Monday, 6 November 2017

Cisco Patches DoS Flaw In BGP Over Ethernet VPN Implementation


Cisco has stated that changes to its implementation of the Border Gateway Protocol (BGP) in an Ethernet VPN have created a vulnerability in its IOE XE software.

The network giant has released software updates for IOS XE that solve the problem, which could be exploited remotely without authentication, and cause a blockage or corruption of the BGP routing table, which would lead to network instability.


The flaw, CVE-2017-12319, is related to a change in the implementation of RFC 7432, which is the MPLS Ethernet VPN BGP. The change in implementation, Cisco said, occurred between the IOS XE versions. IOS XE is a proprietary operating system from Cisco that automates network operations and manages wired and wireless networks. Cisco has stated that all versions of IOS XE prior to 16.3 that support Ethernet VPN configurations in BGP are vulnerable. All devices not configured for Ethernet VPN are not vulnerable, Cisco said.


"When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC / IP Advertisement package is received, it is possible that the length field of the IP address is not calculated correctly," Cisco said in a statement released on Friday. An attacker could exploit this vulnerability by sending a specially crafted BGP packet to an affected device after the BGP session has been established. An exploit could allow the attacker to cause the BGP routing table to be reloaded or corrupted by the affected device; one or the other would result in a DoS. "


Cisco stated that, since its BGP implementation only accepted packets of defined peers, attackers had to send malicious TCP packets and make them look like a trusted BGP pair. An attacker could also inject malicious messages into the victim's BGP network, Cisco said.


"This would require obtaining information about BGP peers in the trusted network of the affected system," Cisco said. "The vulnerability can be triggered when the router receives a BGP message from a peer in an existing BGP session, and at least one BGP Neighborhood session must be established for a router to be vulnerable."

Monday, 11 September 2017

Cisco 640-911 Question Answer

Which three statements are true concerning RFC 1918 IP addresses? (Choose three.)

A. They are globally routable.
B. They are not globally routable.
C. They must not be filtered at Internet border interfaces.
D. They should be filtered at Internet border interfaces.
E. They include 10.0.0.0/8, 172.16.0.0/16, and 192.168.1.0/24.
F. They include 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.

Answer: BDF


Which two statements describe the purpose of RFC 1918? (Choose two.)

A. Establish a range of IP addresses that are dedicated to the growing use of multicast video.
B. Establish a range of IP addresses that are dedicated to the growing use of peer-to-peer file-sharing applications.
C. Establish a range of IP addresses that are dedicated to use on internal networks.
D. Establish a range of IP addresses to address the shrinking pool of globally routable addresses.
E. Delay the transition to IPv6.

Answer: CD

Tuesday, 18 April 2017

Cisco 640-911 Question Answer

Which command displays the Trunking Native Mode VLAN on port Ethernet 1/18?

A. show running-config switchport e1/18
B. show running-config e1/18 switchport
C. show interface e1/18
D. show interface e1/18 switchport
E. show interface e1/18 native

Answer: D


Which VTP mode disallows the creation of local VLANs?


A. transparent
B. tunneling
C. server
D. client
E. off
F. native

Answer: D

Wednesday, 31 August 2016

Pass4sure 640-911 Question Answer

Which four statements indicate unique properties of VLAN 1 on Cisco Nexus switches? (Choose four.)

A. VLAN 1 is used to flood multicast traffic.
B. VLAN 1 cannot be deleted.
C. VLAN 1 is used for Cisco Discovery Protocol.
D. VLAN 1 is used for VTP advertisements.
E. VLAN 1 defines a collision domain.
F. VLAN 1 defines a broadcast domain.

Answer: BCDF


   640-911 BrainDumps      Exam 700-001 Dumps      Cisco Exams BrainDumps

Monday, 11 July 2016

Opengear Introduces the Remote Site Gateway at Cisco Live, Cisco's Annual IT and Communications Conference




LAS VEGAS, NV--(Marketwired - Jul 11, 2016) - Opengear (http://www.opengear.com), a leading provider of critical infrastructure management solutions through advanced console servers, remote management, monitoring, and cellular out-of-band products, is again participating at Cisco Live  -- Cisco's annual IT and communications conference -- to unveil and demonstrate its latest solutions for highly resilient remote network management.


Opengear's award-winning products feature Smart OOB™, the company's out-of-band solution for achieving always-available secure management and control of Cisco devices -- even when primary network connectivity is unavailable. Organizations that depend on the uninterrupted availability of Cisco equipment to maintain essential business continuity rely on Opengear's solutions to safeguard network uptime through intelligent management and monitoring designed specifically for Cisco routers, switches, and security appliances.

