Cisco 350-401 Practice Test - Questions Answers, Page 40

When should I use the master controller mode on a WLC? – When there is a master controller enabled, all newly added access points with no primary, secondary, or tertiary controllers assigned associate with the master controller on the same subnet.Reference: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan- controllers/69561-wlc-faq.html

Layer2 Flooding

Cisco SD-Access fabric provides many optimizations to improve unicast traffic flow, and to reduce the unnecessary flooding of data such as broadcasts. But, for some traffic and applications, it may be desirable to enable broadcast forwarding within the fabric.

By default, this is disabled in the Cisco SD-Access architecture. If broadcast, Link local multicast and Arp flooding is required, it must be specifically enabled on a per-subnet basis using Layer 2 flooding feature.

Layer 2 flooding can be used to forward broadcasts for certain traffic and application types which may require leveraging of Layer 2 connectivity, such as silent hosts, card readers, door locks, etc.

The established keyword is only applicable to TCP access list entries to match TCP segments that have the ACK and/or RST control bit set (regardless of the source and destination ports), which assumes that a TCP connection has already been established in one direction only. Let’s see an example below:

Suppose you only want to allow the hosts inside your company to telnet to an outside server but not vice versa, you can simply use an - ”established” access-list like this:

access-list 100 permit tcp any any established

access-list 101 permit tcp any any eq telnet

!

interface S0/0

ip access-group 100 in

ip access-group 101 out

Note: Suppose host A wants to start communicating with host B using TCP. Before they can send real data, a three-way handshake must be established first. Let‘s see how this process takes place:

1. First host A will send a SYN message (a TCP segment with SYN flag set to 1, SYN is short for

SYNchronize) to indicate it wants to setup a connection with host B. This message includes a sequence (SEQ) number for tracking purpose. This sequence number can be any 32-bit number

(range from 0 to 232) so we use -”x” to represent it.

2. After receiving SYN message from host A, host B replies with SYN-ACK message (some books may call it -SYN/ACK? or -SYN, ACK? message. ACK is short for ACKnowledge). This message includes a SYN sequence number and an ACK number:

+ SYN sequence number (let‘s called it “y”) is a random number and does not have any relationship with Host A‘s SYN SEQ number.

+ ACK number is the next number of Host A‘s SYN sequence number it received, so we represent it with “x+1". It means -I received your part. Now send me the next part (x + 1)”.

The SYN-ACK message indicates host B accepts to talk to host A (via ACK part). And ask if host A still wants to talk to it as well (via SYN part).

3. After Host A received the SYN-ACK message from host B, it sends an ACK message with ACK number “y+1” to host B. This confirms host A still wants to talk to host B.

A control plane node maintains a host tracking database (HTDB), and also uses Locator/ID Separation Protocol (LISP) to provide a map server, populating the HTDB from fabric edge registration messages; and a map resolver to respond to queries from edge devices requesting location information about destination nodes.