Thursday, 29 March 2012

Switching Lesson


Port Channels
 
A port channel bundles individual links into a channel group to create a single logical link that provides the aggregate bandwidth of up to eight physical links.

If a member port within a port channel fails, traffic previously carried over the failed link switches to the remaining member ports within the port channel.

Each port can be in only one port channel. All the ports in a port channel must be compatible; they must use the same speed and operate in full-duplex mode. When you are running static port channels, without LACP, the individual links are all in the on channel mode; you cannot change this mode without enabling LACP.
 
Port Channels are a quick way to get more bandwidth by aggregating multiple connections in one virtual pipe. For instance, tie four gigabit ports together into a channel and it becomes a four gigabit connection. Channels can also offer redundancy fault tolerance for physical connections.

If one of the links involved in a channel loses connection, the channel will continue on with the existing ports and three quarters of the bandwidth.

Ports involved in a channel must be on the same blade in a modular switch like a Catalyst 4500 or 6500.
Configuring port channels has become much easier in recent IOS versions. First, designate the desired ports into a channel group.

My_Switch(config)# interface GigabitEthernet2/1
My_Switch(config-if)# description Core Connection
My_Switch(config-if)# channel-group 2 mode desirable
My_Switch(config)# interface GigabitEthernet2/2
My_Switch(config-if)# description Core Connection
My_Switch(config-if)# channel-group 2 mode desirable

The desirable option will create a channel to another Cisco switch in etherchannel format and drop a single channel if necessary. In contrast, using the on option would force a port channel, but would drop the entire channel if a single link.

Etherchannel is Cisco's proprietary channel protocol, sometimes called PAGP or Port Aggregation Protocol. In order to create channel with a server or non-Cisco switch, the channel will have to be configured in LACP (Link Aggregation Control Protocol) format, which is a multivendor standard.

My_Switch(config)# interface GigabitEthernet2/1
My_Switch(config-if)# description Core Connection
My_Switch(config-if)# channel-group 2 mode passive
My_Switch(config)# interface GigabitEthernet2/2
My_Switch(config-if)# description Core Connection
My_Switch(config-if)# channel-group 2 mode passive

Using the active option instead of the passive mode option will force the ports into a LACP channel without negotiation much like the on option for PAGP. The entire channel will go down if a single line is disconnected and will not be fault tolerant. Next, create a virtual port channel interface.

My_Switch(config)# interface Port-channel4
My_Switch(config-if)# description Core Connection
My_Switch(config-if)# switchport

The virtual port channel configuration merely controls the aggregate port. For instance, if the port-channel interface is disabled, or shut down as Cisco calls it, then the channel will not work even though all four member ports are enabled. Display active channels with the show neighbor command.

My_switch> show pagp neighbors
My_switch>show lacp neighbors
The output gives much detail about the channels and their state.

Disable channels
Channels are a handy tool, but most Cisco switches ship in auto mode by default and that can sometimes causes problems with workstations that do not understand how to disregard the channel auto-negotiation. The switchport mode access command disables channel negotiation as well as disabling vlan trunking negotiation. It prepares the port for use by workstations.

My_Switch(config)# interface gig6/5
My_Switch(config-if)# description My favorite PC
My_Switch(config-if)# switchport mode access

Channels are often a quick way to add bandwidth and add redundancy with existing hardware.


Refer to the exhibit. On the basis of the information provided in the exhibit, which two sets of procedures are best practices for Layer 2 and 3 failover alignment?

  • Configure the D-SW1 switch as the active HSRP router and the STP root for VLANs 11 and 110. Configure the D-SW2 switch as the active HSRP router and the STP root for VLANs 12 and 120.

  • Configure the D-SW1 switch as the standby HSRP router and the backup STP root for VLANs 12 and 120. Configure the D-SW2 switch as the standby HSRP router and the backup STP root for VLANs 11 and 110.
------------------------------------------------------------------------------------------------------------

Explanation:
Spanning-Tree Protocol (STP) is a Layer 2 protocol that utilizes a special-purpose algorithm to discover physical loops in a network and effect a logical loop-free topology.

STP creates a loop-free tree structure consisting of leaves and branches that span the entire Layer 2 network. The actual mechanics of how bridges communicate and how the STP algorithm works will be discussed at length in the following topics. Note that the terms bridge and switch are used interchangeably when discussing STP. In addition, unless otherwise indicated, connections between switches are assumed to be trunks.
Load sharing can be accomplished using a couple of methods. The most common method of load sharing is through root bridge placement on a per-VLAN basis. This will distribute traffic for separate VLANs across separate paths to different root bridges. A separate method divides the bandwidth supplied by parallel trunks connecting switches.

To avoid loops, STP normally blocks all but one parallel link between switches. Using load sharing, traffic can be divided between the links according to which VLAN the traffic belongs. Load sharing can be configured on trunk ports by using STP port priorities or STP path costs.

For load sharing using STP port priorities, both load-sharing links must be connected to the same switch. For load sharing using STP path costs, each load-sharing link can be connected to the same switch or to two different switches.

Load Sharing Using STP Port Priorities When two ports on the same switch form a loop, the STP port priority setting determines which port is enabled and which port is in a blocking state.

The priorities on a parallel trunk port can be set so that the port carries all the traffic for a given VLAN. The trunk port with the higher priority (lower values) for a VLAN is forwarding traffic for that VLAN. The trunk port with the lower priority (higher values) for the same VLAN remains in a Blocking state for that VLAN. One trunk port sends or receives all traffic for the VLAN.

