click below
click below
Normal Size Small Size show me how
CCNP SWITCH
642-813
Question | Answer |
---|---|
What is the 802.1d STP Hello Time, for the ROOT bridge to send out configuration BPDUs? | Every 2 seconds. |
What is the default STP priority? | 32768 + VLAN ID |
What is the multicast destination MAC address of a BPDU? | 01-80-c2-00-00-00 |
What are the two types of BPDUs? | Topology Change Notification (TCN) Configuration |
What is the switch's STP BID made up of? | 2-byte priority + 6 byte MAC address. |
In STP. Which switch BID wins the ROOT Bridge election? | The lowest overall BID wins the election. |
What are the three tiers in the Enterprise Composite Network Model? | Access -> Distribution -> Core |
What are the 802.1d STP port states? | Disabled -> Blocking -> Listening -> Learning -> Forwarding |
What is the default VLAN that an interface belongs to on a switch? | VLAN 1 |
What are the default VLANs that are always present on a switch by default? | VLAN 1, VLAN 1002-1005 |
What four ways can you tell a switch is the STP ROOT Bridge when looking at show spanning-tree? | 1. Says "This bridge is the root" under Root ID 2. If the MAC address under Root ID and Bridge ID are the same, 3. All interfaces are Designated ports (no root ports). 4. All interfaces are in Forwarding mode. |
What are the 802.1w STP port states? | Discarding -> Learning -> Forwarding |
What command displays spanning-tree information? | show spanning-tree |
With 802.1d STP, what is the default Forwarding Delay for the listening and learning stages? | 15 Seconds |
What is the 802.1d STP MaxAge default value? | 20 Seconds |
Where do should the default 802.1d STP timers be changed? | The ROOT Bridge & Secondary ROOT Bridge |
How can you set a switch as the primary ROOT Bridge for a VLAN? | (config)#spanning-tree vlan XX root primary OR Manually set the priority to the lowest in contention. |
How can you set a switch as the secondary ROOT Bridge for a VLAN? | (config)#spanning-tree vlan XX root secondary |
When using the "spanning-tree vlan XX root primary" command, if the current ROOT Bridge priority is above this value, what does the switch set its priority too after you run this command? | 24576 |
When running "spanning-tree vlan XX root primary" if the current ROOT Bridge priority is less than 24576, what does the switch do to the priority? | Subtracts 4096 from the ROOT bridge priority. |
What triggers the sending of a TCN BPDU in 802.1d STP? | 1. A port goes into FORWARDING mode. 2. A port goes from FORWARDING or LEARNING mode into BLOCKING mode. |
What is the most common use of PortFast? | When a host/PC is connected to a switch port. |
What does VLAN stand for? | Virtual Local Area Network |
What does a static VLAN depend on? | The switch port the host is connected to. |
What does a dynamic VLAN depend on? | The hosts MAC address. |
What three methods exist for inter-vlan routing? | 1. Router on a stick 2. Layer 3 switch 3. Router |
What is a VTP dynamic desirable interface trying to do? | It is actively trying to become a TRUNK with the neighboring device of a link. Will become a TRUNK with the neighbor set to: 1. dynamic desirable 2. dynamic auto 3. trunk |
What is the VMPS? | VLAN Membership Policy Server. Used in the configuration of Dynamic VLANs |
What is a VTP dynamic auto interface trying to do? | Port is passively trying to become a TRUNK. Will be told to become a trunk, but will not actively try to be a trunk. Will become a trunk when the neighbor is set too: 1. dynamic desirable 2. trunk |
What are the two trunking encapsulation p2p protocols? | 1. Inter-Switch Link (ISL) 2. 802.1q (dot1q) |
What trunking encapsulation is the "native VLAN" associated with? | 802.1q |
How big is the ISL header and trailer? | 26-byte header / 4-byte trailer |
How big is the 802.1q tag inserted into the frame? | 4-bytes |
What IEEE standard extends the Maximum Frame Length to 1522-bytes? | 802.3ac |
