My Networking Guru: 2012

Tuesday 15 May 2012

Subnet Zero

IP subnet zero questions seem to pop up on various network discussion groups every few days. Some people are not clear about what it is and how it will affect them in interviews and exams.

What is Subnet Zero?

When you are calculating subnet masks the result of your calculations generates various subnets. Each subnet starts with a number so if you use the example in easy way to subnet you will see that your subnet addresses are:

192.168.1.0
192.168.1.64
192.168.1.128
192.168.1.192

Subnet zero is the subnet which has all binary 0′s in the address. So for the number 192.168.1.0 you have in the last octet eight zeros for the subnet number or 00000000. The last octet has all 1′s in the subnet part. Please re-read the easy way to subnet section again but remember that we are stealing three bits from the last octet to make a subnet. If you write out the address 192 for the last subnet above you would see that the first two bits of the last octet are binary 1′s or 11000000.

The same actually goes for the first subnet. I know I said that there were eight binary 0′s in it but only the first three count for the subnet, the last five are for the hosts on that subnet. If subnet zero is not allowed you will always lose two subnets so in the below example if your subnet mask is 255.255.255.224:

192.168.1.0 - You can’t use this subnet as it is all 0′s in the subnet
192.168.1.64
192.168.1.128
192.168.1.192 - You can’t use this subnet as it is all 1′s in the subnet

If you can use subnet zero you get this:
192.168.1.0 – You can use this subnet
192.168.1.64 – You can use this subnet
192.168.1.128 – You can use this subnet
192.168.1.192 – You can use this subnet

Sunday 6 May 2012

CCNP - SWITCH

CCNP - ROUTE

CCNA Exam Certification

Refer to Exhibit.

The networks connected to router R2 have been summarized as a 192.168.176.0/21 route and sent to R1, Which two packet destination addresses will R1 forward to R2? (Choose Two)

A. 192.168.194.160

B. 192.168.183.41

C. 192.168.159.2

D. 192.168.183.255

E. 192.168.179.4

F. 192.168.184.45

Convert 192.168.176.0 into Binary. Remember each octet has 8 bits.

192=

128 64 32 16 8 4 2 1

1 1 0 0 0 0 0 0

168=

128 64 32 16 8 4 2 1

1 0 1 0 1 0 0 0

176=

128 64 32 16 8 4 2 1

1 0 1 1 0 0 0 0

So the Binary break down of 192.168.176.0 is:

11000000.10101000.10110000.00000000

Then you need to break the /21 into a subnet then into Binary.

The Math - /21

Class C Subnet - 254 hosts - 255.255.255.0 /24

To figure out the /21 you know 255.255.255.0 is a /24 then you need to subtract 3 bits.

128 + 64 + 32 + 16 + 8 + 4 2 1

| | | | |

128 + 64 + 32 + 16 + 8 = 248

255.255.248.0 would then be a /21

Now break it into Binary

255.255.248.0 = 11111111.11111111.11111000

Now do the math between the IP and Subnet.

11000000.10101000.10110000.00000000 - IP

11111111.11111111.11111000.00000000 - Subnet

11000000.10101000.10110111.11111111 - Answer

Turn it back into Decimal format:

192.168.183.255

So the answer is anything between 192.168.176.0 - 192.168.183.255 would be the answer.

B. 192.168.183.41

E. 192.168.179.4

Remember .255 would be your broadcast address so D. would not be right.

==================================================================

Switch ports operating in which two roles will forward traffic according to the IEEE 802.1w standard? (Choose two.)

A. alternate

B. backup

C. designated

D. disabled

E. root

Answer: CE

Root Port: The SwitchPort on each switch that has best root path cost to the root.

Designated Port: The switch port on the network segment which has best root path cost to the root.

Alternate Port: Which has the best alternate path to the Root Bridge other than the path that Root Port takes.This path is less desirable than path of Root Port.

Backup Port: Is rudundent path to a Network Segment where the switch port is connected.

Disabled: The Port is Disabled for the traffic to pass through it.

==================================================================

Refer to the exhibit. Which three statements correctly describe Network Device A? (Choose three.)

A. With a network wide mask of 255.255.255.128, each interface does not require an IP address.

B. With a network wide mask of 255.255.255.128, each interface does require an IP address on a unique IP subnet.

C. With a network wide mask of 255.255.255.0, must be a Layer 2 device for the PCs to communicate with each other.

D. With a network wide mask of 255.255.255.0, must be a Layer 3 device for the PCs to communicate with each other.

E. With a network wide mask of 255.255.254.0, each interface does not require an IP address.

Answer: BDE

Explanation:

If Subnet Mask is 255.255.255.128 the hosts vary from x.x.x.0 - x.x.x.127 & x.x.x.128- x.x.x.255,so the IP Addresses of 2 hosts fall in different subnets so each interface needs an IP an address so that they can communicate each other.

If Subnet Mask is 255.255.255.0 the 2 specified hosts fall in differnt subnets so they need a Layer 3 device to commicate.

If Subnet Mask is 255.255.254.0 the 2 specfied hosts are in same subnet so are in network address and can be accomidated in same Layer 2 domain and can communicate with each other directly using the Layer 2 adddress.

==================================================================

Refer to the exhibit. Which three statements are true about how router JAX will choose a path to the 10.1.3.0/24 network when different routing protocols are configured? (Choose three.)

A. By default, if RIPv2 is the routing protocol, only the path JAX-ORL will be installed into the routing table.

B. The equal cost paths JAX-CHI-ORL and JAX- NY-ORL will be installed in the routing table if RIPv2 is the routing protocol.

C. When EIGRP is the routing protocol, only the path JAX-ORL will be installed in the routing table by default.

D. When EIGRP is the routing protocol, the equal cost paths JAX-CHI-ORL, and JAX-NY-ORL will be installed in the routing table by default.

E. With EIGRP and OSPF both running on the network with their default configurations, the EIGRP paths will be installed in the routing table.

F. The OSPF paths will be installed in the routing table, if EIGRP and OSPF are both running on the network with their default configurations.

Answer: ADE

Explanation:

Only RIP protocol used Path selection is done by using HOP count as the metric,path with least HOP's will be taken as best path so option A.

Only EIGRP protocol used,EIGRP selects the best using a combinations of 5 metrics Bandwidth,Delay,Reliability,Load & MTU.If Metric is the same Load Balancing occurs

between the paths,Option D where 2 equal cost paths are taken.

If there are Mulitple Routing protocols used the Route with the Best AD is installed to the routing table.

OSPF and EIGRP are the 2 Routing protocols used and both have Route to a network then EIGRP path will be chosen to OSPF since lower AD. So Option E.

==================================================================

Which three statements are typical characteristics of VLAN arrangements? (Choose three.)

A. A new switch has no VLANs configured.

B. Connectivity between VLANs requires a Layer 3 device.

C. VLANs typically decrease the number of collision domains.

D. Each VLAN uses a separate address space.

E. A switch maintains a separate bridging table for each VLAN.

F. VLANs cannot span multiple switches.

Answer: BDE

Explanation:

VLAN are physical boundaries in logical way,every VLAN has its own subnet.To communicate between these subnets it has to go through a Layer3 device. An each VLAN acts as a seperate network has its own brodcast domain.So it maiantains its own bridging or MAC Address table.A frame in a VLAN stays in that VLAN,to go into differnet VLAN has to go through a Layer 3 device.

==================================================================

A network administrator changes the configuration register to 0x2142 and reboots the router. What are two results of making this change? (Choose two.)

A. The IOS image will be ignored.

B. The router will prompt to enter initial configuration mode.

C. The router will boot to ROM.

D. Any configuration entries in NVRAM will be ignored.

E. The configuration in flash memory will be booted.

Answer: BD

Explanation:

The command to set the Configuration Register to 0x2142 is done in Global Configuration mode,It is done to ignore current startup sonfiguration and initally after reload the router will ask for initial configuration,

# show version command can be used to see the confreg set to.

router(config)#config-register 0x2142

==================================================================

Refer to the exhibit. Assume that the routing protocol referenced in each choice below is configured with its default settings and the given routing protocol is running on all the routers. Which two conditional statements accurately state the path that will be chosen between networks 10.1.0.0 and 10.3.2.0 for the routing protocol mentioned? (Choose two.)

