ICND2 Flashcards

Question 1

Q

Two VLAN tagging protocols.

Answer

A

ISL- Cisco proprietary

802.1Q - Open IEEE

Question 2

Q

Static vs Dynamic VLAN

Answer

A

Static- Port is assigned a VLAN

Dynamic- VLAN is assigned according to MAC address connected to port. Use VMPS Vlan Management Policy Server.

Question 3

Q

What domain is each separate VLAN in?

Answer

A

Broadcast

Hosts in one VLAN cannot reach hosts in another VLAN, by default
A Layer 3 device is needed for inter-VLAN communication (this will be
covered later)
Each VLAN needs its own subnet, for example, VLAN 1 –
192.168.1.0/24, VLAN 2 – 192.168.2.0/24
All hosts in a VLAN should belong to the same subnet

Question 4

Q

Which VLAN is generally native by default?

Question 5

Q

At what point are frames tagged with VLAN ID?

Answer

A

At trunk port based on access port it originated from.

Vlan tagging only occurs on the trunk, not access port. It just states that if the port is an access port and not trunk, the frame will not be tagged. The switch will strip off the vlan tag at the end of the trunk and switch it in hardware to the correct access port it needs to go to.

Question 6

Q

Is Native VLAN traffic tagged?

Question 7

Q

3 types of switchports?

Answer

A

Access links or ports
Trunk links or ports
Dynamic (this will be discussed shortly)

Question 8

Q

How many VLANs can be created?

Question 9

Q

VLAN 802.1Q trunking commands

Answer

A

Sw(config)#interface FastEthernet 0/1
Sw(config-if)#switchport
Sw(config-if)#switchport mode trunk
Sw(config-if)#switchport trunk encapsulation dot1q

Question 10

Q

5 trunk modes:

Answer

A

On – forces the port into permanent trunking mode. The port becomes a trunk, even if the connected device does not agree to convert the link into a trunk link.
Off – the link is not used as a trunk link, even if the connected device is set to “trunk.”
Auto – the port is willing to become a trunk link. If the other device is set to “on” or “desirable,” then the link becomes a trunk link. If both sides are left as “auto,” then the link will never become a trunk, as neither side will attempt to convert.
Desirable – the port actively tries to convert to a trunk
link. If the other device is set to “on,” “auto,” or “desirable,” then the link will become a trunk link.
No-negotiate – prevents the port from negotiating a trunk connection. It will be forced into an access or trunk mode as per the configuration.

Question 11

Q

Switchport: Auto -> Auto

Question 12

Q

Switchport: Auto -> Desirable

Question 13

Q

Switchport: Auto -> Trunk

Question 14

Q

Switchport: Auto -> Access

Question 15

Q

Switchport: Desirable -> Auto

Question 16

Q

Switchport: Desirable -> Desirable

Question 17

Q

Switchport: Desirable -> Trunk

Question 18

Q

Switchport: Desirable -> Access

Question 19

Q

Switchport: Trunk -> Auto

Question 20

Q

Switchport: Trunk -> Desirable

Question 21

Q

Switchport: Trunk -> Trunk

Question 22

Q

Switchport: Trunk -> Access

Answer

A

Limited Connectivity

Question 23

Q

Switchport: Access -> Auto

Question 24

Q

Switchport: Access -> Desirable

Question 25

Q

Switchport: Access -> Trunk

Answer

A

Limited Connectivity

Question 26

Q

Switchport: Access -> Access

Question 27

Q

Command show port trunk info. i.e auto, desirable

Answer

A

show interface trunk
or
show interfaces switchport

Question 28

Q

What file is VLAN info stored in?

Answer

A

VLAN.dat in flash memory.

SwitchA#dir flash:

Question 29

Q

Signs of duplex mismatches?

Answer

A

input and CRC errors on the interface

755 input errors, 739 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

Question 30

Q

Inter-VLAN routing not working:

Answer

A

Check to ensure that the link between the switches and the routers is set up correctly, and the relevant VLANs
are allowed and not pruned (see VTP pruning). The show interface trunk command will provide the required information. Also, check to ensure that the router’s sub interfaces are configured with correct encapsulation and
VLAN, and the sub interface’s IP address is the default gateway for the hosts.

Question 31

Q

VLANs cannot be created:

Answer

A

Check whether the VTP mode on the switch is
set to “client.” VLANs cannot be created if the VTP mode is client. Another important factor is the number of VLANs allowed on the switch.
The show vtp status command will provide the information required (see the Troubleshooting Trunking and VTP section below).

