300-420 : Designing Cisco Enterprise Networks (ENSLD) : Part 05

Last Updated on June 19, 2021 by Admin 2

300-420 : All Parts

300-420 : Designing Cisco Enterprise Networks (ENSLD) : All Parts
300-420 Part 01	300-420 Part 05
300-420 Part 02	300-420 Part 06
300-420 Part 03	300-420 Part 07
300-420 Part 04

Which VTP mode and version should be configured on a switch so that its VLAN database can be separately maintained while it forwards all VTP advertisements it receives?
- Server mode and version 1
- Client mode and version 1
- Server mode and version 2
- Client mode and version 2
- Transparent mode and version 2
- Transparent mode and version 1
Explanation:

A switch configured in VTP transparent mode allows the administrator to maintain the switch VLAN configuration information and not advertise its database to other switches in the network. A switch configured in VTP transparent mode using version 1 will only forward VTP advertisements it receives if the version used to send the update is also version 1. Using version 2 it will forward advertisements it receives without checking the version number.

There are two versions of VTP: version 1 and version 2. VTP version 1 is the default. The two versions are not interoperable. To support version 2, all of the switches in a network need to be configured to run in VTP version 2.

To enable, or revert back to, VTP version 1 at the configuration prompt, use the following command:
```
switch(config)# no vtp v2-mode
```
VTP version 2 offers some features that are not available in version 1.
- Token Ring support: Version 2 provides the ability to support Token Ring LAN parameters, such as ring numbers and hop counts, used in Token Ring LAN switching and VLANs.
- Unrecognized type, length, value (TLV) support: A version 2-enabled switch in server or client modes will propagate configuration changes to its other trunks, even for TLVs it is not able to parse.
- Version-independent transparent mode: In version 1, a transparent mode switch checks the domain name and the version of a received VTP advertisement before forwarding it. Using version 2, it ignores the version when forwarding the advertisement.
- Consistency checks: With version 2, the switch performs consistency checks of VLAN information, such as names and values, when new information is entered through the CLI or using SNMP. It does not do this when updating with information from a new advertisement.
Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify trunking
Which IOS interface configuration commands are required to configure a switch port to actively negotiate to be an 802.1Q trunk port that, when active, will send packets destined for VLAN 3 untagged? (Choose three.)
- switchport mode trunk
- switchport trunk dot1q 3
- switchport native vlan 3
- switchport trunk mode dot1q
- switchport mode dynamic auto
- switchport trunk native vlan 3
- switchport trunk encapsulation dot1q
Explanation:

Entering the IOS commands switchport mode trunk and switchport trunk encapsulation dot1q in interface configuration mode will allow a switch port to actively negotiate to be an 802.1Q trunk port. Setting the trunk native VLAN to 3 with the command switchport trunk native vlan 3 will allow VLAN 3 traffic to be sent and received untagged over the trunk port.

The command switchport mode trunk instructs DTP to actively negotiate to be a trunk if the other side is set to trunk, desirable, or auto.

Use the following steps to configure a port as an 802.1Q trunk:
```
1. Enter the interface configuration.
switch(config)# interface interface-id
```
```
2. Configure the port to using 802.1Q encapsulation.
switch(config-if)# switchport trunk encapsulation dot1q
```
```
3. Configure the port as a trunk port.
switch(config-if)# switchport mode trunk
```
```
4. (Optional) Set the native VLAN number.
switchport trunk native vlan number
```
If the native VLAN is changed as above, it must be changed on both ends of the link. Failure to do so will cause the link to not be successfully built because the native VLAN numbers must match. When left to the default (VLAN 1) the issue takes care of itself. If a native VLAN mismatch occurs, it will be reflected in the debug command output of one of the switches, as shown below.

2009 Aug 11 16:36:11 %SPNTREE-2-RX_IQPVIDERR:Rcvd pvid_inc BPDU on 1Q port 0/2 vlan3
2009 Aug 11 16:36:11 %SPNTREE-2-TX_BLKPORTPVID:Block 0/2 on xmitting vlan 1 for inc peer vlan
2009 Aug 11 16:36:11 %SPNTREE-2-RX_BLKPORTPVID:Block 0/2 on rcving vlan 3 for inc peer vlan 1

Note: Trunking modes can be configured as access, dynamic desirable, dynamic auto, trunk, and nonegotiate. If both sides are set to auto, no negotiations will occur.

The switchport allowed vlan command is also valid for configuring dot1q trunks, but is not required. By default, all VLANs are allowed on the trunk.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify trunking
You must add a new switch to the existing network using VTP to maintain the VLAN databases.

Which mode should be configured on this switch so that VLANs can be separately maintained on this switch?
- None
- Client
- Server
- Transparent
Explanation:

Adding a switch configured in VTP transparent mode allows the administrator to maintain the switch VLAN configuration information and not advertise its database to other switches in the network.

