Boson Flashcards

Question 1

Q

Difference between ‘switchport port-security violation [protect/shutdown/restrict]’. What is the default violation mode?

Answer

A

They all discard unauthorized traffic

Protect: only discards

Restrict and Shutdown: logs unauthorized entry and increments SecurityViolation counter

Restrict: sends SNMP trap

Shutdown: places port in err-disabled state (effectively shuts down port)

Question 2

Q

Which FHRP protocol is specified in RFC5798 ?

Question 3

Q

What occurs when you enable UplinkFast on a switch?

What does UplinkFast do?

Answer

A

Port costs increase by 3000

If enabled on a switch with bridge priority less than 49152, the bridge priority is changed to 49152, if already greater the bridge priority remains at the higher value

UplinkFast increases convergence speed for an access layer switch that detects a failure on the root port

Question 4

Q

What is the default switch bridge priority and which bridge is most likely to become the root bridge?

Answer

A

32768 and the switch with the lowest bridge priority

Question 5

Q

Which commands or command sets will reset a port that has been shut down by UDLD?

Answer

A

‘udld reset‘
‘errdisable recovery cause udld’
‘no udld enable’, then ‘udld port’ or ‘udld aggressive’
‘no udld port’, then ‘udld port’ or ‘udld port aggressive’
‘shutdown’, then ‘no shutdown’

UDLD monitors a link to verify that both ends of the link are functioning

Question 6

Q

What traffic is untagged in regards to VLANs?

Answer

A

Native VLANs are untagged

Question 7

Q

What are PVLANs (private VLANs) for and what are they consisted of?

Answer

A

Helps isolate traffic within a VLAN

They include a primary VLAN and one or more secondary VLANs

Question 8

Q

What’s the difference between a host that connects to an isolated VLAN and a host connected to a community VLAN?

Answer

A

Host connected to an isolated VLAN can communicate with only the primary VLAN

A host connected to community VLAN can communicate with other hosts associated with the community VLAN as well as with the primary VLAN

Question 9

Q

Enable 802.1x port-based authentication

Answer

A

‘aaa new-model’

‘aaa authentication dot1q’

‘dot1x system-with-control’ (globally enables 802.1x on switch)

‘dot1x port-control {force-authorized/force-unauthorized/auto}’

Question 10

Q

Configure router to use EIGRP for AS 2

Answer

A

ip routing
router eigrp 2

An interface that should participate in EIGRP must have an IP address assigned

Question 11

Q

Which ports will Portfast be enabled if you issue the ‘spanning-tree portfast default’ command?

Answer

A

The command enabled Portfast by default on all access ports, trunk ports are not affected

Question 12

Q

What command makes an interface an access port?

Answer

A

‘switchport mode access’

Question 13

Q

How do you enable PortFast on individual ports?

Answer

A

‘spanning-tree portfast’

Question 14

Q

Name all the different ‘port-channel load-balance [~~~]’ commands. What are they used for? What is the default?

Answer

A

‘port-channel load-balance dst-mac’ : configures the EthernetChannel to loss balance based on the destination MAC address
‘port-channel load-balance src-ip’ : configures the EthernetChannel to loss balance based on the source IP address
‘port-channel load-balance dst-ip ’ : configures the EthernetChannel to loss balance based on the destination IP address
‘port-channel load-balance src-dst-mac’ : configures the EthernetChannel to loss balance based on the source and destination MAC addresses
‘port-channel load-balance src-dst-ip’ : configures the EthernetChannel to loss balance based on the source and IP addresses

‘port-channel load-balance src-mac’ is the default (load balancing based on source MAC address), issuing this command is the same as issuing ‘no port-channel load-balance’

Question 15

Q

What does ‘mac address-table static 000c.bacb.100d. vlan 10 drop’ do?

Answer

A

This filters frames in VLAN 10 with a source or destination MAC address of 000c.bacb.100d

Command provides a convenient method for implementing unicast MAC address filtering on a Cisco switch

Question 16

Q

What does ‘switchport port-security’ do?

Answer

A

Enables security features for a single switch interface

Interface with port security configured will shut down if the max number of allowed MAC addresses is learned on the interface

Question 17

Q

What does ‘switchport mode dynamic auto’ do?

Answer

A

Allows a neighbor port to determine whether a link should become a trunk

Question 18

Q

What does ‘switchport host’

Answer

A

Macro command used to enable Portfast while disabling EtherChannel

Question 19

Q

What does ‘switchport mode access’

Answer

A

Configures a port to carry information for a single VLAN

Question 20

Q

What is a VSS? What is required when configuring a VSS? What does the VSS consist of?

Answer

A

VSS (Virtual Switching System) is a Cisco proprietary technique to create a single logical switch out of two physical switches

Supervisor type and IOS version must be identical on each physical device. One of the supervisors is active, and the other is designated as hot-standby; the active supervisor manages the control plane.

Question 21

Q

What is PAgP?

Answer

A

A link aggregation protocol that creates and maintains adjacencies in a VSS. Especially when the VSS enters dual active recovery mode

Question 22

Q

What is VSLP?

