Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
206 Cards in this Set
- Front
- Back
|
What are some benefits of End-to-End VLANs?
|
1. Users can become members of a VLAN regardless of their physical location
2. VLANs can be based on organizational function (e.g: department) |
|
|
What are some benefits of segmenting a network with VLANs?
|
Confines broadcast traffic within a subnet.
Separate Voice and Data traffic |
|
|
How many VLANs are supported on the Cisco Catalyst 2950 and 2955?
|
VLANs supported with the Standard Software Image: 64
VLANs supported with the Enhanced Software Image: 250 |
|
|
How many VLANs are supported on the Cisco Catalyst 2960?
|
255
|
|
|
How many VLANs are supported on the Cisco Catalyst 2970, 3550, 3560, and 3750 Switches?
|
1005. ID ranges from 1-4094
|
|
|
How many VLANs are supported on the Cisco Catalyst 2848G, 2980G, 4000, 4500, and 6500 Switches?
|
4094 VLANs. ID ranges from 1-4094
|
|
|
What are the reserved VLAN ranges for Catalyst switches?
|
0, 4095,1006-1024: For system use only. These VLANs are not visible.
|
|
|
What VLAN range is used for FDDI and Token Ring networks?
|
1002-1005
|
|
|
What VLAN ID range is acceptable for creating, using, or deleting VLANs?
|
2-1001
|
|
|
What is the Extended VLAN ID range and what versions of VTP is not supported by it?
|
1025-4094. VTP versions 1 and 2 do not support this VLAN ID range, VTP version 3 does.
Switches using VTP v1 or v2 should be configured to use VTP Transparent mode. |
|
|
What are some advantages IEEE 802.1Q has over Cisco Proprietary ISL??
|
1) Less frame overhead than ISL. ISL frames are 30 bytes; 802.1Q frames are 4 bytes.
2) 802.1Q is an industry standard while ISL is only supported by Cisco devices. 3) 802.1Q has support for 802.1p used by QoS. 4) Support for Native VLAN |
|
|
When a port is set to this DTP trunking mode, it waits for the other end to initiate the protocol negotiation to form a trunk. A trunk will also form if the other end is statically set to trunk.
|
Dynamic Auto
|
|
|
When a port is set to this DTP trunking mode, it initiates the protocol negotiate and will form a trunk if the other end is set to auto or is statically configured to trunk
|
Dynamic Desirable
|
|
|
What is the default trunk mode set for all interfaces on a Catalyst Switch?
|
Dynamic Desirable
|
|
|
What command will permanently configure a port to be a trunk interface and will not change unless the administrator manually changes the mode?
|
switchport mode trunk
|
|
|
What mode should you configure an interface to be in when it connects to a workstation or device other than a neighbor switch?
|
Access. Configured with the switchport mode access command.
|
|
|
What VTP modes are available on Cisco Catalyst Switches?
|
1. Client
2. Server 3. Transparent |
|
|
What is the default VTP mode for a switch?
|
Server
|
|
|
What VTP server mode allows you to create, modify, and delete VLANs and actively participates in the VTP domain by forwarding advertisements and synchronizing its VLAN database?
|
VTP Server Mode
|
|
|
What VTP mode on a switch prevents you from creating, modifying, or deleting VLANs but allows the switch to actively participates in the VTP domain by forwarding advertisements and synchronizing its VLAN database?
|
VTP Client Mode
|
|
|
What VTP mode on a switch allows you to create, modify, and delete VLANs, locally only , forwards advertisements but does not synchronize its database based on the advertisements or participate in the VTP domain?
|
VTP Transparent Mode
|
|
|
When a Cisco switch is directly connected to another Cisco switch before the port is put into forwarding mode the port is placed into this state
|
Blocking Mode (BLK)
|
|
|
TRUE or FALSE: When a switchport is in blocking mode, the port can send and received BPDUs.
|
False. Ports in blocking mode can only receive BPDUs. they are not ready to forward BPDUs nor send or receive data frames yet.
|
|
|
When a port is ready to both transmit and receive BPDUs but not handle data frames it is in what state?
|
Listening Mode (LIS)
|
|
|
This timer is the combination of a port transitioning from listening mode to learning mode
|
Forward Delay. The combination of the ports listening state (15 secs) to learning mode (15 secs). Defaul is 30 secs
|
|
|
When a port can handle BPDUs in both directions, receive data frames, and begin populating the CAM table in the switch, the port is in what mode?
|
Learning Mode (LRN)
|
|
|
When a switchport can handle BPDUs and send and receive frames with data, the port is in this state.
