The collection of SDN/ONC Ccie Security Version

1. Question: There are two ONC frames, one frame has one node and the other frame has two nodes. Can these three nodes be clustered?

 Answer: Yes. Nodes with different frames can be clustered to ensure connectivity.

2. Question: Can ONC interact with EG?

Answer: No. ONC devices support and switch linkage, and the switch must be SDN version.

3. Question: In the access control scheme, can we modify it halfway after setting the exemption time? Answer: It can't be modified halfway. If there is any change, it needs to be deleted and re-enabled without control.

4. Question: How long can the loop detection function of access control scheme be detected and restored? Answer: Loop port is detected within 20 seconds and send strategy. After looping is removed, the state of loop port is restored within seven minutes and ONC loop alarm is eliminated.

5.  Question: Does access control support loop detection? Do you need to purchase the authorization of loop detection function?

Answer: As a subsidiary function of SDN, loop detection can be used without authorization but it is not deployed separately. On the premise of deploying access control, ONC will open the loop detection function as soon as the whole network is built (requiring equipment support).

6.  Question:  Is old PCs especially dumb terminals, can't access wireless routers privately?

Answer: Take the initiative to Ping and start ARP response. Or add terminals manually (these dumb terminals do not send ARP messages or only once in a long time, such as a camera terminal of a manufacturer only sends ARP once in 20 minutes)

7. Question: After opening the control, prompt the answer of "failure of control opening"

Answer: Check the configuration of access device and port whether there is any configuration conflict with port security. If here is global MAC binding configuration of access terminal, static ARP binding configuration, mirror destination port, DHCP trust interface configuration of non-up interface, etc. If they are located, they need to be deleted.

8. Question: In the access control scheme, after the new terminal access, there cannot be a re-pending list (ip/vlan inconsistency in the subsequent pending list)? Answer: Check the consistency of terminal ip, access port VLAN and service network subnetwork segment on ONC.

9. Question: How to operate the access control core mode if it is necessary to cancel the control for a vlan? Answer: Cancel the "Control" button for a specific vlan and do not delete the business network. Because after the service network is opened, the SVI configuration will be sent down to the core gateway (the original SVI configuration on the device will be covered). If the service network is deleted, the corresponding core gateway device SVI will be deleted, resulting in network anomalies. If the control is closed, the device configuration will not be deleted.

10. Question: Is the effect of SC drainage and mirror implementation the same?

Answer: It's different. SC scheme can only drain well-known unicast IP message, not ARP message, broadcast message, unknown unicast message. The mirror replicates all data from the port to other ports.

PASSHOT will often update some network engineers in the work of the difficult problems. If you feel good, please collect our website! Here can help you CCIE Written exam and CCIE Lab exam.