CCNP Switch Deck

Instructions:

• Answer 50 questions in 15 minutes.
• If you are not ready to take this test, you can study here.
• Match each statement with the correct term.
• Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. What is layer 3 roaming?
If any BDUP is received on a port - it puts the port into the errdisable state
When a client roams between Aps in different subnets
1-(opt) configure load balancing - 2-select the interface(s) - 3-assign the protocol - 4-select the mode and submode
Using a mobility exchange message


2. Define HSRP
Any dhcp reply coming from an untrusted port is discarded and the offending port is put in errdisable
LACP port priority
Host Standby Router protocol. Cisco proprietary. Switch is either active - standby - or listen
Use the spanning-tree root macro


3. What must the other end be set to if PAgP desirable or LACP active mode is selected?
All fiber-optic links between switches (must be enabled on both ends)
Either desirable or auto mode
The port uses 802.1x exchange to move from unauthorized to authorized. Requires app on client
Usually QoS from VOIP but not PC dataa


4. What are the gotchas for uplinkfast?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


5. How do you configure a DHCP gateway?
Connects to a host on an isolated or community vlan. Communicates only with promiscuous port or ports on same community vlan
If any BDUP is received on a port - it puts the port into the errdisable state
First configure a L3 interface in same VLAN as clients - then use the ip helper-address command to ID the DHCP server
The wireless clients communicate directly with no other means of connectivity such as a WAP


6. How are GLBP timers used?
When the AP uplinks to an Ethernet network.
Each peer sends and receives hellos. Def hello is 3 sec - def hold is 10 sec
Configure non-silent submode
If a unidirectional link is detected - the port continues normally - but the port is marked as undetermined and a syslog is generated


7. How is the HSRP MAC address configured?
0000.0c07.acxx where xx is the group number as a 2-digit hex value
Distribution layer
By configuring every switch port to have an expected and controlled behavior
Local only


8. What is the format of the VRRP virtual MAC?
0000.5e00.01xx
Differentiated services
Use sh interface on the interface and look for error counts > 10
Best effort delivery - integrated services model - and differentiated services model


9. What is the STP blocking state?
Can hear only BDPUs
The TOS field in the header is used. 2 methods 3 bits or 6 bits
0-65535 (def 32768) lower=better
2 seconds


10. What does UDLD do?
Traffic types and patterns - amount of L3 switching cap. At dist. Layer - # users at access layer - geography - size of spanning tree domains
Protects STP when a physical malfunction only allows traffic in 1 direction - even though the link shows as up (cisco proprietary)
The ASIC
Flash override (class 4)


11. How do you configure IP source guard for hosts that don't use DHCP?
By creating a static IP binding
2 strand MMF with MT-RJ or SC connectors
The distribution layer should have only L3 links
The switch checks the MAC and IP reported in the reply against trusted values. If they don't match - it is dropped and logged


12. What is an isolated secondary VLAN?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


13. What is DAI?
4
Dynamic arp inspection
The TOS field in the header is used. 2 methods 3 bits or 6 bits
Use the spanning-tree root macro


14. What is errdisable pagp-flap?
Etherchannel ports have inconsistent config
The campus network's backbone
1-(opt) set system priority - 2-select interface(s) - 3-assign the protocol - 4-set the mode - 5-(opt) set the port priority
Yes


15. What is DSCP codepoint AF41(34)?
10-15%
Both layer 2 switching and IVR
Trusted or untrusted
Flash override (class 4)


16. Where should you change the network diameter value?
Receives the first packet of a traffic flow and routes it
Normal and aggressive
Switchpotrt nonegotiate
Cisco recommends only on the root bridge


17. What is RPR?
By sending a gratuitous ARP
Incoming frames dropped - but MACs learned
Route processor redundancy - redundant sup is partially booted and initialized and must reload module in the switch and init all sup functions
Turn on port security


18. What is SSO?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


19. What are dynamic VLANs based on?
The station must wait until the frame in progress has completed - then wait a random amount of time before transmitting
The time that a port spends in both listening and learning states . Default 15 seconds
MAC of the end device
Connects to a router - firewall - or gateway. Can communicate with anything else connected to the primary or any secondary. Ignores pvlan config