|
Forwarding Mode (FWD). This is the last state a switchport transitions to.
|
|
|
When a switch duplicates and floods an incoming frame in hopes to find the MAC Address for the intended recipient, what type of frame is this called?
|
Unknown Unicast. The switch floods the receive frame out all of its switchport except the port which the frame was received on.
|
|
|
What is the default Hello Timer for BPDUs?
|
2 seconds.
|
|
|
in a Spanning-Tree topology, Cisco switches transmit BPDUs to this multicast layer 2 address
|
01-80-C2-00-00-00. BPDUs are transmitted every 2 seconds to this address.
|
|
|
How many BPDU frame types are there in STP and what are they?
|
Two:
1) Configuration BPDU. Transmitted by the Root Bridge 2) Topology Change Notification (TCN). Transmitted by non-root bridges |
|
|
What BPDU type is transmitted by the Root Bridge to the rest of the Spanning Tree topology when a change to the topology occurs?
|
Configuration BPDU
|
|
|
Every switch participating in a Spanning Tree topology has a Bridge ID. What two values make up the Bridge ID?
|
Priority value and the lowest active MAC Address on the switch. e.g: 32768:11-22-33-44-55-66,
|
|
|
When the Spanning Tree priority value is not modified on a Cisco switch, what is the priority set to by default?
|
32768 or 32769 if using extended system ID
|
|
|
There are three ways that a switch can be elected as the Root Bridge for a topology. What are they?
|
1. The switches priority value is lower than the rest in the topology
2. The switch has the lowest active MAC Address compared to the rest 3. An administrator explicitly set the switch to be the root via the "spanning-tree vlan X root command" |
|
|
What are a few ways you can identify if you are consoled into the root bridge through the CLI using the "show spanning-tree" command?
|
1. The message "This bridge is the root" is displayed in the output
2. Both the Root ID and Bridge ID are the same 3. All the switch ports listed are in Forwarding mode (FWD) 4. The ports all have the Designated role (Desg) |
|
|
The port on a non-root switch that has the lowest cumulative path cost to the root, via a direct connection or indirectly through neighbor switches, is called what?
|
The Root Port. Every non-root switch elects one of its designated ports to be the Root Port that has the lowest Root Path Cost to the Root Bridge.
|
|
|
What value is advertised by other switches in the topology and is the sum of all the path costs from it to the root? this value is also advertised from the root with the value 0
|
Root Path Cost
|
|
|
This is a value locally assigned to each port on a switch and is determined based on the ports speed.
|
Path Cost
|
|
|
How is a switchport elected as the root port on non-root bridges?
|
1. The port that receives the superior BPDU (BPDU with the lowest Bridge ID)
2. Port with the lowest Root Path Cost 3. Port with lowest sender BID 4. Port with the lowest ID |
|
|
Switchports that are in forwarding mode have this role (HINT: not Root Port)
|
Designated Port (Desg)
|
|
|
A port that has been put into Blocking mode because the Spanning Tree algoirthm detects that port may cause a switching loop if in forwarding mode has what role?
|
Nondesignated
|
|
|
This protocol developed by Cisco uses various methods to negotiate a trunk link between two directly connected switches
|
Dynamic Trunking Protocol (DTP)
|
|
|
What Cisco switches are not enabled to use DTP?
|
Cisco 2900XL and Cisco 3500XL
|
|
|
What are the five different trunk modes for a switchport?
|
Access
Trunk (unconditionally) Dynamic Desirable Dynamic Auto Nonegotiate (turns off DTP) |
|
|
What switchport mode is ideal for workstations, servers, and other non-switching devices?
|
Access Mode. enabled via the "switchport mode access" command
|
|
|
Switch A and Switch B are directly connected through a crossover cable. Switch A has the port that terminates the crossover cable configured for dynamic auto mode. What two modes should Switch Bs port be configured to use in order for a trunk to be established?
|
1. Trunk Mode
2. Dynamic Desirable |
|
|
TRUE or FALSE:
If both ends of a trunk link between two switches are configured as Dynamic Auto, a trunk link will form. |
FALSE. Two directly connected ports configured for dynamic auto will NEVER form a trunk as both ends are waiting for the other end to negotiate a trunk link.
|
|
|
What is the default switchport mode for all ports that use Cisco IOS and support DTP?
|
Dynamic Desirable
|
|
|
Switch A and Switch B are directly connected through a crossover cable. Switch A has the port that terminates the crossover cable configured for dynamic desirable mode. What three modes should Switch Bs port be configured to use in order for a trunk to be established?
