Section II: LAN Switching Technologies – Test Online

Hint

Follow these guidelines when configuring port security: + Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports. -> A is not correct. + A secure port cannot be a dynamic access port. + A secure port cannot be a destination port for Switched Port Analyzer (SPAN). + A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group. -> D is not correct + You cannot configure static secure or sticky secure MAC addresses on a voice VLAN. -> B is not correct. + When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two. + If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN. + When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses. + The switch does not support port security aging of sticky secure MAC addresses. + The protect and restrict options cannot be simultaneously enabled on an interface. (Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swtrafc.html#wp1038546) Note: Dynamic access port or Dynamic port VLAN membership must be connected to an end station. This type of port can be configured with the “switchport access vlan dynamic” command in the interface configuration mode. Please read more about Dynamic access port here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swvlan.html#wp1103064

Hint

A late collision is defined as any collision that occurs after the first 512 bits of the frame have been transmitted. The usual possible causes are full-duplex/half-duplex mismatch, exceeded Ethernet cable length limits, or defective hardware such as incorrect cabling, non-compliant number of hubs in the network, or a bad NIC. We can check the interface counter with the “show interface ” command on a Cisco device. For example: On an Ethernet connection, a duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half duplex while the other one operates in full duplex. Note: + Runts are frames which do not meet the minimum frame size of 64 bytes. Runts are usually created by collisions. + Giants: frames that are larger than 1,518 bytes

Hint

In cut-through switching, the switch copies into its memory only the destination MAC address (first six bytes of the frame) of the frame. After processing these first six bytes, the switch had enough information to make a forwarding decision and move the frame to the appropriate switchport. This switching method is faster than store-and-forward switching method. In store-and-forward switching, the switch copies each complete Ethernet frame into the switch memory and computes a Cyclic Redundancy Check (CRC) for errors. If a CRC error is found, the Ethernet frame is dropped. If no CRC error is found then that frame is forwarded.

Hint

Below is an example of the output of this command. Interface Ethernet1/0 is operating in trunking mode.

Hint

PortFast BPDU guard prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning tree blocking state. In a valid configuration, PortFast-configured interfaces do not receive BPDUs (because PortFast should only be configured on interfaces which are connected to hosts). If a PortFast-configured interface receives a BPDU, an invalid configuration exists. BPDU guard provides a secure response to invalid configurations because the administrator must manually put the interface back in service. Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/stp_enha.html

Hint

From the output we notice that the administrator has just shut down Interface Vlan1, which is the default VLAN so no one can access it remotely (like telnet) -> B is correct. Answer A is not correct as STP calculation does not depend on which port comes up first or last. STP recalculates when there is a change in the network. A normal switch can operate without VLAN -> C is not correct. This IOS does support VLAN because it has VLAN 1 on it -> D is not correct.

Hint

There are various reasons for the interface to go into errdisable. The reason can be: + Duplex mismatch + Port channel misconfiguration + BPDU guard violation + UniDirectional Link Detection (UDLD) condition + Late-collision detection + Link-flap detection + Security violation + Port Aggregation Protocol (PAgP) flap + Layer 2 Tunneling Protocol (L2TP) guard + DHCP snooping rate-limit + Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable + Address Resolution Protocol (ARP) inspection + Inline power Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/69980-errdisable-recovery.html Therefore in fact there are two correct answers in this question, which are “There is a duplex mismatch” and “Port security has disabled the interface” but maybe you should choose the port security answer as it is the most popular reason.

Hint

Link Layer Discovery Protocol (LLDP) is a industry standard protocol that allows devices to advertise, and discover connected devices, and there capabilities (same as CDP of Cisco). To enable it on Cisco devices, we have to use this command under global configuration mode: Sw(config)# lldp run

Hint

The switches compare their Bridge ID with each other to find out who will be the root bridge. The root bridge is the bridge with the lowest bridge ID. Bridge ID = Bridge Priority + MAC Address In this question the bridge priority was not mentioned so we suppose they are the same. Therefore the switch with lowest MAC address will become the new root bridge.

Hint

The question says “no other configuration changes have been made” so we can understand these switches have the same bridge priority. Switch C has lowest MAC address so it will become root bridge and 2 of its ports (Fa0/1 & Fa0/2) will be designated ports -> E is incorrect. Because SwitchC is the root bridge so the 2 ports nearest SwitchC on SwitchA (Fa0/1) and SwitchD (Gi0/2) will be root ports -> B and F are correct. Now we come to the most difficult part of this question: SwitchB must have a root port so which port will it choose? To answer this question we need to know about STP cost and port cost. In general, “cost” is calculated based on bandwidth of the link. The higher the bandwidth on a link, the lower the value of its cost. Below are the cost values you should memorize: SwitchB will choose the interface with lower cost to the root bridge as the root port so we must calculate the cost on interface Gi0/1 & Gi0/2 of SwitchB to the root bridge. This can be calculated from the “cost to the root bridge” of each switch because a switch always advertises its cost to the root bridge in its BPDU. The receiving switch will add its local port cost value to the cost in the BPDU. In the exhibit you also we FastEthernet port is connecting to GigabitEthernet port. In this case GigabitEthernet port will operate as a FastEthernet port so the link can be considered as FastEthernet to FastEthernet connection. One more thing to notice is that a root bridge always advertises the cost to the root bridge (itself) with an initial value of 0. Now let’s have a look at the topology again SwitchC advertises its cost to the root bridge with a value of 0. Switch D adds 19 (the cost value of 100Mbps link although the port on Switch D is GigabitEthernet port) and advertises this value (19) to SwitchB. SwitchB adds 4 (the cost value of 1Gbps link) and learns that it can reach SwitchC via Gi0/1 port with a total cost of 23. The same process happens for SwitchA and SwitchB learns that it can reach SwitchC via Gi0/2 with a total cost of 38 -> Switch B chooses Gi0/1 as its root port -> D is not correct. Now our last task is to identify the port roles of the ports between SwitchA & SwitchB. It is rather easy as the MAC address of SwitchA is lower than that of SwitchB so Fa0/2 of SwitchA will be designated port while Gi0/2 of SwitchB will be alternative port -> A is correct but C is not correct. Below summaries all the port roles of these switches: + DP: Designated Port (forwarding state) + RP: Root Port (forwarding state) + AP: Alternative Port (blocking state)

