Last Updated on June 19, 2021 by Admin 2

300-420 : Designing Cisco Enterprise Networks (ENSLD) : Part 03

  1. Refer to the following partial output of the debug standby command on an HSRP-enabled router rtrA:

    300-420 Part 03 Q01 023
    300-420 Part 03 Q01 023

    Which of the following information CANNOT be gathered from the given partial output?

    • IP address of the virtual router
    • IP address of the current active router
    • Priority of the active router
    • The tracked interfaces

    Explanation:

    The debug standby command does not provide any information about the tracked HSRP interfaces. This command displays information regarding the changes in the state of the HSRP routers and packet transmissions between the routers. Some of the information that you can view using the debug standby command is as follows:

    • IP address of the virtual router
    • IP address of the current active router
    • Priority of the active router
    • Hello timer values
    • Hold time values
    • State of the router
    • Interface used to exchange HSRP packets

    HSRP packets contain the IP address of the virtual router. The IP address preceded by the text ip in the debug standby output is the address of the virtual router. In this case, the packets contain 10.5.5.5 after the text ip. This implies that 10.5.5.5 is the IP address of the virtual router.

    After HSRP selects the active and standby routers for a group, only the active and standby routers send HSRP packets to the virtual router. If the active router fails, the standby router becomes the active router. The text Hello in and the text Hello out indicate the hello packets received from and sent to the given IP address. Initially the router with IP address 10.5.5.1 is the active router, as indicated by the text Active router is 10.5.5.1.

    The priority of the active router is 100, which is indicated by the text pri 100. However, when a hello packet from 10.5.5.2 is received, which has a higher priority (120) than the active router, the 10.5.5.2 router automatically and instantly becomes the active router. This implies that the router with the IP address 10.5.5.2 was the standby router and the standby preempt command was executed.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  2. Which Cisco component can be enabled on a switch port connected to a workstation to dramatically decrease the time a workstation must wait for spanning tree to converge?

    • PortFast
    • UplinkFast
    • EtherChannel
    • FastEthernet

    Explanation:

    When PortFast is enabled on a port, the attached end station can join the network almost immediately rather than waiting up to 50 seconds for spanning tree to converge. Instead of waiting for STP to cycle through the learning and blocking states, PortFast will place the port in the forwarding state immediately. PortFast does not disable Spanning Tree but instead causes it to skip some of the unnecessary steps. PortFast is also sometimes referred to as fast-start.

    The following command enables PortFast:

    switch(config-if)# spanning-tree portfast

    You should only enable PortFast on a port that connects an end station. Enabling PortFast on a port that connects another switch could create a loop.

    UplinkFast decreases convergence time to less than five seconds for inter-switch links. With UplinkFast enabled, the switch places the blocked port into the forwarding state once the switch detects a link failure. Without UplinkFast, all ports would stop forwarding during STP convergence.

    EtherChannel and Gigabit EtherChannel provide the ability to combine up to eight physical links into one virtual link. When all links are up, traffic is load-balanced across all the links. However, if one link fails, the additional links can still provide connectivity. EtherChannel provides redundant links with bandwidths of from 200 to 800 Mbps. Recovery, in the event of link failure, typically takes place in a few microseconds or milliseconds and is transparent to users.

    FastEthernet refers to a type of Ethernet (Fast Ethernet) and does not enhance STP convergence.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify spanning tree

  3. Which three methods can be used to manage Cisco APs that are running autonomously? (Choose three.)

    • WLSE
    • WLC
    • WCS
    • CLI
    • Web interface

    Explanation:

    The three methods that can be used to manage autonomous APs are WLSE, CLI, and web interfaces. Autonomous access points (APs) maintain their management functionality and can be connected directly and configured. The wireless LAN solution engine (WLSE) allows for centralized coordination of autonomous APs. The WLSE can also work in coordination with another Cisco service, wireless domain services (WDS). The WDS enables the APs to provide fast, secure roaming between APs. The WDS registers all client devices in the subnet, establishes session keys for them, and caches their security credentials. When a client roams to another access point, the WDS device forwards the client’s security credentials to the new access point

    Wireless LAN controller (WLC) is a physical controller that provides centralized control of a WLAN environment. APs that are being managed by a WLC function in lightweight mode.