A. If OSPF is the routing protocol, the path will be from R1 to R3 to R4 to R5.

B. If OSPF is the routing protocol, the path will be from R1 to R2 to R5.

C. If OSPF is the routing protocol, the path will be from R1 to R5.

D. If RIPv2 is the routing protocol, the path will be from R1 to R3 to R4 to R5.

E. If RIPv2 is the routing protocol, the path will be from R1 to R5.

Answer: AE

Explanation:

OSPF metric for path selection is 100Mbps/(Bandwidth Of the Link) according to this rule lowst cost path is chosen

Option A: R1 to R3 to R4 to R5 = 100Mb/10 Base T + 100Mb/100 Base t + 100Mb/100 Base t

= 10+1+1 =12

Option B: R1 to R2 to R5 = 100Mb/T1 + 100 Mb/T1 =64.766 + 64.766 = 129.532

Option C: R1 to R5 = 100Mb/64k =1562

RIP will choose path with least HOP's so OPTION E

==================================================================

Which two values are used by Spanning Tree Protocol to elect a root bridge? (Choose two.)

A. amount of RAM

B. bridge priority

C. IOS version

D. IP address

E. MAC address

F. speed of the links

Answer: BE

Explanation:

ROOT Bridge in STP is like the reference point to that network. A ROOT bridge is elected using Bridge Priority and MAC Address. Generally Priority of switches is the default for all i.e. 32768.So the switch with Lowest MAC Address becomes Root Bridge of that network.

==================================================================

Refer to the exhibit. A network associate needs to configure the switches and router in the graphic so that the hosts in VLAN3 and VLAN4 can communicate with the enterprise server in VLAN2. Which two Ethernet segments would need to be configured as trunk links? (Choose two.)

A. A

B. B

C. C

D. D

E. E

F. F

Answer: CF

Explanation:

Trunk links carry traffic of all VLAN's,Since paths C & F carry traffic of VLAN's 2,3,4. They should be configured with trunk so that the traffic of all 3 VLAN's can run through it.

==================================================================

What are two advantages of Layer 2 Ethernet switches over hubs? (Choose two.)

A. decreasing the number of collision domains

B. filtering frames based on MAC addresses

C. allowing simultaneous frame transmissions

D. increasing the size of broadcast domains

E. increasing the maximum length of UTP cabling between devices

Answer: BC

Explanation:

Hubs are layer 1 devices which flood out Traffic received on 1 port to all the ports on the Hub. Switches are uses ASIC hardware using which they learn the Source Mac-address of a frame and build MAC-Address Table using which frames are forwarded to destinations based on Mac-Addresses. So by this there are no collision domains. Since there are different collisions domains for each port simultaneous frame transmissions can occur.

==================================================================

Which two statements are true about the command ip route 172.16.3.0 255.255.255.0 192.168.2.4? (Choose two.)

A. It establishes a static route to the 172.16.3.0 network.

B. It establishes a static route to the 192.168.2.0 network.

C. It configures the router to send any traffic for an unknown destination to the 172.16.3.0 network.

D. It configures the router to send any traffic for an unknown destination out the interface with the address 192.168.2.4.

E. It uses the default administrative distance.

F. It is a route that would be used last if other routes to the same destination exist.

Answer: AE

Explanation:

The IP Route command is used to write a static route to a specfied network via specified exit gateway or Interface,

ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [dhcp] [distance] [name next-hop-name]

[permanent | track number] [tag tag]

The question tells us that traffic to 172.16.3.0/24 network goes out through 192.168.2.4.

Since there is no administrative distance specified in the ip route command,the administrative distance is default.

==================================================================

What are two benefits of using VTP in a switching environment? (Choose two.)

A. It allows switches to read frame tags.

B. It allows ports to be assigned to VLANs automatically.

C. It maintains VLAN consistency across a switched network.

D. It allows frames from multiple VLANs to use a single interface.

E. It allows VLAN information to be automatically propagated throughout the switching environment.

Answer: CE

Explanation:

VTP protocol has 3 modes Server,CLient & Transperent.There is only 1 server and all other switches in that environment are

Clients.Only server can create,modily and delete VLAN's so in VTP environment VLAN's are consistent across the network.The changes made on the Server are automatically propogated to all the clients through the TRUNK links established between the switches.

==================================================================

A company is installing IP phones. The phones and office computers connect to the same device. To ensure maximum throughput for the phone data, the company needs to make sure that the phone traffic is on a different network from that of the office computer data traffic. What is the best network device to which to directly connect the phones and computers, and what technology should be implemented on this device?

(Choose two.)

A. hub

B. router

C. switch

D. STP

E. subinterfaces

F. VLAN

Answer: CF

Explanation:

Data and Voice need to be kept in seperate boundaries since normal data traffic is heavy and can crush Phone traffic which is real time so we need to introduce configuration and devices which support that like VLAN and SWITCH.

Which can segregate traffic without broadcasts or collisons? Cisco switches have Voice Vlans for this service.

==================================================================

Refer to the exhibit. The router has been configured with these commands:

hostname Gateway

interface FastEthernet 0/0

ip address 198.133.219.14 255.255.255.248

no shutdown

interface FastEthernet 0/1

ip address 192.168.10.254 255.255.255.0

no shutdown

interface Serial 0/0

ip address 64.100.0.2 255.255.255.252

no shutdown

ip route 0.0.0.0 0.0.0.0 64.100.0.1

What are the two results of this configuration? (Choose two.)

A. The default route should have a next hop address of 64.100.0.3.

B. Hosts on the LAN that is connected to FastEthernet 0/1 are using public IP addressing.

C. The address of the subnet segment with the WWW server will support seven more servers.

D. The addressing scheme allows users on the Internet to access the WWW server.

E. Hosts on the LAN that is connected to FastEthernet 0/1 will not be able to access the Internet without address translation.

Answer: DE

Explanation:

Default route ponts to Next hop router 64.100.0.1 which connects the local network to the internet, since 198.133.219.14 is the interface address on router to which Web server is connected and no access list is blocking users to be access the web server. Since private IP's are not routeble on public internet they should be natted to access the Internet

==================================================================

Refer to the exhibit. Both switches are using a default configuration. Which two destination addresses will host 4 uses to send data to host 1? (Choose two.)

A. the IP address of host 1

B. the IP address of host 4

C. the MAC address of host 1

D. the MAC address of host 4

E. the MAC address of the Fa0/0 interface of the R1 router

F. the MAC address of the Fa0/1 interface of the R1 router

Answer: AF

Explanation:

Option A: since it won’t send the data to its own IP Address, for the data to be sent to remote place Destination IP Address should be places in the header and Mac address of next layer 2 device needs to be the destination mac address. The layer 3 address show the directions for Layer 2 address to make the route to destination.

What are two reasons a network administrator would use CDP? (Choose two.)

A. to verify the type of cable interconnecting two devices

B. to determine the status of network services on a remote device

C. to obtain VLAN information from directly connected switches

D. to verify Layer 2 connectivity between two devices when Layer 3 fails

E. to obtain the IP address of a connected device in order to telnet to the device

F. to determine the status of the routing protocols between directly connected routers

Answer: DE

Explanation: CDP

CDP announcements are sent every 60 seconds on interfaces that support Subnetwork Access Protocol (SNAP) headers, including Ethernet, Frame Relay and Asynchronous Transfer Mode (ATM).CDP works at layer 2 and all these adverts consist of infomation about all connected devices on the network like IP address,operating system etc.

==================================================================

Which two locations can be configured as a source for the IOS image in the boot system command? (Choose two.)

A. RAM

B. NVRAM

C. flash memory

D. HTTP server

E. TFTP server

F. Telnet server

Answer: CE

Explanation:

Flash memory is storage on the Router where IOS can be dumped for the image to be loaded on to the router. TFTP Server uses UDP protocol and large enough to be configured as the source for IOS on the network generally used for upgrades. RAM is volatile, NVRAM is very small, HTTP server cannot share files & TELNET server is too slow.

==================================================================

A network administrator is explaining VTP configuration to a new technician. What should the network

administrator tell the new technician about VTP configuration? (Choose three.)

A. A switch in the VTP client mode cannot update its local VLAN database.

B. A trunk link must be configured between the switches to forward VTP updates.

C. A switch in the VTP server mode can update a switch in the VTP transparent mode.

D. A switch in the VTP transparent mode will forward updates that it receives to other switches.

E. A switch in the VTP server mode only updates switches in the VTP client mode that have a higher VTP revision number.

F. A switch in the VTP server mode will update switches in the VTP client mode regardless of the configured VTP domain membership.

