Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
162 Cards in this Set
- Front
- Back
|
What are the three layers in the Cisco Enterprise Hierarchical Design Model?
|
access, distribution, and core
|
|
|
Explain the role of the access layer in the three-layer model.
|
Provides access to users and end devices. High availability, converged network support, QoS, PoE, FHRP, multicast support, and security such as Dynamic ARP inspection, DHCP snooping, IP source guard, BPDU guard, portfast, and port-securtiy
|
|
|
Explain the role of the distribution layer in the three-layer model.
|
Provides availability, QoS, fast path recovery, and load balancing.
Segmentation and isolation of workgroups and departments using a combination of layer 2 or layer 3. |
|
|
Explain the role of the core layer in the three-layer model.
|
Reduced complexity in the core
high speed and high port density. |
|
|
What are the three layers to the Cisco Service Orientated Network Architecture (SONA)
|
Network Infrastructure, Interactive Services, Applications
|
|
|
What are the phases to the Cisco PPDIOO Lifecycle?
|
Prepare, Plan, Design, Implement, Operate, Optimize.
|
|
|
What are the steps involved in configuring a vlan on a access switchport.
|
(config-if)# switchport mode access
(config-if)# switchport access vlan 12 |
|
|
What are the five DTP modes on a trunked interface?
|
Access, Trunk, Non-negotiate, Dynamic Desirable, Dynamic Auto
|
|
|
How is the native VLAN configured on a trunked interface.
|
(config-if)# switchport trunk native vlan <vlan-no>
|
|
|
How do you specify which VLANs are allowed over a trunked interface?
|
(config-if)# switchport trunk allowed vlan <vlans>
|
|
|
What happens when a VTP advertisement has a higher configuration revision number than the local VTP database?
|
The switch overwrites its database with the new VLAN information and forwards
|
|
|
What are the three modes VTP can be configured for?
|
Server, Client, and Transparent
|
|
|
Which modes of VTP would you expect to find a vlan.dat file saved on the flash of the device?
|
Server and Transparent
|
|
|
T/F - transparent does not participate in any way
|
False - Transparent will still forward VTP advertisements but will not learn the VLANs being propagated using VTP. the switch maintains its own database.
|
|
|
What is performed on a switchport by issuing the macro "switchport host"
|
the port is set to access mode, PortFast is enabled, and etherchannel membership is disabled.
|
|
|
When a switch receives a VTP advertisement with a lower configuration revision number, does it:
- Update its own database with the information found in the update - Ignore it - Replies with the more up-to-date information from its own database |
Replies with the more up-to-date information in its own database.
|
|
|
what does a standard VTP configuration that sets the switch to a VTP server, the domain as cisco, the password as cisco, and the VTP version to version 2 look like?
|
(config)# vtp server
(config)# vtp domain cisco (config)# vtp password cisco (config)# vtp version 2 |
|
|
What verification command will show you the current VTP version, configuration revision number, the VTP operating mode, the VTP domain name, the VTP pruning mode, and additional information about the current vtp status?
|
# show vtp status
|
|
|
What steps should be taken before introducing a new switch into an existing VTP domain?
|
1) Erase its flash memory and config file
2) Set it to a fake VTP domain name in client mode 3) Reboot the switch 4) Configure the correct VTP settings 5) connect the switch to the network and verify that it learned the correct VLANs |
|
|
What command can change the load-balancing method for etherchannels?
|
(config)# port-channel load-balance <type>
|
|
|
What methods of load balancing are available?
|
src mac, dst mac, src-dst mac, src IP, dst IP, src-dst IP, src port, dst-port, src-dst port
|
|
|
what two protocols are available for configuring etherchannels?
|
PAgP and LACP
|
|
|
what are the modes of PAgP?
|
On - uses PAgP without negotiation
Auto - responds to PAgP messages but does not initiate. This is the default mode Desirable - will actively negotiate with the other side to bring up the port channel |
|
|
What are the modes of LACP?
|
On - uses LACP without negotiation
Active - will actively attempt to negotiate LACP with the other side Passive - will respond to LACP messages but not actively advertise them |
|
|
What enable mode command can show you the total number of configured channel-groups, the port-channels, and their member interfaces?
|
show etherchannel summary
|
|
|
What enable mode command will show you the current load-balancing method in use?
|
# show etherchannel load-balance
|
|
|
What must be selected on each switch during a spanning tree convergence?