------------------------------------------------------------------------------------------------------------

Refer to the exhibit. VTP has been enabled on the trunk links between all switches within the TEST domain. An administrator has recently enabled VTP pruning. Port 1 on Switch 1 and port 2 on Switch 4 are assigned to VLAN 2. A broadcast is sent from the host connected to Switch 1. Where will the broadcast propagate?



Switches 1, 2, and 4 will receive the broadcast, but only Switch 4 will forward it out port 2.

------------------------------------------------------------------------------------------------------------
  
  • A trunk link will be formed.
  • The native VLAN for Switch B is vlan 1.
  • DTP packets are sent from Switch B.
------------------------------------------------------------------------------------------------------------

Explanation:
You can manually configure trunk links on Catalyst switches for either ISL or 802.1 Q mode. In addition, Cisco has implemented a proprietary, point-to-point protocol called Dynamic Trunking Protocol (DTP) that negotiates a common trunking mode between two switches.

The negotiation covers the encapsulation (ISL or 802.1 Q) as well as whether the link becomes a trunk at all. You can configure the trunk encapsulation with the switchport trunk encapsulation command, as one of the following:

1. isl-VLANs are tagged by encapsulating each frame using the Cisco ISL protocol.
2. dotlq-VLANs are tagged in each frame using the IEEE 802.1Q standard protocol. The only exception is the native VLAN, which is sent normally and not tagged at all.

1. negotiate (the default)-The encapsulation is negotiated to select either ISL or IEEE 802.1 Q, whichever is supported by both ends of the trunk. If both ends support both types, ISL is favored. (The Catalyst 2950 switch does not support ISL encapsulation.) In the switchport mode command, you can set the trunking mode to any of the following:

1. trunk-This setting places the port in permanent trunking mode. The corresponding switch port at the other end of the trunk should be similarly configured because negotiation is not allowed You should also manually configure the encapsulation mode.

2. dynamic desirable (the default)-The port actively attempts to convert the link into trunking mode. If the far-end switch port is configured to trunk, dynamic desirable, or dynamic auto mode, trunking is successfully negotiated.

3. dynamic auto-The port converts the link into trunking mode. If the far-end switch port is configured to trunk or dynamic desirable, trunking is negotiated. Because of the passive negotiation behavior, the link never becomes a trunk if both ends of the link are left to the dynamic auto default.

------------------------------------------------------------------------------------------------------------
Refer to the exhibit. On the basis of the output generated by the show commands, which two statements are true?



  • VLAN 1 will not be encapsulated with an 802.1q header.
  • Because it is configured as a trunk interface, interface gigabitethemet 011 does not appear in the show vlan output.
------------------------------------------------------------------------------------------------------------

A new Company switch was just configured using the "switchport trunk native vlan T' command. What does this interface command accomplish?

Answer: Configures the trunking interface to send traffic from VLAN 7 untagged
------------------------------------------------------------------------------------------------------------

Explanation:
In 802.1 Q trunking, all VLAN packets are tagged on the trunk link to indicate the VLAN to which they belong. Frames belonging to the Native VLAN are sent untagged on the trunk link.

The Native VLAN contains ports not assigned to other VLANs that by default belong to VLAN 1.

VLAN 1 is the Native VLAN by default, but VLANs other than VLAN 1 may be designated as the Native VLAN. However, the Native VLAN must be the same on trunked switches in 802.1 Q trunking.

If a VLAN other than VLAN 1 is to be the Native VLAN, it needs to be identified on the trunk ports. In the interface configuration mode of the trunk port(s), the IOS-based command to designate the Native VLAN is switchport trunk native.

Switch(config-if)#switchport trunk native vlan vlan-id
------------------------------------------------------------------------------------------------------------

Refer to the exhibit. VLAN 1 and VLAN 2 are configured on the trunked links between Switch A and Switch B. Port Fa 012 on Switch B is currently in a blocking state for both VLANs. What should be done to load balance VLAN traffic between Switch A and Switch B?



Answer: Lower the port priority for VLAN 1 on port 012 for Switch A

------------------------------------------------------------------------------------------------------------
Explanation:
Load Sharing Using STP Port Priorities

When two ports on the same switch form a loop, the STP port priority setting determines which port is enabled and which port is in a blocking state.

The priorities on a parallel trunk port can be set so that the port carries all the traffic for a given VLAN. The trunk port with the higher priority (lower values) for a VLAN is forwarding traffic for that VLAN.

The trunk port with the lower priority (higher values) for the same VLAN remains in a Blocking state for that VLAN. One trunk port sends or receives all traffic for the VLAN.

------------------------------------------------------------------------------------------------------------

You are the network administrator at Company and switch R1 is configured as shown below.
    interface GigabitEthernetO/l
    switchport mode trunk
    switchport trunk encapsulation dotlq
    switchport  trunk native vlan 5

If untagged frames are arriving on interface GigabitEthemetO/1 of R1, which of the following statement are correct?

Answer: Untagged frames are automatically assumed to be in VLAN 5.

------------------------------------------------------------------------------------------------------------
Explanation:
Each physical port has a parameter called PAD. Every 802.1 Q port is assigned a PVID value that is of its native VLAN ID (default is VLAN 1).

All untagged frames are assigned to the LAN specified in the PVID parameter. When a tagged frame is received by a port, the tag is respected.

If the frame is untagged, the value contained in the PVID is considered as a tag. All untagged frames will be assigned to the native VLAN.

