Ethernet Features

Question 1

802.3ad

Answer 1

Link Aggregation
- Congestion can occur when ports all operate at the same speed
- Allows for combination of multiple physical connections into a single logical connection
- Bandwidth available is increased and the congestion is minimized or prevented

Question 2

PoE 802.3af
PoE+ 802.3at

Answer 2

■ Supplies electrical power over Ethernet
● Requires CAT 5 or higher copper cable
● Provides up to 15.4 watts of power to device
● PoE+ provides up to 25.5 W of power to device
■ Two Device Types
● Power Sourcing Equipment (PSE)
● Powered Device (PD)

Question 3

Port Monitoring or Mirroring

Answer 3

■ Helpful to analyze packet flow over network
● Connect a network sniffer to a hub and it sees all
● But, switches require port monitoring for network analyzer to see all the traffic
■ Port mirroring makes a copy of all traffic destined for a port and sends it to another port

Question 4

802.1x

Answer 4

User Authentication
■ For security purposes, switches can require users to authenticate themselves before gaining access to the network
■ Once authenticated, a key is generated and shared between the
supplicant (device wanting access) and the switch (authenticator)
■ Authentication server checks the supplicant’s credentials and creates the key
■ Key is used to encrypt the traffic coming from and being sent to the client

Question 5

Management Access and Authentication

Answer 5

■ To configure and manage switches, you can use two options
● SSH
○ Remote administration program that allows you to connect to the switch over the network
● Console Port
○ Allows for local administration of the switch using a separate laptop and a rollover cable (DB-9 to RJ-45)

Question 6

Out-of-band (OOB)

Answer 6

■ Management involves keeping all network configuration devices on a separate network

Question 7

First-Hop Redundancy

Answer 7

■ Hot Standby Router Protocol (HSRP) uses virtual IP and MAC addresses to provide a “active router” and a “standby router”
● HSRP is a Cisco-proprietary protocol
● If Active is offline, then standby answers

Question 8

Other First-Hop Redundancy Protocols

Answer 8

■ Gateway Load Balancing Protocol (GLBP)
● Cisco-proprietary protocol
■ Virtual Router Redundancy Protocol (VRRP)
● Open-source protocol
■ Common Address Redundancy Protocol (CARP)
● Open-source protocol

Question 9

MAC Filtering

Answer 9

■ Permits or denies traffic based on a device’s MAC address to improve security

Question 10

Traffic Filtering

Answer 10

■ Multilayer switches may permit or deny traffic based on IP addresses or application ports

Question 11

Quality of Service (QoS)

Answer 11

■ Forwards traffic based on priority markings

Question 12

802.1D

Answer 12

Spanning Tree Protocol (STP)
○ Permits redundant links between switches and prevents traffic loops
○ Availability is measured in 9’s
■ Five 9’s is 99.999% uptime and allows only 5 minutes down per year
○ Shortest Path Bridging (SPB) is used for larger network environments instead
○ Without STP, MAC Address table corruption can occur

Question 13

Broadcast Storms

Answer 13

■ If broadcast frame received by both switches, they can forward frames to each other
■ Multiple copies of frame are forwarded, replicated, and forwarded again until the network is consumed with forwarding many copies of the same initial frame

Question 14

Root and Nonroot Bridges

Answer 14

■ Root Bridge
● Switch elected to act as a reference point for a spanning tree
● Switch with the lowest bridge ID (BID) is elected as the root bridge
● BID is made up of a priority value and a MAC address (with the
lowest value considered root)
■ Nonroot Bridge
● All other switches in an STP topology
■ MAC Address table corruption can occur

Question 15

Root, Designated, and Non-Designated Ports

Answer 15

■ Root Port
● Every non-root bridge has a single root port
● Port closest to the root bridge in terms of cost
● If costs are equal, lowest port number is chosen
■ Designated Port
● Every network segment has a designated port
● Port closest to the root bridge in terms of cost
● All ports on root bridge are designated ports
■ Non-Designated Port
● Ports that block traffic to create loop-free topology

