CCNA2 - Module 1 & 2 Flashcards

Basic Device Configuration & Frame Forwarding

1
Q

SWITCH BOOT SEQUENCE

A

When a Cisco switch powers on, it follows these five steps:

  1. POST: The switch runs a self-test (POST) to check the CPU, DRAM, and part of the flash storage.
  2. Boot Loader: A small program in ROM is loaded after POST, starting the boot process.
  3. CPU Initialization: The boot loader sets up CPU registers, memory mapping, and speed.
  4. Flash Initialization: The boot loader prepares the flash file system.
  5. Load IOS: The boot loader finds and loads the default IOS operating system into memory, taking control of the switch.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Differentiate boot system, flash:, c2960-lanbasek9-mz.150-2.SE/ and c2960-lanbasek9-mz.150-2.SE.bin

A
  • Boot system - the main command
  • flash: - the storage device
  • c2960-lanbasek9-mz.150-2.SE/ - the path to the file system
  • c2960-lanbasek9-mz.150-2.SE.bin - the IOS file name
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Shows whether the system is receiving power and functioning properly.

A

System LED (SYST)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Shows the RPS status.

A

Redundant Power Supply LED (RPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When green, indicates port status mode is selected, which is the default. Port status can then be understood by the light associated with each port.

A

Port Status LED (STAT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When green, indicates port duplex mode is selected. Port duplex can then be understood by the light associated with each port.

A

Port Duplex LED (DUPLX)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When green, indicates port speed mode is selected. Port speed can then be understood by the light associated with each port.

A

Port Speed LED (SPEED)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Present if the switch supports PoE. Indicates the PoE status of ports on the switch.

A

Power over Ethernet LED (PoE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Recovering from a System Crash

A

If the switch’s operating system is missing or damaged, the boot loader allows access to the switch through a console connection. Here’s how to access it:

  1. Connect a PC to the switch via console cable and open terminal software.
  2. Unplug the switch power cord.
  3. Reconnect the power and, within 15 seconds, press and hold the Mode button while the System LED flashes green.
  4. Keep holding until the LED turns amber and then solid green, then release the Mode button.
  5. The boot loader prompt will appear in the terminal software.

The boot loader lets you format the flash, reinstall the OS, or recover a lost password using commands like dir to view files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

To manage a switch remotely, assign it an IP address, subnet mask, and a default gateway. This setup is similar to configuring a host device.

The switch’s virtual interface (SVI) on S1 should be given an IP address. The SVI is a virtual, not physical, interface. Use a console cable to connect to a PC for initial configuration.

A

Switch Management Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Switch SVI Configuration Example

A

By default, the switch uses VLAN 1 for management. For security, it’s best to use a different VLAN for management.

  1. Configure the Management Interface: Assign an IP address and subnet mask to the switch’s management SVI (e.g., VLAN 99). The SVI won’t be “up/up” until VLAN 99 is created and a device is connected to a port in that VLAN. If using IPv6, configure the switch for dual IP modes first.
  2. Configure the Default Gateway: If managing the switch remotely from another network, set a default gateway. No IPv6 gateway is needed since the switch receives this info from a router advertisement.
  3. Verify Configuration: Use show ip interface brief and show ipv6 interface brief to check the status of interfaces and confirm the IP setup. The IP on the SVI allows remote management, but not routing of Layer 3 packets.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Duplex Communication

A
  • Full-Duplex: Allows data to be sent and received simultaneously, improving efficiency. It requires microsegmentation (one device per switch port) and eliminates collisions. Gigabit Ethernet and 10 Gb NICs need full-duplex to function properly.
  • Half-Duplex: Only allows data to flow in one direction at a time, causing potential collisions and performance issues.