The native VLAN is 1 by default, but in this case the native VLAN is configured as VLAN 5
------------------------------------------------------------------------------------------------------------

If you were to set up a VLAN trunk over a Fast Ethernet link on switch R1, which trunk mode would you set the local port to on R1 if you wanted it to respond to requests from its link partner (R2) and become a trunk?
Answer: Auto
------------------------------------------------------------------------------------------------------------

Explanation:
Only ports in desirable and auto mode will negotiate a channel (either desirable-auto or desirable-desirable). Ports in on mode will only form a functional channel with other ports in on mode (they will not negotiate a channel with ports in desirable or auto mode).
------------------------------------------------------------------------------------------------------------

Which of the following trunking modes are unable to request their ports to convert their links into trunk links?

Answer:
Nonegotiate
Auto
------------------------------------------------------------------------------------------------------------
Explanation:
Auto is a trunking mode but does not actively negotiate a trunk. It requires opposite side to be trunk or desirable, and will only respond to requests from the other trunk link. No-negotiate will configure the link to be unable to dynamically become a trunk; since no requests will be sent it will not respond to requests from other trunk links from a different switch.

------------------------------------------------------------------------------------------------------------
Refer to the exhibit. How will interface FastEthemnet0/1 respond when an 802.1x-enabled client connects to the port?


Answer:
The switch port will disable 802.1x port-based authentication and cause the port to transition to the authorized state without any further authentication exchange.
------------------------------------------------------------------------------------------------------------

Explanation:
The IEEE 802.1x standard defines a port-based access control and authentication protocol that restricts unauthorized workstations from connecting to a LAN through publicly accessible switch ports.

The authentication server authenticates each workstation that is connected to a switch port before making available any services offered by the switch or the LAN. Until the workstation is authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the workstation is connected.

After authentication succeeds, normal traffic can pass through the port. You control the port authorization state by using the dotlx port-control interface configuration command and these keywords:
force-authorized:

Disables 802.1 x port-based authentication and causes the port to transition to the authorized state without any authentication exchange required. The port transmits and receives normal traffic without 802.1x-based authentication of the client. This is the default setting.

force-unauthorized: Causes the port to remain in the unauthorized state, ignoring all attempts by the client to authenticate. The switch cannot provide authentication services to the client through the interface.

auto: Enables 802.1x port-based authentication and causes the port to begin in the unauthorized state, allowing only EAPOL frames to be sent and received through the port. The authentication process begins when the link state of the port transitions from down to up (authenticator initiation) or when an EAPOL-start frame is received (supplicant initiation). The switch requests the identity of the client and begins relaying authentication messages between the client and the authentication server. The switch uniquely identifies each client attempting to access the network by using the client MAC address.

------------------------------------------------------------------------------------------------------------

You are tasked with designing a security solution for your network. What information should be gathered prior to designing the solution?
A.    a list of applications currently in use in the network
B.    IP addressing design plans so that the network can be appropriately segmented to mitigate
potential network threats
C.    detailed security device specifications
D.    results from pilot network testing
 
When you enable port security on an interface that is also configured with a voice VLAN, what is the maximum number of secure MAC addresses that should be set on the port?
A.    No more than one secure MAC address should be set.
B.    The default will be set.
C.    The IP phone should use a dedicated port, therefore only one MAC address is needed per port.
D.    No value is needed if the switchport priority extend command is configured.
E.    No more than two secure MAC addresses should be set.
 
Switch# show ip sla application
IP SLAs
Version: 2.2.0 Round Trip Time MIB, Infrastructure Engine-II Time of last change in whole IP SLAs: 22:17:39.117 UTC Fri Jun Estimated system max number of entries:15801
Estimated number of configurable operations: 15801 Number of Entries configured: 0
Number of active Entries: 0
Number of pending Entries: 0
Number of inactive Entries: 0
Supported Operation Types
Type of Operation to Perform: 802.1agEcho
Type of Operation to Perform: 802.1agJitter
Type of Operation to Perform: dhcp
Type of Operation to Perform: dns
Type of Operation to Perform: echo
Type of Operation to Perform: ftp
Type of Operation to Perform: http
Type of Operation to Perform: jitter
Type of Operation to Perform: pathEcho
Type of Operation to Perform: pathJitter
Type of Operation to Perform: tcpConnect
Type of Operation to Perform: udpEcho
IP SLAs low memory water mark: 21741224
Refer to the exhibit. What best describes the Cisco IOS IP SLA command and output in the exhibit?
A.    verifies which operation types have been enabled for IP SLA responder.
B.    verifies which operation types have been enabled for IP SLA source.
C.    verifies which operation types are supported in software.
D.    verifies enabled operation types that are not running.
 