Answer: ABD

Explanation:

Switches configured with VTP may be in 3 modes.Client,Server & Transperent.Client does not save updates recieved in its VLAN database or in NVRAM,since client does not create,modify or delete VLAN's it only uses them.If VTP updates are to be forwarded between switches the link has to be configured as Trunk since only the trunk link carries information about the VLAN's. A switch in transparent mode will not change its Database or use information from other switches but will send information to other switches.

==================================================================

Refer to the exhibit. Which two statements are true about the loopback address that is configured on RouterB? (Choose two.)

A. It ensures that data will be forwarded by RouterB.

B. It provides stability for the OSPF process on RouterB.

C. It specifies that the router ID for RouterB should be 10.0.0.1.

D. It decreases the metric for routes that are advertised from RouterB.

E. It indicates that RouterB should be elected the DR for the LAN.

Answer: BC

Explanation:

Loopback address gives stability to OSPF process on RouterB as compared to physical interface address as LOOPBACK interface never goes down which is not same with physical interface. In OSPF Router ID is the Highest IP address on that Router or Loopback address or Manually Hard-Coded. Since RouterB has loopback address as 10.0.0.1 and no manual Router ID, Loopback is the Router ID.

==================================================================

Refer to the exhibit. Which two statements are true about interVLAN routing in the topology that is shown in the exhibit? (Choose two.)

A. Host E and host F use the same IP gateway address.

B. Router1 and Switch2 should be connected via a crossover cable.

C. Router1 will not play a role in communications between host A and host D.

D. The FastEthernet 0/0 interface on Router1 must be configured with subinterfaces.

E. Router1 needs more LAN interfaces to accommodate the VLANs that are shown in the exhibit.

F. The FastEthernet 0/0 interface on Router1 and Switch2 trunk ports must be configured using the same encapsulation type.

Answer: DF

Explanation:

The router has switch connected to VLAN1 and VLAN 2, since different VLAN's have different IP subnets which need to be connected to different interfaces. In this exhibit different Physical Interfaces are not possible so Sub-Interfaces are to be configured. Since Router1 and Switch2 are connected through Trunk the encapsulation has to be same on the both ends to Trunk to be established and data of different VLAN's to pass through it.

==================================================================

Before installing a new, upgraded version of the IOS, what should be checked on the router, and which command should be used to gather this information? (Choose two.)

A. the amount of available ROM

B. the amount of available flash and RAM memory

C. the version of the bootstrap software present on the router

D. show version

E. show processes

F. show running-config

Answer: BD

Explanation:

The version of IOS bring you new features and additional enhancements to your needs, as the additions increase the need for additional RAM is needed for the new IOS to run, Flash memory is where IOS is dumped to be loaded by router bootstrap to run the IOS. Last but not the least the version of IOS has to be checked before upgrading new IOS as to see the current version, Hardware compatibility with new IOS and other details of the hardware to which IOS to be loaded.

==================================================================

CCNA Notes

Friday 4 May 2012

IP Addressing

IP Summarization

Which two subnetworks would be included in the summarized address of 172.31.80.0 /20

A) 172.31.17.4 /30

B) 172.31.51.16 /30

C) 172.31.64.0 /18

D) 172.31.80.0 /22

E) 172.31.92.0 /22

F) 172.31.192.0 /18

Solution:

Step 1# 172.31.80.0 /20

Step 2# Convert to binary

172 . 31 . 80 . 0

1010 1100 . 0001 1111 . 0101 0000 . 0000 0000

Step 3#

1010 1100 . 0001 1111 . 0101 0000 . 0000 0000

---------------------------- 32 bits -----------------------

32 bits – 20 = 12

2⁴= 16 172.31. 80 – 0 - 0000

81 – 1 - 0001

82 – 2 - 0010

83 – 3 - 0011

84 – 4 - 0100

85 – 5 - 0101

86 – 6 - 0110

87 – 7 - 0111

88 – 8 - 1000

89 – 9 - 1001

90 – 10 - 1010

91 – 11 - 1011

172.31. 92 – 12 - 1100

93 – 13 - 1101

94 – 14 – 1110

95 – 15 – 1111

ANSWER: 172.31.80.0 /22

172.31.92.0 /22

Thursday 19 April 2012

CCNP Reference

errDisable

Platforms Using errDisable

The errDisable feature is supported on Catalyst switches running CatOS (Catalyst 2948G, 4500/4000, 5500/5000 & 6500/6000) as well as Catalyst switches running Cisco IOS (Catalyst 2900XL/3500XL, 2950, 2970, 3550, 4500 & 65000).

The way the errDisable is implemented varies between platforms. This document will specifically focus on error-disable for the switches running CatOS software.

Function of errDisable

The errDisable feature was first implemented in CatOS release 3.2(2). If the configuration showed a port to be enabled, but software on the switch detected an error situation on the port, the software would shut down that port.

In other words, the port was automatically disabled by the switch operating system software because of an error condition encountered on the port.

When a port is error-disabled, it is effectively shut down and no traffic is being sent or received on that port. The port LED is set to the color orange and when you enter the show port command, the port status shows errdisable. Here is an example of what an error-disabled port would look like from the command line interface of the switch.

Cat5500> (enable) show port 11/1
Port  Name               Status     Vlan       Level  Duplex Speed Type
----- ------------------ ---------- ---------- ------ ------ ----- ------------
11/1              errdisable   1 normal   auto  auto 10/100BaseTX

The error-disable function serves two purposes. First, it lets the administrator know when and where there is a port problem. Second, it eliminates the possibility that this port could cause other ports on the module (or the entire module) to fail due to buffers being monopolized by the bad port, port error messages monopolizing inter-process communications on the card, even ultimately causing serious network issues. The error-disable feature helps prevent these situations.

Causes of errDisable

At first, this feature was implemented to handle special collision situations where the switch detected excessive or late collisions on a port. Excessive collisions occur when a frame is dropped because of encountering 16 collisions in a row. Late collisions occur after every device on the wire should have recognized that the wire was in use.

These types of errors could be caused by a cable that is out of specification (too long, wrong type, defective), a bad network interface card (NIC) card (with physical problems, or driver problems), or a port duplex misconfiguration.

This last cause is common because of failures to negotiate the speed and duplex properly between two directly connected devices (for example, a NIC card connected to a switch). Only half-duplex connections should ever have collisions in a LAN; due to the Carrier-Sense Multi-Access (CSMA) nature of Ethernet, collisions are normal for half-duplex, as long as they do not exceed a small percentage of traffic.

As the capabilities of the CatOS grew, there were more ways that a port could become error-disabled. For example on the catalyst 6500 running catOS, the Errdisable feature is supported for these connectivity issues:

ARP inspection
Broadcast suppression
BPDU port-guard
Channel misconfiguration
Crossbar failure
Duplex mismatch
Layer 2 protocol tunnel misconfiguration
Layer 2 protocol tunnel threshold exceeded
UDLD

The error-disable function allows the switch to shut down a port when it encounters any of these situations. Remember, a port being error-disabled is not by itself a cause for alarm, as long as one determines and resolves its root cause. An error-disabled port is a symptom of a deeper problem that must be resolved.

Recovery from errDisable

In order to recover from errDisable you should do two things:

Identify and fix whatever caused the ports to become error-disabled (cable, NICs, EtherChannel, and so on).
If you do not identify and fix the underlying issue that caused the ports to be error-disabled, then the ports will just become error-disabled again when the problem reoccurs. Some errors can occur quite often (an example is the error detected by BPDU portguard, which can occur every two seconds). If you tried to reenable the ports without fixing the source of the problem they would just become error-disabled again.
Reenable the port.
Just fixing the source of the problem will not cause the ports to become enabled again. Once you fix the source of the problem, the ports are still disabled (and the port LEDs are still orange); the ports must be reenabled before they will become active. At first the only way to reenable the port was to manually enter the set port enable command for the ports in question. Over time there have been optional extensions added to the error-disable feature to make it more flexible and automatic.

Note: An error-disabled port is not the only reason a port LED could go orange; it is only one of the reasons. That is why it is always good to check the port status with the show port command.

http://itprostuff.blogspot.com/search/label/CCNP

Thursday 29 March 2012

Switching Lesson

Port Channels

A port channel bundles individual links into a channel group to create a single logical link that provides the aggregate bandwidth of up to eight physical links.

