SWIITCH CONFIGURATION AND MANAGEMENT Flashcards

1
Q

What does configuring a switch entail?

A

Modern switches and routers come with in-built configuration, i.e. are self-configuring and no additional configurations are necessary for them to function out of the box. However, Cisco switches run Cisco IOS, and can be manually configured to better meet the needs of the network.
This includes adjusting port speed, bandwidth, and security requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the different ways a switch can be managed and what are the requirements to do so

A

Cisco switches can be managed both locally
and remotely. To remotely manage a switch, it needs to have an IP address and default gateway configured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe the switch boot sequence

A

Step 1: First, the switch loads a power-on self-test (POST) program stored in ROM. POST checks the CPU subsystem.
Step 2: Next, the switch loads the boot loader software. The boot loader is a small program stored in ROM that is run immediately after POST successfully completes.
Step 3: The boot loader performs low-level CPU initialization. It initializes the CPU registers, which control where physical memory is mapped, the quantity of memory, and its speed.
Step 4: The boot loader initializes the flash file system on the system board.
Step 5: Finally, the boot loader locates and loads a default IOS operating system software image into memory and gives control of the switch over to the IOS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe Switch LED lights

A

Cisco Catalyst switches have several status LED indicator lights. You can use the switch LEDs to quickly monitor switch activity and performance. Switches of different models and feature sets will have different LEDs and their placement on the front panel of the switch may also vary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Briefly name and describe the different pueposes of switch LED lights in a Cisco Catalyst 2960 switch.

A
  1. System LED
    Shows whether the system is receiving power and is functioning properly. If the LED is off, it means the system is not powered on. If the LED is green, the system is operating normally. If the LED is amber, the system is receiving power but is not functioning properly.
  2. Redundant Power System (RPS) LED
    Shows the RPS status. If the LED is off, the RPS is off, or it is not properly connected. If the LED is green, the RPS is connected and ready to provide backup power. If the LED is blinking green, the RPS is connected but is unavailable because it is providing power to another device. If the LED is amber, the RPS is in standby mode, or in a fault condition. If the LED is blinking amber, the internal power supply in the switch has failed, and the RPS is providing power.

3.Port Status LED
Indicates that the port status mode is selected when the LED is green. If the LED is off, there is no link, or the port was administratively shut down. If the LED is green, a link is present. If the LED is blinking green, there is activity and the port is sending or receiving data. If the LED is alternating green-amber, there is a link fault. If the LED is amber, the port is blocked to ensure that a loop does not exist in the forwarding domain and is not forwarding data (typically, ports will remain in this state for the first 30 seconds after being activated). If the LED is blinking amber, the port is blocked to prevent a possible loop in the forwarding domain.

4.Port Duplex LED
Indicates that the port duplex mode is selected when the LED is green. When selected, port LEDs that are off are in half-duplex mode. If the port LED is green, the port is in full-duplex mode.

5.Port Speed LED
Indicates that the port speed mode is selected. When selected, the port LEDs will display colors with different meanings. If the LED is off, the port is operating at 10 Mbps. If the LED is green, the port is operating at 100 Mbps. If the LED is blinking green, the port is operating at 1000 Mbps.

6.Power over Ethernet (PoE) Mode LED
If the LED is off, it indicates the PoE mode is not selected and that none of the ports have been denied power or placed in a fault condition. If the LED is blinking amber, the PoE mode is not selected but at least one of the ports has been denied power or has a PoE fault. If the LED is green, it indicates the PoE mode is selected and the port LEDs will display colors with different meanings. If the port LED is off, the PoE is off. If the port LED is green, the PoE is on. If the port LED is alternating green-amber, PoE is denied because providing power to the powered device will exceed the switch power capacity. If the LED is blinking amber, PoE is off because of a fault. If the LED is amber, PoE for the port has been disabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a possible course of action when a switch crashes?

A

The boot loader provides access into the switch if the operating system cannot be used because of missing or damaged system files. The boot loader has a command-line that provides access to the files stored in flash memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the requirements for remote management of a switch?

A

-The switch must have a switch virtual interface (SVI) configured with an IPv4 address and subnet mask or an IPv6 address and a prefix length for IPv6. The SVI is a virtual interface, not a physical port on the switch.
-The switch must be configured with a default gateway. This is very similar to configuring the IP address information on host devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe full duplex communication. What is the requirement for this

A

Full-duplex communication increases bandwidth efficiency by allowing both ends of a connection to transmit and receive data simultaneously. This is also known as bidirectional communication and it requires microsegmentation. A microsegmented LAN is created when a switch port has only one device connected and is operating in full-duplex mode. There is no collision domain associated with a switch port operating in full-duplex mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How are switch ports manually configured with specific duplex and speed settings.

A

Use the duplex interface configuration mode command to manually specify the duplex mode for a switch port. Use the speed interface configuration mode command to manually specify the speed

*All fiber-optic ports, such as 1000BASE-SX ports, operate only at one preset speed and are always full-duplex.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is autonegotiation

A

Autonegotiation is useful when the speed and duplex settings of the device connecting to the port are unknown or may change. Mismatched settings for the duplex mode and speed of switch ports can cause connectivity issues. Autonegotiation failure creates mismatched settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is auto-MDIX in full

A

automatic medium-dependent interface crossover (auto-MDIX)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the importance of auto-MDIX

A

It automatically detects the required cable connection type and configures the connection appropriately, removing the need for crossover cables to interconnect switches or connect PCs peer-to-peer. As long as it is enabled on either end of a link, either type of cable can be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

List three possible network access layer issues and their possible solutions

A

-If the interface is up and the line protocol is down, a problem exists. There could be an encapsulation type mismatch, the interface on the other end could be error-disabled, or there could be a hardware problem.

-If the line protocol and the interface are both down, a cable is not attached, or some other interface problem exists. For example, in a back-to-back connection, the other end of the connection may be administratively down.

-If the interface is administratively down, it has been manually disabled (the shutdown command has been issued) in the active configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Explain the following media errors: Input errors, runts, giants, CRC, output errors, collisions and late collisions

A
  1. Input Errors-Total number of errors. It includes runts, giants, no buffer, CRC, frame, overrun, and ignored counts.
  2. Runts-Frames that are discarded because they are smaller than the minimum frame size for the medium. For instance, any Ethernet frame that is less than 64 bytes is considered a runt.
  3. Giants-Frames that are discarded because they exceed the maximum frame size for the medium. For example, any Ethernet frame that is greater than 1,518 bytes is considered a giant.
  4. CRC-CRC errors are generated when the calculated checksum is not the same as the checksum received.
  5. Output Errors- Sum of all errors that prevented the final transmission of datagrams out of the interface that is being examined.
  6. Collisions- Number of messages retransmitted because of an Ethernet collision. Collisions in half-duplex operations are normal. However, you should never see collisions on an interface configured for full-duplex communication.
  7. Late Collisions- A collision that occurs after 512 bits of the frame have been transmitted. Excessive cable lengths are the most common cause of late collisions. Another common cause is duplex misconfiguration. For example, you could have one end of a connection configured for full-duplex and the other for half-duplex
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In troubleshooting if the show interfaces command reveals that the system is down, what are some of the ways to resolve this issue?

A
  • Check to make sure that the proper cables are being used. Additionally, check the cable and connectors for damage. If a bad or incorrect cable is suspected, replace the cable.
  • If the interface is still down, the problem may be due to a mismatch in speed setting. The speed of an interface is typically autonegotiated; therefore, even if it is manually applied to one interface, the connecting interface should autonegotiate accordingly. If a speed mismatch does occur through misconfiguration, or a hardware or software issue, then that may result in the interface going down. Manually set the same speed on both connection ends if a problem is suspected.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In troubleshooting if the show interfaces command reveals that the system is up, but issues with connectivity are still present, what are some of the ways to resolve this issue?

A

-Using the show interfaces command, check for indications of excessive noise. Indications may include an increase in the counters for runts, giants, and CRC errors. If there is excessive noise, first find and remove the source of the noise, if possible. Also, verify that the cable does not exceed the maximum cable length and check the type of cable that is used.

-If noise is not an issue, check for excessive collisions. If there are collisions or late collisions, verify the duplex settings on both ends of the connection. Much like the speed setting, the duplex setting is usually autonegotiated. If there does appear to be a duplex mismatch, manually set the duplex to full on both ends of the connection.

17
Q

Why is telnet insecure?

A

It uses insecure plaintext transmission of both the login authentication (username and password) and the data transmitted between the communicating devices. A threat actor can monitor packets using Wireshark.

*Port 23

18
Q

Why is SSH safe?

A

Secure Shell (SSH) is a secure protocol that uses TCP port 22. It provides a secure (encrypted) management connection to a remote device. SSH should replace Telnet for management connections. SSH provides security for remote connections by providing strong encryption when a device is authenticated (username and password) and also for the transmitted data between the communicating devices.

19
Q

How do you verify that a switch supports SSH

A

Use the show version command on the switch to see which IOS the switch is currently running. An IOS filename that includes the combination “k9” supports cryptographic (encrypted) features and capabilities.

20
Q

What are the steps to configure SSH

A
  1. Verify SSH support.
    Use the show ip ssh command to verify that the switch supports SSH. If the switch is not running an IOS that supports cryptographic features, this command is unrecognized.

2.Configure the IP domain.
Configure the IP domain name of the network using the ip domain-name domain-name global configuration mode command.

3.Generate RSA key pairs.
Not all versions of the IOS default to SSH version 2, and SSH version 1 has known security flaws. To configure SSH version 2, issue the ip ssh version 2 global configuration mode command. Generating an RSA key pair automatically enables SSH. Use the crypto key generate rsa global configuration mode command to enable the SSH server on the switch and generate an RSA key pair.

4.Configure user authentication.
The SSH server can authenticate users locally or using an authentication server. To use the local authentication method, create a username and password pair using the username username secret password global configuration mode command.

5.Configure the vty lines.
Enable the SSH protocol on the vty lines by using the transport input ssh line configuration mode command.

6.Enable SSH version 2.
By default, SSH supports both versions 1 and 2. When supporting both versions, this is shown in the show ip ssh output as supporting version 2. Enable SSH version using the ip ssh version 2 global configuration command.