20. What is the range of PAgP channel group numbers?
Change in trunk encap
Using a mobility exchange message
1 to 64
Any ports associated with an isolated vlan can reach the primary - but not any other secondary. Hosts withn an isolated vlan can't reach each other


21. Can ARP replies be checked
On all switches in network to enable RLQ request and reply
Yes
Globally
The active router. All other routers are in backup state


22. What does the static keyword do when applying an arp ACL?
Globally
1 IP subnet
Differentiated services
Prevents the dhcp binding DB from being checked.


23. What are the 6 steps to configure 802.1x for port security?
One router is the active virtual gateway - has highest priority or IP in group - answers all ARP requests and gives MAC based on load balancing
1-enable AAA on switch - 2-define RADIUS servers - 3-define authentication method - 4-enable 802.1x on switch - 5-conf. 802.1x ports - 6-allow hosts
By using a trunk link
Configure and enable DHCP snooping


24. Of what significance are private VLANs
Local only
Source IP - dest IP - combination of source and dest IP - source and dest MAC - or TCP/UDP port numbers
Data goes over native vlan - voice goes over VLAN0 - voice QOS is 802.1p
A point to point port type


25. 802.11b
Untrusted
802.11
1 -2 -5.5 and 11 Mbps - Channels 1/6/11 - 2.4Ghz
If a unidirectional link is detected - the switch doesn't try to reestablish the link. ULD msgs are sent once/sec for 8 seconds - then the port is err-disabled


26. How does DAI work?
Auto mode
Globally
Connects to a host on an isolated or community vlan. Communicates only with promiscuous port or ports on same community vlan
All ARP packets that arrive on untrusted ports are inspected.


27. What does the rewrite engine do?
To the virtual port-channel interface
It updates the L2 headers with the proper src and dst MAC - L3 TTL - L3 checksum - and L2 checksum information
All user ports that have portfast enabled
Sets the switchport mode to access - enables portfast - and turns off channel grouping for the port


28. How does HSRP port tracking work?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


29. How does a DAI enabled switch gather trusted ARP info?
802.1D
By brining up a tunnel between them to carry 802.11 related messages and client data.
During the time that the FIB entry is in CEF glean waiting for ARP entries - subsequent packet to that host are dropped to keep input queues from filling
From the DHCP snooping database or from static entries


30. RSTP uses which standard?
Frames are forwarded
A port can only forward or relay BDPUs - but can't receive them - disabled by default - enabled per-port - blocks port when superior BDPUs are received
A path is pre-arranged for priority along the complete path from source to destination using the RSVP protocol.
802.1w


31. How does IPT behave when the voice VLAN is in untagged mode?
The number of times the CEF table has bee flushed and regenerated as a whole
Data and voice over native vlan - no QOS but still uses 802.1p trunk
Set the native VLAN of a trunk to a bogus or unused VLAN ID then prune the native VLAN off both ends of the trunk
Incoming frames are dropped (combination of disabled - blocking - and listening)


32. What are the steps to configure a LACP port channel?
Makes use of the DHCP snooping database and static ip source binding entries. If enabled - switch will test addresses
From the DHCP snooping database or from static entries
1-(opt) set system priority - 2-select interface(s) - 3-assign the protocol - 4-set the mode - 5-(opt) set the port priority
RPR - RPR+ - and SSO


33. How do you configure DAI for statically configured IP addresses?
An L2 switch can only forward frames best effort unless going across a trunk
Set the native VLAN of a trunk to a bogus or unused VLAN ID then prune the native VLAN off both ends of the trunk
2 seconds
By an ARP access list that defines the permitted bindings


34. What are the characteristics of the access layer?
Low cost - high density ports - multiple scalable uplinks - vlans - traffic and protocol filtering and QoS
The number of times the entry has been updated since the table was generated
Determines when the AVG will stop using the old VMAC in ARP replies
0007.b4xx.xxyy where xx.xx is six 0 bits followed by a 10-bit GLBP group numberr. Yyyy is the virtual forwarder number