If a member port within a port channel fails, traffic previously carried over the failed link switches to the remaining member ports within the port channel.

Each port can be in only one port channel. All the ports in a port channel must be compatible; they must use the same speed and operate in full-duplex mode. When you are running static port channels, without LACP, the individual links are all in the on channel mode; you cannot change this mode without enabling LACP.

Port Channels are a quick way to get more bandwidth by aggregating multiple connections in one virtual pipe. For instance, tie four gigabit ports together into a channel and it becomes a four gigabit connection. Channels can also offer redundancy fault tolerance for physical connections.

If one of the links involved in a channel loses connection, the channel will continue on with the existing ports and three quarters of the bandwidth.

Ports involved in a channel must be on the same blade in a modular switch like a Catalyst 4500 or 6500.
Configuring port channels has become much easier in recent IOS versions. First, designate the desired ports into a channel group.

My_Switch(config)# interface GigabitEthernet2/1
My_Switch(config-if)# description Core Connection
My_Switch(config-if)# channel-group 2 mode desirable
My_Switch(config)# interface GigabitEthernet2/2
My_Switch(config-if)# description Core Connection
My_Switch(config-if)# channel-group 2 mode desirable

The desirable option will create a channel to another Cisco switch in etherchannel format and drop a single channel if necessary. In contrast, using the on option would force a port channel, but would drop the entire channel if a single link.

Etherchannel is Cisco's proprietary channel protocol, sometimes called PAGP or Port Aggregation Protocol. In order to create channel with a server or non-Cisco switch, the channel will have to be configured in LACP (Link Aggregation Control Protocol) format, which is a multivendor standard.

My_Switch(config)# interface GigabitEthernet2/1
My_Switch(config-if)# description Core Connection
My_Switch(config-if)# channel-group 2 mode passive
My_Switch(config)# interface GigabitEthernet2/2
My_Switch(config-if)# description Core Connection
My_Switch(config-if)# channel-group 2 mode passive

Using the active option instead of the passive mode option will force the ports into a LACP channel without negotiation much like the on option for PAGP. The entire channel will go down if a single line is disconnected and will not be fault tolerant. Next, create a virtual port channel interface.

My_Switch(config)# interface Port-channel4
My_Switch(config-if)# description Core Connection
My_Switch(config-if)# switchport

The virtual port channel configuration merely controls the aggregate port. For instance, if the port-channel interface is disabled, or shut down as Cisco calls it, then the channel will not work even though all four member ports are enabled. Display active channels with the show neighbor command.

My_switch> show pagp neighbors
My_switch>show lacp neighbors
The output gives much detail about the channels and their state.

Disable channels
Channels are a handy tool, but most Cisco switches ship in auto mode by default and that can sometimes causes problems with workstations that do not understand how to disregard the channel auto-negotiation. The switchport mode access command disables channel negotiation as well as disabling vlan trunking negotiation. It prepares the port for use by workstations.

My_Switch(config)# interface gig6/5
My_Switch(config-if)# description My favorite PC
My_Switch(config-if)# switchport mode access

Channels are often a quick way to add bandwidth and add redundancy with existing hardware.

Refer to the exhibit. On the basis of the information provided in the exhibit, which two sets of procedures are best practices for Layer 2 and 3 failover alignment?

Configure the D-SW1 switch as the active HSRP router and the STP root for VLANs 11 and 110. Configure the D-SW2 switch as the active HSRP router and the STP root for VLANs 12 and 120.

Configure the D-SW1 switch as the standby HSRP router and the backup STP root for VLANs 12 and 120. Configure the D-SW2 switch as the standby HSRP router and the backup STP root for VLANs 11 and 110.

------------------------------------------------------------------------------------------------------------

Explanation:

Spanning-Tree Protocol (STP) is a Layer 2 protocol that utilizes a special-purpose algorithm to discover physical loops in a network and effect a logical loop-free topology.

STP creates a loop-free tree structure consisting of leaves and branches that span the entire Layer 2 network. The actual mechanics of how bridges communicate and how the STP algorithm works will be discussed at length in the following topics. Note that the terms bridge and switch are used interchangeably when discussing STP. In addition, unless otherwise indicated, connections between switches are assumed to be trunks.

Load sharing can be accomplished using a couple of methods. The most common method of load sharing is through root bridge placement on a per-VLAN basis. This will distribute traffic for separate VLANs across separate paths to different root bridges. A separate method divides the bandwidth supplied by parallel trunks connecting switches.

To avoid loops, STP normally blocks all but one parallel link between switches. Using load sharing, traffic can be divided between the links according to which VLAN the traffic belongs. Load sharing can be configured on trunk ports by using STP port priorities or STP path costs.

For load sharing using STP port priorities, both load-sharing links must be connected to the same switch. For load sharing using STP path costs, each load-sharing link can be connected to the same switch or to two different switches.

Load Sharing Using STP Port Priorities When two ports on the same switch form a loop, the STP port priority setting determines which port is enabled and which port is in a blocking state.

The priorities on a parallel trunk port can be set so that the port carries all the traffic for a given VLAN. The trunk port with the higher priority (lower values) for a VLAN is forwarding traffic for that VLAN. The trunk port with the lower priority (higher values) for the same VLAN remains in a Blocking state for that VLAN. One trunk port sends or receives all traffic for the VLAN.

------------------------------------------------------------------------------------------------------------

Refer to the exhibit. VTP has been enabled on the trunk links between all switches within the TEST domain. An administrator has recently enabled VTP pruning. Port 1 on Switch 1 and port 2 on Switch 4 are assigned to VLAN 2. A broadcast is sent from the host connected to Switch 1. Where will the broadcast propagate?

Switches 1, 2, and 4 will receive the broadcast, but only Switch 4 will forward it out port 2.

------------------------------------------------------------------------------------------------------------

A trunk link will be formed.
The native VLAN for Switch B is vlan 1.
DTP packets are sent from Switch B.

------------------------------------------------------------------------------------------------------------

Explanation:

You can manually configure trunk links on Catalyst switches for either ISL or 802.1 Q mode. In addition, Cisco has implemented a proprietary, point-to-point protocol called Dynamic Trunking Protocol (DTP) that negotiates a common trunking mode between two switches.

The negotiation covers the encapsulation (ISL or 802.1 Q) as well as whether the link becomes a trunk at all. You can configure the trunk encapsulation with the switchport trunk encapsulation command, as one of the following:

1. isl-VLANs are tagged by encapsulating each frame using the Cisco ISL protocol.

2. dotlq-VLANs are tagged in each frame using the IEEE 802.1Q standard protocol. The only exception is the native VLAN, which is sent normally and not tagged at all.

1. negotiate (the default)-The encapsulation is negotiated to select either ISL or IEEE 802.1 Q, whichever is supported by both ends of the trunk. If both ends support both types, ISL is favored. (The Catalyst 2950 switch does not support ISL encapsulation.) In the switchport mode command, you can set the trunking mode to any of the following:

1. trunk-This setting places the port in permanent trunking mode. The corresponding switch port at the other end of the trunk should be similarly configured because negotiation is not allowed You should also manually configure the encapsulation mode.

2. dynamic desirable (the default)-The port actively attempts to convert the link into trunking mode. If the far-end switch port is configured to trunk, dynamic desirable, or dynamic auto mode, trunking is successfully negotiated.

3. dynamic auto-The port converts the link into trunking mode. If the far-end switch port is configured to trunk or dynamic desirable, trunking is negotiated. Because of the passive negotiation behavior, the link never becomes a trunk if both ends of the link are left to the dynamic auto default.

------------------------------------------------------------------------------------------------------------

Refer to the exhibit. On the basis of the output generated by the show commands, which two statements are true?

VLAN 1 will not be encapsulated with an 802.1q header.
Because it is configured as a trunk interface, interface gigabitethemet 011 does not appear in the show vlan output.

------------------------------------------------------------------------------------------------------------

A new Company switch was just configured using the "switchport trunk native vlan T' command. What does this interface command accomplish?

Answer: Configures the trunking interface to send traffic from VLAN 7 untagged

------------------------------------------------------------------------------------------------------------

Explanation:
In 802.1 Q trunking, all VLAN packets are tagged on the trunk link to indicate the VLAN to which they belong. Frames belonging to the Native VLAN are sent untagged on the trunk link.