Question 32

Q

Hosts within the same VLAN cannot reach each other:

Answer

A

It is important that hosts in a VLAN have an IP address that belongs to the same subnet. If the subnet is different, then they will not be able to reach each other. Another factor to consider is whether the hosts are connected to the same switch. If they are not connected to the same switch, then ensure that the trunk
link(s) between the switches is/are working correctly and that the VLAN is not excluded/not pruned from the allowed list. The show interface trunk command will show needed information regarding the trunk link.

Question 33

Q

Commands to configure a voice vlan

Answer

A

SW1(config-vlan)#interface FastEthernet0/6
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan20
SW1(config-if)#switchport voice vlan10

Question 34

Q

Command to turn off DTP

Answer

A

switchport nonegotiate

Question 35

Q

Is DTP still on when you create a trunk port?

Answer

A

Yes. Must turn off with switchport nonegotiate

Question 36

Q

What is native VLAN used for?

Answer

A

used by the switch to carry specific protocol traffic, like Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP), Port Aggregation Protocol (PAgP), and Dynamic Trunking Protocol (DTP) information.

Question 37

Q

Commands to change trunk native VLAN

Answer

A

Switch(config)#interface FastEthernet0/1

Switch(config-if)#switchport trunk native vlan ?

Question 38

Q

Turning on VTP

Answer

A

Switch(config)#vtp mode server ‹this is on by default

Switch(config)#vtp domain in60days

Question 39

Q

Turning on VTP password

Answer

A

Switch(config)#vtp password Cisco321

Setting device VLAN database password to Cisco321

Question 40

Q

VTP modes

Answer

A

Server (default)
Client
Transparent

Question 41

Q

VTP Server

Answer

A

In Server mode, the switch is authorized to create, modify, and delete VLAN
information for the entire VTP domain. Any changes you make to a server
are propagated throughout the whole domain. VLAN configuration is stored
in the VLAN database file “vlan.dat” located on the flash memory.

Question 42

Q

VTP Client Mode

Answer

A

In Client mode, the switch will receive VTP information and apply any changes, but it does not allow adding, removing, or changing VLAN information on the switch. The client will also send the VTP packet received
out of its trunk ports. Remember that you cannot add a switch port on a VTP client switch to a VLAN that does not exist on the VTP server. VLAN configuration is stored in the VLAN database file “vlan.dat” located on the
flash memory

Question 43

Q

VTP Transparent Mode

Answer

A

In Transparent mode, the switch will forward the VTP information received out of its trunk ports, but it will not apply the changes. A VTP Transparent mode switch can create, modify, and delete VLANs, but the changes are not propagated to other switches. VTP Transparent mode also requires configuration of domain information. A VTP transparent switch is needed when a switch separating a VTP server and client needs to have a different VLAN database. Transparent mode is needed to configure the extended VLAN range (1006 to 4096).

Question 44

Q

How to reset VTP config number on switch

Answer

A

In order to reset the configuration revision of a switch,

change the VTP domain name, and then change the name back to the original name.

Question 45

Q

VTP configuration number

Answer

A

The configuration revision number is a 32-bit number that indicates the level
of revision for a VTP packet (see the show vtp status output above). This
information is used to determine whether the received information is more
recent than the current version.

If switch with higher VTP config # is connected to network it can wipe out all other VLAN database files and bring network down.

Question 46

Q

STP IEEE

Answer

A

IEEE 802.1D

Question 47

Q

STP Data units?

Answer

A

BPDU (Bride Protocol Data Unit) tagged with VLAN ID

Question 48

Q

How often are STP messages sent?

Answer

A

BPDUs sent every 2 seconds

Question 49

Q

How many Designated Ports can be on a LAN segment?

Answer

A

That means if two are facing eachother, one must block.

Question 50

Q

STP Port States. How many? What are they?

Answer

A

Blocking – BPDUs received only (20 seconds)
Listening – BPDUs sent and received (15 seconds)
Learning – Bridging table is built (15 seconds)
Forwarding – Sending/receiving data
Disabled – Administratively down

Question 51

Q

Port State Movement

Answer

A

From Initialization to Blocking
From Blocking to either Listening or Disabled
From Listening to either Learning or Disabled
From Learning to either Forwarding or Disabled
From Forwarding to Disabled

Question 52

Q

STP timer values

Answer

A

STP timers are used in the process to control convergence:
Hello – 2 seconds (time between each Configuration BPDU)
Forward Delay – 15 seconds (controls durations of Listening/Learning
states)
Max Age – 20 seconds (controls the duration of the Blocking state)
Default convergence time is 30 to 50 seconds.