Answer

A

Framework that provides for the creation and maintenance of a VSL link

Virtual Switch Link (VSL). A VSL facilitates communication between two switches. Within the VSS, one chassis supervisor is designated as active and the other as hot-standby.

A protocol that helps in providing for the creation and maintenance of the link between switches in a VSS configuration

Consists of LMP and RRP

Question 23

Q

What is RRP?

Answer

A

Registry Registrar Protocol. Determines the role of each member in the VSS

A protocol that helps in providing for the creation and maintenance of the link between switches in a VSS configuration

Question 24

Q

Which command can you issue to determine the native VLAN configured on a neighboring Cisco switch?

Answer

A

show cdp neighbors detail

Question 25

Q

You plan to add a TACACS+ server to SwitchA. You want vty connection attempts on SwitchA to be authenticated by the TACACS+ server. You will assign the TACACS+ server the 192.168.1.100 IP address, and you will use ‘boson’ as the encryption key.

Configure SwitchA with the following parameters.

Configure AAA on the switch
Configure the TACACS+ server parameters on the switch
Create an authentication list named ‘primary’ that configures the TACACS+ server as the authentication method for users who remotely log in to the switch
Configure the first vty lines to use the ‘primary’ authentication list

Answer

A

SwitchA(config)#aaa new-model
SwitchA(config)#tacacs-server host 192.168.1.100
SwitchA(config)#tacacs-server key boson
SwitchA(config)#aaa authentication login primary group tacacs+
SwitchA(config)#line vty 0 4
SwitchA(config-line)#login authentication primary

Question 26

Q

What are the prefixes for the following? Give the 10th group of each

IPv4 VRRP virtual MAC address
IPv6 VRRP virtual MAC address
HSRPv1 virtual MAC address
HSRPv2 virtual MAC address

Answer

A

IPv4 VRRP virtual MAC address: 0000.5E00.01~~
IPv6 VRRP virtual MAC address: 0000.5E00.02~~
HSRPv1 virtual MAC address: 0000.0C07.AC~~
HSRPv2 virtual MAC address: 0000.0C9F.F~~~

10th group of each

IPv4 VRRP virtual MAC address: 0000.5E00.01 0A
IPv6 VRRP virtual MAC address: 0000.5E00.02 0A
HSRPv1 virtual MAC address: 0000.0C07.AC 0A
HSRPv2 virtual MAC address: 0000.0C9F.F 00A

Question 27

Q

What is the default max # of devices that can connect to an interface with ‘switchport port-security’? What command can change that and to what?

Answer

A

1

‘switchport port-security maximum [value]’

value can be from [1] to [132]

Question 28

Q

How do you enable 802.1x authentication globally on a switch?

Answer

A

‘dot1x system-auth-control’

Question 29

Q

How do you enable 802.1x authentication on a single interface?

Answer

A

‘authentication port-control’

Question 30

Q

What are the 3 modes of 802.1x authentication on a single interface? What does each do?

Answer

A

auto, force-authorized, force-unauthorized

Auto: Any device connected to the port must undergo the authorization process before gaining access to the network

Force-authorized: any device connected to an 802.1x enabled port is automatically authorized and granted access to the network

Force-unauthorized: any connected device is automatically unauthorized and denied from accessing the network

Question 31

Q

What does ‘authentication host-mode multi-host’ do?

Answer

A

Used to prepare a single port to accept traffic from multiple hosts

Question 32

Q

What command restores the default 802.1x parameters on a device?

Answer

A

‘dot1x default’

Question 33

Q

What does a GLBP do and what does the group consist of? How is everything in a GLBP group elected?

Answer

A

Gateway Load Balancing Protocol feature provides automatic router backup for IP hosts configured with a single default gateway

Members of a GLBP group elect one gateway to be the active virtual gateway (AVG) for that group. Other group members provide backup for the AVG in the event that the AVG becomes unavailable.

AVG (active virtual gateway) is elected based on which router is configured with the highest priority value…or highest IP address value if multiple routers are configured with the same high priority value

2nd highest priority is elected as SVG (standby virtual gateway)

Typically AVG and SVG function as AVFs within the group

Only AVG responds to ARP queries

Question 34

Q

What is the order of the election for the stackmaster? How do you change the priority?

Answer

A

Switch with the highest priority is elected stack master.
If many switches have same priority, switch with nondefault saved config is elected stack master
Then other complex criteria (check notes)

‘switch [stack-id] priority [value]’

Question 35

Q

What is changed when a frame is encapsulated with an 802.1Q tag?

Answer

A

The original FCS

It needs to be recalculated

Question 36

Q

Which standards natively include PortFast, UplinkFast, and BackboneFast? Which standard can use them but does not include natively?

Answer

A

1w (RSTP)

802. 1D(STP)

Question 37

Q

How else can you call RSTP, STP, and MST?

Answer

A

1w (RSTP)
1D (STP)
1s (MST), Multiple Spanning Tree

Question 38

Q

What is the default priority value of a switch that has been configured with a Multiple Spanning Tree (MST) instance?

Question 39

Q

What does ‘spanning-tree mst [instance #] root primary’ command do?

Answer

A

Configure local switch priority to a value that will ensure local switch will become new root for MST instance. Default is 24576, but will configure value 4096 less than the current root priority value

Question 40

Q

What does ‘spanning-tree mst [instance #] root secondary do?