The Native VLAN contains ports not assigned to other VLANs that by default belong to VLAN 1.

VLAN 1 is the Native VLAN by default, but VLANs other than VLAN 1 may be designated as the Native VLAN. However, the Native VLAN must be the same on trunked switches in 802.1 Q trunking.

If a VLAN other than VLAN 1 is to be the Native VLAN, it needs to be identified on the trunk ports. In the interface configuration mode of the trunk port(s), the IOS-based command to designate the Native VLAN is switchport trunk native.

Switch(config-if)#switchport trunk native vlan vlan-id

------------------------------------------------------------------------------------------------------------

Refer to the exhibit. VLAN 1 and VLAN 2 are configured on the trunked links between Switch A and Switch B. Port Fa 012 on Switch B is currently in a blocking state for both VLANs. What should be done to load balance VLAN traffic between Switch A and Switch B?

Answer: Lower the port priority for VLAN 1 on port 012 for Switch A

------------------------------------------------------------------------------------------------------------

Explanation:
Load Sharing Using STP Port Priorities

When two ports on the same switch form a loop, the STP port priority setting determines which port is enabled and which port is in a blocking state.

The trunk port with the lower priority (higher values) for the same VLAN remains in a Blocking state for that VLAN. One trunk port sends or receives all traffic for the VLAN.

------------------------------------------------------------------------------------------------------------

You are the network administrator at Company and switch R1 is configured as shown below.

    interface GigabitEthernetO/l
    switchport mode trunk
    switchport trunk encapsulation dotlq
    switchport trunk native vlan 5

If untagged frames are arriving on interface GigabitEthemetO/1 of R1, which of the following statement are correct?

Answer: Untagged frames are automatically assumed to be in VLAN 5.

------------------------------------------------------------------------------------------------------------

Explanation:
Each physical port has a parameter called PAD. Every 802.1 Q port is assigned a PVID value that is of its native VLAN ID (default is VLAN 1).

All untagged frames are assigned to the LAN specified in the PVID parameter. When a tagged frame is received by a port, the tag is respected.

If the frame is untagged, the value contained in the PVID is considered as a tag. All untagged frames will be assigned to the native VLAN.

The native VLAN is 1 by default, but in this case the native VLAN is configured as VLAN 5

------------------------------------------------------------------------------------------------------------

If you were to set up a VLAN trunk over a Fast Ethernet link on switch R1, which trunk mode would you set the local port to on R1 if you wanted it to respond to requests from its link partner (R2) and become a trunk?

Answer: Auto
------------------------------------------------------------------------------------------------------------

Explanation:
Only ports in desirable and auto mode will negotiate a channel (either desirable-auto or desirable-desirable). Ports in on mode will only form a functional channel with other ports in on mode (they will not negotiate a channel with ports in desirable or auto mode).

------------------------------------------------------------------------------------------------------------

Which of the following trunking modes are unable to request their ports to convert their links into trunk links?

Answer:

Nonegotiate
Auto

------------------------------------------------------------------------------------------------------------

Explanation:
Auto is a trunking mode but does not actively negotiate a trunk. It requires opposite side to be trunk or desirable, and will only respond to requests from the other trunk link. No-negotiate will configure the link to be unable to dynamically become a trunk; since no requests will be sent it will not respond to requests from other trunk links from a different switch.

------------------------------------------------------------------------------------------------------------

Refer to the exhibit. How will interface FastEthemnet0/1 respond when an 802.1x-enabled client connects to the port?

Answer:
The switch port will disable 802.1x port-based authentication and cause the port to transition to the authorized state without any further authentication exchange.

------------------------------------------------------------------------------------------------------------

Explanation:
The IEEE 802.1x standard defines a port-based access control and authentication protocol that restricts unauthorized workstations from connecting to a LAN through publicly accessible switch ports.

The authentication server authenticates each workstation that is connected to a switch port before making available any services offered by the switch or the LAN. Until the workstation is authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the workstation is connected.

After authentication succeeds, normal traffic can pass through the port. You control the port authorization state by using the dotlx port-control interface configuration command and these keywords:
force-authorized:

Disables 802.1 x port-based authentication and causes the port to transition to the authorized state without any authentication exchange required. The port transmits and receives normal traffic without 802.1x-based authentication of the client. This is the default setting.

force-unauthorized: Causes the port to remain in the unauthorized state, ignoring all attempts by the client to authenticate. The switch cannot provide authentication services to the client through the interface.

auto: Enables 802.1x port-based authentication and causes the port to begin in the unauthorized state, allowing only EAPOL frames to be sent and received through the port. The authentication process begins when the link state of the port transitions from down to up (authenticator initiation) or when an EAPOL-start frame is received (supplicant initiation). The switch requests the identity of the client and begins relaying authentication messages between the client and the authentication server. The switch uniquely identifies each client attempting to access the network by using the client MAC address.

------------------------------------------------------------------------------------------------------------

You are tasked with designing a security solution for your network. What information should be gathered prior to designing the solution?

A.    a list of applications currently in use in the network
B.    IP addressing design plans so that the network can be appropriately segmented to mitigate
potential network threats
C.    detailed security device specifications
D.    results from pilot network testing

When you enable port security on an interface that is also configured with a voice VLAN, what is the maximum number of secure MAC addresses that should be set on the port?

A.    No more than one secure MAC address should be set.
B.    The default will be set.
C.    The IP phone should use a dedicated port, therefore only one MAC address is needed per port.
D.    No value is needed if the switchport priority extend command is configured.
E.    No more than two secure MAC addresses should be set.

Switch# show ip sla application

IP SLAs
Version: 2.2.0 Round Trip Time MIB, Infrastructure Engine-II Time of last change in whole IP SLAs: 22:17:39.117 UTC Fri Jun Estimated system max number of entries:15801
Estimated number of configurable operations: 15801 Number of Entries configured: 0
Number of active Entries: 0
Number of pending Entries: 0
Number of inactive Entries: 0
Supported Operation Types
Type of Operation to Perform: 802.1agEcho
Type of Operation to Perform: 802.1agJitter
Type of Operation to Perform: dhcp
Type of Operation to Perform: dns
Type of Operation to Perform: echo
Type of Operation to Perform: ftp
Type of Operation to Perform: http
Type of Operation to Perform: jitter
Type of Operation to Perform: pathEcho
Type of Operation to Perform: pathJitter
Type of Operation to Perform: tcpConnect
Type of Operation to Perform: udpEcho
IP SLAs low memory water mark: 21741224

Refer to the exhibit. What best describes the Cisco IOS IP SLA command and output in the exhibit?
A.    verifies which operation types have been enabled for IP SLA responder.
B.    verifies which operation types have been enabled for IP SLA source.
C.    verifies which operation types are supported in software.
D.    verifies enabled operation types that are not running.

Which statement is correct about the use of the virtual interface on a WLC?

A.    Used to relay DHCP messages
B.    Used to communicate with LAPs
C.    Used to bring up LWAPP tunnels
D.    Used to extend into the wireless client VLAN

The VLANs in switch R1 are being modified. Which of the following are updated in R1 every time a VLAN is modified?

A. Configuration revision number
B. Configuration revision flag field
C. Configuration revision database
D. Configuration revision reset switch

------------------------------------------------------------------------------------------------------------

You are assigning VLANs to the ports of switch R1. What VLAN number value is an assigned to the default VLAN?

A. VLAN ON
B. VLAN A
C. VLAN 1D. VLAN 0
E. VLAN 1003

------------------------------------------------------------------------------------------------------------

Explanation:

The default VLAN is VLAN 1. Although this VLAN can be modified, it can not be deleted from the switch. The following VLANs are on by default for all Cisco Catalyst switches

VLAN 1 - Default VLAN
VLAN 1002 - Default FDDI VLAN
VLAN 1003 - Default Token Ring VLAN
VLAN 1004 - Default FDDI Net VLAN
VLAN 1005 - Default Token Ring Net VLAN

------------------------------------------------------------------------------------------------------------

Explanation:

Static port VLAN membership

Static port VLAN membership on the switch is assigned manually by the administrator on a port-by-port basis. Characteristics of static VLAN configurations include the following:
1. Secure
2. Easy to configure
3. Straight forward to monitor
4. Works well in networks where moves, adds, and changes are rare.

