CCNA2 CHAPTER 3
11. Match the commands with the correct descriptions. -switchport mode trunk -switchport mode dynamic desirable -switchport nonegotiate -switchport mode access A. Configures the port to negotiate a trunk B. Configures the trunk to not send DTP packets C. Configures the port as a permanent 802.1Q trunk D. Disables trunk mode
-C -A -B -D
12. Match the problem definition with the correct problem description. -Native VLAN mismatch -Trunk mode mismatch -Incorrect VLAN list -VLAN subnet conflict A. Both switches are configured to dynamic auto and will not negotiate a link. B. Not all the VLANs needed are allowed to traverse a trunk. C. PCs on the same VLAN are not sharing the same address space. D. The VLAN configured for untagged frames is not the same on two switches connected by a trunk.
-D -A -B -C
8. With each listed characteristic on the right, indicate in the blank on the left whether it reflects a normal range VLAN, an extended range VLAN, or VLAN 1. Use N for normal range VLAN, E for extended range VLAN, and 1 for VLAN 1. -1-1005 -1006-4094 -Stored in vlan.dat -Default management VLAN -Default native VLAN -All ports are a member of by default -Stored in running configuration file
-N -E -N -1 -1 -1 -E
VIRTUAL LOCAL AREA NETWORK (VLAN)
A GROUP OF HOST WITH COMMON SET OF REQUIREMENTS THAT COMMUNICATE AS IF THEY WERE ATTACHED TO THE SAME WIRE, REGARDLESS OF THEIR PHYSICAL LOCATION. HAS SAME ATTRIBUTES AS A PHYSICAL LAN, BUT IT ALLOWS FOR END STATIONS TO BE GROUPED TOGETHER EVEN IF THEY ARE NOT LOCATED ON THE SAME LAN.
PRIVATE VLAN (PVLAN) EDGE
A LOCALLY SIGNIFICANT SWITCH FEATURE THAT PROVIDES PROTECTION FOR A PARTICULAR PORT. SOME APPLICATIONS REQUIRE THAT NO LAYER 2 TRAFFIC BE FORWARDED BETWEEN PORTS ON THE SAME SWITCH. THE PVLAN EDGE FEATURE ENSURES THAT NO UNICAST, BROADCAST, OR MULTICAST TRAFFIC IS EXCHANGED BETWEEN PROTECTED PORTS
BLACK HOLE VLAN
A VLAN ASSIGNED TO UNUSED SWITCH PORTS
14. Which Layer 2 security issue sends a frame destined for one VLAN to a different VLAN by adding more than one VLAN ID to the header? A. Double-tagging B. Switch spoofing C. PVLAN edge D. Plaintext vty access
A. Double-tagging
6. Which three statements are true about hosts that are configured in the same VLAN? (Choose three.) A. Hosts in the same VLAN must be on the same IP subnet. B. Hosts in different VLANs can communicate with the aid of only the Layer 2 switch. C. Hosts in the same VLAN share the same broadcast domain. D. Hosts in the same VLAN share the same collision domain. E. Hosts in the same VLAN comply with the same security policy. F. Hosts in the same VLAN must be on the same physical segment.
A. Hosts in the same VLAN must be on the same IP subnet. C. Hosts in the same VLAN share the same broadcast domain.
5. A 24-port switch has been configured to support three VLANs named Sales, Marketing, and Finance. Each VLAN spans four ports on the switch. The network administrator has deleted the Marketing VLAN from the switch. What two statements describe the status of the ports associated with this VLAN? (Choose two.) A. The ports are inactive. B. The ports are administratively disabled. C. The ports will become trunks to carry data from all remaining VLANs. D. The ports will remain part of the Marketing VLAN until reassigned to another VLAN. E. The ports were released from the Marketing VLAN and automatically reassigned to VLAN 1.
A. The ports are inactive. D. The ports will remain part of the Marketing VLAN until reassigned to another VLAN.
3. What mechanism is used to achieve the separation between different VLANs as they cross a trunk link? A. VLAN tagging using 802.1Q protocol B. VLAN tagging using 802.1p protocol C. VLAN multiplexing D. VLAN set as a native VLAN
A. VLAN tagging using 802.1Q protocol
10. Which three options accurately associate the Catalyst switch command with the result? (Choose three.) A. show vlan id vlan-id: displays information about a specific VLAN. B. show vlan: displays detailed information about all VLANs on the switch. C. show vlan brief: displays detailed information about all VLANs on the switch. D. show interfaces fa0/1 switchport: displays information about a specific port. E. show interfaces fa0/1: displays VLAN information about a specific port.
A. show vlan id vlan-id: displays information about a specific VLAN. B. show vlan: displays detailed information about all VLANs on the switch. D. show interfaces fa0/1 switchport: displays information about a specific port.
DEFAULT VLAN
All switch ports become a part of the default VLAN after the initial boot up of a switch loading the default configuration. VLAN 1 IS DEFAULT VLAN
9. Refer to the following configuration. Host 1 is connected to interface Fa0/4 with IP address 192.168.1.22/28. Host 2 is connected to interface Fa0/5 with IP address 192.168.1.33/28. Host 3 is connected to interface F0/6 with IP address 192.168.1.30/28. Select the three statements that describe the success of pinging from one host to another. (Choose three.) Switch(config)# vlan 10 Switch(config-vlan)# name Faculty Switch(config-vlan)# vlan 20 Switch(config-vlan)# name Staff Switch(config-vlan)# interface range fa0/4 , fa0/6 Switch(config-if-range)# switchport mode access Switch(config-if-range)# switchport access vlan 10 Switch(config-if-range)# interface fa0/5 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 20 A. Host 1 can ping Host 2. B. Host 1 cannot ping Host 2. C. Host 1 can ping Host 3. D. Host 1 cannot ping Host 3. E. Host 2 can ping Host 3. F. Host 2 cannot ping Host 3.