|
1. Dynamic Desirable
2. Trunk Mode 3. Dynamic Auto |
|
|
This switchport mode waits for the remote port to initiate the trunk negotiation
|
Dynamic Auto
|
|
|
This switchport mode initiates the negotiation of a trunk link between two switches
|
Dynamic Desirable
|
|
|
What mode on a switchport forces the interface to be configured to trunk and does not send DTP frames for negotiation to the remote switch?
|
Nonegotiate
|
|
|
By default, Cisco switches use Inter-Switch Linking (ISL) as the trunking protocol between two switches. What command will change the protocol to IEEE standard 802.1Q?
|
(config-if)# switchport trunk encapsulation dot1q
|
|
|
TRUE or FALSE:
By default, when a trunk link is configured it allows all VLANs across it. |
TRUE
|
|
|
What command will allow vlans 10-20, 40-50, 60, 64, 68 and deny all other VLANs from crossing a trunk link?
|
(config-if)# switchport trunk allowed vlan 10-20, 40-50, 64, 68
|
|
|
If you already configured a trunk to carry VLANs 10-20, 40-50, 60, 64, and 68 but then wanted to also include VLAN 62, what command would you type?
|
(config-if)# switchport trunk allowed vlan add 62
You can verify this by then looking at the running configuration on the port. |
|
|
If you want to change configuration for ports FastEthernet 0/0 through FastEthernet 0/10, FastEthernet Fa0/23 and FastEthernet 0/24, what command would allow you to do this in the least amount of typing?
|
(config)# interface range fa0/0-10, fa0/22, fa0/24
|
|
|
If you have a Native VLAN mismatch between your switches, what command can you use to change the Native VLAN of a trunk?
|
(config-if)# switchport trunk native vlan X
|
|
|
What commands can you use to view the status and configuration of trunk ports?
|
1. show interfaces trunk
2. show interface <name> 3. trunk 4. show interface <name> switchport 5. show running-config interface <name> |
|
|
What should you check if you have configured a trunk link but the trunk is not showing up or able to communicate with the other switch?
|
1. Verify port modes on both switches are compatible with each other (e.g: desirable/desirable, auto/desirable, etc)
2. Encapsulation matches 3. Native VLANs match 4. Both switches belong to same VTP domain (when VTP enabled) |
|
|
What command can an administrator use to force the root bridge election to be in favor of a specific switch and not rely on lowest MAC Address or priority?
|
1. (config)# spanning-tree vlan X root <primary or secondary>
2. (config)# spanning-tree vlan X priority <value> |
|
|
If the speed of a port is set to 100Mbps, what will the cost of the port be?
|
19
|
|
|
If the speed of a port is set to 10Mbps, what will the cost of the port be?
|
100
|
|
|
If the speed of a port is set to 1Gbps, what will the cost of the port be?
|
4
|
|
|
If the speed of a port is set to 10Gbps, what will the cost of the port be?
|
1
|
|
|
What command would you use to change the default hello timer for STP on a switch?
|
(config)# spanning-tree vlan X hello-timer <secs>
|
|
|
What command would you use to change the Forward Delay timer for STP on a switch?
|
(config)# spanning-tree vlan X forward-time <secs>
|
|
|
What command would you use to change the Max Age timer for STP on a switch?
|
(config)# spanning-tree vlan X max-age <secs>
|
|
|
Where should you change STP timers, so other switches in the topology can synchronize the new timers?
|
On the Root Bridge/Switch. Timers changed on a non-root switch will not be advertised into the topology and are locally significant
|
|
|
What technique can you configure to have traffic for certain VLANs to be load balanced across different links on a group of switches
|
Configure switches to be Primary Roots for different VLANs with the "spanning-tree vlan X root primary" and
"spanning-tree vlan Y root primary" commands. |
|
|
TRUE or FALSE: Receiving the output "No spanning tree instance exists" from the "show spanning-tree" command means STP has not been enabled from the default disabled mode
|
FALSE: The problem is likely that there are no cables connected to any of the switches ports.
|
|
|
What command will give you a one-line summary with:
1. The MAC Address of the Root Bridge 2. The Root Path Cost to the Root 3. STP Timers 4. The Root Port |
"show spanning-tree root"
|
|
|
When you want to change a switches STP priority you must do so in multiples of what?
|
4,096.
|
|
|
What is the default STP priority for a switch?
