Ch 1: Packet Forwarding

Question 1

Forwarding of network traffic from a Layer 2 perspective uses what information?

a. Source IP address
b. Destination IP address
c. Source MAC address
d. Destination MAC address
e. Data protocol

Answer 1

D. The switch uses the destination MAC address to identify the port out of which the packet should be forwarded.

Question 2

What type of network device helps reduce the size of a collision domain?

a. Hub
b. Switch
c. Load balancer
d. Router

Answer 2

B. A switch uses the MAC address table to limit the Layer 2 communication between only the two devices communicating with each other.

Question 3

Forwarding of network traffic from a Layer 3 perspective uses what information?

a. Source IP address
b. Destination IP address
c. Source MAC address
d. Destination MAC address
e. Data protocol

Answer 3

B. The destination IP address is used to locate the longest matching route and the outbound interface out which it should be forwarded.

Question 4

What type of network device helps reduce the size of a broadcast domain?

a. Hub
b. Switch
c. Load balancer
d. Router

Answer 4

D. Broadcast domains do not cross Layer 3 boundaries. Splitting a Layer 2 topology into multiple subnets and joining them with a router reduces the size of a broadcast domain.

Question 5

The _________ can be directly correlated to the MAC address table.

a. Adjacency table
b. CAM
c. TCAM
d. Routing table

Answer 5

B. The CAM is high-speed memory that contains the MAC address table.

Question 6

A ___________ forwarding architecture provides increased port density and forwarding scalability.

a. Centralized
b. Clustered
c. Software
d. Distributed

Answer 6

D. A distributed architecture uses dedicated components for building the routing table, adjacency table, and forwarding engines. This allows for the forwarding decisions to be made closer to the packet’s egress and is more scalable.

Question 7

CEF is composed of which components? (Choose two.)

a. Routing Information Base
b. Forwarding Information Base
c. Label Information Base
d. Adjacency table

Answer 7

B and D.

CEF is composed of the adjacency table and the Forwarding Information Base.

Question 8

What happens when a packet contains a destination MAC address that is not in the switch’s MAC address table?

Answer 8

The switch forwards the packet out of every switch port. This is known as unknown unicast flooding because the destination MAC address is not known.

Question 9

VLANs are defined in the Institute of Electrical and Electronic Engineers (IEEE) 802.1Q standard, which states that 32 bits are added to the packet header. Diagram the layer 2 header with fields.

Answer 9

■ Tag protocol identifier (TPID): This 16-bit is field set to 0x8100 to identify the packet as an 802.1Q packet.

■ Priority code point (PCP): This 3-bit field indicates a class of service (CoS) as part of Layer 2 quality of service (QoS) between switches.

■ Drop elgible indicator (DEI): This 1-bit field indicates whether the packet can be dropped when there is bandwidth contention.

■ VLAN identifier (VLAN ID): This 12-bit field specifies the VLAN associated with a network packet.

Question 10

The VLAN identifier has only 12 bits, which provides 4094 unique VLANs. Catalyst switches use the following logic for VLAN identifiers. List the VLAN ranges and uses. Hint: VL0, VL1, and three more ranges.

Answer 10

• VLAN 0 is reserved for 802.1P traffic and cannot be modified or deleted. 802.1p tagging is a mechanism to mark ports at layer 2 with a Class of Service (CoS) value to help implement QoS at layer 2, often used with VoIP.
• VLAN 1 is the default VLAN and cannot be modified or deleted.
• VLANs 2 to 1001 are in the normal VLAN range and can be added, deleted, or modified as necessary.
• VLANS 1002 to 1005 are reserved and cannot be deleted.
• VLANs 1006 to 4094 are in the extended VLAN range and can be added, deleted, or modified as necessary.

Question 11

T/F: A new VLAN is not created with the vlan vlan-id command until the command-line interface (CLI) has been moved back to the global configuration context or a different VLAN identifier.

Answer 11

True.

VLANs are created by using the global configuration command vlan vlan-id. A friendly name (32 characters) is associated with a VLAN through the VLAN submode configuration command name vlan-name. The VLAN is not created until the command-line interface (CLI) has been moved back to the global configuration context or a different VLAN identifier.

Question 12

T/F: The 802.1Q tags are not included on packets transmitted or received on access ports.

Answer 12

True.

Access ports are the fundamental building blocks of a managed switch. An access port is assigned to only one VLAN. It carries traffic from the specified VLAN to the device connected to it or from the device to other devices on the same VLAN on that switch. The 802.1Q tags are not included on packets transmitted or received on access ports.