B. Host 1 cannot ping Host 2. C. Host 1 can ping Host 3. F. Host 2 cannot ping Host 3.
7. Refer to Figure 3-8. Host PC3 is unable to transfer data because it does not have the MAC address of the destination host. If PC3 sends out an ARP request broadcast, which of the other hosts will see the message? A. Only PC3 B. Only PC4 C. Only PC4 and PC5 D. PC1, PC2, PC4, and PC5 E. PC1, PC2, PC3, PC4, and PC5
B. Only PC4
4. What are two options to consider when configuring a trunk link between two switches? (Choose two.) A. The switchport nonegotiate command must be configured for trunks that use DTP. B. Port security cannot be configured on the trunk interfaces. C. The native VLAN must be the same on both ends of the trunk. D. Different encapsulation types can be configured on both ends of the trunk link. E. Trunk ports can be configured only on Gigabit Ethernet interfaces.
B. Port security cannot be configured on the trunk interfaces. C. The native VLAN must be the same on both ends of the trunk.
15. Which two design considerations are best practices for switch VLAN design? (Choose two.) A. Unused ports should be left to the default configuration. B. The native VLAN should be an unused VLAN. C. All unused ports should be configured as a part of the black hole VLAN. D. All unused ports should be configured as a part of the native VLAN. E. A server should always be configured as a protected port. F. The management VLAN should be a VLAN not used by any type of user traffic. G. Disable DTP messages.
B. The native VLAN should be an unused VLAN. C. All unused ports should be configured as a part of the black hole VLAN. F. The management VLAN should be a VLAN not used by any type of user traffic. G. Disable DTP messages.
VLAN.DAT
Configurations are stored within a VLAN database file, LOCATED IN THE FLASH MEMORY OF THE SWITCH
2. Switch S1 and Switch S2 are both configured with ports in the Faculty, Students, Voice, Guest, Printing, and Admin VLANs. Each VLAN contains 12 users. How many subnets are needed to address the VLANs? A. 1 B. 2 C. 4 D. 6 E. 8 F. 12 G. 24
D. 6
1. What is the difference between an access port and a trunk port? A. A trunk port belongs to a single VLAN; an access port provides access for multiple VLANs between switches. B. An access port can have a native VLAN, but a trunk port cannot. C. An access port can have only one device attached. D. Multiple VLANs traverse a trunk port, but an access port can belong to a single VLAN.
D. Multiple VLANs traverse a trunk port, but an access port can belong to a single VLAN.
VLAN LEAKING
FRAMES ARE ACCEPTED FROM A VLAN THAT IS DIFFERENT FROM THE ONE ASSIGNED TO A PARTICULAR SWITCH PORT
VLAN HOPPING
FRAMES FROM ONE VLAN CAN BE SEEN BY ANOTHER VLAN
13. The protocol " " is an industry standard for trunking.
IEEE 802.1Q
DOUBLE-TAGGING (DOUBLE-ENCAPSULATION)
REQUIRES THAT THE ATTACKER BE CONNECTED TO A PORT THAT IS IN THE SAME VLAN AS THE NATIVE VLAN OF A TRUNK PORT. THE ATTACKER SENDS AN 802.1Q FRAME THAT HAS 2 VLAN TAGS; THE SECOND TAG IS THE FAKE ONE READ BY A SECOND SWITCH AND SENT TO AN UNATTENDED VLAN THAT HAS A TARGET HOST CONTROLLED BY THE ATTACKER
TRUNK
SWITCHPORT MODE CONFIGURED SO THAT THE SWITCH CAN TRANSMIT TRAFFIC FROM MULTIPLE VLANS OVER A SINGLE LINK
TAGGING
The 802.1Q header includes a 4-byte tag inserted within the original Ethernet frame header, specifying the VLAN to which the frame belongs
VLAN TRUNKING PROTOCOL (VTP)
is a Cisco-proprietary Layer 2 protocol THAT ENABLES THE NETWORK MANAGER TO CONFIGURE ONE OR MORE SWITCHES SO THAT THEY PROPAGATE VLAN CONFIGURATION INFORMATION TO OTHER SITCHES IN THE NETWORK, AS ERLL AS SYNCRONIZINGS THE VLAN INFO WITH OTHER SWITCHES IN THE VTP DOMAIN
DATA VLAN
is a VLAN that is configured to carry user-generated traffic. A VLAN carrying voice or management traffic would not be part of a data VLAN.
SWITCH SPOOFING
is a type of VLAN hopping attack that works by taking advantage of an incorrectly configured trunk port. ATTACKER CAN THEN GAIN ACCESS TO ALL VLANS IN THAT TRUNK
MANAGEMENT VLAN
is any VLAN configured to access the management capabilities of a switch. VLAN 1 is the management VLAN by default. To create the management VLAN, the switch virtual interface (SVI) of that VLAN is assigned an IP address and subnet mask, allowing the switch to be managed via HTTP, Telnet, SSH, or SNMP.
NATIVE VLAN
is assigned to an 802.1Q trunk port. An 802.1Q trunk port supports traffic coming from many VLANs (tagged traffic), as well as traffic that does not come from a VLAN (untagged traffic). The 802.1Q trunk port places untagged traffic on the native VLAN, which by default is VLAN 1
DYNAMIC TRUNKING PROTOCOL (DTP)
is used to negotiate forming a trunk between two Cisco devices.