|
- One root bridge
- One root port per nonroot bridge - One designated port per network segment |
|
|
What is the spanning tree election criteria?
|
1) Lowest root bridge ID (BID)
2) Lowest path cost to the root 3) Lowest sender bridge ID 4) Lowest sender Port ID (combination of a port priority and the interface number - default port priority being 128) |
|
|
What is the default bridge priority?
|
32768 ( + VLAN ID in PVST+)
|
|
|
Where does the Bridge ID value come from?
|
The combination of bridge MAC address and bridge priority. The lowest value is the most preferred and determines the root bridge. If all bridge priorities are identical than the lowest MAC address of all bridges is used as the tie breaker.
|
|
|
How is path cost determined on Cisco switches?
|
According to bandwidth. The lower the bandwidth the lower the path cost.
|
|
|
What are some common path cost values?
|
10 Mbps - 100
100 Mbps - 19 1000 Mbps - 4 10 Gbps - 2 |
|
|
T/F - all switches generate Configuration BPDUs
|
False - only the root bridge
|
|
|
T/F - all switches generate topology change notifications
|
True
|
|
|
TCN BPDUs are sent by a downstream switch towards the root when:
|
- There is a link failure
- The port starts forwarding, and there is already a designated port - The receives a TCN from a neighbor |
|
|
What is the default BPDU hello time?
|
Two seconds
|
|
|
What is the default BPDU forward delay?
|
15 seconds
|
|
|
What is the default BPDU max age?
|
20 seconds
|
|
|
What are the four 802.1D port states?
|
Blocking, Listening, Learning, and Forwarding
|
|
|
Does the port learn MAC addresses when the port is in a listening state?
|
No
|
|
|
How do you configure the spanning tree root bridge?
|
(config)# spanning-tree vlan <vlan-id> root primary
|
|
|
How do you configure a manual port cost on an interface?
|
(config-if)# spanning-tree vlan <vlan-id> cost <value>
|
|
|
What is PortFast and how is it configured?
|
(config-if)# spanning-tree portfast
Per port (config)# spanning-tree portfast default Globally PortFast does not disable spanning-tree on an interface but the interface immediately transitions to the forwarding state. If the port receives a BPDU it will go through the listening and learning modes. |
|
|
what are the modified port states in Rapid Spanning Tree?
|
Discarding, Learning, and Forwarding
|
|
|
What are the port roles in RSTP?
|
Root - same
Designated - same alternate - backup to the root port Backup - backup to desigated Disabled - does not participant in spanning tree Edge - same as Portfast |
|
|
What are the differences between RSTP and 802.1D STP?
|
- In RSTPs each bridge switch originates BPDUs whether or not it receives a BPDU on its root port from the root bridge
- All eight bits of the BPDU type field are used in RSTP. The TC and TC Ack bits are a carryover from 802.1D, and the other six bits specify the port's role an its RSTP state and are used in the port handshake. - The RSTP BPDU is set to Type 2, Version 2. |
|
|
How does RSTP provide fast convergence?
|
- When an inferior BPDU is received, the bridge accepts it. If the switch has another path to the root, it uses that and informs the downstream switch of the alternative path (similar to BackBoneFast).
- Edge ports function the same as PortFast immediately transitioning to forwarding. - If you connect two switches through a point-to-point link and the local port becomes a designated, it exchanges a handshake with the other port to quickly transition to forwarding. Full-duplex links are assumed to be point-to-point, and half-duplex links are assumed to be shared. - Ports that can transition to forwarding when no BPDUs are received from a neighbor switch (similar to uplink fast) |
|
|
What command enables rapid spanning-tree?
|
(config)# spanning-tree mode rapid-pvst
|
|
|
How is MST configured?
|
(config)# spanning-tree mode mst
(config)# spanning-tree mst configuration (config-mst)# name <region_name> (config-mst)# revision <number> (config-mst)# instance number <vlan> <vlan_range> |
|
|
How is UplinkFast enabled?
|
(config)# spanning-tree uplinkfast
|
|
|
How does UplinkFast work and what problem does it solve for 802.1D spanning tree?
|
Identifies backup to the root port. If the root port fails, one of the ports in the uplink group is unblocked and transitions immediately to forwarding; it bypasses the listening and learning stages. This reduces the delay in re-convergence after a link failure.
|
|
|
How is BackboneFast enable?
|
(config)# spanning-tree backbonefast
|
|
|
What problem does BackboneFast solve and how does the feature function?
|
Used to detect indirect link failures. If the BackboneFast bridge receives an inferior BPDU from its designated bridge, it knows a link on the path to the root has failed. The switch then sends a root link Query (RLQ) frame out all alternate ports. The root then responds with an RLQ response and the port receiving the response can transition to forwarding.
|
|
|
How are alternate ports determined when BackboneFast is enabled?
|
- If the inferior BPDU is received on a blocked port, the root port and any other blocked ports are considered alternatives.
