ICND1-6-Configuring a Cisco Switch-61c.txt

Card Set Information

Author:
djames8
ID:
236532
Filename:
ICND1-6-Configuring a Cisco Switch-61c.txt
Updated:
2013-09-23 16:01:31
Tags:
CCNA 61 djames8
Folders:

Description:
CCNA Flash Cards
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user djames8 on FreezingBlue Flashcards. What would you like to do?


  1. How can an administrator determine whether a switch has been configured when it is first powered up?
    An unconfigured switch goes into the setup dialog box
  2. What are the two configuration modes in the Cisco Catalyst 2960 series switch IOS?
    • The two configuration modes are global configuration and interface configuration.
    • Global configuration configures global settings to the switch, such as IP address or host name.
    • Interface configuration configures interface settings, such as port speed or duplex.
  3. What can cause a switch to enter setup mode?
    • A switch enters setup mode if any of the following occur:
    • - The switch is a new switch, with no previous configuration.
    • - No configuration is stored in NVRAM.
    • - The setup command was issued from the privileged mode prompt.
  4. What IOS command is used to enter global configuration mode?
    To enter global configuration mode, use the configure terminal command.
  5. What IOS command is used to enter interface configuration mode?
    • To enter interface configuration mode, use the interface interface-id command.
    • To enter interface mode, you first need to be in global configuration mode. The interface-id parameter is the type and number of the interface you want to configure.
    • For example, if to configure Gigabit interface 1, enter the following:
    • switch(config)#interface g0/1
    • switch(config-if)#
  6. What IOS command would you use to issue a switch the host name of BuildingB-Switch?
    The hostname BuildingB-Switch privileged IOS command allows you to configure this switch with a host name.
  7. As a network administrator, you have a new Catalyst 2960 switch. You want to assign it the IP address of 192.168.0.10/24. What IOS commands do you need to enter to assign the IP address to the switch?
    • To assign the IP address to the switch, Follow these steps to assign the IP address to the switch:
    • tep 1. Enter the VLAN 1 interface. This is a logical interface used for management.
    • Step 2. Assign the IP address and subnet masks.
    • Step 3. Enable the interface by issuing the no shutdown command.
    • These are the commands:
    • interface vlan1
    • ip address 192.168.0.10 255.255.255.0
    • no shutdown
  8. How do you configure a Catalyst 2960 switch with a default gateway?
    • To configure the default gateway, use the ip default-gateway ip-address global configuration command. The following example configures the switch to use IP address 192.168.0.1 as its default gateway:
    • Switch(config)#ip default-gateway 192.168.0.1
  9. Because a switch operates at Layer 2 of the OSI model, why do you need to configure a default gateway on the switch?
    • You need to configure a default gateway on the switch to allow remote networks to manage the switch.
    • Although a switch does not see Layer 3 and above information, a default gateway is configured on a switch to allow administrators to remotely administer and configure the switch.
  10. What Cisco switch IOS command displays the system hardware, software version, names of configuration files, and boot images?
    • The show version switch IOS command displays the system hardware, software version, boot images, and configuration register. The following is the output of the show version command:
    • Cat2960#show version
    • Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)
    • Copyright (c) 1986-2006 by Cisco Systems, Inc.
    • Compiled Fri 28-Jul-06 04:33 by yenanh
    • Image text-base: 0x00003000, data-base: 0x00AA2F34
  11. How do you display the current active configuration on a switch?
    You display the current active configuration on a switch by issuing the show running-config or sh run privileged command.
  12. What command allows you to view the statistics for all interfaces configured on the switch?
    The show interfaces privileged command allows you to view the statistics for all interfaces configured on the switch.
  13. What command displays the switch's configured IP address, subnet mask, and default gateway?
    • The show ip interface privileged EXEC command displays all IP information configured for all interfaces on the switch. Following is the output of the show ip interface command:
    • Cat2960#show ip interface
    • Vlan1 is up, line protocol is down
    • Internet address is 192.168.0.10/24
    • Broadcast address is 255.255.255.255
    • Address determined by setup command
    • MTU is 1500 bytes
    • Helper address is not set
    • Directed broadcast forwarding is disabled
  14. As system administrator, you want to view how long the switch has been turned up. What command do you issue to view the uptime of the switch?