Full-duplex provides 100% efficiency in both directions, doubling the bandwidth usage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Configure Switch Ports at the Physical Layer

A
  • Switch ports can be configured with specific duplex and speed settings using the duplex and speed commands.
  • By default, Cisco Catalyst 2960 and 3560 switch ports are set to auto for both duplex and speed. At 10/100 Mbps, they can be ihalf- or full-duplex, but at 1000 Mbps, they are always full-duplex.
  • Autonegotiation is useful when device settings are unknown or may change, but it’s best to manually set speed and duplex for known devices like servers or workstations.
  • When troubleshooting, check duplex and speed settings, as mismatched configurations can cause connectivity issues. Fiber-optic ports like 1000BASE-SX always operate at a fixed speed and full-duplex.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Auto-MDIX

A
  • Auto-MDIX allows the switch to automatically detect and adjust for the correct cable type (straight-through or crossover) needed for the connection.
  • Without auto-MDIX, use straight-through cables for devices like servers and routers, and crossover cables for connecting switches or repeaters.
  • With auto-MDIX, either cable type works, and the interface adjusts automatically for proper communication.
  • On newer Cisco switches, enable auto-MDIX with the mdix auto command, and set speed and duplex to auto for proper function.
  • Auto-MDIX is enabled by default on Catalyst 2960 and 3560 switches but not on older models like the Catalyst 2950 and 3550. Use the show controllers ethernet-controller command to check the setting.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

 The ___________ command can be used to verify that the switch has been correctly configured. From the sample abbreviated output on S1, some important information is shown in the figure:

A

show running-config

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

 The _____________ command is another commonly used command, which displays status and statistics information on the network interfaces of the switch. The show interfaces command is frequently used when configuring and monitoring network devices.

A

show interfaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The first line of the output for the ___________________________ command indicates that the FastEthernet 0/18 interface is up/up, meaning that it is operational. Further down, the output shows that the duplex is full and the speed is 100 Mbps.

A

show interfaces fastEthernet 0/18

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Network Access Layer Issues

A

The show interfaces command helps identify common media problems by displaying line and data link protocol statuses.

  • Up/Down Status:
    • Interface up, line protocol down: This suggests issues like an encapsulation mismatch, an error-disabled interface, or a hardware problem.
    • Both down: Likely indicates no cable attached or an interface issue, such as the other end being administratively down.
    • Interface administratively down: This means the interface was manually disabled using the shutdown command.

The output also shows interface counters and statistics, which can reveal errors that impact network performance, even if they don’t cause complete failures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Give the 7 Error Type and differentiate them

A
  1. Input Errors Total number of errors. It includes runts, giants, no buffer, CRC, frame, overrun, and ignored counts.
  2. Runts Packets that are discarded because they are smaller than the minimum packet size for the medium. For instance, any Ethernet packet that is less than 64 bytes is considered a runt.
  3. Giants Packets that are discarded because they exceed the maximum packet size for the medium. For example, any Ethernet packet that is greater than 1,518 bytes is considered a giant.
  4. CRC CRC errors are generated when the calculated checksum is not the same as the checksum received.
  5. Output Errors Sum of all errors that prevented the final transmission of datagrams out of the interface that is being examined.
  6. Collisions Number of messages retransmitted because of an Ethernet collision.
  7. Late Collisions A collision that occurs after 512 bits of the frame have been transmitted
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

is the sum of all errors in datagrams that were received on the interface being examined. This includes runts, giants, CRC, no buffer, frame, overrun, and ignored counts. The reported input errors from the show interfaces command include the following:
* run frames
* giants
* CRC errors

A

“Input errors”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  • Ethernet frames that are shorter than the 64-byte minimum allowed length are called _________. Malfunctioning NICs are the usual cause of excessive _______ frames, but they can also be caused by collisions.
A

Runt Frames

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  • Ethernet frames that are larger than the maximum allowed size are called ___________.
23
Q
  • On Ethernet and serial interfaces, ___________ usually indicate a media or cable error. Common causes include electrical interference, loose or damaged connections, or incorrect cabling. If you see many __________, there is too much noise on the link and you should inspect the cable. You should also search for and eliminate noise sources.
A

CRC errors

24
Q

is the sum of all errors that prevented the final transmission of datagrams out the interface that is being examined. The reported __________ from the show interfaces command include the following:
* collision
* late collision

A

“Output errors”

25
Q

Collisions -

A

Collisions in half-duplex operations are normal. However, you should never see collisions on an interface configured for full-duplex communication.

