Boson Flashcards

Question

You plan to add a TACACS+ server to SwitchA. You want vty connection attempts on SwitchA to be authenticated by the TACACS+ server. You will assign the TACACS+ server the 192.168.1.100 IP address, and you will use 'boson' as the encryption key. Configure SwitchA with the following parameters. - Configure AAA on the switch - Configure the TACACS+ server parameters on the switch - Create an authentication list named 'primary' that configures the TACACS+ server as the authentication method for users who remotely log in to the switch - Configure the first vty lines to use the 'primary' authentication list

Answer 1

SwitchA(config)#aaa new-model SwitchA(config)#tacacs-server host 192.168.1.100 SwitchA(config)#tacacs-server key boson SwitchA(config)#aaa authentication login primary group tacacs+ SwitchA(config)#line vty 0 4 SwitchA(config-line)#login authentication primary

Answer 2

- IPv4 VRRP virtual MAC address: 0000.5E00.01~~ - IPv6 VRRP virtual MAC address: 0000.5E00.02~~ - HSRPv1 virtual MAC address: 0000.0C07.AC~~ - HSRPv2 virtual MAC address: 0000.0C9F.F~~~ 10th group of each - IPv4 VRRP virtual MAC address: 0000.5E00.01 0A - IPv6 VRRP virtual MAC address: 0000.5E00.02 0A - HSRPv1 virtual MAC address: 0000.0C07.AC 0A - HSRPv2 virtual MAC address: 0000.0C9F.F 00A

Answer 3

1 'switchport port-security maximum [value]' value can be from [1] to [132]

Answer 4

'dot1x system-auth-control'

Answer 5

'authentication port-control'

Answer 6

auto, force-authorized, force-unauthorized Auto: Any device connected to the port must undergo the authorization process before gaining access to the network Force-authorized: any device connected to an 802.1x enabled port is automatically authorized and granted access to the network Force-unauthorized: any connected device is automatically unauthorized and denied from accessing the network

Answer 7

Used to prepare a single port to accept traffic from multiple hosts

Answer 8

'dot1x default'

Answer 9

Gateway Load Balancing Protocol feature provides automatic router backup for IP hosts configured with a single default gateway Members of a GLBP group elect one gateway to be the active virtual gateway (AVG) for that group. Other group members provide backup for the AVG in the event that the AVG becomes unavailable. AVG (active virtual gateway) is elected based on which router is configured with the highest priority value...or highest IP address value if multiple routers are configured with the same high priority value 2nd highest priority is elected as SVG (standby virtual gateway) Typically AVG and SVG function as AVFs within the group Only AVG responds to ARP queries

Answer 10

- Switch with the highest priority is elected stack master. - If many switches have same priority, switch with nondefault saved config is elected stack master - Then other complex criteria (check notes) 'switch [stack-id] priority [value]'

Answer 11

The original FCS It needs to be recalculated

Answer 12

802. 1w (RSTP) | 802. 1D(STP)

Answer 13

802. 1w (RSTP) 802. 1D (STP) 802. 1s (MST), Multiple Spanning Tree

Answer 14

Configure local switch priority to a value that will ensure local switch will become new root for MST instance. Default is 24576, but will configure value 4096 less than the current root priority value

Answer 15

Ensures switch is second lowest priority value. By default, configures switch to priority 28672. Lowest becomes root

Answer 16

For PAgP (Cisco proprietary): Switch A and B have to be in desirable mode or auto mode. Desirable can be with both auto or desirable. Auto and auto pair don't work. For LACP (IEEE Standards): Switch A and B have to be in active mode or passive mode. Active can be with both active or passive. Passive and passive pair doesn't work. Image on iPad 'show etherchannel summary'

Answer 17

'switchport mode [~~~]' Trunk ['trunk']: will only create trunk with any pair, except access (will make limited connectivity) Dynamic desirable['desirable']: will only crate trunk with all pairs except access (will make port access interface, nontrunking.) Access ['access']: port is placed in nontrunking no matter the neighbor port pair Dynamic auto ['auto']: put in trunk if pair is dynamic desirable or trunk. Place in access if dynamic auto (same) or access. Image in IPad

Answer 18

'switchport nonegotiate' To make trunk, the neighboring port must be set manually