|
32,768
|
|
|
When the STP topology is modified in some way, such as a port on a non-root switch being connected or transitioning from forwarding or learning mode into blocking mode, this type of frame is sent by the local switch
|
Topology Change Notification BPDU
|
|
|
When the root bridge receives a TCN BPDU from a switch indicating a change to the topology it transmits what BPDU with what flag set?
|
Configuration BPDU with the Topology Change flag turned on.
|
|
|
What happens when a switch transmits a Configuration BPDU with the topology change flag set to on?
|
Non-root switches in the topology adjust their max age timer from 300 secs to 15 secs to age out old entries in their CAM table.
|
|
|
What is a technique that can be used to load balance VLAN traffic across different ports on a single switch using STP?
|
spanning-tree vlan <range> port-priority <value>
|
|
|
Port priorities used with STP can be set in multiples of...
|
16
|
|
|
Ports with the alternate role (ALTN) use what STP mode?
|
Blocking. Alternate ports are used in case ports in forwarding mode lose connectivity.
|
|
|
What command will enable the Portfast feature on every port on a switch?
|
(config)# spanning-tree portfast default
|
|
|
What command(s) can you use to enable the Portfast feature on a switchport?
|
(config-if)# spanning-tree portfast
OR (config)# interface range <range> (config-if-range)# spanning-tree portfast |
|
|
TRUE or FALSE:
When an administrator issues the command "spanning-tree portfast default" on an access switch, it will enable the portfast feature on all of the swtichports |
FALSE. Portfast will only be enabled on ports configured as edge or access ports. They will not be enabled on ports configured as trunks.
|
|
|
What command will allow you to see if Portfast, BPDU Guard, BPDU Filter, Root Guard, Loopguard, Uplinkfast, and if Backbonefast are enabled?
|
show spanning-tree summary
|
|
|
what command will allow you to see STP details about a particular interface, such as timers and what STP features are enabled for it
|
show spanning-tree interface <name> detail
|
|
|
In a large network running MST, switches which share the same MST configuration are said to be part of the same what?
|
MST Region
|
|
|
What industry standard protocol is referenced by 802.1S
|
Multiple Spanning Tree protocol (MST)
|
|
|
TRUE or FALSE: The MST protocol is proprietary and only available on Cisco devices
|
FALSE. MST is an industry standard (IEEE 802.1S)
|
|
|
What basic commands will configure an MST region called region 1, associate VLANS 2, 4, 6, 8, 10, 12, and 14 with MST instance 1 and 0, associate VLANS 3, 6, 9, 12, 15, 18, and 21 with instance 2, preview the configuration, and enable the protocol on the switch.
|
spanning-tree mst configuration region1
region region1 instance 1-0 vlan 2,4,6,8,10,12,14 instance 2 vlan 3,6, 9, 12, 15, 18, 21 show pending exit spanning-tree mode mst |
|
|
How many MST instance can you configure per MST region?
|
16
|
|
|
What command will set the local switch as the primary Spanning-Tree root for MST instance 1, and STP secondary root for instance 2
|
spanning-tree mst 1 root primary
spanning-tree mst 1 root secondary |
|
|
What command will output the current configuration for the MST region
|
show current under MST configuration mode
|
|
|
This enhanced STP feature prevents interfaces configured with the Portfast feature from creating a briding loop by disabling the port if a BPDU is received on it?
|
BPDU Guard.
Because ports configured with Portfast should be connected to an end device and not another switch, the port should not be receiving BPDUs. If a BPDU is received, this indicates another switch is connected to that port, and should be disabled until the switch is disconnected from that port or until the administrator turns portfast off on it. |
|
|
What command will enable BPDU guard for all interfaces configured with the Portfast feature?
|
"spanning-tree portfast edge bpduguard default"
|
|
|
What command will enable portfast on an individual interface?
|
(config-if)# "spanning-tree bpduguard enable"
|
|
|
What command prevents unnecessary flooding of BPDUs to a port because an end device is connected to it and not another switch?
|
BPDU Filter
|
|
|
How do you enable BPDU Filtering globally on the switch?
|
spanning-tree bpdufilter default
|
|
|
How do you enable BPDU Filtering for a specific port?
|
spanning-tree bpdufilter enable
|
|
|
What command will shut down the interface on a switch if it receives a Superior BPDU (BPDU with the lowest priority or MAC Address compared to current root bridge)
|
Root Guard.