Answer

A

Ensures switch is second lowest priority value. By default, configures switch to priority 28672. Lowest becomes root

Question 41

Q

What are the compatible modes for the channel groups in each switch to create a functional EtherChannel link? For PAgP and LACP, explain differences. How do you check what mode it’s in?

Answer

A

For PAgP (Cisco proprietary): Switch A and B have to be in desirable mode or auto mode. Desirable can be with both auto or desirable. Auto and auto pair don’t work.

For LACP (IEEE Standards): Switch A and B have to be in active mode or passive mode. Active can be with both active or passive. Passive and passive pair doesn’t work.

Image on iPad

‘show etherchannel summary’

Question 42

Q

Name all DTP configurations. Determine which switch port setting pairs make up a trunk or access interface.

What command changes the switch port mode setting.

Answer

A

‘switchport mode [~~~]’

Trunk [‘trunk’]: will only create trunk with any pair, except access (will make limited connectivity)

Dynamic desirable[‘desirable’]: will only crate trunk with all pairs except access (will make port access interface, nontrunking.)

Access [‘access’]: port is placed in nontrunking no matter the neighbor port pair

Dynamic auto [‘auto’]: put in trunk if pair is dynamic desirable or trunk. Place in access if dynamic auto (same) or access.

Image in IPad

Question 43

Q

What command will place port in a mode where the port does not transmit DTP frames? How would you create a trunk if the command is configured?

Answer

A

‘switchport nonegotiate’

To make trunk, the neighboring port must be set manually

Question 44

Q

What’s the DTP configuration recommended by Cisco?

Answer

A

desirable-desirable

Question 45

Q

What is the default switch port mode setting for DTP?

Answer

A

dynamic desirable

Question 46

Q

What are the 3 VTP(VLAN Trunking Protocol) modes and how do you configure? What is the default? What are the differences?

Answer

A

VTP server mode, VTP client mode, VTP transparent mode

‘vtp mode [server/client/transparent]’
‘vtp domain [‘domain-name’]’

VTP server mode is default

Switches in VTP server mode or VTP client mode will synchronize info with other VTP server mode and VTP client mode switches in the same VTP domain. You can modify VLAN and VTP configuration info on switches in VTP server mode.

Changes in a VTP server mode switch will propagate to other VTP server mode or client mode switches in VTP domain

Switches in VTP transparent mode do not participate in VTP synchronization but does forward VTP advertisements

Question 47

Q

What are the commands to set root bridge and secondary bridge?

Answer

A

‘spanning-tree vlan [primary/secondary] root’

Question 48

Q

What kind of connection is needed between two ports for VTP to work?

Answer

A

Trunk port connection

Question 49

Q

What is the default VTP domain name for a switch?

Question 50

Q

What parameters must be met so that VTP servers and VTP clients can synchronize information over VTP?

Answer

A

VTP domain name, VTP password, VTP version

Question 51

Q

What is the default native VLAN?

Question 52

Q

Difference between 802.1Q and ISL?

Answer

A

802.1Q is IEEE. ISL(inter-switch link) is Cisco proprietary

Question 53

Q

How do you know when VLANs are being pruned in ‘show interfaces trunk’?

Answer

A

VLANs that are listed under the ‘vlans allowed and active in management domain’ section BUT not listed under ‘Vlans in spanning tree forwarding state and not pruned’ section are either pruned or blocked by STP

Question 54

Q

What are the 3 main components involved in EAP authentication? What does each do?

Answer

A

The supplicant: EAP-capable client, such as a user workstation
-Sends authentication credentials to an authenticator

Authenticator: an access switch
-Forwards authentication credentials to an authentication server

Authentication server: a RADIUS server
-Verifies the credentials using either a local or a remote user database

Question 55

Q

What are all the ‘show ip dhcp snooping’ commands and what do they show?

Answer

A

‘show ip dhcp snooping’: displays general info about the DHCP snooping config on a switch, such as virtual LANs for which DHCP snooping is enabled and the trusted state of each interface

‘show ip dhcp snooping binding’: shows the dynamic entries in the binding table, you can see the ‘lease (sec)’

‘show ip dhcp snooping statistics’: displays statistical info regarding the number of frames that have been forwarded or dropped by the DHCP snooping config on a switch

‘show ip dhcp snooping database’: displays status of the DHCP snooping binding table agent and statistics regarding the status of the binding table, such as the URL where the binding table can be found and how many successful writes have been committed to the table

IPad has the output screenshots

Question 56

Q

What are the Hash Values on each port in an EtherChannel bundle? What # of links in an EtherChannel bundle is most likely to result in an unequal distribution of traffic?

Answer

A

2 ports, 4:4
3 ports, 3:3:2
4 ports, 2:2:2:2
5 ports, 2:2:2:1:1
6 ports, 2:2:1:1:1:1
7 ports, 2:1:1:1:1:1:1
8 ports, 1:1:1:1:1:1:1:1

Six

Question 57

Q

What is monitored by default on a SPAN source port?

What does SPAN do?