Answer 19

desirable-desirable

Answer 20

dynamic desirable

Answer 21

VTP server mode, VTP client mode, VTP transparent mode 'vtp mode [server/client/transparent]' 'vtp domain ['domain-name']' VTP server mode is default Switches in VTP server mode or VTP client mode will synchronize info with other VTP server mode and VTP client mode switches in the same VTP domain. You can modify VLAN and VTP configuration info on switches in VTP server mode. Changes in a VTP server mode switch will propagate to other VTP server mode or client mode switches in VTP domain Switches in VTP transparent mode do not participate in VTP synchronization but does forward VTP advertisements

Answer 22

'spanning-tree vlan [primary/secondary] root'

Answer 23

Trunk port connection

Answer 24

VTP domain name, VTP password, VTP version

Answer 25

802.1Q is IEEE. ISL(inter-switch link) is Cisco proprietary

Answer 26

VLANs that are listed under the 'vlans allowed and active in management domain' section BUT not listed under 'Vlans in spanning tree forwarding state and not pruned' section are either pruned or blocked by STP

Answer 27

The supplicant: EAP-capable client, such as a user workstation -Sends authentication credentials to an authenticator Authenticator: an access switch -Forwards authentication credentials to an authentication server Authentication server: a RADIUS server -Verifies the credentials using either a local or a remote user database

Answer 28

'show ip dhcp snooping': displays general info about the DHCP snooping config on a switch, such as virtual LANs for which DHCP snooping is enabled and the trusted state of each interface 'show ip dhcp snooping binding': shows the dynamic entries in the binding table, you can see the 'lease (sec)' 'show ip dhcp snooping statistics': displays statistical info regarding the number of frames that have been forwarded or dropped by the DHCP snooping config on a switch 'show ip dhcp snooping database': displays status of the DHCP snooping binding table agent and statistics regarding the status of the binding table, such as the URL where the binding table can be found and how many successful writes have been committed to the table IPad has the output screenshots