------------------------------------------------------------------------------------------------------------

Explanation:

LAN port VLAN membership

LAN port VLAN membership can be assigned manually on a port-by-port basis. When you assign LAN ports to VLANs using this method, it is known as port-based, or static membership.Attached devices will be unaware of any VLANs.

------------------------------------------------------------------------------------------------------------

Explanation:

VLAN Trunking Protocol (VTP)

The role of the VLAN Trunking Protocol (VTP) is to maintain VLAN configuration consistency across the entire network. VTP is a messaging protocol that uses Layer 2 trunk frames to manage the addition, deletion, and renaming of VLANs on a network-wide basis from a centralized switch that is in the VTP server mode. VTP is responsible for synchronizing VLAN information within a VTP domain. This reduces the need to configure the same VLAN information on each switch. Using VTP, each Catalyst Family Switch advertises the following on its trunk ports:

1. Management domain

2. Configuration revision number

3. Known VLANs and their specific parameters

------------------------------------------------------------------------------------------------------------

Explanation:

In Switch two types of links are available, access and trunk:

1. The interface is in access mode can carry the information of only one VLAN and
2. Trunk can carry the information of more than one VLAN.

VTP carry the information of more than one vlan so Switch port should be in trunk mode. VLAN1 is the default VLAN on Cisco Switch, by default all interface belongs to VLAN 1.

------------------------------------------------------------------------------------------------------------

Explanation:

Periodic (default is 5 minutes) VTP advertisements are sent out each trunk port with the multicast destination MAC address 01-00-OC-CC-CC-CC. VTP advertisements contain the following configuration information:
1. VLAN IDs (ISL and 802.1Q)
2. Emulated LAN names (ATM LANE)
3. 802.10 SAID values (FDDI)
4. VTP domain name
5. VTP configuiration revision number
6. VLAN Configuration, including the maximum transmission unit (MTU) size for each VLM
7. Frame format

------------------------------------------------------------------------------------------------------------

What must be configured on a Cisco switch in order to advertise VLAN information?

A. VTP password
B. VTP pruning
C. VTP mode
D. VTP domain name
E. VTP revision number

------------------------------------------------------------------------------------------------------------

Explanation:

If the switch being installed is the first switch in the network, the management domain will need to be created. However, if the network has other switches running VTP, then the new switch will join an existing management domain. Verify the name of the management domain. If the management domain has been secured, verify and configure the password for the domain. To create a management domain or to add a switch to a management domain, use the vtp domain command in the global configuration mode or VLAN configuration mode.

Switch(config)#vtp domain name

Switch(vlan)#vtp domain

------------------------------------------------------------------------------------------------------------

The Company switches have all been upgraded to use VTP version 2. What are two benefits provided in VTP Version 2 that are not available in VTP Version 1

A. VTP version 2 supports Token Ring VLANs.

B. VTP version 2 allows VLAN consistency checks.

C. VTP version 2 allows active redundant links when used with spanning tree.
D. VTP version 2 reduces the amount of configuration necessary.
E. VTP version 2 saves VLAN configuration memory.

------------------------------------------------------------------------------------------------------------

Explanation:

VTP Version 2 includes the following improvements: Token Ring VLAN support, TLV support, transparent mode, and Consistency checks.

------------------------------------------------------------------------------------------------------------

The Company switches are configured to use VTP. What's true about the VLAN trunking protocol (VTP)?

A. VTP domain names need to be identical. However, case doesn't matter.
B. A VTP enabled device which receives multiple advertisements will ignore advertisements with higher configuration revision numbers
C. A device in'transparent' VTP v.1 mode will not forward VTP messages.

D. VTP messages will not be forwarded over nontrunk links.

E. VTP pruning allows switches to prune VLANs that do not have any active ports associated with them.

------------------------------------------------------------------------------------------------------------

Explanation:

VTP messages are only transmitted across trunk links. If the receiving switch is in transparent mode, the configuration is not changed. Switches in transparent mode do not participate in VTP If you make VTP or VLAN configuration chances on a switch in transparent mode. the chances are not propagated to the other switches in the network.

------------------------------------------------------------------------------------------------------------

Switch R1 and R2 bath belong to the Company VTP domain. What's true about the switch operation in VTP domains?
A. VTP is no longer supported on Catalyst switches
B. A switch is listening to VTP advertisements from their own domain only
C. A switch can reside in one or more domains
D. A switch is listening to VTP advertisements from mufti domains
E. A switch can only reside in one management domain

------------------------------------------------------------------------------------------------------------

Explanation:

A VTP domain is made up of one or more interconnected devices that share the same VTP domain name. A switch can be configured to be in only one VTP domain, and each VLAN has a name that is unique within a management domain. Typically, you use a VTP domain to ease administrative control of your network or to account for physical boundaries within your network

However, you can set up as many or as few VTP domains as are appropriate for your administrative needs. Consider that VTP is transmitted on all trunk connections, including ISL, IEEE 802.1Q, 802.10, and LANE. Switches can only belong to one management domain with common VLAN requirements. and they only care about the neighbors in their own domains.

------------------------------------------------------------------------------------------------------------

VTP devices in a network track the VTP revision number. What is a VTP configuration revision number?

A. A number for identifying changes to the network router.
B. A number for identifying changes to the network switch.
C. A number for identifying changes to the network topology

------------------------------------------------------------------------------------------------------------

Explanation:

The configuration revision number is a 32-bit number that indicates the level of revision for a VTP packet. Each VTP device tracks the VTP configuration revision number assigned to it, and most of the VTP packets contain the VTP configuration revision number of the sender. This information is used to determine whether the received information is more recent than the current version. Each time you make a VLAN change in a VTP device, the configuration revision is incremented by one. In order to reset the configuration revision of a switch, change the VTP domain name and then change it back to the original name.

------------------------------------------------------------------------------------------------------------

Switch R1 is configured to use the VLAN Trunking Protocol (VTP). What does R1 advertise in its VTP domain?

A. The VLAN ID of all known VLANs, the management domain name, and the total number of trunk links on the switch.
B. The VLAN ID of all known VLANs, a 1-bit canonical format (CF1 Indicator), and the switch configuration revision number.
C. The management domain name, the switch configuration revision number, the known VLANs, and their specific parameters.
D. A 2-byte TPID with a fixed value of 0x8100 for the management domain number, the switch configuration revision number, the known VLANs, and their specific parameters

------------------------------------------------------------------------------------------------------------

Explanation:

Each switch participating in VTP advertises VLAN information, revision numbers, and VLAN parameters on its trunk ports to notify other switches in the management domain. VTP advertisements are sent as multicast frames. The switch intercepts frames sent to the VTP multicast address and processes them with its supervisory processor VTP frames are forwarder out trunk links as a special case. The following global configuration information is distributed in VTP advertisements:

1 . VLAN IDs (ISL and 802.1Q)

2. Emulates LAN names (for ATM LANE)

3. 802.10 SAID values (FDDI)

4. VTP domain name

5. VTP Configuration revision number

6. VLAN Configuration, including maximum transmission unit (MTU) size for each VLAN

7. Frame formal

------------------------------------------------------------------------------------------------------------

Explanation:

VTP advertisements include:

1. Summary Advertisements - These go out every 5 minutes or ever time the VIAN topology changes, and lists of information about the management domain (VTP version, domain name,

configuration revision number, timestamp, MD5 encryption hash code, & number of subset advertisements incoming). When there is a configuration change, summary advertisements

are complimented by or more subset advertisements.

2. Subset advertisements - These are sent out by VTP domain servers after a configuration change. They list the specifics of the change (VLAN creation / deletion / suspension / activation /

name change / MTU change) and the VLAN parameters (VLAN status, VLAN type, MTU, VLAN name, VLAN number, SAID value).

3. Advertisement Requests from Clients - VTP clients request specific VLAN information that they're lacking (ie. Client switch is reset and loses its database, or VTP domain membership

changes) so they can be responded by summary and subset advertisements.

------------------------------------------------------------------------------------------------------------

Switch R1 is configured with VTP. Which two VTP modes will make R1 capable of creating and deleting VLANs on itself?

A Client

B. Pass-through
C. Nonegotiate
D. Server

E. Transparent

------------------------------------------------------------------------------------------------------------

Explanation:

VTP Modes, you can configure a switch to operate in any one of these VTP modes:

1 . Server - In VTP server mode, you can create, modify, and delete VLANs and specify other configuration parameters (such as VTP version) for the entire VTP domain. VTP servers advertise their VLAN configuration to other switches in the same VTP domain and synchronize their VLAN configuration with other switches based on advertisements received over trunk links. VTP server is the default mode.