35. If there are 2 ports with same root cost - how is the tie broken for designated port?
Up to 54Mbps - not cross-compatible - 12 to 23 clean channels - 5.8 Ghz
Sends special layer 2 UDLD frames and expects an echo. Both ends must be configured for UDLD
The TOS field in the header is used. 2 methods 3 bits or 6 bits
1-lowest root bridge ID - 2-lowest root path cost - 3-lowest bridgeID - 4-lowest port ID


36. What must be supported for port-based security to occur?
802.1x with EAP over LAN (EAPOL)
It's a router that maintains routes (static or dynamic) - and populates the FIB
Hosts associated with a secondary VLAN can communicate with ports on the primary but not with another secondary VLAN
Sends special layer 2 UDLD frames and expects an echo. Both ends must be configured for UDLD


37. How far chould a VLAN extend?
Time between BDPUs sent by root bridge. Default of 2 seconds
Prevents the dhcp binding DB from being checked.
0-255
Distribution layer


38. How many potential links can LACP define?
Hashing algorithm
16 - of which up to 8 are active. The others are in standby
The active router. All other routers are in backup state
Prevents the dhcp binding DB from being checked.


39. How does ISL do trunking?
Single instance of STP for all VLANs. BDPUs are sent over trunks using the native VLAN with untagged frames. Dot1q based
By encapsulating each frame in a header and trailer
1- inferior BDPU on blocked-considered alternative - 2-inferior on root-all blocked ports considered alternate - 3-if inferior arrives on root and no blocked ports - assumes loss of connectivity to root
Source IP - dest IP - combination of source and dest IP - source and dest MAC - or TCP/UDP port numbers


40. What does the src-mac option do when checking ARP replies
Every switch and router in a network must be configured with appropriate QoS features and policies
1-(opt) set system priority - 2-select interface(s) - 3-assign the protocol - 4-set the mode - 5-(opt) set the port priority
Promiscuous and host
Checks the source MAC in the header against the sender MAC in the ARP reply


41. What is an indirect topology change?
Disabled - init - listen - speak - standby - active
Automatically negotiates a common trunk mode between switches
2 seconds (def)
The link status stays up - but something between them has failed or is filtering traffic


42. How is Root Guard used?
Roughly 50%
Cisco proprietary. 1 instance of STP/VLAN. Requires ISL instead of dot1q
On ports where you never expect to find a root bridge for a VLAN
The switch adds its MAC to the option 82 field so that the DHCP reply echoes back the switch's own information


43. What scope is 802.1x enabled?
If a unidirectional link is detected - the port continues normally - but the port is marked as undetermined and a syslog is generated
Arp for local subnet - if on different subnet - will arp for dgw
By using a hash of a key string
Globally


44. What is the default mode of load balancing?
Silent
Isolated and community
Every hello interval regardless of whether BDPUs are received from root - allowing any switch to take an active role maintaining the topology
Src-dst-ip


45. What are spoofed addresses?
A host port goes up or down
1 per segment
They disguise the origin of an attack
1-lowest root bridge ID - 2-lowest root path cost - 3-lowest bridgeID - 4-lowest port ID


46. What is the FM?
Feature Manager - after the ACL is created - the FM compiles the ACEs into the table
Disabled - blocking - listening - learning - forwarding
Will trunk if asked
Connects to a host on an isolated or community vlan. Communicates only with promiscuous port or ports on same community vlan


47. What is the cost of a 100Mbps link?
The link status stays up - but something between them has failed or is filtering traffic
19
Host Standby Router protocol. Cisco proprietary. Switch is either active - standby - or listen
Access


48. How does an L2 switch do QOS?
The campus network's backbone
26-byte header - 4-byte trailer with CRC
Dynamic WEP keys that change periodically
An L2 switch can only forward frames best effort unless going across a trunk


49. If the WLC connects to an Etherchannel - how should the channel be configured and why?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


50. Where are security and QoS ACLs stored?
TCAM
802.1w
134 bits - consisting of source and destination addresses and protocol information from the packet or frame
Bridge priority and MAC