STP questions 3
What can you change to select switch as root bridge? A. make lower priority B. make higher priority C. make lower path cost D. make higher path cost
Answer: A
What will take place on the port that enabled portfast? A. forwarding B. learning C. listening D. blocking
Answer: A
Which command enables RSTP on a switch? A. spanning-tree mode rapid-pvst B. spanning-tree uplinkfast C. spanning-tree backbonefast D. spanning-tree mode mst
Answer: A
Which port security violation mode allows traffic from valid mac address to pass but block traffic from invalid MAC address? A. protect B. shutdown C. shutdown vlan D. restrict
Answer: A Explanation In fact both "protect" and "restrict" mode allows traffic from passing with a valid MAC address so this question is not good. This is a quote from Cisco for these two modes: protect: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value. restrict: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment. Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.pdf Therefore the only difference between these two modes is "restrict" mode causes the SecurityViolation counter to increment (only useful for statistics).
Which option is the industry-standard protocol for EtherChannel? A. LACP B. PAGP C. Cisco Discovery Protocol D. DTP
Answer: A Explanation LACP is the IEEE Standard (IEEE 802.3ad) and is the most common dynamic Etherchannel protocol, whereas PAgP is a Cisco proprietary protocol and works only between supported vendors and Cisco devices.
Which option is the default switch port port-security violation mode? A. shutdown B. protect C. shutdown vlan D. restrict
Answer: A Explanation Shutdown is the default switch port port-security violation mode. When in this mode, the switch will automatically force the switchport into an error disabled (err-disable) state when a violation occurs. While in this state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state by issuing the errdisable recovery cause CLI command or by disabling and re-enabling the switchport.
For which two protocols can PortFast alleviate potential host startup issues? (Choose two) A. DHCP B. DNS C. OSPF D. RIP E. CDP
Answer: A B
Which command can you enter in a network switch configuration so that learned MAC addresses are saved in configuration as they connect? A. Switch(config-if)#switch port-security B. Switch(config-if)#switch port-security mac-address sticky C. Switch(config-if)#switch port-security maximum 10 D. Switch(config-if)#switch mode access
Answer: B Explanation The full command should be "switchport port-security mac-address sticky" but we can abbreviate in Cisco command.
What is one benefit of PVST+? A. PVST+reduces the CPU cycles for all the switches in the network B. PVST+automatically selects the root bridge location,to provide optimized bandwidth usage. C. PVST+allow the root switch location to be optimized per vlan. D. PVST+supports Layer 3 load balancing without loops.
Answer: C
Which port security mode can assist with troubleshooting by keeping count of violations? A. access B. protect C. restrict D. shutdown
Answer: C
Which type of secure MAC address must be configured manually? A. dynamic B. bia C. static D. sticky
Answer: C
By default, how many MAC addresses are permitted to be learned on a switch port with port security enabled? A. 8 B. 2 C. 1 D. 0
Answer: C Explanation By default, port security limits the MAC address that can connect to a switch port to one. If the maximum number of MAC addresses is reached, when another MAC address attempting to access the port a security violation occurs.
What is the status of port-channel if LACP is misconfigured? A. Forwarding B. Enabled C. Disabled D. Errdisabled
Answer: C Explanation EtherChannel misconfiguration occurs when the channel parameters do not match on both sides of the EtherChannel, resulting in the following message: %PM-SP-4-ERR_DISABLE: channel-misconfig error detected on Po3, putting E1/3 in err-disable state Therefore from the output above we can see that when miconfigured, the physical (member) interface is put into err-disable state. But this question asks above "the status of port-channel" (not the physical member interface) so answer "Disabled" is a better choice.
Which RPVST+ port state is excluded from all STP operations? A. learning B. forwarding C. blocking D. disabled
Answer: D
Which type of port role does not participate in STP calculation? A. Listening B. Learning C. Forwarding D. Discarding
Answer: D
When you enable PortFast on a switch port, the port immediately transitions to which state? A. Blocking B. Forwarding C. Learning D. Listening
Answer: B Explanation PortFast causes a switch or trunk port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states.
