3 - Implementing VLANs and STP Flashcards
1
Q
What is a VLAN?
A
A separate broadcast domain, virtually created on the switch
2
Q
How do VLANs improve security and host performance?
A
Fewer hosts see copies of frames (broadcasts, multicasts, unknown unicasts) sent by one host, because it creates smaller broadcast domains. Allow per VLAN security policies
3
Q
When do you need VLAN trunking and what does it do?
A
Networks with multiple interconnected switches. Allows traffic for multiple VLANs to be sent over a single link
4
Q
What is a VLAN tag?
A
A small header added to an Ethernet frame so that frames can be identified as belonging to a given VLAN
5
Q
What are the two trunking protocols Cisco primarily supports and which is more popular?
A
Inter-Switch Link (ISL)
IEEE 802.1Q is more popular
6
Q
How do ISL and IEEE 802.1Q differ?
A
802.1Q inserts an extra 4 byte VLAN header into the original frame’s Ethernet header (that also contains the VLAN ID)
7
Q
How many bits is the VLAN ID inside the 802.1Q header?
A
12 bits
8
Q
What is the max number of VLANs supported by ISL and 802.1Q?
A
4096 but only 4094 usable. 0 and 4095 are reserved.
9
Q
What number VLANs are in the standard range?
A
1 - 1005
10
Q
What number VLANs are in the extended range?
A
1006 - 4094
11
Q
What is the default native VLAN?
A
1
12
Q
What does 802.1Q do with frames in the native VLAN?
A
Nothing. It does not add a header
13
Q
What are non-trunking interfaces called?
A
Access interfaces / static access interfaces
14
Q
What commands would you use to setup a VLAN and add a port to it on a switch?
A
vlan 10 name TestVLAN interface f0/10 switchport access vlan 10 switchport mode access
15
Q
How could you list simple VLAN information on a switch?
A
show vlan brief
16
Q
What is special about VLANs 1002-1005?
A
They cannot be deleted
17
Q
How can you disable VTP on a Switch?
A
vtp mode transparent
vtp mode off
18
Q
What does VTP transparent mode do?
A
Prevent VTP from learning and advertising about VLAN configuration itself, but still forwards VTP advertisements
19
Q
How can you check VTP status?
A
show vtp status
20
Q
True / False: The show running-config command shows VLAN commands
A
False
21
Q
What is DTP for?
A
Dynamic Trunking Protocol. Two connected switches use this protocol to negotiate which type of trunking to use (ISL or 802.1Q)
22
Q
How does the dynamic desirable Trunk administrative mode work?
A
Initiates negotiation messages and responds to negotiation messages to trunk
23
Q
How does the dynamic auto Trunk administrative mode work?
A
Passively waits to receive trunk negotiation messages at which point the switch will respond and negotiate
24
Q
What is the operational mode of an interface?
A
The mode that it is currently actually active on an interface, e.g. static access
25
What is the default administrative trunking mode on an interface?
dynamic auto
26
What command would you use to show all interfaces that are trunking?
show interfaces trunk
27
How could you show information for a specific VLAN?
show vlan id 2
28
What happens when one end of a link has its trunking administrative mode set to trunk and the other to access?
This causes problems. Avoid this combination
29
What does Cisco recommend configuring trunk negotiation to for better security?
Disabling it on most ports
30
What two commands could you use to disable DTP / trunking negotiations?
switchport mode access
| switchport nonegotiate
31
What is IP telephony?
Phones using IP packets to send and receive voice represented as bits in an IP packet
32
What is a Cisco product that performs IP telephony control
Cisco Unified Communication Manager
33
What did Cisco do to help solve the issue of only a single UTP cable being available at a persons desk but needing one for the phone and one for their PC?
Embedded a small three-port switch into each phone
34
Given a phone and a PC are recommended to be in different VLANs, how does a Switch port support a phone and a PC?
Port acts like an access link for the PCs traffic and a bit like a trunk for phone traffic. Two VLANs: Data VLAN and Voice VLAN. The port mostly acts like an access port, but Voice frames flow with 802.1Q headers
35
How would you configure a switch with a data and voice vlan?
