Chapter 8 - Configuring Ethernet Switching Flashcards

1
Q

What command moves you into global configuration mode?

A

configure terminal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What command enables a password when a user tries to enable mode?

A

enable secret {password}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What commands enable a login and password for console 0?

A
#configure terminal
#line console 0
#password {password}
#login
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What commands enable a login and password?

A

username {username} password {password}

Interface sub-command login local

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What’s another way to authenticate users other than using the local username and passwords on a switch?

A

Using a AAA server - authentication, authorization, and accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What protocols are normally used between a Cisco device and a AAA server to secure the traffic?

A

RADIUS or TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 4 steps to enabling SSH on a switch?

A

Step 1.) Configure the vty lines to use usernames (using login local command) or a AAA server
Step 2.) If using local logins, configure the usernames and passwords
Step 3.) Configure the switch to use a matched public and private key pair to use for encryption.
Step 4.) Optional - Enable SSH v2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What two commands configure the switch to use a matched public and private key pair for encryption?

A
#ip domain-name {name}
#crypto key generate rsa
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What global command enables SSH v2?

A

ip ssh version 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What 2 commands give some information about the status of SSH on the switch?

A
#show ip ssh
#show ssh
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What command lists information about each SSH client currently connected into the switch?

A

show ssh

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which command enables or disables SSH or telnet on the vty lines?

A

transport input vty subcommand

Valid commands are transport input {all | none | telnet | ssh}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What global configuration command will encrypt the passwords in the running configuration file?

A

service password-encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Once the service password-encryption command is entered and then if the no service password-encryption is entered, how does it treat the passwords in the config file?

A

Once the no service password-encryption file is entered, the current passwords in the file are unchanged. However, any new changes will show the passwords in clear text.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Switches can protect the enable mode requiring that a user enter a password. What is the old and new command for enabling this password?

A

The older one is:
#enable password {password}
The newer one is:
#enable secret {password}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

If both enable commands are configured, which one does the switch use or prefer?

A

enable secret command

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

If only one enable command is configured, what password does the switch require?

A

The password used in the enable command that was configured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

If neither enable command was used, what password is required?

A

Console users are allowed into enable mode without a password prompt while others are rejected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How is the encryption that the enable secret command uses different than the service password-encryption command?

A

The enable secret command uses MD5 or Message Digest 5 hash versus the weaker encryption that the enable secret command uses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What command is preferred to hide the password for a username?

A

username secret {password}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What type of encryption does the username secret command use?

A

SHA-256 (type 4)

22
Q

What are 3 types of banner messages that can be set up using the banner command?

A

Message of the day (MOTD), Login, and Exec

23
Q

What command lists the commands currently held in the history buffer?

A

show history

24
Q

Which command from console or vty line config mode, sets the default number of commands saved in the history buffer for the user(s) of the console or vty lines?

A

history size {x}

25
Q

From Exec mode, this command allows a single user to set, just for this one login session, the size of his history buffer.

A

terminal history size {x}

26
Q

Which command can disable syslog messages that show up at the console?

A

no logging console

27
Q

Which command pretty much tells the switch to only display syslog messages at more convenient times such as at the end of a show command?

A

logging synchronous

28
Q

Which vty subcommand lets you set the length of the inactivity timer?

A

exec-timeout {minutes seconds}

29
Q

By default, the switch automatically disconnects connected users on the vty lines after how much time?

A

5 minutes of inactivity

30
Q

An switched virtual interface (SVI) is also known as what?

A

VLAN interface

31
Q

Enabling an IP address on a switch vlan allows for what?

A

Remote access in order to manage the switch.

32
Q

What are the steps to set up an IP address on VLAN 1 of a switch?

A
#configure terminal
#interface vlan 1
#ip address {ip-address mask}
#no shutdown
#ip default-gateway {ip-address}
Optional #ip name-server {ip-address 1 ip-address 2}
33
Q

How would you configure vlan 1 for dhcp instead of assigning an address statically?

A
#configure terminal
#interface vlan 1
#ip address dhcp
34
Q

What are 2 different commands you can use to verify the IPv4 configuration of a switch?

A

show running-config

show interface vlan {x}

35
Q

What command shows temporarily leased IP address and other parameters if using dhcp?

A

show dhcp lease

36
Q

If you’ve just configured the duplex and speed settings of ports, what’s a command you can use to verify these settings?

A

show interfaces status

37
Q

What command would you use if you wanted to configure multiple fast ethernet ports at the same time?

A

interface range FastEthernet {x/x-x}

38
Q

What could an engineer enable on a switch to allow only certain devices to connect through a port?

A

port security

39
Q

What are 3 variations or rules of port security?

A

1) Define a maximum # of source MAC addresses allowed for all frames coming in the interface.
2) Watch all incoming frames, and keep a list of all source MAC addresses, plus a counter of the # of different source MAC addresses.
3) When adding a new source MAC address to the list, if the number of MAC addresses pushes past the configured maximum, a port security violation has occurred. The switch takes action (the default action is to shutdown the interface).

40
Q

What is the first configuration step in enabling port security?

A

Make the switch interface either a static access or trunk interface using switchport mode access or switchport mode trunk.

41
Q

After enabling the switchport mode access or trunk command, what’s the next step in enabling port security?

A

Use the switchport port-security interface subcommand.

42
Q

What command would you use to override the default maximum number (1) of allowed MAC addresses associated with the interface?

A

switchport port-security maximum {number}

43
Q

What command would you use to override the default action to take upon a security violation (shutdown)?

A

switchport port-security violation {protect | restrict | shutdown}

44
Q

What command would you use to predefine any allowed source MAC address(es) for this interface?

A

switchport port-security mac-address {mac-address}

45
Q

What command would you use to tell the switch to “sticky learn” dynamically learned MAC addresses?

A

switchport port-security mac-address sticky

46
Q

What command would you use to verify port security?

A

show port-security interface

47
Q

What are 3 actions that a switch can take when a port security violation occurs?

A

1) Discards offending traffic
2) Sends log and SNMP messages
3) Disables the interface, discarding all traffic

48
Q

Of the 3 options of the switchport port-security violation command (protect, restrict, and shutdown), which discards offending traffic?

A

protect, restrict, and shutdown

49
Q

Of the 3 options of the switchport port-security violation command (protect, restrict, and shutdown), which sends log and SNMP messages?

A

restrict and shutdown

50
Q

Of the 3 options of the switchport port-security violation command (protect, restrict, and shutdown), which disables the interface, discarding all traffic?

A

shutdown

51
Q

What are 4 things an engineer can do to secure unused ports?

A

1) Use the shutdown command to completely shut the interface down
2) Prevent VLAN trunking by using the switchport mode access command.
3) Assign the port to an unused VLAN using switchport access vlan {#} command
4) Set the native VLAN to not be VLAN 1, but to instead be an unused VLAN using the switchport trunk native vlan {vlan-id} command