What VTP restrictions are there, for DTP? | Both switches need to be in the same VTP DOMAIN in order for a TRUNK to form. (or not belong to any domain) |
What command is used to change the native-VLAN? | #switchport trunk native vlan 12 |
What's the default DTP Hello Time? | Every 30 seconds |
How do you disable DTP advertisements? | #switchport nonegotiate - under the interface configuration mode. NB: You need to set the interface mode to TRUNK unconditionally (switchport mode trunk) |
How do you explicitly disable trunking on a switch interface? | Run the command: #switchport mode access NB: would also be wise to add it to a black hole vlan if interface is not in use. |
How do you create a VLAN and give it a name in VLAN-config mode? | (config)#vlan XXX (config-vlan)#name vlanName |
What are the two methods of creating VLANs on "some" switches? | 1. VLAN-Config mode (recommended) 2. VLAN-Database mode |
What are the two types of VLAN distribution? | 1. End-to-End VLANs (80%/20%) 2. Local VLANs (20%/80%) |
How do you delete the contents of your NVRAM? | #write erase (follow with a reload) |
How do you delete the VLAN database? | #delete flash:vlan.dat |
What are the three VTP modes a switch can be in? | 1. Server 2. Client 3. Transparent |
What type of ports are VTP advertisements sent out of? | TRUNK ports. |
How do you reset the VTP Revision number to zero? | 1. Change the VTP Domain Name to a non-existent domain and back again. 2. Change the VTP mode to TRANSPARENT and back again. |
How often are VTP Summary Advertisements sent? | Every 5 minutes or on a VLAN database change. |
When are VTP Subset Advertisements sent? | Sent by VTP servers on a VLAN configuration change. |
When are VTP Client Advertisement Requests sent? | When the local VLAN database has been corrupted or deleted. |
What command removes extraneous VLAN broadcasts & multicasts from traversing a TRUNK link? | (config)#vtp pruning |
Which VTP version supports Token Ring? | VTP Version 2 |
With regards to VTP Transparent mode, what are the differences between VTP version 1 and 2? | In VTP version 2, the transparent mode switch will forward on VTP advertisements, but not action them locally. |
How do you enable PortFast by default on all switch interfaces? | (config)#spanning-tree portfast default |
How do you enable PortFast on a switch interface? | (config-if)#spanning-tree portfast |
What is UplinkFast? | Reduces the time from BLOCKING -> FORWARDING for STP blocked links that are now coming online. |
How do you enable UplinkFast? | (config)#spanning-tree uplinkfast |
Where should UplinkFast be enabled? | On the access switches only, not the core or distribution. |
What is BackboneFast? | Helps prevent indirect link failures. |
What process uses Root Link Query (RLQ) requests? | BackboneFast |
How do you enable BackboneFast? | (config)#spanning-tree backbonefast |
What is RootGuard? | Disables an interface if a lower BPDU is received on that interface. (Used on ROOT switches) |
How do you enable RootGuard on a switch interface? | (config-if)#spanning-tree guard root |
What is an inconsistent port? | A port where RootGuard is enabled, and another switch tried to become the root on that interface. |
How do you see the inconsistent ports? | #show spanning-tree inconsistentports |
What is BPDU Guard? | Shuts the interface (err-disabled) if the interface receives a BPDU from the device connected. |
How do you enable BPDU Guard? | (config-if)#spanning-tree bpduguard enable |
What does UDLD stand for? | Unidirectional Link Detection |
What are the two UDLD modes? | 1. Normal mode - alerts syslog. 2. Aggressive - shuts down the interface after 8 response failures. |
How do you enable UDLD? | (config)#udld enable (on both sides) or (config)#udld aggressive (on both sides) |
What is a duplex mismatch? | When one side is full-duplex and the other side is half-duplex. |
What is LoopGuard? | Helps detect a lack of BPDUs and thus stops a switching loop from occurring. |