Answer

A

Both egress and ingress traffic

SPAN enables you to monitor traffic on a switch by configuring 1 or more ports in 1 or more VLANs on the switch as the source port and a single port on the switch as the destination port. Traffic that arrives on the source ports is copied to the destination port for analysis

Question 58

Q

What are the 4 parameters defined by IEEE that should be considered when optimizing STP timers? What does each do and what are the recommended max values?

Answer

A

Transit halt delay: defines max amount of time required to transition a port to the blocking state after the STP algorithm has determined that the port should be blocked
-Max value = 1 sec

Bridge transit delay: defines the amount of time between a switch receiving and then sending the same frame (single frame)
-Max value= 1 sec

BPDU transmission delay: defines the amount of time between a switch receiving and then sending a BPDU
-Max value=1 sec

Medium access delay: the amount of time between the switch CPU making a forwarding decision and the frame physically leaving the switch
-Max vlaue=.5 sec

Question 59

Q

What are the three tunk encapsulation modes?

Answer

A

ISL, Dot1q, Negotiate

Question 60

Q

What addresses do CDP (Cisco Discovery Protocol), LLDP(Link Layer Discovery Protocol) and PVST+(Per-VLAN Spanning Tree Plus) use to send advertisements?

Answer

A

CDP, 01:00:0C:CC:CC:CC

LLDP, 01:80:C2:00:00:00, 01:80:C2:00:00:03, 01:80:C2:00:00:0E (used exclusively, others used on older versions)

PVST+, 01:00:0C:CC:CC:CD [for VLANs other than 1] and 01:80:C2:00:00:00 [for VLAN 1]

Question 61

Q

Which frames does 802.1Q encapsulation add a tag to? How many bits?

Answer

A

32 bits -or- 4 bytes to every frame except frames on the native VLAN

Question 62

Q

What is the default VTP domain name?

Question 63

Q

What command configures a switch to tag traffic from all VLANs, including the native VLAN?

Answer

A

vlan dot1q tag native

Question 64

Q

What command is issued from interface configuration mode to manually prune VLANs? What does it do?

Answer

A

swithcport trunk allowed vlan{add/all/except/remove [‘vlan-list’/all/none]}
specifies which VLANs are allowed or denied on a trunk port

Answer 60

A

All VLANs

Answer 61

A

‘vlan filter blurb vlan-list 1’

Answer 62

A

Both switches must be configured with matching aggregation protocols [pagp/lacp]

Answer 63

A

sdm prefer [~~]

Access—maximizes system resources for access control lists (ACLs) to accommodate a large number of ACLs.

Default—gives balance to all functions.

Routing—maximizes system resources for IPv4 unicast routing, decreases the number of unicast MAC addresses, but increases the number of indirect, unicast routes

VLAN—disables routing and supports the maximum number of unicast MAC addresses. It would typically be selected for a Layer 2 switch.

Answer 64

A

show sdm prefer

Answer 65

A

Ports connected to switches that should not become the root

Answer 66

A

Ports connected to switches that should not become the root

‘spanning-tree root guard’

Answer 67

A

Configure the HSRP priority for router R1 to decrease or increase by 15 when Fa0/2 goes down or comes back up. If 15 was not specified, the default would be 10.

Answer 68

A

If R1 was the active router and the priority went below that of R2s, then R2 will send coup message and assume active router role. This happens in an HSRP standby group

Answer 69

A

‘show interfaces trunk’

Answer 70

A

‘show vtp status’

Answer 71

A

300 seconds

‘show log’

‘show errdisable recovery’

Answer 72

A

VLAN SDM Template

Answer 73

A

Source, intermediate, and destination

Answer 74

A

VTP must be enabled and source, intermediate, and destination switches must reside in the VTP domain

Answer 75

A

One of them is that SPAN is limited to a single, local device, RSPAN enables you to monitor traffic on a network by capturing and sending traffic from a source port on one device to a destination port on a different device on a nonrouted network

Answer 76

A

RSPAN VLANs should only contain trunk interfaces. Any access interfaces will be put into suspended state.

Answer 77

A

‘show vlan’

Answer 78

A

‘show interfaces trunk’

Answer 79

A

Only access ports are shown in the ‘show vlan’ command

Answer 80

A

‘switchport voice vlan dot1p’ , sends voice traffic with default 802.1p priority of 5 and uses VLAN 0, requires a VLAN ID but does not require a unique voice VLAN to be created
Voice: tagged as VLAN 0
Data: Untagged, Native VLAN

‘switchport voice vlan none’ , enables the IP phone to use its configuration to send untagged voice traffic and untagged data traffic over the access VLAN. Voice traffic transmitted with data traffic.
Voice & Data: Untagged; Access VLAN

‘switchport voice vlan ~’ , sends vocie traffic over VLAN ~, which is a unique VLAN. Voice traffic is carried on unique voice VLAN and data traffic carried over native VLAN
Voice: Tagged as VLAN ~
Data: Untagged: Native VLAN

‘switchport voice vlan untagged’ ,configures IP phone to send both untagged voice traffic and untagged data traffic over the native VLAN
Voice & Data: untagged; Native VLAN

Answer 81

A

‘standby [group number] text authentication [key-string]’ for plain-text, key-string can be up to 8 characters