Which statement is correct about the use of the virtual interface on a WLC?
A.    Used to relay DHCP messages
B.    Used to communicate with LAPs
C.    Used to bring up LWAPP tunnels
D.    Used to extend into the wireless client VLAN
 
The VLANs in switch R1 are being modified. Which of the following are updated in R1 every time a VLAN is modified?
A. Configuration revision number
B. Configuration revision flag field
C. Configuration revision database
D. Configuration revision reset switch
------------------------------------------------------------------------------------------------------------
You are assigning VLANs to the ports of switch R1. What VLAN number value is an assigned to the default VLAN?
A. VLAN ON
B. VLAN A
C. VLAN 1D. VLAN 0
E. VLAN 1003
------------------------------------------------------------------------------------------------------------
 
Explanation:
The default VLAN is VLAN 1. Although this VLAN can be modified, it can not be deleted from the switch. The following VLANs are on by default for all Cisco Catalyst switches
VLAN 1 - Default VLAN
VLAN 1002 - Default FDDI VLAN
VLAN 1003 - Default Token Ring VLAN
VLAN 1004 - Default FDDI Net VLAN
VLAN 1005 - Default Token Ring Net VLAN
------------------------------------------------------------------------------------------------------------
 
Explanation:
Static port VLAN membership
 
Static port VLAN membership on the switch is assigned manually by the administrator on a port-by-port basis. Characteristics of static VLAN configurations include the following:
1. Secure
2. Easy to configure
3. Straight forward to monitor
4. Works well in networks where moves, adds, and changes are rare.
------------------------------------------------------------------------------------------------------------
 
Explanation:
LAN port VLAN membership
 
LAN port VLAN membership can be assigned manually on a port-by-port basis. When you assign LAN ports to VLANs using this method, it is known as port-based, or static membership.Attached devices will be unaware of any VLANs.
------------------------------------------------------------------------------------------------------------
 
Explanation:
VLAN Trunking Protocol (VTP)
 
The role of the VLAN Trunking Protocol (VTP) is to maintain VLAN configuration consistency across the entire network. VTP is a messaging protocol that uses Layer 2 trunk frames to manage the addition, deletion, and renaming of VLANs on a network-wide basis from a centralized switch that is in the VTP server mode. VTP is responsible for synchronizing VLAN information within a VTP domain. This reduces the need to configure the same VLAN information on each switch. Using VTP, each Catalyst Family Switch advertises the following on its trunk ports:
1. Management domain
2. Configuration revision number
3. Known VLANs and their specific parameters
------------------------------------------------------------------------------------------------------------
 
Explanation:
In Switch two types of links are available, access and trunk:
 
1. The interface is in access mode can carry the information of only one VLAN and
2. Trunk can carry the information of more than one VLAN.

 
VTP carry the information of more than one vlan so Switch port should be in trunk mode. VLAN1 is the default VLAN on Cisco Switch, by default all interface belongs to VLAN 1.
------------------------------------------------------------------------------------------------------------
 
Explanation:
Periodic (default is 5 minutes) VTP advertisements are sent out each trunk port with the multicast destination MAC address 01-00-OC-CC-CC-CC. VTP advertisements contain the following configuration information:
1. VLAN IDs (ISL and 802.1Q)
2. Emulated LAN names (ATM LANE)
3. 802.10 SAID values (FDDI)
4. VTP domain name
5. VTP configuiration revision number
6. VLAN Configuration, including the maximum transmission unit (MTU) size for each VLM
7. Frame format
------------------------------------------------------------------------------------------------------------
 
What must be configured on a Cisco switch in order to advertise VLAN information?
A. VTP password
B. VTP pruning
C. VTP mode
D. VTP domain name
E. VTP revision number
------------------------------------------------------------------------------------------------------------
 
Explanation:
 
If the switch being installed is the first switch in the network, the management domain will need to be created. However, if the network has other switches running VTP, then the new switch will join an existing management domain. Verify the name of the management domain. If the management domain has been secured, verify and configure the password for the domain. To create a management domain or to add a switch to a management domain, use the vtp domain command in the global configuration mode or VLAN configuration mode.
Switch(config)#vtp domain name
Switch(vlan)#vtp domain
------------------------------------------------------------------------------------------------------------
The Company switches have all been upgraded to use VTP version 2. What are two benefits provided in VTP Version 2 that are not available in VTP Version 1
A. VTP version 2 supports Token Ring VLANs.
B. VTP version 2 allows VLAN consistency checks.
C. VTP version 2 allows active redundant links when used with spanning tree.
D. VTP version 2 reduces the amount of configuration necessary.
E. VTP version 2 saves VLAN configuration memory.
------------------------------------------------------------------------------------------------------------
 
Explanation:
VTP Version 2 includes the following improvements: Token Ring VLAN support, TLV support, transparent mode, and Consistency checks.
------------------------------------------------------------------------------------------------------------
 
The Company switches are configured to use VTP. What's true about the VLAN trunking protocol (VTP)?
A. VTP domain names need to be identical. However, case doesn't matter.
B. A VTP enabled device which receives multiple advertisements will ignore advertisements with higher configuration revision numbers
C. A device in'transparent' VTP v.1 mode will not forward VTP messages.
D. VTP messages will not be forwarded over nontrunk links.
E. VTP pruning allows switches to prune VLANs that do not have any active ports associated with them.
------------------------------------------------------------------------------------------------------------
 
Explanation:
VTP messages are only transmitted across trunk links. If the receiving switch is in transparent mode, the configuration is not changed. Switches in transparent mode do not participate in VTP If you make VTP or VLAN configuration chances on a switch in transparent mode. the chances are not propagated to the other switches in the network.
------------------------------------------------------------------------------------------------------------

 
Switch R1 and R2 bath belong to the Company VTP domain. What's true about the switch operation in VTP domains?
A. VTP is no longer supported on Catalyst switches
B. A switch is listening to VTP advertisements from their own domain only
C. A switch can reside in one or more domains
D. A switch is listening to VTP advertisements from mufti domains
E. A switch can only reside in one management domain
------------------------------------------------------------------------------------------------------------

 
Explanation:
A VTP domain is made up of one or more interconnected devices that share the same VTP domain name. A switch can be configured to be in only one VTP domain, and each VLAN has a name that is unique within a management domain. Typically, you use a VTP domain to ease administrative control of your network or to account for physical boundaries within your network

