CCENT ICND1 100-101 Ch 10

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

8. Which of the following commands in the configuration, is a prerequisite for the other commands to function? S3# config t S(config)# int fa0/3 S3(config-if# switchport port-security S3(config-if# switchport port-security maximum 3 S3(config-if# switchport port-security violation restrict S3(config-if# Switchport mode-security aging time 10 A. switchport mode-security aging time 10 B. switchport port-security C. switchport port-security maximum 3 D. switchport port-security violation restrict

8. B. The switchport port-security command enables port security, which is a prerequisite for the other commands to function.

What are the three switch functions at layer 2?

Address learning, forward/filter decisions, and loop avoidance

Remember the three switch functions.

Address learning, forward/filter decisions, and loop avoidance are the functions of a switch.

Which two of the following switch port violation modes will alert you via SNMP that a violation has occurred on a port? A. Restrict B. Protect C. Shutdown D. Err-disable

B, C. Shutdown and protect mode will alert you via SNMP that a violation has occurred on a port.

Which of the following methods will ensure that only one specific host can connect to port F0/3 on a switch? (Choose two. Each correct answer is a separate solution.) A. Configure port security on F0/3 to accept traffic other than that of the MAC address of the host. B. Configure the MAC address of the host as a static entry associated with port F0/3. C. Configure an inbound access control list on port F0/3 limiting traffic to the IP address of the host. D. Configure port security on F0/3 to accept traffic only from the MAC address of the host.

B, D. To limit connections to a specific host, you should configure the MAC address of the host as a static entry associated with the port, although be aware that this host can still connect to any other port, but no other port can connect to f0/3, in this example. Another solution would be to configure port security to accept traffic only from the MAC address of the host. By default, an unlimited number of MAC addresses can be learned on a single switch port, whether it is configured as an access port or a trunk port. Switch ports can be secured by defining one or more specific MAC addresses that should be allowed to connect and by defining violation policies (such as disabling the port) to be enacted if additional hosts try to gain a connection.

On which interface have you configured an IP address for a switch? A. int fa0/0 B. int vty 0 15 C. int vlan 1 D. int s/0/0

C. The IP address is configured under a logical interface, called a management domain or VLAN 1.

The conference room has a switch port available for use by the presenter during classes, and each presenter uses the same PC attached to the port. You would like to prevent other PCs from using that port. You have completely removed the former configuration in order to start anew. Which of the following steps is not required to prevent any other PCs from using that port? A. Enable port security. B. Assign the MAC address of the PC to the port. C. Make the port an access port. D. Make the port a trunk port.

D. You would not make the port a trunk. In this example, this switchport is a member of one VLAN. However, you can configure port security on a trunk port, but again, not valid for this question.

If a destination MAC address is not in the forward/filter table, what will the switch do with the frame?

Flood the frame out all ports except the port on which it was received

If a frame is received on a switch port and the source MAC address is not in the forward/filter table, what will the switch do?

It will add the source MAC address in the forward/filter table and associate it with the port on which the frame was received.

What are the default modes for a switch port configured with port security?

Maximum 1, violation shutdown

_______________ is the loop avoidance mechanism used by switches.

Spanning tree protocol (STP) STP is a switching loop avoidance scheme use by switches.

Remember the command show mac address-table

The command show mac address-table will show you the forward/filter table used on the LAN switch.

Know the command to enable port security.

To enable port security on a port, you must first make sure the port is an access port and then use the switchport port-security command at interface level. You can set the port security parameters before or after enabling port security.

Know the commands to verify port security.

To verify port security, use the show port-security , show port-security interface interface , and show running-config commands.

Type the command that generated the last entry in the MAC address table shown. Type the command only, without the prompt. Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- -----All 0100.0ccc.cccc STATIC CPU [output cut] 1 000e.83b2.e34b DYNAMIC Fa0/1 1 0011.1191.556f DYNAMIC Fa0/1 1 0011.3206.25cb DYNAMIC Fa0/1 1 001a.4d55.2f7e DYNAMIC Fa0/1 1 001b.d40a.0538 DYNAMIC Fa0/1 1 001c.575e.c891 DYNAMIC Fa0/1 1 aaaa.bbbb.0ccc STATIC Fa0/7

mac address-table static aaaa.bbbb.cccc vlan 1 int fa0/7 You can set a static MAC address in the MAC address table and when done it will appear as a static entry in the table.