Catalyst switches place switch ports as Layer 2 access ports for VLAN 1 by default. The port can be manually configured as an access port with the command switchport mode access. A specific VLAN is associated to the port with the command switchport access {vlan vlan-id | name vlanname}. The ability to set VLANs to an access port by name was recently added with newer code but is stored in numeric form in the configuration.

Question 13

T/F: Upon receipt of a packet on a remote trunk link, the headers are examined, traffic is associated to the proper VLAN, then the 802.1Q headers are removed, and traffic is forwarded to the next port, based on the destination MAC address for that VLAN.

Answer 13

True.

Trunk ports can carry multiple VLANs. Trunk ports are typically used when multiple VLANs need connectivity between a switch and another switch, router, or firewall and use only one port.

Trunk ports are statically defined on Catalyst switches with the interface command switchport mode trunk. Example 1-5 displays Gi1/0/2 and Gi1/0/3 being converted to a trunk port.

The command show interfaces trunk provides a lot of valuable information in several sections for troubleshooting connectivity between network devices.

Question 14

T/F: The MAC address table resides in content addressable memory (CAM).

Answer 14

True.

The CAM uses high-speed memory that is faster than typical computer RAM due to its search techniques. The CAM table provides a binary result for any query of 0 for true or 1 for false. The CAM is used with other functions to analyze and forward packets very quickly. Switches are built with large CAM to accommodate all the Layer 2 hosts for which they must maintain forwarding tables.

Question 15

What happens if an entry does not exist in the local ARP table?

Answer 15

If an entry does not exist in the local ARP table, the device broadcasts an ARP request to the entire Layer 2 switching segment. The ARP request strictly asks that whoever owns the IP address in the ARP request reply. All hosts in the Layer 2 segment receive the request, but only the device with the matching IP address should respond to the request.

The response is unicast and includes the MAC and IP addresses of the requestor. The device then updates its local ARP table upon receipt of the ARP reply, adds the appropriate Layer 2 headers, and sends the original data packet down to Layer 2 for processing and forwarding.

Question 16

What is the command to view the arp table?

Answer 16

The ARP table can be viewed with the command show ip arp [mac-address | ip-address | vlan vlan-id | interface-id]. The optional keywords make it possible to filter the information.

Question 17

T/F: An interface with a configured IP address and that is in an up state injects the associated network into the router’s RIB.

Answer 17

True.

An interface with a configured IP address and that is in an up state injects
the associated network into the router’s routing table (Routing Information Base [RIB]). Connected networks or routes have an administrative distance (AD) of zero. It is not possible for any other routing protocol to preempt a connected route in the RIB.

IPv4 addresses are assigned with the interface configuration command ip address ip-address subnet-mask. It is possible to attach multiple IPv4 networks to the same interface by attaching a secondary IPv4 address to the same interface with the command ip address ip-address subnet-mask secondary.

IPv6 addresses are assigned with the interface configuration command ipv6 address ipv6-address/prefix-length. This command can be repeated multiple times to add multiple IPv6 addresses to the same interface.

Question 18

What is ‘Process switching’?

Answer 18

Process switching, also referred to as software switching or slow path, is a switching mechanism in which the general-purpose CPU on a router is in charge of packet switching. In IOS, the ip_input process runs on the general-purpose CPU for processing incoming IP packets. Process switching is the fallback for CEF because it is dedicated to processing punted IP packets when they cannot be switched by CEF.

The types of packets that require software handling include the following:

• Packets sourced or destined to the router (using control traffic or routing protocols)
• Packets that are too complex for the hardware to handle (that is, IP packets with IP options)
• Packets that require extra information that is not currently known (for example, ARP)

Question 19

What does the ‘ip_input’ process control on a router?

Answer 19

The ip_input process consults the routing table and ARP table to obtain the next-hop router’s IP address, outgoing interface, and MAC address. It then does the following sequence:

1. overwrites the destination MAC address of the packet with the next-hop router’s MAC address
2. overwrites the source MAC address with the MAC address of the outgoing Layer 3 interface
3. decrements the IP time-to-live (TTL) field
4. recomputes the IP header checksum
5. and finally delivers the packet to the next-hop router.

Question 20

What processing units does CEF use?

Answer 20

Cisco Express Forwarding (CEF) is a Cisco proprietary switching mechanism developed to keep up with the demands of evolving network infrastructures. It has been the default switching mechanism on most Cisco platforms that do all their packet switching using the general-purpose CPU (software-based routers) since the 1990s, and it is the default switching mechanism used by all Cisco platforms that use specialized application-specific integrated circuits (ASICs) and network processing units (NPUs) for high packet throughput (hardware-based routers).