A VTP transparent mode switch will receive and forward VTP advertisements. The VTP transparent mode switch will not use the contents of the advertisement to synchronize with its own VLAN database.

VTP advertisements are flooded throughout the management domain every five minutes or whenever there is a change. These advertisements originate from a switch that is in server mode and are propagated by switches that are in either client or transparent mode. Before a client or another server accepts or incorporates the information sent in the advertisement, it checks the domain name and password (if defined) against its own configuration. Next, the revision number is checked to see if it is higher than the last value stored in the receiving switch. If the revision number is higher, the receiving switch will overwrite its VLAN database with the information in the advertisement.

The VTP server mode sends or forwards VTP advertisements, synchronizes VLAN configuration information with other switches, and saves the VLAN in NVRAM.

The VTP client mode sends or forwards VTP advertisements and synchronizes VLAN configuration information with other switches. It does not save VLAN information in NVRAM. In client mode, VTP clients only can receive VLAN information from VTP servers.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify trunking
Which are valid configurable VLAN ID numbers for 802.1Q networks?
- 0-1005
- 1-4094
- 0-4095
- 1-1001
Explanation:

IEEE 802.1Q supports configuring VLAN IDs 1 through 4094.

The 802.1Q standard specifies support for a maximum of 4,094 VLANs. (IDs 0 and 4095 are reserved.) Therefore, ID values of 1-4094 are assignable. In contrast, the valid range of configurable ISL VLANs is 1-1001. The following is a summary of VLAN IDs:
- 0 and 4095: Reserved
- 1: Cisco default management
- 2-1001: Available for Ethernet VLANs
- 1002-1005: Defaults for FDDI and Token Ring VLANs
- 1006-4094: Extended range available for Ethernet VLANs (802.1Q only)
Recognizing the differences between supported VLAN ID ranges highlights several issues in constructing a network of both ISL and 802.1Q VLAN networks. Ethernet VLAN IDs above the supported ISL range must be mapped to IDs within the range supported by ISL. Among other limitations, you are limited to eight mappings. This process of mapping 802.1Q to ISL VLAN IDs will further restrict and define which IDs are available to be used.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify VLANs
What command configures a port with a voice VLAN using 802.1Q?
- ```
switch(config-if)# switchport voice vlan 10
```
- ```
switch(config-if)# switchport voice vlan 10 q
```
- ```
switch(config-if)# switchport voice vlan 10 802.1q
```
- ```
switch(config-if)# switchport voice vlan 10 dot1p
```
Explanation:

The command that configures a port with a voice VLAN using 802.1Q is switchport voice vlan 10. This configuration uses 802.1Q as a default. 802.1P is configured with the command switchport voice vlan 10 dot1p . These are the only two valid commands to configure voice VLANs on a switch port.

The following is an example of voice VLAN configuration and QoS:
```
switch(config)# mls qos
switch(config)# interface fastethernet 0/10
switch(config-if)# switchport voice vlan 100
switch(config-if)# switchport access vlan 1
switch(config-if)# switchport priority extend trust
switch(config-if)# mls qos trust cos
switch(config-if)# mls qos trust device cisco-phone
```
In this example, the mls qos command enables QoS on the switch. The interface command moves the administrator into interface configuration mode. The switchport voice vlan 100 command configures the voice VLAN to be 100 using 802.1Q. If you wanted 802.1P, the command would have been switchport voice vlan 100 dot1p .

The VLAN for data traffic is defined with the fourth command, switchport access vlan 1 . The switchport priority extend trust command instructs the port to trust the CoS of the data traffic being passed from a PC connected to the IP phone. The mls qos trust cos command tells the port to use the CoS value of traffic passed to it from the phone or PC to classify traffic. (It is included here for illustration purposes only, as this command is not necessary when using the switchport priority extend trust command since the CoS value of the PC will be trusted anyway.) The mls qos trust device cisco-phone command tells the port to trust the QoS information provided from the IP phone if it is a Cisco phone.

The other options are incorrect due to invalid syntax.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify VLANs
What commands can be used to verify the trunking configuration of a router performing inter-VLAN routing? (Choose all that apply. Each correct answer is a complete solution.)
- ```
router# show trunk
```
- ```
router# show vlans
```
- ```
router# show vtp status
```
- ```
router# show ip interface brief
```
- ```
router# show ip route
```
Explanation:

The command show vlans verifies the trunking configuration of a router performing inter-VLAN routing. This command will indicate what subinterfaces are associated with what VLANs, the trunking protocol being used, and the IP addresses that the router is using on each of the VLANs. Below is sample output of the show vlans command:

300-420 Part 05 Q06 034

The show ip route command can also be used to determine the correct configuration of inter-VLAN routing. If routing is configured correctly, there should be a route to each VLAN displayed in the output. If a route to a VLAN is missing, most likely the router is missing the command to assign an IP address to the VLAN in VLAN configuration mode. Below is output of the command on the same router as in the previous sample output, showing a route to both VLANs. If an IP address is not configured for a VLAN, a route to the VLAN will not be present.