    Wireless control system (WCS) is a software package that allows for management of a WLAN environment, managing one or multiple WLCs. APs managed by WCS function in lightweight mode.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify other LAN switching technologies

  4. When using auxiliary VLANs, how is a phone configured with the appropriate VLAN to join?

    • the administrator configures the phone with CLI
    • the switch connected to the phone provides the VLAN
    • the PC attached to the phone provides the VLAN information
    • a VMPS server provides the VLAN for the switch and phone

    Explanation:

    When using auxiliary VLANs, the switch connected to the phone provides the VLAN to the phone. IP telephones typically have a built in 3-port 10/100 hub. One port internally attaches to the phone, one port is attached to the switch access port, and the other is used to connect to the workstation. The PC attached to the switch port via the IP phone is unaware of the presence of the phone

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify VLANs

  5. Which two of the following procedures can be performed on a VTP server to reset the VTP configuration revision number to 0? (Choose two. Each correct answer is a complete solution.)

    • Disable VTP pruning, then enable VTP pruning.
    • Change the VTP mode to client, and then back to server mode.
    • Change the VTP mode to transparent, then back to server mode.
    • Change the VTP domain name to a non-existent domain name, and then back to the correct domain name.

    Explanation:

    To reset the configuration revision number to 0, you should change the VLAN Trunking Protocol (VTP) domain to a non-existent domain name, and then back to the correct domain name. To change the domain name, issue the vtp domain command.

    Alternatively, you can change the VTP mode to transparent mode, then back to client or server mode. To change the VTP mode, issue the vtp mode command from global configuration mode. To verify that the configuration revision number has been reset to 0, you should issue the show vtp status command.

    Before adding a new switch to a VTP domain, you should reset the configuration revision number to 0. If the configuration revision number is higher than that of the other switches in the domain, then the switch can propagate incorrect configuration information to the other switches. This can cause virtual local area networks (VLANs) to be modified or deleted on every switch in the VTP domain.

    The VTP configuration revision number will not be reset to 0 if you disable and then re-enable VTP pruning. VTP pruning can eliminate the flooding of broadcast traffic to switches that have no ports assigned to the virtual local area network (VLAN).

    The VTP configuration revision number will not be reset to 0 if you change the VTP mode to client and then back to server. Both server-mode and client-mode switches propagate VTP information. Therefore, client-mode switches can cause incorrect information to be propagated if the configuration revision number is higher than other switches in the domain. Transparent-mode switches will not propagate its own VTP configuration, but will forward VTP information received from other switches.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify trunking

  6. Which VLAN trunking protocol adds four bytes to the Ethernet frames?

    • ISL
    • LANE
    • 802.10
    • 802.1Q

    Explanation:

    802.1Q adds 4 bytes to the Ethernet frame. The process is known as 802.1Q tagging, and inserts a four-byte field into the Ethernet frame header between the source address and the Len/Etype fields. This tag identifies the frame as an 802.1Q frame and includes bits used to identify both the priority and the VLAN ID. The VLAN ID field indicates which VLAN the frame belongs to. An 802.1q trunk can support 4096 different VLANs. After the new tag field is inserted into the frame, the frame’s previous FCS field is recalculated and replaced. The following graphic shows both the ISL and 802.1Q frame formats as well as the original Ethernet frame:

    300-420 Part 03 Q06 024
    300-420 Part 03 Q06 024

    Inter switch link (ISL) is a Cisco proprietary trunking protocol that handles the frame in a different manner. It adds a 26- byte frame header and 4-byte trailer to the frame.

    LANE (LAN Emulation) is an IEEE standard for identifying VLANs on ATM networks.