Hint

Cisco Express Forwarding (CEF) provides the ability to switch packets through a device in a very quick and efficient way while also keeping the load on the router’s processor low. CEF is made up of two different main components: the Forwarding Information Base (FIB) and the Adjacency Table. These are automatically updated at the same time as the routing table. The Forwarding Information Base (FIB) contains destination reachability information as well as next hop information. This information is then used by the router to make forwarding decisions. The FIB allows for very efficient and easy lookups. The adjacency table is tasked with maintaining the layer 2 next-hop information for the FIB.

Hint

CDP is enabled by default on all Cisco routers. If it is turned off by any reason, we can turn it on again with the following command on global configuration mode: Router(config)#cdp run Note: CDP can be turned on or turned off on each interface. For example to turn off CDP on an interface we use this command: Router(config-if)#no cdp enable

Hint

The Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco for the purpose of negotiating trunking on a link between two switches, and for negotiating the type of trunking encapsulation to be used. In dynamic auto mode, the interface is able to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk or desirable mode. The default switchport mode for newer Cisco switch Ethernet interfaces is dynamic auto. Note that if two Cisco switches are left to the common default setting of auto, a trunk will never form. In dynamic desirable mode, the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. This is the default switchport mode on older switches, such as the Catalyst 2950 and 3550 Series switches -> This is the best answer in this question. Reference: http://www.ciscopress.com/articles/article.asp?p=2181837&seqNum=8

Hint

A newer fiber-optic media development for long-range communications is called dense wavelength-division multiplexing (DWDM). DWDM multiplies the amount of bandwidth that a single strand of fiber can support. DWDM circuits are used in all modern submarine communications cable systems and other long-haul circuits. Specifically, DWDM: + Enables bidirectional communications over one strand of fiber -> Answer A is correct + Assigns incoming optical signals to specific wavelengths of light (i.e., frequencies) + Each channel is capable of carrying a 10-Gbps multiplexed signal -> Answer E is not correct + Can multiplex more than 80 different channels of data (i.e., wavelengths) onto a single fiber -> Answer C is not correct + Can amplify these wavelengths to boost the signal strength + Supports SONET and SDH standards Reference: http://www.ciscopress.com/articles/article.asp?p=2202411&seqNum=6

Hint

Answer A is not correct as we can choose which switch to become root bridge by configuring bridge priority. The switch with lowest bridge priority (value) would become the root bridge. For answer B, this paragraph from Cisco confirms it is the correct answer: “When you implement a root bridge in a switching network, you usually refer to the root bridge as the root switch. Each VLAN must have its own root bridge because each VLAN is a separate broadcast domain. The roots for the different VLANs can all reside in a single switch or in various switches.” Reference: https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/5234-5.html The meaning of answer C is not clear but maybe it means “every VLAN must use the same root bridge” which is not correct as Sw1 can be the root bridge for VLANs 1, 3, 5 but Sw2 can be the root bridge for VLAN 2, 4, 6… From the quote above we can say answer D is not correct.

Hint

http://www.pathsolutions.com/network-enemy-1-duplex-mismatch/

Hint

http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/24330-185.html Note: There is a potential security consideration with dot1q that the implicit tagging of the native VLAN causes. The transmission of frames from one VLAN to another without a router can be possible. Refer to the Intrusion Detection FAQ leavingcisco.com for further details. The workaround is to use a VLAN ID for the native VLAN of the trunk that is not used for end-user access. In order to achieve this, the majority of Cisco customers simply leave VLAN 1 as the native VLAN on a trunk and assign access ports to VLANs other than VLAN 1.

Hint

Each VLAN resides in its own broadcast domain, so incoming frames with unknown destinations are only transmitted to ports that reside in the same VLAN as the incoming frame.

