3 - Implementing VLANs and STP

Question 1

What is a VLAN?

Answer 1

A separate broadcast domain, virtually created on the switch

Question 2

How do VLANs improve security and host performance?

Answer 2

Fewer hosts see copies of frames (broadcasts, multicasts, unknown unicasts) sent by one host, because it creates smaller broadcast domains. Allow per VLAN security policies

Question 3

When do you need VLAN trunking and what does it do?

Answer 3

Networks with multiple interconnected switches. Allows traffic for multiple VLANs to be sent over a single link

Question 4

What is a VLAN tag?

Answer 4

A small header added to an Ethernet frame so that frames can be identified as belonging to a given VLAN

Question 5

What are the two trunking protocols Cisco primarily supports and which is more popular?

Answer 5

Inter-Switch Link (ISL)

IEEE 802.1Q is more popular

Question 6

How do ISL and IEEE 802.1Q differ?

Answer 6

802.1Q inserts an extra 4 byte VLAN header into the original frame’s Ethernet header (that also contains the VLAN ID)

Question 7

How many bits is the VLAN ID inside the 802.1Q header?

Answer 7

12 bits

Question 8

What is the max number of VLANs supported by ISL and 802.1Q?

Answer 8

4096 but only 4094 usable. 0 and 4095 are reserved.

Question 9

What number VLANs are in the standard range?

Answer 9

1 - 1005

Question 10

What number VLANs are in the extended range?

Answer 10

1006 - 4094

Question 11

What is the default native VLAN?

Answer 11

1

Question 12

What does 802.1Q do with frames in the native VLAN?

Answer 12

Nothing. It does not add a header

Question 13

What are non-trunking interfaces called?

Answer 13

Access interfaces / static access interfaces

Question 14

What commands would you use to setup a VLAN and add a port to it on a switch?

Answer 14

vlan 10
name TestVLAN
interface f0/10
switchport access vlan 10
switchport mode access

Question 15

How could you list simple VLAN information on a switch?

Answer 15

show vlan brief

Question 16

What is special about VLANs 1002-1005?

Answer 16

They cannot be deleted

Question 17

How can you disable VTP on a Switch?

Answer 17

vtp mode transparent

vtp mode off

Question 18

What does VTP transparent mode do?

Answer 18

Prevent VTP from learning and advertising about VLAN configuration itself, but still forwards VTP advertisements

Question 19

How can you check VTP status?

Answer 19

show vtp status

Question 20

True / False: The show running-config command shows VLAN commands

Answer 20

False

Question 21

What is DTP for?

Answer 21

Dynamic Trunking Protocol. Two connected switches use this protocol to negotiate which type of trunking to use (ISL or 802.1Q)

Question 22

How does the dynamic desirable Trunk administrative mode work?

Answer 22

Initiates negotiation messages and responds to negotiation messages to trunk

Question 23

How does the dynamic auto Trunk administrative mode work?

Answer 23

Passively waits to receive trunk negotiation messages at which point the switch will respond and negotiate

Question 24

What is the operational mode of an interface?

Answer 24

The mode that it is currently actually active on an interface, e.g. static access

Question 25

What is the default administrative trunking mode on an interface?

Answer 25

dynamic auto

Question 26

What command would you use to show all interfaces that are trunking?

Answer 26

show interfaces trunk

Question 27

How could you show information for a specific VLAN?

Answer 27

show vlan id 2

Question 28

What happens when one end of a link has its trunking administrative mode set to trunk and the other to access?

Answer 28

This causes problems. Avoid this combination

Question 29

What does Cisco recommend configuring trunk negotiation to for better security?

Answer 29

Disabling it on most ports

Question 30

What two commands could you use to disable DTP / trunking negotiations?

Answer 30

switchport mode access

switchport nonegotiate

Question 31

What is IP telephony?

Answer 31

Phones using IP packets to send and receive voice represented as bits in an IP packet

Question 32

What is a Cisco product that performs IP telephony control

Answer 32

Cisco Unified Communication Manager

Question 33

What did Cisco do to help solve the issue of only a single UTP cable being available at a persons desk but needing one for the phone and one for their PC?

Answer 33

Embedded a small three-port switch into each phone

Question 34

Given a phone and a PC are recommended to be in different VLANs, how does a Switch port support a phone and a PC?

Answer 34

Port acts like an access link for the PCs traffic and a bit like a trunk for phone traffic. Two VLANs: Data VLAN and Voice VLAN. The port mostly acts like an access port, but Voice frames flow with 802.1Q headers

Question 35

How would you configure a switch with a data and voice vlan?

Answer 35

vlan 10
vlan 11
interface range F0/1-4
switchport mode access
switchport access vlan 10
switchport voice vlan 11

Question 36

How can you view detailed information about the operation of an interface?

Answer 36

show interfaces F0/1 switchport

Question 37

Do interfaces with Voice VLANs enabled show up in the output of the ‘show interfaces trunk’ command?