Which two of these statements regarding RSTP are correct? (Choose two) A. RSTP cannot operate with PVST+. B. RSTP defines new port roles. C. RSTP defines no new port states. D. RSTP is a proprietary implementation of IEEE 802.1D STP. E. RSTP is compatible with the original IEEE 802.1D STP.
Answer: B E
A question about BPDU. What would a PortFast BPDU guard port do when it is configured on a port? (Choose two) A. err-disabled when port receives BPDUs B. supported only on nontrunking access ports C. forward when port receives BPDUs D. supported on trunk ports
Answer: A B Explanation PortFast BPDU guard prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning tree blocking state. In a valid configuration, PortFast-configured interfaces do not receive BPDUs. If a PortFast-configured interface receives a BPDU, an invalid configuration exists. BPDU guard provides a secure response to invalid configurations because the administrator must manually put the interface back in service. Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/stp_enha.html
Which two EtherChannel PAgP modes can you configure? (Choose two) A. Auto B. Desirable C. Active D. Passive E. On
Answer: A B Explanation There are two PAgP modes: Auto Responds to PAgP messages but does not aggressively negotiate a PAgP EtherChannel. A channel is formed only if the port on the other end is set to Desirable. This is the default mode. Desirable Port actively negotiates channeling status with the interface on the other end of the link. A channel is formed if the other side is Auto or Desirable. The table below lists if an EtherChannel will be formed or not for PAgP: PAgP Desirable Auto Desirable Yes Yes Auto Yes No
Which three statements about RSTP are true? (choose three) A. RSTP significantly reduces topology reconverging time after a link failure. B. RSTP expends the STP port roles by adding the alternate and backup roles. C. RSTP port states are blocking, discarding, learning, or forwarding. D. RSTP also uses the STP proposal-agreement sequence. E. RSTP use the same timer-based process as STP on point-to-point links. F. RSTP provides a faster transition to the forwarding state on point-to-point links than STP does.
Answer: A B F
Refer to the exhibit. Each of these four switches has been configured with a hostname, as well as being configured to run RSTP. No other configuration changes have been made. Which three of these show the correct RSTP port roles for the indicated switches and interfaces? (Choose three) RSPT_port_states.jpg A. SwitchA, Fa0/2, designated B. SwitchA, Fa0/1, root C. SwitchB, Gi0/2, root D. SwitchB, Gi0/1, designated E. SwitchC, Fa0/2, root F. SwitchD, Gi0/2, root
Answer: A B F Explanation The question says "no other configuration changes have been made" so we can understand these switches have the same bridge priority. Switch C has lowest MAC address so it will become root bridge and 2 of its ports (Fa0/1 & Fa0/2) will be designated ports -> E is incorrect. Because SwitchC is the root bridge so the 2 ports nearest SwitchC on SwitchA (Fa0/1) and SwitchD (Gi0/2) will be root ports -> B and F are correct. Now we come to the most difficult part of this question: SwitchB must have a root port so which port will it choose? To answer this question we need to know about STP cost and port cost. In general, "cost" is calculated based on bandwidth of the link. The higher the bandwidth on a link, the lower the value of its cost. Below are the cost values you should memorize: Link speed Cost 10Mbps 100 100Mbps 19 1 Gbps 4 SwitchB will choose the interface with lower cost to the root bridge as the root port so we must calculate the cost on interface Gi0/1 & Gi0/2 of SwitchB to the root bridge. This can be calculated from the "cost to the root bridge" of each switch because a switch always advertises its cost to the root bridge in its BPDU. The receiving switch will add its local port cost value to the cost in the BPDU. In the exhibit you also we FastEthernet port is connecting to GigabitEthernet port. In this case GigabitEthernet port will operate as a FastEthernet port so the link can be considered as FastEthernet to FastEthernet connection. One more thing to notice is that a root bridge always advertises the cost to the root bridge (itself) with an initial value of 0. Now let's have a look at the topology again RSPT_port_states_explanation.jpg SwitchC advertises its cost to the root bridge with a value of 0. Switch D adds 19 (the cost value of 100Mbps link although the port on Switch D is GigabitEthernet port) and advertises this value (19) to SwitchB. SwitchB adds 4 (the cost value of 1Gbps link) and learns that it can reach SwitchC via Gi0/1 port with a total cost of 23. The same process happens for SwitchA and SwitchB learns that it can reach SwitchC via Gi0/2 with a total cost of 38 -> Switch B chooses Gi0/1 as its root port -> D is not correct. Now our last task is to identify the port roles of the ports between SwitchA & SwitchB. It is rather easy as the MAC address of SwitchA is lower than that of SwitchB so Fa0/2 of SwitchA will be designated port while Gi0/2 of SwitchB will be alternative port -> A is correct but C is not correct. Below summaries all the port roles of these switches: RSPT_port_roles.jpg + DP: Designated Port (forwarding state) + RP: Root Port (forwarding state) + AP: Alternative Port (blocking state)
Which two states are the port states when RSTP has converged? (choose two) A. discarding B. learning C. disabled D. forwarding E. listening
Answer: A D Explanation RSTP only has 3 port states that are discarding, learning and forwarding. When RSTP has converged there are only 2 port states left: discarding and forwarding.