26
Q

Late collisions -

A

A late collision refers to a collision that occurs after 512 bits of the frame have been transmitted. Excessive cable lengths are the most common cause of late collisions. Another common cause is duplex misconfiguration.

27
Q

Telnet Operation

A

Telnet uses TCP port 23 and transmits data, including login details (username and password), in unencrypted plaintext. This makes it insecure, as attackers can easily capture sensitive information (e.g., using Wireshark).

28
Q

SSH Operation

A

SSH is a secure protocol that uses TCP port 22, offering encrypted remote management connections. Unlike Telnet, SSH encrypts both the login details and transmitted data, making it safer. Even if a threat actor tracks the session via the IP address, the username and password remain encrypted. SSH should replace Telnet for secure connections.

29
Q

Verify the Switch Supports SSH

A

To enable SSH on a Catalyst 2960 switch, ensure it’s running an IOS version with cryptographic features. Use the show version command to check the IOS version. If the IOS filename includes “k9,” it supports encryption.

30
Q

Configure SSH

A
  1. Verify SSH Support: Use show ip ssh to check if the switch supports SSH. If the IOS doesn’t support encryption, this command won’t work.
  2. Configure IP Domain: Set the domain name with ip domain-name domain-name.
  3. Generate RSA Key Pair: Use crypto key generate rsa to enable SSH and generate the RSA key pair. Delete with crypto key zeroize rsa if needed.
  4. Configure User Authentication: Create a local username and password with username username secret password.
  5. Configure vty Lines: Enable SSH on vty lines using transport input ssh and set local authentication with login local.
  6. Enable SSH Version 2: Enable SSH v2 with ip ssh version 2.
31
Q

Verify SSH is Operational

A
  1. On a PC, use an SSH client like PuTTY to connect to the switch (S1) with IP address 172.17.99.11 on VLAN 99.
  2. From PC1 (IP 172.17.99.21), initiate an SSH connection to the switch.
  3. Enter the username (admin) and password (ccna) when prompted to connect to the switch’s CLI.
  4. Use show ip ssh to check SSH version and configuration on the switch (SSH v2 is enabled in the example).
32
Q

One distinguishing feature between switches and routers is the type of interfaces supported by each. For example, Layer 2 switches support LANs; therefore, they have multiple FastEthernet or Gigabit Ethernet ports. in the figure is used to demonstrate the configuration of router IPv4 and IPv6 interfaces.

A

Dual Stack Topology

33
Q

Configure Router Interfaces

A

Routers connect LANs and WANs and support various interfaces (e.g., Gigabit Ethernet, serial, DSL). To configure an interface:

  1. Assign an IP Address: Use ip address ip-address subnet-mask for IPv4 or ipv6 address ipv6-address/prefix for IPv6.
  2. Activate the Interface: By default, interfaces are off. Use no shutdown to enable them, and ensure the interface is connected to another device.
  3. Add a Description (optional): Configure a brief description for each interface to aid in troubleshooting and network management.
34
Q

IPv4 Loopback Interfaces

A

A loopback interface is a virtual, internal interface on a router, not linked to any physical port. It’s always “up” as long as the router is functioning.

  • Uses: It’s helpful for testing and managing the router, ensuring at least one interface is always available. It can also simulate networks for testing routing processes and configuration practice.
  • Multiple Loopbacks: You can create several loopback interfaces to simulate more networks in lab setups.
  • Configuration: Assign a unique IPv4 address to each loopback interface.
35
Q

Interface Verification Commands

A

Use these commands to check interface status and configuration:

  • show ip interface brief / show ipv6 interface brief: Display a summary of all interfaces, including their IPv4/IPv6 address and status.
  • show running-config interface interface-id: Show the configuration applied to a specific interface.
  • show ip route / show ipv6 route: Display the IPv4/IPv6 routing table, with active interfaces marked as ‘C’ (Connected) or ‘L’ (Local) in Cisco IOS 15.
36
Q

Verify Interface Status

A

Use show ip interface brief or show ipv6 interface brief to quickly check the status of all interfaces. If both the Status and Protocol are “up,” the interface is active. Any other output suggests a configuration or cabling issue.

