Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
35 Cards in this Set
- Front
- Back
|
To enable or disable PoE for an interface. By default every switch port attempts to discover an inline-powered device (auto) and voltage is 15400mW
|
switch(config)# [no] power inline [auto [max [4000 - 15400mW]] | static [4000 - 15400mW]] | never]
|
|
|
To verify the power status on a switch port. In a table shows interface, mode, power, device and class. If class is number is 802.3af, if shows n/a is ISL.
|
switch# show power inline [[type] [mod/num]]
|
|
|
To select the voice VLAN mode to be used by switch (default none). All modes except none use special case 802.1q trunk which is automatically enabled through CDP, and it puts data in native vlan. Untagged puts voice in Native vlan, whilst dot1q uses vlan0 and VLAN the vlan-id.
|
switch(config-if)# switchport voice vlan [[vlan-id] | dot1p | untagged | none]
|
|
|
To verify the switch port mode. Either Access, Trunk or Voice VLAN.
|
switch# show interface [[type] [mod/num]] switchport
|
|
|
To verify IP phone trunk is active. Not shown in any show cmds, but STP would run with 2 instances, 1 for voice VLAN and 1 for data VLAN.
|
switch# show spanning-tree interface [[type] [mod/num]] switchport
|
|
|
To enable QoS on a switch (default disabled). When enabled all switch ports are configured as trusted by default.
|
switch(config)# mls qos
|
|
|
To define the QoS parameter (value of incoming packets) that will be trusted. Only 1 can be selected. Generally, for IP phones, you choose CoS because the phone can control the phone can control the CoS values on its 2-VLAN trunk with the switch
|
switch(config-if)# mls qos trust [cos | ip-precedence | dscp]
|
|
|
To make the trust conditional (if a Cisco IP phone is present). The QoS parameter specified previously is only trusted if a Cisco phone is detected through CDP
|
switch(config)# mls qos trust device cisco-phone
|
|
|
To set the priority of data received from the IP phone access port (to extend Trust Boundary). Default is CoS 0. CoS [value] tells phone to overwrite priority value from its connected device. Trust trusts priority value received from its connected device, so extends the complete QoS trust zone.
|
switch(config-if)# switchport priority extend [cos [value] | trust]
|
|
|
To configure a switch port to be trusted (isn't conditional). Switch uplinks should always be considered trusted ports, as long as connected to other trusted devices. QoS parameters are trusted or overwritten at the network edge.
|
switch(config-if)# mls qos trust cos
|
|
|
To enable auto QoS, a macro of many cmds. Cisco-phone = Use if cisco phone attached, trusts its Cos info, Cisco-softphone = Use if pc running cisco softphone application, Trust = Use on ports acting as uplink to other switch or router.
|
switch(config-if)# auto qos voip [cisco-phone | cisco-softphone | trust]
|
|
|
To display QoS parameters. Can verify how a trust has been extended to the IP phone itself. A switch can instruct the phone on whether to extend the QoS trust to an attached device.
|
switch# show mls qos interface [type] [mod/num]
|
|
|
To verify Auto-QoS settings. Auto-QoS handles the following types of QoS configuration: Enables QoS; CoS-to-DSCP mapping; Ingress & Egress queue tuning; strict priority queues for egress voice traffic; establishing an interface QoS trust boundary.
|
switch# show auto qos [interface [type] [mod/num]]
|
|
|
What are the 2 methods used to provide PoE?
|
Cisco Inline Power (ILP) uses prs 2 & 3 (pins 1,2 & 3,6). It sends out a test tone on transmit pair and uses CDP to determine the voltage. IEEE802.3af uses prs 2 & 3 or 1 & 4 (pins 4,5 & 7,8) supplies a small voltage across transmit & receive pairs and decides voltage dependant on which power class detected. Default for both is 15.4 w (0.32 amps at 48vDC)
|
|
|
What is Quality of Service (QoS)?
|
Is the method used in a network to protect and prioritize time-critical or important traffic. It addresses how 1 type of traffic can be preferred or delivered ahead of another. For example, it might be acceptable to wait a short amount of time for a web page to be displayed, but delays in receiving streaming video or audio telephone cant be tolerated.
|
|
|
What is DiffServ?
|
Is a QoS method that uses per-hop behavior, with the router or switch inspecting each packets header to decide how to go about forwarding the packet. All the information needed for this decision is carried in the packet header. The packet itself can't affect how its handled. It merely presents some flags, classifications or markings that can be used to make forwarding decisions based on QoS policies that are configured into each switch or router along the path.
|
|
|
What values can a switch or router use to decide whether to trust packets sent by a device, and carry them over the network to use and make QoS decisions with them.
|
IP packets carry a ToS or DSCP value within their headers, and L2 frames on a trunk can have CoS values associated with them.