What parameter can be different on ports within an EtherChannel? A. speed B. DTP negotiation settings C. trunk encapsulation D. duplex
Answer: B Explanation All interfaces in an EtherChannel must be configured identically to form an EtherChannel. Specific settings that must be identical include: + Speed settings + Duplex settings + STP settings + VLAN membership (for access ports) + Native VLAN (for trunk ports) + Allowed VLANs (for trunk ports) + Trunking Encapsulation (ISL or 802.1Q, for trunk ports)
Which statement about spanning-tree root-bridge election is true? A. It is always performed automatically B. Each VLAN must have its own root bridge C. Each VLAN must use the same root bridge D. Each root bridge must reside on the same root switch
Answer: B Explanation Answer A is not correct as we can choose which switch to become root bridge by configuring bridge priority. The switch with lowest bridge priority (value) would become the root bridge. For answer B, this paragraph from Cisco confirms it is the correct answer: "When you implement a root bridge in a switching network, you usually refer to the root bridge as the root switch. Each VLAN must have its own root bridge because each VLAN is a separate broadcast domain. The roots for the different VLANs can all reside in a single switch or in various switches." Reference: https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/5234-5.html The meaning of answer C is not clear but maybe it means "every VLAN must use the same root bridge" which is not correct as Sw1 can be the root bridge for VLANs 1, 3, 5 but Sw2 can be the root bridge for VLAN 2, 4, 6... From the quote above we can say answer D is not correct.
Which option describes how a switch in rapid PVST+ mode responds to a topology change? A. It immediately deletes dynamic MAC addresses that were learned by all ports on the switch. B. It sets a timer to delete all MAC addresses that were learned dynamically by ports in the same STP instance. C. It sets a timer to delete dynamic MAC addresses that were learned by all ports on the switch. D. It immediately deletes all MAC addresses that were learned dynamically by ports in the same STP instance.
Answer: B Explanation For PVST and PVST+, any change in the STP topology will result in a Topology Change Notification (TCN) BPDU. The TCN tells the switches that a change in the topology table has occurred, and they must therefore flush their Content-Addressable Memory (CAM) tables. Switches will set their CAM tables to age out after ForwardDelay seconds, which is 15 seconds by default. In other words, if a host doesn't send traffic within 15 seconds to update the CAM table, the switch will have to begin flooding traffic to that host. This can lead to excessive amounts of flooded traffic. For more information please read: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/12013-17.html
The network administrator normally establishes a Telnet session with the switch from host A. The administrator's attempt to establish a connect via Telnet to the switch from host B fails, but pings from host B to other two hosts are successful. What is the issue for this problem? show_ip_int_brief.jpg A. Host B and the switch need to be in the same subnet. B. The switch needs an appropriate default gateway assigned. C. The switch interface connected to the router is down. D. Host B need to be assigned an IP address in vlan 1.
Answer: B Explanation Host A (172.19.1.1) and the management IP address of the Switch (172.19.1.250) are in the same subnet so telnet from host A to the switch can be successful even if a default gateway is not set on host A. But host B (172.19.32.2) and the management IP address of the Switch (172.19.1.250) are not in the same subnet so host B needs a default gateway to telnet to the switch. The default gateway on host B should be 172.19.32.254.