300-420 Part 05 Q06 035

The command show trunk is not a valid command to issue on a router. Routers do not understand trunking in the same way switches do. Routers must be configured with a unique subinterface representing each VLAN, mimicking how the router normally connects different network with physical interfaces.

The command show ip interface brief is not used to verify trunking on a router. This command is useful in identifying IP addresses assigned to interfaces, and the state of the interfaces. No VLAN or trunking information is included in the output.

The command show vtp status is not a valid command on a router. The router does not use or understand VTP.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify trunking
With RSTP hello timers set to the default interval, how quickly can a non-edge port discover that its neighbor is down?
- 20 seconds
- 10 seconds
- 6 seconds
- 5 seconds
Explanation:

With Rapid Spanning Tree Protocol (RSTP) hello timers set at the default interval, a non-edge port can discover that its neighbor is down in 6 seconds. One of the advantages of RSTP over STP is quicker convergence when changes occur in the topology. After a non-edge port fails to receive three Bridge Protocol Data Units (BPDUs) from its neighbor, it will assume the neighbor to be down and will age out all information regarding the neighbor. Since hellos are sent at 2-second intervals in RSTP, it will take only 6 seconds for this to occur, as compared to 20 seconds for STP.

All other options are incorrect values for the default convergence time for RSTP.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify spanning tree
Which IOS commands are entered in interface configuration mode to configure a switch port to unconditionally be an 802.1Q trunk port and not generate DTP packets? (Choose two.)
- trunk dot1q
- switchport trunk dot1q
- switchport nonegotiate
- switchport trunk allowed vlan
- switchport trunk encapsulation dot1q
Explanation:

Entering the IOS commands switchport nonegotiate and switchport trunk encapsulation dot1q in interface configuration mode will only allow a switch port to be an 802.1Q trunk port. This disables the generation of dynamic trunking protocol (DTP) negotiation packets. Since DTP also negotiates encapsulation type, the encapsulation type must be identified (for example, dot1q).

Use the following steps to configure a port as an 802.1Q trunk:
```
1. Enter the interface configuration:
switch(config)# interface interface-id

2. Configure the port to using 802.1Q encapsulation:
switch(config-if)# switchport trunk encapsulation dot1q
```
```
3. Configure the port as a trunk port:
switch(config-if)# switchport nonegotiate
```
Note: Trunking modes can be configured as trunk, dynamic auto, dynamic desirable, nonegotiate, and access.

The switchport allowed vlan command is also valid for configuring dot1q trunks, but is not required. By default, all VLANs are allowed on the trunk.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify trunking
In the following partial output of the show run command, which MAC address or addresses will be removed from the list of secure addresses after 240 seconds

300-420 Part 05 Q09 036
- 0000.0000.aaaa
- 0000.0000.bbbb
- 0000.0000.aaaa and 0000.0000.bbbbb
- none of the MAC addresses will be removed after 240 seconds
Explanation:

The only address that will be removed or aged out of the secure MAC address list will be 0000.0000.aaaa. When port security is used on an interface, not only can you set a maximum number of MAC addresses that can use the interface, but you can also set the amount of time that an address can reside in the secure list.

When the switchport port-security command is used, you can specify whether the command applies to statically assigned MAC addresses or dynamically learned MAC addresses, called sticky addresses. In this scenario, line 6 of the output specifies that the command applies to static addresses. Since 0000.0000.aaaa is the only statically assigned MAC address (assigned in line 8 of the output), it is the only address that will age out. The amount of time is configured in terms of minutes and is done on line 5 with the switchport port-security aging time 4 command.

The MAC address 0000.0000.bbbb will not age out because it is a sticky secure address. The aging command only applies to static MAC addresses.

Objective:
Infrastructure Security
Sub-Objective:
Configure and verify switch security features
In which VTP modes can you propagate VTP advertisements and create or delete local VLANs? (Choose two.)
- User
- Server
- Client
- Private
- Transparent
Explanation:

You can propagate VTP advertisements and create or delete local VLANs on a switch when it is in server mode or transparent mode.

There are three modes in VTP: server, client, and transparent. The main differentiator among the three modes is whether a switch can create or delete VLANs. You can create local VLANs in server and transparent VTP modes. However, VLANs created on a switch in transparent mode apply only to that switch, and information about these VLANs is not promulgated throughout the VTP domain.

VTP server mode sends or forwards VTP advertisements, synchronizes VLAN configuration information with other switches, and saves the VLAN in NVRAM.

VTP transparent mode forwards VTP advertisements and saves the VLAN configuration in NVRAM. It does not synchronize VLAN configuration information. A switch in transparent mode can create, delete, and modify VLANs, but changes are not transmitted to other switches in the domain. Changes only affect the local switch.

VTP client mode sends or forwards VTP advertisements and synchronizes VLAN configuration information with other switches. It does not save VLAN information in NVRAM. In client mode, VTP clients only can receive VLAN information from VTP servers. A Catalyst switch can create, modify, and delete VLANs in server or transparent modes, but not in client mode.

VTP user mode and private mode do not exist.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify trunking
You are the network administrator in your company. You have executed the following commands on the Fa0/1 interface of a switch named swtA:

300-420 Part 05 Q11 037

Over a period of time, different hosts are connected to the Fa0/1 switch port of swtA. The MAC addresses of the hosts that were connected to the Fa0/1 port and the order in which they connected are as follows:

300-420 Part 05 Q11 038

After a few days, you notice that the Fa0/1 port is in the shutdown state.Which of the following MAC addresses causes the Fa0/1 port to shut down?
- 2222.2222.2222
- 3333.3333.3333
- 4444.4444.4444
- 5555.5555.5555
Explanation:

The MAC address 5555.5555.5555 caused the Fa0/1 port to shut down because it violates the port security enabled on the port. The switchport port-security maximum 4 command allows at most four MAC addresses or hosts to be connected to the Fa0/1 switch port. Two secure MAC addresses, 1111.1111.1111 and 3333.3333.3333, are statically configured on the Fa0/1 port by using the switchport port-security mac-address command. This implies that these two MAC addresses are allowed to be connected to the Fa0/1 port.

The switchport port-security mac-address sticky command enables sticky learning of MAC addresses on the Fa0/1 port. With sticky learning, the dynamically learned MAC addresses are stuckto the port. The first MAC address that is connected to the port becomes the sticky secure address. In this case, 1111.1111.1111 and 3333.3333.3333 MAC addresses are statically configured as secure addresses. This implies that there can be at most two sticky secure MAC addresses for Fa0/1. The hosts w

Objective:
Infrastructure Security
Sub-Objective:
Configure and verify switch security features
Refer to the following partial output of the show spanning-tree command.

300-420 Part 05 Q12 039

Which of the following statements are TRUE for the given output? (Choose all that apply.)
- SW1 is the root bridge for VLAN0001
- Fa0/2 is the root port for VLAN0001
- The switch having the 0A61.0015.4D02 bridge ID is the root bridge for VLAN0001
- The switch having the 0F2C.08A1.330E bridge ID is the root bridge for VLAN0001
- The switch connected to the Fa0/6 port of SW1 is using its root port
- The port Fa0/4 is in a blocking state for VLAN 0121
- The STP protocol in use is RSTP
Explanation:

The following statements are correct about the given output:
- Fa0/2 is the root port for VLAN001
- The switch having the 0A61.0015.4D02 bridge ID is the root bridge for VLAN0001
- The switch connected to the Fa0/6 port of SW1 is using its root port
The value in the Role column in the output for VLAN0001 is Root for the Fa0/2 port of SW1. This implies that the Fa0/2 port is a root port. A root port is the port on a non-root bridge that has the least cost to reach the root bridge. Every non-root bridge must elect a root port. A root bridge does not have any root ports.

The output for VLAN0121 specifies Desg in the Role column for the Fa0/6 port of SW1. This implies that the Fa0/6 port is a designated port. This means that the switch on the other end is using its root port.

The switch having the 0A61.0015.4D02 bridge ID is the root bridge for VLAN0001. For VLAN0001, the bridge ID of the root and the local switch are different. The bridge ID of the local switch (SW1) is 0F2C.08A1.330E, while the bridge ID of the root bridge is 0A61.0015.4D02. The text Port 1 (FastEthernet0/2) in the Root ID section for VLAN0001 in the output indicates that the root bridge is connected to the Fa0/2 port of the local switch.

The options stating that SW1 is the root bridge for VLAN0001 and that the switch having the 0F2C.08A1.330E bridge ID is the root bridge for VLAN0001 are incorrect. The Bridge ID section in the output for VLAN0001 and VLAN0121 specifies the bridge ID of the local switch. In this case, the bridge ID of the local switch (SW1) is 0F2C.08A1.330E. SW1 is not the root bridge for VLAN001; however, SW1 is the root bridge for VLAN0121.

