Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
556 Cards in this Set
- Front
- Back
|
What are the three modes for PAgP?
|
On
Auto Desirable |
|
|
What are the three modes for LCAP?
|
On
Passive Active |
|
|
What is an EtherChannel?
|
It allows up to 8 links to be bundled together. Must be Fast Ethernet up to 10 Gigabit Ethernet.
|
|
|
List the EtherChannel Load Balancing Methods.
|
src-dst-ip (default)
src-ip dst-ip src-mac dst-mac src-dst-mac src-port dst-port src-dst-port |
|
|
What PAgP and LACP modes ask to form a channel?
|
Desirable & Active
|
|
|
What PAgP and LACP modes wait to be asked to form a channel?
|
Auto & Passive
|
|
|
Does PAgP Auto negotiation send packets?
|
Yes
|
|
|
Does LACP Passive negotiation send packets?
|
Yes
|
|
|
Does PAgP Desirable negotiation send packets?
|
Yes
|
|
|
Does LACP Active negotiation send packets?
|
Yes
|
|
|
Does LACP and PAgP "On" negotiation send packets?
|
No
|
|
|
What is the Link Aggregation Control Protocol (LACP)?
|
It is a standards based protocol that allows for ports to be bundeled together.
|
|
|
How does LACP decide what switch makes decisions?
|
Lowest system priority
|
|
|
How does LACP decide what ports to add to a bundle?
|
Port priority
lower value = higher priority |
|
|
How many links can LACP have configured for a bundle?
|
16 (8 active & 8 backups)
|
|
|
What is the Port Aggregation Protocol (PAgP)?
|
It is a Cisco-proprietary protocol that allows for automatic creation of EtherChannels between switches.
|
|
|
What is PAgP Silent submode?
|
Allows ports to be added to an EtherChannel even if the other end of the link is silent and transmits no PAgP packets (useful for servers or other non-PAgP devices)
|
|
|
What is the 20/80 rule?
|
Rule of thumb for enterprises where 20 percent of traffic is local and 80 percent is remote.
|
|
|
Describe the Access layer.
|
It is where end users connect to the network.
It provides: Low cost and high density,Layer 2 connectivity, VLANs,Traffic filtering, Protocol filtering, and QoS |
|
|
Describe the Core layer.
|
Fast and efficient switching and Layer 3 throughput.
|
|
|
Describe the Distribution layer.
|
Provides connections from Access to Core.
VLANs and broadcast domains converge here Aggregation of Access layer devices High Layer 3 throughput QoS, ACLs and packet filters configured here |
|
|
What is a Bridging loop?
|
Forwarding frames, non-stop, between two switches
|
|
|
What is a Broadcast domain?
|
A network segment where devices see every broadcast that is transmitted
|
|
|
What is a Collapsed core design?
|
Core layer is collapsed into the Distribution layer; found in smaller, campus networks to save money.
|
|
|
What is a Dual core design?
|
Connects two or more switch blocks in a redundant fashion.
|
|
|
What is a Collision domain?
|
A network segment where collisions can occur (i.e. WiFi & Half-duplex).
|
|
|
Should STP run on the core layer?
|
No
|
|
|
What is CSMA/CA and what is it used for?
|
Carrier Sense Multiple Access Collision Avoidance: Used by wireless networks to avoid collisions.
|
|
|
What is CSMA/CD and what is it used for?
|
Carrier Sense Multiple Access with Collision Detection: Used by ethernet to detect when a station can send.
|
|
|
What is Delay and what is it measured in?
|
Time it takes for a packet to be delivered across the network.
Measured in latency. |
|
|
What is inter-VLAN routing?
|
Forwarding packets between VLANs using a physical or logical connection
|
|
|
What is an End-to-end VLAN?
|
Campus wide VLANs: VLANs that span the entire switch fabric of a network
|
|
|
What VLAN design should be used for enterprises?
|
Local VLAN
|
|
|
What is switch flooding?
|
When a switch sends a frame out all of its ports.
|
|
|
What is the Hierarchical network design?
|
Approach used that enables network design to be organized into distinct layers of devices.
|
|
|
What is Jitter?
|
The variation in time between arrival of packets in a stream (measured is ms).
|
|
|
What is Packet loss?
|
Packets that are dropped without delivery.
|
|
|
What is a Switch block?
|
A group of Access layer switches and their Distribution Layer switches. It is a the boundary of: VLANs, broadcasts, & subnets
|
|
|
What is a Transparent bridge?
|
Connects networks while remaining transparent to end devices and does not modify the frames.
|
|
|
Does video require low or high bandwidth?
|
High
|
|
|
Does video require low or high bandwidth?
|
Low
|
|
|
What is the max delay for VoIP?
|
150-200 ms (one-way)
|
|
|
What is the max packet loss for VoIP?
|
< 1%
|
|
|
What is the max average jitter for VoIP?
|
30 ms
|
|
|
What is the bandwidth range for VoIP?
|
21-106 kbps
|
|
|
What are Local VLANs?
|
VLANs based on small geographic boundaries such as a single closet.
|
|
|
What does the Dynamic Trunking Protocol (DTP) do?
|
It is a Cisco-proprietary protocol that allows negotiation of a common trunking mode between to links.
|
|
|
What needs to be configured the same for DTP to work?
|
Both switches must be part of the same VTP management domain or a NULL VTP domain.
|
|
|
What are the three ways a trunk can be configured?
|
Trunk
Dynamic Desirable Dynamic Auto |
|
|
If the command ""switchport mode trunk"" is used, does DTP still operate on the port?
|
Yes
|
|
|
What are the three configuratble trunk encapsulation types and which is the default?
|
ISL
dot1q negotiate (default)" |
|
|
Does a port in "switchport mode dynamic desirable" ask to form a trunk?
|
Yes
|
|
|
How often are DTP messages sent out?
|
30 seconds
|
|
|
Will two ports set to Dynamic Auto ever form a trunk?
|
No
|
|
|
1000BASE-CX
|
STP, 1 pair, 25m
|
|
|
1000BASE-LX/LH
|
Multimode fiber 62.5/1300, 1 pair, 550m
Multimode fiber 50/1300, 1 pair, 550m Single-mode fiber 9/1300, 1 pair, 10km |
|
|
1000BASE-SX
|
Multimode fiber 62.5/850, 1 pair, 275m
Multimode fiber 50/850, 1 pair, 550m |
|
|
1000BASE-T
|
CAT 5 UTP, 4 pairs, 100m
|
|
|
1000BASE-ZX
|
Single-mode fiber 9/1550, 1 pair, 70km
Single-mode fiber 8/1550, 1 pair, 100km |
|
|
100BASE-FX
|
Multimode fiber 62.5/125, 1 pair, 400m-2000m
Single-mode fiber, 1 pair, 10km |
|
|
100BASE-T2
|
CAT 3,4,5 UTP, 2 pairs, 100m
|
|
|
100BASE-T4
|
CAT 3,4,5 UTP, 4 pairs, 100m
|
|
|
100BASE-TX
|
CAT 5 UTP, 2 pairs, 100m
|
|
|
10BASE-T
|
Ethernet UTP, 100m
|
|
|
10GBASE-CX4
|
Copper: CX4 w/ Infiniband connectors, 15m
|
|
|
10GBASE-ER/EW
|
Single-mode fiber 9 micron, 40km
|
|
|
10GBASE-LR/LW
|
Single-mode fiber 9 micron, 10km
|
|
|
10GBASE-LX4/LW4
|
Multimode 50 micron, 300m
Multimode 62.5 micron, 300m Single-mode 9 micron, 10km |
|
|
10GBASE-SR/SW
|
Multimode fiber 50 micron, 66m-300m
Multimode fiber 62.5 micron, 33m |
|
|
How is ethernet speed auto negotiated?
|
An electrical signal used and the highest speed common to the link is selected.
|
|
|
How is ethernet duplex auto negotiated?
|
Exchange of info is needed.