How do you enable LoopGuard? | (config-if)#spanning-tree guard loop OR (config)#spanning-tree loopguard default |
What is a BPDU SKEW? | When the latency of a BPDU messages starts to suffer. 1/2 the MaxAge value.(the time between when the BPDU should have arrived and when it actually arrived) |
What is 802.1w? | Rapid Spanning Tree Protocol |
What is an edge port? | A port on the edge of the network, typically connected to a single host like a users PC. |
When does 802.1w RSTP consider a topology change? | When a port moves into a FORWARDING state, and is NOT an edge port. |
What is 802.1s? | Multiple Spanning Tree |
What is Multiple Spanning Tree (MST) | Allows multiple VLANs to be mapped to a single instance of STP |
What is Etherchannel? | Etherchannel is a logical bundling/aggregation of 2-8 parallel ethernet trunks. |
What are the two protocols used to negotiate a Enterchannel? | 1. PAgP 2. LACP |
What is the main difference between PAgP and LACP? | PAgP is Cisco proprietary and LACP is an industry standard. |
What is 802.3ad? | LACP Etherchannel Aggregation Protocol |
What are the two PAgP modes? | 1. Dynamic 2. Auto |
What are the two LACP modes? | 1. Active 2. Passive |
How do you enable an Etherchannel group unconditionally? | (config-if)#channel-group 1 mode on |
What type of SPAN ports can an Etherchannel port-channel be a member of? | A source SPAN port, but NOT a destination SPAN port. |
What is a FLEX link? | Used when STP is not available. Allows a Active/Inactive pair, whereby the inactive port comes online if the active port goes down. |
When setting the "enable password" and "enable secret" commands, which password takes precedence? | enable secret <pass> NB: Enable secret has MD5 encryption. |
How do you set a password on your Telnet connections? | (config)#line vty 0 15 (config-line)#password cisco (config-line)#login |
How do you encrypt the passwords in the running config? | (config)#service password-encryption |
What value does Port Security use to determine if a host is allowed to forward frames on that interface? | The source MAC address. |
How do you enable Port Security on an interface? | (config-if)#switchport mode access (config-if)#switchport port-security |
What mode does an interface need to be in for Port Security to be enabled? | Access port |
What are the three violation modes for Port Security? | 1. Protect - drops the packet 2. Restrict - drops the packet / issues snmp trap 3. Shutdown - shuts the port down / issues snmp trap |
What is the Maximum Secure Addresses number by default? | 1 |
What is the Cisco proprietary protocol used in VoIP communication with the call manager? | Skinny |
What is the protocol for delivering audio and video over an IP network? | Real-time Transport Protocol (RTP) |
What types of ports can NOT be configured with port-security? | 1. TRUNK ports 2. Ports within an Etherchannel 3. Destination SPAN ports 4. 802.1x ports |
How do you use auto qos to set an interface quality of service as one that is connected to a cisco phone? | (config-if)#auto qos voip cisco-phone |
How do you manually set a switch port as a VoIP interface connected to a cisco phone? | (config-if)#mls qos trust cos (config-if)#mls qos trust device cisco-phone (config-if)#switchport voice vlan 100 |
What devices need to be configured in order to use dot1x? | 1. The host 2. The switch |
What is a dot1x supplicant? | The supplicant is the host involved in 802.1x authentication. |
What is a dot1x authenticator? | The authenticator is the switch involved in 802.1x authentication. |
How do you enable AAA? | (config)#aaa new-model |
How do you enable 802.1x authentication? | (config)#dot1x system-auth-control then under the interface.. (config-if)#dot1x port-control auto |
What is DHCP Spoofing? | Where a hacker issues a DHCP response to a genuine request, and the client now forwards its traffic to the hacker. |
