation: a.b.c.d is the IP address of the recipient. version# is the security model and can be 2 or 3. traps specifies that notifications should be sent as traps. This is the default. auth is the authentication of the packet, including: noauth - no authentication auth - authentication without encryption priv - authentication with encryption
Public cloud
promotes massive, global, and industrywide applications offered to the general public
Community cloud
serves a specific community with common business models, security requirements, and compliance considerations
Private cloud
serves only one customer or organization and can be located on the customer's premises or off the customer's premises
VPN
using the public internet to build a secure, private network connecting distant locations