The link set to auto requires response (other end needs to be auto) or it will default to half-duplex. |
|
|
What is a Duplex mismatch?
|
One end uses full, the other half; Collisions will occur
|
|
|
What duplex mode does Gigabit and 10 Gigabit use?
|
Full duplex only
|
|
|
What is the GLBP Hello MAC address?
|
0007.B4xx.xxyy
|
|
|
What is the GLBP multicast address?
|
224.0.0.102
|
|
|
What is an Active virtual forwarder?
|
A router in a GLBP group that has been assigned an virtual MAC that forwards traffic received on its virtual MAC address.
|
|
|
What is an Active virtual gateway?
|
The router in a GLBP group that has the highest priority value and answers all ARP requests for the virtual router address.
|
|
|
What uses AVFs?
|
GLBP
|
|
|
What uses AVGs?
|
GLBP
|
|
|
What does GLBP provide that HSRP/VRRP doesn't?
|
Load-balancing
|
|
|
How many GLBP AVFs can answer for one virtual IP?
|
4
|
|
|
What is the GBLP Priority range and default?
|
1 - 255
100 is the default |
|
|
Is a higher or lower GLBP priority preferred?
|
Higher
|
|
|
What is the GLBP priority tie-breaker?
|
Highest IP address
|
|
|
Is GLBP Cisco-proprietary or an open standard?
|
Cisco-proprietary
|
|
|
What is the GLBP Group number range?
|
0 - 1023
|
|
|
What are the GLBP load balancing methods?
|
Round Robin, Weighted, & Host Dependent
|
|
|
What is the default GLBP load balancing method?
|
Round Robin
|
|
|
What is the GLBP virtual MAC address?
|
0007.b4xx.xxyy
xx.xx = GLBP group number yy = 8 bit AVF number |
|
|
What does the GLBP Redirect timer do?
|
Determines when the AVG will stop using the old virtual MAC in ARP replies.
|
|
|
What is the default GLBP Redirect timer and range?
|
600 seconds (10 minutes)
Range = 0 to 3,600 seconds (1 hour) |
|
|
What is the default GLBP Timeout timer and range?
|
17,400 seconds (4 hours)
Range = 700 to 64,800 seconds (18 hours) |
|
|
What is the GLBP Timeout timer?
|
When expired, the old MAC and the AVF using it are flushed from all GLBP peers.
|
|
|
What is the default GLBP Hello timer?
|
3 seconds
|
|
|
What is the default GLBP Holddown timer?
|
10 seconds
|
|
|
What is the GLBP weight value range?
|
1-254
|
|
|
What is the GLBP Hello message protocol and port?
|
UDP 3222
|
|
|
Describe GLBP weighting.
|
A maximum weight is set for an AVF. When a tracked interface goes down, the weight is decreased by a configured amount. When the weight drops below a threshold, the AVF must give up its role.
|
|
|
What is the root GLBP command?
|
glbp group
|
|
|
What is the HSRP Hello MAC address?
|
0000.0C07.ACxx
|
|
|
What is the HSRP multicast address?
|
224.0.0.2
|
|
|
Is HSRP Cisco-proprietary or an open standard?
|
Cisco-proprietary
|
|
|
HSRP Gateway Addressing
|
0000.0C07.ACxx
“xx” = HSRP Group number |
|
|
What is the HSRP Group number range?
|
0 - 255
|
|
|
How many unique groups can typically be assigned per switch?
|
16 UNIQUE groups (more than 16 total groups are allowed if each group is the same per VLAN)
|
|
|
How are HSRP routers elected?
|
Priority value
highest = preferred |
|
|
What is the HSRP Hello message protocol and port?
|
UDP 1985
|
|
|
What are the six HSRP Interface States?
|
1. Disabled
2. Init - HSRP is not running 3. Listen - Router does NOT know the virtual IP and is waiting to hear from Active 4. Speak - Router sends HSRP Hellos and participates in the election 5. Standby - Router monitors Hellos from Active 6. Active - Router forwards packets on behalf of virtual router" |
|
|
Describe HSRP Interface Tracking.
|
Tracks an interface and will change the router’s HSRP Priority by a set value (leading to a new election).
|
|
|
What is HSRP Preemption?
|
It can be configured so a router takes over if the Active Router has a lower priority.
|
|
|
Does HSRP preempt by default?
|
No
|
|
|
What is the HSRP Priority range and default?
|
0 to 255 (Default is 100)
|
|
|
What is the HSRP priority tie-breaker?
|
Highest IP address
|
|
|
What are the three HSRP Router States?
|
Active, Standby, & Listen
|
|
|
What is the HSRP Active State?
|
The primary HSRP router that currently forwards packets for the virtual router and has the highest Priority.
|
|
|
What is the HSRP Standby State?
|
The secondary HSRP router; has the second-highest Priority
|
|
|
What is the HSRP Listen State?
|
Non Active or Standby routers
|
|
|
What is the default HSRP Hello Timer?
|
3 seconds
|
|
|
What is the default HSRP Holddown Timer?
|
10 seconds
|
|
|
What is the root HSRP command?
|
standby group
|
|
|
What are the two HSRP authentication methods?
|
Plain-text & MD5
|
|
|
How can you load balance with HSRP?
|
Create multiple groups on a subnet. One group is active for a portion of the network and standby for the other. The other group is standby for a portion and active for the other.
|
|
|
IEEE 802.11
|
Wireless LANs
|
|
|
IEEE 802.11a
|
Wireless - Throughput: 54 Mpbs, Frequency: 5 GHz
|
|
|
IEEE 802.11b
|
Wireless - Throughput: 11 Mpbs, Frequency: 2.4 GHz
|
|
|
IEEE 802.11g
|
Wireless - Throughput: 54 Mpbs, Frequency: 2.4 GHz
|
|
|
IEEE 802.11n
|
Wireless - Throughput: 300 Mpbs, Frequency: 2.4/5 GHz
|
|
|
IEEE 802.1d
|
Spanning Tree Protocol
|
|
|
IEEE 802.1p
|
CoS: Specification for giving Layer 2 switches the ability to prioritize traffic
|
|
|
IEEE 802.1q
|
VLAN architecture
|
|
|
IEEE 802.1s
|
MSTP
|
|
|
IEEE 802.1w
|
RSTP
|
|
|
IEEE 802.1x
|
Layer 2 protocol used to authenticate a device on a port
|
|
|
IEEE 802.3
|
Ethernet standard
|
|
|
IEEE 802.3ad
|
LACP
|
|
|
IEEE 802.3ae
|
10-Gigabit Ethernet
|
|
|
IEEE 802.3af
|
Power over Ethernet
|
|
|
IEEE 802.3u
|
Fast Ethernet
|
|
|
IEEE 802.3z
|
Gigabit Ethernet
|
|
|
What is IP SLA used for?
|
Enables a device to simulate specific types of traffic and send it to a receiver.
|
|
|
What traffic types can IP SLA simulate?