Answer 37

No. But show interfaces F0/1 trunk would list additional information with a status of not-trunking

Question 38

How would you enable or disable a vlan?

Answer 38

no shutdown vlan 10

shutdown vlan 20

Question 39

What command would you use to show which VLANs will be forwarded over a given trunk interface?

Answer 39

switchport interfaces F0/1 trunk

Question 40

What command is used to administratively limit which VLANs are allowed on a trunk interface?

Answer 40

switchport trunk allowed vlan 1-60

Question 41

What is VLAN hopping?

Answer 41

When a frame is sent in one VLAN but believed to be in a different VLAN. This would occur when two switches had configured their native VLANs to different numbers

Question 42

What does STP/RSTP prevent?

Answer 42

It prevents frames looping indefinitely in LANs with redundant links

Question 43

What is a broadcast storm?

Answer 43

When a frame is looping around the network indefinitely, saturating all links with multiple copies of that frames preventing normal frames from being processed

Question 44

What is MAC table instability?

Answer 44

An issue where MAC address tables keep changing because frames with the same source MAC arrive on different ports, such as in a broadcast storm

Question 45

What are the three main classes of problem caused by not using STP in redundant LANs?

Answer 45

Broadcast storms
MAC table instability
Multiple frame transmission

Question 46

What is STP convergence?

Answer 46

When switches in a LAN realize there has been a topology change and update interface blocking / forwarding states

Question 47

How does STP/RSTP work?

Answer 47

Uses the STA (Spanning Tree Algorithm) to create a spanning tree of interfaces that forward frames, effectively creating a single path to and from each link

Question 48

What are the three steps STP/RSTP uses to decide if an interface should go into the forwarding state?

Answer 48

1. Elect a root switch and put all working interfaces on it in the forwarding state
2. Every non root switch places its root port (RP) (least root cost path) into forwarding state
3. For every two switches on a link, the one whos port has the lowest root cost is placed in the forwarding state. This switch is the designated switch, with its designated port (DP)

Question 49

What is a non root switches root cost?

Answer 49

The port considered to have the least administrative cost between it and the root switch

Question 50

What is a designated port?

Answer 50

A Switch port designated to forward onto a collision domain. Basically the Switch with the lower cost to reach the root among both switches on a segment becomes the DP on that segment

Question 51

What is a BID?

Answer 51

Bridge ID
8 byte value must be unique to each switch
Made of 2 bytes priority field, 6 bytes burned in System ID

Question 52

What is a BPDU? What is an alternative name for them?

Answer 52

Bridge Protocol Data Unit

Configuration BPDUs

Question 53

What is BPDU used for?

Answer 53

For switches to exchange information with each other

Question 54

What is the most common BPDU and what is it used for?

Answer 54

BPDU Hello

• Sending switch’s BID
• Sender’s root cost
• Root bridge ID
• Timer values on root switch

Question 55

What is the sender’s Root Cost in a Hello BPDU?

Answer 55

The cost between the switch and the current root

Question 56

What is important about the BID in the Root election process?

Answer 56

The switch with the lowest BID becomes the root (based on the 2 byte priority value at the start)

Question 57

What happens if there is a tie in BID priority in the Root election process?

Answer 57

The switch with the lowest MAC becomes the root

Question 58

How does the Root election process take place?

Answer 58

Each Switch sends a Hello BPDU claiming it is root.

If a Switch receives a Hello BPDU from another Switch that has a lower priority then it stops advertising itself as root and starts forwarding the superior Hello BPDU

Question 59

What happens if there is a tie between root cost for two paths when selecting a root port?

Answer 59

1. Choose based on lowest neighbor bridge ID
2. Choose based on lowest neighbor port priority
3. Choose based on lowest neighbor internal port number

Question 60

What does a non-root switch do when forwarding a Hello?

Answer 60

1. Sets the root cost field in the Hello to that Switches cost to reach the root
2. Changes the senders BID to its own BID
3. Forwards the Hello out all designated ports

Question 61

What happens if there is a tie for advertised costs when selecting a Designated Port (DP)?

Answer 61

1. The Switch with the lowest BID wins

Question 62

What two additional tie breakers are sometimes needed for ties in advertising cost when electing a DP?

Answer 62

1. Lowest interface STP/RSTP priority

2. Lowest internal interface number

Question 63

What are the two main tools used by engineers to influence choices in STP/RSTP?

Answer 63

1. Changing the BID

2. Changing STP/RSTP port costs

Question 64

What are the default port costs used by Cisco in STP/RSTP?

Answer 64

100 for 10Mbps
19 for 100Mbps
4 for 1000Mbps
2 for 10Gbps

Question 65

How often does an STP root switch send a new Hello BPDU by default?

Answer 65

2 seconds

Question 66

How often does the root Switch send Hellos?