For MD5:

‘standby [group number] authentiction md5 key-string [0 | 7] [key-string]’

0 keyword indicates a plain-text value or 7 keyword to indicate a value that has been encrypted by using Cisco’s internal encryption algorithm

Answer 82

A

‘lldp run’ to enable
‘lldp transmit’ and ‘lldp receive’ if a ‘no lldp transmit/receive’ command is configured

verify with ‘show lldp’ to see LLDP configuration

Default for interface to send and receive LLDP packets if LLDP is enabled

Answer 83

A

If SwitchB is configured to use 802.1D (STP)
If fe0/2 port of SwitchB is discarding (blocking)
If fe0/1 port of SwitchA is designated port and fe0/2 port of SwitchB is blocking

If switch is configured to use MST, it would also be configured to use RSTP

Answer 84

A

Transparent, in VTP v1 and v2. In v3 you can do in client and server mode

Answer 85

A

The TPID (Tag Protocol Identifier) field

Answer 86

A

Indicates the 802.1p frame priority level from 0 through 7

Answer 87

A

Indicates whether the MAC address is in canonical format or noncanonical format, 0 or 1 respectively

Answer 88

A

Identifies VLAN from 0 through 4095

Answer 89

A

An SVI is a switched virtual interface (SVI), a logical interface that represents the physical interfaces in a VLAN.

#'interface vlan 2'
#'ip address 192.168.2.1 255.255.255.0
#'no shutdown'

Answer 90

A

Multiple SPAN sessions can monitor traffic from a single SPAN source port, only a single session can be associated with a SPAN destination

Answer 91

A

The port is placed into an ‘up/down’ interface state to indicate it is no longer capable of operating as a normal switch port.

The SPAN destination port no longer participates in Layer 2 protocols and can no longer be the destination of other SPAN sessions.

Also, if the SPAN destination port is a member of a VLAN that is included as the source for another SPAN session, the port is excluded from the source list for that session.

Answer 92

A

Speed and duplex settings must be the same

Answer 93

A

They should be in the same VLAN

Answer 94

A

) Switch with highest priority
)
- Switch with IP Services with cryptographic image
- Switch with IP Services with NO cryptographic image
- Switch with IP base with cryptographic image
- Switch with IP base with NO cryptographic image
) Non-default configured switch
) Switch with longest uptime
) Switch with the lowest MAC address

Answer 95

A

A hash algorithm

Answer 96

A

Source MAC address

Answer 97

A

Stack ID is used to uniquely identify a switch in a StackWise switch stack. By default, all switches use stack ID 1. If two switches attempt to use the same stack ID, the switch with the higher priority will retain the stack ID number and the other switch will automatically be assigned a new stack ID

Answer 98

A

The switch priority, dynamically allocated STP MAC address and extended system ID (if enabled on switch) create the BID.

The BID uniquely identifies a switch, a switch must have a unique BID for every configured VLAN

Answer 99

A

All traffic on the trunk is mirrored to the SPAN destination as untagged traffic. However, you can use the ‘encapsulation replicate’ keywords when configuring a SPAN destination to ensure that the encapsulation used by packets on the trunk is preserved

Answer 100

A

‘monitor session 1 filter vlan 10, 20’ , you do this because all VLAN traffic is monitored by default on a SPAN source trunk port so you must use methods, such as VLAN filtering, if you want to limit the number of monitored VLANs to a subset of those active on the trunk(that is specified as a SPAN source)

Q. 44 Boson C

Answer 101

A

err-disabled

Answer 102

A

If a port receives superior BPDU, root guard will place port into root-inconsistent state and block all data flowing through the port until the port stops receiving superior BPDUs

They are used to prevent newly introduced switches from being elected the new root

Answer 103

A

If the port has loop guard enabled and the port stops receiving BPDUs, the port will go into loop-inconsistent state

Loop guard prevents a switch from transitioning to the forwarding state when it stops receiving BPDUs, which prevents switching loops from occurring. By placing inconsistent ports into blocking state.

Answer 104

A

Yes, routing protocols are available to all stack members as long as the stack master is running the appropriate software image

Answer 105

A

It appears as a single node in an STP topology

Answer 106

A

Similar:

Both supported by non-Cisco devices
Both AAA protocols

TACACS+:

Cisco proprietary protocol
TCP
Port number 49
A, A, A separated
All AAA packet encrypted
Multiprotocol support
For device administration
Provides router command authorization capabilities

RADIUS:

Open standard protocol
UDP
Port 1812,1813
Authentication & Authorization is combined
Only passwords are encrypted (in Access-request)
No multiprotocol support
For network access
Developed as an IETF standard protocol

Answer 107

A

Normal-range VLANs are numbered 1 to 1005. Extended VLANs are numbered from 1006 to 4094. A switch must use either transparent mode or VTP version 3 to support extended VLANs.

Answer 108

A

It tracks which VTP configuration is the latest version. Switches ignore advertisements with a configuration revision number lower than their own. So, before you add a switch to a VTP domain, you should always ensure that the conf. rev. #is lower than the configuration revision number on switches currently in the VTP domain or else the info on the new switch will propagate to the other switches in the VTP domain.