Hint

Chassis aggregation is a Cisco technology to make multiple switches operate as a single switch. It is similar to stacking but meant for powerful switches (like the 6500 and 6800 series switches). Chassis aggregation is often used in the core layer and distribution layer (while switching stacking is used for access layer). The books do not mention about the benefits of chassis aggregation but they are the same as switch stacking. + The stack would have a single management IP address. + The engineer would connect with Telnet or SSH to one switch (with that one management IP address), not multiple switches. + One configuration file would include all interfaces in all physical switches. + STP, CDP, VTP would run on one switch, not multiple switches. + The switch ports would appear as if all are on the same switch. + There would be one MAC address table, and it would reference all ports on all physical switches. Reference: CCNA Routing and Switching ICND2 200-105 Official Cert Guide VSS is a chassis aggregation technology but it is dedicated for Cisco Catalyst 6500 Series Switches. VSS increases operational efficiency by simplifying the network, reducing switch management overhead by at least 50 percent -> A is correct Single point of management, IP address, and routing instance for the Cisco Catalyst 6500 virtual switch + Single configuration file and node to manage. Removes the need to configure redundant switches twice with identical policies. + Only one gateway IP address is required per VLAN, instead of the three IP addresses per VLAN used today -> C is correct while D is not correct. + Removes the need for Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol (GLBP)-> so maybe E is not correct. Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-virtual-switching-system-1440/prod_qas0900aecd806ed74b.html

Hint

First, the question asks what switch services the printers, so it can be Switch 3 or Switch 4 which is connected directly to the Printers. Next, by comparing the MAC address of Switch 3 and Switch 4 we found that the MAC of Switch 3 is smaller. Therefore the interface connected to the Printers of Switch 3 will become designated interface and the interface of Switch 4 will be blocked. The picture below shows the roles of all ports: DP: Designated Port RP: Root Port BP: Blocked Port (Please notice that Switch 1 will become the root bridge because of its lowest priority, not Switch 3)

Hint

Physical addresses or MAC addresses are used to identify devices at layer 2 -> A is correct. MAC addresses are only used to communicate on the same network. To communicate on different network we have to use Layer 3 addresses (IP addresses) -> B is not correct; E is correct. Layer 2 frame and Layer 3 packet can be recognized via headers. Layer 3 packet also contains physical address -> C is not correct. On Ethernet, each frame has the same priority to transmit by default -> D is not correct. All devices need a physical address to identify itself. If not, they can not communicate -> F is not correct.

Hint

PortFast causes a switch or trunk port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states. You can use PortFast on switch or trunk ports that are connected to a single workstation, switch, or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.

Hint

A late collision is defined as any collision that occurs after the first 512 bits of the frame have been transmitted. The usual possible causes are full-duplex/half-duplex mismatch, exceeded Ethernet cable length limits, or defective hardware such as incorrect cabling, non-compliant number of hubs in the network, or a bad NIC. Note: On an Ethernet connection, a duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half duplex while the other one operates in full duplex.

Hint

From the output, we see that all ports are in Designated role (forwarding state) -> A and E are correct. The command “show spanning-tree vlan 30″ only shows us information about VLAN 30. We don’t know how many VLAN exists in this switch -> B is not correct. The bridge priority of this switch is 24606 which is lower than the default value bridge priority 32768 -> C is correct. All three interfaces on this switch have the connection type “p2p”, which means Point-to-point environment – not a shared media -> D is not correct. The only thing we can specify is this switch is the root bridge for VLAN 30 but we can not guarantee it is also the root bridge for other VLANs -> F is not correct.

Hint

The “show interfaces trunk” command and “show interfaces switchport” command can be used to verify the status of an interface (trunking or not). The outputs of these commands are shown below (port Ethernet 1/0 has been configured as trunk): The “show ip interface brief” command only gives us information about the IP address, the status (up/down) of an interface: The “show interfaces vlan” command only gives us information about that VLAN, not about which ports are the trunk links:

Hint

RSTP only has 3 port states that are discarding, learning and forwarding. When RSTP has converged there are only 2 port states left: discarding and forwarding.

Hint

To remote access to SwitchB, it must have a management IP address on a VLAN on that switch. Traditionally, we often use VLAN 1 as the management VLAN (but in fact it is not secure). In the exhibit, we can recognize that the Management Workstation is in a different subnet from the SwitchB. For intersubnetwork communication to occur, you must configure at least one default gateway. This default gateway is used to forward traffic originating from the switch only, not to forward traffic sent by devices connected to the switch.

Hint

When using VLAN the number and size of collision domains remain the same -> A is not correct. VLANs allow to group users by function, not by location or geography -> B is correct. VLANs help minimize the incorrect configuration of VLANs so it enhances the security of the network -> C is correct. VLAN increases the size of broadcast domains but does not decrease the number of collision domains -> D is not correct. VLANs increase the number of broadcast domains while decreasing the size of the broadcast domains which increase the utilization of the links. It is also a big advantage of VLAN -> E is correct. VLANs are useful but they are more complex and need more administration -> F is not correct.

Hint

Microsegmentation is a network design (functionality) where each workstation or device on a network gets its own dedicated segment (collision domain) to the switch. Each network device gets the full bandwidth of the segment and does not have to share the segment with other devices. Microsegmentation reduces and can even eliminate collisions because each segment is its own collision domain Note: Microsegmentation decreases the number of collisions but it increases the number of collision domains.

Hint

EtherChannel misconfiguration occurs when the channel parameters do not match on both sides of the EtherChannel, resulting in the following message: %PM-SP-4-ERR_DISABLE: channel-misconfig error detected on Po3, putting E1/3 in err-disable state Therefore from the output above we can see that when miconfigured, the physical (member) interface is put into err-disable state. But this question asks above “the status of port-channel” (not the physical member interface) so answer “Disabled” is a better choice.

Hint

In switches that support both InterSwitch Link (ISL) and 802.1Q trunking encapsulations, we need to specify an trunking protocol so we must use the command “switchport trunk encapsulation dot1q” command first to set the trunk mode to 802.1Q. Then we configure trunking interface with the “switchport mode trunk” command. Then we explicitly allow vlan 20 with the command “switchport trunk allowed vlan 20” command. By default all VLANs are allowed to pass but after entering this command, only VLAN 20 is allowed.