Question 53

Q

STP Bride ID. Composed of what?

Answer

A

Priority (16 bits) + MAC Address (48 bits)

Question 54

Q

Default STP priority

Question 55

Q

STP priority values multiplier value?

Question 56

Q

Command to set switch as STP root?

Answer

A

spanning-tree vlan 2 root {primary | secondary}

spanning-tree vlan 2 priority 0
in increment of 4096 starting at 0

Question 57

Q

Metrics used in calculating STP.

Answer

A

Cost and Priority

Better is lower # based on better bandwidth

Question 58

Q

STP Root Port Election tiebreaker metrics

Answer

A

Lowest Root Bridge ID
Lowest Root path cost to Root Bridge
Lowest sender Bridge ID
Lowest sender Port ID

Question 59

Q

STP Root port

Answer

A

The Spanning Tree Root Port is the port that provides the best path, or lowest cost, when the device forwards packets to the Root Bridge. In other words,
the Root Port is the port that receives the best BPDU for the switch, which indicates that it is the shortest path to the Root Bridge in terms of path cost.
The Root Port is elected based on the Root Bridge path cost.

Question 60

Q

STP Designated Port

Answer

A

Designated Port is a port that points away from the STP Root. This port is the one in which the designated device is attached to the LAN.

Question 61

Q

Portfast

Answer

A

Port Fast is a feature that is typically enabled only for a port or interface that connects to a host. When the link comes up on this port, the switch skips the first stages of the STA and directly transitions to the Forwarding state.

Generally do when connected to a non-BPDU sending device like a computer.

Question 62

Q

BPDU guard

Answer

A

The BPDU Guard feature is used to protect the Spanning Tree domain from external influence. BPDU Guard is disabled by default but is recommended for all ports on which the Port Fast feature has been enabled. When a port that is configured with the BPDU Guard feature receives a BPDU, it immediately transitions to the errdisable state. This prevents false information from being injected into the Spanning Tree domain on ports that have Spanning Tree disabled.

Question 63

Q

RSTP

Answer

A

IEEE 802.1W

Question 64

Q

RSTP Port states

Answer

A

RSTP port states can be mapped against STP port states as follows:
Disabled – Discarding
Blocking – Discarding
Listening – Discarding
Learning – Learning
Forwarding – Forwarding

Answer 46

A

RSTP port roles include the following:
Root (Forwarding state)
Designated (Forwarding state)
Alternate (Blocking state)
Backup (Blocking state)

Answer 47

A

Non-forwarding port that backs up a root bridge

Non-forwarding port that backs up a designated port

Answer 48

A

neighbor 1.1.1.1 remote-as 56

Answer 49

A

Only matters locally.

show ip protocols

Answer 50

A

If not configured is the highest loopback interface ip

Answer 51

A

Highest number is best.

Answer 52

A

authentication port-control

Answer 53

A

EtherChannel can consist of up to eight ports. Physical links in an EtherChannel must share similar characteristics, such as be defined in the same VLAN or have the same speed and duplex settings, for example.

Answer 54

A

LACP- Link Aggregation Control Protocol 802.3ad

PAgP- Port Aggregation Protocol

Answer 55

A

Auto mode is a PAgP mode that will negotiate with another PAgP port only if the port receives a PAgP packet. When this mode is enabled, the port(s)
will never initiate PAgP communications but will instead listen passively for any received PAgP packets before creating an EtherChannel with the neighboring switch.

Desirable mode is a PAgP mode that causes the port to initiate PAgP negotiation for a channel with another PAgP port. In other words, in this mode, the port actively attempts to establish an EtherChannel with another
switch running PAgP.

Answer 56

A

show etherchannel summary

Answer 57

A

The BPDU Filter feature has dual functionality. When configured at interface level it effectively disables STP on the selected ports by preventing them from sending or receiving any BPDUs.

Different than BPDU guard in that guard can still send. Filter won’t send or receive.

Answer 58

A

The Root Guard feature prevents a Designated Port from becoming a Root Port. If a port on which the Root Guard feature is enabled receives a superior BPDU, it moves the port into a root-inconsistent state, thus maintaining the current Root Bridge status quo.