The general-purpose CPUs on software-based and hardware-based routers are similar and perform all the same functions; the difference is that on software-based routers, the general- purpose CPU is in charge of all operations, including CEF switching (software CEF), and the hardware-based routers do CEF switching using forwarding engines that are implemented in specialized ASICs, ternary content addressable memory (TCAM), and NPUs (hardware CEF). Forwarding engines provide the packet switching, forwarding, and route lookup capability to routers.

Question 21

What is TCAM?

Answer 21

A switch’s ternary content addressable memory (TCAM) allows for the matching and evaluation of a packet on more than one field. TCAM is an extension of the CAM architecture but enhanced to allow for upper-layer processing such as identifying the Layer 2/3 source/destination addresses, protocol, QoS markings, and so on. TCAM provides more flexibility in searching than does CAM, which is binary. A TCAM search provides three results: 0 for true, 1 false, and X for do not care, which is a ternary combination.

The TCAM entries are stored in Value, Mask, and Result (VMR) format. The value indicates the fields that should be searched, such as the IP address and protocol fields. The mask indicates the field that is of interest and that should be queried. The result indicates the action that should be taken with a match on the value and mask. Multiple actions can be selected besides allowing or dropping traffic, but tasks like redirecting a flow to a QoS policer or specifying a pointer to a different entry in the routing table are possible.

Layer 2 and Layer 3 forwarding decisions occur all at once. TCAM operates in hardware, providing faster processing and scalability than process switching. This allows for some features like ACLs to process at the same speed regardless of whether there are 10 entries or 500.

Question 22

What is the difference between ‘Centralized Forwarding’ and ‘Distributed Forwarding’?

Answer 22

When a route processor (RP) engine is equipped with a forwarding engine so that it can make all the packet switching decisions, this is known as a centralized forwarding architecture.

For a centralized forwarding architecture, when a packet is received on the ingress line card, it is transmitted to the forwarding engine on the RP. The forwarding engine examines the packet’s headers and determines that the packet will be sent out a port on the egress line card and forwards the packet to the egress line card to be forwarded.

If the line cards are equipped with forwarding engines so that they can make packet switching decisions without intervention of the RP, this is known as a distributed forwarding architecture.

For a distributed forwarding architecture, when a packet is received on the ingress line card, it is transmitted to the local forwarding engine on the local card. The forwarding engine performs a packet lookup, and if it determines that the outbound interface is local, it forwards the packet out a local interface. If the outbound interface is located on a different line card, the packet is sent across the switch fabric, also known as the backplane, directly to the egress line card, bypassing the RP.

Question 23

What is Software CEF?

Answer 23

Software CEF, also known as the software Forwarding Information Base, consists of the following components:

• Forwarding Information Base: The FIB is built directly from the routing table and contains the next-hop IP address for each destination in the network. It keeps a mirror image of the forwarding information contained in the IP routing table. When a routing or topology change occurs in the network, the IP routing table is updated, and these changes are reflected in the FIB. CEF uses the FIB to make IP destination prefix-based switching decisions.
• Adjacency table: The adjacency table, also known as the Adjacency Information Base (AIB), contains the directly connected next-hop IP addresses and their corresponding next-hop MAC addresses, as well as the egress interface’s MAC address. The adjacency table is populated with data from the ARP table or other Layer 2 protocol tables.

Question 24

What happens to a packet when there is no valid entry in the FIB?

Answer 24

CEF uses a FIB to make IP destination prefix-based switching decisions. Upon receipt of an IP packet, the FIB (Forwarding Information Base) (basically a mirror of the routing table) is checked for a valid entry. If an entry is missing, it is a “glean” adjacency in CEF, which means the packet should get punted to the CPU because CEF is unable to handle it.

Valid FIB entries continue processing by checking the adjacency table for each packet’s destination IP address. Missing adjacency entries invoke the ARP process. Once ARP is resolved, the complete CEF entry can be created.

CEF uses the FIB and AIB (Adjacency Information Base, or adjacency table)

Question 25

What is an SDM template?

Answer 25

The allocation ratios between the various TCAM tables are stored and can be modified with Switching Database Manager (SDM) templates.

If multiple Cisco switches exist, and the SDM template can be configured on Catalyst 9000 switches with the global configuration command sdm prefer {vlan | advanced}. The switch must then be restarted with the reload command.

Question 26

T/F: In the 802.1Q standard, any traffic that is advertised or received on a trunk port without the 802.1Q VLAN tag is associated to the native VLAN.

Answer 26

True.

The default native VLAN is VLAN 1. This means that when a switch has two access ports configured as access ports and associated to VLAN 10—that is, a host attached to a trunk port with a native VLAN set to 10—the host could talk to the devices connected to the access ports.