Hint

Explanation from http://www.9tut.com/trunking-questions Maybe this question wanted to ask “if the other end is configured with trunk/access/desirable mode” then which mode is compatible so that the link can work. In that case both “dynamic auto” and “dynamic desirable” mode are correct. The difference between these two modes is “dynamic auto” is passively waiting for the other end to request to form a trunk while “dynamic desirable” will actively attempt to negotiate to convert the link into a trunk.

Hint

All interfaces in an EtherChannel must be configured identically to form an EtherChannel. Specific settings that must be identical include: + Speed settings + Duplex settings + STP settings + VLAN membership (for access ports) + Native VLAN (for trunk ports) + Allowed VLANs (for trunk ports) + Trunking Encapsulation (ISL or 802.1Q, for trunk ports)

Hint

Multiple Spanning Tree (MST) rides on top of RSTP so it converges very fast. The idea behind MST is that some VLANs can be mapped to a single spanning tree instance because most networks do not need more than a few logical topologies.

Hint

We can verify whether port security has been configured by using the “show running-config” or “show port-security interface ” for more detail. An example of the output of “show port-security interface ” command is shown below:

Hint

According to the output shown the switchport (layer 2 Switching) is enabled and the port is in access mode. To make a trunk link the port should configured as a trunk port, not an access port, by using the following command: (Config-if)#switchport mode trunk

Hint

The MAC address of 00b0.d056.efa4 has not been learned in its MAC address table so Switch-1 will broadcast the frame out all of its ports except the port from which the data originated.

Hint

At the end of each frame there is a Frame Check Sequence (FCS) field. FCS can be analyzed to determine if errors have occurred. FCS uses cyclic redundancy check (CRC) algorithm to detect errors in the transmitted frames. Before sending data, the sending host generates a CRC based on the header and data of that frame. When this frame arrives, the receiving host uses the same algorithm to generate its own CRC and compare them. If they do not match then a CRC error will occur. Preamble is used to indicate the start of the frame by arranging the first 62 bits as alternating “1/0s” and the last two bits as “1”s. Like so, 010101010101010………………………10101011. Therefore when the receiving end sees the “11” it knows where the actual Ethernet header starts. The alternating 1s and 0s will also allow the two endpoints to sync their internal clocks. In summary, preamble is used for synchronization. The “Type/Length” field is used to indicate the “Type”of the payload (Layer 3 protocol) which is indicated as a Hexadecimal value. Note: Ethernet II uses “Type” while the old Ethernet version use “Length”

Hint

IEEE 802.1Q is the networking standard that supports Virtual LANs (VLANs) on an Ethernet network. It is a protocol that allows VLANs to communicate with one another using a router. 802.1Q trunks support tagged and untagged frames. If a switch receives untagged frames on a trunk port, it believes that frame is a part of the native VLAN. Also, frames from a native VLAN are not tagged when exiting the switch via a trunk port. The 802.1q frame format is same as 802.3. The only change is the addition of 4 bytes fields. That additional header includes a field with which to identify the VLAN number. Because inserting this header changes the frame, 802.1Q encapsulation forces a recalculation of the original FCS field in the Ethernet trailer. Note: Frame Check Sequence (FCS) is a four-octet field used to verify that the frame was received without loss or error. FCS is based on the contents of the entire frame.

Hint

Nowadays all serial links are full-duplex (as serial interfaces have separate Rx & Tx pins) so maybe this question wants to ask about how to check the speed of the serial link. The “show interface” command gives us information about this. An example of this command is shown below: In this output the speed of S0/0 interface is 1544 Kbits.

Hint

PortFast BPDU guard prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port.In a valid configuration, PortFast-configured interfaces do not receive BPDUs (because PortFast should only be configured on interfaces which are connected to hosts). If a PortFast-configured interface receives a BPDU, an invalid configuration exists. BPDU guard provides a secure response to invalid configurations because the administrator must manually put the interface back in service.Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/stp_enha.html

Hint

There are two PAgP modes:

Hint

In this question, we only care about the Access Layer switches (Switch3 & 4). Switch 3 has a lower bridge ID than Switch 4 (because the MAC of Switch3 is smaller than that of Switch4) so both ports of Switch3 will be in forwarding state. The alternative port will surely belong to Switch4. Switch4 will need to block one of its ports to avoid a bridging loop between the two switches. But how does Switch4 select its blocked port? Well, the answer is based on the BPDUs it receives from Switch3. A BPDU is superior to another if it has: 1. A lower Root Bridge ID 2. A lower path cost to the Root 3. A lower Sending Bridge ID 4. A lower Sending Port ID These four parameters are examined in order. In this specific case, all the BPDUs sent by Switch3 have the same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID. The only parameter left to select the best one is the Sending Port ID (Port ID = port priority + port index). In this case the port priorities are equal because they use the default value, so Switch4 will compare port index values, which are unique to each port on the switch, and because Fa0/12 is inferior to Fa0/1, Switch4 will select the port connected with Fa0/1 (of Switch3) as its root port and block the other port -> Port fa0/11 of Switch4 will be blocked (discarding role).