Which VTP mode can not make a change to vlan? A. Server B. Client C. Transparent D. Off
Answer: B Explanation Only VTP Client cannot make a change to VLAN.
Select the action that results from executing these commands: Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address sticky A. A dynamically learned MAC address is saved in the startup-configuration file. B. A dynamically learned MAC address is saved in the running-configuration file. C. A dynamically learned MAC address is saved in the VLAN database. D. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received. E. Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.
Answer: B Explanation The full syntax of the second command is: switchport port-security mac-address sticky [MAC] If we don't specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration -> B is correct.
Which two spanning-tree port states does RSTP combine to allow faster convergence? (Choose two) A. discarding B. listening C. blocking D. forwarding E. learning
Answer: B C Explanation There are only three port states left in RSTP that correspond to the three possible operational states. The 802.1D blocking, and listening states are merged into the 802.1w discarding state. * Discarding - the port does not forward frames, process received frames, or learn MAC addresses - but it does listen for BPDUs (like the STP blocking state) * Learning - receives and transmits BPDUs and learns MAC addresses but does not yet forward frames (same as STP). * Forwarding - receives and sends data, normal operation, learns MAC address, receives and transmits BPDUs (same as STP). STP State (802.1d) RSTP State (802.1w) Blocking Discarding Listening Discarding Learning Learning Forwarding Forwarding Although the learning state is also used in RSTP but it only takes place for a short time as compared to STP. RSTP converges with all ports either in forwarding state or discarding state.
Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands. show_port-security_interface_fa0_1.jpg Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two) A. Port security needs to be globally enabled. B. Port security needs to be enabled on the interface. C. Port security needs to be configured to shut down the interface in the event of a violation. D. Port security needs to be configured to allow only one learned MAC address. E. Port security interface counters need to be cleared before using the show command. F. The port security configuration needs to be saved to NVRAM before it can become active.
Answer: B D Explanation As we see in the output, the "Port Security" is in "Disabled" state (line 2 in the output). To enable Port security feature, we must enable it on that interface first with the command: SwitchA(config-if)#switchport port-security -> B is correct. Also from the output, we learn that the switch is allowing 2 devices to connect to it (switchport port-security maximum 2) but the question requires allowing only PC_A to access the network so we need to reduce the maximum number to 1 -> D is correct.
To configure the VLAN trunking protocol to communicate VLAN information between two switches, what two requirements must be met? (Choose two) A. Each end of the trunk line must be set to IEEE 802.1E encapsulation. B. The VTP management domain name of both switches must be set the same. C. All ports on both the switches must be set as access ports. D. One of the two switches must be configured as a VTP server. E. A rollover cable is required to connect the two switches together. F. A router must be used to forward VTP traffic between VLANs.
Answer: B D Explanation In Cisco switches there are two encapsulations: 802.1q and ISL so we can set two ends to ISL instead -> A is not correct. The ports between two switches must be set to trunk ports so that they can exchange VLAN information through VTP -> C is not correct. To connect two switches we can use cross-over cable or straight-through cable (because modern Cisco switches can "auto-sense") but not rollover cable -> E is not correct. To forward traffic in the same VLAN (between two or more switches) we can use switches only. If we want to forward VTP traffic between different VLANs we can use either a router or a Layer 3 switch -> F is not correct. Two switches can only communicate when they are set to the same VTP domain name (and the same VTP password) -> B is correct. One of the two switches must be set to VTP Server so that it can create VTP updates and advertise its VLAN information.
Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch. 2950Switch(config-if)#switchport port-security 2950Switch(config-if)#switchport port-security mac-address sticky 2950Switch(config-if)#switchport port-security maximum 1 The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two) switch_port_security.jpg A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF. B. Only host A will be allowed to transmit frames on fa0/1. C. This frame will be discarded when it is received by 2950Switch. D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1. E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1. F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.
