Session 4

Question 1

why do you create vlans?

Answer 1

isolate network
Group users together
enhance security
increase traffic flow
it is scalable

Question 2

what is ACL used for

Answer 2

allow/deny access to subnets/host.

Question 3

If PC1 on vlan 1 and PC3 on vlan 3 - can they talk? if so what do you need to to allow that

Answer 3

it will need a router

Question 4

will a switch forward a packet that is destined to a different vlan

Answer 4

NO - Router do that

Question 5

what is the total # of vlans

Answer 5

1 thru 4094

Question 6

vlans #2 - 1001 are consider what?

Answer 6

standard type vlans

Question 7

vlans #1006 - 4094 are consider what?

Answer 7

extended type vlans

Question 8

If a switch gets a frame for a vlan it does not know about, what does it do?

Answer 8

Traffic is dropped.

Question 9

where is vlan stored?

Answer 9

vlan.dat in flash. It is not stored in running or start so not in nvram.

Question 10

what is a trunk port

Answer 10

allow interface to essentially make virtual tunnels for each vlans is allowed.

Question 11

what command you can use to see vlan and trunking info

Answer 11

show interfaces ### switchport

Question 12

what type of encapsulations do cisco switches support?

Answer 12

ISL (inter switch link) and 802.1q which cisco recommends

Question 13

how does the switch know what vlans belongs to?

Answer 13

802.1q - adds a tag (4 byte to frame)

Question 14

how can see native vlan?

Answer 14

show interfaces trunk

Question 15

why does native vlan exist and what is it use for?

Answer 15

only used in 802.1q.

at one point in time, not everything could be tag. so if traffic could not be tag it still could go through the trunk port untag.

Question 16

if you change the native vlan on 1 switch, what else do you need to do?

Answer 16

match on both sides.

Question 17

Native vlan should never be what #

Answer 17

vlan 1.

config t
vlan 99
name v99-Native

go to the turnk port
int ###
switchport trunk native vlan 99
end

show int ### switchport - you will see trunk info

Question 18

how do you get the sys log

Answer 18

config t

terminal monitor

Question 19

how to prevent from an access port to send DTP messages?

Answer 19

you have to change the administrative mode to static access. This will prevent all the access ports from converting to a trunk port.

command:
config t
int range int#####
switchport mode access

Question 20

how to do you convert administrative mode on a trunk port from dynamic access to static

Answer 20

put in following command:

switchport nonegotiate

Question 21

the max # of vlans on any given switch is determine by what?

Answer 21

Switch
STP version
VTP version

IOS / Switch and protocols working on that switch

Question 22

Interface will not show up under show vl br for 2 reason. what are they?

Answer 22

If the port is trunk and if the vlan has been removed

Question 23

Each vlan has its own unique what?

Answer 23

subnet

Question 24

what is required to forward traffic between vlans

Answer 24

router

Question 25

vlans create their own what?

Answer 25

broadcast domain or segments

Question 26

Router on a stick is called that?

Answer 26

you have 1 physical connection between router and switch.

You will take that 1 link and add a sub interfaces which is a virtual interfaces in a physical interface.

Question 27

when configuring a sub interface on a router, how do you config it?

Answer 27

config t
int ##.10
encapsulation

Question 28

what do you have to do before adding an IP address to a sub interface ?

Answer 28

you need to add the enapsulation and vlan # first

example:

encapsulation dot1q 10

Question 29

The status of the sub interface is determine by what?

Answer 29

the physical interface is under. If down then all the sub interface would be down.

Question 30

When you have an IP address on an interface and status is up up. What does that mean?

Answer 30

There should be an entry in the routing table

command:
show ip route

Question 31

what would show vlans on a router?

Answer 31

it will show you the vlan# and the interface that vlan is set up with.

Question 32

cisco router would use the physical address of the physical interface for all sub interfaces, how is that possible?

Answer 32

different vlans - so you can use the same mac address in multiple different vlans.

Question 33

what is one use of ACLs?

Answer 33

Filter traffic. It provides traffic identification.

when traffic is identified, a variety of actions can be applied.

Question 34

what are ACEs?

Answer 34

access control entries within the ACL

Question 35

what statements are usually used in a ACL?

Answer 35

permit - deny

Question 36

what is the processing of an ACL?

Answer 36

top down entries. So you have to be very specific entries are higher than generic entries.

Question 37

Stand ACL match only what?

Answer 37

only filters based on the source IP address.

Question 38

Extended ACLs match what?

Answer 38

Can filter based on Source/Destination IP address

filter based on different type of layer 4 protocols and port #s.

E for Everything

Question 39

what are the 2 ways to ID you ACLs?

Answer 39

named and numbered.

Question 40

Numbered stand range for standard acl?

Answer 40

1 - 99, 1300-1900

so they will only look at the source IP address

Question 41

Numbered stand range for extended acl?

Answer 41

100 - 199, 2000 - 2699

Question 42

Named ACLs are good because they allow you to do what?

Answer 42

modify on the fly. no need to delete it.

Question 43

what is a wild card mask?

Answer 43

identify the range of addresses that this entry applies to.

Question 44

when you care about the bits in the wild card mask, what does that mean?

Answer 44

it could not change. So the bits of the IP that cannot change.

Question 45

In a wild card mask - how do you find the minimum value?

Answer 45

X = all 0s

Question 46

In a wild card mask - how do you find the maximum value?

Answer 46

X = all 1s then you add it up to get the decimal format.

Question 47

when doing a wild card as a range of addresses how can you figure it out?

Answer 47

1. change the first subnet into binary only the part that changes with the other subnets.
2. change the last subnet into binary only the part that actually different.
3. Everything toward the left = all 0s which we know we care about since it does not change
4. Everything to the right of the line = all 1s.
5. All up all the ones and you will have your wild card range for the range of addresses.

Question 48

what does host mean in acl = ?

Answer 48

0.0.0.0 so that means its specific to that IP address

Question 49

what does ANY mean in acl ?

Answer 49

basically means 255.255.255.255 which means it allows any host.

Question 50

how can you verify an ACL is written?

Answer 50

show access-list

Question 51

how can you verify an acl is on the in/out bound of an interface?

Answer 51

show ip interface ###

Question 52

What does Inside Local address mean in NAT?

Answer 52

Specifies a private IP inside the LAN - basically the private IP address that you will be translating

Question 53

what does Inside Global address mean in NAT?

Answer 53

Public IP assigned by ISP & allow outside access - basically the public address that you will be translating to. - basically means who you are trying to reach out in the internet (destination)

Question 54

what does outside Global address mean in NAT?

Answer 54

specifies a host outside the LAN

Question 55

where can you use NAT?

Answer 55

Private to Public

Public to private

Public to Public

Private to private (when 2 companies merge)

Question 56

What are the 3 types of NAT

Answer 56

static nat - uses one to one address mapping

Dynamic Nat - uses many to many address mapping - basically allows the router to dynamically set up a route with a public address. still is 1 to 1

PAT - use many to one address mapping

Question 57

commands to set up static nat?

Answer 57

find out which interface that connects to the ISP

config t
int gi0/0
ip nat outside

find the interface that faces the inside

config t
int gi0/1
ip nat inside

IN GLOBAL CONFIG MODE

config t
ip nat inside source static #.#.#.# $.$.$.$

# = inside private host
$ = your public IP address

Question 58

what command can you put to see any translation on the router?

Answer 58

show ip nat translation

Question 59

how can you verify which interface has NAT enable?

Answer 59

show ip nat statistics

Question 60

how do you set up dynamic nat

Answer 60

global config
ip nat pool #### where # = name of nat

ip nat pool ### @.@.@.@ $.$.$.$

Question 61

what is prefix-length

Answer 61

is the subnet mask of the pool that you are setting up in dynamic nat

typically is the subnet mask of the subnet that your ISP gave you.

Question 62

what word is needed to enable PAT?

Answer 62

overload

Question 63

what are needed to set up NAT

Answer 63

Inside interfaces
Outside interface
NAT access-list