Hint

IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network. When a frame enters the VLAN-aware portion of the network (a trunk link, for example), a VLAN ID tag is added to represent the VLAN membership of that frame. The picture below shows how VLAN tag is added and removed while going through the network.

Hint

When you connect an IP phone to a switch using a trunk link, it can cause high CPU utilization in the switches. As all the VLANs for a particular interface are trunked to the phone, it increases the number of STP instances the switch has to manage. This increases the CPU utilization. Trunking also causes unnecessary broadcast / multicast / unknown unicast traffic to hit the phone link. In order to avoid this, remove the trunk configuration and keep the voice and access VLAN configured along with Quality of Service (QoS). Technically, it is still a trunk, but it is called a Multi-VLAN Access Port (MVAP). Because voice and data traffic can travel through the same port, you should specify a different VLAN for each type of traffic. You can configure a switch port to forward voice and data traffic on different VLANs. Configure IP phone ports with a voice VLAN configuration. This configuration creates a pseudo trunk, but does not require you to manually prune the unnecessary VLANs. The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. You can configure a voice VLAN with the “switchport voice vlan …” command under interface mode. The full configuration is shown below:

Switch(config)#interface fastethernet0/1
Switch(config-if)#switchport mode access 
Switch(config-if)#switchport access vlan 10 
Switch(config-if)#switchport voice vlan 20

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-4500-series-switches/69632-configuring-cat-ip-phone.html

Hint

With the configuration above, when we type “do show vlan” we would not see VLAN 10 in the VLAN database because it has not been created yet. VLAN 10 is only created when we exits VLAN configuration mode (with “exit” command).

Hint

Root port is the port on non-root bridge which is closest to the root bridge (in term of cost). Therefore when a port receives the best BPDU on a non-root bridge it will become the root port.

Hint

We can configure the port priority to change the preferred forwarding interface as we wish. For example we can change the port priority of an interface for VLAN 20 to 64 as follows:

Switch(config-if)#spanning-tree vlan 20 port-priority 64

Hint

Although some books and websites said DTP is disabled if the switch port is configured as trunk or access mode (via the command “switchport mode trunk” or “switchport mode access”) but in fact DTP is still running in these modes. Please read at http://packetlife.net/blog/2008/sep/30/disabling-dynamic-trunking-protocol-dtp/. The only way to disable DTP on a switch port is to use the “switchport nonegotiate” command. But notice this command can only be used after configuring that switch port in “trunk” or “access” mode. Therefore this is a question with no correct answer but if we have to choose an answer, we will choose answer A. At least it is correct in theory.

Hint

Only the “show cdp neighbor detail” gives us information about the IP address of the connected device. Below is an example of this command.

Hint

The “switchport access vlan 3″will put that interface as belonging to VLAN 3 while also updated the VLAN database automatically to include VLAN 3.

Hint

Each switch in your network will have a Bridge ID Priority value, more commonly referred to as a BID. This BID is a combination of a default priority value and the switch’s MAC address, with the priority value listed first. The lowest BID will win the election process. For example, if a Cisco switch has the default priority value of 32,768 and a MAC address of 11-22-33- 44-55-66, the BID would be 32768:11-22-33-44-55-66. Therefore, if the switch priority is left at the default, the MAC address is the deciding factor in the root bridge election.

Hint

Rapid Spanning Tree Protocol (RSTP) is an enhancement of the original STP 802.1D protocol. The RSTP 802.1w protocol is an IEEE open implementation. Cisco has its own proprietary implementation of RSTP, that includes the benefits of its Per-VLAN spanning tree protocols, called Rapid-PVST+. To activate the Rapid-PVST+ protocol: switch(config)#spanning-tree mode rapid-pvst

Hint

A “native VLAN mismatch” error will appear by CDP if there is a native VLAN mismatch on an 802.1Q link. “VLAN mismatch” can cause traffic from one vlan to leak into another vlan.

Hint

In order to pass traffic from VLANs on different switches, the connections between the switches must be configured as trunk ports.

Hint

Configuring the Native VLAN for Untagged Traffic A trunk port configured with 802.1Q tagging can receive both tagged and untagged traffic. By default, the switch forwards untagged traffic in the native VLAN configured for the port. The native VLAN is VLAN 1 by default.

Hint

We can check the MAC address table with the command “show mac address-table”: As we can see here, the “MAC address” field is the source MAC address and the “Ports” field are the ports of the switch from which the frames (with corresponding source MAC address) were received.

Hint

SPT must performs three steps to provide a loop-free network topology: 1. Elects one root bridge 2. Select one root port per nonroot bridge 3. Select one designated port on each network segment -> Answer B is correct.

Hint

Switch stacking technology allows the network engineer to make that stack of physical switches act like one switch. The stacking cables together make a ring between the switches. That is, the switches connect in series, with the last switch connecting again to the first. Answer B is not correct as switch stacking is about connecting switches together so that they act as one switch, not about adding and removing hosts. Answer C is not correct because switch stacking has nothing to do with performance of high-needs applications. Surely switch stacking provides redundancy as stacking creates a ring of connection with two opposite paths. Whenever a frame is ready for transmission onto the path, a calculation is made to see which path has the most available bandwidth. The entire frame is then copied onto this half of the path. With switch stacking, STP, CDP and VTP would run on one switch, not multiple switches. Also there would be one MAC address table, and it would reference all ports on all physical switches so we may say switch stacking has better resource usage. Also if we consider all stacking switches as one logical switch then surely the port density is increase very much. Therefore answer D is the most suitable one. Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/prod_white_paper09186a00801b096a.html

Hint

PVST+ is based on IEEE802.1D Spanning Tree Protocol (STP). But PVST+ has only 3 port states (discarding, learning and forwarding) while STP has 5 port states (blocking, listening, learning, forwarding and disabled). So discarding is a new port state in PVST+.