|
HTTP, FTP, DHCP, UDP jitter, UDP echo, HTTP, TCP connect, ICMP echo, ICMP path echo, ICMP path jitter, & DNS
|
|
|
Can IP SLA be used for HSRP tracking?
|
Yes
|
|
|
What is Multiple Spanning Tree (MST)?
|
STP type that can map one or more VLANs to a STP instance.
|
|
|
Does MST interoperate with 802.1q and PVST+?
|
Yes
|
|
|
What is a MST Instance (MSTI)?
|
A number of VLANs are mapped to an instance MST.
|
|
|
What is an MST region?
|
A groups of switches that have the same MST parameters.
|
|
|
What parameters define an MST Region?
|
"Configuration name, MST revision number, & MST instance-to-VLAN mapping table"
|
|
|
How many MSTIs are supported in a single MST Region?
|
16 (0 - 15)
|
|
|
What is MST Instance 0 reserved for?
|
The IST.
|
|
|
What MST Instance is allowed to send and receive BPDUs?
|
Instance 0
|
|
|
What is an Internal Spanning Tree (IST) instance?
|
It works out the loop-free topology inside each MST region.
|
|
|
How to you enable MST on a switch?
|
The "spanning-tree mode mst" command.
|
|
|
How do you enter the MST configuration mode?
|
The "spanning-tree mst configuration" command.
|
|
|
What is a CAM Table?
|
Content-Addressable Memory Table: A Layer 2 table that maps MAC addresses to ports.
|
|
|
What three items are in the CAM table?
|
Arriving switch port, source MAC address, & VLAN
|
|
|
What is the CAM tables default aging timer?
|
300 seconds (5 minutes)
|
|
|
What is the Layer 2 forwarding table called?
|
CAM Table
|
|
|
What happens in the CAM table when a MAC is seen on a new port?
|
Original entry is deleted and a new entry is created.
|
|
|
What is the TCAM?
|
Ternary Content-Addressable Memory table. It is a switching table used to evaluate packet forwarding decisions based on policies or ACLs.
|
|
|
What are the three parts to the TCAM Structure?
|
Value, Mask, & Result (VMR)
|
|
|
What is the length of the TCAM Value field?
|
134 bits
|
|
|
What is the length of the TCAM Mask field?
|
134 bits
|
|
|
List some examples of the TCAM Results field.
|
Permit, Deny, QoS Policy Index, Next-hop
|
|
|
What does the TCAM use to store entries with ports?
|
LOU (Logical Operation Unit)
|
|
|
Are the TCAM tables accessed simultanously?
|
Yes
|
|
|
True or False: There is a single TCAM table per switch.
|
FALSE (multiple TCAMs exists)
|
|
|
What two components are part of TCAM operation?
|
Feature Manager (FM) and Switching Database Manager (SDM)
|
|
|
What does the TCAM Feature Manager (FM) do?
|
Complies, or merges, ACEs into entries in the TCAM
|
|
|
What does the TCAM Switching Databse Manager (SDM) do?
|
Configures and tunes the TCAM partitions if needed. Not availible on all switches.
|
|
|
Where are security ACLs stored?
|
TCAM
|
|
|
Where are QoS ACLs stored?
|
TCAM
|
|
|
What three things are accessed simultanously to make switching decisions?
|
CAM Table, Security ACLs, & QoS ACLs
|
|
|
What are the two types of Multilayer Switching?
|
Route caching & Topology-based
|
|
|
What MLS type is considered legacy?
|
Route caching
|
|
|
What type of MLS requires an RP and a SE (switch engine)?
|
Route caching
|
|
|
What is NetFlow Switching?
|
Another name for route caching MLS
|
|
|
What MLS type is Cisco Express Forwarding (CEF)?
|
Topology-based
|
|
|
What does CEF download into the FIB?
|
The current routing table database.
|
|
|
What is the FIB?
|
Forwarding Information Base: Dynamically updated from the routing table and reformatted into an ordered list with the most specific routes first
|
|
|
What are the four main parts of the FIB?
|
IP Address
Next-Hop Address Next-Hop MAC Address Egress Port |
|
|
What is the Layer 3 forwarding table called?
|
FIB Table
|
|
|
What is the root command for the CAM table?
|
mac address-table
|
|
|
Does CEF run by default on most switches?
|
Yes
|
|
|
What are the two main parts of CEF?
|
FIB (Forwarding Information Base) & AT (Adjacency Table)
|
|
|
True or False: The FIB and Layer 3 Engine are the same thing.
|
FALSE
|
|
|
What happens to packets that can not be handled by the FIB?
|
They are sent to the Layer 3 engine for processing, know as "CEF Punt".
|
|
|
List some examples of CEF punting.
|
FIB is full, entry not found in the FIB, MTU exceeded, ICMP redirect, encapsulation not supported, NAT, tunneling
|
|
|
What is Accelerate CEF (aCEF)?
|
CEF is distributed across multiple Layer 3 forwarding engines. FIB is partial, not full on all devices.
|
|
|
What is Distributed CEF (dCEF)?
|
CEF is distributed completely among multiple engines for imporved performance.
|
|
|
What is the Adjacency Table (AT)?
|
Portion of the FIB that consists of MAC addressess of nodes that can be reached in a single Layer 2 hop.
|
|
|
What is kept in the Adjancency Table?
|
IP Address & MAC Address of hosts on the same network.
|
|
|
What is used to build the Adjancency Table?
|
ARP table
|
|
|
What is the CEF Glean State?
|
A FIB entry is in the Glean State when the MAC is missing. While in this state (waiting for the Layer 3 Engine to handle the ARP) packets are dropped until ARP is replied to.
|
|
|
What are some possible adjacency types found in the AT?
|
Null (sent to null interface)
Drop (unsupported/bad packet) Discard (ACL) Punt (send to Layer 3 engine) |
|
|
What is the root command for the FIB and CEF?
|
ip cef
|
|
|
List some packets that can not be handled by CEF.
|
ARPs, IP-Helper, Routing protocol updates, CDP, IPX, Encryption, NAT
|
|
|
What are the four basic MLS order of operations?
|
1. Packet arrives on port
2. Packet place in ingress queue 3. Simultaneous table look-ups 4. Packet placed in egress queue then sent |
|
|
What four tables are accessed to make MLS decisions?
|
CAM table
FIB table Security ACLs (TCAM) QoS ACLs (QoS TCAM) |
|
|
What must a MLS rewrite for a packet?
|
1. Layer 2 destination address: change to next-hop MAC
2. Layer 2 source address: changed to outbound 3. Layer 3 switch MAC 4. Layer 3 IP TTL: decremented by one 5. Layer 3 IP Checksum: Recalculated 6. Layer 2 Frame Checksum: Recalculated |
|
|
What is Store-and-forward switching?
|
A switching technology where packets are received, stored for inspection, and then forwarded.
|
|
|
What is unknown unicast flooding?
|
When a switch does not have a MAC in its CAM table, the frame is forwarded out all ports assigned to the source VLAN.
|
|
|
What are the four DHCP packets?
|
1. DHCP Discover: Client broadcast to find DHCP server
2. DHCP Offer: Server broadcast in reply to Discover; includes address 3. DHCP Request: Client broadcast to requests use of offered address 4. DHCP ACK: Server broadcast to confirm use of address |
|
|
What is DHCP relay?
|
A switch can relay DHCP messages to central server or servers
|
|
|
What command configures DHCP realy?
|
ip helper-address
|
|
|
What are the steps to configure a DHCP server?
|
1. Set an excluded address range
2. Create an IP pool 3. Set the network 4. Set the default router 5. Set the Lease time |
|
|
What is a Private VLAN?
|
A Primary VLAN is associated with a Secondary VLAN to provide Layer 2 isolation: Good for isolating Layer 2 traffic while conserving VLAN IDs and IP addresses.
|
|
|
What is a Primary VLAN ?
|
A "normal" or Primary VLAN can be associated with a Secondary VLAN.
|
|
|
What is a Secondary VLAN?
|
Can communicate with ports on a Primary VLAN
|
|
|
What is an Isolated VLAN?
|
Devices can reach the Primary VLAN but NOT other secondary VLANs. Hosts in the same Secondary VLAN can NOT reach each other. Isolated from everything BUT the primary VLAN.
|
|
|
Can devices in an Isolated Secondary VLAN reach the Primary VLAN?
|
Yes
|
|
|
Can devices in an Isolated Secondary VLAN reach devices in other Secondary VLANs?
|
No
|
|
|
Can devices in an Isolated Secondary VLAN reach other devices in the same Isolated VLAN?
|
No
|
|
|
True or False? Devices in an isolated VLAN are isolated from everything except the Primary VLAN?
|
TRUE
|
|
|
What is a Community VLAN?
|
Allows devices to reach the Primary VLAN AND devices in the same Secondary VLAN. Can NOT reach devices in other Secondary VLAN devices.
|
|
|
Give a real life example of a Community VLAN.
|
Server farm OR organization workgroup
|
|
|
What are the type types or Secondary VLANs?
|
Isolated & Community
|
|
|
What are the two Private VLAN port types?
|
Promiscuous & Host
|
|
|
What is a Private VLAN Promiscuous port?
|
A port that can communicate with devices on the Primary or Secondary VLANs.
|
|
|
Give an example of what may connect to a Promiscuous port.
|
Routers, firewalls, or other common gateway devices.
|
|
|
What is a Private VLAN Host port?
|
Devices can only communicate with a promiscuous port or ports on the same community VLAN
|
|
|
Where can a device connected to a Host port communicate?
|
A promiscuous port or ports on the same community VLAN.
|
|
|
Does VTP pass any information about Private VLANs?
|
No
|
|
|
Should you create the Primary VLAN or Secondary VLANs first?
|
Secondary
|
|
|
What is the order for setting up Private VLANs?
|
1. Create the Secondary VLANs
2. Create the Primary VLAN 3. Associate the Primary VLAN with the Secondary VLANs 4. Define the individual ports mode (host or promiscuous) 5. Associate the individual ports with their respective VLANs |
|
|
Do you need to manually set the VLANs for each port for Private VLANs?
|
No, it is automatically done when associated with a Primary and Secondary VLANs.
|
|
|
Can a Promiscuous mode port be associated with multiple Secondary VLANs?
|
Yes
|
|
|
Can a SVI be associated with Secondary VLANs?
|
Yes, by mapping them.
|
|
|
What is the Private VLAN root command?
|
private-vlan
|
|
|
What are the IEEE 802.3af Power classes?
|
Class 0 - 15.4W
Class 1 - 4.0W Class 2 - 7.0W Class 3 - 15.4W Class 4 - Up to 50W |
|
|
What is the default PoE power class?
|
Class 0 (15.4W)
|
|
|
What is Power over Ethernet (PoE)?
|
Power is provided over the UTP cabling.
|
|
|
What are the two PoE methods?
|
Cisco ILP & 802.3af
|
|
|
What is the Cisco PoE detection method?
|
A 340 KHz test tone used to detect device.
|
|
|
What is the 802.3af PoE detection method?
|
A small voltage supplied on the line, resistance is detected.
|
|
|
What is the PoE root command?
|
power inline
|
|
|
What is Assured Forwarding and when should it be used?
|
DSCP Class Selectors 1-4 and should be used for important traffic such as video.
|
|
|
What is Auto-QoS?
|
A command used to simplify QoS configuration on switch ports.
|
|
|
What QoS configuration does the Auto-QoS command do?
|
Enables QoS, CoS-to-DSCP marking, Ingress and Egress queue tuning, Priority queue tuning, & Trust boundary creation.
|
|
|
What switches is the Auto-QoS command best for?
|
Access layer switches.
|
|
|
What are the three Auto-QoS trust options?
|
cisco-phone
cisco-softphone trust |
|
|
What are the three basic QoS types?
|
Best-effort delivery, Integrated services model, & Differentiated services model
|
|
|
What is best effort delivery?
|
Not real QoS; first in first out
|
|
|
What is the differentiated services QoS model (DiffServ)?
|
QoS is handled dynamically on a per-hop basis (each router follows its own policies)
|
|
|
What is Class of Service (CoS)?
|
Layer 2 QoS over trunk links.
|
|
|
Where is the CoS marking?
|
A 3-bit 802.1p field in 802.1Q header
|
|
|
Do frames in the Native VLAN have CoS?
|
No, because they are not tagged.
|
|
|
What is Type of Service (ToS)?
|
Layer 3 QoS in the IP header.
|
|
|
Where is the ToS marking?
|
1 byte in the IP header.
|
|
|
What is the ToS byte divided into for QoS?
|
3 bit IP Precedence & 4 bit ToS
|
|
|
What is the Differentiated Services (DS) field?
|
It uses the existing ToS byte but with a different format.
|
|
|
How long is the DSCP field?
|
6 bits
|
|
|
In the DSCP byte, what are the first 3 bits known as?
|
Class Selector
|
|
|
In the DSCP byte what are bits 3-5 known as?
|
Drop Precedence
|
|
|
What is the Differentiated Services Code Point (DSCP)?
|
Layer 3 QoS method that is the 6 bits in IP Header (first 3 ToS plus next 3)
|
|
|
What is DSCP Class 0 known as?
|
Default class; best-effort forwarding
|
|
|
What are DSCP Classes 1 - 4 known as?
|
Assured Forwarding
|
|
|
What are DSCP Classes 6 - 7 known as?
|
Internetwork Control & Network Control
|
|
|
What are is DSCP Drop Precedence levels?
|
Low (1): Low drop potential (most important)
Medium (2) High (3): High drop potential (lest important) |
|
|
How are the DSCP values commonly displayed?
|
Either the Codepoint Name or the Decimal value.
|
|
|
Name the DSCP and decimal values with a Low drop precedence.
|
AF11 = 10
AF21 = 18 AF31 = 26 AF41 = 34 |
|
|
What is the DSCP and decimal value for EF?
|
EF = 46
|
|
|
What is DSCP EF?
|
Expedited Forwarding (Class 5)
|
|
|
What traffic type should Expedited Forwarding be used for?
|
Voice
|
|
|
What is used to calculate Layer 2 QoS?
|
802.1p CoS
|
|
|
What is used to calculate Layer 3 QoS?
|
DSCP
IP Precedence ToS DSCP |
|
|
What is Quality of service (QoS)?
|
A method used to prioritize time-critical or important traffic
|
|
|
What is a Trust boundary?
|
Perimeter formed by switches that do not trust incoming QoS
|
|
|
Are Cisco phones trusted?
|
Yes
|
|
|
Should end-user hosts be trusted?
|
No
|
|
|
What is DSCP Class 5 known as?
|
Expedited Forwarding
|
|
|
What are the three redundancy modes?