    • Issue the show version privileged EXEC command to view the uptime of the switch.
    • In addition to displaying the switch hardware configuration and software version information, the show version command displays switch uptime, switch platform information including RAM, switch serial number, and MAC address.
    • Cat2960#show version
    • Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)
    • Copyright (c) 1986-2006 by Cisco Systems, Inc.
    • Compiled Fri 28-Jul-06 04:33 by yenanh
  15. What is the switch MAC address table used for?
    • The switch MAC address table forwards traffic to the appropriate port.
    • Because switches operate at Layer 2 of the OSI model, they switch traffic by MAC address. Instead of flooding traffic out all ports, a switch learns the MAC address of devices on each port and only forwards traffic destined to the host on the port. The learned MAC addresses are stored in the switch's MAC address table.
  16. How many MAC addresses can a Catalyst 2960 switch store in its MAC address table?
    • The switch can store 8192 MAC addresses.
    • MAC addresses on a Catalyst 2960 are dynamically learned. They are stored in memory and are updated and aged out automatically. When a switch is rebooted, the MAC addresses stored in the MAC address table are reset.
  17. How do you display the MAC address table on a Catalyst 2960?
    • You display the MAC address table on a Catalyst 2960 by issuing the show mac-address-table privileged command, as follows:
    • vcswitch-admin1#show mac-address-table
    • Mac Address Table
    • -------------------------------------------
    • Vlan Mac Address Type Ports
    • ---- ----------- -------- -----
    • All 0000.0000.0000 STATIC CPU
    • All 000b.469d.c900 STATIC CPU
  18. How do you add a static MAC address to a port on a Catalyst 2960 switch?
    To add a static MAC address, use the mac-address-table static vlan vlan-id interface interface-id global command.
  19. How do you add a password to the console terminal?
    • To add a password to the console terminal, use the line console 0 global configuration command, followed by the login and password password line subcommands, as follows:
    • Cat2960(config)#line console 0
    • Cat2960(config-line)#login
    • Cat2960(config-line)#password CCNA
    • The login subcommand forces the router to prompt for authentication. Without this command, the router will not authenticate a password. The password CCNA subcommand sets the console password to CCNA. The password set is case sensitive.
  20. By default, Telnet access to a switch is disabled. How do you enable Telnet access and configure a password to secure access to the switch?
    • To enable add a password for Telnet access, enter the line vty 0 15 global configuration command, the login command, and finally the password line subcommand. The password is case sensitive.
    • In this example, the Telnet password is set to CCNA:
    • Cat2960(config)#line vty 0 15
    • Cat2960(config-line)#login
    • Cat2960(config-line)#password CCNA
  21. How many vty ports exist on a Catalyst 2960 switch?
    A Catalyst 2960 switch has 16 vty ports.
  22. Privileged EXEC mode allows you to make global configurations to a switch. As such, access to global configuration mode should be restricted. How do you restrict access to privileged EXEC mode?
    • To restrict access to privileged EXEC mode, assign a password to privileged mode.
    • This is done in one of two ways: by either using the enable password global command or the enable secret global command.
    • Cisco recommends that you use the enable secret global command versus the enable password command because the enable secret command encrypts the password.
  23. As network administrator, you issue the following commands on your Catalyst 2960 switch:
    • Cat2960(config)#enable password Cisco
    • Cat2960(config)#enable secret cisco
    • What password will the switch use to enter privileged EXEC mode?
    • The switch will use cisco to enter privileged EXEC mode.
    • When a switch has the enable password and enable secret password configured, the switch will use the enable secret password as the password to enter privileged EXEC mod
  24. When you view the configuration on Cisco routers, only the enable secret password is encrypted. How do you encrypt the console, Telnet, and enable passwords?
    • To encrypt the passwords, use the service password-encryption global command, as follows:
    • Cat2960(config)#service password-encryption
  25. What banner is displayed before the username and password login prompts on a Catalyst switch?
    • The login banner is displayed.
