| A1:
| Answer: The PIX Firewall supports 802.1Q tagging. |
| A2:
| Answer: You use the interface command to define one or more logical interfaces on a single physical interface. |
| A3:
| Answer: For each logical interface, you need to define an interface name, a VLAN id, a security level, and an IP address. |
| A4:
| Answer: The route command enables you to define static routes on the PIX Firewall. |
| A5:
| Answer: The default route is a static route that is used when no other route matches the specified destination address. When configuring the default route, you use 0.0.0.0 for both the destination IP address and the network mask. |
| A6:
| Answer: The PIX Firewall provides functionality for both RIP and OSPF. |
| A7:
| Answer: The PIX Firewall only passively listens to RIP routing updates. It cannot propagate this information to other devices. It can, however, advertise a default route for one of its interfaces. |
| A8:
| Answer: OSPF routes are advertised to all the interfaces configured for OSPF. This can send information about private networks to public interfaces. Therefore, you can filter Type 3 LSAs to prevent the public interfaces from receiving information on private networks. |
| A9:
| Answer: The prefix-list command defines which advertisements are permitted and which advertisements are not permitted (denied). The area command then applies this prefix list to a specific OSPF area. |
| A10:
| Answer: To set up OSPF, you must first enable OSPF. Next, you define the PIX Firewall interfaces that will run OSPF. Finally, you define the OSPF areas. Optionally, you may need to configure LSA filtering to protect private addresses. |
| A11:
| Answer: The PIX Firewall cannot operate as a fully functional multicast router, but it can operate as a Stub Multicast Router (SMR), in which case it proxies all IGMP requests to the actual multicast router. |
| A12:
| Answer: To statically configure the PIX Firewall to join a multicast group, you use the igmp join-group command that is available as a subcommand to the multicast interface command. |
| A13:
| Answer: Multicast traffic uses Class D addresses in the range of 224.0.0.0 through 239.255.255.255. |
| A14:
| Answer: When the multicast traffic is coming from a protected network behind the PIX Firewall, you need to use the mroute command to statically configure routes for the multicast traffic to the next hop. |
| A15:
| Answer: To view the multicast configuration on the PIX Firewall, you can use the show multicast command to display multicast settings for one or more interfaces. The show igmp command displays information about one or more IGMP groups, and the show mroute command shows the current multicast routes. |
| A16:
| Answer: The show route command enables you to view the routes currently being used by the PIX Firewall. |
| A17:
| Answer: The redistribute ospf command enables you to pass OSPF routes between multiple OSPF processes on your PIX Firewall. |
| A18:
| Answer: When you are using your PIX Firewall as an ASBR OSPF router using multiple interfaces, you need to use two OSPF processes if you want to perform address filtering. |