|
RPR
RPR+ SSO |
|
|
What is Route Processor Redundancy (RPR)?
|
Redundant supervisor is only partially booted and initialized.
|
|
|
What happens with RPR upon failure?
|
Every module must reload and all supervisor functions initialized
|
|
|
What is Route Processor Redundancy Plus (RPR+)?
|
Redundant supervisor is booted and initialized. (No L2/L3)
|
|
|
What happens with RPR+ upon failure?
|
Standby initializes, no modules reloaded
|
|
|
What is Stateful Switchover?
|
Redundant supervisor is fully booted and initialized. Standby is synched. (>1 sec)
|
|
|
What is the failover time for RPR?
|
> 2 minutes
|
|
|
What is the failover time for RPR+?
|
> 30 seconds
|
|
|
What is the failover time for SSO?
|
> 1 second
|
|
|
What is single-router mode (SRM)?
|
Two route processors are being used but only ONE is active.
|
|
|
What is dual-router mode (DRM)?
|
Two route processors are being used and BOTH are active.
|
|
|
What is Nonstop Forwarding (NSF)?
|
Configured on protocols to allow the RIB to rebuild quickly.
|
|
|
What protocols support NSF?
|
BGP
EIGRP OSPF IS-IS |
|
|
What redundancy mode is NSF used with?
|
SSO
|
|
|
How do you configure a switch to use RSTP+?
|
The "spanning-tree mode rapid-pvst" command.
|
|
|
What are the four RSTP Port Roles?
|
Root
Designated Alternate Backup |
|
|
Describe the RSTP root port.
|
One port on a switch that is closest (lowest root path cost) to the root.
|
|
|
Describe the RSTP designated port.
|
Port on a LAN segment that has the best root path cost.
|
|
|
Describe the RSTP alternate port.
|
A port with an alternate path to the root.
|
|
|
Describe the RSTP backup port.
|
A port that provides a redundant connection to a segment where another switch port already connects.
|
|
|
What are the three RSTP Port States?
|
Discarding
Learning Forwarding |
|
|
Describe the RSTP Discarding state?
|
Incoming frames are dropped; no MACs learned
|
|
|
Describe the RSTP Learning state?
|
Drops incoming frames; MACs learned
|
|
|
Describe the RSTP Forwarding state?
|
Incoming frames forwarded; MACs learned
|
|
|
How do RSTP switch handle BPDUs from 802.1D?
|
Switch port will operate using the BPDU it received (protocols can coexist) and will revert to 802.1D rules for that port.
|
|
|
RSTP Port Types
|
Edge Port
Root Port Point-to-point Port |
|
|
RSTP Edge port
|
A port that connects to a single host and cannot form a loop.
|
|
|
RSTP Root port
|
Has the best cost to the root.
|
|
|
RSTP Point-to-point port
|
A port connected to another switch and becomes a designated port.
|
|
|
What will cause an RSTP Edge port to lose its status?
|
Recieves a BPDU
|
|
|
What determines if a port will be point-to-point?
|
Duplex of the link: Full duplex is point-to-point.
|
|
|
How does RSTP convergence differ from 802.1D?
|
Switches use BPDUs to negotiate, not timers.
|
|
|
What event will cause an RSTP topology change?
|
A non-edge port tranistioning to the Forwarding state.
|
|
|
How do you configure a port as an Edge port?
|
With the "spanning-tree portfast" command.
|
|
|
Describe RSTP synchronization.
|
RSTP convergence is achieved when all switches decide on the state of their ports.
A “wave effect” in the network of BPDU handshakes as switches become synchronized. |
|
|
What BPDU version does RSTP use?
|
2
|
|
|
What is Port Security's purpose?
|
To control port access based on MAC address.
|
|
|
What is the range of MACs allowed on a port?
|
1 - 1024
|
|
|
What are the three Port Security violation actions?
|
Shutdown
Restrict Protect |
|
|
What is the port security Shutdown action?
|
Port put into Errdisable state until recovered
|
|
|
What is the port security Restrict action?
|
Port stays up; violating MAC’s packets dropped; action is logged
|
|
|
What is the port security Protect action?
|
Port stays up; violating MAC’s packets dropped; NO action is logged
|
|
|
What is the root Port Security command?
|
switchport port-security
|
|
|
What are sticky MAC addresses?
|
MACs learned on an interface with port security enabled; MACs are expected to remain on that interface
|
|
|
What does 802.1x do?
|
Forces a device to authenticate to use the port.
|
|
|
What layer 2 protocol is used by a client on an 802.1x port?
|
EAPOL
|
|
|
How do you enable authentication on a switch?
|
aaa new-model
|
|
|
What are the three 802.1x states?
|
force-authorized
force-unauthorized auto |
|
|
What is 802.1x force-authorized?
|
Port always authorizes any device (no auth needed).
|
|
|
What is 802.1x force-unauthorized?
|
Port never authorizes any device.
|
|
|
What is 802.1x auto?
|
Port uses 802.1x to authorize.
|
|
|
What is the default 802.1x state?
|
force-authorized
|
|
|
What is DHCP snooping?
|
Used to find illegal DHCP servers operating on untrusted ports.
|
|
|
How should DHCP snooping be configured for a port with a DHCP server?
|
Trusted
|
|
|
How should DHCP snooping be configured for ports without a DHCP server?
|
Untrusted
|
|
|
What happens to an Untrusted port when a DHCP reply is found?
|
Put into the "errdisable" state
|
|
|
What is the range for DHCP requests on an untrusted port?
|
1 - 2048
|
|
|
What is the DHCP Snooping root command?
|
ip dhcp snooping
|
|
|
What is IP Source Guard used for?
|
Used to detect and suppress IP address spoofing attacks.
|
|
|
What must be configured for IP Source Guard to work?
|
DHCP Snooping
|
|
|
What does Dynamic ARP Inspection (DAI) do?
|
Dynamic ARP Inspection is used to mitigate ARP poisinging/spoofing attacks.
|
|
|
What is ARP poisoning (ARP spoofing)?
|
It is when an attacker responds to ARP Requests with a spoofed ARP Reply.
|
|
|
What must be configured for DAI to work?
|
DHCP Snooping
|
|
|
Is DAI configured per VLAN?
|
Yes
|
|
|
Are DAI ports trusted or untrusted by default?
|
Untrusted
|
|
|
What ports should be configured as DAI trusted?
|
Ports connected to other switches.
|
|
|
What two methods can be used for DAI to learn MACs and IPs on a port?
|
Dynamic (from DHCP snooping)
Static |
|
|
What is used to filter ARPs on ports with devices that have staic IPs?
|
ARP access lists
|
|
|
What happens when DAI gets an invalid ARP Reply?
|
It is dropped and a log message is generated.
|
|
|
What is the DAI root command?
|
ip arp inspection
|
|
|
What keyword is added to the end of an inspection filter to prevent it from looking at the DHCP Snooping database?
|
static
|
|
|
What three options can be validated with DAI?
|
Source MAC
Destination MAC IP Address |
|
|
What does DAI validation compare?
|
It compares the specified ARP with the header data (ARP/IP) to make sure it is valid.
|
|
|
What is the Errdisable state?
|
State a port is put into when an error condition is detected
|
|
|
What two methods are used for Errdisable recovery?
|
1. Shutdown/No shutdown
2. Automatically: errdisable recovery cause [all | cause-name] (will recover in 300 seconds by default) |
|
|
What is switch spoofing?