    802.10 is a Cisco proprietary method of identifying VLANs on FDDI media by writing VLAN information to the Security Association Identifier (SAID) of the 802.10 frame.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify trunking

  7. What is the first step STP performs to establish a loop-free spanning tree in a switched network?

    • Elects a root switch
    • Disables redundant loops in the tree
    • Sets a priority for each redundant link
    • Selects a designated switch for each switched segment

    Explanation:

    The first step taken by the Spanning-Tree Protocol (STP) is to elect a root bridge (switch). The root bridge keeps the STP database. The bridge ID is used to select the root bridge in the network. The bridge ID is a combination of the priority of the bridge (switch) and the MAC address. If two switches or bridges have the same priority value, the switch with the lowest MAC address will have the lowest priority and become the root bridge.

    Once the STP process is complete (after switches go through the learning and listening stages), STP disables redundant loops in the network.

    STP does not set a priority for each redundant link. The network administrator can manually set the priority of a switch. STP then uses the priority and the switch’s MAC address to calculate the bridge ID, which is used to select the root bridge.

    STP does not first select a designated switch for each switched segment. The first goal of STP is to select a root bridge for a switched segment (VLAN).

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify spanning tree

  8. Which IOS command configures the switch for the VTP mode that will propagate its VLAN database changes to others in the domain?

    • vtp mode client
    • vtp mode server
    • vtp v1-mode
    • vtp transparent mode

    Explanation:

    To configure a switch to operate as a VLAN Trunk Protocol (VTP) server, enter the vtp mode server command at the global configuration prompt.

    switch(config)# vtp mode server

    There are three modes in VTP: server, client, and transparent. The main differentiator among the three modes is whether a switch can create, modify, or delete VLANs. A Catalyst switch can create, modify, and delete VLANs in server or transparent mode, but not in client mode. However, VLANs created on a switch in transparent mode apply only to that switch, and information about these VLANs is not propagated throughout the VTP domain.

    The VTP server mode sends or forwards VTP advertisements, synchronizes VLAN configuration information with other switches, and saves the VLAN in NVRAM.

    The VTP transparent mode forwards VTP advertisements and saves the VLAN configuration in NVRAM. It does not synchronize VLAN configuration information. A switch in transparent mode can create, delete, and modify VLANs, but changes are not transmitted to other switches in the domain. Changes only affect the local switch.

    The VTP client mode sends or forwards VTP advertisements and synchronizes VLAN configuration information with other switches. It does not save VLAN information in NVRAM. In client mode, VTP clients only can receive VLAN information from VTP servers.

    For added security, you can specify the VTP domain to which the client belongs and a password used to connect to the domain when configuring a switch for VTP client mode. The password is the same for all devices in the VTP domain. The commands to configure a VTP password are as follows:

    switch(config)# vtp domain domain-name
    switch(config)# vtp password password

    The vtp v1-mode command reverts the VTP version to version 1 (the default version). Use the vtp v2-mode command to set the VTP mode to version 2.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify trunking

  9. Examine the following partial output of the show run command. The command was executed from Switch A, which is connected to Switch B through both the Fa0/1 interface and the Fa0/2 interface. Switch A is the root bridge.

    300-420 Part 03 Q09 025
    300-420 Part 03 Q09 025

    Only one of the links is being used. Your intention was to load share the traffic using both links.

    What commands do you need to execute to accomplish this? (Choose two. Each correct answer is part of the solution.)

