Network Access Cisco
Which Cisco AP mode would prevent a remote office network from losing all outside network connectivity in an event of CAPWAP tunnel outage?
FlexConnect would prevent a remote office network from losing all outside network connectivity in an event of Control and Provisioning of Wireless Access Points (CAPWAP) tunnel outage. Access Points (APs) set to FlexConnect mode can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost. FlexConnect is a wireless solution for branch or remote office network deployments. It enables customers to configure and control access points in a branch or remote office from the corporate office through a wide area network link without deploying a controller locally in each external office.
Match each QoS profile with its default application assignment on a WLC.
Refer to document
Which two CDP details are displayed using the show cdp command? (Choose two.)
The show cdp command displays the Cisco Discovery Protocol (CDP) timers and version.
What is the default timeout option for a WLC telnet session?
5 minutes.
What type of interface is NOT used on a WLC?
A static interface is not a valid interface type for a Cisco Wireless Controller (WLC).
A network administrator discovers a traffic loop that is causing slow inter VLAN connectivity.What could be a possible reason for this?
An asymmetrically configured EtherChannel can cause slow inter VLAN connectivity. Asymmetrically configured EtherChannel can create a loop in the network. Looped packets can cause switch buffers to fill up. This causes slow performance, and in extreme cases it can stop all network traffic from passing.
Which access method for the Cisco Wireless Controller (WLC) is enabled by default?
By default HTTPS is enabled when using the service port interface. Using HTTPS gives access to the GUI for management access to the controller.
Which feature on a Cisco WLC restricts management access from specific networks?
CPU Access Control Lists (ACLs) restrict management access from specific networks on a Cisco Wireless LAN Controller (WLC). The ACL is a security feature to secure network access from designated areas of the network, for example a management network.
Refer to the exhibit. What will be displayed in the CDP table on Router2?
Cisco Discovery Protocol (CDP) will display Device ID: Router1, Port ID: Gig 0/1. The device ID field refers to a hostname of a directly connected device. Port ID displays a neighbor device's interface information. CDP is a proprietary protocol designed to identify a directly connected network device.
Which AP mode allows a branch office to have an AP without deploying a branch controller?
FlexConnect allows a branch office to have an access point (AP) without a branch controller. APs can be deployed using several modes depending on the environment, network size, and locations. FlexConnect was previously known as Hybrid Remote Edge Access Point. FlexConnect is a good solution for a remote site because a local wireless LAN controller (WLAN) is not required.
Which ports will become the root ports in the RSTP topology shown in the exhibit? (Choose two.)
G0/1 on SW2 and G0/1 on SW3 will become the root ports. A root port has the smallest path cost to the root bridge. A root bridge is elected by all switches using bridge protocol data units (BPDUs). A switch with the lowest priority becomes the root bridge. The default value is 32768. In the topology shown in the exhibit, SW1 has the lowest priority and becomes the root bridge. SW2 and SW3 designate one port to become the root port. SW2 will use G0/1 because it is a faster path to the root bridge than using the F0/1 port. SW3 will use G0/1 because it is a faster path to the root bridge than using the G0/2 port.
Which ports should be configured as trunks in the wireless topology shown in the exhibit?
G0/1 should be configured as a trunk. All other ports should be access ports. A Lightweight Access Point (LAP) is equipped with a single port and should be connected to a switch configured as an access port. An access port can carry traffic for a single virtual LAN (VLAN) only. A trunk supports frames from multiple VLANs.
Which wireless deployment option offers a controllerless infrastructure for up to 100 APs?
Mobility Express is a wireless deployment solution for up to 100 access points (APs). Mobility Express is commonly referred to as a controllerless solution because any AP can act as a virtual controller without the need for a dedicated wireless LAN controller (WLC). This solution provides a simplified architecture for small networks of up to 100 APs.
SW0 and SW1 have four VLANs configured: 1, 2, 7, and 8. There is a trunk enabled, as shown in the exhibit. What will be the result of executing the switchport trunk allowed vlan 5 command under interface Gi0/1 on SW0?