|
A host using DTP to act as a switch to create a trunk port.
|
|
|
What is a VACL and what does it do?
|
VLAN Access List: Filters traffic within a VLAN (no inbound/outbound)
|
|
|
Are VACLs entries processed in order or at the same time?
|
In order (by sequence number)
|
|
|
What are the three matching conditions for a VACL?
|
IP address
IPX address MAC address |
|
|
What are the three actions for a VACL?
|
Drop
Forward Redirect |
|
|
Are VACLs applied to a VLAN or SVI?
|
VLAN
|
|
|
What is VLAN hopping?
|
Devices can send crafted frames with spoofed 802.1Q tags to allow packets to appear on different VLANs
|
|
|
What three things are needed to allow VLAN hopping?
|
1. Attacker is connected to an access switch port
2. The switch must have an 802.1Q trunk 3. Trunk must have the attacker’s VLAN as its native VLAN |
|
|
What is SNMPv3 without authentication or encryption?
|
noAuthNoPriv
|
|
|
What is SNMPv3 with authentication but no encryption?
|
authNoPriv
|
|
|
What is SNMPv3 with both authentication and encryption?
|
authPriv
|
|
|
What is the Spanning Tree Protocol (STP)?
|
A protocol designed to prevent network loops by making switches aware of each other.
|
|
|
What is the STP BPDU MAC address?
|
0180.C200.0000
|
|
|
What are the STP Port Roles?
|
Root Port
Designated Port Blocking Port Alternate Port Forwarding Port |
|
|
Describe the STP Disabled state.
|
Shutdown or administratively down; not part of STP process
|
|
|
Describe the STP Blocking state.
|
No Rx/Tx of data, no MAC learning, & no Tx of BPDUs. Only Rx of BPDUs is allowed.
|
|
|
Describe the STP Forwarding state.
|
Rx/Tx of data, MACs are learned & Tx/Rx of BPDUs is allowed.
|
|
|
Describe the STP Learning state.
|
No Rx/Tx of data, MACs are learned & Tx/Rx of BPDUs is allowed.
|
|
|
Describe the STP Listening state.
|
No Rx/Tx of data, no MAC learning, & Tx/Rx of BPDUs is allowed.
|
|
|
What are the STP states?
|
Disabled
Blocking Listening Learning Forwarding |
|
|
What is a superior BPDU?
|
A BPDU with a better (lower) Bridge ID
|
|
|
What is the Root bridge?
|
A common reference point for STP computation.
|
|
|
Root Bridge Placement
|
Center of the Layer 2 network in the distribution layer.
|
|
|
Does the STP root bridge have the highest or lowest Priority?
|
Lowest
|
|
|
What is the default STP bridge priority?
|
32,768 or 0x8000
|
|
|
If two switches bridge priority is equal what is used as the tie-breaker?
|
MAC address
|
|
|
What is a Root port?
|
One port on a switch that is closest (has the lowest root path cost) to the Root Bridge.
|
|
|
What is a Designated port?
|
The port on a common network segment that has the lowest root path cost to the root bridge.
|
|
|
How many designated ports are there per segment?
|
1
|
|
|
How many root ports per switch?
|
1
|
|
|
What is the Root path cost?
|
The cumulative cost of all the links leading to the root bridge
|
|
|
How do you calculate the root path cost?
|
Add the cost of the link the BPDU was received to the value in the BPDU.
|
|
|
What is the range that a port's path cost can be set to?
|
1 - 65,535
|
|
|
Does changing a port's path cost effect the entire port or per VLAN?
|
Either, depending if the "vlan" parameter is used.
|
|
|
What two values make a Bridge ID?
|
Bridge Priority & MAC Address
|
|
|
What is a Bridge ID used for?
|
It identifies a bridge on the network.
|
|
|
What is the multiple that an extend Bridge Priority can be?
|
4096 (starting at 0)
|
|
|
How is the bridge priority calculated when using the extended system id?
|
Multiples of 4096 plus the VLAN number.
|
|
|
When using the STP root macro, what bridge priority is the switch given when using the "primary" keyword?
|
If the current root priority is more than 24,576 then it sets to 24,576
If the current root priority is less than 24,576 then it sets to 4096 less than the current value. |
|
|
"When using the STP root macro, what bridge priority is the switch given when using the "secondary" keyword?
|
28,672
|
|
|
What values make up a Port ID?
|
Port Priority (8 bits) & Port Number (8 bits)
|
|
|
What is the default Port Priority and the available range?
|
Default is 128
Range is 0 - 255 |
|
|
Can the port priority be changed?
|
Yes
|
|
|
Can the port number be changed?
|
No, it is fixed.
|
|
|
Is a lower or higher priority preferred?
|
Lower
|
|
|
Is the port priority changed per port or VLAN?
|
VLAN
|
|
|
What is a BPDU?
|
Bridge Protocol Data Unit: STP messages are sent as BPDUs
|
|
|
What are the two types of BPUDs?
|
Configuration BPDU & TCN BPDU
|
|
|
What is a Configuration BPDU?
|
Used for STP computation.
|
|
|
What is included in a Configuration BPDU?
|
Root Bridge ID
Root Path Cost Sender Bridge ID Timer Values |
|
|
What is a TCN BPDU?
|
Used to announce changes in the network topology.
|
|
|
When a port on a switch goes up or down, what type of message is sent and where is it sent to?
|
TCN BPDU to its upstream router
|
|
|
What happens when a root bridge receives a TCN BPUD?
|
It sends a Configuration BPDU with the Topology Change (TC) flag set.
|
|
|
What does a switch do when it receives a Configuration BPDU with the TC flag set?
|
It shortens its bridge againg timer to the Forward Delay value (default = 15 seconds).
|
|
|
What is the default BPDU Hello Time?
|
2 seconds
|
|
|
What is the STP Cost of a 10 Mbps link?
|
100
|
|
|
What is the STP Cost of a 100 Mbps link?
|
19
|
|
|
What is the STP Cost of a 1 Gbps link?
|
4
|
|
|
What is the STP Cost of a 10 Bbps link?
|
2
|
|
|
What are the four STP tie-breakers?
|
1. Lowest root bridge ID
2. Lowest root path cost to root bridge 3. Lowest sender bridge ID 4. Lowest sender port ID |
|
|
What is Common Spanning Tree (CST)?
|
IEEE 802.1q version of STP where a single instance of STP encomasses all VLANs and all BPDUs are transmitted over trunks using the native VLAN.
|
|
|
What is Per-VLAN Spanning Tree (PVST)?
|
Cisco-proprietary version of STP that has an instance of STP on each VLAN.
|
|
|
What trunking method is needed for PVST?
|
ISL
|
|
|
Is PVST compatible with CST?
|
No
|
|
|
What is Per-VLAN Spanning Tree Plus (PVST+)?
|
Cisco-proprietary version of STP that has an instance of STP on each VLAN and it interoperates with PVST and CST.
|
|
|
What is the default STP Diameter?
|
7 switches
|
|
|
What are the steps to manually calculate STP?
|
1. Identify the cost on links
2. Identify the root bridge 3. Select the root ports 4. Select the designated ports 5. Identify the blocking ports" |
|
|
What is the STP Forward Delay timer?
|
Interval a switch ports spends in Listening and Learning states.
|
|
|
What is the default STP Forward Delay timer?
|
15 seconds
|
|
|
What is the STP Hello timer?