Answer 29

``` 2 ports, 4:4 3 ports, 3:3:2 4 ports, 2:2:2:2 5 ports, 2:2:2:1:1 6 ports, 2:2:1:1:1:1 7 ports, 2:1:1:1:1:1:1 8 ports, 1:1:1:1:1:1:1:1 ``` Six

Answer 30

Both egress and ingress traffic SPAN enables you to monitor traffic on a switch by configuring 1 or more ports in 1 or more VLANs on the switch as the source port and a single port on the switch as the destination port. Traffic that arrives on the source ports is copied to the destination port for analysis

Answer 31

Transit halt delay: defines max amount of time required to transition a port to the blocking state after the STP algorithm has determined that the port should be blocked -Max value = 1 sec Bridge transit delay: defines the amount of time between a switch receiving and then sending the same frame (single frame) -Max value= 1 sec BPDU transmission delay: defines the amount of time between a switch receiving and then sending a BPDU -Max value=1 sec Medium access delay: the amount of time between the switch CPU making a forwarding decision and the frame physically leaving the switch -Max vlaue=.5 sec

Answer 32

ISL, Dot1q, Negotiate

Answer 33

CDP, 01:00:0C:CC:CC:CC LLDP, 01:80:C2:00:00:00, 01:80:C2:00:00:03, 01:80:C2:00:00:0E (used exclusively, others used on older versions) PVST+, 01:00:0C:CC:CC:CD [for VLANs other than 1] and 01:80:C2:00:00:00 [for VLAN 1]

Answer 34

32 bits -or- 4 bytes to every frame except frames on the native VLAN

Answer 35

vlan dot1q tag native

Answer 36

- swithcport trunk allowed vlan{add/all/except/remove ['vlan-list'/all/none]} - specifies which VLANs are allowed or denied on a trunk port

Answer 37

'vlan filter blurb vlan-list 1'

Answer 38

Both switches must be configured with matching aggregation protocols [pagp/lacp]

Answer 39

sdm prefer [~~] Access—maximizes system resources for access control lists (ACLs) to accommodate a large number of ACLs. Default—gives balance to all functions. Routing—maximizes system resources for IPv4 unicast routing, decreases the number of unicast MAC addresses, but increases the number of indirect, unicast routes VLAN—disables routing and supports the maximum number of unicast MAC addresses. It would typically be selected for a Layer 2 switch.

Answer 40

show sdm prefer

Answer 41

Ports connected to switches that should not become the root

Answer 42

Ports connected to switches that should not become the root 'spanning-tree root guard'

Answer 43

Configure the HSRP priority for router R1 to decrease or increase by 15 when Fa0/2 goes down or comes back up. If 15 was not specified, the default would be 10.

Answer 44

If R1 was the active router and the priority went below that of R2s, then R2 will send coup message and assume active router role. This happens in an HSRP standby group

Answer 45

'show interfaces trunk'

Answer 46

'show vtp status'

Answer 47

300 seconds 'show log' 'show errdisable recovery'

Answer 48

VLAN SDM Template

Answer 49

Source, intermediate, and destination

Answer 50

VTP must be enabled and source, intermediate, and destination switches must reside in the VTP domain

Answer 51

One of them is that SPAN is limited to a single, local device, RSPAN enables you to monitor traffic on a network by capturing and sending traffic from a source port on one device to a destination port on a different device on a nonrouted network

Answer 52

RSPAN VLANs should only contain trunk interfaces. Any access interfaces will be put into suspended state.

Answer 53

'show vlan'

Answer 54

'show interfaces trunk'

Answer 55

Only access ports are shown in the 'show vlan' command

Answer 56

'switchport voice vlan dot1p' , sends voice traffic with default 802.1p priority of 5 and uses VLAN 0, requires a VLAN ID but does not require a unique voice VLAN to be created Voice: tagged as VLAN 0 Data: Untagged, Native VLAN 'switchport voice vlan none' , enables the IP phone to use its configuration to send untagged voice traffic and untagged data traffic over the access VLAN. Voice traffic transmitted with data traffic. Voice & Data: Untagged; Access VLAN 'switchport voice vlan ~' , sends vocie traffic over VLAN ~, which is a unique VLAN. Voice traffic is carried on unique voice VLAN and data traffic carried over native VLAN Voice: Tagged as VLAN ~ Data: Untagged: Native VLAN 'switchport voice vlan untagged' ,configures IP phone to send both untagged voice traffic and untagged data traffic over the native VLAN Voice & Data: untagged; Native VLAN

Answer 57

'standby [group number] text authentication [key-string]' for plain-text, key-string can be up to 8 characters For MD5: 'standby [group number] authentiction md5 key-string [0 | 7] [key-string]' 0 keyword indicates a plain-text value or 7 keyword to indicate a value that has been encrypted by using Cisco's internal encryption algorithm

Answer 58

'lldp run' to enable 'lldp transmit' and 'lldp receive' if a 'no lldp transmit/receive' command is configured verify with 'show lldp' to see LLDP configuration Default for interface to send and receive LLDP packets if LLDP is enabled

Answer 59

- If SwitchB is configured to use 802.1D (STP) - If fe0/2 port of SwitchB is discarding (blocking) - If fe0/1 port of SwitchA is designated port and fe0/2 port of SwitchB is blocking If switch is configured to use MST, it would also be configured to use RSTP

Answer 60

Transparent, in VTP v1 and v2. In v3 you can do in client and server mode

Answer 61

The TPID (Tag Protocol Identifier) field

Answer 62

Indicates the 802.1p frame priority level from 0 through 7

Answer 63

Indicates whether the MAC address is in canonical format or noncanonical format, 0 or 1 respectively

Answer 64

Identifies VLAN from 0 through 4095

Answer 65

An SVI is a switched virtual interface (SVI), a logical interface that represents the physical interfaces in a VLAN. ``` #'interface vlan 2' #'ip address 192.168.2.1 255.255.255.0 #'no shutdown' ```

Answer 66

Multiple SPAN sessions can monitor traffic from a single SPAN source port, only a single session can be associated with a SPAN destination