37
Q

Verify IPv6 Link Local and Multicast Addresses

A

Use show ipv6 interface brief to see two IPv6 addresses on each interface: a global unicast address (manually configured) and a link-local address (starting with FE80). The link-local address is automatically added with the global address.

For more details, use show ipv6 interface gigabitethernet 0/0/0 to view the interface status and all IPv6 addresses, including multicast addresses (starting with FF02).

38
Q

Verify Interface Configuration

A

Use show running-config interface to see the current configuration of a specific interface. For more details:

  • show interfaces: Displays information and packet flow for all interfaces.
  • show ip interface / show ipv6 interface: Shows IPv4/IPv6 details for all interfaces.
39
Q

Verify Routes

A

Use show ip route and show ipv6 route to view connected and local routes.

  • A local route has a /32 (IPv4) or /128 (IPv6) mask and an admin distance of 0.
  • A C next to a route means it’s a directly connected network.
  • The router’s global unicast address is added as a local route to efficiently process packets destined for that address.
40
Q

Filter Show Command Output

A

By default, output pauses after 24 lines. Press Enter for the next line or the spacebar for the next set. Use terminal length 0 to stop the pause.

You can also filter output using a pipe (|) followed by a filter:

  • section: Shows the section starting with the expression.
  • include: Displays lines that match the expression.
  • exclude: Hides lines that match the expression.
  • begin: Starts output from the line matching the expression.
41
Q

Command History Feature

A

The command history stores executed commands for easy recall.

  • Press Ctrl+P or the Up Arrow to recall older commands.
  • Press Ctrl+N or the Down Arrow for newer commands.
  • By default, the history stores the last 10 commands. Use show history to view them.
  • To change the number of stored commands for the current session, use terminal history size.
42
Q

Summarize Module 1

A
  • After powering on, a Cisco switch follows a five-step boot sequence.
  • Set the BOOT environment variable using the boot system command.
  • Monitor switch activity with LEDs: SYST, RPS, STAT, DUPLX, SPEED, and PoE.
  • The boot loader helps when the operating system is damaged or missing.
  • Configure IP address and subnet mask for remote management access.
  • Set a default gateway for remote network access.
  • Full-duplex communication doubles bandwidth by allowing both send/receive at once.
  • Switch ports can be manually set for specific duplex and speed.
  • Use autonegotiation if device settings may change or are unknown.
  • With auto-MDIX, the switch detects and configures cable type automatically.
  • Use show commands to verify switch configurations.
  • Telnet (TCP port 23) is insecure, transmitting data and credentials in plaintext.
  • SSH (TCP port 22) provides secure, encrypted remote connections.
  • “k9” in the IOS filename supports cryptographic features.
  • To configure SSH: verify support, set domain, generate RSA keys, configure authentication, VTY lines, and enable version 2.
  • Use show ip ssh to verify SSH status.
  • Always configure the device name, passwords, banner, and save changes.
  • Routers support various LAN and WAN interfaces, interconnecting networks.
  • IPv4 loopback is a logical interface, internal to the router.
  • Use these commands to verify interface status:
    • show ip interface brief for a summary of interfaces,
    • show running-config interface for interface settings,
    • show ip route for routing table contents.
  • Filter command output with the pipe (|) and expressions like section, include, exclude, and begin.
  • Command history is enabled by default, storing the last 10 commands.
  • Use show history to view the command history buffer.
43
Q

Switching in Networking

-

A
  • Ingress: Traffic entering the interface
  • Egress: Traffic leaving the interface

A switch forwards traffic based on the ingress interface and destination MAC address using its MAC address table (CAM table).