 
However, you can set up as many or as few VTP domains as are appropriate for your administrative needs. Consider that VTP is transmitted on all trunk connections, including ISL, IEEE 802.1Q, 802.10, and LANE. Switches can only belong to one management domain with common VLAN requirements. and they only care about the neighbors in their own domains.
------------------------------------------------------------------------------------------------------------
 
VTP devices in a network track the VTP revision number. What is a VTP configuration revision number?
A. A number for identifying changes to the network router.
B. A number for identifying changes to the network switch.
C. A number for identifying changes to the network topology
------------------------------------------------------------------------------------------------------------
 
Explanation:
The configuration revision number is a 32-bit number that indicates the level of revision for a VTP packet. Each VTP device tracks the VTP configuration revision number assigned to it, and most of the VTP packets contain the VTP configuration revision number of the sender. This information is used to determine whether the received information is more recent than the current version. Each time you make a VLAN change in a VTP device, the configuration revision is incremented by one. In order to reset the configuration revision of a switch, change the VTP domain name and then change it back to the original name.
------------------------------------------------------------------------------------------------------------
 
Switch R1 is configured to use the VLAN Trunking Protocol (VTP). What does R1 advertise in its VTP domain?
A. The VLAN ID of all known VLANs, the management domain name, and the total number of trunk links on the switch.
B. The VLAN ID of all known VLANs, a 1-bit canonical format (CF1 Indicator), and the switch configuration revision number.
C. The management domain name, the switch configuration revision number, the known VLANs, and their specific parameters.
D. A 2-byte TPID with a fixed value of 0x8100 for the management domain number, the switch configuration revision number, the known VLANs, and their specific parameters
------------------------------------------------------------------------------------------------------------
 
Explanation:
Each switch participating in VTP advertises VLAN information, revision numbers, and VLAN parameters on its trunk ports to notify other switches in the management domain. VTP advertisements are sent as multicast frames. The switch intercepts frames sent to the VTP multicast address and processes them with its supervisory processor VTP frames are forwarder out trunk links as a special case. The following global configuration information is distributed in VTP advertisements:
1 . VLAN IDs (ISL and 802.1Q)
2. Emulates LAN names (for ATM LANE)
3. 802.10 SAID values (FDDI)
4. VTP domain name
5. VTP Configuration revision number
6. VLAN Configuration, including maximum transmission unit (MTU) size for each VLAN
7. Frame formal
------------------------------------------------------------------------------------------------------------

 
Explanation:
VTP advertisements include:
1. Summary Advertisements - These go out every 5 minutes or ever time the VIAN topology changes, and lists of information about the management domain (VTP version, domain name,
configuration revision number, timestamp, MD5 encryption hash code, & number of subset advertisements incoming). When there is a configuration change, summary advertisements
are complimented by or more subset advertisements.
2. Subset advertisements - These are sent out by VTP domain servers after a configuration change. They list the specifics of the change (VLAN creation / deletion / suspension / activation /
name change / MTU change) and the VLAN parameters (VLAN status, VLAN type, MTU, VLAN name, VLAN number, SAID value).
3. Advertisement Requests from Clients - VTP clients request specific VLAN information that they're lacking (ie. Client switch is reset and loses its database, or VTP domain membership
changes) so they can be responded by summary and subset advertisements.
------------------------------------------------------------------------------------------------------------
 
Switch R1 is configured with VTP. Which two VTP modes will make R1 capable of creating and deleting VLANs on itself?
A Client
B. Pass-through
C. Nonegotiate
D. Server
E. Transparent
------------------------------------------------------------------------------------------------------------
 
Explanation:
VTP Modes, you can configure a switch to operate in any one of these VTP modes:
1 . Server - In VTP server mode, you can create, modify, and delete VLANs and specify other configuration parameters (such as VTP version) for the entire VTP domain. VTP servers advertise their VLAN configuration to other switches in the same VTP domain and synchronize their VLAN configuration with other switches based on advertisements received over trunk links. VTP server is the default mode.
2. Client - VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.
3. Transparent - VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. However, in VTP version 2, transparent switches do forward VTP advertisements that they receive out their trunk interfaces. If you configure the switch as VTP transparent- you can create and modify VLANs but the chanaes affect only the individual switch.
------------------------------------------------------------------------------------------------------------
 
Two Company switches are connected via a trunk link. In this network, the original frame is encapsulated and an additional header is added before the frame is carried over a trunk link. At the
receiving end, the header is removed and the frame is forwarded to the assigned VLAN. This describes which technology?
A. IEEE 802.1Q
B. MPLS
C. ISL
D. DISL
E. DTP
------------------------------------------------------------------------------------------------------------
 
Explanation:
Inter-Switch Link (ISL)

 
The Inter-Switch Link (ISL) protocol is a Cisco proprietary method for preserving the source VLAN identification of frames passing over a trunk link.

 
ISL performs frame identification in Layer 2 by encapsulating each frame between a header and trailer. Any Cisco switch or router device configured for ISL can process and understand the ISL VLAN information. ISL is primarily used for Ethemet media, although Cisco has included provisions to carry Token Ring, FDDI, and ATM frames over Ethemet ISL.