    • The login banner is configured using the banner login global command. For example:
    • Cat2960#config t
    • Enter configuration commands, one per line. End with CNTL/Z.
    • Cat2960(config)#banner login #
    • Enter TEXT message. End with the character '#'.
    • Notice! Only Authorized Personnel Are Allowed to Access This Device
    • #
  26. When is the message of the day (MOTD) banner displayed?
    The MOTD is displayed upon connection to the switch either by Telnet or by the console port.
  27. How do you add a message of the day (MOTD) banner on a Cisco device?
    • You add an MOTD banner by entering the banner motd # text # global configuration command.
    • The pound signs (#) are delimiting characters. They can be any character of your choice, but they must be the same and cannot be included in your text. They signify the beginning and end of your text. The following example shows the banner motd command:
    • Cat2960(config)#banner motd #
    • Enter TEXT message. End with the character '#'.
    • Warning only authorized users many access this switch.
    • #
    • Cat2960(config)#
  28. Why does Cisco recommend using SSH instead of Telnet for remote access of a Cisco device?
    Cisco recommends using SSH because it encrypts communication between the Cisco device and the host. Telnet is unsecure, and all communication between the Cisco device and host is sent in clear text.
  29. By default, any IP address can connect to vty ports. How do you restrict access to vty ports, allowing only certain IP addresses to connect to vty ports?
    • You restrict access to vty ports by using standard access lists.
    • Standard access lists allow you to permit or deny traffic based on the source IP address. To restrict access to vty ports, you would create a standard access list that permits each authorized IP address to connect to vty and apply the access list to the vty ports.
  30. When implementing access lists, what are wildcard masks?
    • Wildcard masks define the subset of the 32 bits in the IP address that must be matched.
    • Wildcards are used with access lists to specify a host, network, or part of a network. Wildcard masks work exactly the opposite of subnet masks. In subnet masks, 1 bits are matched to the network portion of the address, and 0s are wildcards that specify the host range. In wildcard masks, when 0s are present, the octet address must match. Mask bits with a binary value of 1 are wildcards. For example, if you have an IP address of 172.16.0.0 with a wildcard mask of 0.0.255.255, the first two portions of the IP address must match 172.16, but the last two octets can be in the range of 0 to 255.
  31. What is the IOS command syntax that creates a standard IP access list?
    • The command syntax to create a standard IP access list is as follows:
    • access-list access-list-number {permit | deny} source-address
    • [wildcard-mask]
    • The access-list-number parameter is a number from 1 to 99 or 1300 to 1999.
    • For example:
    • SwitchA(config)#access-list 10 deny 192.168.0.0 0.0.0.255
    • SwitchA(config)#access-list 10 permit any
    • This creates access list number 10, which denies any IP address between 192.168.0.1 and 192.168.255.255 while permitting all other traffic.
  32. Create an access list that permits only Telnet traffic from network 192.168.10.0 255.255.255.0 to connect to a Cisco device?
    • An access list that permits only Telnet traffic from network 192.168.10.0 255.255.255.0 is as follows:
    • SwitchA(config)#access list 10 permit ip 192.168.10.0 0.0.0.255
    • SwitchA(config)#line vty 0 15
    • SwitchA(config-if)#access-class 10 in This applies the access list to telnet ports
  33. What is switch port security?
    Switch port security allows you to restrict input to a port by limiting and/or identifying the MAC addresses of the devices allowed to access the port.
  34. What commands enable port security on interface f0/1? Only allow one MAC address on the port, and let the switch dynamically learn the MAC address. Restrict the port if a second MAC address is detected?
    • Use the following commands to enable port security on interface f0/1:
    • Cat2960(config)#int f0/1
    • Cat2960(config-if)#switchport mode access
    • Cat2960(config-if)#switchport port-security
    • Cat2960(config-if)#switchport port-security max 1
    • Cat2960(config-if)#switchport port-security mac-address sticky
    • Cat2960(config-if)#switchport port-sec violation restrict
  35. Can you enable port security on a trunk port?
    No. A trunk port is a port configured to trunk multiple VLANs. Only access ports (ports with only one VLAN) can have port security enabled.