You can determine if a local switch is the root bridge by any of the following:
- The text This bridge is the root appears in the Root ID section of the output for VLAN0121.
- The bridge IDs in the Root ID and Bridge ID sections of the output are the same.
- All the ports of the local switch are Desg (designated) ports and in forwarding state.
The port Fa0/4 is NOT in a blocking state for VLAN 0121. As indicated in the STS column for Fa0/4 under the section on VLAN 0121, it states that is in an a FWD (forwarding) state.

The STP protocol in use is NOT Rapid Spanning Tree protocol (RSTP). If that were the case, the output would display Spanning tree enabled protocol rstp, rather than Spanning tree enabled protocol ieee. This indicates that IEEE 802.1d is in use.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify spanning tree
What is the approximate amount of time it takes for a PortFast-enabled port to transition from blocking to forwarding?
- Immediately
- 15 seconds
- 20 seconds
- 30 seconds
- 50 seconds
Explanation:

Instead of waiting for STP to cycle through the blocking, learning, and listening states, PortFast will place the port in the forwarding state immediately.

When PortFast is enabled on a port, the attached end station can join the network almost immediately rather than waiting up to 50 seconds for spanning tree to converge. This feature is designed to enable the connections to workstations and servers to be put into the forwarding state as soon as possible after a spanning-tree reconvergence.

Bypassing the listening and learning states creates an exposure for spanning-tree loops. The default behavior of a PortFast-enabled port is to put the port immediately into a blocking state if a BPDU is received.

The following command enables PortFast:
```
switch(config-if)# spanning-tree portfast
```
You should only enable PortFast on a port that connects an end station. Enabling PortFast on a port that connects another switch could create a loop.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify spanning tree
By default, which VLAN is the Cisco management VLAN?
- 1
- 0
- 1001
- 1005
Explanation:

Cisco uses VLAN1 as the default management VLAN.

All ports are automatically assigned to VLAN1. Cisco Discovery Protocol (CDP) and VLAN Trunking Protocol (VTP) advertisements are transmitted on VLAN1. VLAN1 is the management VLAN and is used for administration. It cannot be deleted or pruned from a trunk line.

VLAN Ids that are implemented can vary based on whether the trunk implementation is Cisco’s Inter-Switch Link (ISL) or the IEEE 802.1Q standard.

The following is a summary of the VLAN IDs:
0 and 4095 – Reserved
1 – Cisco default management
2-1001 – Available for Ethernet VLANs
1002-1005 – Defaults for FDDI and Token Ring VLANs
1006-4094 – Extended range available for Ethernet VLANs (802.1Q only)

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify VLANs
Refer to the following network diagram:

300-420 Part 05 Q15 040

You executed the following commands on the swtA switch:

300-420 Part 05 Q15 041

You executed the following commands on the rtrA switch:

300-420 Part 05 Q15 042

Which of the following VLANs do(es) NOT participate in inter-VLAN routing through the rtrA router?
- VLAN 11 only
- VLAN 22 only
- VLAN 33 only
- VLAN 11 and VLAN 22
- VLAN 22 and VLAN 33
- VLAN 33 and VLAN 11
Explanation:

VLAN 22 is the only VLAN that does not participate in inter-VLAN routing through the rtrA router. The given network diagram and the commands reflect a router-on-a-stick (RoaS) configuration. In a RoaS configuration, inter-VLAN routing is achieved in two steps.

The first step sets up the switch:
- Configure the switch
- Configure the required VLANs
- Configure the switch port connecting to the router interface as a trunk port
- Enable dot1q or ISL encapsulation on the trunk port
- Configure the switch ports connecting to the VLANs as access ports
- Assign the access switch ports to respective VLANs
The second step sets up the router:
- Configure the router
- Enable the router interface connected to the trunk switch port
- Create separate subinterfaces on the trunk router interface for each VLAN
- Enable dot1q or ISL encapsulation on the subinterfaces
- Assign IP addresses to each subinterface in the same subnet as the VLAN of which the interface will be a member. Consequently, this address will become the default gateway for each host in that VLAN.
In the scenario, the subinterface created for VLAN 22 is not configured for inter-VLAN routing because the encapsulation command is missing. Without this command, the encapsulation type and the VLAN ID remain

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify trunking
Which of the following capabilities does a multilayer switch possess that an Access layer switch does not? (Choose all that apply.)
- the ability to make forwarding decisions based on MAC addresses
- the ability to make forwarding decisions based on host names
- the ability to make forwarding decisions based on IP addresses
- the ability to make forwarding decisions based on UDP/TCP port numbers
- the ability to make forwarding decisions based on NetBIOS names
Explanation:

Multilayer switches are capable of making forwarding decisions based on IP addresses and UDP/TCP port numbers, while Access layer switches are not. The term multilayer describes the ability of the multilayer switch to utilize information that exists on more than one layer of the TCP model for forwarding decisions. This device combines the functionality of a switch and a router. Additionally, it possesses the ability to do something that neither a switch or router alone: perform Fast Switching, a process whereby the device can route the first packet in a traffic flow and then use hardware switching for the remaining packets in the flow. This process of routing once, switching many, results in less routing (a slower process) and more switching (a faster process), with a net result of speeding traffic flow.