Answer: B D Explanation The first command 2950Switch(config-if)#switchport port-security is to enable the port-security in a switch port. In the second command 2950Switch(config-if)#switchport port-security mac-address sticky, we need to know the full syntax of this command is switchport port-security mac-address sticky [MAC]. The STICKY keyword is used to make the MAC address appear in the running configuration and you can save it for later use. If you do not specify any MAC addresses after the STICKY keyword, the switch will dynamically learn the attached MAC Address and place it into your running-configuration. In this case, the switch will dynamically learn the MAC address 0000.00aa.aaaa of host A and add this MAC address to the running configuration. In the last command 2950Switch(config-if)#switchport port-security maximum 1 you limited the number of secure MAC addresses to one and dynamically assigned it (because no MAC address is mentioned, the switch will get the MAC address of the attached MAC address to interface fa0/1), the workstation attached to that port is assured the full bandwidth of the port.Therefore only host A will be allowed to transmit frames on fa0/1 -> B is correct. After you have set the maximum number of secure MAC addresses for interface fa0/1, the secure addresses are included in the "Secure MAC Address" table (this table is similar to the Mac Address Table but you can only view it with the show port-security address command). So in this question, although you don't see the MAC address of host A listed in the MAC Address Table but frames with a destination of 0000.00aa.aaaa will be forwarded out of fa0/1 interface -> D is correct.
What are the requirements for running VTP? (Choose two) A. VTP domain names must be different B. VTP domain names must be the same C. VTP server must have the highest revision numbers D. All devices need to have the same VTP version
Answer: B D Explanation VTP server usually has the same revision number with other switches (when they are synchronized) so answer C is not correct. To run VTP, the VTP domain names and VTP version must be matched among the devices running VTP
Refer to the exhibit. At the end of an RSTP election process, which access layer switch port will assume the discarding role? RSTP_election_port_roles.jpg A. Switch3, port fa0/1 B. Switch3, port fa0/12 C. Switch4, port fa0/11 D. Switch4, port fa0/2 E. Switch3, port Gi0/1
Answer: C Explanation In this question, we only care about the Access Layer switches (Switch3 & 4). Switch 3 has a lower bridge ID than Switch 4 (because the MAC of Switch3 is smaller than that of Switch4) so both ports of Switch3 will be in forwarding state. The alternative port will surely belong to Switch4. Switch4 will need to block one of its ports to avoid a bridging loop between the two switches. But how does Switch4 select its blocked port? Well, the answer is based on the BPDUs it receives from Switch3. A BPDU is superior than another if it has: 1. A lower Root Bridge ID 2. A lower path cost to the Root 3. A lower Sending Bridge ID 4. A lower Sending Port ID These four parameters are examined in order. In this specific case, all the BPDUs sent by Switch3 have the same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID. The only parameter left to select the best one is the Sending Port ID (Port ID = port priority + port index). In this case the port priorities are equal because they use the default value, so Switch4 will compare port index values, which are unique to each port on the switch, and because Fa0/12 is inferior to Fa0/1, Switch4 will select the port connected with Fa0/1 (of Switch3) as its root port and block the other port -> Port fa0/11 of Switch4 will be blocked (discarding role). If you are still not sure about this question, please read my RSTP tutorial.
Which port state is introduced by Rapid-PVST? A. learning B. listening C. discarding D. forwarding
Answer: C Explanation PVST+ is based on IEEE802.1D Spanning Tree Protocol (STP). But PVST+ has only 3 port states (discarding, learning and forwarding) while STP has 5 port states (blocking, listening, learning, forwarding and disabled). So discarding is a new port state in PVST+.
Which set of commands is recommended to prevent the use of a hub in the access layer? A. switch(config-if)#switchport mode trunk switch(config-if)#switchport port-security maximum 1 B. switch(config-if)#switchport mode trunk switch(config-if)#switchport port-security mac-address 1 C. switch(config-if)#switchport mode access switch(config-if)#switchport port-security maximum 1 D. switch(config-if)#switchport mode access switch(config-if)#switchport port-security mac-address 1
Answer: C Explanation Port security is only used on access port (which connects to hosts) so we need to set that port to "access" mode, then we need to specify the maximum number of hosts which are allowed to connect to this port -> C is correct. Note: If we want to allow a fixed MAC address to connect, use the "switchport port-security mac-address " command.