    • switchA(config)# interface fa0/2switchA(config-if)#spanning-tree vlan 1-3 port-priority 16
    • switchA(config)# interface fa0/1switchA(config-if)#spanning-tree vlan 4-6 port-priority 16
    • switchA(config)# interface fa0/1switchA(config-if)#spanning-tree vlan 1-3 port-priority 128
    • switchA(config)# interface fa0/2switchA(config-if)#spanning-tree vlan 4-6 port-priority 128
    • switchA(config)# interface fa0/1switchA(config-if)#spanning-tree port-priority 20
    • switchA(config)# interface fa0/2switchA(config-if)#spanning-tree port-priority 20

    Explanation:

    The correct commands to load share the traffic using both links are:

    switchA(config)# interface fa0/2
    switchA(config-if)# spanning-tree vlan 1-3 port-priority 16
    switchA(config)# interface fa0/1
    switchA(config-if)# spanning-tree vlan 4-6 port-priority 16

    The configuration that was reflected in the exhibit in the show run output indicated that VLANs 1 through 6 were configured under both interfaces. However, the normal operation of STP will block one of the interfaces to prevent a loop. By default, all VLANs are allowed on both trunk links. Load sharing allows you to send some of the VLANs over one of the links and the rest on the other. In this case, the correct option will send VLANs 1-3 over Fa0/1 and VLANs 4-6 over Fa0/2.

    By altering the port priority of the VLAN 1-3 on one interface and VLANs 4-6 on the other on the root bridge (Switch A) with the port-priority keyword, the behavior of STP is altered on the other switch. The port priority value must be set in increments of 16. Now Switch A will send VLANs 1-3 over one interface without blocking and 4-6 over the other interface without blocking. The additional benefit to this configuration is that if either link goes down, all VLANs can be sent over the remaining link and until the redundant link comes back up.

    The commands below will have no effect because the default port priority is already 128, so the situation will remain the same:

    switchA(config)# interface fa0/1
    switchA(config-if)# spanning-tree vlan 1-3 port-priority 128
    switchA(config)# interface fa0/2
    switchA(config-if)# spanning-tree vlan 4-6 port-priority 128

    The commands below will have no effect because they omit the vlan 1-3 and vlan 4-6 parameters, and therefore change the port priority for all VLANs. Since the port priority is changed equally on both interfaces, there will be no load sharing as a result. More over the priority value is not entered in an increment of 16, which will generate an error message indicating that it must be set in increments of 16.

    switchA(config)# interface fa0/1
    switchA(config-if)# spanning-tree port-priority 20
    switchA(config)# interface fa0/2
    switchA(config-if)# spanning-tree port-priority 20

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify spanning tree

  10. Which two tables are used by Cisco Express Forwarding? (Choose two.)

    • FIB
    • ACL table
    • Routing table
    • MAC address table
    • Adjacency table

    Explanation:

    Cisco Express Forwarding (CEF) is a Layer 3 switching technology based on information contained in the forwarding information base (FIB) and the adjacency table.

    The FIB is conceptually equivalent to a routing table in that it contains information used in the packet-forwarding decision. It is derived from the routing table and is optimized for maximum lookup throughput. The adjacency table contains information about the adjacent route processors. The adjacency table contains the MAC information for the next-hop addresses for all FIB entries. A device is considered adjacent if it is reachable over a single Layer 2 connection. It is stored in DRAM. The adjacency table is derived from the ARP table.

    CEF is a topology-based Layer 3 switching technology that is enabled by default on the latest Cisco products. The FIB table stores IP destination prefixes from the most specific to the least specific entry in the Ternary Content Addressable Memory (TCAM). The content of the FIB table is similar to the routing table and contains the forwarding information similar to what is found in the IP routing table. A single FIB entry can point to up to six adjacencies. When changes are made to the IP routing table, the FIB table is also updated.

    The Layer 3 processor engine builds the FIB and adjacency tables in software. That information is distributed from the control-plane hardware to the data-plane hardware Application Specific Integrated Circuits (ASICs) at the port or line card. This enhances the Layer 3 forwarding operation by moving it from the software-based engine to the ASICs. Of course, there are exception packets that are still software-processed, such as:

    • Non-conforming protocols
    • Data link encapsulations

    Packets sent to a destination address that the CEF-based switch does not yet have a valid MAC address for will be sent instead to the Layer 3 engine. The Layer 3 engine will then perform the ARP request. Packets that arrive requiring fragmentation are also first sent to the Layer 3 engine.