Multilayer switches usually operate in the Distribution and Core layers of the Cisco Enterprise Composite model. There are important considerations for each layer:
- Access layer – This is the layer where end-user stations should connect. It consists of Access layer or Layer 2 switches. VLANs, QoS, and protocol filtering operate at this layer.
- Distribution layer – This is the layer where routing is performed and where access lists are enforced. Devices in this layer operate in Layer 3 of the OSI model.
- Core layer – High-speed backbone switches exist on this layer. It should be designed with a low number of Layer 3 peers, switches that can efficiently forward traffic even when every uplink is at 100% capacity and the switches should have many high-speed ports.
When migrating to the Cisco Enterprise Composite model from earlier models, keep the following practices in mind:
- Add redundancy between the hierarchical layers
- Identify groups of end users as switch blocks
- Group common resources into switch blocks
Multilayer switches are also capable of making forwarding decisions based on MAC addresses, but access layer switches can do this as well.

Neither multilayer switches nor Access layer switches can make forwarding decisions based on host names or NetBIOS names. This function is performed by Domain Name Servers (DNS) and Windows Internet Naming (WINS), servers respectively.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify switch administration
When provisioning bandwidth for an IP telephony network, which elements are unique to an IP telephony call? (Choose two.)
- voice stream
- IGMP packets
- call-control signaling
- routing protocol packets
- speed of the segment to the telephone
Explanation:

Bandwidth provisioning for an IP telephony call consists of the voice stream traffic and the call control traffic. These elements are unique to an IP telephony call.

The network infrastructure should be examined to see if the required bandwidth exists to support the voice and call-control applications. The sum of the bandwidth necessary for each major application, including voice, video, and data, should not exceed 75% of the total available bandwidth for each link. Voice traffic can be characterized as:
- Smooth
- Benign
- Drop sensitive
- Delay sensitive
Voice packets are typically around 60 to 120 bytes in size. For good voice quality, packet loss should be less than 1 percent and delay should be no more than 150 ms.

The IP telephony voice call-control procedures also generate traffic. The call control procedures are in the areas of call setup, maintenance, redirect, and tear down. There are special protocols such as H.323 and Media Gateway Control Protocol (MGCP) that handle these procedures.

Voice applications are delay-sensitive. Speech is sampled by voice processors referred to as a codec (coder/decoder). Then the digitized voice-sample outputs of the codecs are sent into the network towards the receiver at regular intervals in real-time transport protocol (RTP) packets. If these packets containing the voice samples are delayed for any reason behind other data traffic, the quality of the voice conversation suffers.

The transportation of these voice applications in RTP packets through the IP network handled by H.323 protocols and devices is referred to as Voice over IP (or VoIP for short).

The following are other network and design considerations besides bandwidth relating to IP telephony infrastructure support:
- Determine if the cabling plant can support the IP telephony equipment.
- Determine if the switch hardware can supply power to attached IP telephony equipment or if additional hardware is required.
- Ensure that infrastructure supports priority end-to-end VLANs and QoS networking.
Internet Group Management Protocol (IGMP) is used for managing the membership of IP multicast groups and is not an element unique to an IP telephony call.

Routing protocol packets (RIP, OSPF, and EIGRP) are used by routers to share routing information, and are not elements unique to an IP telephony call.

The speed of the segment to the telephone is important to VoIP, but that is not an element unique to an IP telephony call.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify VLANs
What occurs when an untagged frame is received by an 802.1Q trunk port?
- It discards the frame.
- It tags the frame with the identified native VLAN value.
- It forwards the frame out each port of the switch not assigned to a VLAN.
- It forwards the frame to a port belonging to the same VLAN as the native VLAN.
Explanation:

IEEE 802.1Q supports configuring native VLANs. A native VLAN is the VLAN a port is in when not in trunking mode. Native VLAN packets are sent untagged. If an 802.1Q trunk receives an untagged frame, it will forward that frame to a port that belongs to the same VLAN as the identified native VLAN. The frame is treated as if it were tagged with the same VLAN ID as the native VLAN. Frames received through ports having the same membership as the identified native VLAN of the trunk will be forwarded untagged out of the trunk.

It is important that the native VLAN settings on each end of an 802.1Q trunk match.