Hint

The PVST+ provides Layer 2 load-balancing for the VLAN on which it runs. You can create different logical topologies by using the VLANs on your network to ensure that all of your links are used but that no one link is oversubscribed. Each instance of PVST+ on a VLAN has a single root switch. This root switch propagates the spanning-tree information associated with that VLAN to all other switches in the network. Because each switch has the same information about the network, this process ensures that the network topology is maintained and optimized per VLAN.

Hint

Dynamic Trunking Protocol (DTP) is a Cisco proprietary protocol for negotiating trunking on a link between two devices and for negotiating the type of trunking encapsulation (802.1Q) to be used.

Hint

From the “show mac address-table” output, we see FastEthernet0/1 can receive traffic from multiple VLANs -> it is configured as a trunk. Also from the “show cdp neighbors” output, we see Fa0/1 of this switch is connecting to Switch2 so it is configured as a trunk. There are two MAC addresses learned from FastEthernet0/5 while FastEthernet0/5 is not configured as trunk (only Fa0/2 & Fa0/3 are configured as trunk links) -> a hub is used on this port.

Hint

LACP is the IEEE Standard (IEEE 802.3ad) and is the most common dynamic Etherchannel protocol, whereas PAgP is a Cisco proprietary protocol and works only between supported vendors and Cisco devices.

Hint

Modern Ethernet networks built with switches and full-duplex connections no longer utilize CSMA/CD. CSMA/CD is only used in obsolete shared media Ethernet (which uses repeater or hub).

Hint

Since the port is in the blocked status, we must assume that there is a shorter path to the root bridge elsewhere.

Hint

The root bridge is determined by the lowest bridge ID, and this switch has a bridge ID priority of 32768, which is higher than the roots priority of 20481.

Hint

Cisco switches can use two different encapsulation types for trunks, the industry standard 802.1q or the Cisco proprietary ISL. Generally, most network engineers prefer to use 802.1q since it is standards based and will interoperate with other vendors.

Hint

VLAN 1 is the default VLAN on Cisco switch. It always exists and cannot be added, modified or removed. VLANs 1002-1005 are default VLANs for FDDI & Token Ring and they can’t be deleted or used for Ethernet.

Hint

This question is to check the spanning tree election problem. 1. First, select the root bridge, which can be accomplished by comparing the bridge ID, the smallest will be selected. Bridge-id= bridge priority + MAC address. The three switches in the figure all have the default priority, so we should compare the MAC address, it is easy to find that SwitchB is the root bridge. 2. Select the root port on the non-root bridge, which can be completed through comparing root path cost. The smallest will be selected as the root port. 3. Next, select the Designated Port. First, compare the path cost, if the costs happen to be the same, then compare the BID, still the smallest will be selected. Each link has a DP. Based on the exhibit above, we can find DP on each link. The DP on the link between SwitchA and SwitchC is SwitchA’Fa0/1, because it has the smallest MAC address.

Hint

Only non-root bridge can have root port. Fa0/11 is the root port so we can confirm this switch is not the root bridge -> A is not correct. From the output we learn this switch is running Rapid STP, not PVST -> B is not correct. 0017.596d.1580 is the MAC address of this switch, not of the root bridge. The MAC address of the root bridge is 0017.596d.2a00 -> C is not correct. All of the interface roles of the root bridge are designated. SwitchA has one Root port and 1 Alternative port so it is not the root bridge -> D is correct.

Hint

A VLAN is a switched network that is logically segmented on an organizational basis, by functions, project teams, or applications rather than on a physical or geographical basis. Security: VLANs also improve security by isolating groups. High-security users can be grouped into a VLAN, possible on the same physical segment, and no users outside that VLAN can communicate with them LAN Segmentation VLANs allow logical network topologies to overlay the physical switched infrastructure such that any arbitrary collection of LAN ports can be combined into an autonomous user group or community of interest. The technology logically segments the network into separate Layer 2 broadcast domains whereby packets are switched between ports designated to be within the same VLAN. By containing traffic originating on a particular LAN only to other LANs in the same VLAN, switched virtual networks avoid wasting bandwidth.

Hint

Only router can break up broadcast domains but in this exhibit no router is used so there is only 1 broadcast domain. For your information, there are 7 collision domains in this exhibit (6 collision domains between hubs & switches + 1 collision between the two switches).

Hint

Spanning Tree Protocol convergence (Layer 2 convergence) happens when bridges and switches have transitioned to either the forwarding or blocking state. When layer 2 is converged, root bridge is elected and all port roles (Root, Designated and Non-Designated) in all switches are selected.

Hint

We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports. With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop.

Hint

Here we can see that this port is configured for full duplex, so the next step would be to check the duple setting of the port on the other switch. A mismatched trunk encapsulation would not result in input errors and CRC errors.