    When the adjacency table is full, a CEF TCAM table entry points to the Layer 3 engine to redirect the adjacency. Therefore, it will be forwarded by routing.

    With respect to CEF switching, there is no ACL table. Access Control Lists (ACL) are used to filter traffic, but are not contained in a table and are not involved directly in Cisco Express Forwarding.

    The routing table is not directly involved by CEF, although the FIB is derived from the routing table.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify switch administration

  11. Which of the following statements best describes the result of issuing the instance 3 vlans 7 command?

    • VLAN 7 is mapped to MST instance 3.
    • VLAN 7 is mapped to switchport 3.
    • VLAN 7 is mapped to three MST instances.
    • Seven VLANs are mapped to MST instance 3.

    Explanation:

    When the instance 3 vlans 7 command is issued, the virtual local area network (VLAN) 7 is mapped to Multiple Spanning Tree (MST) Protocol instance 3. MST, which is defined by the 802.1s standard, maps a distinct group of VLANs to one STP instance. Multiple STP instances can be used with MST. The Cisco implementation of MST supports 256 instances. However, each instance must support a different group of VLANs because each VLAN can only be mapped to one instance.

    To map one or more VLANs to an MST instance, issue the instance instance-ID vlans vlan-range command, where ID is the number of the MST instance and vlan-range is the VLAN or VLANs that should be mapped to the instance. For example, the command instance 1 vlans 14-16,99 maps VLANs 14 through 16 and VLAN 99 to MST instance 1.

    The instance 3 vlans 7 command will not map VLAN 7 to switchport 3. The instance vlans command cannot be used to map multiple instances to a single VLAN. Each VLAN can only be mapped to one instance. When the instance 3 vlans 7 command is issued, only a single VLAN will be mapped to MST instance 3.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify spanning tree

  12. Which IOS commands are entered in interface configuration mode to configure a switch port to actively negotiate to be an 802.1Q trunk port? (Choose two.)

    • switchport trunk dot1q
    • switchport mode dynamic auto
    • switchport trunk allowed vlan
    • switchport mode trunk
    • switchport trunk encapsulation dot1q

    Explanation:

    Entering the IOS commands switchport mode trunk and switchport trunk encapsulation dot1q in interface configuration mode will allow a switch port to actively negotiate to be an 802.1Q trunk port. This allows Dynamic Trunking Protocol (DTP) to actively negotiate to be a trunk if the other side is set to trunk, desirable, or auto.

    Use the following steps to configure a port as an 802.1Q trunk:

    1. Enter the interface configuration.
    switch(config)# interface interface-id
    2. Configure the port to use 802.1Q encapsulation.
    switch(config-if)# switchport trunk encapsulation dot1q
    3. Configure the port as a trunk port.
    switch(config-if)# switchport mode trunk

    Note: Trunking modes can be configured as dynamic desirable, dynamic auto, trunk, access, and nonegotiate. If both sides are set to auto, no negotiations will occur.

    Verification of the configuration can be done by executing the show run command on both switches. An example partial output for two switches is shown below:

    300-420 Part 03 Q12 026
    300-420 Part 03 Q12 026

    In the above partial output, the following can be determined:
    Since it is configured as dynamic desirable, SwitchB will send DTP packets to SwitchA
    Since the two switches are set to dynamic desirable and dynamic auto, they will form a trunk. When one end is set to desirable, the other must be set to trunk, desirable, or auto for a trunk link to form.
    The native VLAN for SwitchA is VLAN 5 as indicated in the last line of its output. SwitchB is set to the default, which is VLAN 1. This configuration would result in a failure of the switches to form a trunk since the native VLANs do not match.

    The switchport allowed vlan command is also valid for configuring dot1q trunks, but is not required. By default, all VLANs are allowed on the trunk.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify trunking

  13. Which of the following standards describes the details of RSTP?

    • 802.1d
    • 802.1w
    • 802.1s
    • 802.1x

    Explanation:

    Rapid Spanning Tree Protocol (RSTP) is described in the IEEE 802.1w standard. It has several enhancements over Spanning Tree Protocol (STP), which uses 802.1d. The result of these enchantments is a more rapid convergence when topology changes occur. The two protocols can coexist in the network.