Answer 59

A

The Uplink Fast feature provides faster failover to a redundant link when the primary link fails (i.e., direct failure of the Root Port). The primary purpose
of this feature is to improve the convergence time of STP in the event of a failure of an uplink. This feature is of most use on Access Layer switches with redundant uplinks to the Distribution Layer; hence, the name.

When the Uplink Fast feature is enabled, the backup port to the Distribution Layer is immediately placed into
a Forwarding state, resulting in no network downtime instead of taking 30 seconds.

Answer 60

A

Full.

Half-duplex ports in an LACP EtherChannel are
placed into the suspended state.

Answer 61

A

Active

Passive

Answer 62

A

LACP active mode places a switch port into an active negotiating state in which the switch port initiates negotiations with remote ports by sending
LACP packets. Active mode is the LACP equivalent of PAgP desirable mode. In other words, in this mode, the switch port actively attempts to establish an EtherChannel with another switch that is also running LACP.

Answer 63

A

When a switch port is configured in passive mode, it will negotiate with an LACP channel only if it receives another LACP packet. In passive mode, the
port responds to LACP packets that the interface receives but does not start LACP packet negotiation. This setting minimizes the transmission of LACP
packets. In this mode, the port channel group attaches the interface to the EtherChannel bundle. This mode is similar to the auto mode that is used with PAgP.

Answer 64

A

PAgP == 8

LACP > 8 Max 16 are hot-standby

Answer 65

A

channel-group 1 mode on

on selected interface

Answer 66

A

channel-group 1 mode {desirable | auto}

Answer 67

A

Switch-1(config-if-range)#channel-protocol lacp

Switch-1(config-if-range)#channel-group 1 mode {active | passive}

Answer 68

A

show etherchannel summary

Answer 69

A

Switch stacking enables you to physically connect a number of Cisco switches with special cables so that they logically appear on the network as one switch. This group of switches has a single IP address for management, a single MAC address table, and one instance of STP.

Answer 70

A

In summary, the switch, acting as the 802.1X authenticator, queries the AAA server if the supplied username and password are correct, and the AAA
server provides the appropriate response. If there is a match, the switch will then enable the port for use. If there is no match, the port will not forward traffic to or from the device connected to it.

Answer 71

A

DHCP snooping provides network protection from rogue DHCP servers by creating a logical firewall between untrusted hosts and DHCP servers. When
DHCP snooping is enabled, the switch builds and maintains a DHCP snooping table (which is also referred to as the DHCP binding table), and it is used to prevent and filter untrusted messages from the network.
DHCP snooping uses the concept of trusted and untrusted interfaces. This means that incoming packets received on untrusted ports are dropped if the
source MAC address of those packets does not match the MAC address in the binding table.

Answer 72

A

Switched virtual interfaces. Used on Layer 3 switch.

Answer 73

A

Switch(config)#interface vlan 10
Switch(config-if)#description “SVI for VLAN 10”
Switch(config-if)#ip address 10.10.10.1 255.255.255.0

Answer 74

A

Make sure to use switchport command and enable ip routing

Switch(config-if)#int f0/1
Switch(config-if)#switchport
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20

Switch(config)#ip routing

Answer 75

A

Distance Vector

Proprietary- Cisco

Answer 76

A

Will give network 10.0.0.0

Must add wildcard to get granular

R1(config)#router eigrp 150
R1(config-router)#network 10.1.1.0 0.0.0.255
R1(config-router)#network 10.3.3.0 0.0.0.255

Answer 77

A

When configuring EIGRP in production networks, it is common practice to use a wildcard mask of all zeros or a subnet mask of all 1s. For example, the network 10.1.1.1 0.0.0.0 and network 10.1.1.1 255.255.255.255 commands
perform the same actions.

Answer 78

A

0b

Highest group number is 255

Answer 79

A

If can’t authorize, no traffic.

Answer 80

A

In cleartext

Answer 81

A

Uses pap if chap is not available

Answer 82

A

4 unless overridden with maximum-paths command

Answer 83

A

Hello Interval
Dead Interval
Area ID

Answer 84

A

When a router has received all the LSAs and built its local link-state database, OSPF uses Dijkstra’s shortest path first (SPF) algorithm to create an SPF tree.

Answer 85

A

Advertising networks
OSPFv2 Configured using the network router configuration command

OSPFv3 Configured using the ipv6 ospf area
interface configuration command

Answer 86

A

An OSPF router with interfaces connected to the backbone area and to at least one other area.

Answer 87

A

A router connected to the backbone area (includes ABRs).

Answer 88

A

A router in one area.

Answer 89

A

A router that has at least one interface connected to an external network.
An external network is a network that is not part of the routing domain, such as EIGRP, BGP, or one with static routing to the Internet.

Answer 90

A

A special OSPF area to which all other areas must connect, such as Area 0.

Answer 91

A

However, notice that both OSPFv2 and OSPFv3 use an IPv4 address for the router ID.
This means that before a router can start an OSPFv3 routing process, there must be an IPv4 address
configured—either an interface or a router ID. If not, the router will return the following syslog message
when you attempt to enable the OSPFv3 routing process with the ipv6 router ospf command

Answer 92

A

R1(config)# interface GigabitEthernet 0/0

R1(config-if)# ipv6 ospf 10 area 0

Answer 93

A

Mismatched EIGRP authentication parameters (if configured)
Mismatched EIGRP K values
Mismatched EIGRP autonomous system number
Using secondary addresses for EIGRP neighbor relationships
The neighbors are not on a common subnet

Answer 94

A

By default, the router with the numerically highest IPv4 address is elected as the active HSRP router.

Answer 95

A

Highest priority is active router.

Answer 96

A

R1(config)# access-list 1 permit 172.16.0.0 0.0.255.255
R1(config)# interface gigabitethernet 0/0
R1(config-if)# ip access-group 1 out

Answer 97

A

R1(config)# username R2 password itsasecret
R1(config)# interface serial 0/0/1
R1(config-if)# ppp authentication chap

R2(config)# username R1 password itsasecret
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1, changed state to up
R2(config)# interface serial 0/1/1
R2(config-if)# ppp authentication chap

Notice that each router refers to the other router’s hostname in the username command, but both routers must configure the same password value.
(for pap Use ppp authentication pap instead)

Answer 98

A

R1(config)# interface dialer 5
R1(config-if)# encapsulation ppp
R1(config-if)# ip address negotiated
R1(config-if)# ip mtu 1492
R1(config-if)# dialer pool 5
R1(config-if)# ppp chap hostname customer2222
R1(config-if)# ppp chap password ConnectMe
R1(config-if)# no shutdown
R1(config-if)# interface GigabitEthernet 0/0
R1(config-if)# no ip address
R1(config-if)# pppoe enable
R1(config-if)# pppoe-client dial-pool-number 5
R1(config-if)# no shutdown
R1(config-if)# end
R1# show ip interface brief

Answer 99

A

Generic routing encapsulation (GRE) is one example of a basic, nonsecure, site-to-site VPN
tunneling protocol.

Answer 100

A

R1(config)# interface Tunnel0
R1(config-if)# tunnel mode gre ip
R1(config-if)# ip address 192.168.2.1 255.255.255.0
R1(config-if)# tunnel source s0/0/0
R1(config-if)# tunnel destination 198.133.219.87

Answer 101

A

Company-A(config-if)# router bgp 65000
Company-A(config-router)# neighbor 209.165.201.1 remote-as 65001
Company-A(config-router)# network 198.133.219.0 mask 255.255.255.0

Answer 102

A

n SNMPv1: The Simple Network Management Protocol defined in RFC 1157.
n SNMPv2c: Defined in RFCs 1901 to 1908. Utilizes a community string–based administrative
framework.
n SNMPv3: Interoperable standards-based protocol originally defined in RFCs 2273 to 2275.
Provides secure access to devices by authenticating and encrypting packets over the network.

Answer 103

A

As close to the network edge as possible.

Answer 104

A

Application plane. Uses API to send request to control plane.

Answer 105

A

Control plane

Answer 106

A

Data plane

Answer 107

A

Discarding
Learning
Forwarding

Answer 108

A

0000.0C07.ACxx

Answer 109

A

0000.0C9F.Fxxx

Answer 110

A

only between cisco devices

Answer 111

A

Init, learn, listen, speak, standby, active

Answer 112

A

Cosco proprietary

Answer 113

A

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Answer 114

A

Every 30 min and when topo changes

Answer 115

A

can monitor traffic on a network be capturing and sending traffic from a set of source port on one device to a set of destination ports on a non-routed network.

Answer 116

A

SHA/MD5 is authentication, and AuthPriv uses DES/AES stuff.

Answer 117

A

Hosts do not require default gateway config when used.

Answer 118

A

DMVPN essentially creates a mesh VPN topology. This means that each site (spoke) can connect directly with all other sites, no matter where they are located.

Brainscape's Knowledge GenomeTM

ICND2 Flashcards

Brainscape's Knowledge Genome^TM