What command will show you the forward/filter table?

show mac address-table

Write the command that generated the following output. Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- All 0100.0ccc.cccc STATIC CPU [output cut] 1 000e.83b2.e34b DYNAMIC Fa0/1 1 0011.1191.556f DYNAMIC Fa0/1 1 0011.3206.25cb DYNAMIC Fa0/1 1 001a.2f55.c9e8 DYNAMIC Fa0/1 1 001a.4d55.2f7e DYNAMIC Fa0/1 1 001c.575e.c891 DYNAMIC Fa0/1 1 b414.89d9.1886 DYNAMIC Fa0/5 1 b414.89d9.1887 DYNAMIC Fa0/6

show mac address-table This command displays the forward filter table, also called a content addressable memory (CAM) table.

Write the command required to disable the port if a security violation occurs. Write only the command and not the prompt.

switchport port-security violation shutdown This command is used to set the reaction of the switch to a port violation of shutdown.

What statement(s) is/are true about the output shown below? (Choose all that apply.) S3# sh port-security int f0/3Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 2 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address:Vlan : 0013:0ca69:00bb3:00ba8:1 Security Violation Count : 1 A. The port light for F0/3 will be amber in color. B. The F0/3 port is forwarding frames. C. This problem will resolve itself in a few minutes. D. This port requires the shutdown command to function.

A, D. In the above output, you can see that the port is in Secure-shutdown mode and the light for the port would be amber. To enable the port again you'd need to do the following: S3(config-if)# shutdown S3(config-if)# no shutdown

Which of the following statements is not true with regard to layer 2 switching? A. Layer 2 switches and bridges are faster than routers because they don't take up time looking at the Data Link layer header information. B. Layer 2 switches and bridges look at the frame's hardware addresses before deciding to either forward, flood, or drop the frame. C. Switches create private, dedicated collision domains and provide independent bandwidth on each port. D. Switches use application-specific integrated circuits (ASICs) to build and maintain their MAC filter tables.

A. Layer 2 switches and bridges are faster than routers because they don't take up time looking at the Network Layer header information. They do make use of the Data Link layer information.

Which if the following is not an issue addressed by STP? A. Broadcast storms B. Gateway redundancy C. A device receiving multiple copies of the same frame D. Constant updating of the MAC filter table

B. Gateway redundancy is not an issue addressed by STP.

Which Cisco IOS command is used to verify the port security configuration of a switch port? A. show interfaces port-security B. show port-security interface show ip interface D. show interfaces switchport

B. The show port-security interface command displays the current port security and status of a switch port, as in this sample output: Switch# show port-security interface fastethernet0/1 Port Security: Enabled Port status: SecureUp Violation mode: Shutdown Maximum MAC Addresses: 2 Total MAC Addresses: 2 Configured MAC Addresses: 2 Aging Time: 30 mins Aging Type: Inactivity SecureStatic address aging: Enabled Security Violation count: 0

What will be the effect of executing the following command on port F0/1? switch(config-if)# switchport port-security mac-address 00C0.35F0.8301 A. The command configures an inbound access control list on port F0/1, limiting traffic to the IP address of the host. B. The command expressly prohibits the MAC address of 00c0.35F0.8301 as an allowed host on the switch port. C. The command encrypts all traffic on the port from the MAC address of 00c0.35F0.8301. D. The command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port.

D. The command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port. By default, an unlimited number of MAC addresses can be learned on a single switch port, whether it is configured as an access port or a trunk port. Switch ports can be secured by defining one or more specific MAC addresses that should be allowed to connect and violation policies (such as disabling the port) if additional hosts try to gain a connection.

Understand the reason for port security.

Port security restricts access to a switch based on MAC addresses.

Write the command that will save a dynamically learned MAC address in the running-configuration of a Cisco switch?

switchport port-security mac-address sticky Issuing the switchport port-security mac-address sticky command will allow a switch to save a dynamically learned MAC address in the running-configuration of the switch, which prevents the administrator from having to document or configure specific MAC addresses.

Write the command that would limit the number of MAC addresses allowed on a port to 2. Write only the command and not the prompt.

switchport port-security maximum 2 The maximum setting of 2 means only two MAC addresses can be used on that port; if the user tries to add another host on that segment, the switch port will take the action specified. In the port-security violation command.


Ensembles d'études connexes

Chapter 10: Democracy in America, 1815-1840

View Set

Paul Helton Abnormal Psych Final

View Set

Health Assessment PrepU Ch. 4 (The Health History)

View Set

BUL5810 Homework Question - Chapter 5

View Set

buyer's guides and policies summaries

View Set