- If the inferior BPDU was received on the root port, all blocked ports are considered alternatives - If the inferior BPDU was received on the root port and there are no blocked ports, the switch assumes it has lost connectivity to the root and advertises itself as root. |
|
|
What is BPDU Guard?
|
If a BPDU frame is received on a port, the port is put into err-disabled state (by default this is shutdown)
|
|
|
What are the two ways that BPDU Guard can be configured?
|
Globally -
(config)# spanning-tree portfast bpduguard default Per interface - (config-if)# spanning-tree bpduguard enable |
|
|
What is BPDU Filtering?
|
It depends on where the feature is enabled. If enabled globally, the interface will be removed from PortFast status if a BPDU is received:
(config)# spanning-tree portfast bpdufilter default If configured at the interface level it prevents the port from sending or receiving any BPDUs: (config-if)# spanning-tree bpdufilter enable |
|
|
How does root guard function?
|
If any non-root port receives a BPDU that would cause that port to become a root port, the port is put into a "root-inconsistent" state and does not pass traffic through it. If the port stops receiving these BPDUs it will automatically re-enable itself.
|
|
|
How do you configure Root Guard?
|
(config-if)# spanning-tree guard root
|
|
|
What problem does Unidirectional Link Detection solve?
|
Unidirectional link failures typically caused by when one laser/LED fails in a fiber SFP or GBIC.
|
|
|
How do you enable UDLD on all fiber-optic interfaces?
|
(config)# udld [enable | aggressive]
|
|
|
T/F - You can use UDLD on copper interfaces?
|
False - only fiber interfaces
|
|
|
How do you enable UDLD on a specific fiber port?
|
(config-if)# udld port {aggressive | disable}
|
|
|
How is Loop Guard enabled?
|
Globally:
(config)# spanning-tree loopguard default Interface: (config-if)# spanning-tree guard loop |
|
|
What problem does LoopGuard solve?
|
If a blocking port stops receiving BPDUs, the port is placed into a loop-inconsistent mode instead of moving to forwarding.
|
|
|
What are the processing steps for layer 2 forwarding?
|
Input:
1) Recieve frame 2) Verify frame integrity 3) Apply inbound VLAN ACL 4) Lookup destination MAC Output: 1) Apply outbound VLAN ACL 2) Apply outbound QoS ACL 3) Select Output port 4) Place in port queue 5) Rewrite 6) Forward |
|
|
What are the processing steps for Layer 3 forwarding?
|
Input
1) Receive frame 2) Verify frame integrity 3) Apply inbound VACL 4) Look up destination MAC Routing 1) Apply input ACL 2) Switch if entry is in CEF cache 3) Identify exit interface and next-hop address using routing table 4) Apply output ACL Output 1) Apply outbound VACL 2) Apply outbound QoS ACL 3) Select output port 4) Place in interface queue 5) Rewrite source and destination MAC, IP checksum, and frame check sequence, and decrement TTL (time-to-live field in the IP header) 6) Forward |
|
|
How do you exclude the status of a particular interface from determining the status of SVI, what command can you execute on the interface?
|
(config-if)# switchport autostate exclude
|
|
|
What configuration steps are necessary to enable an SVI?
|
(config)# ip routing
(config)# vlan 3 (config)# interface vlan 3 (config-if)# ip add 10.3.3.3 255.255.255.0 |
|
|
How do you configure a switchport as a layer 3 interface?
|
(config-if)# no switchport
|
|
|
What are the three types of Switch Forwarding architectures?
|
- Process switching: each packet must be examined by the CPU and handled in software. Slowest method
- Fast Switching: the CPU switches the first packet in each flow, then caches that information and switches subsequent packets in the hardware. Also called route caching - Cisco Express Forwarding (CEF): A table is prebuilt with adjacency information for all destinations and routing table. Fastest method, and the default on Cisco switches and routers. Also called topology-based switching. |
|
|
What two tables make up CEF?