You reset configuration number on a switch to 0 by changing the VTP domain name ‘vtp domain [name]’. Change VTP mode to transparent mode (switches in transparent mode always have a conf. rev. number of 0) and then back to server or client mode. If switch is in client mode, you can reboot it.

Answer 109

A

Switches in VTP server or transparent mode, NOT VTP client mode

Answer 110

A

Pruning conserves bandwidth by preventing the flooding of traffic to VLANs that do not require the traffic

‘vtp pruning’ to enable

Answer 111

A

Because the traffic mirroring process creates an added burden on the switch CPU. When SPAN is enabled, both internal traffic and forwarding engine traffic are doubled. In addition, the traffic across the switch fabric is increased; if multiple SPAN sources are mirrored to a single SPAN destination, the destination could become oversaturated

Answer 112

A

In 802.1x port-based authentication, port security, STP, VTP,DTP, private VLANs, and 802.1Q tunneling

Answer 113

A

You can specify an EtherChannel interface as a destination port, but only the on mode is supported. PAgP and LACP are not supported on a SPAN destination port

Answer 114

A

‘monitor session 1 destination interface fastethernet 1/0’

Answer 115

A

‘(config-if)#storm-control broadcast level 80 60’

Answer 116

A

‘(config-if)#storm-control multicast level 0 0’

Answer 117

A

‘(config-if)#storm-control unicast level 100’

Answer 118

A

‘switchport port-security

switchport port-security mac-address 1111.2222.3333’

Answer 119

A

Primary: ‘private-vlan primary’

Secondary: ‘private-vlan [isolated|community]’

Only secondary VLANs can be configured as isolated or community VLANs

Answer 120

A

‘switchport mode private-vlan [promiscuous|host]’

Promiscuous: configures port to communicate with any secondary VLAN. Devices (such as a router, firewall, or gateway) that should be reachable from any secondary VLAN should be connected to promiscuous ports.

Host: devices connected to isolated or community VLANs should be connected to host ports

Answer 121

A

Dynamic Trunking Protocol (DTP) is used to negotiate whether to establish a trunk and to negotiate the encapsulation used on the trunk.

Trunk links between switches can be either set either manually or automatically configured by using DTP

Answer 122

A

‘(config)#aaa terminal
(config)#aaa authentication dot1x default group radius
(config)#dot1x system-auth-control
(config)#interface fastethernet 0/1
(config-if)#dot1x port-control [force-authorized|force-unauthorized|auto]’

Force-authorized:

Answer 123

A

‘(config)#aaa terminal
(config)#aaa authentication dot1x default group radius
(config)#dot1x system-auth-control
(config)#interface fastethernet 0/1
(config-if)#dot1x port-control [force-authorized | force-unauthorized | auto]’

Force-authorized: configures port to authorize any host that connects to the port; no 802.1x authentication process will take place. Any host connected to port will be able to send traffic through switch.

Force-unauthorized: configures the port to never allow authentication for a connected host. Host will be unable to send traffic through port

Auto: enable 802.1X authentication on the port. If the host is configured with 802.1X authentication, the host will be authenticated and will be able to send traffic through the switch

Answer 124

A

SDM template can be used to maximize support for individual switch features depending on how the switch is used.

Template of stack master will propagate to all switches in stack

‘sdm prefer [access/default/routing/vlan]’

Access: provides for using a large number of ACLs by optimizing resources for ACLs

Default: balances system resources for use in all features

Routing: optimizes resources for use with IP version 4 (IPv4) unicast-routing

VLAN: is typically used on Layer 2 switches to support the max number of unicast MAC addresses; disables routing in hardware

‘show sdm prefer’ to verify

Answer 125

A

‘(config)#vlan access-map boson 10
(config-access-map)#match ip address ip-hosts
(config-access-map)#action drop
(config-access-map)#vlan access-map boson 20
(config-access-map)#action forward’

vlan access-map [name] [sequence #] : creates a VACL with name [name] and places switch into access map config mode for sequence [seq. #] of the VACL.

Every VACL sequence has an associated action that is taken if a packet satisfies all of the match criteria defined in sequence.

The valid options for a VACL sequence action is: forward, drop, and redirect

For example, ‘action drop’ specifies that sequence 10 will discard any packet that satisfies all the criteria listed in the match statements

Later, since there were no match statements in sequence 20 (a random number after 10) all packets that reach the sequence will be forwarded normally.

Sequence 20 is necessary because the default action for a VACL is to discard any packets that have not been explicitly forwarded or redirected by an access map sequence

Answer 126

A

PortFast is automatically enabled. However, PortFast is not automatically disabled when the same voice VLAN is disabled

Answer 127

A

30 seconds

‘lldp timer [5 to 65534]’

Answer 128

A

‘spanning-tree mode mst’

It enables RSTP, which slows the transition of an STP port to the forwarding state, thereby increasing convergence speed

Answer 129

A

The region name, the configuration revision number, and the VLAN-to-instance mapping table must match

First, enter MST configuration mode:
‘spanning-tree mst configuration’

Then,

For MST region name: ‘name [region name]

MST configuration revision number: ‘revision [revision-number]’

To map VLANs to an instance: ‘instance [instance-number] vlan [vlan-range]’