NOTE: Port is re-enabled when Superior BPDUs stop being received on it. |
|
|
TRUE or FALSE: Root Guard should only be enabled on the ports from the distribution switches to the core layer.
|
FALSE. Root Guard is best implemented on access ports.
|
|
|
This feature that is disabled by default detects problems with fiber links, such as the receive path working but the transmit path no, by transmitting a special frame and waiting for it to return back
|
Unidirectional Link Detection (UDLD)
|
|
|
UDLD has two operating modes. What are they?
|
1. Normal - Reports UDLD error in syslog. Port remains up
2. Aggressive - Transmits 8 frames. Err-disables port when frames do not return |
|
|
How do you enable UDLD globally for all fiber links?
|
"udld enable" or "udld aggressive"
|
|
|
What should you check first if you receive no meaningful output from the "show ip cef" command?
|
Ensure you have enabled IP Routing on the multilayer switch via the "ip routing" command from global configuration mode.
|
|
|
What should you check first if you receive no meaningful output from the "show ip route" command?
|
Ensure you have enabled IP Routing on the multilayer switch via the "ip routing" command from global configuration mode.
|
|
|
How would you route traffic between different VLANs if you only had a Catalyst 2950 switch or earlier switch not capable of layer 3 processing?
|
Add Router or other Layer 3 device and implement Router-on-a-Stick (ROAS)
|
|
|
What five things must you have to create a ROAS?
|
1. A Switch (Layer 2 preferably)
2. A Router 3. A trunk configured with the IEE 802.1Q protocol between the switch and router 4. Subinterfaces on the router's trunk port for each VLAN going to be used for Inter-VLAN routing 5. VLANs configured on the Layer 2 switch |
|
|
TRUE or FALSE: Using a separate physical interface for each VLAN on a router is an efficient method for doing Inter-VLAN routing
|
FALSE. Using a Multilayer Switch (MLS) or Router-on-a-Stick are the two preferable and efficient methods for Inter-VLAN Routing.
|
|
|
What are three Layer 3 interface types supported on Catalyst switches?
|
1. Switched Virtual Interfaces (SVI)
2. Routed Ports 3. Bridge Virtual Interfaces (BVIs) |
|
|
By default, an SVI is created for what VLAN?
|
VLAN 1 (management)
|
|
|
If you have a multilayer switch and want to create a default gateway for hosts in a certain VLAN to use, what should you create on the switch?
|
A Switched Virtual Interface (SVI) with the command "interface vlan x" followed by "ip address x.x.x.x x.x.x.x"
|
|
|
TRUE or FALSE: Creating a routed port on a layer 3 switch is accomplished by one command.
|
FALSE. you must configure three commands, the "no switchport" command followed by "ip address x.x.x.x x.x.x.x", followed by "no shutdown"
|
|
|
When configuring uplink ports from switches in the distribution layer to the core layer or within the core layer you should configure what types of ports?
|
Routed Ports with the "no switchport". Ports should not be running as layer 2 switchports within the core layer as L2 protocols like STP and bridigng loops can occur if used.
|
|
|
What are some characteristics of Routed Ports?
|
1. Not associated with a VLAN
2. Behaves exactly like any interface on a router would 3. Spanning-tree, VTP, and other L2 protocols are unsupported |
|
|
How do you convert a L2 switchport to a L3 routed port?
|
"no switchport"
|
|
|
You're a network administrator and you suspect something might be wrong with the VLAN but you see the SVI for VLAN 10 as up/up. Later, you find your suspicion was correct and discovered a monitoring station also attached to that VLAN but it doesn't actually send/receive traffic for the VLAN. What should you configure to prevent this false reporting when a VLAN goes down in the future?
|
Turn on SVI Autostate with the "switchport autostate exclude" command on the port where the monitoring station/device is connected to.
|
|
|
How do you configure a L3 Etherchannel
|
interface port-channel x
no switchport ip address x.x.x.x x.x.x.x interface range <ports bundled into etherchannel> no switchport |
|
|
How many message types are used for DHCP and what are they?
|
DHCPDISCOVER
DHCPOFFER DHCPREQUEST DHCPACKNOWLEDGE |
|
|
What type of communicatiopn does the DHCPDISCOVER message use?
|
Broadcast. A broadcast frame is sent by the client to devices on the network.
|
|
|
What type of communication does the DHCPOFFER message use?
|
Unicast. One or more DHCP servers on the network respond to the DHCPDISCOVER broadcast with a unicast DHCPOFFER message
|
|
|
What type of communication does the DHCPREQUEST message use?
|
Broadcast
|
|
|
What type of communication does the DHCPACK message use?
|
Unicast
|
|
|
What commands will configure a DHCP server on a router or L3 switch?