 
(A Frame-Type field in the ISL header indicates the source frame type.) When a frame is destined out a trunk link to another switch or router, ISL adds a 26-byte header and a 4-byte trailer to the frame. The source VLAN is identified with a 10-bit VLAN ID field in the header. The trailer contains a cyclic redundancy check (CRC) value to ensure the data integrity of the new encapsulated frame. Figure 6-3 shows how Ethemet frames are encapsulated and forwarded out a trunk link. Because tagging information is added at the beginning and end of each frame, ISL is sometimes referred to as double tagging.
------------------------------------------------------------------------------------------------------------
 
The Company core switches use 802.1 Q trunks to connect to each other. How does 802.1 Q trunking keep track of multiple VLANs?
A. It tags the data frame with VLAN information and recalculates the CRC value
B. It adds a new header containing the VLAN ID to the data frame
C. It encapsulates the data frame with a new header and frame check sequence
D. It modifies the port index of a data frame to indicate the VLAN
------------------------------------------------------------------------------------------------------------
 
Explanation:
The IEEE 802.1Q protocol can also carry VLAN associations over trunk links. However, this frame identification method is standardized, allowing VLAN trunks to exist and operate between equipment from multiple vendors.In particular, the IEEE 802.1 Q standard defines an architecture for VLAN use, services provided with VLANs, and protocols and algorithms used to provide VLAN services.

 
Like Cisco ISL, IEEE 802.1Q can be used for VLAN identification with Ethemet trunks. Instead of encapsulating each frame with a VLAN ID header and trailer, 802.1 Q embeds its tagging information within the Layer 2 frame. This method is referred to as single-tagging or internal tagging. 802.1 Q also introduces the concept of a native VLAN on a trunk.

 
Frames belonging to this VLAN are not encapsulated with any tagging information. In the event that an end station is connected to an 802.1 Q trunk link, the end station can receive and understand only the native VLAN frames. This provides a simple way to offer full trunk encapsulation to the devices that can understand it, while giving normal access stations some inherent connectivity over the trunk.
------------------------------------------------------------------------------------------------------------
 
Which three statements are correct with regard to the IEEE 802.1Q standard?
A. The packet is encapsulated with a 26 byte header and a 4 byte FCS
B. The IEEE 802.1Q frame format adds a 4 byte field to a Ethemet frame
C. The IEEE 802.1Q frame retains the original MAC destination address
D. The protocol uses point-to-point connectivity
E. The IEEE 802.1Q frame uses multicast destination of 0x01-00-0c-00-00
F. The protocol uses point-to-multipoint connectivity
------------------------------------------------------------------------------------------------------------
 
Explanation:
The IEEE 802.1Q protocol can also carry VLAN associations over trunk links. However, this frame identification method is standardized, allowing VLAN trunks to exist and operate between equipment from multiple vendors.In particular, the IEEE 802.1 Q standard defines an architecture for VLAN use, services provided with VLANs, and protocols and algorithms used to provide VLAN services.

 
Like Cisco ISL, IEEE 802.1Q can be used for VLAN identification with Ethemet trunks. Instead of encapsulating each frame with a VLAN ID header and trailer, 802.1Q embeds its tagging information within the Layer 2 frame. This method is referred to as single-tagging or internal tagging. 802.1 Q also introduces the concept of a native VLAN on a trunk.

 
Frames belonging to this VLAN are not encapsulated with any tagging information. In the event that an end station is connected to an 802.1 Q trunk link, the end station can receive and understand only the native VLAN frames. This provides a simple way to offer full trunk encapsulation to the devices that can understand it, while giving normal access stations some inherent connectivity over the trunk.
------------------------------------------------------------------------------------------------------------
 
Switch R1 has been configured with DTP using the desirable option. Which statement describes Dynamic Trunking Protocol (DTP) desirable mode?
A. The interface is put into a passive mode, waiting to convert the link to a trunk link.
B. The interface is put into permanent trunking mode but prevented from generating DTP frames.
C. The interface is put into permanent trunking mode and negotiates to convert the link into a trunk link.
D. The interface actively attempts to convert the link to a trunk link.
------------------------------------------------------------------------------------------------------------
 
Explanation:
In the switchport mode command, you can set the trunking mode to any of the following:
1. Trunk - This setting places the port in permanent trunking mode. The corresponding switch port at the other end of the trunk should be similarly configured because negotiation is not allowed You should also manually configure the encapsulation mode.
2. Dynamic desirable (the default) - The port actively attempts to convert the link into trunking mode. If the far-end switch port is configured to trunk, dynamic desirable, or dynamic auto mode, trunking is successfully negotiated.
3. Dynamic Auto - The port converts the link into trunking mode. If the far-end switch port is configured to trunk or dynamic desirable, trunking is negotiated. Because of the passive negotiation behavior, the link never becomes a trunk if both ends of the link are left to the dynamic auto default. 
------------------------------------------------------------------------------------------------------------
 
While using a packet analyzer, you notice four additional bytes being added to the packets in the Company network. Which protocol inserts a four byte tag into the Ethemet frame and recalculates CRC value?
A DTP
B. 802.10Q
C. ISL
D. VTP
------------------------------------------------------------------------------------------------------------
 
Explanation:
The IEEE 802.1Q protocol can also carry VLAN associations over trunk links. However, this frame identification method is standardized, allowing VLAN trunks to exist and operate between equipment from multiple vendors. In particular, the IEEE 802.1Q standard defines an architecture for VLAN use, services provided with VLANs, and protocols and algorithms used to provide VLAN services.

 
Like Cisco ISL, IEEE 802.1 Q can be used for VLAN identification with Ethemet trunks. Instead of encapsulating each frame with a VLAN ID header and trailer, 802.1 Q embeds its tagging information within the Layer 2 frame. This method is referred to as single-tagging or internal tagging. 802.1 Q also introduces the concept of a native VLAN on a trunk.

 
Frames belonging to this VLAN are not encapsulated with any tagging information. In the event that an end station is connected to an 802.1 Q trunk link, the end station can receive and understand only the native VLAN frames. This provides a simple way to offer full trunk encapsulation to the devices that can understand it, while giving normal access stations some inherent connectivity over the trunk.
------------------------------------------------------------------------------------------------------------
 
Explanation:
dynamic desirable (the default}The port actively attempts to convert the link into trunking mode. If the far-end switch port is configured to trunk, dynamic desirable, or dynamic auto mode, trunking is successfully negotiated.
------------------------------------------------------------------------------------------------------------
 
A new Company switch was just configured using the "switchport trunk native vlan 7" command. What does this interface command accomplish?
A. Configures the trunking interface to forward traffic from VLAN 7
B. Causes the interface to apply ISL framing for traffic on VLAN 7
C. Configures the interface to be a trunking port and causes traffic on VLAN 7 to be 802.1q tagged
D. Configures the trunking interface to send traffic from VLAN 7 untagged
------------------------------------------------------------------------------------------------------------
 
Explanation:
In 802-1Q trunking, all VLAN packets are tagged on the trunk link to indicate the VLAN to which they belong. Frames belonging to the Native VLAN are sent untagged on the trunk link. The Native VLAN contains ports not assigned to other VLANs that by default belong to VLAN 1.

 
VLAN 1 is the Native VLAN by default, but VLANs other than VLAN 1 may be designated as the Native VLAN. However, the Native VLAN must be the same on trunked switches in 802.1 Q trunking.

 
If a VLAN other than VLAN 1 is to be the Native VLAN, it needs to be identified on the trunk ports. In the interface configuration mode of the trunk port(s), the ICS-based command to designate the Native VLAN is switchport trunk native.
Switch(config-if)#switchport trunk native vlan vlan-id
------------------------------------------------------------------------------------------------------------
 
Which statement is true regarding the configuration of ISL trunks
A A Catalyst switch cannot have ISL and IEEE 802.tq trunks enabled.
B. All Catalyst switches support ISL trunking.
C. A Catalyst switch will report giants if one side is configured for ISL while the other side is not.
D. ISL trunking requires that native VLANs match.
------------------------------------------------------------------------------------------------------------
 
Explanation:
The Inter-Switch Link (ISL) protocol is a Cisco proprietary method for preserving the source VLAN identification of frames passing over a trunk link. ISL performs frame identification in Layer 2 by encapsulating each frame between a header and trailer. Any Cisco switch or router device configured for ISL can process and understand the ISL VLAN information.

 
ISL is primarily used for Ethemet media, although Cisco has included provisions to carry Token Ring, FDDI, and ATM frames over Ethemet ISL. (A Frame-Type field in the ISL header indicates the source frame type.) When a frame is destined out a trunk link to another switch or router, ISL adds a 26-byte header and a 4-byte trailer to the frame.

 
The source VLAN is identified with a 10-bit VLAN ID field in the header. The trailer contains a cyclic redundancy check (CRC) value to ensure the data integrity of the new encapsulated frame. Figure 6-3 shows how Ethemet frames are encapsulated and forwarded out a trunk link. Because tagging information is added at the beginning and end of each frame, ISL is sometimes referred to as double tagging.
------------------------------------------------------------------------------------------------------------

 
Refer to the exhibit. VLAN 1 and VLAN 2 are configured on the trunked links between Switch A and Switch B. Port Fa 0/2 on Switch B is currently in a blocking state for both VLANs. What
should be done to load balance VLAN traffic between Switch A and Switch B?
A. Enable HSRP on the access ports.
B. Make the bridge ID of Switch B lower than the ID of Switch A
C. Lower the port priority for VLAN 1 on port 0/1 for Switch A.
D. Lower the port priority for VLAN 1 on port 0/2 for Switch A.
------------------------------------------------------------------------------------------------------------

 
Explanation:
Load Sharing Using STP Port Priorities
When two ports on the same switch form a loop, the STP port priority setting determines which port is enabled and which port is in a blocking state. The priorities on a parallel trunk port can be set so that the port carries all the traffic for a given VLAN.

 
The trunk port with the higher priority (lower values) for a VLAN is forwarding traffic for that VLAN. The trunk port with the lower priority (higher values) for the same VLAN remains in a Blocking state for that VLAN. One trunk port sends or receives all traffic for the VLAN.
------------------------------------------------------------------------------------------------------------

 
Which of the following technologies would an Internet Service Provider use to support overlapping customer VLAN ID's over transparent LAN services?
A. IP Over Optical Networking
B. 802.1Q tunnelingC. SDH
D. ATM
E. ISL
------------------------------------------------------------------------------------------------------------

 
Explanation:
Understanding How 802.1 Q Tunneling Works:
The 802.1 Q tunneling feature supports secure virtual private networks (VPNs). 802.1 Q tunneling enables service providers to keep traffic from different customers segregated in the service provider infrastructure while significantly reducing the number of VLANs required to support the VPNs. 802.1Q tunneling allows multiple customer VLANs to be carried by a single VLAN on the Catalyst 6000 family switch without losing their unique VLAN IDs.