2. Client - VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.

3. Transparent - VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. However, in VTP version 2, transparent switches do forward VTP advertisements that they receive out their trunk interfaces. If you configure the switch as VTP transparent- you can create and modify VLANs but the chanaes affect only the individual switch.

------------------------------------------------------------------------------------------------------------

Two Company switches are connected via a trunk link. In this network, the original frame is encapsulated and an additional header is added before the frame is carried over a trunk link. At the

receiving end, the header is removed and the frame is forwarded to the assigned VLAN. This describes which technology?
A. IEEE 802.1Q
B. MPLS
C. ISL
D. DISL
E. DTP

------------------------------------------------------------------------------------------------------------

Explanation:

Inter-Switch Link (ISL)

The Inter-Switch Link (ISL) protocol is a Cisco proprietary method for preserving the source VLAN identification of frames passing over a trunk link.

ISL performs frame identification in Layer 2 by encapsulating each frame between a header and trailer. Any Cisco switch or router device configured for ISL can process and understand the ISL VLAN information. ISL is primarily used for Ethemet media, although Cisco has included provisions to carry Token Ring, FDDI, and ATM frames over Ethemet ISL.

(A Frame-Type field in the ISL header indicates the source frame type.) When a frame is destined out a trunk link to another switch or router, ISL adds a 26-byte header and a 4-byte trailer to the frame. The source VLAN is identified with a 10-bit VLAN ID field in the header. The trailer contains a cyclic redundancy check (CRC) value to ensure the data integrity of the new encapsulated frame. Figure 6-3 shows how Ethemet frames are encapsulated and forwarded out a trunk link. Because tagging information is added at the beginning and end of each frame, ISL is sometimes referred to as double tagging.

------------------------------------------------------------------------------------------------------------

The Company core switches use 802.1 Q trunks to connect to each other. How does 802.1 Q trunking keep track of multiple VLANs?

A. It tags the data frame with VLAN information and recalculates the CRC value
B. It adds a new header containing the VLAN ID to the data frame
C. It encapsulates the data frame with a new header and frame check sequence
D. It modifies the port index of a data frame to indicate the VLAN

------------------------------------------------------------------------------------------------------------

Explanation:

The IEEE 802.1Q protocol can also carry VLAN associations over trunk links. However, this frame identification method is standardized, allowing VLAN trunks to exist and operate between equipment from multiple vendors.In particular, the IEEE 802.1 Q standard defines an architecture for VLAN use, services provided with VLANs, and protocols and algorithms used to provide VLAN services.

Like Cisco ISL, IEEE 802.1Q can be used for VLAN identification with Ethemet trunks. Instead of encapsulating each frame with a VLAN ID header and trailer, 802.1 Q embeds its tagging information within the Layer 2 frame. This method is referred to as single-tagging or internal tagging. 802.1 Q also introduces the concept of a native VLAN on a trunk.

Frames belonging to this VLAN are not encapsulated with any tagging information. In the event that an end station is connected to an 802.1 Q trunk link, the end station can receive and understand only the native VLAN frames. This provides a simple way to offer full trunk encapsulation to the devices that can understand it, while giving normal access stations some inherent connectivity over the trunk.

------------------------------------------------------------------------------------------------------------

Which three statements are correct with regard to the IEEE 802.1Q standard?

A. The packet is encapsulated with a 26 byte header and a 4 byte FCS
B. The IEEE 802.1Q frame format adds a 4 byte field to a Ethemet frame

C. The IEEE 802.1Q frame retains the original MAC destination address

D. The protocol uses point-to-point connectivity

E. The IEEE 802.1Q frame uses multicast destination of 0x01-00-0c-00-00
F. The protocol uses point-to-multipoint connectivity

------------------------------------------------------------------------------------------------------------

Explanation:

Like Cisco ISL, IEEE 802.1Q can be used for VLAN identification with Ethemet trunks. Instead of encapsulating each frame with a VLAN ID header and trailer, 802.1Q embeds its tagging information within the Layer 2 frame. This method is referred to as single-tagging or internal tagging. 802.1 Q also introduces the concept of a native VLAN on a trunk.

------------------------------------------------------------------------------------------------------------

Switch R1 has been configured with DTP using the desirable option. Which statement describes Dynamic Trunking Protocol (DTP) desirable mode?

A. The interface is put into a passive mode, waiting to convert the link to a trunk link.

B. The interface is put into permanent trunking mode but prevented from generating DTP frames.
C. The interface is put into permanent trunking mode and negotiates to convert the link into a trunk link.
D. The interface actively attempts to convert the link to a trunk link.

------------------------------------------------------------------------------------------------------------

Explanation:

In the switchport mode command, you can set the trunking mode to any of the following:

1. Trunk - This setting places the port in permanent trunking mode. The corresponding switch port at the other end of the trunk should be similarly configured because negotiation is not allowed You should also manually configure the encapsulation mode.

2. Dynamic desirable (the default) - The port actively attempts to convert the link into trunking mode. If the far-end switch port is configured to trunk, dynamic desirable, or dynamic auto mode, trunking is successfully negotiated.

3. Dynamic Auto - The port converts the link into trunking mode. If the far-end switch port is configured to trunk or dynamic desirable, trunking is negotiated. Because of the passive negotiation behavior, the link never becomes a trunk if both ends of the link are left to the dynamic auto default.

------------------------------------------------------------------------------------------------------------

While using a packet analyzer, you notice four additional bytes being added to the packets in the Company network. Which protocol inserts a four byte tag into the Ethemet frame and recalculates CRC value?

A DTP
B. 802.10Q
C. ISL
D. VTP

------------------------------------------------------------------------------------------------------------

Explanation:

The IEEE 802.1Q protocol can also carry VLAN associations over trunk links. However, this frame identification method is standardized, allowing VLAN trunks to exist and operate between equipment from multiple vendors. In particular, the IEEE 802.1Q standard defines an architecture for VLAN use, services provided with VLANs, and protocols and algorithms used to provide VLAN services.

Like Cisco ISL, IEEE 802.1 Q can be used for VLAN identification with Ethemet trunks. Instead of encapsulating each frame with a VLAN ID header and trailer, 802.1 Q embeds its tagging information within the Layer 2 frame. This method is referred to as single-tagging or internal tagging. 802.1 Q also introduces the concept of a native VLAN on a trunk.

------------------------------------------------------------------------------------------------------------

Explanation:

dynamic desirable (the default}The port actively attempts to convert the link into trunking mode. If the far-end switch port is configured to trunk, dynamic desirable, or dynamic auto mode, trunking is successfully negotiated.

------------------------------------------------------------------------------------------------------------

A new Company switch was just configured using the "switchport trunk native vlan 7" command. What does this interface command accomplish?

A. Configures the trunking interface to forward traffic from VLAN 7
B. Causes the interface to apply ISL framing for traffic on VLAN 7
C. Configures the interface to be a trunking port and causes traffic on VLAN 7 to be 802.1q tagged
D. Configures the trunking interface to send traffic from VLAN 7 untagged

------------------------------------------------------------------------------------------------------------

Explanation:

In 802-1Q trunking, all VLAN packets are tagged on the trunk link to indicate the VLAN to which they belong. Frames belonging to the Native VLAN are sent untagged on the trunk link. The Native VLAN contains ports not assigned to other VLANs that by default belong to VLAN 1.

VLAN 1 is the Native VLAN by default, but VLANs other than VLAN 1 may be designated as the Native VLAN. However, the Native VLAN must be the same on trunked switches in 802.1 Q trunking.

If a VLAN other than VLAN 1 is to be the Native VLAN, it needs to be identified on the trunk ports. In the interface configuration mode of the trunk port(s), the ICS-based command to designate the Native VLAN is switchport trunk native.

Switch(config-if)#switchport trunk native vlan vlan-id

------------------------------------------------------------------------------------------------------------

Which statement is true regarding the configuration of ISL trunks

A A Catalyst switch cannot have ISL and IEEE 802.tq trunks enabled.
B. All Catalyst switches support ISL trunking.
C. A Catalyst switch will report giants if one side is configured for ISL while the other side is not.
D. ISL trunking requires that native VLANs match.