The 802.1Q standard specifies support for a maximum 4094 VLANs (IDs 0 and 4095 are reserved). Therefore, ID values of 1-4094 are assignable. In contrast, the valid range of configurable ISL VLANs is 1-1001. The following is a summary of VLAN IDs:
- 0 and 4095: Reserved
- 1: Cisco default management
- 2-1001: Available for Ethernet VLANs
- 1002-1005: Defaults for FDDI and Token Ring VLANs
- 1006-4094: Extended range available for Ethernet VLANs (802.1Q only)
Recognizing the difference in supported VLAN ID ranges highlights several issues in constructing a network of both ISL and 802.1Q VLAN networks. Ethernet VLAN IDs above the supported ISL range must be mapped to IDs within the range supported by ISL. Among other limitations, you are limited to eight total mappings. This process of mapping 802.1Q to ISL VLAN IDs will further restrict and define what IDs are actually available to be used.

Untagged frames are not discarded, but are sent to the native VLAN.

Untagged frames are not tagged with the tag of the native VLAN. They are simply forwarded to that VLAN. No packets in the native VLAN have tags.

Untagged frames are not forwarded out all ports not assigned to a VLAN. It will only be forwarded to the switchport where the destination MAC address resides.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify trunking
You have three switches connected as shown in the diagram below: S1, S2, and S3.

300-420 Part 05 Q19 043

You instructed your assistant to configure the switches so that the following requirements would be met:

Switch 1 should be the root bridge for VLAN A

VLAN C should forward over the Gig 1/0/1 link between Switch 2 and Switch 3

VLAN B should forward over the Gig 1/0/2 link between Switch 2 and Switch 3However, after your assistant performs the configuration, you discover that:

Switch 2 is the root bridge for VLAN A

VLAN C is forwarding over the Gig 1/0/2 link between Switch 2 and Switch 3

VLAN B is forwarding over the Gig 1/0/1 link between Switch 2 and Switch 3When you execute the show spanning tree command on Switch 2, you determine that all link costs and priorities are set at the defaults.Which of the following actions performed on Switch 2 would enable the desired configuration? (Choose three. Each correct answer is part of one solution.)
- ```
 switch2(config)# spanning-tree vlan a priority 61440
```
- ```
switch2(config)# spanning-tree vlan a priority 1
```
- ```
switch2(config)# int G1/0/2switch2(config-if)# spanning-tree vlan b cost 1
```
- ```
switch2(config)# int G1/0/2switch2(config-if)# spanning-tree vlan b cost 19
```
- ```
switch2(config)# int G1/0/1switch2(config-if)# spanning-tree vlan c port-priority 64
```
- ```
switch2(config)# int G1/0/1switch2(config-if)# spanning-tree vlan c port-priority 128
```
Explanation:

The commands that will achieve the desired results are:
```
switch2(config)# spanning-tree vlan a priority 61440
switch2(config)# interface G1/0/2
switch2(config-if)# spanning-tree vlan b cost 1
switch2(config)# interface G1/0/1
switch2(config-if)# spanning-tree vlan c port-priority 64
```
The first command raises the bridge priority for Switch 2 with respect to VLAN A, which will cause Switch 1 to be the root bridge for VLAN A. By default, the bridge priorities for Switch 2 and Switch 3 will set to 32769.

The second command will lower the cost of G1/0/2 with respect to VLAN B. Since the cost for G1/0/1 is the default cost of 4, this will cause interface G1/0/2 to become the root port for VLAN B, which will in turn cause it to forward instead of block for VLAN B.

The third command will lower the port priority for G1/0/1 with respect to VLAN C. Since the port priority of G1/0/2 will remain set at the default of 128, this will result in switching the ports that are blocking and forwarding. The end result will be that VLAN C will start forwarding over the Gig 1/0/1 link between Switch 2 and Switch 3.

The other commands will have no effect because they change the cost and port priority to the defaults, which are how the links are currently set.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify spanning tree
You have executed the following set of commands on a Layer 3 switch:

300-420 Part 05 Q20 044

You have verified that the configuration on all the physical and logical interfaces is correct. All the Layer 2 interfaces configured on the switch are in the up/up state.What is the state of the VLAN and the line protocol when you execute the show interfaces vlan 5 command?
- administratively down/down
- down/down
- up/up
- up/down
Explanation:

The VLAN and the line protocol are in the up/up state when you execute the show interfaces vlan 5 command. You can view the state of the VLAN and the line protocol using the show interfaces vlan command, which is as follows:
```
switchA# show interfaces vlan 5
Vlan5 is up, line protocol is up
Hardware is Ethernet SVI, address is 031B.70A2.166F (bia 031B.70A2.166F)
Internet address is 10.33.3.1/24
<output omitted>
```
As you can see in the given output, the text Vlan5 is up, line protocol is up indicates that VLAN 5 and the Layer 2 line protocol both are in the up state. Both the VLAN and line protocol are in the up/up state if the following conditions are true:

The VLAN is configured on the switch and is enabled in the VLAN database

The VLAN is not in the administratively down state

The VLAN has at least one Layer 2 (access or trunk) port in the up state

The VLAN and the line protocol will not be in the administratively down/down state. An interface is in the administratively down state only when the shutdown command is used on that interface. In this case, the no shutdown command is used on the VLAN 5 interface, not the shutdown command. The no shutdown command enables the VLAN 5 interface.