 
When you configure 802.1 Q tunneling on the Catalyst 6000 family switch, traffic to be tunneled comes into the switch from an 802.1 Q trunk port on a neighboring device and enters the switch through a port configured to support 802.1 Q tunneling (a tunnel port).

 
When the tunnel port receives traffic from an 802.1 Q trunk port, it does not strip the 802.1 Q tags from the frame header but, instead, leaves the 802.1 Q tags intact and puts all the received 802.1 Q traffic into the VLAN assigned to the tunnel port.

 
The VLAN assigned to the tunnel port then carries the tunneled customer traffic to the other neighboring devices participating in the tunnel port VLAN. When the tunneled traffic is received by an 802.1 Q trunk port on a neighboring device, the 802.1 Q tag is stripped and the traffic is removed from the tunnel.
------------------------------------------------------------------------------------------------------------
Refer to the exhibit. Which statement is true

 
Router(config)#vlan access-map pass 10
Router(config-access-map)# match ip address ABC
Router(config-access-map)# action forward
Router(config)#vlan filter pass clan-list 5-10

 
A IP traffic matching VLAN list 5-10 will be forwarded, and all other traffic will be dropped.
B. All VLAN traffic matching VLAN list 5-10 will be forwarded, and all traffic matching access list ABC is dropped.
C. All VLAN traffic in VLANs 5-10 that match access list ABC will be forwarded, and all else will be dropped.D. IP traffic matching access list ABC is forwarded through VLANs 5-10.
------------------------------------------------------------------------------------------------------------
 
Explanation:
standby group preempt
 
You can configure a router to preempt or immediately take over the active role if its priority is the highest at any time. Use the following interface configuration command to allow preemption:
Switch(config-if)# standby group preempt [delay seconds] By default, the router can preempt another immediately, without delay. You can use the delay keyword to force it to wait for seconds
before becoming active. This is usually done if there are routing protocols that need time to converge.
------------------------------------------------------------------------------------------------------------

 
Which two statements are true about a switched virtual interface (SVI)? (Choose two.)
A SVI is another name for a routed port.
B. An SVI is created by entering the no switchport command in interface configuration mode.
C. Multiple SVIs can be associated with a VLAN.
D. An SVI provides a default gateway for a VLAN.
E. An SVI is normally created for the default VLAN (VLAN1) to permit remote switch administration

 
Explanation:
On a multilayer switch, you can also enable Layer 3 functionality for an entire VIAN on the switch. This allows a network address to be assigned to a logical interface-that of the VIAN itself. This is useful when the switch has many ports assigned to a common VLAN, and routing is needed in and out of that VLAN. The logical Layer 3 interface is known as an SVI. However, when it is configured, it uses the much more intuitive interface name vlan vlan-id, as if the VLAN itself is a physical interface. First, define or identify the VLAN interface, and then assign any Layer 3
functionality to it.
------------------------------------------------------------------------------------------------------------

 
Explanation:
Spanning tree PortFast is a Catalyst feature that causes a switch or trunk port to enter the spanning tree Forwarding state immediately, bypassing the Listening and Learning states. IOS-based switches only use PortFast on access ports connected to end stations. When a device is connected to a port, the port normally enters the spanning tree Listening state. When the Forward Delay timer expires, the port enters the Learning state. When the Forward Delay timer expires a second time, the port is transitioned to the Forwarding or Blocking state. When PortFast is enabled on a switch or trunk port, the port is immediately transitioned to the Forwarding state. As soon as the switch detects the link, the port is transitioned to the Forwarding state
(less than 2 seconds after the cable is plugged in).
------------------------------------------------------------------------------------------------------------

 
Refer to the exhibit. Which statement is true,
Router(config)# clan access-map pass 10
Router(config-access-map)# match ip address ABC
Router(config-access-map)# action forward
Router(config) clan filter pass vian-list 5-10

 
A.  All VLAN traffic in VLANs 5-10 that match access list ABC will be forwarded, and all else will be 
     dropped.
B. IP traffic matching VLAN list 5-10 will be forwarded, and all other traffic will be dropped.
C. IP traffic matching access list ABC is forwarded through VLANs 5-10.
D. All VLAN traffic matching VLAN list 5-10 will be forwarded, and all traffic matching access list ABC is
    dropped.
------------------------------------------------------------------------------------------------------------
Explanation:

 
The IEEE 802.1 D Spanning Tree Protocol was designed to keep a switched or bridged network loop free, with adjustments made to the network topology dynamically. A topology change typically takes 30 seconds, where a port moves from the Blocking state to the Forwarding state after two intervals of the Forward Delay timer. As technology has improved, 30 seconds has become an unbearable length of time to wad for a production network to failover or "heal" itself during a problem.

 
Topology Changes and RSTP Recall that when an 802.1 D switch detects a port state change (either up or down), it signals the Root Bridge by sending topology change notification (TCN) BPDUs. The Root Bridge must then signal a topology change by sending out a TCN message that is relayed to all switches in the STP domain. RSTP detects a topology change only when a nonedge port transitions to the Forwarding state. This might seem odd because a link failure is not used as a trigger. RSTP uses all of its rapid convergence mechanisms to prevent bridging loops from forming. Therefore, topology changes are detected only so that bridging tables can be updated and corrected as hosts appear first on a failed port and then on a different functioning port.

 
When a topology change is detected, a switch must propagate news of the change to other switches in the network so they can correct their convergence and synchronization mechanism-topology change notification (TCN) messages orooagate through the network in an different functioning port. bridging tables, too. This process is similar to the