Hint

A broadcast domain must sometimes exist on more than one switch in the network. To accomplish this, one switch must send frames to another switch and indicate which VLAN a particular frame belongs to. On Cisco switches, a trunk link is created to accomplish this VLAN identification. ISL and IEEE 802.1Q are different methods of putting a VLAN identifier in a Layer 2 frame. The IEEE 802.1Q protocol interconnects VLANs between multiple switches, routers, and servers. With 802.1Q, a network administrator can define a VLAN topology to span multiple physical devices. Cisco switches support IEEE 802.1Q for FastEthernet and Gigabit Ethernet interfaces. An 802.1Q trunk link provides VLAN identification by adding a 4-byte tag to an Ethernet Frame as it leaves a trunk port.

Hint

Disabling Dynamic Trunking Protocol (DTP) Cisco’s Dynamic Trunking Protocol can facilitate the automatic creation of trunks between two switches. When two connected ports are configured in dynamic mode, and at least one of the ports is configured as desirable, the two switches will negotiate the formation of a trunk across the link. DTP isn’t to be confused with VLAN Trunking Protocol (VTP), although the VTP domain does come into play. DTP on the wire is pretty simple, essentially only advertising the VTP domain, the status of the interface, and its DTP type. These packets are transmitted in the native (or access) VLAN every 60 seconds both natively and with ISL encapsulation (tagged as VLAN 1) when DTP is enabled.

Hint

Switched Port Analyzer (SPAN) is used to analyze network traffic passing through ports on a switch. For example we can configure the Switch to monitor its interface Fa0/0, which connects to the Core, by sending all traffic to/from Fa0/0 to its Fa0/1 interface. At Fa0/1 interface we connect to a computer and use such a software like Wireshark to capture the packets.

Hint

The way EtherChannel load balancing works is that the switch assigns a hash result from 0-7 based on the configured hash method ( load balancing algorithm ) for the type of traffic. This hash result is commonly called as Result Bundle Hash (RBH). Now we need to convert Load value from Hexadecimal to Binary numbers. Therefore: + Gi1/1: 36 (Hex) = ‭00110110‬ (Bin) -> Bits 3, 4, 6, 7 are chosen + Gi1/2: 84 (Hex) = ‭10000100‬ (Bin) -> Bits 1, 6 are chosen + Gi1/3: 16 (Hex) = ‭00010110‬ (Bin) -> Bits 4, 6, 7 are chosen Therefore if the RBH is 3, it will choose Gi1/1. If RBH is 4, it will choose Gi1/1 and Gi1/3 interfaces. If RBH is 6 it will choose all three above interfaces. And the bit sharing ratio is 3:3:2 (from “No of bits” column) hence two links has higher probability of getting utilized as compared to the third link.

Hint

Common Causes of Slow IntraVLAN and InterVLAN Connectivity The symptoms of slow connectivity on a VLAN can be caused by multiple factors on different network layers. Commonly the network speed issue may be occurring on a lower level, but symptoms can be observed on a higher level as the problem masks itself under the term “slow VLAN”. To clarify, this document defines the following new terms: “slow collision domain”, “slow broadcast domain” (in other words, slow VLAN), and “slow interVLAN forwarding”. These are defined in the section Three Categories of Causes, below. In the following scenario (illustrated in the network diagram below), there is a Layer 3 (L3) switch performing interVLAN routing between the server and client VLANs. In this failure scenario, one server is connected to a switch, and the port duplex mode is configured half- duplex on the server side and full-duplex on the switch side. This misconfiguration results in a packet loss and slowness, with increased packet loss when higher traffic rates occur on the link where the server is connected. For the clients who communicate with this server, the problem looks like slow interVLAN forwarding because they do not have a problem communicating to other devices or clients on the same VLAN. The problem occurs only when communicating to the server on a different VLAN. Thus, the problem occurred on a single collision domain, but is seen as slow interVLAN forwarding. Three Categories of Causes The causes of slowness can be divided into three categories, as follows: Slow Collision Domain Connectivity Collision domain is defined as connected devices configured in a half-duplex port configuration, connected to each other or a hub. If a device is connected to a switch port and full-duplex mode is configured, such a pointto-point connection is collisionless. Slowness on such a segment still can occur for different reasons. Slow Broadcast Domain Connectivity (Slow VLAN) Slow broadcast domain connectivity occurs when the whole VLAN (that is, all devices on the same VLAN) experiences slowness. Slow InterVLAN Connectivity (Slow Forwarding Between VLANs) Slow interVLAN connectivity (slow forwarding between VLANs) occurs when there is no slowness on the local VLAN, but traffic needs to be forwarded to an alternate VLAN, and it is not forwarded at the expected rate. Causes for Network Slowness Packet Loss In most cases, a network is considered slow when higher-layer protocols (applications) require extended time to complete an operation that typically runs faster. That slowness is caused by the loss of some packets on the network, which causes higher-level protocols like TCP or applications to time out and initiate retransmission. Hardware Forwarding Issues With another type of slowness, caused by network equipment, forwarding (whether Layer 2 [L2] or L3) is performed slowly. This is due to a deviation from normal (designed) operation and switching to slow path forwarding. An example of this is when Multilayer Switching (MLS) on the switch forwards L3 packets between VLANs in the hardware, but due to misconfiguration, MLS is not functioning properly and forwarding is done by the router in the software (which drops the interVLAN forwarding rate significantly).