Only VLAN 5 will be allowed on the trunk. There will be no active VLANs on the trunk. Executing the switchport trunk allowed vlan 5 command under interface Gi0/1 on SW0 removes all allowed VLANs and adds VLAN 5. VLAN 5 does not exist on the switch and will be inactive on the trunk. The switchport trunk allowed vlan add command should be used to add a new VLAN ID without removing previously allowed VLANs.
Refer to the following configuration:Router1>enableRouter1#configure terminalRouter1(config)#interface port-channel 1Router1(config-if)#interface g2/0/0Router1(config-if)#no ip addressRouter1(config-if)#channel-group 1 mode activeRouter1(config)#exitRouter1(config)#interface g1/0/0Router1(config-if)#no ip addressRouter1(config-if)#channel-group 1 mode activeRouter1(config-if)#endWhat is missing in the LACP configuration to enable it as the main interface to the WAN?
Port channel 1 has no IP configuration set. The configuration shown correctly groups interfaces g1/0/0 and g2/0/0 into port channel group 1, but it is missing the IP address of channel-group 1. The main interface of a port group requires an IP address for Layer 3 (WAN) networking. If LACP was required just for Layer 2 (LAN) communication, no IP address would be required.
What is the advantage of using RADIUS for management purposes on a WLC?
Remote Authentication Dial In User Service (RADIUS) is a centralized solution used for authentication, authorization, and accounting (AAA). Instead of using a local username and password, a wireless LAN controller (WLC) can be configured to use a RADIUS server instead. Adding a RADIUS server requires configuring the Authentication options under Security - AAA and WLAN options.
SW1 and SW2 have formed a trunk as shown in the exhibit. VLAN 5 is the only VLAN allowed and active. What will SW1 do with a frame coming from PC1 and destined to PC2?
SW1 will send the frame untagged to SW2. Both switches have the native VLAN 5 configured, which means that frames will be sent untagged for this VLAN. PC1 and PC2 are in the same VLAN and have IP addresses in the same subnet. PC1 will use the Address Resolution Protocol (ARP) to get the MAC address of PC2.
What does the spanning-tree portfast command do?
Spanning Tree PortFast (STP) is designed to prevent loops from occurring in a network. PortFast further improves this feature by reducing Spanning Tree convergence time but entering the switch or trunk port into a forwarding state immediately, bypassing the listening and learning states.
Refer to the exhibit.All Switches are configured for VLAN 100.Which switch in the exhibit is the root bridge?
Switch3 will become the root bridge. In a network that has the same VLANs on all switches, the switch with the lowest MAC address in the network will win the election process.
Which two encryption methods are available when configuring a new WLAN with WPA2? (Choose two.)
Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES) are two encryption methods for Wi-Fi Protected Access 2 (WPA2). TKIP uses a legacy cipher and is susceptible to off-line and dictionary attacks. Advanced Encryption Standard (AES) was introduced to replace TKIP.
Which RSTP feature shuts down an access port once it receives a superior BPDU?
The Bridge Protocol Data Unit (BPDU) guard feature shuts down an access port once it receives a BPDU, it does not matter whether this BPDU is superior or inferior. BPDU is a small message exchanged by switches to identify a Layer 2 loop. An access port is designed for end devices, and a BPDU frame is not expected. Using the BPDU guard feature, a port might be shut down when the switch identifies a BPDU message.
An IP phone fails to establish a connection with a switch that is configured using the correct voice VLAN. What should be enabled on the switch to fix the problem?
The Cisco Discovery Protocol (CDP) should be enabled on the switch. CDP is designed to identify a directly connected network device. When a Cisco IP phone is discovered, CDP informs the IP phone about the voice VLAN ID and quality of service (QoS) settings. CDP can be used to negotiate power over ethernet (PoE) parameters as well.
Refer to the partial show command output below:Switch# show running-config(...)ip subnet-zeroip routing!!!spanning-tree extend system-id!!!interface FastEthernet0/1switchport access vlan 5switchport mode accessno ip addressspanning-tree portfast!!interface FastEthernet0/2no switchportip address 192.168.255.1 255.255.255.252!Why is FastEthernet0/1 configured as an access port?
