Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
15 Cards in this Set
- Front
- Back
|
You can see a listing of all the disabled logging messages with the following EXEC command:
|
You can see a listing of all the disabled logging messages with the following EXEC command:
Firewall# show logging message |
|
|
Choose this log severity if only firewall error conditions should be recorded and no one will regularly view the message logs
|
severity level 3 (errors).
|
|
|
needs question
|
If you are primarily interested in seeing how traffic is being filtered by the firewall access lists, choose severity level 4 (warnings).
|
|
|
needs question
|
If you need an audit trail of firewall users and their activity, choose severity level 5 (notifications).
|
|
|
needs question
|
If you will be using a firewall log analysis application, you should choose severity level 6 (informational). This is the only level that produces messages about connections that are created, as well as the time and data volume usage.
|
|
|
To change a message's severity level, use the following configuration command:
|
Firewall(config)# logging message message-number [level level]
|
|
|
By default, this logging message number is generated when a deny access list entry is matched with a traffic flow. Only the overall ACL is listed in the message, with no reference to the actual denying ACL entry,
|
By default, logging message 106023 (default severity level 4, warnings) is generated when a deny access list entry is matched with a traffic flow. Only the overall ACL is listed in the message, with no reference to the actual denying ACL entry,
|
|
|
This ASA command displays the contents of the translation slots.
|
The show xlate command displays the contents of the translation slots.
|
|
|
This command specifies that all routes that match the addresses in the access list is advertised with a user defined next hop.
|
The set ip next-hop command specifies that all routes that match the addresses in the access list is advertised with a user defined next hop.
|
|
|
Which happens first on a cisco router- regular routing or policy routing?
|
If you look at the Cisco IOS Order of Operations, Policy routing always happens BEFORE regular routing.
|
|
|
Where are policy/route maps applied on cisco devices
|
you need to apply this policy/route-map to the interface where the traffic is coming in.
|
|
|
Defines a route map to control where packets are output. This command puts the router into route-map configuration mode.
|
Router(config)# route-map map-tag [permit | deny] [sequence-number]
|
|
|
Router(config-route-map)# set ip next-hop
|
next-hop: Sets next hop to which to route the packet.
|
|
|
Identifies the route map to use for PBR. One interface can have only one route map tag; but you can have several route map entries, each with its own sequence number.
|
Router(config-if)# ip policy route-map map-tag
|
|
|
Route/Policy maps are applied in which cisco router submode
|
interface submode
Router(config-if)# ip policy route-map map-tag |
