Chapter 9 - Configuring Switch Interfaces Flashcards
Which of the following describes a way to disable IEEE standard autonegotiation on a 10/100 port on a Cisco switch?
a. Configure the negotiate disable interface subcommand
b. Configure the no negotiate interface subcommand
c. Configure the speed 100 interface subcommand
d. Configure the duplex half interface subcommand
e. Configure the duplex full interface subcommand
f. Configure the speed 100 and duplex full interface subcommands
F.
Cisco switches do not have a command to disable autonegotiation of speed and duplex. Instead, a switch port that has both speed and duplex configured disables autonegotiation.
In which of the following modes of the CLI could you configure the duplex setting for interface Fast Ethernet 0/5?
a. User mode
b. Enable mode
c. Global configuration mode
d. VLAN mode
e. Interface configuration mode
E.
Cisco switches can be configured for speed (with the speed command) and duplex (with the duplex command) in interface configuration mode.
A Cisco Catalyst switch connects with its Gigabit0/1 port to an end user’s PC. The end user, thinking the user is helping, manually sets the PC’s OS to use a speed of 1000 Mbps and to use full duplex, and disables the use of autonegotiation. The switch’s G0/1 port has default settings for speed and duplex. What speed and duplex settings will the switch decide to use?
(Choose two answers.)
a. Full duplex
b. Half duplex
c. 10 Mbps
d. 1000 Mbps
A and D.
The IEEE autonegotiation rules dictate that if a device attempts autonegotiation but the other side does not participate, use the slowest speed it supports. However, Cisco switches override that logic, instead sampling the electrical signal to detect the speed used by the connected device, so the switch will operate at 1000 Mbps. The switch uses the IEEE default setting for duplex based on the speed, and the IEEE default for duplex when using 1000 Mbps is to use full duplex. So in this case, the switch will match both the speed and the duplex setting made on the PC.
Which of the following is required when configuring port security with sticky learning?
a. Setting the maximum number of allowed MAC addresses on the interface with the switchport port-security maximum interface subcommand.
b. Enabling port security with the switchport port-security interface subcommand.
c. Defining the specific allowed MAC addresses using the switchport port-security mac-address interface subcommand.
d. All the other answers list required commands.
B.
The setting for the maximum number of MAC addresses has a default of 1, so the switchport port-security maximum command does not have to be configured. With sticky learning, you do not need to predefine the specific MAC addresses either. However, you must enable port security, which requires the switchport port-security interface subcommand.
A switch’s port Gi0/1 has been correctly enabled with port security. The configuration sets the violation mode to restrict. A frame that violates the port security policy enters the interface, followed by a frame that does not. Which of the following answers correctly describe what happens in this scenario?
(Choose two answers.)
a. The switch puts the interface into an err-disabled state when the first frame arrives.
b. The switch generates syslog messages about the violating traffic for the first frame.
c. The switch increments the violation counter for Gi0/1 by 1.
d. The switch discards both the first and second frame.
B and C.
First, about the two incorrect answers: In restrict mode, the arrival of a frame that violates the port security policy does not cause the switch to put the interface into err-disabled state. It does cause the switch to discard any frames that violate the policy, but it leaves the interface up, and does not discard frames that do not violate the security policy, like the second frame that arrives.
Regarding the two correct answers, a port in port security restrict does cause the switch to issue log messages for a violating frame, send SNMP traps about that same event (if SNMP is configured), and increment the counter of violating frames.
A Cisco Catalyst switch connects to what should be individual user PCs. Each port has the same port security configuration, configured as follows:
interface range gigabitethernet 0/1 - 24
switchport mode access
switchport port-security
switchport port-security mac-address sticky
Which of the following answers describe the result of the port security configuration created with these commands?
(Choose two answers.)
a. Prevents unknown devices with unknown MAC addresses from sending data
through the switch ports.
b. If a user connects a switch to the cable, prevents multiple devices from sending
data through the port.
c. Will allow any one device to connect to each port, and will save that device’s
MAC address into the startup-config.
d. Will allow any one device to connect to each port, but will not save that device’s
MAC address into the startup-config.
B and D.
First, about the sticky parameter… this command causes the switch to learn the source MAC, and to add it to a switchport port-security mac-address address interface subcommand. However, port security adds that command to the runningconfig file; the network engineer must also issue a copy running-config startupconfig EXEC command to save that configuration.
About the other correct answer, users can connect a switch to the end of the cable, with multiple devices connected to that switch. That happens in real networks when users decide they need more ports at their desk. However, the default setting of switchport port-security maximum 1 means that a frame from the second unique source MAC address would cause a violation, and with the default violation action, to err-disable the port.
For the other incorrect answer, the configuration does not prevent unknown MAC addresses from accessing the port, because the configuration does not predefine any MAC address.