|
Interval between BPDUs.
|
|
|
What is the default STP Hello timer?
|
2 seconds
|
|
|
What is the STP Max Age timer?
|
Interval a switch stores a BPDU before discarding it.
|
|
|
What is the default STP Max Age timer?
|
20 seconds
|
|
|
Where should the STP timers be configured?
|
The root brigde.
|
|
|
What three STP methods can be used to improve convergence?
|
PortFast
UplinkFast BackboneFast |
|
|
Does PortFast disable STP on a port?
|
No
|
|
|
Are STP TCNs sent for ports with PortFast enabled?
|
No
|
|
|
Where should PortFast be enabled?
|
On Access-Layer nodes with ports connected to end user devices.
|
|
|
Where do you configure PortFast?
|
Ports with end user devices conneceted.
|
|
|
Is PortFast configured globally or per-port?
|
Both
|
|
|
What is UplinkFast?
|
Enables fast-uplink on an access-layer switch when dual uplinks are connected to the distribution switch.
|
|
|
Where do you configure UplinkFast?
|
Access switches with dual uplink ports (NEVER on a Root switch)
|
|
|
"Is UplinkFast configured globally, per-port, or per-VLAN?"
|
Globally
|
|
|
What happens when UplinkFast is triggered?
|
Redundant uplink port is quickly brought up and MACs are flodded out.
|
|
|
What is the bridge priority set to when UplinkFast is used?
|
49,152
|
|
|
What are the port costs incremented by with UplinkFast?
|
3,000
|
|
|
What is BackboneFast?
|
An STP feature that can detect an indirect link failure and shorten STP convergence time to 30 seconds by bypassing the Max Age timeout period.
|
|
|
Where do you configure BackboneFast?
|
All switches (due to RLQ)
|
|
|
Is BackboneFast configured globally or per-port?
|
Globally
|
|
|
What happens when BackboneFast is triggered?
|
Max Age timer is bypassed, shortening convergence time
|
|
|
What is Root Link Query (RLQ)?
|
Protocol used by BackboneFast to see whether upstream switches have stable connections to the root bridge
|
|
|
What is Root Guard?
|
Prevents a port from becoming the root port even if superior BPDUs are heard (basically makes the port unable to receive BPDUs but it can forward them)
|
|
|
Where do you configure Root Guard?
|
On switch ports that should never connect to a root bridge (access ports).
|
|
|
What happens when Root Guard is triggered?
|
"Port becomes ""root-inconsistent"": no data, only listens to BPDUs."
|
|
|
Does Root Guard affect a port or VLAN?
|
Port
|
|
|
What is the Root-inconsistent port state?
|
State a port will enter when configured with Root Guard and a superior BPDU is detected; NO data Tx/Rx, listen to BPDUs only
|
|
|
What does BPDU Guard do?
|
Prevents ports in PortFast mode from receiving BPDUs
|
|
|
What happens when BPDU Guard is triggered?
|
Port goes into "errdisable" state
|
|
|
Does BPDU Guard affect a port or VLAN?
|
Port
|
|
|
Where do you configure BPDU Guard?
|
Globally. On all ports that have PortFast enabled.
|
|
|
What two STP methods can be used to protect against the sudden loss of BPDUs?
|
Loop Guard & UDLD
|
|
|
What is Loop Guard?
|
Tracks BPDU activity on non-designated ports and moves it to "loop-inconsistent" when BPDUs stop being received.
|
|
|
Where do you configure Loop Guard?
|
Non-designated ports and/or ALL ports
|
|
|
What happens when Loop Guard is triggered?
|
Port becomes "root-inconsistent"
|
|
|
Does Loop Guard affect a port or VLAN?
|
Per VLAN but it is configred per port
|
|
|
What is Unidirectional Link Detection (UDLD)?
|
Monitors a port to see if it is actually operating bidirectionally.
|
|
|
What does UDLD send to the other end of the link?
|
Echos
|
|
|
Where do you configure UDLD?
|
All switch ports (fiber ports)
|
|
|
What are the two UDLD modes?
|
Normal and Aggressive
|
|
|
What happens when UDLD is triggered?
|
Normal mode: continude operation, event logged
Aggressive mode: port put into "errdisable" state |
|
|
What layer does UDLD operate at?
|
Layer 2
|
|
|
Does UDLD affect a port or VLAN?
|
Port
|
|
|
What is the default UDLD message timer?
|
15 seconds
|
|
|
What is UDLD Aggressive Mode?
|
When UDLD condition is detected, UDLD message sent out for 8 seconds, then port is placed in errdisable
|
|
|
What is UDLD Normal Mode?
|
When UDLD condition is detected, port is allowed to continue to operate; logged
|
|
|
How do you block all BPDUs on a port?
|
Enable BPDU filtering.
|
|
|
What does BPDU filtering do?
|
Prevents BPDUs from being sent or processed on a port (disables STP)
|
|
|
Is BDPU filtering enabled globally on all ports or per-port?
|
Either
|
|
|
What two values are changed by UplinkFast?
|
Bridge priority & Port Costs
|
|
|
What two STP methods can be used to protect against unexpected BPDUs?
|
Root Guard & BPDU Guard
|
|
|
What is a Native VLAN?
|
On an 802.1q trunk, frames associaed with the Native VLAN are untagged.
|
|
|
What is the default Native VLAN?
|
1
|
|
|
What are some common trunk misconfigurations?
|
Trunk mode mismatch, trunk encapsulation mismatch, native VLAN mismatch, allowed ports
|
|
|
What is the Inter-Swith Link Protocol (ISL)?
|
A Cisco-proprietary method of tagging frames over a trunk.
|
|
|
Do ISL trunks have Native VLANs?
|
No
|
|
|
How much does an ISL tag add to a frame?
|
30 bytes (26 header + 4 trailer)
|
|
|
What is a Port VLAN ID (PVID)?
|
Port VLAN ID: associates a port with a VLAN
|
|
|
What is a Switched Virtual Interface (SVI)?
|
Switched Virtual Interface: A logical Layer 3 interface that represents an entire VLAN
|
|
|
What VLANs are automatically created?
|
1 & 1,002 - 1,005
|
|
|
What is the standard VLAN range?
|
1 - 1,005
|
|
|
What is the extended VLAN range?
|
1 - 4,094
|
|
|
What is the default VLAN MTU size?
|
1500 bytes
|
|
|
What is VLAN tagging?
|
The act of a frame getting assigned a user created value (VLAN ID)
|
|
|
What does a VLAN trunk do?
|
Carry multiple VLANs on a single link.
|
|
|
What is Voice VLAN (VVLAN)?
|
A unique VLAN used to carry voice traffic
|
|
|
What are the four VVLAN modes?
|
vlan-id
dot1p untagged none |
|
|
How does VVLAN vlan-id work?
|
Voice and Data carried over separate VLANs.
|
|
|
How does VVLAN dot1p work?
|
Voice is carried on VLAN 0
|
|
|
How does VVLAN untagged work?
|
Voice is carried on the native VLAN
|
|
|
How does VVLAN none work?
|
Voice and Date is carried on an access VLAN (no trunk)
|
|
|
What is the default VVLAN mode?
|
none
|
|
|
What is the VRRP default Hello Timer?
|
1 second
|
|
|
What is the VRRP default Holdtime Timer?
|
3x Hello + skew
|
|
|
What is the VRRP Hello message multicast address?
|
224.0.0.18
|
|
|
What is the VRRP Hello message protocol number?