The VLAN and the line protocol will not be in the down/down state. An interface is the down state when there is some Layer 1, Layer 2, or Layer 3 problem such as incorrect cabling used or an incorrect IP address assigned. Interfaces can also be in the down state if the either of the interfaces at the end of a link is in down state due to erroneous configuration. However, in this case, the configuration is correct and the VLAN 5 is in the up state because of the no shutdown command.

The VLAN and the line protocol will not in the up/down state. An interface is the down state when there are some Layer 1, Layer 2, or Layer 3 problems such as incorrect cabling used or an incorrect IP address assigned. In Layer 3 switches, line protocol will be in the down state if all of the Layer 2 ports in the VLAN are in the down state. In this case, the configuration is correct and all the ports in VLAN 5 are in the up state. This implies that that the line protocol cannot be in the down state.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify VLANs

300-420 : All Parts

300-420 : Designing Cisco Enterprise Networks (ENSLD) : All Parts
300-420 Part 01	300-420 Part 05
300-420 Part 02	300-420 Part 06
300-420 Part 03	300-420 Part 07
300-420 Part 04

300-420 : Designing Cisco Enterprise Networks (ENSLD) : Part 05

Which VTP mode and version should be configured on a switch so that its VLAN database can be separately maintained while it forwards all VTP advertisements it receives?

Which IOS interface configuration commands are required to configure a switch port to actively negotiate to be an 802.1Q trunk port that, when active, will send packets destined for VLAN 3 untagged? (Choose three.)

You must add a new switch to the existing network using VTP to maintain the VLAN databases.

Which mode should be configured on this switch so that VLANs can be separately maintained on this switch?

Which are valid configurable VLAN ID numbers for 802.1Q networks?

What command configures a port with a voice VLAN using 802.1Q?

What commands can be used to verify the trunking configuration of a router performing inter-VLAN routing? (Choose all that apply. Each correct answer is a complete solution.)

With RSTP hello timers set to the default interval, how quickly can a non-edge port discover that its neighbor is down?

Which IOS commands are entered in interface configuration mode to configure a switch port to unconditionally be an 802.1Q trunk port and not generate DTP packets? (Choose two.)

In the following partial output of the show run command, which MAC address or addresses will be removed from the list of secure addresses after 240 seconds

In which VTP modes can you propagate VTP advertisements and create or delete local VLANs? (Choose two.)

You are the network administrator in your company. You have executed the following commands on the Fa0/1 interface of a switch named swtA:

Over a period of time, different hosts are connected to the Fa0/1 switch port of swtA. The MAC addresses of the hosts that were connected to the Fa0/1 port and the order in which they connected are as follows:

After a few days, you notice that the Fa0/1 port is in the shutdown state.Which of the following MAC addresses causes the Fa0/1 port to shut down?

Refer to the following partial output of the show spanning-tree command.

Which of the following statements are TRUE for the given output? (Choose all that apply.)

What is the approximate amount of time it takes for a PortFast-enabled port to transition from blocking to forwarding?

By default, which VLAN is the Cisco management VLAN?

Refer to the following network diagram:

You executed the following commands on the swtA switch:

You executed the following commands on the rtrA switch:

Which of the following VLANs do(es) NOT participate in inter-VLAN routing through the rtrA router?

Which of the following capabilities does a multilayer switch possess that an Access layer switch does not? (Choose all that apply.)

When provisioning bandwidth for an IP telephony network, which elements are unique to an IP telephony call? (Choose two.)

What occurs when an untagged frame is received by an 802.1Q trunk port?

You have three switches connected as shown in the diagram below: S1, S2, and S3.

You instructed your assistant to configure the switches so that the following requirements would be met:

Switch 1 should be the root bridge for VLAN A

VLAN C should forward over the Gig 1/0/1 link between Switch 2 and Switch 3

VLAN B should forward over the Gig 1/0/2 link between Switch 2 and Switch 3However, after your assistant performs the configuration, you discover that:

Switch 2 is the root bridge for VLAN A

VLAN C is forwarding over the Gig 1/0/2 link between Switch 2 and Switch 3

You have executed the following set of commands on a Layer 3 switch:

You have verified that the configuration on all the physical and logical interfaces is correct. All the Layer 2 interfaces configured on the switch are in the up/up state.What is the state of the VLAN and the line protocol when you execute the show interfaces vlan 5 command?