Answer 130

A

By default, storm control is disabled on Cisco switches

It blocks a certain traffic type [unicast | multicast | broadcast] if the rising threshold is exceeded for the traffic type

Storm control is supported on EtherChannel. You must configure storm control on the EtherChannel bundle

Rising and falling threshold values can be expressed in terms of packets per second, bits per second, or as a percentage of available bandwidth

‘storm-control [broadcast | multicast | unicast] level { [percent-rising [percent-falling]] bps [bps-rising[bps-falling] | pps [pps-rising [pps-falling]] } ‘

Answer 131

A

By default, storm control is disabled on Cisco switches

It blocks a certain traffic type [unicast | multicast | broadcast] if the rising threshold is exceeded for the traffic type until the traffic rate falls below another threshold value called the falling threshold

Storm control is supported on EtherChannel. You must configure storm control on the EtherChannel bundle

Rising and falling threshold values can be expressed in terms of packets per second, bits per second, or as a percentage of available bandwidth

‘storm-control [broadcast | multicast | unicast] level { [percent-rising [percent-falling]] bps [bps-rising[bps-falling] | pps [pps-rising [pps-falling]] } ‘

Answer 132

A

‘channel-protocol [pagp | lacp]

‘channel-group [group #] mode [desirable | auto | active | passive]’

Answer 133

A

All untagged ingress traffic on trunk links should be dropped

All egress traffic on trunk links should be tagged

Answer 134

A

‘spanning-tree guard none’

A root guard or loop guard is enabled on an interface

Answer 135

A

‘show spanning-tree inconsistentports’

Answer 136

A

‘monitor session 1 source/destination remote vlan 4, 10-12, 15’

remote vlan is the keyword

RSPAN enables you to monitor traffic on a network by capturing and sending traffic from a source port on one device to a destination port on a different device on a nonrouted network

Answer 137

A

Create an RSPAN VLAN on both switches
Create a monitor session on the neighboring switch with the monitored port as the source and the RSPAN VLAN as the destination
Create a monitor session on the local switch with the RSPAN VLAN as the source and the monitoring port as the destination

Answer 138

A

TPID (16 bits)
Priority field (3 bits)
CFI field (1 bit)
VID field (12 bits)

Answer 139

A

007.B400.0102

GLBP Virtual MAC address starts with the prefix 0007.B4, the next four hexadecimal values represent the group number, and the final two hexadecimal values represent the gateway number.

Answer 140

A

Multiple Spanning Tree (MST), used to create a spanning tree instance for each group of virtual LANs (VLANs). Although MST can be used to define a spanning tree instance for each VLAN, it is best used to define a spanning tree instance for each set of VLANs along a redundant path.

Answer 141

A

Multiple Spanning Tree (MST), used to create a spanning tree instance for each group of virtual LANs (VLANs). Altough MST can be used to define a spanning tree instance for each VLAN, it is best used to define a spanning tree instance for each set of VLANs along a redundant path.

Answer 142

A

PVST+ always creates a spanning tree instance for each VLAN. PVST+ is a Cisco-proprietary form of STP. When implemented, 802.1Q encapsulation must be used. If ISL encapsulation is used, PVST must be used instead of PVST+

Answer 143

A

It is an authorization protocol that enables access to an existing directory, such as Microsoft Active Directory Domain Services (AD DS).

It uses Transmission Control Protocol (TCP) port 389 by default.

Answer 144

A

It’s a standards-based authentication protocol that can use TCP port number 88 or UDP port number 88

Answer 145

A

LLDP is a Layer 2 open-standard discovery protocol that is used to facilitate interoperability between Cisco devices and non-Cisco devices. It only operates between network devices (such as routers, switches, and access server, not between endpoint)

Answer 146

A

It is an extension of LLDP. It operates between endpoints devices (such as PC or VoIP phone) and vendor-neutral network devices

Answer 147

A

CDP is a Layer 2 Cisco-proprietary protocol that is used to advertise and discover only directly connected Cisco devices on a local network. For example, a Cisco switch would use CDP in order to determine whether an attached VoIP phone is a Cisco device.

CDPv2 is an enhancement to CDP that reduces downtime through a feature that allows for rapid error tracking.

Answer 148

A

If the port receives a BPDU, the port will go into err-disabled state

Answer 149

A

) A layer 3 switch with IP routing enabled and SVIs configured
(config) #ip routing
(config) #interface vlan 2

(config-if)#ip address 192.168.2.1 255.255.255.0 [could be anything, pretty sure]

(config-if)#no shutdown

(config-if)#interface vlan 3

(config-if)#ip address 192.168.3.1 255.255.255.0[could be anything, pretty sure]

(config-if)#no shutdown

) A layer 2 switch connected via a trunk link to a router with subinterfaces configured
* Boson for config*

Answer 150

A

‘show mac address-table interface fastethernet 0/2 | include DYNAMIC’

Make sure dynamic is capitalized because it’s case sensitive, also for STATIC
Other options are exclude and begin instead of include

Answer 151

A

memory partitions in TCAM memory, only on switches with single TCAM chips. Guidelines to how to divide memory.