------------------------------------------------------------------------------------------------------------

Explanation:

The Inter-Switch Link (ISL) protocol is a Cisco proprietary method for preserving the source VLAN identification of frames passing over a trunk link. ISL performs frame identification in Layer 2 by encapsulating each frame between a header and trailer. Any Cisco switch or router device configured for ISL can process and understand the ISL VLAN information.

ISL is primarily used for Ethemet media, although Cisco has included provisions to carry Token Ring, FDDI, and ATM frames over Ethemet ISL. (A Frame-Type field in the ISL header indicates the source frame type.) When a frame is destined out a trunk link to another switch or router, ISL adds a 26-byte header and a 4-byte trailer to the frame.

The source VLAN is identified with a 10-bit VLAN ID field in the header. The trailer contains a cyclic redundancy check (CRC) value to ensure the data integrity of the new encapsulated frame. Figure 6-3 shows how Ethemet frames are encapsulated and forwarded out a trunk link. Because tagging information is added at the beginning and end of each frame, ISL is sometimes referred to as double tagging.

------------------------------------------------------------------------------------------------------------

Refer to the exhibit. VLAN 1 and VLAN 2 are configured on the trunked links between Switch A and Switch B. Port Fa 0/2 on Switch B is currently in a blocking state for both VLANs. What
should be done to load balance VLAN traffic between Switch A and Switch B?
A. Enable HSRP on the access ports.
B. Make the bridge ID of Switch B lower than the ID of Switch A
C. Lower the port priority for VLAN 1 on port 0/1 for Switch A.
D. Lower the port priority for VLAN 1 on port 0/2 for Switch A.

------------------------------------------------------------------------------------------------------------

Explanation:
Load Sharing Using STP Port Priorities
When two ports on the same switch form a loop, the STP port priority setting determines which port is enabled and which port is in a blocking state. The priorities on a parallel trunk port can be set so that the port carries all the traffic for a given VLAN.

The trunk port with the higher priority (lower values) for a VLAN is forwarding traffic for that VLAN. The trunk port with the lower priority (higher values) for the same VLAN remains in a Blocking state for that VLAN. One trunk port sends or receives all traffic for the VLAN.

------------------------------------------------------------------------------------------------------------

Which of the following technologies would an Internet Service Provider use to support overlapping customer VLAN ID's over transparent LAN services?
A. IP Over Optical Networking
B. 802.1Q tunnelingC. SDH
D. ATM
E. ISL

------------------------------------------------------------------------------------------------------------

Explanation:
Understanding How 802.1 Q Tunneling Works:
The 802.1 Q tunneling feature supports secure virtual private networks (VPNs). 802.1 Q tunneling enables service providers to keep traffic from different customers segregated in the service provider infrastructure while significantly reducing the number of VLANs required to support the VPNs. 802.1Q tunneling allows multiple customer VLANs to be carried by a single VLAN on the Catalyst 6000 family switch without losing their unique VLAN IDs.

When you configure 802.1 Q tunneling on the Catalyst 6000 family switch, traffic to be tunneled comes into the switch from an 802.1 Q trunk port on a neighboring device and enters the switch through a port configured to support 802.1 Q tunneling (a tunnel port).

When the tunnel port receives traffic from an 802.1 Q trunk port, it does not strip the 802.1 Q tags from the frame header but, instead, leaves the 802.1 Q tags intact and puts all the received 802.1 Q traffic into the VLAN assigned to the tunnel port.

The VLAN assigned to the tunnel port then carries the tunneled customer traffic to the other neighboring devices participating in the tunnel port VLAN. When the tunneled traffic is received by an 802.1 Q trunk port on a neighboring device, the 802.1 Q tag is stripped and the traffic is removed from the tunnel.

------------------------------------------------------------------------------------------------------------

Refer to the exhibit. Which statement is true

Router(config)#vlan access-map pass 10
Router(config-access-map)# match ip address ABC
Router(config-access-map)# action forward
Router(config)#vlan filter pass clan-list 5-10

A IP traffic matching VLAN list 5-10 will be forwarded, and all other traffic will be dropped.
B. All VLAN traffic matching VLAN list 5-10 will be forwarded, and all traffic matching access list ABC is dropped.
C. All VLAN traffic in VLANs 5-10 that match access list ABC will be forwarded, and all else will be dropped.D. IP traffic matching access list ABC is forwarded through VLANs 5-10.

------------------------------------------------------------------------------------------------------------

Explanation:

standby group preempt

You can configure a router to preempt or immediately take over the active role if its priority is the highest at any time. Use the following interface configuration command to allow preemption:
Switch(config-if)# standby group preempt [delay seconds] By default, the router can preempt another immediately, without delay. You can use the delay keyword to force it to wait for seconds
before becoming active. This is usually done if there are routing protocols that need time to converge.

------------------------------------------------------------------------------------------------------------

Which two statements are true about a switched virtual interface (SVI)? (Choose two.)
A SVI is another name for a routed port.
B. An SVI is created by entering the no switchport command in interface configuration mode.
C. Multiple SVIs can be associated with a VLAN.
D. An SVI provides a default gateway for a VLAN.

E. An SVI is normally created for the default VLAN (VLAN1) to permit remote switch administration

Explanation:
On a multilayer switch, you can also enable Layer 3 functionality for an entire VIAN on the switch. This allows a network address to be assigned to a logical interface-that of the VIAN itself. This is useful when the switch has many ports assigned to a common VLAN, and routing is needed in and out of that VLAN. The logical Layer 3 interface is known as an SVI. However, when it is configured, it uses the much more intuitive interface name vlan vlan-id, as if the VLAN itself is a physical interface. First, define or identify the VLAN interface, and then assign any Layer 3
functionality to it.

------------------------------------------------------------------------------------------------------------

Explanation:
Spanning tree PortFast is a Catalyst feature that causes a switch or trunk port to enter the spanning tree Forwarding state immediately, bypassing the Listening and Learning states. IOS-based switches only use PortFast on access ports connected to end stations. When a device is connected to a port, the port normally enters the spanning tree Listening state. When the Forward Delay timer expires, the port enters the Learning state. When the Forward Delay timer expires a second time, the port is transitioned to the Forwarding or Blocking state. When PortFast is enabled on a switch or trunk port, the port is immediately transitioned to the Forwarding state. As soon as the switch detects the link, the port is transitioned to the Forwarding state
(less than 2 seconds after the cable is plugged in).

------------------------------------------------------------------------------------------------------------

Refer to the exhibit. Which statement is true,
Router(config)# clan access-map pass 10
Router(config-access-map)# match ip address ABC
Router(config-access-map)# action forward
Router(config) clan filter pass vian-list 5-10

A. All VLAN traffic in VLANs 5-10 that match access list ABC will be forwarded, and all else will be

dropped.

B. IP traffic matching VLAN list 5-10 will be forwarded, and all other traffic will be dropped.
C. IP traffic matching access list ABC is forwarded through VLANs 5-10.
D. All VLAN traffic matching VLAN list 5-10 will be forwarded, and all traffic matching access list ABC is
dropped.

------------------------------------------------------------------------------------------------------------

Explanation:

The IEEE 802.1 D Spanning Tree Protocol was designed to keep a switched or bridged network loop free, with adjustments made to the network topology dynamically. A topology change typically takes 30 seconds, where a port moves from the Blocking state to the Forwarding state after two intervals of the Forward Delay timer. As technology has improved, 30 seconds has become an unbearable length of time to wad for a production network to failover or "heal" itself during a problem.

Topology Changes and RSTP Recall that when an 802.1 D switch detects a port state change (either up or down), it signals the Root Bridge by sending topology change notification (TCN) BPDUs. The Root Bridge must then signal a topology change by sending out a TCN message that is relayed to all switches in the STP domain. RSTP detects a topology change only when a nonedge port transitions to the Forwarding state. This might seem odd because a link failure is not used as a trigger. RSTP uses all of its rapid convergence mechanisms to prevent bridging loops from forming. Therefore, topology changes are detected only so that bridging tables can be updated and corrected as hosts appear first on a failed port and then on a different functioning port.

When a topology change is detected, a switch must propagate news of the change to other switches in the network so they can correct their convergence and synchronization mechanism-topology change notification (TCN) messages orooagate through the network in an different functioning port. bridging tables, too. This process is similar to the