Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
81 Cards in this Set
- Front
- Back
|
List and briefly describe the STP port states in the order that they occur.
|
1: Blocking - Cannot send or receive data, cannot learn MAC addresses. Can only receive BPDUs, but not send them.
2: Listening - Cannot send or receive data, cannot learn MAC addresses. Can send and receive BPDUs. 3: Learning - Cannot send or receive data, can learn MAC addresses, can send and receive BPDUs. 4: Forwarding - Standard port operation. 5: Disabled - special case, usually due to an administratively disabled port or an error condition. |
|
|
What 3 actions happen immediatly after a frame is received on a port, and in what order?
|
These three actions happen simultaneously in hardware:
- L2 forwarding table (CAM) lookup to determine destination. - Security ACL lookup (compiled in TCAM) - QoS ACL lookup (also in TCAM) |
|
|
What 3 actions happen immediatly after a frame is received on a port, and in what order?
|
These three actions happen simultaneously in hardware:
- L2 forwarding table (CAM) lookup to determine destination. - Security ACL lookup (compiled in TCAM) - QoS ACL lookup (also in TCAM) |
|
|
What are the two types of multilayer switching that have existed in Cisco switches, and are some differences between them?
|
Route caching & Topology-based.
Route caching requires a route processor, and is a "route once, switch many" type of MLS. CEF, or Topology-based builds a database containing the entire network topology. The longest match in the database is used to determine the correct layer 3 destination. |
|
|
What are the two types of multilayer switching that have existed in Cisco switches, and are some differences between them?
|
Route caching & Topology-based.
Route caching requires a route processor, and is a "route once, switch many" type of MLS. CEF, or Topology-based builds a database containing the entire network topology. The longest match in the database is used to determine the correct layer 3 destination. |
|
|
By default, how long are MAC address entries stored in the CAM table before being aged out?
|
300 seconds.
|
|
|
By default, how long are MAC address entries stored in the CAM table before being aged out?
|
300 seconds.
|
|
|
What does the switchport nonegotiate command do?
|
Prevents DTP frames from being sent from an interface.
|
|
|
How can you reset a switch's VTP revision number?
|
- Change the switch's VTP mode.
- Change the switch's VTP domain name. |
|
|
List the types of VTP advertisements and which devices send them.
|
Summary Advertisements - VTP domain servers - contains information about the management domain.
Subset Advertisements - VTP domain servers - Sent when the VLAN configuration changes. Advertisement Request - VTP clients - sent when the client needs VLAN information. |
|
|
What are 3 differences between VTP version 1 and 2?
|
- VTP v1 transparent mode switches check domain name and version before forwarding information to other switches, while VTP v2 does not.
- VTP v2 performs consistency checks on parameters entered from the CLI and SNMP. - VTP v2 supports forwarding frames with unknown TLV values. |
|
|
To what address are STP BPDUs sent?
|
01:80:c2:00:00:00
|
|
|
What are the two types of STP BPDUs?
|
- Configuration BPDU
- Topology Change Notification (TCN) BPDU |
|
|
What makes up a switch's basic "Bridge ID"?
|
Bridge priority (2 bytes) + MAC address (6 bytes)
|
|
|
Does a higher or lower bridge id prevail in an STP root bridge election?
|
Lower brdige ID (lower priority, or if priorities are equal, lower MAC address)
|
|
|
List the STP port states:
|
- Disabled (administratively down or fault condition)
- Blocking (not forwarding - redundant link) - Listening - Learning (populates CAM) - Forwarding (fully functional) |
|
|
What are the 3 important STP timers, and their default values?
|
- Hello time - interval between BPDU transmission (2s)
- Forward delay - time spent in the listening and learning states (15s) - Max age - how long a switch will store BPDUs before discarding them (default 20s) |
|
|
When the command "spanning-tree vlan x root primary" command is run, how is the bridge priority calculated?
|
The switch takes priority of the current root bridge and subtracts 4,096. If the current root bridge's priority is more than 24,576 the switch sets its priority to 24,576.
|
|
|
When the command "spanning-tree vlan x root secondary" command is run, how is the bridge priority calculated?