Answer 67

The port is placed into an 'up/down' interface state to indicate it is no longer capable of operating as a normal switch port. The SPAN destination port no longer participates in Layer 2 protocols and can no longer be the destination of other SPAN sessions. Also, if the SPAN destination port is a member of a VLAN that is included as the source for another SPAN session, the port is excluded from the source list for that session.

Answer 68

Speed and duplex settings must be the same

Answer 69

They should be in the same VLAN

Answer 70

1. ) Switch with highest priority 2. ) - Switch with IP Services with cryptographic image - Switch with IP Services with NO cryptographic image - Switch with IP base with cryptographic image - Switch with IP base with NO cryptographic image 3. ) Non-default configured switch 4. ) Switch with longest uptime 5. ) Switch with the lowest MAC address

Answer 71

A hash algorithm

Answer 72

Source MAC address

Answer 73

Stack ID is used to uniquely identify a switch in a StackWise switch stack. By default, all switches use stack ID 1. If two switches attempt to use the same stack ID, the switch with the higher priority will retain the stack ID number and the other switch will automatically be assigned a new stack ID

Answer 74

The switch priority, dynamically allocated STP MAC address and extended system ID (if enabled on switch) create the BID. The BID uniquely identifies a switch, a switch must have a unique BID for every configured VLAN

Answer 75

All traffic on the trunk is mirrored to the SPAN destination as untagged traffic. However, you can use the 'encapsulation replicate' keywords when configuring a SPAN destination to ensure that the encapsulation used by packets on the trunk is preserved

Answer 76

'monitor session 1 filter vlan 10, 20' , you do this because all VLAN traffic is monitored by default on a SPAN source trunk port so you must use methods, such as VLAN filtering, if you want to limit the number of monitored VLANs to a subset of those active on the trunk(that is specified as a SPAN source) Q. 44 Boson C

Answer 77

err-disabled

Answer 78

If a port receives superior BPDU, root guard will place port into root-inconsistent state and block all data flowing through the port until the port stops receiving superior BPDUs They are used to prevent newly introduced switches from being elected the new root

Answer 79

If the port has loop guard enabled and the port stops receiving BPDUs, the port will go into loop-inconsistent state Loop guard prevents a switch from transitioning to the forwarding state when it stops receiving BPDUs, which prevents switching loops from occurring. By placing inconsistent ports into blocking state.

Answer 80

Yes, routing protocols are available to all stack members as long as the stack master is running the appropriate software image

Answer 81

It appears as a single node in an STP topology

Answer 82

Similar: - Both supported by non-Cisco devices - Both AAA protocols TACACS+: - Cisco proprietary protocol - TCP - Port number 49 - A, A, A separated - All AAA packet encrypted - Multiprotocol support - For device administration - Provides router command authorization capabilities RADIUS: - Open standard protocol - UDP - Port 1812,1813 - Authentication & Authorization is combined - Only passwords are encrypted (in Access-request) - No multiprotocol support - For network access - Developed as an IETF standard protocol

Answer 83

Normal-range VLANs are numbered 1 to 1005. Extended VLANs are numbered from 1006 to 4094. A switch must use either transparent mode or VTP version 3 to support extended VLANs.

Answer 84

It tracks which VTP configuration is the latest version. Switches ignore advertisements with a configuration revision number lower than their own. So, before you add a switch to a VTP domain, you should always ensure that the conf. rev. #is lower than the configuration revision number on switches currently in the VTP domain or else the info on the new switch will propagate to the other switches in the VTP domain. You reset configuration number on a switch to 0 by changing the VTP domain name 'vtp domain [name]'. Change VTP mode to transparent mode (switches in transparent mode always have a conf. rev. number of 0) and then back to server or client mode. If switch is in client mode, you can reboot it.

Answer 85

Switches in VTP server or transparent mode, NOT VTP client mode

Answer 86

Pruning conserves bandwidth by preventing the flooding of traffic to VLANs that do not require the traffic 'vtp pruning' to enable

Answer 87

Because the traffic mirroring process creates an added burden on the switch CPU. When SPAN is enabled, both internal traffic and forwarding engine traffic are doubled. In addition, the traffic across the switch fabric is increased; if multiple SPAN sources are mirrored to a single SPAN destination, the destination could become oversaturated

Answer 88

In 802.1x port-based authentication, port security, STP, VTP,DTP, private VLANs, and 802.1Q tunneling

Answer 89

You can specify an EtherChannel interface as a destination port, but only the on mode is supported. PAgP and LACP are not supported on a SPAN destination port

Answer 90

'monitor session 1 destination interface fastethernet 1/0'

Answer 91

'(config-if)#storm-control broadcast level 80 60'

Answer 92

'(config-if)#storm-control multicast level 0 0'

Answer 93

'(config-if)#storm-control unicast level 100'

Answer 94

'switchport port-security | switchport port-security mac-address 1111.2222.3333'

Answer 95

Primary: 'private-vlan primary' Secondary: 'private-vlan [isolated|community]' Only secondary VLANs can be configured as isolated or community VLANs

Answer 96

'switchport mode private-vlan [promiscuous|host]' Promiscuous: configures port to communicate with any secondary VLAN. Devices (such as a router, firewall, or gateway) that should be reachable from any secondary VLAN should be connected to promiscuous ports. Host: devices connected to isolated or community VLANs should be connected to host ports