```
vlan 10
vlan 11
interface range F0/1-4
switchport mode access
switchport access vlan 10
switchport voice vlan 11
```
36
How can you view detailed information about the operation of an interface?
show interfaces F0/1 switchport
37
Do interfaces with Voice VLANs enabled show up in the output of the 'show interfaces trunk' command?
No. But `show interfaces F0/1 trunk` would list additional information with a status of not-trunking
38
How would you enable or disable a vlan?
no shutdown vlan 10
| shutdown vlan 20
39
What command would you use to show which VLANs will be forwarded over a given trunk interface?
switchport interfaces F0/1 trunk
40
What command is used to administratively limit which VLANs are allowed on a trunk interface?
switchport trunk allowed vlan 1-60
41
What is VLAN hopping?
When a frame is sent in one VLAN but believed to be in a different VLAN. This would occur when two switches had configured their native VLANs to different numbers
42
What does STP/RSTP prevent?
It prevents frames looping indefinitely in LANs with redundant links
43
What is a broadcast storm?
When a frame is looping around the network indefinitely, saturating all links with multiple copies of that frames preventing normal frames from being processed
44
What is MAC table instability?
An issue where MAC address tables keep changing because frames with the same source MAC arrive on different ports, such as in a broadcast storm
45
What are the three main classes of problem caused by not using STP in redundant LANs?
Broadcast storms
MAC table instability
Multiple frame transmission
46
What is STP convergence?
When switches in a LAN realize there has been a topology change and update interface blocking / forwarding states
47
How does STP/RSTP work?
Uses the STA (Spanning Tree Algorithm) to create a spanning tree of interfaces that forward frames, effectively creating a single path to and from each link
48
What are the three steps STP/RSTP uses to decide if an interface should go into the forwarding state?
1. Elect a root switch and put all working interfaces on it in the forwarding state
2. Every non root switch places its root port (RP) (least root cost path) into forwarding state
3. For every two switches on a link, the one whos port has the lowest root cost is placed in the forwarding state. This switch is the designated switch, with its designated port (DP)
49
What is a non root switches root cost?
The port considered to have the least administrative cost between it and the root switch
50
What is a designated port?
A Switch port designated to forward onto a collision domain. Basically the Switch with the lower cost to reach the root among both switches on a segment becomes the DP on that segment
51
What is a BID?
Bridge ID
8 byte value must be unique to each switch
Made of 2 bytes priority field, 6 bytes burned in System ID
52
What is a BPDU? What is an alternative name for them?
Bridge Protocol Data Unit
| Configuration BPDUs
53
What is BPDU used for?
For switches to exchange information with each other
54
What is the most common BPDU and what is it used for?
BPDU Hello
- Sending switch's BID
- Sender's root cost
- Root bridge ID
- Timer values on root switch
55
What is the sender's Root Cost in a Hello BPDU?
The cost between the switch and the current root
56
What is important about the BID in the Root election process?
The switch with the lowest BID becomes the root (based on the 2 byte priority value at the start)
57
What happens if there is a tie in BID priority in the Root election process?
The switch with the lowest MAC becomes the root
58
How does the Root election process take place?
Each Switch sends a Hello BPDU claiming it is root.
If a Switch receives a Hello BPDU from another Switch that has a lower priority then it stops advertising itself as root and starts forwarding the superior Hello BPDU
59
What happens if there is a tie between root cost for two paths when selecting a root port?
1. Choose based on lowest neighbor bridge ID
2. Choose based on lowest neighbor port priority
3. Choose based on lowest neighbor internal port number
60
What does a non-root switch do when forwarding a Hello?
1. Sets the root cost field in the Hello to that Switches cost to reach the root
2. Changes the senders BID to its own BID
3. Forwards the Hello out all designated ports
61
What happens if there is a tie for advertised costs when selecting a Designated Port (DP)?
1. The Switch with the lowest BID wins
62
What two additional tie breakers are sometimes needed for ties in advertising cost when electing a DP?
1. Lowest interface STP/RSTP priority
| 2. Lowest internal interface number
63
What are the two main tools used by engineers to influence choices in STP/RSTP?
1. Changing the BID
| 2. Changing STP/RSTP port costs
64
What are the default port costs used by Cisco in STP/RSTP?
100 for 10Mbps
19 for 100Mbps
4 for 1000Mbps
2 for 10Gbps
65
How often does an STP root switch send a new Hello BPDU by default?