|
The FIB and the adjacency table
|
|
|
What commands can you use to view the contents of CEF?
|
# show ip cef {interface} {detail}
# show ip cef fastethernet 2/2 10.0.0.1 detail |
|
|
What command will help you troubleshoot CEF drops?
|
# show cef drop
|
|
|
What command will show the adjacency table?
|
# show adjacency
|
|
|
What are some technologies that will help improve redundancy?
|
- Cisco Nonstop Forwarding (NSF)
- Stateful Switchover (SSO) - Stackwize technology on 3750 - Virtual Switch System (VSS) - Monitoring tools such as SNMP and Syslog - IP Service Level Agreement (SLA) |
|
|
When using Layer 2 for the links between the access layer and distribution layer, what requirements need to be met?
|
The same switch must be configured as FHRP active and STP root.
|
|
|
What are the eight severity levels in syslog?
|
Emergency, Alert, Critical, Error, Warning, Notice, Informational, Debugging
|
|
|
What are the three SNMPv3 security levels?
|
noAuthnoPriv
authNoPriv authPriv |
|
|
What is a sample SNMP configuration on a Cisco device?
|
(config)# access-list 1 permit 10.1.1.1
(config)# snmp-server community ccnp ro (config)# snmp-server community c1sc0 rw 1 (config)# snmp-server host 10.1.1.2 traps admin |
|
|
What is a sample configuration for IP SLA?
|
(config)# ip sla 1
(config-ip-sla)# udp-jitter 10.1.1.3 65422 coded g729a (config-ip-sla-jitter)# frequency 120 (config-ip-sla-jitter)# exit (config)# ip sla schedule 1 life forever start-time now |
|
|
What is the virtual router's MAC for HSRP?
|
0000.0c07.ACxx where xx is the HSRP group.
|
|
|
What IP and port does HSRP traffic use?
|
224.0.0.2 and UDP port 1985
|
|
|
What is the default HSRP priority?
|
100
|
|
|
What happens if the HSRP members both have the default priority (100) configured?
|
The highest configured IP address wins the election.
|
|
|
What HSRP states are there?
|
- Initial
- Learn - Listen - Speak - Standby - Active |
|
|
What an example HSRP configuration?
|
(config-if)# standby 39 ip 10.0.0.1
(config-if)# standby 39 authentication md5 key-string cisco (config-if)# standby 39 priority 150 (config-if)# standby 39 priority delay minimum 90 (config-if)# standby timers 1 3 |
|
|
T/F - you can use an IP SLA as a HSRP track object
|
True - you can create an IP SLA and then specify that object when configuring the standby track command:
(config)# ip sla 5 (config-ip-sla)# udp-jitter 172.17.1.2 16000 (config)# track 10 rtr 5 (config-if)# int fa 1/0/15 (config-if)# standby 39 track 10 decrement 50 |
|
|
What are the differences in VRRP vs HSRP.
|
VRRP uses a different IP multicast address and port:
224.0.0.18 and UDP port 112 VRRP uses lower timers by default : 1 second Hello and 3 Second Dead |
|
|
T/F - VRRP cannot track interfaces but can track IP SLA group objects.
|
True
|
|
|
How GLBP achieving load-balancing?
|
All hosts (up to four) share the same virtual IP, but each router has its own virtual MAC address. The Active Virtual Gateway (AVG) responds to ARP requests for the VIP with different cluster members virtual MAC address in the order configured.
|
|
|
What load-balancing methods are supported by GLBP?
|
Weighted load-balancing, host-dependent load-balancing, round-robin load balancing
|
|
|
What's a basic GLBP configuration look like?
|
(config-if)# glbp 39 ip 10.0.0.1
(config-if)# glbp 39 priority 150 |
|
|
What command can verify a HSRP deployment and status?
|
# show standby interface <interface>
|
|
|
What are the four typical switched attacks?
|
- MAC Address-based attacks (flooding)
- VLAN-based attacks (vlan-hopping) - Spoofing attacks: DHCP spoofing, MAC spoofing, ARP spoofing, and Spanning-tree attacks - Attacks against the switch - CDP, telnet, SSH attacks |
|
|
How do you enable port-security on an interface?
