Boson Flashcards
Difference between ‘switchport port-security violation [protect/shutdown/restrict]’. What is the default violation mode?
They all discard unauthorized traffic
Protect: only discards
Restrict and Shutdown: logs unauthorized entry and increments SecurityViolation counter
Restrict: sends SNMP trap
Shutdown: places port in err-disabled state (effectively shuts down port)
Which FHRP protocol is specified in RFC5798 ?
VRRP
What occurs when you enable UplinkFast on a switch?
What does UplinkFast do?
Port costs increase by 3000
If enabled on a switch with bridge priority less than 49152, the bridge priority is changed to 49152, if already greater the bridge priority remains at the higher value
UplinkFast increases convergence speed for an access layer switch that detects a failure on the root port
What is the default switch bridge priority and which bridge is most likely to become the root bridge?
32768 and the switch with the lowest bridge priority
Which commands or command sets will reset a port that has been shut down by UDLD?
- ‘udld reset‘
- ‘errdisable recovery cause udld’
- ‘no udld enable’, then ‘udld port’ or ‘udld aggressive’
- ‘no udld port’, then ‘udld port’ or ‘udld port aggressive’
- ‘shutdown’, then ‘no shutdown’
UDLD monitors a link to verify that both ends of the link are functioning
What traffic is untagged in regards to VLANs?
Native VLANs are untagged
What are PVLANs (private VLANs) for and what are they consisted of?
Helps isolate traffic within a VLAN
They include a primary VLAN and one or more secondary VLANs
What’s the difference between a host that connects to an isolated VLAN and a host connected to a community VLAN?
Host connected to an isolated VLAN can communicate with only the primary VLAN
A host connected to community VLAN can communicate with other hosts associated with the community VLAN as well as with the primary VLAN
Enable 802.1x port-based authentication
‘aaa new-model’
‘aaa authentication dot1q’
‘dot1x system-with-control’ (globally enables 802.1x on switch)
‘dot1x port-control {force-authorized/force-unauthorized/auto}’
Configure router to use EIGRP for AS 2
ip routing
router eigrp 2
An interface that should participate in EIGRP must have an IP address assigned
Which ports will Portfast be enabled if you issue the ‘spanning-tree portfast default’ command?
The command enabled Portfast by default on all access ports, trunk ports are not affected
What command makes an interface an access port?
‘switchport mode access’
How do you enable PortFast on individual ports?
‘spanning-tree portfast’
Name all the different ‘port-channel load-balance [~~~]’ commands. What are they used for? What is the default?
- ‘port-channel load-balance dst-mac’ : configures the EthernetChannel to loss balance based on the destination MAC address
- ‘port-channel load-balance src-ip’ : configures the EthernetChannel to loss balance based on the source IP address
- ‘port-channel load-balance dst-ip ’ : configures the EthernetChannel to loss balance based on the destination IP address
- ‘port-channel load-balance src-dst-mac’ : configures the EthernetChannel to loss balance based on the source and destination MAC addresses
- ‘port-channel load-balance src-dst-ip’ : configures the EthernetChannel to loss balance based on the source and IP addresses
‘port-channel load-balance src-mac’ is the default (load balancing based on source MAC address), issuing this command is the same as issuing ‘no port-channel load-balance’
What does ‘mac address-table static 000c.bacb.100d. vlan 10 drop’ do?
This filters frames in VLAN 10 with a source or destination MAC address of 000c.bacb.100d
Command provides a convenient method for implementing unicast MAC address filtering on a Cisco switch
What does ‘switchport port-security’ do?
Enables security features for a single switch interface
Interface with port security configured will shut down if the max number of allowed MAC addresses is learned on the interface
What does ‘switchport mode dynamic auto’ do?
Allows a neighbor port to determine whether a link should become a trunk
What does ‘switchport host’
Macro command used to enable Portfast while disabling EtherChannel
What does ‘switchport mode access’
Configures a port to carry information for a single VLAN
What is a VSS? What is required when configuring a VSS? What does the VSS consist of?
VSS (Virtual Switching System) is a Cisco proprietary technique to create a single logical switch out of two physical switches
Supervisor type and IOS version must be identical on each physical device. One of the supervisors is active, and the other is designated as hot-standby; the active supervisor manages the control plane.
What is PAgP?
A link aggregation protocol that creates and maintains adjacencies in a VSS. Especially when the VSS enters dual active recovery mode
What is VSLP?
Framework that provides for the creation and maintenance of a VSL link
Virtual Switch Link (VSL). A VSL facilitates communication between two switches. Within the VSS, one chassis supervisor is designated as active and the other as hot-standby.
A protocol that helps in providing for the creation and maintenance of the link between switches in a VSS configuration
Consists of LMP and RRP
What is RRP?
Registry Registrar Protocol. Determines the role of each member in the VSS
A protocol that helps in providing for the creation and maintenance of the link between switches in a VSS configuration
Which command can you issue to determine the native VLAN configured on a neighboring Cisco switch?
show cdp neighbors detail