    If a switch running RSTP receives an 802.1d Bridge Protocol Data Unit (BPDU), on a port it will begin to use 802.1d rules on that port. However, the IEEE 802.1d standard describes STP and not RSTP.

    The IEEE 802.1s standard describes Multiple Spanning Tree Protocol (MST). This enhancement allows for multiple instances of STP. Unlike Common Spanning Tree Protocol (802.1q) and Per-VLAN Spanning Tree Protocol Plus (PVST+), which allow for a single instance of STP or an instance for every VLAN, respectively, MST allows the administrator to map several VLANs to the same instance, without committing them all to the same instance.

    IEEE 802.1x describes a standard for port-based access control. It is not related to VLANs or their management.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify spanning tree

  14. The following commands have been issued on a Catalyst switch:

    300-420 Part 03 Q14 027
    300-420 Part 03 Q14 027

    Which of the following VLANs is allowed on the trunk?

    • VLAN 1 and VLANs 101 through 200
    • VLANs 101 through 200
    • VLANs 1 through 3000
    • VLANs 1 through 4094

    Explanation:

    Virtual local area network (VLAN) 1 and VLANs 101 through 200 are allowed on the trunk. The switchport trunk allowed vlan command configures a trunk to carry one or more VLANs. The syntax for the switchport trunk allowed vlan command is switchport trunk allowed vlan {vlan-list | all | {add | except | remove} vlan-list}. VLANs specified in the vlan-list parameter should be separated by commas. However, if a contiguous group of VLANs is specified, the starting and ending VLAN numbers can be separated by a hyphen.

    If no keywords are specified with the switchport trunk allowed vlan command, then only the VLANs contained within the vlan-list parameter will be allowed on the trunk. The all keyword specifies that all VLANs from 1 through 4094 should be allowed on the trunk. The add keyword specifies the VLANs that should be added to the list of VLANs that are already allowed by the trunk. The except keyword specifies that all VLANs from 1 through 4094 are allowed except the listed VLANs. The remove keyword specifies the VLANs that should be removed from the list of VLANs that are already allowed by the trunk.

    In this scenario, the first command issued is switchport trunk allowed vlan all, which allows VLANs 1 through 4094. The second command issued is switchport trunk allowed vlan remove 1,101-4094, which removes VLAN 1 and VLANs 101-4094. Therefore, VLANs 2 through 100 are allowed. The third command issued is switchport trunk allowed vlan except 3001-4094, which specifies that all VLANs should be allowed except VLANs 3001 through 4094. Therefore, VLANs 1 through 3000 are allowed. The fourth command issued is switchport trunk allowed vlan 1, which specifies that only VLAN 1 should be allowed. The fifth command issued is switchport trunk allowed vlan add 101-200, which adds VLANs 101 through 200 to the list of allowed VLANs. Therefore, VLAN 1 and VLANs 101 through 200 are allowed on the trunk.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify trunking

  15. How long does it take for a port to transition from the STP blocking state to the forwarding state by default?

    • 2 seconds
    • 10 seconds
    • 25 seconds
    • 50 seconds
    • 70 seconds

    Explanation:

    It usually takes 50 seconds for a port to transition from the blocking state to the forwarding state in STP. This delay is a function of the default settings for the forward-delay and max-age settings. The max-age delay is 20 seconds by default, and is used to transition from the blocking to the listening state. The forward-delay setting is 15 seconds by default. This timer is used in the transition from the listening to learning states, and again for the transition from the learning to the forwarding state. These timers give STP time to gather the correct information about the network topology. While they can be modified to make convergence more efficient, the default settings work for most networks. To change the timers on all switches in the VTP domain, change the timer settings on the root bridge and the changes will be forwarded to the other switches.