|
(config-if)# switchport port-security
|
|
|
How do you specify the max number of MAC addresses an interface can learn?
|
(config-if)# switchport port-security maximum <integer>
|
|
|
How do you specify what the violation will result in for port-security is enabled?
|
(config-if)# switchport port-security violation {shutdown | restrict | protect}
|
|
|
What does "stickiness" provide?
|
Allows the interface to dynamic learn MAC addresses, but the MAC address is "attached" to the interface for a period.
|
|
|
How do you verify port-security?
|
# show port-security interface fa 1/0/15
|
|
|
How do you configure port-based authentication?
|
(config)# aaa new-model
(config)# aaa authentication dot1x default group radius (config)# dot1x system-auth-control (config-if)# dot1x port-control [auto | force-authorized | force-unauthorized] |
|
|
What possible actions exist for a VACL?
|
forward, drop and redirect
|
|
|
What is a small example of a VACL config?
|
(config)# vlan access-map Drop101 10
(config-access-map)# match ip address 101 (config-access-map)# action drop (config)# vlan access-map Drop101 20 (config-access-map)# action forward (config)# vlan filter Drop101 vlan-list 10 |
|
|
What commands can be used to verify a VACL configuration?
|
# show vlan access-map <vacl_name>
# show vlan filter access-map <vacl_name> |
|
|
What is a private VLAN?
|
A private VLAN is a secondary VLAN that can provide layer 2 isolation for host on the same VLAN.
|
|
|
What are the type types of secondary VLANs used in a private VLAN?
|
community and isolated
|
|
|
What are the three port types in a private VLAN environment?
|
community, isolated, and promiscuous
|
|
|
How do you specify the VLAN type for a PVLAN config?
|
(config)# vlan 10
(config-vlan)# private-vlan {community | isolated | primary} (config)# vlan <primary-vlan-id> (config-vlan)# private-vlan association <secondary_vlan_list> |
|
|
What's a simple command to run on lower end Cisco platforms for port security?
|
(config-if)# port protected
|
|
|
What is an example of DHCP snooping configuration
|
(config)# ip dhcp snooping
- Enables feature globally (config)# ip dhcp snooping information option - Enable DHCP option 82 (config)# ip dhcp snooping vlan number <vlan> - Enables DHCP snooping on a VLAN (config-if)# ip dhcp snooping trust - Enables a switchport as trusted such as a DHCP server or a trunked interface (config-if)# ip dhcp snooping limit <pkts-per-second> - Specifies a threshold in pps for DHCP traffic |
|
|
What is the benefit of DHCP snooping?
|
Monitors the DHCP requests and responses between a DHCP client and a DHCP server. This prevents rogue DHCP servers from handing out fraudulent addresses to unsuspecting victim machines.
|
|
|
What is IP source guard?
|
IP source guard creates a dynamic port ACL based on the DHCP snooping table. The source IP in the ACL is defined by the IP that was assigned using DHCP (again found in the DHCP snooping table).
|
|
|
How do you enable port-security?
|
It is enabled on the interface level with the command:
(config-if)# ip verify source port-security |
|
|
ARP Inspection is enabled globally once the feature is turned on - T/F
|
False - is is enabled per VLAN with the command:
(config)# ip arp inspection vlan <vlan-id> |
|
|
How is a port configured as a trusted port?
|
(config-if)# ip arp inspection trust
|
|
|
What are the some best practices for securing your switch?
|
- Use strong passwords
- Do no use Telnet - Use SSH - Disable unneeded services (finger, tcp/udp small-servers, service config, HTTP server) - physically secure access to the device - User banners - Disable CDP on unneeded ports - Disable trunking on all nontrunked ports - Setup syslog monitoring |
|
|
What are network and bandwidth considerations for VoIP deployments?
|
- Max delay of 150-200 ms one way
- No more than 1 percent packet loss - max average jitter of 30 ms - Bandwidth of 21-106 Kbps per call, plus approximately 150 bps per phone for control traffic |
|
|
Define the following QoS term:
Classification |
Distinguish one type of traffic from another.
|
|
|
Define the following QoS term:
Marking |
At Layer 2, an 802.1p CoS value within the 802.1Q frame tag. At layer 3, setting IP precedence or Differentiated Service Code Point (DSCP) values in the packet's IP header.
|
|
|
Define the following QoS term:
Policing |
Determining whether a specific type of traffic is within preset bandwidth limits.