Hint

Rapid PVST+This spanning-tree mode is the same as PVST+ except that is uses a rapid convergence based on the IEEE 802.1w standard. To provide rapid convergence, the rapid PVST+ immediately deletes dynamically learned MAC address entries on a per-port basis upon receiving a topology change. By contrast, PVST+ uses a short aging time for dynamically learned MAC address entries. The rapid PVST+ uses the same configuration as PVST+ (except where noted), and the switch needs only minimal extra configuration. The benefit of rapid PVST+ is that you can migrate a large PVST+ install base to rapid PVST+ without having to learn the complexities of the MSTP configuration and without having to reprovision your network. In rapid-PVST+ mode, each VLAN runs its own spanning-tree instance up to the maximum supported.

Hint

A VLAN does not need to be assigned to any port -> B is not correct. An access port can only receive traffic from one VLAN -> C is not correct. If not assigned to a specific VLAN, an access port carries traffic for VLAN 1 by default -> D is not correct. An access port will drop packets with 802.1Q tags -> A is correct. Notice that 802.1Q tags are used to packets moving on trunk links.

Hint

IEEE 802.1w is Rapid Spanning Tree Protocol (RSTP). There are only three port states left in RSTP that correspond to the three possible operational states. The 802.1D disabled, blocking, and listening states are merged into the 802.1w discarding state. * Discarding – the port does not forward frames, process received frames, or learn MAC addresses – but it does listen for BPDUs (like the STP blocking state) * Learning – receives and transmits BPDUs and learns MAC addresses but does not yet forward frames (same as STP). * Forwarding – receives and sends data, normal operation, learns MAC address, receives and transmits BPDUs (same as STP).

Hint

Ethernet began as a local area network technology that provided a half-duplex shared channel for stations connected to coaxial cable segments linked with signal repeaters. In this appendix, we take a detailed look at the half-duplex shared-channel mode of operation, and at the CSMA/CD mechanism that makes it work. In the original half-duplex mode, the CSMA/CD protocol allows a set of stations to compete for access to a shared Ethernet channel in a fair and equitable manner. The protocol’s rules determine the behavior of Ethernet stations, including when they are allowed to transmit a frame onto a shared Ethernet channel, and what to do when a collision occurs. Today, virtually all devices are connected to Ethernet switch ports over full-duplex media, such as twisted-pair cables. On this type of connection, assuming that both devices can support the full-duplex mode of operation and that Auto-Negotiation (AN) is enabled, the AN protocol will automatically select the highest-performance mode of operation supported by the devices at each end of the link. That will result in full-duplex mode for the vast majority of Ethernet connections with modern interfaces that support full duplex and AN.

Hint

A late collision is defined as any collision that occurs after the first 512 bits of the frame have been transmitted. The usual possible causes are full-duplex/half-duplex mismatch, exceeded Ethernet cable length limits, or defective hardware such as incorrect cabling, non-compliant number of hubs in the network, or a bad NIC. Note: On an Ethernet connection, a duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half duplex while the other one operates in full duplex. Duplex mismatch would not cause the link to be down/down, but would only result in poor performance like increase late collisions on the interface.

Hint

Each stack has only one configuration file, which is distributed to each member in the stack. This allows each switch in the stack to share the same network topology, MAC address, and routing information. In addition, it allows for any member to become the master, if the master ever fails -> Answer D is correct while answer A is not correct. Switches can be added and deleted to a working stack without affecting stack performance. When a new switch is added, the master switch automatically configures the unit with the currently running Cisco IOS Software image and configuration of the stack. The stack will gather information such as switching table information and update the MAC tables as new addresses are learned. The network manager does not have to do anything to bring up the switch before it is ready to operate. Similarly, switches can be removed from a working stack without any operational effect on the remaining switches. When the stack discovers that a series of ports is no longer present, it will update this information without affecting forwarding or routing. A working stack can accept new members or delete old ones without service interruption -> Answer B is correct. Reference: https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/prod_white_paper09186a00801b096a.html

Hint

VTP Client · VTP clients function the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client. · A VTP client only stores the VLAN information for the entire domain while the switch is on. · A switch reset deletes the VLAN information. · You must configure VTP client mode on a switch.

Hint

On an Ethernet connection, a duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half duplex while the other one operates in full duplex. Duplex mismatch can easily cause collision domain issue as the device that operates in full duplex mode turns off CSMA/CD. So it is eager to send data immediately without checking if the link is free to use -> A is correct. An “inband path” is the path which provides path for management traffic (like CDP, VTP, PAgP…) but we are not sure why congestion on the switch inband path can cause collision domain issues. Maybe congestion on inband path prevents the JAM signal (sent when a collision occurs on the link) to be sent correctly on the link.

Hint

VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches in the network” VTP minimizes misconfigurations and configuration inconsistencies that can cause problems, such as duplicate VLAN names or incorrect VLAN-type specifications. VTP helps you simplify management of the VLAN database across multiple switches. VTP is a Cisco-proprietary protocol and is available on most of the Cisco switches

Hint

PortFast causes a switch or trunk port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states. You can use PortFast on switch or trunk ports that are connected to a single workstation, switch, or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.

Hint

Cisco developed PVST+ to allow strolling numerous STP instances, even over an 802.1Q network via the use of a tunneling mechanism. PVST+ utilizes Cisco gadgets to hook up with a Mono Spanning Tree area to a PVST+ region. No particular configuration is needed to attain this. PVST+ affords assist for 802.1Q trunks and the mapping of a couple of spanning trees to the single spanning tree of popular 802.1Q switches strolling Mono Spanning Tree.