2 seconds
66
How often does the root Switch send Hellos?
Every 2 seconds
67
What are the three STP timers and their default values?
Hello timer - 2 seconds
MaxAge timer - 10 x Hello timer
Forward delay - 15 seconds
68
What is the MaxAge timer?
How long any switch should wait after ceasing to hear Hellos before trying to change the STP topology
69
What is the Forward Delay timer?
Delay that affects the process that occurs when an interface changes from blocking to forwarding state. The port stays in interim listening state then learning state for the number of seconds defined by this timer
70
What are the two transitory phases in STP and what is their purpose?
Listening and Learning
To prevent temporary loops
71
What is the Listening state in STP?
Interface does not forward frames
Old stale / unused MAC table entries for which no frames are received during this period are removed
72
What is the Learning state in STP?
Interface does not forward frames
Switch begins to learn MAC address of frames received on the interface
73
What is the time between each interim state in STP?
The time set in the Forward delay counter (15 seconds default)
74
What is the RSTP equivalent of the STP blocking state?
Discarding state
75
What is the key improvement brought by RSTP?
Faster convergence time
76
How does RSTP improve speed?
Changes and adds ways to avoid waiting long periods on STP timers. This means quicker transitions between blocking / discarding to forwarding and vice versa
77
What are two new mechanisms added by RSTP with respect to ports that improve speed over STP?
1. Mechanism added for Switch to replace Root port without any waiting to reach forwarding state
2. Mechanism added to replace Designated port without any waiting to reach forwarding state
78
What does RSTP shorten the MaxAge timer to?
3 x the Hello timer
79
What is an alternate port in RSTP?
Port that replaces the root port if it fails
80
What is a backup port in RSTP (for designs that use Hubs)?
Port that replaces a designated port if it fails
81
What does RSTP do differently to STP with regards to Hello BPDUs?
Instead of the Root port generating Hello and all other switches forwarding it as with STP, each switch independently generates its own Hellos
82
How does RSTP allow switches to avoid waiting for timers to expire as a means to learn information?
Neighbors can query each other rather than waiting for timers to expire
83
What does RSTP do differently to STP with respect to selecting a RP role?
STP only selects one Root port role. RSTP does this but also identifies other potential root ports naming them alternate ports
84
What is the criteria to be an Alternate port?
Both the Root port and the port in question must receives Hellos that identify the same root switch
85
How long must an alternate port wait before changing state and forwarding when taking over from a Root port?
It doesn't need to wait for any timers between states or before forwarding, it can do this immediately
86
What state does RSTP not have that STP has?
Listening
87
What are the two STP states equivalent to the RSTP Discarding state?
Blocking
| Disabled (administratively)
88
What is the problem with MAC table entries during topology changes?
Existing entries may cause a loop. This is why switches have to time them out / clear them
89
How does RSTP achieve MAC table clearing during topology changes?
Exchange of BPDU messages with neighbors
90
True/False: Hubs force attached Switch ports to use half-duplex logic
True
91
What assumption does RSTP make about half-duplex ports?
That they may be connected to hubs, so it treats them as shared ports.
92
What is EtherChannel and what is a benefit of it?
Combines multiple parallel segments of equal speed between the same pair of switches, bundled into an EtherChannel.
Prevents STP convergence being needed when only a single port / cable failure occurs.
93
By default how many parallel segments can be in an EtherChannel?
Up to 8
94
What is PortFast?
Allows a switch port to immediately transition from blocking to forwarding state, bypassing listening and learning
95
What ports can you safely enable PortFast on?
You must only enable it on ports you know don't have bridges, switches or any other STP speaking devices connected
96
What must you wait for a switch to do if a port without PortFast was connected to an end user device and it powered on?
Wait for the switch to confirm the port is a DP, and in STP transition through the temporary listening and learning states
97
What port types (PTP types) does RSTP enable PortFast on?
Point-to-Point Edge ports
98
What is BPDU Guard?
A feature that disables a port if any BPDUs are received on that port, i.e. ports that should only ever be used as access ports
99
Why is BPDU Guard useful?
To prevent an attacker connecting a switch to the port, affecting the topology, potentially copying data or causing loops