Answer 152

A

Broadcast storms are detected by the Storm Control feature
ARP inspection violations
A flapping of trunking encapsulation types
BPDUGuard

Answer 153

A

The port will go back up after 300( 5 minutes) by default if the port was sent to errdisable by BPDU or other cause(. If you want to to change, you have to put ‘errdisable recovery interval [30 to 65535]’

Answer 154

A

UDLD has two modes - Normal and Aggressive.

Normal just prints out a syslog message, while aggressive pushes violations into error-disabled mode after 3 misses.

Answer 155

A

If the port goes from bi-direction to unidirectional

Answer 156

A

The specific VLAN goes to inactive mode (inactive in Access Mode) and the interface does not go back to the native VLAN, it just doesn’t work

Answer 157

A

‘(Config)#vlan 5
(Config-vlan)#interface FastEthernet0/5
(Config-if)#switchport mode access
(Config-if)#switchport access vlan 5’

Won’t form VLAN trunk because of mode access command

Answer 158

A

Extended VLANs, 1006 to 4094

Answer 159

A

Local VLAN pretty much just stays in building or department, end-to-end is to a wider area per say. Local VLANs should only be designed into network that traffic is expected to follow the 20/80 rule(80% of traffic will leave the VLAN). For end-to-end, it’s 80/20 rule (80% of traffic stays in VLAN)

Answer 160

A

By default, laptops and PCs can not understand 802.1Q tags. So it could be useful in certain scenarios, opposed to using ISL.

Answer 161

A

Switch with the “primary server” operating mode

If the VTPv3 switch is VTP Operating Mode; Primary Server while the VTPv2 switch on Server mode, they won’t be able to update each other because each switch will think it’s the leader. Also, the Configuration revision number could mismatch

Answer 162

A

(Config)#vtp domain ‘name’
(Config)#end
#vtp version 3
#vtp primary
#config t
(Config)#vlan 999

Answer 163

A

The ‘switchport trunk pruning vlan 4, 9’ . The command is a prune eligibility list. The vlans listed in this command are the VLANs eligible for pruning. By default, all VLANs are allowed on a trunk and all VLANs (between 2 and 1001, inclusive) are eligible for pruning if pruning is enabled globally with the ‘vtp pruning’ command. Once you manually configure an eligibility list then only those VLANs on the list are eligible for pruning

If ‘switchport trunk allowed vlan 3’ , then VLAN 3 will never be pruned

Answer 164

A

(config)#interface ‘interface #’
(config-if)#no ip address
(config-if)#channel-protocol [lacp/pagp]
(config-if)#channel-group ‘#’ mode [active | passive | desirable | auto | on ]

Verify:
show running-config interface ‘interface’
show interfaces ‘interface’ etherchannel

Answer 165

A

(config)# interface port-channel ‘group #’
(config-if)#ip address 1.1.1.1 255.255.255.0
(config-if)#no shutdown
(config-if)#end
(config)#interface ‘interface’ -or- (config)#interface range ‘interface range’
(config-if)#channel-group # mode [active | passive | desirable | auto | on]

Verify:
show running-config interface ‘interface’
show interfaces ‘interface’ etherchannel

Answer 166

A

(config)#port-channel load-balance

Answer 167

A

‘show etherchannel summary’

It means that EtherChannel is not fully functional and not bundled in an EtherChannel

Answer 168

A

When a switch configured for EtherChannel receives Spanning-Tree BPDUs from a remote switch with unique STP Sending Port-IDs, this will trigger EtherChannel Misconfiguration Guard

Answer 169

A

Max-age timer: 20 seconds, time after a root port receives a BPDU, after it goes to listening stage

Forwarding-Delay timer: 15 seconds, after this the port will go from Listening to Learning stage

Forwarding-Delay timer: 15 seconds (again), after this the port will go from learning to forwarding (designated port)

50 seconds total

Answer 170

A

All dynamic MAC addresses learned in VLAN-2 will have their Aging Timer modified to match the value of the Spanning-Tree Forwarding Delay

Answer 171

A

Rapid-PVST allows any Bridge to send a Topology Change BPDU whereas PVST+ restricts this action solely to the Root Bridge

Answer 172

A

If two switches are connected directly with full-duplex the ports converge to final state in 2 seconds

Answer 173

A

That switch is connected to another switch running 802.1w
That switch is connected to another switch in a different MST Region
That switch is connected to another switch running 802.1d

Answer 174

A

With ‘show interface trunk’

The number of instances (other than instance 0) determiens number of Mrecords

Answer 175

A

Config t
Spanning-tree mst config 
name ‘name’
Revision 1
Instance 1 vlan ‘range vlan’
Instance 2 vlan ‘range vlan’
Exit
Spanning-tree mode mst

Answer 176

A

The RSPAN destination interface will be placed in ‘monitoring’ mode by default
A SPAN session requires that the destination be a physical interface on the same switch as the SPAN source

Answer 177

A

The router with the highest IP address becomes the active router and the second-highest becomes the standby router. They will be sending HSRP hello packets every 2 seconds. If there are 3 or more routers, the others will be in the listening state.

Brainscape's Knowledge GenomeTM

Boson Flashcards

Brainscape's Knowledge Genome^TM