MAC Address Table
The switch learns the destination MAC address by recording source MAC addresses and the port they came from. It uses this information to decide where to forward traffic. A switch won’t send traffic back through the same interface it received it on.

44
Q

Ingress vs Egress

A
  • Ingress: Traffic entering the interface
  • Egress: Traffic leaving the interface
45
Q

Switch Learn and Forward Method

A
  1. Learn: examines Source Address
    • The switch adds the source MAC address to the table if it’s not already there.
    • If the source MAC is in the table, it resets the timeout to 5 minutes.
  2. Forward: Examines Destination Address
    • If the destination MAC is in the table, it forwards traffic out the correct port.
    • If the destination MAC is not in the table, it floods the traffic to all ports except the one it was received on.
46
Q

Switch Forwarding Methods

A

Switches use ASICs for quick forwarding decisions, using one of these methods:

  • Store-and-forward: Receives the entire frame, checks for errors, and forwards only valid frames. Cisco’s preferred method.
  • Cut-through: Forwards the frame as soon as it determines the destination MAC address.

Store-and-forward:
- Error Checking: Checks for CRC errors and discards bad frames.
- Buffering: Buffers the frame while checking for errors and handling speed differences.

Cut-through:
- Forwards the frame immediately after checking the destination MAC.
- Fragment Free: Ensures frames are at least 64 bytes to avoid runts.
- Limitations: Does not check errors, may propagate bad frames, and can’t handle ports with different speeds.

47
Q

Store-and-forward

A

Receives the entire frame, checks for errors, and forwards only valid frames. Cisco’s preferred method.

48
Q

Cut-through

A

Forwards the frame as soon as it determines the destination MAC address.

49
Q

Store-and-forward:
* Error Checking
* Buffering

A

Store-and-forward:
- Error Checking: Checks for CRC errors and discards bad frames.
- Buffering: Buffers the frame while checking for errors and handling speed differences.

50
Q

Cut-through:
* Fragment Free
* Limitations

A

Cut-through:
- Forwards the frame immediately after checking the destination MAC.
- Fragment Free: Ensures frames are at least 64 bytes to avoid runts.
- Limitations: Does not check errors, may propagate bad frames, and can’t handle ports with different speeds.

51
Q

Collision Domains

A

Switches eliminate collision domains and reduce congestion.

  • Full-duplex links eliminate collision domains.
  • Half-duplex links create collision domains, leading to bandwidth contention and possible collisions.

Most devices, including Cisco and Microsoft, use auto-negotiation for duplex and speed settings by default.

52
Q

Broadcast Domains

A
  • A broadcast domain includes all Layer 1 or Layer 2 devices on a LAN.
  • A router (Layer 3 device) breaks a broadcast domain.
  • Devices in the domain receive broadcast traffic, which a switch floods to all interfaces except the incoming one.
  • Too many broadcasts can cause congestion and slow performance.
  • Adding more devices at Layer 1 or Layer 2 expands the broadcast domain.
53
Q

Alleviating Network Congestion

A

Switches use the MAC address table and full-duplex to avoid collisions and reduce congestion. Key features include:
- Fast Port Speeds – Up to 100gbps, depending on the model.
- Fast Internal Switching – Uses fast internal bus/memory for better performance.
- Large Frame Buffers – Stores frames temporarily for efficient processing.
- High Port Density – More ports for devices, reducing cost and congestion.

54
Q

Summarize of Module 2

A

Frame Forwarding
- Ingress is the entry port, and egress is the exit port.
- The switch uses a MAC address table to forward frames.
- It can use store-and-forward or cut-through for forwarding.

Switching Domains
- Half-duplex Ethernet ports create collision domains.
- Full-duplex eliminates collision domains.
- A switch floods broadcasts or unknown unicast frames to all ports except the ingress.
- Broadcast domains are broken by Layer 3 devices like routers.
- Switches extend broadcast domains but eliminate collision domains and reduce congestion.