|
1. Configure IP Addresses to exclude from being assigned to clients
ip dhcp excluded-address <start IP> <End IP> 2. Configure the pool name ip dhcp pool <name> 3. Configure network range (IP and Subnet Mask) network x.x.x.x x.x.x.x 4. Configure Default Gateway for clients default-router <ip> 5. Configure options (optional) option <value> <ip> |
|
|
When you have a standalone DHCP server on one VLAN and hosts scattered through other VLANs, what should you configure on the router(s) so DHCP broadcast messages will reach the DHCP server?
|
DHCP Relay via the "ip helper-address" command.
|
|
|
TRUE or FALSE: The DHCP Relay feature will only regenerate DHCP packets to be unicasted to the destination
|
FALSE. DHCP Relay supports not just DHCP messages but NETBIOS, TFTP, DNS, NTP, and BOOTP packets
|
|
|
What command will show you DHCP message exchanges in real-time?
|
"debug ip dhcp server packet"
|
|
|
Layer 3 switches use a new type of table to store ACL, QoS, and information used for upper layer processing (Layer 3, 4, etc) known as the what?
|
TCAM - Ternary Content Addressable Memory
|
|
|
What is the switching method where when the first packet in a flow is handled via the traditional routing engine (software) and subsequent packets are switched in hardware via ASICS?
|
Route Caching
|
|
|
The CAM table is based on 0 and 1 whereas the TCAM is based on what?
|
0, 1, and either (or don't care)
|
|
|
The Cisco switching method where every packet in a flow is processed by the routing engine and never by hardware ASICS is called what?
|
Process Switching
|
|
|
What are three methods routers use to forward packets?
|
1. Process Switching
2. Fast Switching 3. Cisco Express Forwarding (CEF) |
|
|
What are two methods switches use to forward packets?
|
1. Route Caching (similar to Fast Switching)
2. Topology-based switching (uses CEF) |
|
|
What two tables are key to the operation of Cisco Express Forwarding (CEF)?
|
1. Forwarding Information Base (FIB)
2. Adjacency Table (AT) |
|
|
What are some characteristics of Cisco Express Forwarding?
|
1. Less CPU-intensive than Fast Switching
2. Utilizes the Routing and ARP table to build tables in hardware for processing frames/packets. 3. All packets and frames are processed via hardware, none are sent to the route engine (unless it receives an unsupported frame) |
|
|
What is the default switching method used by Cisco Catalyst switches today?
|
Cisco Express Forwarding (CEF)
|
|
|
TRUE or FALSE: CEF is supported on the Cisco Catalyst 3550 and up.
|
TRUE. CEF is not supported on the 2950 or earlier models.
|
|
|
What are the two different modes of CEF?
|
1. Central CEF
2. Distributed CEF (dCEF) |
|
|
What is Central CEF?
|
Routing, ACL, QoS, and forwarding decisions are made by a centralized route processor in the switch. This feature is available on the Cisco 4500 and 6500 family of switches without Distributed Forwarding Cards.
|
|
|
What is Distributed CEF (dCEF)
|
Individual line cards (modules) and ports in the switch make forwarding decisions independent of the central switching engine by maintaining local copies of the FIB and adjacency tables and synchronizing the tables with the route processor. This feature is supported on the Cisco 6500 switch family with Supervisor 720 and integrated DFC line modules.
|
|
|
CEF uses what table to do longest-match destination L3 address lookups and is based on the IP Routing table?
|
Forwarding Information Base (FIB)
|
|
|
What table is used by CEF that contains L2 header rewrite information (Source and Destination MAC Addresses) for each next-hop and is based on the ARP table?
|
Adjacency Table (AT)
|
|
|
What happens when the TCAM table reaches capacity in a multilayer switch and needs to process an incoming frame/packet?
|
The packet or frame is sent to the route engine for traditional Layer 3 processing until the TCAM table is no longer full
|
|
|
What is ARP Throttling?
|
When a Router/MLS receives a packet without an existing L2 rewrite header for the destination, sends an ARP request to retrieve that information and installs a drop adjacency to prevent ARP-based DoS attacks. When the ARP reply is received or if a reply is not received within 2 secs, the drop adjacency is removed.
|
|
|
What commands can you use to verify CEF is working and entries in the FIB and adjacency table?
|
show interface <port>
show ip cef show ip cef <port> detail show adjacency <port> <detail, internal, summary> |
|
|
What commands could you use to flush the ARP table in a switch?
|
"clear ip arp" or "clear adjacency"
|
|
|
What SNMP message type requests a value from a specific MIB?
|
Get Request
|
|
|
What is the most common implementation of SNMP in use today?