The native VLAN should match on both trunk ports, or traffic can change VLANs unintentionally. While connectivity between hosts is feasible (assuming that they are on the different VLAN numbers), this causes confusion for most network engineers and is not a best practice.

A native VLAN is a port-specific configuration and is changed with the interface command switchport trunk native vlan vlan-id.

Question 27

What is the command on a Catalyst switch to manually set a port to drop traffic from a specific MAC address?

Answer 27

The command mac address-table static mac-address drop adds a manual entry with the ability to associate it to a specific MAC address to drop traffic upon receipt.

GORY DETAILS FOLLOW:

mac address-table static

To configure a static entry for the MAC address table, use the mac address-table static command. To delete the static entry, use the no form of this command.

mac address-table static mac-address vlan vlan-id { drop | interface { ethernet slot / port | port-channel number [. subinterface-number]} [auto-learn]

no mac address-table static mac-address { vlan vlan-id }

Syntax Description

mac-address

MAC address to add to the table. Use the format EEEE.EEEE.EEEE.

vlan vlan-id

Specifies the VLAN to apply the static MAC address. The VLAN ID range is from 1 to 4094.

drop

Drops all traffic that is received from and going to the configured MAC address in the specified VLAN.

interface

Specifies the interface. The type can be either Ethernet or EtherChannel.

ethernet slot/port

Specifies the Ethernet interface and the slot number and port number. The slot number is from 1 to 255, and the port number is from 1 to 128.

port-channel number

Specifies the EtherChannel interface and EtherChannel number. The range is from 1 to 4096.

. subinterface-number

(Optional) EtherChannel number followed by a dot (.) indicator and the subinterface number.

auto-learn

(Optional) Allows the switch to automatically update this MAC address.

Question 28

What is the command to flush the MAC addresses from the table on a Catalyst switch.

Answer 28

The command clear mac address-table dynamic [{address mac-address | interface interface-id | vlan vlan-id}] flushes the MAC address table for the entire switch. Using the optional keywords can flush the MAC address table for a specific MAC address, switch port, or interface.

Question 29

When a frame is to be sent a destination MAC address must be included. Where does the sending device get this address from?

Answer 29

The source device must add the appropriate Layer 2 headers (source and destination MAC addresses), and the destination MAC address is needed for the next-hop IP address. The device looks for the next-hop IP addresses entry in the ARP table and uses the MAC address from the next-hop IP address’s entry as the destination MAC address. The next step is to send the data packet down to Layer 2 for processing and forwarding.

Question 30

What must be true for an SVI to be in an up state?

Answer 30

Switched Virtual Interfaces

With Catalyst switches it is possible to assign an IP address to a switched virtual interface (SVI), also known as a VLAN interface. An SVI is configured by defining the VLAN on the switch and then defining the VLAN interface with the command interface vlan vlan-id.

The switch must have an interface associated to that VLAN in an up state for the SVI to be in an up state. If the switch is a multilayer switch, the SVIs can be used for routing packets between VLANs without the need of an external router.

Question 31

How do you convert a L2 switch port to a routed switch port?

Answer 31

A multilayer switch port can be converted from a Layer 2 switch port to a routed switch port with the interface configuration command no switchport. Then the IP address can be assigned to it. Example 1-14 demonstrates port Gi1/0/14 being converted from a Layer 2 switch port to a routed switch port and then having an IP address assigned to it.

SW1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z. SW1(config)# int gi1/0/14
SW1(config-if)# no switchport
SW1(config-if)# ip address 10.20.20.1 255.255.255.0

SW1(config-if)# ipv6 address 2001:db8:20::1/64

SW1(config-if)# no shutdown

Question 32

What is checkpointing?

Answer 32

Stateful switchover (SSO) is a redundancy feature that allows a Cisco router with two RPs to synchronize router configuration and control plane state information. The process of mirroring information between RPs is referred to as checkpointing. SSO-enabled routers always checkpoint line card operation and Layer 2 protocol states. During a switchover, the standby RP immediately takes control and prevents basic problems such as interface link flaps. However, Layer 3 packet forwarding is disrupted without additional configuration.

The RP switchover triggers a routing protocol adjacency flap that clears the route table. When the routing table is cleared, the CEF entries are purged, and traffic is no longer routed until the network topology is relearned and the forwarding table is reprogrammed. Enabling nonstop forwarding (NSF) or nonstop routing (NSR) high availability capabilities informs the router(s) to maintain the CEF entries for a short duration and continue forwarding packets through an RP failure until the control plane recovers.

Question 33

What is the command to configure a static MAC address entry?

Answer 33

mac address-table static mac-address vlan vlan-id interface interface-id