Chapter 6. Configuring Basic Switch Management Flashcards
1
Q
- Imagine that you have configured the [enable secret] command, followed by the [enable password] command, from the console. You log out of the switch and log back in at the console. Which command defines the password that you had to enter to access privileged mode?
a) .enable password
b) .enable secret
c) .Neither
d) .The [password] command, if it is configured
A
- B. If both commands are configured, IOS accepts only the password as configured in the [enable secret] command.
2
Q
- An engineer wants to set up simple password protection with no usernames for some switches in a lab, for the purpose of keeping curious coworkers from logging in to the lab switches from their desktop PCs. Which of the following commands would be a useful part of that configuration?
a) .A [login] vty mode subcommand
b) .A [password] password console subcommand
c) .A [login local] vty subcommand
d) .A [transport input ssh] vty subcommand
A
- A. To answer this question, it might be best to first think of the complete configura-tion and then find any answers that match the configuration. The commands, in vty line configuration mode, would be passwordpassword and login. Only one answer lists a vty subcommand that is one of these two commands.
Of note in the incorrect answers:
One answer mentions console subcommands. The console does not define what hap-pens when remote users log in; those details sit in the vty line configuration.
One answer mentions the login local command; this command means that the switch should use the local list of configured usernames/passwords. The question stated that the engineer wanted to use passwords only, with no usernames.
One answer mentions the transport input ssh command, which, by omitting the telnet keyword, disables Telnet. While that command can be useful, SSH does not work when using passwords only; SSH requires both a username and a password. So, by disabling Telnet (and allowing SSH only), the configuration would allow no one to remotely log in to the switch.
3
Q
- An engineer had formerly configured a Cisco 2960 switch to allow Telnet access so that the switch expected a password of [mypassword] from the Telnet user. The engi-neer then changed the configuration to support Secure Shell. Which of the following commands could have been part of the new configuration? (Choose two answers.)
a. A [username name secret password] vty mode subcommand
b. A [username name secret password] global configuration command
c. A [login local] vty mode subcommand
d. A [transport input ssh] global configuration command
A
- B and C. SSH requires the use of usernames in addition to a password. Using the [username] global command would be one way to define usernames (and matching pass-words) to support SSH. The vty lines would also need to be configured to require the use of usernames, with the [login local] vty subcommand being one such option.
The [transport input ssh] command could be part of a meaningful configuration, but it is not a global configuration command (as claimed in one wrong answer). Likewise, one answer refers to the [username] command as a command in vty config mode, which is also the wrong mode.
4
Q
- An engineer’s desktop PC connects to a switch at the main site. A router at the main site connects to each branch office through a serial link, with one small router and switch at each branch. Which of the following commands must be configured on the branch office switches, in the listed configuration mode, to allow the engineer to tel-net to the branch office switches and supply only a password to login? (Choose three answers.)
a) .The [ip address] command in interface configuration mode
b) .The [ip address] command in global configuration mode
c) .The [ip default-gateway] command in VLAN configuration mode
d) .The [ip default-gateway] command in global configuration mode
e) .The [password] command in console line configuration mode
f) .The [password] command in vty line configuration mode
A
- A, D, and F. To allow access through Telnet, the switch must have password security enabled, at a minimum using the [password] vty line configuration subcommand. In addition, the switch needs an IP address (configured under one VLAN interface) and a default gateway when the switch needs to communicate with hosts in a different subnet.
5
Q
- A Layer 2 switch configuration places all its physical ports into VLAN 2. The IP addressing plan shows that address 172.16.2.250 (with mask 255.255.255.0) is reserved for use by this new LAN switch and that 172.16.2.254 is already configured on the router connected to that same VLAN. The switch needs to support SSH connections into the switch from any subnet in the network. Which of the following commands are part of the required configuration in this case? (Choose two answers.)
a) .The [ip address 172.16.2.250 255.255.255.0] command in interface vlan 1 con-figuration mode.
b) .The [ip address 172.16.2.250 255.255.255.0] command in interface vlan 2 con-figuration mode.
c) .The [ip default-gateway 172.16.2.254] command in global configuration mode.
d) .The switch cannot support SSH because all its ports connect to VLAN 2, and the IP address must be configured on interface VLAN 1.
A
- B and C. To allow SSH or Telnet access, a switch must have a correct IP configuration. That includes the configuration of a correct IP address and mask on a VLAN interface. That VLAN interface then must have a path out of the switch via ports assigned to that VLAN. In this case, with all ports assigned to VLAN 2, the switch must use inter-face VLAN 2 (using the [interface vlan 2] configuration command).
To meet the requirement to support login from hosts outside the local subnet, the switch must configure a correct default gateway setting with the [ip default-gateway 172.16.2.254] global command in this case.
6
Q
- Which of the following line subcommands tells a switch to wait until a show com-mand’s output has completed before displaying log messages on the screen?
a) .[logging synchronous]
b) .[no ip domain-lookup]
c) .[exec-timeout 0 0]
d) .[history size 15]
A
- A. The [logging synchronous] line subcommand synchronizes the log message display with other command output so the log message does not interrupt a [show] command’s output. The [no ip domain-lookup] command is not a line subcommand. The other two incorrect answers are line subcommands but do not configure the function listed in the question.