|
|
|
How can a switch convert Cos to DSCP values.
|
By default CoS-to-DSCP mapping, but can be changed. CoS info is only useful within the trunk encapsulation. It must be converted to DSCP or IP precedence which can be carried along in the Ip packet headers on any type of connection.
|
|
|
To define a VACL access map. Consists of 1 or more statements (represented by sequence number) which are evaluated in sequence. Each statement can contain 1 or matching conditions.
|
switch(config)# vlan access-map [map name] [sequence-number]
|
|
|
To define the matching conditions that identify the traffic to be filtered. Matching is performed by access lists which must be configured independently. You can repeat these cmds to define several matching conditions, and the first match encountered triggers an action.
|
switch(config-access-map)# match [ip address | ipx address | mac address] [acl-num | acl-name]
|
|
|
To define the action. It can either drop a matching packet, forward it, or redirect it to another interface
|
switch(config-access-map)# action [drop | forward | redirect [type] [mod/num]]
|
|
|
To apply the VACL to a VLAN. Since doesn’t filter inbound or outbound, isn't applied to an interface rather to the VLAN as a whole
|
switch(config)# vlan filter [map name] vlan-list [vlan-list]
|
|
|
To display all VLAN access maps or one with a specific name
|
switch# show vlan access-map [map name]
|
|
|
To display what filters are applied to all VLANs or for the specific VLAN access-map named.
|
switch# show vlan filter access-map [map name]
|
|
|
To define any secondary VLANS. Isolated = can only communicate with primary VLAN, Community = can communicate with primary VLAN and any hosts only in the same community VLAN.
|
switch(config)# vlan [vlan-id] then switch(config-vlan)# private-vlan [isolated | community]
|
|
|
To define the primary VLAN that will provide the underlying private vlan connectivity.
|
switch(config)# vlan [vlan-id] then switch(config-vlan)# private-vlan primary
|
|
|
To associate the primary VLAN with all its component secondary VLANs. If primary VLAN already set up can add or remove secondary VLANs individually. All secondary VLANs must be associated with at least 1 primary VLAN to setup the unidirectional relationship.
|
switch(config-vlan)# private-vlan association [[secondary vlan-list] | add [secondary vlan-list]| remove [secondary vlan-list]]
|
|
|
To define the function of the ports that will participate in PVLANs. Promiscuous = switch port that can connect with anything else, usually to router, firewall or gateway, Host = switch port that connects to regular hosts on secondary VLAN and can communicate with the promiscuous port.
|
switch(config-if)# switchport mode private-vlan [host | promiscuous]
|
|
|
To associate host ports to appropriate primary and secondary VLANs so they know how to interact with the various vlans
|
switch(config-if)# switchport private-vlan host-association [primary vlan-id] [secondary vlan-id] [secondary vlan-id]
|
|
|
To map promiscuous ports to the primary and secondary VLANs. You associate secondary VLANs and map primary VLANs since promiscuous mode ports exhibit bidirectional behavior, and secondary VLAN ports exhibit only unidirectional or logical behavior.
|
switch(config-if)# switchport private-vlan mapping [primary vlan-id] [[secondary vlan-list] | add [secondary vlan-list]| remove [secondary vlan-list]]
|
|
|
To add a private VLAN mapping to the primary VLAN (SVI) interface. A primary VLAN (with SVI interface) can forward traffic at L2, but secondary VLAN associations are only good at L2. Use this cmd on primary VLAN SVI interface to allow L3 traffic coming from secondary VLANs as well.
|
switch(config-if)# private-vlan mapping [[secondary vlan-list] | add [secondary vlan-list]| remove [secondary vlan-list]]
|
|
|
To verify Private VLAN configuration
|
switch# show vlan private-vlan type
|
|
|
To verify all configuration on the specified interface, including private VLAN associations.
|
switch# show interface [type] [mod/num] switchport
|
|
|
What is VLAN hopping, and how can you stop it.
|
Is when someone double tags a frame with spoofed 802.1q tags so they can send packets from 1 VLAN to another with without using a router. 1 Tag is for the native vlan and the 2nd tag for dst subnet. So the packet gets sent to a switch, it removes the native tag and send it down native vlan. At the next switch it sees the other tag and forwards the packet to that vlan. To mitigate against this can set the native vlan of a trunk to a bogus VLAN id, and also prune it at both ends of the link. Maintenance protocols such as CDP, PAgP and DTP wont be affected by the prune, since they will still be sent and received as a special case even if the native VLAN ID is not in the list of allowed VLANs.
|
|
|
To force a frame to tag the native VLAN on all its 802.1Q trunks. Is an alternative method to stop VLAN hopping
|
switch(config)# vlan dot1q tag native
|