|
IP 112
|
|
|
Is VRRP Cisco-proprietary or an open standard?
|
Standards based
|
|
|
What is a VRRP backup router?
|
Same as HSRP “standby” router: The secondary VRRP router; has the second-highest Priority
|
|
|
What is the VRRP Master Router?
|
Same as HSRP “active” router: The primary HSRP router that currently forwards packets for the virtual router and has the highest Priority.
|
|
|
What is the VRRP virtual MAC address?
|
0000.5E00.01xx
“xx” = VRRP Group number |
|
|
What is the VRRP Group number range?
|
0 - 255
|
|
|
What is the VRRP Priority range and default?
|
1 to 254 (Default is 100)
|
|
|
How are VRRP routers elected?
|
Priority value
highest = preferred |
|
|
Can VRRP track interfaces?
|
No
|
|
|
Does VRRP preempt by default?
|
Yes
|
|
|
What is the default VRRP Hello Timer?
|
1 second
|
|
|
What is the VRRP default Holddown timer?
|
Master Down Interval - 3 x Advertisement + Skew
|
|
|
How can you load balance with VRRP?
|
Create multiple groups on a subnet. One group is active for a portion of the network and standby for the other. The other group is standby for a portion and active for the other.
|
|
|
What is the root VRRP command?
|
vrrp group
|
|
|
What does the Virtual Trunking Protocol (VTP) do?
|
It is used to manage the addition, deletion, and renaming of VLANs on a network.
|
|
|
What is a VTP Advertisement Request?
|
Sent from clients requesting any VLAN info it lacks
|
|
|
What are the three VTP modes?
|
Server
Client Transparent |
|
|
What is the default VTP mode?
|
Server
|
|
|
Describe the VTP Server mode.
|
Switch has full control over VLAN creation and modification for their VTP domain and changes are synced with other switches.
|
|
|
Describe the VTP Transparent Mode.
|
Switch does not participate in VTP and will forward VTP packets depending on the version (v1 will not, v2 will) and all VLAN changes are local to the switch.
|
|
|
Describe the VTP Client Mode.
|
Switch cannot change, create, or delete VLANs but recieves the updates from the server in the domain.
|
|
|
What is a VTP configuration revision number?
|
Used by VTP to keep track of changes and advertisements with a higher revision number will overwrite older ones.
|
|
|
What is the lowest VTP revision number?
|
0
|
|
|
What is a VTP domain?
|
A Management Domain for VTP where devices share common VLAN requirements.
|
|
|
Do VTP versions need to match within a VTP domain?
|
Yes
|
|
|
How many VTP domains can a switch belong to?
|
1
|
|
|
What VLAN range can VTP v1 and VTP v2 use?
|
1 - 1,005
|
|
|
What is VTP pruning?
|
VTP pruning removes VLANs on a trunk that are not active on the other switch.
|
|
|
What are the two VTP advertisments?
|
Subset & Summary
|
|
|
When is a VTP Subset advertisement sent and what does it include?
|
Sent: After a VLAN database change occurs
Includes: The nature of the change: VLAN creation, deletion, or rename and the VLAN info (name, type, number, etc…) |
|
|
When is a VTP Summary advertisement sent and what does it include?
|
Sent: every VLAN database change and every 300 seconds
Includes: VTP version #, VTP domain name, Revision #, Time stamp, MD5 encryption hash code |
|
|
What is the VTP synchronization problem?
|
A new switch with a higher VTP revision number added to a VTP domain can overwrite all older settings
|
|
|
How can you reset a VTP revision number?
|
1. Change switch VTP mode to transparent then back to server
2. Change switch VTP domain to a bogus name then back to desired name |
|
|
What is a wireless association?
|
A client’s membership with an AP
|
|
|
What is an autonomous mode AP?
|
APs that are independent from the larger network
|
|
|
What is a BSS?
|
Basic Service Set: A set of hosts and APs that can communicate via wireless networking.
|
|
|
What is an IBSS?
|
Independent Basic Service Set: An isolated BSS aka "ad-hoc".
|
|
|
What is an ESS?
|
Extended Service Set: A set of hosts and APs that also connects to the wired network.
|
|
|
What is a SSID?
|
Service Set ID: a text string included in every frame
|
|
|
What is DCF and what does it do?
|
Distributed Coordination Function: Process used by WLANs to determine who gets to send data.
|
|
|
What is DIFS and what does it do?
|
DCF interframe space: time required for a station to wait before retransmitting.
|
|
|
What is Layer 2 roaming?
|
Client maintains the same Layer 3 address between access points.
|
|
|
What is Layer 3 roaming?
|
Client roams between access points located in different IP subnets.
|
|
|
What is a Lightweight Access Point (LAP)?
|
An access point that performs only the 802.11 functions. The management functions are performed on a WLC.
|
|
|
What is a Wireless LAN Controller (WLC)?
|
Performs the management functions for a LAP.
|
|
|
What is Split-MAC Architecture?
|
The division of labor split between LAP and a central WLC.
|
|
|
Do a LAP and WLC need to be located on the same subnet?
|
No
|
|
|
What two tunnel modes are used by LAPs to connect to WLCs?
|
LWAPP & CAP-WAP
|
|
|
What is the Lightweight Access Point Protocol (LWAPP)?
|
Cisco-proprietary protocol used by LAPs to tunnel to WLCs
|
|
|
What is the Control and Provisioning Wireless Access Point Protocol (CAP-WAP)?
|
Open standards protocol used by LAPs to tunnel to WLCs
|
|
|
What do the two tunnels run by LWAPP or CAP-WAP carry?
|
Control messages & Data
|
|
|
Are LWAPP/CAP-WAP control messages encrypted?
|
Yes
|
|
|
What protocl and port does LWAPP use?
|
UDP 12222 and UDP 12223
|
|
|
What protocl and port does CAP-WAP use?
|
UDP 5246 and UDP 5247
|
|
|
What authentication method is used for the LAPs and WLCs?
|
Certificates
|
|
|
How does a LAP receive its configuration?
|
From a WLC it discovers on the network.
|
|
|
What DHCP option provides a LAP with a list of WLCs?
|
Option 43
|
|
|
What does Hybrid Remote Edge Access Point (HREAP) do?
|
Used by remote sites where the LAP is separated from the WLC by a WAN link.
It allows LAPs to operate even if their connection to the WLC is down. |
|
|
Where does wireless client traffic travel through to reach another client?
|
The AP --> the LWAPP/CAP-WAP data tunnel --> the WLC --> back out the tunnel --> AP --> wireless LAN
|
|
|
What types of traffic do not travel to the WLC?
|
Encrypted and Authenticated traffic.
|
|
|
What is intra-controller roaming?
|
Wireless client roams between different LAPs but is still on the same WLC.
|
|
|
What is inter-controller roaming?
|
Wireless client roams between different LAPs that conneect to different WLCs.
|
|
|
What is a mobility exchange message?
|
Info about a roaming client is transmitted between WLCs.
|
|
|
What is an Ether-IP Tunnel?
|
Tunnel created between WLCs to allow a client to roam between LAPs that are on different subnets.
|
|
|
What IP protocol is used by Ether-IP tunnels?
|
IP 97
|
|
|
What is a Mobility Group?
|
Used for inter-controller roaming. It allows clients to roam between LAPs that are managed by different WLCs.
|
|
|
What network design layer should WLCs be located in?
|
Distribution Layer
|