Answer 97

Dynamic Trunking Protocol (DTP) is used to negotiate whether to establish a trunk and to negotiate the encapsulation used on the trunk. Trunk links between switches can be either set either manually or automatically configured by using DTP

Answer 98

'(config)#aaa terminal (config)#aaa authentication dot1x default group radius (config)#dot1x system-auth-control (config)#interface fastethernet 0/1 (config-if)#dot1x port-control [force-authorized|force-unauthorized|auto]' Force-authorized:

Answer 99

'(config)#aaa terminal (config)#aaa authentication dot1x default group radius (config)#dot1x system-auth-control (config)#interface fastethernet 0/1 (config-if)#dot1x port-control [force-authorized | force-unauthorized | auto]' Force-authorized: configures port to authorize any host that connects to the port; no 802.1x authentication process will take place. Any host connected to port will be able to send traffic through switch. Force-unauthorized: configures the port to never allow authentication for a connected host. Host will be unable to send traffic through port Auto: enable 802.1X authentication on the port. If the host is configured with 802.1X authentication, the host will be authenticated and will be able to send traffic through the switch

Answer 100

SDM template can be used to maximize support for individual switch features depending on how the switch is used. Template of stack master will propagate to all switches in stack 'sdm prefer [access/default/routing/vlan]' Access: provides for using a large number of ACLs by optimizing resources for ACLs Default: balances system resources for use in all features Routing: optimizes resources for use with IP version 4 (IPv4) unicast-routing VLAN: is typically used on Layer 2 switches to support the max number of unicast MAC addresses; disables routing in hardware 'show sdm prefer' to verify

Answer 101

'(config)#vlan access-map boson 10 (config-access-map)#match ip address ip-hosts (config-access-map)#action drop (config-access-map)#vlan access-map boson 20 (config-access-map)#action forward' vlan access-map [name] [sequence #] : creates a VACL with name [name] and places switch into access map config mode for sequence [seq. #] of the VACL. Every VACL sequence has an associated action that is taken if a packet satisfies all of the match criteria defined in sequence. The valid options for a VACL sequence action is: forward, drop, and redirect For example, 'action drop' specifies that sequence 10 will discard any packet that satisfies all the criteria listed in the match statements Later, since there were no match statements in sequence 20 (a random number after 10) all packets that reach the sequence will be forwarded normally. Sequence 20 is necessary because the default action for a VACL is to discard any packets that have not been explicitly forwarded or redirected by an access map sequence

Answer 102

PortFast is automatically enabled. However, PortFast is not automatically disabled when the same voice VLAN is disabled

Answer 103

30 seconds 'lldp timer [5 to 65534]'

Answer 104

'spanning-tree mode mst' It enables RSTP, which slows the transition of an STP port to the forwarding state, thereby increasing convergence speed

Answer 105

The region name, the configuration revision number, and the VLAN-to-instance mapping table must match First, enter MST configuration mode: 'spanning-tree mst configuration' Then, For MST region name: 'name [region name] MST configuration revision number: 'revision [revision-number]' To map VLANs to an instance: 'instance [instance-number] vlan [vlan-range]'

Answer 106

By default, storm control is disabled on Cisco switches It blocks a certain traffic type [unicast | multicast | broadcast] if the rising threshold is exceeded for the traffic type Storm control is supported on EtherChannel. You must configure storm control on the EtherChannel bundle Rising and falling threshold values can be expressed in terms of packets per second, bits per second, or as a percentage of available bandwidth 'storm-control [broadcast | multicast | unicast] level { [percent-rising [percent-falling]] bps [bps-rising[bps-falling] | pps [pps-rising [pps-falling]] } '

Answer 107

By default, storm control is disabled on Cisco switches It blocks a certain traffic type [unicast | multicast | broadcast] if the rising threshold is exceeded for the traffic type until the traffic rate falls below another threshold value called the falling threshold Storm control is supported on EtherChannel. You must configure storm control on the EtherChannel bundle Rising and falling threshold values can be expressed in terms of packets per second, bits per second, or as a percentage of available bandwidth 'storm-control [broadcast | multicast | unicast] level { [percent-rising [percent-falling]] bps [bps-rising[bps-falling] | pps [pps-rising [pps-falling]] } '

Answer 108

'channel-protocol [pagp | lacp] 'channel-group [group #] mode [desirable | auto | active | passive]'

Answer 109

All untagged ingress traffic on trunk links should be dropped All egress traffic on trunk links should be tagged

Answer 110

'spanning-tree guard none' A root guard or loop guard is enabled on an interface

Answer 111

'show spanning-tree inconsistentports'

Answer 112

'monitor session 1 source/destination remote vlan 4, 10-12, 15' remote vlan is the keyword RSPAN enables you to monitor traffic on a network by capturing and sending traffic from a source port on one device to a destination port on a different device on a nonrouted network

Answer 113

- Create an RSPAN VLAN on both switches - Create a monitor session on the neighboring switch with the monitored port as the source and the RSPAN VLAN as the destination - Create a monitor session on the local switch with the RSPAN VLAN as the source and the monitoring port as the destination

Answer 114

