Chapter 8 - Configuring Basic Switch Management Flashcards

1
Q

Imagine that you have configured the enable secret command, followed by the enable password command, from the console. You log out of the switch and log back in at the console. Which command defines the password that you had to enter to access privileged mode?

a. enable password
b. enable secret
c. Neither
d. The password command, if it is configured

A

B.

If both commands are configured, IOS accepts only the password as configured in the enable secret command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An engineer wants to set up simple password protection with no usernames for some switches in a lab, for the purpose of keeping curious co-workers from logging into the lab switches from their desktop PCs. Which of the following commands would be a useful part of that configuration?

a. A login vty mode subcommand
b. A password password console subcommand
c. A login local vty subcommand
d. A transport input ssh vty subcommand

A

A.

To answer this question, it might be best to first think of the complete configuration, and then find any answers that match the configuration. The commands, in vty line configuration mode, would be password password and login. Only one answer lists a vty subcommand that is one of these two commands.

Of note in the incorrect answers:
One answer mentions console subcommands. The console does not define what happens when remote users log in; those details sit in the vty line configuration.

One answer mentions the login local command; this command means that the switch should use the local list of configured usernames/passwords. The question stated that the engineer wanted to use passwords only, with no usernames.

One answer mentions the transport input ssh command, which, by omitting the telnet keyword, disables Telnet. While that command can be useful, SSH does not work when using passwords only; SSH requires both a username and a password. So, by disabling Telnet (and allowing SSH only), the configuration would allow no one to remotely log in to the switch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An engineer had formerly configured a Cisco 2960 switch to allow Telnet access so that the switch expected a password of mypassword from the Telnet user. The engineer then changed the configuration to support Secure Shell. Which of the following commands could have been part of the new configuration?
(Choose two answers.)

a. A username name secret password vty mode subcommand
b. A username name secret password global configuration command
c. A login local vty mode subcommand
d. A transport input ssh global configuration command

A

B and C.

SSH requires the use of usernames in addition to a password. Using the username global command would be one way to define usernames (and matching passwords) to support SSH. The vty lines would also need to be configured to require the use of usernames, with the login local vty subcommand being one such option. The transport input ssh command could be part of a meaningful configuration, but it is not a global configuration command (as claimed in one wrong answer). Likewise, one answer refers to the username command as a command in vty config mode, which is also the wrong mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An engineer’s desktop PC connects to a switch at the main site. A router at the main site connects to each branch office through a serial link, with one small router and switch at each branch. Which of the following commands must be configured on the branch office switches, in the listed configuration mode, to allow the engineer to telnet to the branch office switches?
(Choose three answers.)

a. The ip address command in interface configuration mode
b. The ip address command in global configuration mode
c. The ip default-gateway command in VLAN configuration mode
d. The ip default-gateway command in global configuration mode
e. The password command in console line configuration mode
f. The password command in vty line configuration mode

A

A, D, and F.

To allow access through Telnet, the switch must have password security enabled, at a minimum using the password vty line configuration subcommand. In addition, the switch needs an IP address (configured under one VLAN interface) and a default gateway when the switch needs to communicate with hosts in a different subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A Layer 2 switch configuration places all its physical ports into VLAN 2. The IP addressing plan shows that address 172.16.2.250 (with mask 255.255.255.0) is reserved for use by this new LAN switch, and that 172.16.2.254 is already configured on the router connected to that same VLAN. The switch needs to support SSH connections into the switch from any subnet in the network. Which of the following commands are part of the required configuration in this case?
(Choose two answers.)

a. The ip address 172.16.2.250 255.255.255.0 command in interface vlan 1 configuration mode.
b. The ip address 172.16.2.250 255.255.255.0 command in interface vlan 2 configuration mode.
c. The ip default-gateway 172.16.2.254 command in global configuration mode.
d. The switch cannot support SSH because all its ports connect to VLAN 2, and the IP address must be configured on interface VLAN 1.

A

B and C.

To all SSH or Telnet access, a switch must have a correct IP configuration. That includes the configuration of a correct IP address and mask on a VLAN interface. That VLAN interface then must have a path out of the switch via ports assigned to that VLAN. In this case, with all ports assigned to VLAN 2, the switch must use interface VLAN 2 (using the interface vlan 2 configuration command).

To meet the requirement to support login from hosts outside the local subnet, the switch must configure a correct default gateway setting with the ip default-gateway 172.16.2.254 global command in this case.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following line subcommands tells a switch to wait until a show command’s output has completed before displaying log messages on the screen?

a. logging synchronous
b. no ip domain-lookup
c. exec-timeout 0 0
d. history size 15

A

A.

The logging synchronous line subcommand synchronizes log message display with other command output so the log message does not interrupt a show command’s output. The no ip domain-lookup command is not a line subcommand. The other two incorrect answers are line subcommands but do not configure the function listed in the question.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly