Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CCENT 105 Domain 2 > Chapter 9 Configuring Switch interfaces > Flashcards

Chapter 9 Configuring Switch interfaces Flashcards

1
Q

Which of the following describes a way to disable IEEE standard autonegotiation on a 10/100 port on a Cisco switch?

a. Configure the negotiate disable interface subcommand
b. Configure the no negotiate interface subcommand
c. Configure the speed 100 interface subcommand
d. Configure the duplex half interface subcommand
e. Configure the duplex full interface subcommand
f. Configure the speed 100 and duplex full interface subcommands

A

f. Configure the speed 100 and duplex full interface subcommands

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In which of the following modes of the CLI could you configure the duplex setting for interface Fast Ethernet 0/5?

A

e. Interface configuration mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A Cisco Catalyst switch connects with its Gigabit0/1 port to an end user’s PC. The end user, thinking the user is helping, manually sets the PC’s OS to use a speed of 1000 Mbps and to use full duplex, and disables the use of autonegotiation. The switch’s G0/1 port has default settings for speed and duplex. What speed and duplex settings will the switch decide to use? (Choose two answers.)

a. Full duplex
b. Half duplex
c. 10 Mbps
d. 1000 Mbps

A

A,D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is required when configuring port security with sticky learning?
a. Setting the maximum number of allowed MAC addresses on the interface with the switchport port-security maximum interface subcommand.
b. Enabling port security with the switchport port-security interface subcommand.
c. Defining the specific allowed MAC addresses using the switchport port-security
mac-address interface subcommand.
d. All the other answers list required commands.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A switch’s port Gi0/1 has been correctly enabled with port security. The configura- tion sets the violation mode to restrict. A frame that violates the port security policy enters the interface, followed by a frame that does not. Which of the following answers correctly describe what happens in this scenario? (Choose two answers.)

a. The switch puts the interface into an err-disabled state when the first frame arrives.
b. The switch generates syslog messages about the violating traffic for the first frame.
c. The switch increments the violation counter for Gi0/1 by 1.
d. The switch discards both the first and second frame.

A

B,C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A Cisco Catalyst switch connects to what should be individual user PCs. Each port has the same port security configuration, configured as follows:
interface range gigabitethernet 0/1 - 24
switchport mode access
switchport port-security
switchport port-security mac-address sticky
Which of the following answers describe the result of the port security configuration created with these commands? (Choose two answers.)

A

B,D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

shows a way to shorten your configuration work when making the same setting on multiple consecutive interfaces.

A

To do so, use the interface range command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You can define a range as long as

A

all interfaces are the same type and are numbered consecutively.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IOS does not actually put the interface range command into the configuration.Instead,

A

it acts as if you had typed the subcommand under every single interface in the specified range

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cisco uses two interface subcommands to configure the idea of administratively enabling and disabling an interface:

A

the shutdown command (to disable), and the no shutdown command (to enable)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IEEE autonegotiation defines some rules (defaults) that nodes should use as defaults when autonegotiation fails—that is, when a node tries to use autonegotiation but hears nothing from the device. The rules:

A

Speed: Use your slowest supported speed (often 10 Mbps).

■ Duplex: If your speed = 10 or 100, use half duplex; otherwise, use full duplex.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cisco switches use this slightly different logic to choose the speed when autonegotia- tion fails:

A

Speed: Sense the speed (without using autonegotiation), but if that fails, use the IEEE default (slowest supported speed, often 10 Mbps).
■ Duplex: Use the IEEE defaults: If speed = 10 or 100, use half duplex; otherwise, use full duplex.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Basically, hubs do not react to autone- gotiation messages, and they do not forward the messages. As a result,

A

devices connected to a hub must use the IEEE rules for choosing default settings, which often results in the devices using 10 Mbps and half duplex.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

summarizes these ideas common to all variations of port security:

A

■ Define a maximum number of source MAC addresses allowed for all frames coming in the interface.
■ Watch all incoming frames, and keep a list of all source MAC addresses, plus a counter of the number of different source MAC addresses.
■ When adding a new source MAC address to the list, if the number of MAC addresses pushes past the configured maximum, a port security violation has occurred. The switch takes action (the default action is to shut down the interface).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Port security provides an easy way to discover the MAC addresses used off each port using a feature called

A

ticky secure MAC addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Port Security config checklist

A
  1. Make the switch interface either a static access or trunk interface using the switchport mode access or the switchport mode trunk interface subcom- mands, respectively.
  2. Enable port security using the switchport port-security interface subcom- mand.
  3. (Optional) Override the default maximum number of allowed MAC address- es associated with the interface (1) by using the switchport port-security maximum number interface subcommand.
  4. (Optional) Override the default action to take upon a security violation (shutdown) using the switchport port-security violation {protect | restrict | shutdown} interface subcommand.
  5. (Optional) Predefine any allowed source MAC addresses for this interface using the switchport port-security mac-address mac-address command. Use the command multiple times to define more than one MAC address.
  6. (Optional) Tell the switch to “sticky learn” dynamically learned MAC addresses with the switchport port-security mac-address sticky interface subcommand.
17
Q

how would you save the addresses learned by the switchport port-security mac-address sticky command?

A

Copy the running-config to the start up config file

18
Q

What are two commands for verifying port security and what are the differences

A
  1. show port-security int (type/#). -shows if port security is enabled on the interface, the violation mode configured, and the port status.
  2. The show running-config int (type/#)show how port security was set up for this port including any sticky mac addresses learned.
19
Q

What are the port security violation actions for the three types of violations?

A
  1. Protect
    Discards offending traffic.
  2. Restrict
    Discards offending traffic,sends log and SNMP messages, increments the the violation counter for each violating oncoming frame.
  3. Shutdown
    Restrict
    Discards offending traffic,sends log and SNMP messages, increments the the violation counter for each violating oncoming frame.
    And shutsdown the interface.
20
Q

Once a switch port has been configured with port security, the switch no longer considers MAC addresses associated with that port as being dynamic entries as listed with the show mac address-table dynamic EXEC command. Even if the MAC addresses are dynamically learned, once port security has been enabled, you need to use one of these options to see the MAC table entries associated with ports using port security:

A

■ show mac address-table secure: Lists MAC addresses associated with ports that use port security

■ show mac address-table static: Lists MAC addresses associated with ports that use port security, as well as any other statically defined MAC addresses

21
Q

Interface mode. Lists any information text that the engineer wants to track for the interface, such as the expected device on the other end of the cable.

A

description text

22
Q

Reverts to the default setting for each interface subcommand of speed auto, duplex auto, and the absence of a description command.

A

no duplex
no speed
no description

23
Q

Interface configuration mode command that tells the switch to always be an access port, or always be a trunk port

A

switchport mode {access | trunk}

I

24
Q

Interface configuration mode command that statically adds a specific MAC address as an allowed MAC address on the interface

A

switchport port-security mac-address

mac-address

25
Q

Interface subcommand that tells the switch to learn MAC addresses on the interface and add them to the configuration for the interface as secure MAC addresses

A

switchport port-security mac-address sticky

26
Q

Interface subcommand that sets the maximum number of static secure MAC addresses that can be assigned to a single interface

A

switchport port-security maximum value

I

27
Q

Interface subcommand that tells the switch what to do if an inappropriate MAC address tries to access the network through a secure switch port

A

switchport port-security violation {protect | restrict | shutdown}

28
Q

Lists the currently used configuration

A

show running-config

29
Q

Displays the running-configuration excerpt of the listed interface and its subcommands only

A

show running-config | interface type number

30
Q

Lists the dynamically learned entries in the switch’s address (forwarding) table

A

show mac address-table dynamic [interface type number]

31
Q

Lists MAC addresses defined or learned on ports configured with port security

A

show mac address-table secure [interface type number]

32
Q

Lists static MAC addresses and MAC addresses learned or defined with port security

A

show mac address-table static [interface type number]

33
Q

Lists one output line per interface (or
for only the listed interface if included), noting the description, operating state, and settings for duplex and speed on each interface

A

show interfaces [interface type number] status

34
Q

Lists detailed status and statistical information about all interfaces (or the listed interface only)

A

show interfaces [interface type number]

35
Q

Lists an interface’s port security configuration settings and security operational status

A

show port-security interface type number

36
Q

Lists one line per interface that summarizes the port security settings for any interface on which it is enabled

A

show port-security

CCENT 105 Domain 2 (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions