Boson Flashcards

Question

What is the default max # of devices that can connect to an interface with 'switchport port-security'? What command can change that and to what?

Answer 1

1 'switchport port-security maximum [value]' value can be from [1] to [3072]

Answer 2

'dot1x system-auth-control'

Answer 3

'authentication port-control' 'dot1x port-control [auto | forced-authorize | force-unauthorized]'

Answer 4

auto, force-authorized, force-unauthorized Auto: Any device connected to the port must undergo the authorization process before gaining access to the network Force-authorized: any device connected to an 802.1x enabled port is automatically authorized and granted access to the network Force-unauthorized: any connected device is automatically unauthorized and denied from accessing the network

Answer 5

Used to prepare a single port to accept traffic from multiple hosts

Answer 6

'dot1x default'

Answer 7

Gateway Load Balancing Protocol feature provides automatic router backup for IP hosts configured with a single default gateway Members of a GLBP group elect one gateway to be the active virtual gateway (AVG) for that group. Other group members provide backup for the AVG in the event that the AVG becomes unavailable. AVG (active virtual gateway) is elected based on which router is configured with the highest priority value...or highest IP address value if multiple routers are configured with the same high priority value 2nd highest priority is elected as SVG (standby virtual gateway) Typically AVG and SVG function as AVFs within the group Only AVG responds to ARP queries

Answer 8

The original FCS It needs to be recalculated

Answer 9

802. 1w (RSTP) | 802. 1D(STP)

Answer 10

802. 1w (RSTP) 802. 1D (STP) 802. 1s (MST), Multiple Spanning Tree

Answer 11

'spanning-tree mst 2 root primary' Configure local switch priority to a clues of 24576, but will configure value 4096 less than the current root priority value

Answer 12

'spanning-tree mst 2 root secondary' Ensures switch is second lowest priority value. By default, configures switch to priority 28672. Lowest becomes root. Will configure value to 4096 more than the current root priority value.

Answer 13

For PAgP (Cisco proprietary): Switch A and B have to be in desirable mode or auto mode. Desirable can be with both auto or desirable. Auto and auto pair don't work. For LACP (IEEE Standards): Switch A and B have to be in active mode or passive mode. Active can be with both active or passive. Passive and passive pair doesn't work. Image on iPad 'show etherchannel summary'

Answer 14

'switchport mode [~~~]' Trunk ['trunk']: will only create trunk with any pair, except access (will make limited connectivity) Dynamic desirable['desirable']: will only crate trunk with all pairs except access (will make port access interface, nontrunking.) Access ['access']: port is placed in nontrunking no matter the neighbor port pair Dynamic auto ['auto']: put in trunk if pair is dynamic desirable or trunk. Place in access if dynamic auto (same) or access. Image in IPad

Answer 15

'switchport nonegotiate' To make trunk, the neighboring port must be set manually

Answer 16

desirable-desirable

Answer 17

dynamic desirable

Answer 18

VTP server mode, VTP client mode, VTP transparent mode 'vtp mode [server/client/transparent]' 'vtp domain ['domain-name']' VTP server mode is default Switches in VTP server mode or VTP client mode will synchronize info with other VTP server mode and VTP client mode switches in the same VTP domain. You can modify VLAN and VTP configuration info on switches in VTP server mode. Changes in a VTP server mode switch will propagate to other VTP server mode or client mode switches in VTP domain Switches in VTP transparent mode do not participate in VTP synchronization but does forward VTP advertisements

Answer 19

'spanning-tree vlan [primary/secondary] root'

Answer 20

Trunk port connection

Answer 21

VTP domain name, VTP password, VTP version

Answer 22

802.1Q is IEEE. ISL(inter-switch link) is Cisco proprietary

Answer 23

VLANs that are listed under the 'vlans allowed and active in management domain' section BUT not listed under 'Vlans in spanning tree forwarding state and not pruned' section are either pruned or blocked by STP

Answer 24

The supplicant: EAP-capable client, such as a user workstation -Sends authentication credentials to an authenticator Authenticator: an access switch -Forwards authentication credentials to an authentication server Authentication server: a RADIUS server -Verifies the credentials using either a local or a remote user database

Answer 25

'show ip dhcp snooping': displays general info about the DHCP snooping config on a switch, such as virtual LANs for which DHCP snooping is enabled and the trusted state of each interface 'show ip dhcp snooping binding': shows the dynamic entries in the binding table, you can see the 'lease (sec)' 'show ip dhcp snooping statistics': displays statistical info regarding the number of frames that have been forwarded or dropped by the DHCP snooping config on a switch 'show ip dhcp snooping database': displays status of the DHCP snooping binding table agent and statistics regarding the status of the binding table, such as the URL where the binding table can be found and how many successful writes have been committed to the table IPad has the output screenshots

Answer 26

``` 2 ports, 4:4 3 ports, 3:3:2 4 ports, 2:2:2:2 5 ports, 2:2:2:1:1 6 ports, 2:2:1:1:1:1 7 ports, 2:1:1:1:1:1:1 8 ports, 1:1:1:1:1:1:1:1 ``` Six

Answer 27

Both egress and ingress traffic SPAN enables you to monitor traffic on a switch by configuring 1 or more ports in 1 or more VLANs on the switch as the source port and a single port on the switch as the destination port. Traffic that arrives on the source ports is copied to the destination port for analysis

Answer 28

Transit halt delay: defines max amount of time required to transition a port to the blocking state after the STP algorithm has determined that the port should be blocked -Max value = 1 sec Bridge transit delay: defines the amount of time between a switch receiving and then sending the same frame (single frame) -Max value= 1 sec BPDU transmission delay: defines the amount of time between a switch receiving and then sending a BPDU -Max value=1 sec Medium access delay: the amount of time between the switch CPU making a forwarding decision and the frame physically leaving the switch -Max vlaue=.5 sec

Answer 29

ISL, Dot1q, Negotiate

Answer 30

CDP, 01:00:0C:CC:CC:CC LLDP, 01:80:C2:00:00:00, 01:80:C2:00:00:03, 01:80:C2:00:00:0E (used exclusively, others used on older versions) PVST+, 01:00:0C:CC:CC:CD [for VLANs other than 1] and 01:80:C2:00:00:00 [for VLAN 1]

Answer 31

32 bits -or- 4 bytes to every frame except frames on the native VLAN

Answer 32

vlan dot1q tag native

Answer 33

'vlan filter blurb vlan-list 1'

Answer 34

Both switches must be configured with matching aggregation protocols [pagp/lacp]

Answer 35

show sdm prefer

Answer 36

Ports connected to switches that should not become the root 'spanning-tree root guard'

Answer 37

Configure the HSRP priority for router R1 to decrease or increase by 15 when Fa0/2 goes down or comes back up. If 15 was not specified, the default would be 10.

Answer 38

If R1 was the active router and the priority went below that of R2s, then R2 will send coup message and assume active router role. This happens in an HSRP standby group

Answer 39

'show interfaces trunk'

Answer 40

'show vtp status'

Answer 41

300 seconds 'show log' 'show errdisable recovery'

Answer 42

VLAN SDM Template

Answer 43

Source, intermediate, and destination

Answer 44

VTP must be enabled and source, intermediate, and destination switches must reside in the VTP domain

Answer 45

One of them is that SPAN is limited to a single, local device, RSPAN enables you to monitor traffic on a network by capturing and sending traffic from a source port on one device to a destination port on a different device on a nonrouted network

Answer 46

RSPAN VLANs should only contain trunk interfaces. Any access interfaces will be put into suspended state.

Answer 47

'show vlan'

Answer 48

'show interfaces trunk'

Answer 49

Only access ports are shown in the 'show vlan' command

Answer 50

'switchport voice vlan dot1p' , sends voice traffic with default 802.1p priority of 5 and uses VLAN 0, requires a VLAN ID but does not require a unique voice VLAN to be created Voice: tagged as VLAN 0 Data: Untagged, Native VLAN 'switchport voice vlan none' , enables the IP phone to use its configuration to send untagged voice traffic and untagged data traffic over the access VLAN. Voice traffic transmitted with data traffic. Voice & Data: Untagged; Access VLAN 'switchport voice vlan ~' , sends vocie traffic over VLAN ~, which is a unique VLAN. Voice traffic is carried on unique voice VLAN and data traffic carried over native VLAN Voice: Tagged as VLAN ~ Data: Untagged: Native VLAN 'switchport voice vlan untagged' ,configures IP phone to send both untagged voice traffic and untagged data traffic over the native VLAN Voice & Data: untagged; Native VLAN