The FastEthernet0/1 is configured as an access port. Setting the port as a access port disables Dynamic Trunking Protocol (DTP) negotiation, which prevents trunk negotiation delays. DTP is used to negotiate a trunk between two Cisco devices. Because port FastEthernet0/1 has been configured as an access port, it no longer requires trunk negotiation.
The GUI of a WLC offers five options when editing a WLAN profile: Security, General, QoS, Policy-mapping, and Advanced. Which tab should be used to configure the WLC to override the default AAA servers for the WLAN?
The Security tab offers an option to select an authentication, authorization, and accounting (AAA) server to override the default settings for the wireless LAN (WLAN). AAA servers offer centralized options for end users and administrators. AAA server groups can be used to enable Wi-Fi Protected Access (WPA) Enterprise using a Remote Authentication Dial-In User Service (RADIUS) server.
Configuration change is required on a Cisco 2500 Series Wireless Controller (WLC) over a wireless network using Cisco WLAN Express. After unplugging an existing Access Point (AP) and plugging in a new AP into the WLC port 4, the administrator notices the lack of a CiscoAirProvision SSID.What could be the reason for this?
The WLC has to be reset to factory defaults for WLAN Express to work. WLAN Express should only be used to configure a WLC that is set to factory defaults. WLAN Express is a simplified, out-of-the-box installation and configuration interface for Cisco Wireless Controllers. The WLC would have to be reset to factory defaults for this approach to work.
SW01 and SW02 have formed an EtherChannel. Based on a partial output of the show etherchannel detail command from SW01 shown below, what EtherChannel mode has been configured on the other switch?SW01# show etherchannel detail<output omitted>Ports in the Port-channel:Index Load Port EC state No of bits------+-------+----------+---------------+----------- 0 00 Gi0/7 Passive 0 0 00 Gi0/8 Passive 0Time since last port bundled: 0d:06h:02m:24s Gi0/7Time since last port Un-bundled: 0d:06h:02m:28s Gi0/8
The active mode has been configured on the other switch. SW01 has Link Aggregation Control Protocol (LACP) enabled using the passive mode. The passive mode means that an active LACP device is needed on the other side.
An administrator configures link aggregation on the switches and enables link aggregation on a Cisco 2500 Series Wireless Controller.What command should the administrator run as the last step in configuring link aggregation on the Cisco Wireless Controller?
The administrator should run the reset system command. This command will reboot the controller for the changes to take effect.
What will be the cost of the root path on SW0 for the network shown in the exhibit?
The cost of root path will be 23. A gigabit link has a cost of 4, and a Fast Ethernet link has the cost of 19. As a result, the cost of the root path on SW0 will be 4+19=23. SW2 has been elected as the root bridge of the network. All other switches have to find the fastest way to get to the root bridge, which is the root path. A root bridge is elected by all switches using the bridge protocol data units (BPDUs). A switch with the lowest priority becomes the root bridge. The default value is 32768.
Which statement is true about configuring a default VLAN on Cisco Catalyst Switches?
The default Virtual LAN (VLAN) is always VLAN 1 and cannot be changed due to its role in VLAN Trunking Protocol (VTP). A VLAN is a logical grouping of devices in the same broadcast domain. Multiple VLANs can exist on a switch, but for hosts in different VLANs to connect, a router is needed.
SW1 has LLDP enabled globally. Port Gi0/7 should not receive or send any LLDP updates. Which commands should be used to configure the switch?
The following commands should be used to disable the Link Layer Discovery Protocol (LLDP) for port Gi0/7:interface GigabitEthernet0/7 no lldp transmit no lldp receive
SW1 and SW2 are interconnected as shown in the exhibit. Which set of commands will enable an open-standard EtherChannel between these two switches?
The following commands will enable Link Aggregation Control Protocol (LACP):SW01(config)#interface range GigabitEthernet 0/7 - 8SW01(config-if-range)#channel-group 1 mode passiveSW02(config)#interface range GigabitEthernet 0/7 - 8SW02(config-if-range)#channel-group 1 mode active
Which three MAC functions are associated with a WLC? (Choose three.)