Opengear comes to Cisco Live eager to debut its Remote Site Gateway. The newest addition to the product suite offers secure remote monitoring, access, and control over distributed networks and remote sites. The Remote Site Gateway comes ready to be paired with any existing connections and installations, making it easy to add Smart OOB management without needing to replace existing equipment. Created with rapid issue resolution and the avoidance of costly on-site technical visits in mind, the Remote Site Gateway provides true out-of-band management of critical assets, proactive monitoring of network equipment, and intelligently automated response capabilities.

Also showcased will be a key extension to the IM7200 Infrastructure Manager product line. Built for managing critical IT infrastructure, the IM7200 includes Opengear's embedded Smart OOB and key features such as environmental monitoring, audit trail logging, Zero Touch Provisioning, and enterprise grade security. New at Cisco Live will be the IM7216-2-24U, an addition to the IM7200 line that provides USB console connectivity in place of traditional RS232 serial console ports. It features 24x USB2.0 ports designed for managing console data and also has two USB3.0 host ports (like all IM7200 Infrastructure Managers) for interfacing with USB memory sticks and other devices. Uninterrupted network connectivity is provided via Opengear's Failover to Cellular™ technology, featuring IP Passthrough. Out-of-band access to remote sites is available over high-speed cellular 4G LTE, 3G, or PSTN.

Opengear recognized the need to support a USB console option and was the first in the industry to introduce USB console support (announcing support for Cisco USB console ports on all USB-equipped products during Cisco Live 2012). It now offers a variety of solutions for console management, with the flexibility to mix RS-232 and USB consoles. Anticipating increasing USB adoption by device manufacturers and seeking to future-proof console management, Opengear has extended USB capabilities to its IM7200 and CM7100 data center models in addition to all Resilience Gateway remote site managers. Each Opengear product now features two USB2.0 host ports (the newer Resilience Gateway and Remote Site Gateway ACM7000 models have four). Opengear believes USB will prove especially valuable in environments with a mix of data center and consumer-grade equipment (such as branch offices), within locations where flexibility is particularly important (such as R&D labs), and in data center environments where USB-only devices are common (or where USB capabilities make it a better choice than RS-232).

Opengear foresees that the IM7216-2-24U will offer better flexibility to network and system admins by being compatible with a broader range of current and future vendor equipment. The IM7216-2-24U's advantages include easy plug-and-play deployment, avoiding issues with pin-outs and cables or wiring. The infrastructure manager features strong GUI support for USB deployment at remote sites, power support for devices, and USB data transfer speeds faster than serial ports.

"Opengear is excited to once again be part of Cisco Live, and to exhibit and demonstrate our new solutions to customers," said Gary Marks, President, Opengear. "We're proud to display the deep capabilities of our new Remote Site Gateway and the expanded IM7200 line, our popular workhorse with added USB console connectivity and support. Both products have been designed to deliver Cisco compatibility and cater to the needs of customers operating environments based on Cisco networking equipment. With Opengear's solutions, even critical infrastructure at sites half a world away is functionally close at hand -- and remains so even when networks go down."

About Opengear

Founded in 2004, Opengear delivers next generation intelligent solutions for managing critical IT and communications infrastructure. Opengear's solutions, featuring embedded Smart OOB™ technology, equip our customers' networks with intelligent automation and bulletproof resilience, enabling them to optimize technical operations and secure business continuity. The company is headquartered in New Jersey, with a manufacturing facility in Utah, R&D operations in Australia and sales offices in Europe, Asia and the USA.

Wednesday, 8 June 2016

Pass4sure 640-911 Question Answer

Which statement describes the purpose of the MAC address forwarding table of a switch?

A. The switch consults the forwarding table to determine the best route to a destination.
B. The switch consults the forwarding table to determine the output port.
C. The switch consults the forwarding table to determine if the packet is routable.
D. The switch consults the forwarding table to determine if access control permits the packet.

Answer: B

What are two attributes of a VLAN? (Choose two.)

A. A VLAN defines a collision domain.
B. A VLAN defines a broadcast domain.
C. Broadcasts are flooded to all VLANs.
D. Collisions are flooded to all VLANs.
E. A Layer 3 device is required to route packets between VLANs.
F. A Layer 2 device is required to route packets between VLANs.

 Answer: BE

Sunday, 8 May 2016

Pass4sure 640-911 Question Answer

What action does a switch take if the destination MAC address is unknown?

A. Discard frame
B. Send ICMP unreachable message to source
C. Flood packet on all ports
D. Compare destination IP address against an ACL to determine if it is permitted
E. Send gratuitous ARP on all ports and wait for reply before forwarding

Answer: C