Answer 66

Every 2 seconds

Question 67

What are the three STP timers and their default values?

Answer 67

Hello timer - 2 seconds
MaxAge timer - 10 x Hello timer
Forward delay - 15 seconds

Question 68

What is the MaxAge timer?

Answer 68

How long any switch should wait after ceasing to hear Hellos before trying to change the STP topology

Question 69

What is the Forward Delay timer?

Answer 69

Delay that affects the process that occurs when an interface changes from blocking to forwarding state. The port stays in interim listening state then learning state for the number of seconds defined by this timer

Question 70

What are the two transitory phases in STP and what is their purpose?

Answer 70

Listening and Learning

To prevent temporary loops

Question 71

What is the Listening state in STP?

Answer 71

Interface does not forward frames

Old stale / unused MAC table entries for which no frames are received during this period are removed

Question 72

What is the Learning state in STP?

Answer 72

Interface does not forward frames

Switch begins to learn MAC address of frames received on the interface

Question 73

What is the time between each interim state in STP?

Answer 73

The time set in the Forward delay counter (15 seconds default)

Question 74

What is the RSTP equivalent of the STP blocking state?

Answer 74

Discarding state

Question 75

What is the key improvement brought by RSTP?

Answer 75

Faster convergence time

Question 76

How does RSTP improve speed?

Answer 76

Changes and adds ways to avoid waiting long periods on STP timers. This means quicker transitions between blocking / discarding to forwarding and vice versa

Question 77

What are two new mechanisms added by RSTP with respect to ports that improve speed over STP?

Answer 77

1. Mechanism added for Switch to replace Root port without any waiting to reach forwarding state
2. Mechanism added to replace Designated port without any waiting to reach forwarding state

Question 78

What does RSTP shorten the MaxAge timer to?

Answer 78

3 x the Hello timer

Question 79

What is an alternate port in RSTP?

Answer 79

Port that replaces the root port if it fails

Question 80

What is a backup port in RSTP (for designs that use Hubs)?

Answer 80

Port that replaces a designated port if it fails

Question 81

What does RSTP do differently to STP with regards to Hello BPDUs?

Answer 81

Instead of the Root port generating Hello and all other switches forwarding it as with STP, each switch independently generates its own Hellos

Question 82

How does RSTP allow switches to avoid waiting for timers to expire as a means to learn information?

Answer 82

Neighbors can query each other rather than waiting for timers to expire

Question 83

What does RSTP do differently to STP with respect to selecting a RP role?

Answer 83

STP only selects one Root port role. RSTP does this but also identifies other potential root ports naming them alternate ports

Question 84

What is the criteria to be an Alternate port?

Answer 84

Both the Root port and the port in question must receives Hellos that identify the same root switch

Question 85

How long must an alternate port wait before changing state and forwarding when taking over from a Root port?

Answer 85

It doesn’t need to wait for any timers between states or before forwarding, it can do this immediately

Question 86

What state does RSTP not have that STP has?

Answer 86

Listening

Question 87

What are the two STP states equivalent to the RSTP Discarding state?

Answer 87

Blocking

Disabled (administratively)

Question 88

What is the problem with MAC table entries during topology changes?

Answer 88

Existing entries may cause a loop. This is why switches have to time them out / clear them

Question 89

How does RSTP achieve MAC table clearing during topology changes?

Answer 89

Exchange of BPDU messages with neighbors

Question 90

True/False: Hubs force attached Switch ports to use half-duplex logic

Answer 90

True

Question 91

What assumption does RSTP make about half-duplex ports?

Answer 91

That they may be connected to hubs, so it treats them as shared ports.

Question 92

What is EtherChannel and what is a benefit of it?

Answer 92

Combines multiple parallel segments of equal speed between the same pair of switches, bundled into an EtherChannel.

Prevents STP convergence being needed when only a single port / cable failure occurs.

Question 93

By default how many parallel segments can be in an EtherChannel?

Answer 93

Up to 8

Question 94

What is PortFast?

Answer 94

Allows a switch port to immediately transition from blocking to forwarding state, bypassing listening and learning

Question 95

What ports can you safely enable PortFast on?

Answer 95

You must only enable it on ports you know don’t have bridges, switches or any other STP speaking devices connected

Question 96

What must you wait for a switch to do if a port without PortFast was connected to an end user device and it powered on?

Answer 96

Wait for the switch to confirm the port is a DP, and in STP transition through the temporary listening and learning states

Question 97

What port types (PTP types) does RSTP enable PortFast on?

Answer 97

Point-to-Point Edge ports

Question 98

What is BPDU Guard?

Answer 98

A feature that disables a port if any BPDUs are received on that port, i.e. ports that should only ever be used as access ports

Question 99

Why is BPDU Guard useful?

Answer 99

To prevent an attacker connecting a switch to the port, affecting the topology, potentially copying data or causing loops