``` TPID (16 bits) Priority field (3 bits) CFI field (1 bit) VID field (12 bits) ```

Answer 115

007.B400.0102 GLBP Virtual MAC address starts with the prefix 0007.B4, the next four hexadecimal values represent the group number, and the final two hexadecimal values represent the gateway number.

Answer 116

Multiple Spanning Tree (MST), used to create a spanning tree instance for each group of virtual LANs (VLANs). Although MST can be used to define a spanning tree instance for each VLAN, it is best used to define a spanning tree instance for each set of VLANs along a redundant path.

Answer 117

Multiple Spanning Tree (MST), used to create a spanning tree instance for each group of virtual LANs (VLANs). Altough MST can be used to define a spanning tree instance for each VLAN, it is best used to define a spanning tree instance for each set of VLANs along a redundant path.

Answer 118

PVST+ always creates a spanning tree instance for each VLAN. PVST+ is a Cisco-proprietary form of STP. When implemented, 802.1Q encapsulation must be used. If ISL encapsulation is used, PVST must be used instead of PVST+

Answer 119

It is an authorization protocol that enables access to an existing directory, such as Microsoft Active Directory Domain Services (AD DS). It uses Transmission Control Protocol (TCP) port 389 by default.

Answer 120

It's a standards-based authentication protocol that can use TCP port number 88 or UDP port number 88

Answer 121

LLDP is a Layer 2 open-standard discovery protocol that is used to facilitate interoperability between Cisco devices and non-Cisco devices. It only operates between network devices (such as routers, switches, and access server, not between endpoint)

Answer 122

It is an extension of LLDP. It operates between endpoints devices (such as PC or VoIP phone) and vendor-neutral network devices

Answer 123

CDP is a Layer 2 Cisco-proprietary protocol that is used to advertise and discover only directly connected Cisco devices on a local network. For example, a Cisco switch would use CDP in order to determine whether an attached VoIP phone is a Cisco device. CDPv2 is an enhancement to CDP that reduces downtime through a feature that allows for rapid error tracking.

Answer 124

If the port receives a BPDU, the port will go into err-disabled state

Answer 125

1. ) A layer 3 switch with IP routing enabled and SVIs configured (config) #ip routing (config) #interface vlan 2 (config-if)#ip address 192.168.2.1 255.255.255.0 [could be anything, pretty sure] (config-if)#no shutdown (config-if)#interface vlan 3 (config-if)#ip address 192.168.3.1 255.255.255.0[could be anything, pretty sure] (config-if)#no shutdown 2. ) A layer 2 switch connected via a trunk link to a router with subinterfaces configured * Boson for config*

Answer 126

'show mac address-table interface fastethernet 0/2 | include DYNAMIC' Make sure dynamic is capitalized because it's case sensitive, also for STATIC Other options are exclude and begin instead of include

Answer 127

memory partitions in TCAM memory, only on switches with single TCAM chips. Guidelines to how to divide memory.

Answer 128

- Broadcast storms are detected by the Storm Control feature - ARP inspection violations - A flapping of trunking encapsulation types - BPDUGuard

Answer 129

The port will go back up after 300( 5 minutes) by default if the port was sent to errdisable by BPDU or other cause(. If you want to to change, you have to put 'errdisable recovery interval [30 to 65535]'

Answer 130

UDLD has two modes - Normal and Aggressive. Normal just prints out a syslog message, while aggressive pushes violations into error-disabled mode after 3 misses.