What is DHCP Snooping? | DHCP Snooping is where the switch acts like a firewall, where you as an admin set interfaces as DHCP trusted or untrusted interfaces. |
How do you enable DHCP Snooping and trust an interface? | (config)#ip dhcp snooping then under the interface.. (config-if)#ip dhcp snooping trust ? |
What is IP Source Guard? | Prevents a host on the network, from using another hosts IP address. |
What are the three VLAN types in Private VLANs? | 1. Promiscuous 2. Isolated 3. Community |
What do you need to do with VTP in order to use PVLANs? | Put the switch into VTP Transparent mode. |
Describe a MAC Address Flooding attack. | When a user sends many many packets into a switch port, with different source MAC addresses, filling the CAM table of the switch and causing it to go into a bridge mode. |
What is Switch Spoofing? | A rogue host sends DTP frames to establish a trunk with an ill-configured interface. |
How do you enable/disable CDP globally? | (config)#cdp run (config)#no cdp run |
How do you enable/disable CDP on a local interface? | (config-if)#cdp enable (config-if)#no cdp enable |
What are the two basic problems with CDP? | 1. Sends a lot of info in plain text 2. No authentication |
How do you enable SSH (only) on a switch? | (config)#line vty 0 15 (config-line)#login local (config-line)#transport input ssh (config)#username user1 secret cisco (config)#ip domain-name keirwhitlock.co.uk (config)#crypto key generate rsa |
How to restrict access to the vty ports to an admin IP? | (config)#ip access-list standard ALLOW_ADMINS_ONLY (config-std-nacl)#permit host 192.168.0.100 (config-std-nacl)#deny any (config-std-nacl)#exit (config)#line 0 15 (config-line)#access-class ALLOW_ADMINS_ONLY in (config-line)#end |
How to you enter a MOTD banner? | (config)#banner motd $ mybanner $ |
What is a Multilayer Switch? | A device that switch and route packets in the switch hardware itself. |
What is contained in the adjacency table? | The adjacency table maintains layer 2 or switching information linked to a particular FIB entry. |
What is contained in the FIB table? | The next-hop address for a particular IP-route. |
What types of packets can NOT be routing using IP CEF? | 1. Packets with IP header options 2. Packets that need to be fragmented 3. Packets that require NAT 4. Packets with an invalid encapsulation type |
What does AVG stand for? | Active Virtual Gateway |
What does AVF stand for? | Active Virtual Forwarder |
On a layer 3 switch, how do you change an interface from layer 2 to layer 3? | (config-inf)#no switchport |
How do you show HSRP information? | #show standby |
What is this MAC address 00-00-0c-07-ac-XX and what does XX represent? | This MAC address is the HSRP virtual MAC address and XX is the standby group number. |
How do you set the priority of an HSRP enabled interface? | (config-if)#standby 5 priority 150 |
How do you setup an HSRP interface? (example) | interface FastEthernet0/47 no switchport ip address 10.10.110.2 255.255.255.0 standby 2 ip 10.10.110.1 standby 2 priority 150 standby 2 preempt delay reload 500 end |
What is a "Probe Request"? | This is what a wifi client sends to find available access points |
With wireless, what happens to the data rate as you increase the range from access point and client? | The data rate reduces |
What does WPA stand for? | WiFi Protected Access |
What does WEP stand for? | Wired Equivalent Privacy |
What are the three main types of WiFi antennas? | 1. Omnidirectional 2. Directional £. Yagi Antenna |
What does CSMA/CA stand for and where is it used? | Carrier Sense Multiple Access with Collision Avoidance. WiFi communications. |
What does the LWAPP acronym stand for? | Lightweight Access Point Protocol |
What is the main differences between Lightweight Access Points (LWP) and Autonomous Access Points? | 1. Autonomous Access points can function independently where are Lightweight Access Points require a WLC. 2. |
Which access points utilize a Wireless Lan Controllers (WLC)? | Lightweight Access Points |