Which DTP switch port mode allows the port to create a trunk link if the neighboring port is in trunk mode, or desirable auto mode? A. Dynamic auto B. Trunk C. Dynamic desirable D. Access
Answer: C Explanation The Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco for the purpose of negotiating trunking on a link between two switches, and for negotiating the type of trunking encapsulation to be used. In dynamic auto mode, the interface is able to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk or desirable mode. The default switchport mode for newer Cisco switch Ethernet interfaces is dynamic auto. Note that if two Cisco switches are left to the common default setting of auto, a trunk will never form. In dynamic desirable mode, the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. This is the default switchport mode on older switches, such as the Catalyst 2950 and 3550 Series switches -> This is the best answer in this question. Reference: http://www.ciscopress.com/articles/article.asp?p=2181837&seqNum=8 Note: In this question answer "Trunk" is also correct. Maybe this is an error question. But Cisco requires us to pick up the best answer even such an error occurs so we believe "Dynamic desirable" is the best option here.
Which protocol supports sharing the VLAN configuration between two or more switches? A. multicast B. STP C. VTP D. split-horizon
Answer: C Explanation With VTP, switches can learn VLAN configuration of other switches dynamically.
Which two commands correctly verify whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two) A. SW1# show switchport port-security interface FastEthernet 0/12 B. SW1# show switchport port-secure interface FastEthernet 0/12 C. SW1# show port-security interface FastEthernet 0/12 D. SW1# show running-config
Answer: C D Explanation We can verify whether port security has been configured by using the "show running-config" or "show port-security interface " for more detail. An example of the output of "show port-security interface " command is shown below: show_port-security_interface.jpg
A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two) A. The network administrator can apply port security to dynamic access ports B. The network administrator can configure static secure or sticky secure mac addresses in the voice vlan. C. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration. D. The network administrator can apply port security to EtherChannels. E. When dynamic mac address learning is enabled on an interface, the switch can learn new addresses up to the maximum defined.
Answer: C E Explanation Follow these guidelines when configuring port security: + Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports. -> A is not correct. + A secure port cannot be a dynamic access port. + A secure port cannot be a destination port for Switched Port Analyzer (SPAN). + A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group. -> D is not correct + You cannot configure static secure or sticky secure MAC addresses on a voice VLAN. -> B is not correct. + When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two. + If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN. + When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses. + The switch does not support port security aging of sticky secure MAC addresses. + The protect and restrict options cannot be simultaneously enabled on an interface. (Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swtrafc.html#wp1038546) Note: Dynamic access port or Dynamic port VLAN membership must be connected to an end station. This type of port can be configured with the "switchport access vlan dynamic" command in the interface configuration mode. Please read more about Dynamic access port here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swvlan.html#wp1103064
Refer to the exhibit. Etherchannel_speed.jpg If the devices produced the given output, what is the cause of the EtherChannel problem? A. SW1's Fa0/1 interface is administratively shut down. B. There is an encapsulation mismatch between SW1's Fa0/1 and SW2's Fa0/1 interfaces. C. There is an MTU mismatch between SW1's Fa0/1 and SW2's Fa0/1 interfaces. D. There is a speed mismatch between SW1's Fa0/1 and SW2's Fa0/1 interfaces.
Answer: D Explanation All interfaces in an EtherChannel must be configured identically to form an EtherChannel. Specific settings that must be identical include: + Speed settings + Duplex settings + STP settings + VLAN membership (for access ports) + Native VLAN (for trunk ports) + Allowed VLANs (for trunk ports) + Trunking Encapsulation (ISL or 802.1Q, for trunk ports) In the output of the "show interface fa0/1" commands we see the speed of interface Fa0/1 of SW1 is "100Mb/s" while that of SW2 is "10Mb/s" so the speed is mismatched here -> an Etherchannel will not be formed.
Refer to the exhibit. Which statement is true? show_spanning-tree_vlan_20.jpg A. The Fa0/11 role confirms that SwitchA is the root bridge for VLAN 20. B. VLAN 20 is running the Per VLAN Spanning Tree Protocol. C. The MAC address of the root bridge is 0017.596d.1580. D. SwitchA is not the root bridge, because not all of the interface roles are designated.