The following three Media Access Control (MAC) layer functions are performed by a Wireless Lan Controller (WLC): Security management Management of roaming clients QoS policing
Which command is used to specify the amount of time LLDP on a device should retain the information sent by another device before discarding it?
The lldp holdtime command specifies the amount of time LLDP on a device should hold the information sent by another device before discarding it.
Which WLC interface is used as a termination point for a CAPWAP tunnel between APs and the controller?
The management interface is a termination point for a Control And Provisioning of Wireless Access Points (CAPWAP) tunnel between access points (APs) and the controller. CAPWAP is the main protocol responsible for managing lightweight access points (LAPs). The management interface also controls all secure shell (SSH) and web-based sessions.
Refer to the command output shown below:Capability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS - Switch, H - Host, I - IGMP, r - Repeater, P - PhoneDevice ID Local Intrfce Holdtme Capability Platform Port IDSwitch Fas 0/1 147 S 2950 Fas 0/1Switch Fas 0/6 147 3560 Fas 0/1Router Fas 0/5 147 R C2800 Fas 0/0IP Phone Fas 0/4 147 H P 7960Switch Fas 0/2 147 S 2960 Fas 0/2Which command created this output?
The output was created by the show cdp neighbor command. The show cdp neighbor command output shows a list of Cisco Discovery Protocol (CDP) neighbors.
One port is not visible in the output of the show vlan command on a production switch. What is the most likely reason?
The port has been converted into a trunk port. If a port has been configured as a trunk, it is not visible in the VLAN table anymore.
Below is partial output from the show etherchannel summary command.Group Port-channel Protocol Ports------+-------------+-----------+-----------------------------1 Po1(SD) LACP Fa0/23(D) Fa0/24(D)What is the status of this EtherChannel?
The status of this EtherChannel is Layer 2 Down. There are two flags in the brackets next to Po1. The S flag means that the EtherChannel is configured as Layer 2. The D flag means that the EtherChannel is still in the down phase. This is in many cases due to the negotiation phase and changes to active (bundled - P). An EtherChannel can be a routed solution identified by the R flag.
Which EtherChannel modes are supported on a switch when connecting a LAG-enabled WLC?
The switch has to be configured using the always-on option. The Link Aggregation (LAG) feature does not support any negotiation protocols, such as Link Aggregation Control Protocol (LACP) or Port Aggregation Protocol (PAgP).
Which three statements are true about voice ports? (Choose three.)
The switch should consider incoming untagged traffic as data Virtual Local Area Network (VLAN) traffic. It should consider incoming tagged traffic as voice VLAN traffic. Voice ports are special access ports that can receive data traffic as untagged traffic and can receive voice traffic as tagged traffic.
Which command configures a switch port using the default VLAN?
The switchport access VLAN 1 command configures a port to use the default Virtual Local Area Network (VLAN). VLANs separate the network into multiple logical networks. The default VLAN is VLAN 1. The switchport access command allows an administrator to change this value and assign a port in a different VLAN. If a VLAN does not exist, it will be created automatically.
Which command disables ISL?
The switchport trunk encapsulation dot1q command disables Inter-Switch Link (ISL). ISL is an alternative to the 802.1q (dot1q) standard. When configuring a trunk between two switches, ISL or 802.1q can be either negotiated or hard coded. Cisco recommends using 802.1q if possible. Many switches do not support the ISL standard anymore. ISL encapsulates a frame, while 802.1q adds a tag to a frame.
A WLC has been configured to allow both local and RADIUS-based administrators. What will happen if the same user exists both locally and in the RADIUS database?
The wireless LAN controller (WLAN) will use the local database if the same username is available locally and in a Remote Authentication Dial-In User Service (RADIUS) server.
Untagged data traffic is received from a workstation attached to a VoIP phone.Which action is taken by the VoIP phone?
Traffic passes through the phone unchanged. For the Layer 2 Class of Service (CoS) value to be changed, the Cisco IP Phone would have to be configured in an untrusted mode where only IEEE 802.1Q or IEEE 802.1p frames would be configured with a Layer 2 CoS value.
