6. Basic Switch Management Flashcards
Imagine that you have configured the enable secret command, followed by the enable
password command, from the console. You log out of the switch and log back in at
the console. Which command defines the password that you had to enter to access
privileged mode?
a. enable password
b. enable secret
c. Neither
d. The password command, if it is configured
b. enable secret
An engineer wants to set up simple password protection with no usernames for some
switches in a lab, for the purpose of keeping curious coworkers from logging in to the
lab switches from their desktop PCs. Which of the following commands would be a
useful part of that configuration?
a. A login vty mode subcommand
b. A password password console subcommand
c. A login local vty subcommand
d. A transport input ssh vty subcommand
a. A login vty mode subcommand
An engineer had formerly configured a Cisco 2960 switch to allow Telnet access so
that the switch expected a password of mypassword from the Telnet user. The engineer
then changed the configuration to support Secure Shell. Which of the following
commands could have been part of the new configuration? (Choose two answers.)
a. A username name secret password vty mode subcommand
b. A username name secret password global configuration command
c. A login local vty mode subcommand
d. A transport input ssh global configuration command
b. A username name secret password global configuration command
c. A login local vty mode subcommand
An engineer’s desktop PC connects to a switch at the main site. A router at the main
site connects to each branch office through a serial link, with one small router and
switch at each branch. Which of the following commands must be configured on the
branch office switches, in the listed configuration mode, to allow the engineer to telnet
to the branch office switches and supply only a password to login? (Choose three
answers.)
a. The ip address command in interface configuration mode
b. The ip address command in global configuration mode
c. The ip default-gateway command in VLAN configuration mode
d. The ip default-gateway command in global configuration mode
e. The password command in console line configuration mode
f. The password command in vty line configuration mode
a. The ip address command in interface configuration mode
d. The ip default-gateway command in global configuration mode
f. The password command in vty line configuration mode
A Layer 2 switch configuration places all its physical ports into VLAN 2. The IP
addressing plan shows that address 172.16.2.250 (with mask 255.255.255.0) is reserved
for use by this new LAN switch and that 172.16.2.254 is already configured on the
router connected to that same VLAN. The switch needs to support SSH connections
into the switch from any subnet in the network. Which of the following commands are
part of the required configuration in this case? (Choose two answers.)
a. The ip address 172.16.2.250 255.255.255.0 command in interface vlan 1 configuration
mode.
b. The ip address 172.16.2.250 255.255.255.0 command in interface vlan 2 configuration
mode.
c. The ip default-gateway 172.16.2.254 command in global configuration mode.
d. The switch cannot support SSH because all its ports connect to VLAN 2, and the
IP address must be configured on interface VLAN 1.
b. The ip address 172.16.2.250 255.255.255.0 command in interface vlan 2 configuration
mode.
c. The ip default-gateway 172.16.2.254 command in global configuration mode.
Which of the following line subcommands tells a switch to wait until a show command’s
output has completed before displaying log messages on the screen?
a. logging synchronous
b. no ip domain-lookup
c. exec-timeout 0 0
d. history size 15
a. logging synchronous
What is a shared password
password with no username
How do you set the password ‘faith’ on for the console
line con 0
login
password faith
How do you set the password ‘hope’ for telnet
line vty 0 15
login
password hope
How do you set the password ‘love’ for the enable mode
enable secret love
How do you set the username wendell and password odem to use for the console
username wendell secret odem
line con 0
login local
How do you remove all passwords from the vty lines
no password
What can a user use instead of configuring multiple switches with local logins
AAA servers for authentication
What protocols do a AAA server generally use
RADIUS
TACACS+
Is SSH able to support shared passwords
No. SSH only supports authentication methods that use a username
How do you configure SSH for SW1 in using the example.com domain
(config)# hostname SW1 ip domain-name example.com crypto key generate rsa username wendell secret odem line vty 0 15 login local
How can you set the SSH to version 2
(config)# ip ssh version 2
What informaiton does a switch need to configure SSH
hostname and domain name for the switches FQDN
what is the lowest modulus value that is needed to support SSH v2
768 bit
How do you allow both SSH and Telnet
line vty 0 15 transport input all or line vty 0 15 transput input telnet ssh
How do you support neither SSH and Telnet
line vty 0 15
transport input none
What is the default transport input option for most switches
all
What is the transport input default for most routers
none
What are the general steps to configure SSH
- Configure public and private key pair with hostname and domain name and use crypto key generate rsa to generate the keys. Use modulus value of at least 768
- Optional - set the ssh to version 2
- Configure vty lines to accept ssh, telnet, both or none
- Configure local logins
How can you see which version of SSH is being used
show ip ssh
What information does ‘show ssh’ give
Info about each SSH client currently connected
Why should you not use a VLAN interface where there are no physical ports connected
VLAN will not reach up/up state and switch will not have physical ability to communicate outside of switch
How do you set the IP address for VLAN 1 to 192.168.0.4
conf t
int vlan 1
ip address 192.168.0.4
no shut down
How do you bring up an interface
no shutdown
How do you configure the default gateway for the switch to 172.16.31.1
conf t
ip default-gateway 172.16.31.1
How do you add the DNS server with IP 10.10.10.10 to VLAN 2
conf t
int vlan 2
ip name-server 10.10.10.10
What command is used to set a DNS server
ip name-server ipaddress
How do you configure an IP address for a switch using DHCP
conf t
int vlan 1
ip address dhcp
no shutdown
How do you see the dhcp address the switch is using
show dhcp lease
How will you know if DHCP fails
if you do show interface and no IP address shows up for the VLAN
How do you see the history of commands that have been entered in the current session
show history
how do you set the size of the history buffer for the current session to 10
terminal history size 10
how do you set the default number of commands saved in the history buffer for users
of the console or vty lines
history size x
How do you have console users not get logged off for inactivity
line con 0
exec-timeout 0 0
How do you stop a switch from trying to resolve an IP address when you mistype a command
conf t
no ip domain lookup
How do you have log messages not interrupt while you are trying to type
conf t
logging synchronous
How do you disable display of log messages to the console
no logging console
How do you see the key generated with SSH
show crypto key mypubkey rsa
Where is the SSH keys stored
flash