|
SNMPv2c
|
|
|
This version of SNMP uses a concept of community strings for minimal security
|
SNMPv2c
|
|
|
This implementation of SNMP uses authentication and encryption services
|
SNMPv3
|
|
|
This SNMPv3 mode provides no authentication or encryption for messages
|
NoAuthNoPriv
|
|
|
This mode for SNMPv3 authenticates messages with HMAC-MD5 or SHA but provides no confidentiality
|
AuthNoPriv
|
|
|
What SNMPv3 mode authenticates messages and uses CBC-DES encryption?
|
AuthPriv
|
|
|
In what version of the Cisco IOS is SNMPv2 support available?
|
11.3 and up
|
|
|
In what version of the Cisco IOS is support for SNMPv3 available?
|
12.0 and up
|
|
|
When you implement SNMP, what is a recommended best security practice?
|
Create an ACL with the IP Addresses allowed to send SNMP messages to the local agent.
|
|
|
What command will set a SNMP community string that provides read-only access to the local agent?
|
snmp-server community <string> RO
|
|
|
What command will set a SNMP community string that provides both read and write access to the local agent?
|
snmp-server community <string> RW
|
|
|
What command will set the Manager IP Address used for sending SNMP trap messages to?
|
snmp-server trap <ip>
|
|
|
What Cisco IOS device is configured with measurements and probes for IP SLA?
|
IP SLA Source
|
|
|
What are some benefits of using the IP SLA feature?
|
write stuff here
|
|
|
What commands will configure an IP SLA Source device?
|
ip sla monitor <instance #>
type <probe type> <responder ip> source-int <name> frequency x |
|
|
What commands will configure an IP SLA schedule?
|
ip sla monitor schedule x <time>
track <instance #> <action> |
|
|
How do you configure an IP SLA responder?
|
ip sla monitor responder
|
|
|
What are some high availability (HA) options available with Cisco devices?
|
RPR / RPR+
SSO NSF with SSO |
|
|
If a 6500 switch is enabled with legacy Route Processor Redundancy (RPR) and the active supervisor fails, how long will it take for the standby supervisor to failover to be the active one?
|
Between 2-4 minutes
|
|
|
What is the failover time for a Cisco Catalyst 4500 switch enabled with legacy RPR?
|
Under 60 seconds
|
|
|
TRUE or FALSE: When a failover occurs on a switch enabled with legacy RPR, all the the switching modules are power cycled.
|
TRUE; When a failover occurs with legacy RPR, all the switching modules are power cycled, the subsystem is reinitialized, and ACLs are repgrogrammed onto the standby supervisor.
|
|
|
TRUE or FALSE: When a failover occurs on a switch enabled with legacy RPR+, all the the switching modules are power cycled.
|
False; the standby supervisor is fully initialized and configured before a failover occurs and thus no reloading of modules is required.
|
|
|
What happens if a switch chassis enabled with RPR+ has an active and standby supervisor but they are not running the same image?
|
The switch fallsback to running legacy RPR
|
|
|
What redundancy technology is preferred over RPR/RPR+?
|
Stateful Switchover (SSO)
|
|
|
What are some benefits of using SSO for redundancy/HA?
|
- Start-up and running-config synchronized between supervisors as well as changes to software/hardware
- Support for a wide number of Layer 2 protocols - Subsecond Failover |
|
|
What commands will enable Stateful Switchover on a 4500 or 6500 switch?
|
"config t"
"redundancy" "mode sso" |
|
|
What is the expected Route Processor (RP) switchover time on a Cisco 4500 switch for L2 traffic?
|
Less than one second (subsecond switchover)
|
|
|
What is the expected Route Processor (RP) switchover time on a Cisco 6500 switch for L2 traffic?
|
Between 0-3 seconds
|
|
|
What are some benefits of Non-Stop Forwarding (NSF) with SSO?
|
- Continuous L3 traffic forwarding during failover
- Zero packet loss by retaining CEF tables from old active RP - Automatic re-convergence of BGP, EIGRP, OSPF, and IS-IS protocols and neighbors |
|
|
What commands will enable NSF with BGP?
|
router bgp <AS>
bgp graceful-restart |
|
|
What commands will enable NSF with OSPF or EIGRP
|
router <ospf/eigrp> <area or as>
nsf |
|
|
In HSRP, what is the Virtual Router?
|
An IP and MAC Address pair assigned to routers in an HSRP group which devices on the LAN use as their default gateway.
|
|
|
What is the format for the Virtual MAC Address in v1 of HSRP?