    To prevent switching loops, spanning tree transitions each port through several states whenever there is a change in the network topology. Each state is briefly defined as follows:

    • Blocking: In the blocking state, a port does not forward frames, learn information, or send information. A forwarding port is placed in the blocked state when the port senses an absence of BPDUs, which are sent in the interval defined by the hello timer (two seconds by default). If the blocked port does not detect a BPDU for the length of time defined in the max-age setting (20 seconds by default), the port will transition into the listening state.
    • Listening: In the listening state, a port receives traffic but does not send information. This is the first transitional state after the blocking state. No user data is forwarded at this time, but the switch is very busy. It is during this stage that the switch participates in the election of the root bridge, the designation of root ports on the non-root bridges, and the selection of designated ports on each segment. Ports that are designated or root ports will transition to the learning state after the time defined in the forward delay (15 seconds by default) has elapsed.
    • Learning: In the learning state, a switch port can add the MAC addresses that it has learned into its address table, but cannot forward user data. The switch port will remain in this state until the amount of time defined in the forward-delay setting has elapsed (15 seconds by default), at which time it will transition into the forwarding state.
    • Forwarding: In the forwarding state, a port is actively forwarding packets. It will remain in the forwarding state until it does not detect a BPDU within the defined hello time, at which time the port is placed in the blocking state and the process starts again.

    NOTE: One of the issues that can adversely affect the operation of STP is a duplex mismatch between the NICs on either end of a link between two switches. While this causes more of a performance problem than a loss of the link, the intermittent nature of the outage can cause one of the other links on the switch to transition into a forwarding state, as it may interpret this as a loss of connectivity. If one of the other links switches to forwarding and the link with the duplex mismatch comes back online (which could happen quickly), it can create a switching loop.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify spanning tree

  16. Which of the following is true about CDP?

    • It can be used to discover the network topology
    • It is used to generate a denial of service attack
    • It can be used as part of a MAC address flooding attack
    • It is used to generate a MAC spoofing attack

    Explanation:

    Cisco Discovery Protocol (CDP) is a Cisco proprietary protocol used by Cisco devices to obtain information about directly connected devices that are also made by Cisco. Since this information includes name, device type and capabilities, IP address, and other identifying information, if these packets are captured they can be used to map the network topology. Since the first step in the hacking process (Discovery, Penetration, and Control) is discovery, this can be a security threat.

    CDP is not used to generate a DoS (denial-of-service) attack, which is an attack designed to overwhelm a device with work requests that make it unavailable for its normal jobs.

    CDP is not used as part of a MAC address flooding attack. This is performed by a hacker creating packets with unique MAC addresses and flooding the switch’s CAM table with these packets. When the CAM buffer is full, the switch will start sending packets out all interfaces enabling the hacker to capture packets from all switch ports, which is normally not possible on a switch, where each port is its own collision domain. CDP plays no role in this process.

    CDP is not used to generate a MAC spoofing attack. This type of attack involves the creation of a packet using the MAC address of a known host in the network for the purpose of redirecting traffic to the hacker’s machine instead. CDP plays no role in this process.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify Layer 2 protocols

  17. Which of the following commands configures a port with a VLAN?

    • vlan
    • vlan database
    • switchport access vlan
    • switchport mode access

    Explanation:

    The switchport access vlan command configures a port with a virtual local area network (VLAN). The syntax for the switchport access vlan command is as follows:

    switchport access vlan {vlan-id | dynamic}

    If the vlan-id parameter is specified, then a static VLAN will be configured. If the dynamic keyword is specified, then dynamic VLAN assignment by a VLAN Membership Policy Server (VMPS) will occur. Static VLAN configuration is easy to configure, secure and works well in networks where moves, additions, and changes are rare. In environments where this not the case, dynamic VLANs may be preferable.

    The vlan command is used to add VLANs to the VLAN database and to configure VLAN settings.