Answer: D Explanation Only non-root bridge can have root port. Fa0/11 is the root port so we can confirm this switch is not the root bridge -> A is not correct. From the output we learn this switch is running Rapid STP, not PVST -> B is not correct. 0017.596d.1580 is the MAC address of this switch, not of the root bridge. The MAC address of the root bridge is 0017.596d.2a00 -> C is not correct. All of the interface roles of the root bridge are designated. SwitchA has one Root port and 1 Alternative port so it is not the root bridge -> D is correct.
Which feature can you use to monitor traffic on a switch by replicating it to another port or ports on the same switch? A. copy run start B. traceroute C. the ICMP Echo IP SLA D. SPAN
Answer: D Explanation Switched Port Analyzer (SPAN) is used to analyze network traffic passing through ports on a switch. For example we can configure the Switch to monitor its interface Fa0/0, which connects to the Core, by sending all traffic to/from Fa0/0 to its Fa0/1 interface. At Fa0/1 interface we connect to a computer and use such a software like Wireshark to capture the packets.
Refer to the exhibit. While troubleshooting a switch, you executed the "show interface port-channel 1 etherchannel" command and it returned this output. Which information is provided by the Load value? Etherchannel_show_interface_port-channel.jpg A. the percentage of use of the link B. the preference of the link C. the session count of the link D. the number source-destination pairs on the link
Answer: D Explanation The way EtherChannel load balancing works is that the switch assigns a hash result from 0-7 based on the configured hash method ( load balancing algorithm ) for the type of traffic. This hash result is commonly called as Result Bundle Hash (RBH). Now we need to convert Load value from Hexadecimal to Binary numbers. Therefore: + Gi1/1: 36 (Hex) = 00110110 (Bin) -> Bits 3, 4, 6, 7 are chosen + Gi1/2: 84 (Hex) = 10000100 (Bin) -> Bits 1, 6 are chosen + Gi1/3: 16 (Hex) = 00010110 (Bin) -> Bits 4, 6, 7 are chosen Therefore if the RBH is 3, it will choose Gi1/1. If RBH is 4, it will choose Gi1/1 and Gi1/3 interfaces. If RBH is 6 it will choose all three above interfaces. And the bit sharing ratio is 3:3:2 (from "No of bits" column) hence two links has higher probability of getting utilized as compared to the third link.
How to enable VLANs automatically across multiple switches? A. Configure VLAN B. Confiture NTP C. Configure each VLAN D. Configure VTP
Answer: D Explanation VLAN Trunking Protocol (VTP) allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches in the network automatically.
Which two switch states are valid for 802.1w? (Choose two) A. listening B. backup C. disabled D. learning E. discarding
Answer: D E Explanation IEEE 802.1w is Rapid Spanning Tree Protocol (RSTP). There are only three port states left in RSTP that correspond to the three possible operational states. The 802.1D disabled, blocking, and listening states are merged into the 802.1w discarding state. * Discarding - the port does not forward frames, process received frames, or learn MAC addresses - but it does listen for BPDUs (like the STP blocking state) * Learning - receives and transmits BPDUs and learns MAC addresses but does not yet forward frames (same as STP). * Forwarding - receives and sends data, normal operation, learns MAC address, receives and transmits BPDUs (same as STP).
Which condition does the err-disabled status indicate on an Ethernet interface? A. There is a duplex mismatch. B. The device at the other end of the connection is powered off. C. The serial interface is disabled. D. The interface is configured with the shutdown command. E. Port security has disabled the interface. F. The interface is fully functioning.
Answer: E Explanation There are various reasons for the interface to go into errdisable. The reason can be: + Duplex mismatch + Port channel misconfiguration + BPDU guard violation + UniDirectional Link Detection (UDLD) condition + Late-collision detection + Link-flap detection + Security violation + Port Aggregation Protocol (PAgP) flap + Layer 2 Tunneling Protocol (L2TP) guard + DHCP snooping rate-limit + Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable + Address Resolution Protocol (ARP) inspection + Inline power Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/69980-errdisable-recovery.html Therefore in fact there are two correct answers in this question, which are "There is a duplex mismatch" and "Port security has disabled the interface" but maybe you should choose the port security answer as it is the most popular reason.