Question 16

Root and Nonroot Bridges

Answer 16

■ Single root port on non-root bridge
■ All other ports on non-root bridge are non-designated
■ All ports on root bridge are designated

Question 17

Port States

Answer 17

■ Non-designated ports do not forward traffic during normal operation; however, they do receive bridge protocol data units (BPDUs)
■ If a link in the topology goes down, the non-designated port detects the failure and determines whether it needs to transition to a forwarding state
■ To get to the forwarding state, though, it has to transition through four states
● Blocking
○ BPDUs are received but they are not forwarded
○ Used at beginning and on redundant links
● Listening
○ Populates MAC address table
○ Does not forward frames
● Learning
○ Processes BPDUs
○ Switch determines its role in the spanning tree
● Forwarding
○ Forwards frames for operations
■ Root and Non-designated port are blocking
■ Designated ports are forwarding

Question 18

Link Costs

Answer 18

■ Associated with the speed of a link
■ Lower the link’s speed, the higher the cost
■ Long STP is being adopted due to higher link speeds over 10 Gbps
■ Values range from 2,000,000 for 10-Mbps Ethernet to as little as 2 for 10 Tbps

Question 19

VLANs

Answer 19

■ Switch ports are in a single broadcast domain
■ Allow you to break out certain ports to be in different broadcast domains
■ Before VLANs, you had to use routers to separate departments,
functions, or subnets
■ Allow different logical networks to share the same physical hardware
■ Provides added security and efficiency

Question 20

802.1q

Answer 20

■ Multiple VLANs transmitted over the same physical cable
■ VLANs are each tagged with 4-byte identifier
● Tag Protocol Identifier (TPI)
● Tag Control Identifier (TCI)
■ One VLAN is left untagged
● Called the Native VLAN

Question 21

VPN

Answer 21

Virtual Private Network
Creates a secure VPN or virtual tunnel over an untrusted network like the Internet

Question 22

VPN Concentrator

Answer 22

Dedicated network device that provides secure connections between remote users and a company network

Question 23

VPN Headend

Answer 23

A specific type of VPN concentrator used to terminate IPSec VPN tunnels within a router or other device

Question 24

Firewalls

Answer 24

■ Network security appliance at your boundary
■ Firewalls can be software or hardware
■ Stateful Firewalls
● Allows traffic that originates from inside the network and go out
to the Internet
● Blocks traffic originated from the Internet from getting into the
network

Question 25

NGFW

Answer 25

■ Conducts deep packet inspection at Layer 7
■ Detects and prevents attacks
■ Much more powerful than basic stateless or stateful firewalls
■ Continually connects to cloud resources for latest information on threats

Question 26

IDS/IPS

Answer 26

■ Intrusion Detection System (IDS)
● Recognizes attacks through signatures and anomalies
■ Intrusion Prevention System (IPS)
● Recognizes and responds

Question 27

Proxy Server

Answer 27

■ A specialized device that makes requests to an external network on behalf of a client

Question 28

Content Engine/Caching Engine

Answer 28

■ Dedicated appliance that performs the caching functions of a proxy server

Question 29

Content Switch/Load Balancer

Answer 29

■ Distributes incoming requests across various servers in a server farm

Question 30

VoIP Phone

Answer 30

A hardware device that connects to your IP network to make a
connection to a call manager within your network

Question 31

Unified Communications (or Call) Manager

Answer 31

Used to perform the call processing for hardware and software-based IP phones

Question 32

Industrial Control System (ICS)

Answer 32

Describes the different types of control systems and associated
instrumentation

Question 33

Supervisory Control and Data Acquisition (SCADA)

Answer 33

Acquires and transmits data from different systems to a central panel for monitoring and control

Question 34

Virtual Network Devices

Answer 34

Major shift in the way data centers are designed, fielded, and operated