    • The vlan database command is issued to enter VLAN configuration mode. The following commands can be issued from VLAN configuration mode:
    • abort – exits without applying changes
    • apply – applies changes and bumps the revision number
    • exit – applies changes, bumps the revision number and exits VLAN configuration mode
    • no – negates a command
    • reset – discards changes and rereads the VLAN database
    • show – displays information
    • vlan – configures the VLAN database
    • vtp – configures VLAN Trunking Protocol (VTP) settings

    The switchport mode access command disables trunking for a port. The syntax for the switchport mode command is as follows:

    switchport mode {access | trunk | dynamicdesirable | dynamicauto}

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify VLANs

  18. A new switch that contains a configuration consisting of only VLAN 5 was just added to the network. Now users assigned to VLANs 9 and 10 are complaining of communication problems.
    Using the show vlan command, you discover that only VLAN 5 and the default VLANs exist on all your switches.

    What could have caused this problem?

    • The new switch had the default password set.
    • The domain name on the new switch did not match the rest of the network.
    • The new switch was configured in server mode and the revision number was lower than the current number in the network.
    • The new switch was configured in server mode and the revision number was higher than the current number in the network.
    • The new switch was configured in transparent mode and the revision number was higher than the current number in the network.

    Explanation:

    Adding a switch that is configured in VTP server mode and has a revision number higher than the current number in the network could cause the communication problem in the scenario. If the new switch was configured in server mode and the revision number was higher than the revision number on existing switches, it could cause the rest of the switches to update with the information contained in that new advertisement.

    VTP advertisements are flooded throughout the management domain every five minutes or whenever a change occurs in the network. These advertisements are originated from a switch that is in server mode, and are propagated by switches that are in either client or transparent mode. Before a client or another server accepts or incorporates the information sent in the advertisement, it checks the domain name and password (if defined) against its own configuration. Next, the revision number is checked to see if it is higher than the last value stored in the receiving switch. If the revision number is higher, the receiving switch will overwrite its VLAN database with the information in the advertisement.

    A VTP switch in transparent mode will receive and forward VTP advertisements. It will not use the contents of the advertisement to synchronize with its own VLAN database.

    The password, domain name, and VTP mode will not cause the switch to overwrite the other switches. This is a revision number issue.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify VLANs

  19. Which IOS commands should you enter in interface configuration mode to configure a switch port as an access port and assign it to VLAN 25? (Choose two.)

    • trunk on
    • switchport mode access
    • vlan-membership static 25
    • switchport access vlan 25

    Explanation:

    Use the following steps to assign ports to a VLAN:

    1. Enter the interface to be added to the VLAN.
    switch(config)# interface interface-id
    2. Configure the port as a Layer 2 access port.
    switch(config-if)# switchport mode access
    3. Assign the port to a VLAN.
    <fon

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify VLANs

  20. What Cisco switch feature allows IP phones to be automatically placed into a separate VLAN from data traffic?

    • marking
    • AutoQoS
    • private VLANs
    • auxiliary VLANs

    Explanation:

    Auxiliary VLANs allows IP phones to be automatically placed into a separate VLAN from data traffic. The information the phones need regarding this voice VLAN is provided by the switch. This allows the data and voice traffic to use the same physical topology but remain logically separate. The following is an example of the commands that should be executed on the switch to instruct it to provide this information to the IP phone by CDP:

    Switch> (enable) set port auxiliaryvlan 2/1-3 222

    This command creates the auxiliary VLAN 222 and adds ports 2/1 to 2/3 to the VLAN.

    Private VLANs are not used for voice traffic. Private VLANs are secondary VLANs created by an administrator that are not accessible by other secondary VLANs.

    Marking is the process of setting the Class of Service (CoS), IP precedence, or DSCP of a packet to a specific value that will provide appropriate QoS throughout the network. It is not involved in separating voice and data traffic.

    Auto QoS is a method of configuring commonly used QoS features on a Cisco switch with a single command. It is not involved in separating voice and data traffic.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify VLANs