|
The switch sets its priority to 28,672.
|
|
|
What does the uplinkfast feature do, and what is one major limitation?
|
- The bridge priority is raised to 49,152
- When a redundant uplink fails, CAM entries are modified to use the redundant link, and special mulitcast frames are flooded out the new active uplink on behalf of the entries in the CAM table, to update the neighboring switch's CAM table. - The major limitiation is that only edge switches can be configured with uplinkfast. |
|
|
What does the backbonefast feature do?
|
Backbonefast uses the Root Link Query (RLQ) protocol to determine whether upstream switches have stable connections to the root bridge, and short-circuits the max-age timer if an unstable connection is detected.
|
|
|
What does STP Root Guard do?
|
Root Guard disables ports (root inconsistant state) if it sees any superior BPDUs on a port with Root Guard enabled. All VLANs on a port are affected when Root Guard is triggered.
|
|
|
How does Loop Guard work?
|
Once a port with Loop Guard enabled begins receiving BPDUs, it expects to continue receiving BPDUs. If the BPDUs go missing, the port is moved into a loop-inconsistant state until BPDUs are received again, on a per-vlan basis (the entire port is not necessarily affected).
|
|
|
What is the command to disable BPDU transmission on a port?
|
spanning-tree bpdufilter enable
|
|
|
What are the port roles in RSTP (802.1w)?
|
- Root port - port on a switch that has the best path to the root bridge.
- Designated port - port on a network segment that has the best path to the root bridge. - Alternate port - a port with a different, less desirable, path to the root bridge. - Backup port - a redundant port on the same network segment as another port. |
|
|
What are the port states in RSTP (802.1w)?
|
- Discarding
- Learning - Forwarding |
|
|
What are the port types in RSTP (802.1w)?
|
- Edge Port (typically identified by the PortFast feature)
- Root Port - Point-to-point port (any port that connects to another switch and becomes a designated port) |
|
|
How does RSTP (802.1w) synchronization work?
|
1. All switches begin sending proposals to their neighbors, to negotiate RSTP status.
2. When a switch receives proposal from a sender with a superior BPDU, all non-edge ports are moved into the discarding state. 3. After sending a response confirming that the port receiving the superior BPDU is the best path to the root, that port (now a root port) is immediately moved to the forwarding state. After message is sent, the switch's neighbor who sent the proposal immediately moves its port (designated) into the forwarding state as well. 4. A new proposal message is then sent on all the other non-edge ports (that were moved into discarding earlier), and the negotiation moves as a wave through the network until all switches agree on the topology. |
|
|
What triggers RSTP (802.1w) topology change (TC) messages?
|
A non-edge port moving into the forwarding state.
|
|
|
What happens when a switch receives an RSTP (802.1w) topology change (TC) message?
|
- BPDUs with the TC bit set are sent out all non-edge designated ports until the TC timer expires (default 2x hello timer)
- MAC addresses associated with the non-edge designated ports are flushed. |
|
|
In HSRP election, does the router with the higher priority or lower priority become active?
|
The higher priority router becomes active
|
|
|
What command will display all devices reachable in a single layer-2 hop?
|
show adjacency
|
|
|
How do you display the FIB?
|
show ip cef
|
|
|
When are changes to MST committed?
|
When you exit MST configuration
|
|
|
What is the command that must be entered to configure MST?
|
spanning-tree mst configuration
|
|
|
When using MST, what 3 attributes must match on all switches in a region?
|
- MST configuration name
- MST configuration revision number - MST instance-to-VLAN mapping table |
|
|
What are the steps for configuring DHCP in IOS?
|
Switch(config)# ip dhcp excluded-address start-ip end-ip
Switch(config)# ip dhcp pool pool-name Switch(config-dhcp)# network ip-address subnet-mask Switch(config-dhcp)# default-router ip-address [ip-address2] [ip-address3] ... Switch(config-dhcp)# lease {infinite | {days [hours [minutes]]}} Switch(config-dhcp)# exit |
|
|
What is the destination address for HSRP hello messages?
|
224.0.0.2 ('all routers')
|
|
|
In an HSRP election, does the router with the higher or lower priority value become active? What happens if there is a tie?
|
The router with the highest priority value will become active. In the case of a tie, the router with the highest IP address on the HSRP interface will become active.
|
|
|
What keyword is used to access HSRP functions?
|
standby
|
|
|
Does HSRP preempt by default?
|
No.
|
|
|
What command is used to track interface status to sway HSRP elections?
|
standby <group> track
|
|
|
How can you tell what group an HSRP virtual IP belongs to from a neighboring device?
|
The MAC address of the HSRP VIP ends with the group ID in hex format. Example: 0000.0c07.ac0b would represent HSRP group 11.
|
|
|
How is the AVG (Active Virutal Gateway - the master) determined for GLBP?
|
Highest priority value, or highest IP address if priority values are equal.
|
|
|
What are the range of valid group numbers and valid priority values for GLBP?
|
Group: 0 - 1023.
Priority: 0 - 255 (default 100). |
|
|
Does GLBP preempt by default?
|
No.
|
|
|
What is the best method to configure timers for all routers of a GLBP group?
|
Configure the timers only on the AVG - All other routers will learn them automatically.
|
|
|
Describe the GLBP AVF (Active Virtual Forwarder) virtual mac address composition.
|
0007.b4xx.xxyy
The 16-bit xxxx value will be six 0s, followed by a 10-bit GLBP group number. The yy value will be the 8-bit virtual forwarder number. |
|
|
Describe what happens after a GLBP AVF becomes an AVF with two different virtual mac addresses. (for example, when an AVF fails and its MAC address needs to fail over in order to not to disrupt service)
|
After the redirect timer expires (default: 10m), the AVG stops responding to ARP requests with the old virtual MAC address.
After the timeout timer expires, the AVF is assumed to be dead, and the old virtual MAC address is removed from all GLBP peers. |
|
|
What command is used to define a tracked interface object?
|
track <object-number> interface <x/xx>
|
|
|
What are the three steps to enabling custom weighting (interface tracking) for GLBP?
|
1. Define the interface object (global config).
2. Configure the interface's GLBP weight (interface config). 3. Configure GLBP to track the correct object. |
|
|
Explain the three GLPB load-balancing methods.
|
- Round robin: Each new ARP request receives the next available virtual MAC. Distributes load evenly.
- Weighted: The GLPB group interface's weights determine the proportion of traffic that should be sent to each AVF. Higher weighting = more frequent usage. - Host dependent: A client that generates an ARP request will always receive the same virtual MAC over time (so the gateway MAC for a specific client will never change). |
|
|
What command will show you detailed GLBP operation information?
|
show glpb
|
|
|
Describe the three redundancy modes for Catalyst supervisors:
|
RPR (Route processor redundancy): The redundant sup is only partially booted and initialized. When the active module fails, all other modules must be rebooted before the new sup is initialized.
RPR+: The redundant sup is fully booted, but no L2 or L3 processes are started. When the main sup fails, the standby must start L2 and L3 processes, but no modules are rebooted. SSO (stateful switchover): The redundant sup is fully booted and initialized, and L2 information is synchronized. |
|
|
How does NSF (non-stop forwarding) work?
|
When the primary sup in an SSO configuration fails, the new active sup gets help from NSF aware neighbors to quickly rebuild the FIB.
|
|
|
List the PoE Power Classes and tiehr maximum wattage at 48V DC.
What is the IEEE standard that defines PoE functions? |
0: 15.4 W
1: 4.0 W 2: 7.0W 3: 15.4W 4: Up to 50W (optional - 802.3at - PoE+) The IEEE standard for PoE functions is 802.3af |
|
|
Describe the IntServ and DiffServ QoS models.
|
IntServ (Integrated Services) works by reserving bandwidth along the entire network path before beginning a transmission.
DiffServ (Differentiated Services) works dynamically, allowing each device along the path to handle packets independently, based on information in the packet headers. |
|
|
Where is CoS (class of service) information stored as a packet moves through the network?
|
CoS information is stored in the 802.1q (or ISL) packet header. This means that it is removed and must be re-applied each time the packet is decapsulated after transiting a trunk link.
|
|
|
Describe the 8 classes of service used by the DiffServ QoS model.
|
0: Best effort.
1-4: AF (assured forwarding). 5: EF (expedited forwarding). 6: Internetwork control. 7: Network control. |
|
|
When configuring voice QoS on an interface, how do you define the trust boundary?
|
mls qos trust {cos | ip-precedence | dscp}
(tells the switch to trust the defined value - typically cos) switchport priority extend {cos <value> | trust} (the 'cos' keyword is used to instruct the phone to overwrite whatever cos value is received from the user device with the value defined here, while the 'trust' keyword allows the user device to set its own cos bits). |
|
|
How do you configure auto-QoS?
|
"auto qos voip" in interface configuration mode.
|
|
|
How do you display QoS information?
|
show mls qos interface <x/xx>
|
|
|
In a wireless LAN, what is the difference between layer-2 and layer-3 roaming?
|
When a client undergoes Layer-2 roaming, the client IP address stays the same, while Layer-3 roaming requires a change of subnet.
|
|
|
What is split-mac architecture, when talking about wireless LANs?
|
Where some of the layer 1-2 functionality is handled by the LAP (lightweight AP) and some is handled by the WLC (wireless LAN controller).
|
|
|
What are the two tunneling protocols for WLAN traffic?
|
LWAPP (Cisco)
CAPWAP (IEEE) |
|
|
What is HREAP?
|
Cisco Hybrid Remote Edge AP, where an LAP can operate independently when the WLC is unavailable.
|
|
|
What command enables port security?
|
switchport port-security
|
|
|
Describe the three port-security violation actions.
|
Shutdown: The port is immediately err-disabled.
Restrict: The port stays up, but all violating traffic is dropped. A count of the dropped packets is kept, and log messages are generated. Protect: Same as restrict, but with no counting or logging. |
|
|
What command shows all err-disabled interfaces?
|
show interfaces status err-disabled
|
|
|
What is the base command for viewing port-security information?
|
show port-security
|
|
|
What is port-based authentication?
|
Where a user must authenticate with the switch they are connected to before the port will pass any traffic.
|
|
|
What authentication protocol is used for 802.1x (port-based authentication)?
|
RADIUS
|
|
|
What are the steps to configure 802.1x (port-based authentication)?
|
1. Enable AAA on the switch (aaa new-model).
2. Define external RADIUS (radius-server host). 3. Define authentication method for 802.1x (aaa authentication dot1x default group radius). 4. Enable 802.1x (dot1x system-auth-control). 5. Configure each port that will use 802.1x in interface config mode (dot1x port-control). 6. (optional) Allow multiple hosts on a switch port in interface config mode (dot1x host-mode multi-host) |
|
|
How does DHCP snooping work?
|
DHCP servers are on defined "trusted" ports, while all other ports are untrusted.
|
|
|
How does IP source guard work?
|
Using the DHCP snooping database and static entries, traffic on a port from addresses other than the one learned or statically defined is dropped.
|
|
|
How does dynamic arp inspection work?
|
Untrusted ports are monitored for arp replies, and using the DHCP snooping database and static entries, if the arp reply does not match learned or configured values, the arp reply is dropped.
|
|
|
What command is used to define a filter for traffic within a VLAN?
|
vlan access-map
|
|
|
How do you apply a vlan access-map to a vlan?
|
vlan filter <map-name> vlan-list <list of vlans>
|
|
|
Describe the two types of secondary private VLANs
|
--Isolated--
Can talk to: Devices on the primary VLAN. Can not talk to: Devices on their own secondary VLAN. Can not talk to: Devices on any other secondary VLANs. --Community-- Can talk to: Devices on their own secondary VLAN. Can talk to: Devices on the primary VLAN. Can not talk to: Devices on any other secondary VLANs. |
|
|
Describe the two port modes for private VLANs
|
Promiscuous - connects to other network equipment; ignores private VLAN rules.
Host - connects to a host, follows private VLAN rules. |
|
|
List the steps required for configuring an isolated private-vlan.
|
1. Configure the private secondary vlan.
2. Configure the private primary vlan. 3. Associate the two vlans. 4. Set individual port modes and associations. 5. Set SVI associations. |