|
|
|
Define the following QoS term:
Traffic shaping and conditioning |
Attempts to send traffic out in a steady stream at a specified rate. Buffers traffic that goes above that rate and sends it when there is less traffic on the line.
|
|
|
Define the following QoS term:
Queueing |
After the traffic is classified and marked, one way it can be given is to be put into different queues on the interface to be sent out at different rates and times. The default queuing method for a switchport is FIFO.
|
|
|
Define the following QoS term:
Dropping |
Normally interface queues accept packets until they are full and then drop everything after that.
|
|
|
What 802.1p bits are usually used for Voice when configuring VoIP?
|
Five (Four for video)
|
|
|
What is the difference between IP precedence and DSCP?
|
The IP precedence bits are the top 3 bits and DSCP uses the top 6 bits. The bottom two DSCP bits are set aside for congestion notification. The default DSCP value is 0, which corresponds to best-effort delivery.
|
|
|
What DSCP value typically uses what value for voice?
|
DSCP 46 (Expediated Forwarding)
|
|
|
Define QoS Trust Boundaries
|
Defines how the switch will handle traffic that has already been marked.
|
|
|
What options are available for trust in QoS?
|
- Trust the DSCP value in the incoming packet
- Trust the IP precedence value in the incoming packet - Trust the CoS value in the incoming frame - Classify the traffic based on the IP access list or a MAC access list |
|
|
What a simple configuration for voice on a Cisco switchport?
|
(config-if)# switchport voice vlan <vlan-id>
(config-if)# mls qos trust {dscp | cos} (config-if)# mls qos trust device cisco-phone (config-if)# switchport priority extend cos <cos-value> |
|
|
What does AutoQoS provide?
|
- Automatic discovery and classification of network applications
- Creates QoS policies for those applications - Configures the switch to support Cisco IP phones and network applications. Manual configuration can also be done afterward. - Sets up SNMP traps for network reporting - Configures consistently across your network when used on all routers and switches. |
|
|
What commands enable Auto QoS for a Cisco IP phone.
|
(config-if)# auto qos voip trust
configured the port to trust the CoS on all traffic entering the port. (config-if)# auto qos voip cisco-phone configured the port to trust traffic marking only if a Cisco phone is connected to the port. Requires that CDP be enabled |
|
|
What are some characteristics of Wireless LANs?
|
WLANs use Carrier Send Multi-Access/Collision Avoidance (CSMA/CA).
Wireless data is half-duplex. Radio waves have unique potential issues such as interference, distortion, and noise. WLAN hosts have no physical network connection. WLAN must adhere to each country's RF standards. |
|
|
How much overlap is recommended between two access points?
|
20%
|
|
|
What are two types of Access Points (APs)
|
Autonomous and Lightweight
|
|
|
What is "split mac"
|
Splitting layer 2 802.11 processing between the AP and a Cisco Wireless LAN controller (WLC).
|
|
|
What is the management components of a Cisco Wireless solutions?
|
Wireless Control System (WCS)
|
|
|
What are functions that the WLC handle?
|
- Authentication
- Client association/mobility management - Security management - QoS policies - VLAN tagging - Forwarding of user traffic |
|
|
What are two protocols that support the split mac protocols between the lightweight AP and its controller?
|
Lightweight Access Point Protocol (LWAPP) and Control and Provisioning of Wireless Access Points (CAPWAP) protocol
|
|
|
What is the WLC discover process that the lightweight AP uses to associate to a given WLC?
|
- The AP requests a DHCP address. The DHCP response includes the management IP address of one or more WLCs.
- The AP sends an LWAPP or CAPWAP Discovery Request to each WLC. - The WLC responds with an LWAPP or CAPWAP Discovery Response that includes the number of APs currently associated with it. - The AP sends a Join Request to the WLC with the fewest APs associated to it. - The WLC responds with a Join Response message; the AP and the controller mutually authenticate each other and derive encryption keys to be used with future control messages. The WLC then configures the AP with settings, such as SSIDs, channels, security settings, 802.11 parameters. |
|
|
What is H-REAP and what problem does it solve?
|
H-REAP stands for Hybrid Remote Edge Access Point. It's a protocol designed to allow a lightweight access point to continue to function if a WLC is unreachable. Of course, some features are unavailable or severely limited when the WLC is unreachable.