|
000.0c07.acXX where XX represents the HSRP group number.
|
|
|
What first-hop redundancy protocol will give you true gateway redundancy?
|
Gateway Load Balancing Protocol (GLBP)
|
|
|
In a GLBP group, this is a router that handles packet forwarding for clients on the LAN.
|
Active Virtual Forwarder (AVF)
|
|
|
In a GLBP group, this router receives ARP requests from clients for the MAC address of their default gateway (which is also the IP for the Virtual Router) and replies with a Virtual MAC Address for one of the routers in the group.
|
Active Virtual Gateway (AVG)
|
|
|
If the AVG for a GLBP group loses connectivity with the network and the other routers, which AVF will be elected as the new AVG?
|
The AVF with:
1) The highest gateway priority 2) The gateway whose GLBP interface has the highest IP assigned to it. |
|
|
What are three ways the AVG load balances requests from clients on the LAN to Active Forwarders?
|
GLBP Load balancing algorithms:
- Round-Robin - Weight - Host-Dependent |
|
|
What is the limit of AVFs per GLBP group
|
Four
|
|
|
How many AVGs can you have in a single GLBP group?
|
One
|
|
|
What is the highest group number that can be configured with GLBP?
|
1024
|
|
|
What is the lowest group number that can be configured with GLBP?
|
Zero (0)
|
|
|
What multicast address and port is used for GLBP?
|
224.0.0.102 UDP port 3222
|
|
|
TRUE or FALSE: In GLBP, if a gateway is elected as an AVG, it automatically has preemption enabled.
|
FALSE: Preemption must be manually configured on AVGs (similar to HSRP) with the "glbp <group> preempt" command
|
|
|
In GLBP, what should you do if you must change the default timers by don't want to console to every switch to make the changes?
|
Console to the AVG and change time timers with the glbp <group> timers <hellotime> <holdtime> command. This will advertise the new timers for all the routers in the group to use.
|
|
|
In GLBP, if you must change the default timers from using seconds to milliseconds for faster convergence, what command should you use?
|
Use the msec keyword before the hellotime and or holdtime in the command "glbp <group> timers <hellotime> <holdtime>" e.g: glbp <group> timers msec <hellotime in ms> msec <holdtime in ms>
|
|
|
In GLBP, what is the default hello time interval and holdtime interval?
|
3 secs for Hello Time
10 secs for Holdtime |
|
|
In GLBP, when a router is assigned to be an AVF for the group, what is the format for the Virtual MAC Address its assigned?
|
0007.b4xx.xxyy
where the x's represent the group # and the y's represent routers AVF # in the group |
|
|
What command will allow you to change the default or configured load balancing algorithm used on the AVG?
|
glbp <group> load-balancing <algo> where algo can be either round-robin, weight, or host-dependent.
|
|
|
How do you implement interface tracking in GLBP?
|
1. Configure a tracking object # and specify line-protocol or ip routing
2. Set the max, lower, and upper weights for the interface 3. Set a decrement value for each time the tracking object is triggered (via a line-protocol or ip routing change to the interface) track <obj #> interface <name> [line-protocol or ip routing] switch(config-if)#glbp <group> weighting <max> lower <#> upper <#> switch(config-if)#glbp <group> weighting track <obj #> decrement <#> |
|
|
TRUE or FALSE: VRRP is a Cisco Proprietary protocol like HSRP and GLBP
|
FALSE: VRRP is an IETF standard and not owned or maintained by Cisco.
|
|
|
In VRRP, what is equivalent to an Active router in HSRP?
|
The Master Router
|
|
|
In VRRP, what is equivalent to a Standby router in HSRP?
|
Backup Router
|
|
|
What are the group number ranges for VRRP?
|
0 - 255
|
|
|
What is the lowest and highest priority that can be configured on a VRRP router?
|
Lowest = 0
Highest = 255 |
|
|
TRUE or FALSE: VRRP advertisements are sent every 3 seconds like GLBP and HSRP
|
FALSE. Advertisements are sent every second (1 second intervals)
|
|
|
TRUE or FALSE: Any router within a VRRP group can preempt the current Master automatically if it has the highest priority configured. No configuration is required to enable preemption.
|
TRUE
|
|
|
What IP protocol and Multicast address are used by VRRP?
|
IP Protocol 112 and 224.0.0.18
|
|
|
This default feature found on switch ports enabled with Port Security allows the switch to record MAC Addresses it has dynamically learned via received frames and records the MACs as authorized hosts connected to the port
|
Sticky Addresses
|