Answer 51

'standby [group number] text authentication [key-string]' for plain-text, key-string can be up to 8 characters For MD5: 'standby [group number] authentiction md5 key-string [0 | 7] [key-string]' 0 keyword indicates a plain-text value or 7 keyword to indicate a value that has been encrypted by using Cisco's internal encryption algorithm

Answer 52

'lldp run' to enable 'lldp transmit' and 'lldp receive' if a 'no lldp transmit/receive' command is configured verify with 'show lldp' to see LLDP configuration Default for interface to send and receive LLDP packets if LLDP is enabled

Answer 53

- If SwitchB is configured to use 802.1D (STP) - If fe0/2 port of SwitchB is discarding (blocking) - If fe0/1 port of SwitchA is designated port and fe0/2 port of SwitchB is blocking If switch is configured to use MST, it would also be configured to use RSTP

Answer 54

Transparent, in VTP v1 and v2. In v3 you can do in client and server mode

Answer 55

The TPID (Tag Protocol Identifier) field

Answer 56

Indicates the 802.1p frame priority level from 0 through 7

Answer 57

Indicates whether the MAC address is in canonical format or noncanonical format, 0 or 1 respectively

Answer 58

Identifies VLAN from 0 through 4095

Answer 59

An SVI is a switched virtual interface (SVI), a logical interface that represents the physical interfaces in a VLAN. ``` #'interface vlan 2' #'ip address 192.168.2.1 255.255.255.0 #'no shutdown' ```

Answer 60

Multiple SPAN sessions can monitor traffic from a single SPAN source port, only a single session can be associated with a SPAN destination

Answer 61

The port is placed into an 'up/down' interface state to indicate it is no longer capable of operating as a normal switch port. The SPAN destination port no longer participates in Layer 2 protocols and can no longer be the destination of other SPAN sessions. Also, if the SPAN destination port is a member of a VLAN that is included as the source for another SPAN session, the port is excluded from the source list for that session.

Answer 62

Speed and duplex settings must be the same

Answer 63

They should be in the same VLAN

Answer 64

1. ) Switch with highest priority 2. ) - Switch with IP Services with cryptographic image - Switch with IP Services with NO cryptographic image - Switch with IP base with cryptographic image - Switch with IP base with NO cryptographic image 3. ) Non-default configured switch 4. ) Switch with longest uptime 5. ) Switch with the lowest MAC address 'switch [stack-id] priority [value]'

Answer 65

A hash algorithm

Answer 66

Source MAC address

Answer 67

Stack ID is used to uniquely identify a switch in a StackWise switch stack. By default, all switches use stack ID 1. If two switches attempt to use the same stack ID, the switch with the higher priority will retain the stack ID number and the other switch will automatically be assigned a new stack ID

Answer 68

The switch priority, dynamically allocated STP MAC address and extended system ID (if enabled on switch) create the BID. The BID uniquely identifies a switch, a switch must have a unique BID for every configured VLAN

Answer 69

All traffic on the trunk is mirrored to the SPAN destination as untagged traffic. However, you can use the 'encapsulation replicate' keywords when configuring a SPAN destination to ensure that the encapsulation used by packets on the trunk is preserved

Answer 70

'monitor session 1 filter vlan 10, 20' , you do this because all VLAN traffic is monitored by default on a SPAN source trunk port so you must use methods, such as VLAN filtering, if you want to limit the number of monitored VLANs to a subset of those active on the trunk(that is specified as a SPAN source) Q. 44 Boson C

Answer 71

err-disabled

Answer 72

If a port receives superior BPDU, root guard will place port into root-inconsistent state and block all data flowing through the port until the port stops receiving superior BPDUs They are used to prevent newly introduced switches from being elected the new root

Answer 73