|
|
|
What are some features to SNMP version 1?
|
Five types of basic messages:
- Get Request - Get Next Request - Set Request - Get Response - Trap |
|
|
What are the eight syslog levels in order from most critical to least critical?
|
Emergency (level 0)
Alert Critical Error Warning Notice Informational Debugging (Level 7) |
|
|
What are some features of SNMP version 2?
|
- Get Bulk Request
- Inform Request (acknowledged trap) - Data types with 64-bit values |
|
|
What are some features of SNMP version 3?
|
Authentication and privacy
Authorization and access control Usernames and key management Remotely configurable via SNMP operations |
|
|
Which of the following cannot be configured when loop guard is enabled?
(config-if)# switchport mode access (config-if)# switchport mode trunk (config-if)# spanning-tree guard root |
(config-if)# spanning-tree guard root
|
|
|
T/F - setting the trunk mode using the command:
(config-if)# switchport mode trunk Disables DTP on the interface |
false - you must use the command:
(config-if)# switchport nonegotiate To totally disable DTP on an interface |
|
|
What does the configuration statement
switchport mode trunk configure the DTP mode to be? |
Always trunk my end, and I will send DTP to attempt to negotiate a trunk on the other end.
|
|
|
What does the configuration statement:
switchport nonegotiate configure the DTP mode to be? |
Says "Do not send or respond to DTP from this end. Disable all DTP on this port." (Best used on user access ports, when trunking to a non-cisco switch, when trunking to a router, or if you are paranoid about fast convergence)
|
|
|
What does the configuration statement:
switchport mode dynamic desirable configure the DTP mode to be? |
Says "Ask the other end to trunk using DTP and trunk if the negotiation succeeds. If DTP negotiation fails then become an access port."
|
|
|
What does the configuration statement:
switchport mode dynamic auto configure the DTP mode to be? |
If the other end asks me to be a trunk with DTP, then become a trunk, but I won't initiate any negotiation from this end. If no one asks me to become a trunk, I will become an access port.
|
|
|
What does the configuration statement:
switchport mode access mean? |
Never trunk on this end, and I will send out DTP to help my link partner reach the same conclusion.
|
|
|
What does the configuration statement:
switchport trunk encapsulation say? |
Do not negotiate the trunk protocol with DTP. Only use the trunk protocol specified in the command (ISL or dot1q)
|
|
|
What is the one difference between enabled BPDUguard globally and per-port?
(config)# spanning-tree portfast bpduguard default (config-if)# spanning-tree bpduguard enable |
Enabling BPDUguard globally enables BPDU on all portfast configured interfaces.
Enabling BPDUguard per-port enables BPDUguard regardless if PortFast is configured on that interface or not. |
|
|
What are the differences in enabling BPDUfilter globally and at the interface level?
(config)# spanning-tree portfast bpdufilter default (config-if)# spanning-tree bpdufilter enable |
Configured globally bpdufilter only applies to portfast configured interfaces. The interface will still send a few BPDU frames at link up. If a BPDU is received on a Port-Fast enabled interface, the interface loses its Port Fast operational-status and BPDU filtering is disabled.
At the interface level, the command prevents the interface from sending or receiving BPDUs. Enabling BPDU filtering at the interface is the same as disabling spanning-tree on the interface and can result in a loop. |
|
|
Globally configuring portfast instead of per-port will result in what behavior change?
|
PortFast will only be enabled on access ports, and if a BPDU is receive on a portfast globally enabled interface the interface will revert to standard STP status and proceed through all the port learning states.
|
|
|
T/F - enabling portfast on an interface is unconditional and the port will remain in forwarding regardless of whether any BPDUs are received
|
True
|
|
|
What items can be specified for HSRP tracking?
|
- An interface
- Ip route - A list of objects - IP SLA |
|
|
How many AVGs can can exist at one time?
|
one
|
|
|
How many members can be backup AVG in a GLBP group?
|
Up to three, since there can be a max of four routers in a GLBP group. One will be the active AVG and the others will be backup AVGs.
|
|
|
What states will the standby AVGs be in?
|
One AVG will be in Standby and the others will be in the Listen state.
|
|
|
What would cause a standby time expiry event?
|
The hold time value is reached since seeing the expected hello packet
|
|
|
What would cause a active timer expiry event?
|
The timer expires in accordance with the hold time value that is set in the related field of the HSRP hello message.
|