Answer 131

If the port goes from bi-direction to unidirectional

Answer 132

The specific VLAN goes to inactive mode (inactive in Access Mode) and the interface does not go back to the native VLAN, it just doesn't work

Answer 133

'(Config)#vlan 5 (Config-vlan)#interface FastEthernet0/5 (Config-if)#switchport mode access (Config-if)#switchport access vlan 5' Won't form VLAN trunk because of mode access command

Answer 134

Extended VLANs, 1006 to 4094

Answer 135

Local VLAN pretty much just stays in building or department, end-to-end is to a wider area per say. Local VLANs should only be designed into network that traffic is expected to follow the 20/80 rule(80% of traffic will leave the VLAN). For end-to-end, it's 80/20 rule (80% of traffic stays in VLAN)

Answer 136

By default, laptops and PCs can not understand 802.1Q tags. So it could be useful in certain scenarios, opposed to using ISL.

Answer 137

Switch with the "primary server" operating mode If the VTPv3 switch is VTP Operating Mode; Primary Server while the VTPv2 switch on Server mode, they won't be able to update each other because each switch will think it's the leader. Also, the Configuration revision number could mismatch

Answer 138

``` (Config)#vtp domain ‘name’ (Config)#end #vtp version 3 #vtp primary #config t (Config)#vlan 999 ```

Answer 139

The 'switchport trunk pruning vlan 4, 9' . The command is a prune eligibility list. The vlans listed in this command are the VLANs eligible for pruning. By default, all VLANs are allowed on a trunk and all VLANs (between 2 and 1001, inclusive) are eligible for pruning if pruning is enabled globally with the 'vtp pruning' command. Once you manually configure an eligibility list then only those VLANs on the list are eligible for pruning If 'switchport trunk allowed vlan 3' , then VLAN 3 will never be pruned

Answer 140

(config)#interface 'interface #' (config-if)#no ip address (config-if)#channel-protocol [lacp/pagp] (config-if)#channel-group '#' mode [active | passive | desirable | auto | on ] Verify: show running-config interface 'interface' show interfaces 'interface' etherchannel

Answer 141

(config)# interface port-channel 'group #' (config-if)#ip address 1.1.1.1 255.255.255.0 (config-if)#no shutdown (config-if)#end (config)#interface 'interface' -or- (config)#interface range 'interface range' (config-if)#channel-group # mode [active | passive | desirable | auto | on] Verify: show running-config interface 'interface' show interfaces 'interface' etherchannel

Answer 142

(config)#port-channel load-balance

Answer 143

'show etherchannel summary' It means that EtherChannel is not fully functional and not bundled in an EtherChannel

Answer 144

When a switch configured for EtherChannel receives Spanning-Tree BPDUs from a remote switch with unique STP Sending Port-IDs, this will trigger EtherChannel Misconfiguration Guard

Answer 145

Max-age timer: 20 seconds, time after a root port receives a BPDU, after it goes to listening stage Forwarding-Delay timer: 15 seconds, after this the port will go from Listening to Learning stage Forwarding-Delay timer: 15 seconds (again), after this the port will go from learning to forwarding (designated port) 50 seconds total

Answer 146

All dynamic MAC addresses learned in VLAN-2 will have their Aging Timer modified to match the value of the Spanning-Tree Forwarding Delay

Answer 147

Rapid-PVST allows any Bridge to send a Topology Change BPDU whereas PVST+ restricts this action solely to the Root Bridge

Answer 148

If two switches are connected directly with full-duplex the ports converge to final state in 2 seconds

Answer 149

- That switch is connected to another switch running 802.1w - That switch is connected to another switch in a different MST Region - That switch is connected to another switch running 802.1d

Answer 150

With 'show interface trunk' The number of instances (other than instance 0) determiens number of Mrecords

Answer 151

``` Config t Spanning-tree mst config name ‘name’ Revision 1 Instance 1 vlan ‘range vlan’ Instance 2 vlan ‘range vlan’ Exit Spanning-tree mode mst ```

Answer 152

- The RSPAN destination interface will be placed in ‘monitoring’ mode by default - A SPAN session requires that the destination be a physical interface on the same switch as the SPAN source

Answer 153

The router with the highest IP address becomes the active router and the second-highest becomes the standby router. They will be sending HSRP hello packets every 2 seconds. If there are 3 or more routers, the others will be in the listening state.