  36. How can you tell whether port security is enabled on a switch?
    • You determine whether port security is enabled on a switch by issuing the show port-security command, as follows:
    • Cat2960#show port-security
    • Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
    • (Count) (Count) (Count)
    • ---------------------------------------------------------------------------
    • Fa0/1 1 0 0 Restrict
    • ---------------------------------------------------------------------------
    • Total Addresses in System (excluding one mac per port) : 0
    • Max Addresses limit in System (excluding one mac per port) : 8320
  37. What is the default mode of a switch port?
    The default mode is trunk. Because the default mode of a switch port is dynamic desirable, the port will try to negotiate to trunking if the other end of the link has a compatible setting. This setting can allow an unauthorized user to plug a device into an unused switch port and gain access to the network. Cisco recommends securing unused switch ports.
  38. How do you secure unused switch ports?
    You secure an unused switch port by either disabling the port or putting the port in an unused VLAN.
  39. How do you disable a switch port?
    You disable a switch port by issuing the shutdown interface command. To reenable the interface, issue the no shutdown command.
  40. What are VLANs?
    VLANs are broadcast domains in a Layer 2 network. Each broadcast domain is like a distinct virtual bridge within the switch. Each virtual bridge you create in a switch defines a broadcast domain. By default, traffic from one VLAN cannot pass to another VLAN. Each of the users in a VLAN would also be in the same IP subnet. Each switch port can belong to only one VLAN.
  41. For VLANs to communicate with each other, what network component is needed?
    A router or Layer 3 switch is needed for inter-VLAN communication. It is important to think of a VLAN as a distinct virtual bridge in a switch, with is its own IP subnet and broadcast domain. A network device cannot communicate from one IP subnet to another without a router. The same is true for a VLAN; you cannot communicate from one VLAN to another without a router.
  42. What is VLAN membership?
    VLAN membership describes how a port on a switch is assigned to a VLAN.
  43. What are the three most common ways that VLAN membership is established?
    • The three most common ways of establishing VLAN membership are as follows:
    • - Port-driven membership
    • - MAC address membership
    • - Layer 3[nd]based membership
  44. What are the two ways that inter-VLAN communication can be established?
    • The two ways that inter-VLAN communication can be established are as follows:
    • - Logically: Involves a single connection, called a trunk link, from the switch to a router. The trunk link uses a VLAN protocol to differentiate between VLANs. This configuration is called a "router on a stick."
    • - Physically: Involves a separate physical connection for each VLAN.
  45. What are trunk links?
    • Trunk links allow the switch to carry multiple VLANs across a single link.
    • By default, each port on a switch can belong to only one VLAN. For devices that are in VLANs (that span multiple switches) to talk to other devices in the same VLAN, you must use trunking or have a dedicated port per VLAN.
  46. As a network administrator, you want to create two VLANs, one named Admin and the other named Sales. What commands create the two VLANs, assigning VLAN ID 10 and 20, respectively, to each VLAN?
    • Issue the following commands to create the two VLANs:
    • Cat2960(config)#vlan 10
    • Cat2960(config-vlan)#name Admin
    • Cat2960(config-vlan)#vlan 20
    • Cat2960(config-vlan)#name Sales
  47. What IOS commands assign interface f0/1 to VLAN 10 and interface f0/2 to VLAN 20?
    • The IOS commands that assign interface f0/1 to VLAN 10 and interface f0/2 to VLAN 20 are as follows:
    • Cat2960(config)#int f0/1
    • Cat2960(config-if)#switchport access vlan 10
    • Cat2960(config-if)#int f0/2
    • Cat2960(config-if)#switchport access vlan 20
  48. What command allows you to view information that is specific to VLAN 10?
    • To view information that is specific to VLAN 10, enter the show vlan id 10 command, as follows:
    • Cat2960#show vlan id 10
    • VLAN Name Status Ports
    • ---- -------------------------------- --------- -------------------------------
    • 10 sales active Fa0/1, Fa0/3, Fa0/4, Fa0/5
    • Fa0/6, Fa0/7, Fa0/8, Fa0/9
    • Fa0/10, Fa0/11, Fa0/12
  49. What command allows you to view the names of all the VLANs configured on a switch?
    • To view the names of all the VLANs configured on a switch, enter the show vlan brief command, as follows:
    • Cat2960#show vlan brief
    • VLAN Name Status Ports
    • ---- -------------------------------- --------- -------------------------------
    • 1 default active Fa0/13, Fa0/14, Fa0/15, Fa0/16
    • Fa0/17, Fa0/18, Fa0/19, Fa0/20
  50. A fundamental concept behind LAN switching is that it provides microsegmentation. What is microsegmentation?
    Microsegmentation is a network design (functionality) where each workstation or device on a network gets its own dedicated segment (collision domain) to the switch. Each network device gets the full bandwidth of the segment and does not have to contend or share the segment with other devices. Microsegmentation reduces collisions because each segment is its own collision domain.
  51. What advantages are offered by LAN segmentation using LAN switches?
    • The advantages offered by LAN segmentation using LAN switches are as follows:
    • - Collision-free domains from one larger collision domain
    • - Efficient use of bandwidth
    • - Low latency and high frame-forwarding rates at each interface port
  52. Describe full-duplex transmission?
    Full-duplex transmission is achieved by microsegmentation, where each network device has its own dedicated segment to the switch. Because the network device has its own dedicated segment, it does not have to worry about sharing the segment with other devices. With full-duplex transmission, the device can send and receive at the same time, effectively doubling the amount of bandwidth between nodes
  53. What are the advantages of using full-duplex Ethernet instead of half-duplex?
    Full-duplex provides faster data transfer and operates without collisions.
  54. Can a network hub be connected to a switch port in full-duplex mode?
    No. Because a hub shares access to the segment, it must connect to a switch port in half-duplex to be able to detect collisions.
  55. What command allows you to view the duplex and speed setting configured for a switch port?
    • To view the duplex and speed setting configured for a switch port, enter the show interface interface-id command, as follows:
    • Cat2960#show interface f0/1
    • FastEthernet0/1 is up, line protocol is up
    • Hardware is Fast Ethernet, address is 0019.e81a.4801 (bia 0019.e81a.4801)
    • MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
    • reliability 255/255, txload 1/255, rxload 1/255
    • Encapsulation ARPA, loopback not set
    • Keepalive set (10 sec)
    • Auto-duplex, Auto-speed, media type is 10/100BaseTX
    • input flow-control is off, output flow-control is unsupported
    • ARP type: ARPA, ARP Timeout 04:00:00
  56. What is the Spanning Tree Protocol (STP)?
    STP is a loop-prevention bridge-to-bridge protocol. Its main purpose is to dynamically maintain a loop-free network. It does this by sending out bridge protocol data units (BPDU), discovering any loops in the topology, and blocking one or more redundant links.
  57. When troubleshooting switches, in what layers of the OSI model do problems occur?
    Problems occur in Layers 1 and 2.
  58. When troubleshooting a switched network, what are some common Layer 1 issues?
    • Some common Layer 1 issues are as follows:
    • - Bad or damaged wires.
    • - EMI is introduced.
    • - New equipment is installed.
  59. An end user complains of slow access to the network. You issue the show interface command on the port the user is connected to and you see a lot of collisions and cyclic redundancy check (CRC) errors on the interface. What is most likely the cause of the problem?
    • The most likely cause of the problem is a bad network cable, damaged media, or EMI.
    • Excessive collisions and CRC errors usually indicate a problem with the network cable attached to the port, or outside interference.
  60. An end user complains of slow access to the network. You issue the show interface command on the port the end user is connected to and you see a lot of collisions and runts on the interface. What is most likely the cause of the problem?
    Either a change of traffic patterns usually caused by the installation of a new application or the installation of a hub can cause excessive collisions and runts on an interface.
  61. An end user's computer network card is set to half-duplex and the switch port his computer is connected to is set to full-duplex. What is the result?
    The result is a duplex mismatch. As a result, the computer does not gain access to the network.

What would you like to do?

Home > Flashcards > Print Preview