alphastate's ICND1 CH9

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Q1. How does a SSH configuration differ from a telnet one?

A1. SSH must supply both a user name and a password. Telnet only requires a password.

Q10. What are the types of Banner commands and how are they used?

A10. • MESSAGE OF THE DAY (MOTD). Displayed before the console login prompt. • LOGIN. After the MOTD, but before the console login. The console must be configured with a password for this to work. • EXEC. After entering the console password, but before the enable EXEC password.

Q11. How do you prevent the Cisco device from displaying Syslog messages in the middle of a command that you are entering, or in the middle of the output of a show command?

A11. Enter the command: # logging synchronous

Q12. How long does it take by default to disconnect an inactive console\telnet\SSH session?

A12. 5 minutes of inactivity.

Q13. How do you change the length of the inactivity period before getting disconnected from a console\telnet\SSH session?

A13. Enter the line interface configuration command: # exec-timeout <minutes> <seconds>

Q14. Can you figure the Cisco device to never time out?

A14. Yes, enter the line interface configuration command: # exec-timeout 0 0

Q15. How do you assign an IP address to a Cisco switch?

A15. Enter these commands: # conf t # interface vlan 1 # ip address <address> <mask> # no shutdown # exit # ip default-gateway <address>

Q16. How do you configure a Cisco switch to use DHCP to obtain it's IP address information?

A16. Enter these commands: # conf t # interface vlan 1 # ip address dhcp

Q17. How do you view the DHCP lease information on a switch configured with DHCP?

A17. Enter the command: # show dhcp lease

Q18. How do you change the duplex, speed, and description of a switch interface?

A18. Enter the commands: # conf t # interface fastethernet 0/number # duplex full | half # speed 10 | 100 | 1000 # description This connects to the webserver

Q19. What command allows you to configure a range of switch interfaces simultaneously instead of one interface at a time?

A19. X and Y are numbers, enter the command: # interface range fastethernet 0/x-y

Q2. What authentication method(s) is required for SSH?

A2. • Locally configured. • Externally configured on a AAA server.

Q20. What is "Port Security" used for?

A20. To restrict an interface so that only expected devices can use it.

Q21. What is meant by making a switch's port an "access port"?

A21. The port will not be doing any VLAN trunking.

Q22. Generally speaking, what are the steps involved in configuring port security?

A22. (1) Make the port an access port. (2) Enable port security. (3) Configure the MAC addresses of the devices allowed to use the port.

Q23. What are the specific commands to enable port security?

A23. In interface configuration mode, enter the commands: # switchport mode access # switchport port-security # switchport port-security mac-address <mac-address>

Q24. What are some switchport optional security commands?

A24. • Set the maximum number of allowed MAC addresses: # switchport port-security maximum <number> • Define an action to take when a frame is received from a MAC address not listed. # switchport port-security violation {protect | restrict | shutdown}

Q25. How can you dynamically learn the MAC-addresses of currently connected hosts for port-security?

A25. Enter the "sticky learning" command: # switchport port-security mac-address sticky

Q26. What are the possible actions taken when a port-security violation occurs?

A26. • Discard offending traffic [Protect | Restrict | Shutdown] • Send log and SNMP messages [Restrict | Shutdown] • Disable interface [Shutdown]

Q27. What are the types of switch interfaces and what do they do?

A27. • "Access" interfaces send and receive only in a single VLAN. • "Trunking" interfaces send and receive traffic in multiple VLANs.

Q28. For access interfaces to send and receive, what must be configured?

A28. The access interfaces • must be assigned to a specific VLAN, • and issued the "no shutdown" command.

Q29. What is configured by default on Cisco switches?

A29. Cisco switches have VLAN configured and all interfaces are assigned to it.

Q3. How is the password listed in the configuration for the "enable secret <password>" command?

A3. The password is shown as a hidden MD5 hash value.

Q30. What command lists all configured VLANs?

A30. # show vlan brief

Q31. How do you configure a new VLAN?

A31. Enter the commands: # conf t # vlan <vlan-id> # name <vlan-name>

Q32. How do you assign access mode interfaces to a specific VLAN?

A32. (1) Enter interface configuration mode for each desired interface. (2) Assign the interface to a VLAN. (3) Disable trunking (optional)

Q33. What are the general recommendations does Cisco make regarding switch interfaces?

A33. • Administratively shutdown any unused interfaces. # shutdown • Prevent VLAN trunking and VTP by making the port a non-trunking interface. # switchport mode access • Assign the interfaces to an unused VLAN. # switchport access vlan <number>

Q34. How do you find the public key generated by the command "crypto key generate rsa"?

A34. Enter the command: # show crypto key mypubkey rsa

Q35. If a password is added or changed after the "service password-encryption" command has been executed, will it be encrypted?

A35. Yes, it will be encrypted.

Q36. How do you configure the console login to ask for both the user name and password?

A36. Enter the commands: # conf t # line console 0 # login local # exit # username <name> password <password>

Q37. How do you change the default number of commands held in the history buffer for later recall?

A37. Enter the command: # history size <x>

Q38. How do you assign a name to a Cisco device?

A38. Enter the commands: # conf t # hostname <name>

Q39. What does the following command do? # enable secret 0 <password>

A39. The password that was entered in plain text is encrypted using a MD5 hash (type 5) and is stored in the running-config.

Q4.How is the password listed in the configuration for the enable password <password> command?

A4. The password is shown in plain text.

Q40. How do you deleted an "enable secret" command?

A40. Enter the command: # no enable secret 0 <password>

Q41. How do the results of the "service password-encryption" command differ from the "enable secret" command?

A41. The "enable secret" is more secure.

Q42. Is the output of the "enable secret" in encrypted form?

A42. No. It is the result of a mathematical hash.

Q43. How do you know what commands are in the history buffer?

A43. Enter the command: # show history

Q44. How do you change the history buffer size only for the user currently logged on?

A44. Enter the command: # terminal history size <x>

Q45. Do all the switch IOSs support the DHCP function on the VLAN 1 interface?

A45. IOS versions prior to 12.2 do not.

Q46. What is displayed in the switch output of the "show interface status" command?

A46. One line per interface: (1) Port (2) Name (3) Status - connected\disconnected (4) VLAN ID# (5) Duplex mode (6) Speed (7) Type - access or trunk

Q47. What is displayed in the output of the "show interface vlan 1" command?

A47. (1) VLAN 1 up, Protocol up (2) MAC address (3) IP address, subnet mask (4) much more,

Q48. How do you show port-security settings?

A48. Enter the command: # show port-security interface <type><number>

Q5. How do you encrypt the console, vty, and username command passwords?

A5. Enter the global configuration command: # service password-encryption

Q6. If both the "enable password" and the "enable secret" commands are configured, which one is used when trying to login to the Cisco device's enable mode?

A6. The "enable secret" password.

Q7. What commands are needed to configure a Cisco device to use SSH?

A7. Enter the commands: # conf t # line vty 0 15 # login local # transport input telnet ssh # exit # username <name> password <password> # ip domain-name example.com # crypto key generate rsa

Q8. What happens when the "crypto key generate rsa" command is entered?

A8. A public key and a private key is generated.

Q9. What does a SSH client need to connect to the SSH enabled Cisco device?

A9. A copy of the public key.


Ensembles d'études connexes

Bible 700 - Unit 3: The Attributes of God QUIZ 3: ATTRIBUTE OF GRACE

View Set

Mod 1 - Med Term - Directional & Movement Terms

View Set