If the port has loop guard enabled and the port stops receiving BPDUs, the port will go into loop-inconsistent state Loop guard prevents a switch from transitioning to the forwarding state when it stops receiving BPDUs, which prevents switching loops from occurring. By placing inconsistent ports into blocking state.

Answer 74

Yes, routing protocols are available to all stack members as long as the stack master is running the appropriate software image

Answer 75

It appears as a single node in an STP topology

Answer 76

Similar: - Both supported by non-Cisco devices - Both AAA protocols TACACS+: - Cisco proprietary protocol - TCP - Port number 49 - A, A, A separated - All AAA packet encrypted - Multiprotocol support - For device administration - Provides router command authorization capabilities RADIUS: - Open standard protocol - UDP - Port 1812,1813 - Authentication & Authorization is combined - Only passwords are encrypted (in Access-request) - No multiprotocol support - For network access - Developed as an IETF standard protocol

Answer 77

Normal-range VLANs are numbered 1 to 1005. Extended VLANs are numbered from 1006 to 4094. A switch must use either transparent mode or VTP version 3 to support extended VLANs.

Answer 78

It tracks which VTP configuration is the latest version. Switches ignore advertisements with a configuration revision number lower than their own. So, before you add a switch to a VTP domain, you should always ensure that the conf. rev. #is lower than the configuration revision number on switches currently in the VTP domain or else the info on the new switch will propagate to the other switches in the VTP domain. You reset configuration number on a switch to 0 by changing the VTP domain name 'vtp domain [name]'. Change VTP mode to transparent mode (switches in transparent mode always have a conf. rev. number of 0) and then back to server or client mode. If switch is in client mode, you can reboot it.

Answer 79

Switches in VTP server or transparent mode, NOT VTP client mode

Answer 80

Pruning conserves bandwidth by preventing the flooding of traffic to VLANs that do not require the traffic 'vtp pruning' to enable

Answer 81

Because the traffic mirroring process creates an added burden on the switch CPU. When SPAN is enabled, both internal traffic and forwarding engine traffic are doubled. In addition, the traffic across the switch fabric is increased; if multiple SPAN sources are mirrored to a single SPAN destination, the destination could become oversaturated

Answer 82

In 802.1x port-based authentication, port security, STP, VTP,DTP, private VLANs, and 802.1Q tunneling

Answer 83

You can specify an EtherChannel interface as a destination port, but only the on mode is supported. PAgP and LACP are not supported on a SPAN destination port

Answer 84

'monitor session 1 destination interface fastethernet 1/0'

Answer 85

'(config-if)#storm-control broadcast level 80 60'

Answer 86

'(config-if)#storm-control multicast level 0 0'

Answer 87

'(config-if)#storm-control unicast level 100'

Answer 88

'switchport port-security (to enable) switchport port-security mac-address 1111.2222.3333'

Answer 89

Primary: (config-vlan)# 'private-vlan primary' Secondary: (config-vlan)# 'private-vlan [isolated|community]' Only secondary VLANs can be configured as isolated or community VLANs

Answer 90

'switchport mode private-vlan [promiscuous|host]' Promiscuous: configures port to communicate with any secondary VLAN. Devices (such as a router, firewall, or gateway) that should be reachable from any secondary VLAN should be connected to promiscuous ports. Host: devices connected to isolated or community VLANs should be connected to host ports

Answer 91

Dynamic Trunking Protocol (DTP) is used to negotiate whether to establish a trunk and to negotiate the encapsulation used on the trunk. Trunk links between switches can be either set either manually or automatically configured by using DTP

Answer 92

'(config)#aaa terminal (config)#aaa authentication dot1x default group radius (config)#dot1x system-auth-control (config)#interface fastethernet 0/1 (config-if)#dot1x port-control [force-authorized | force-unauthorized | auto]' Force-authorized: configures port to authorize any host that connects to the port; no 802.1x authentication process will take place. Any host connected to port will be able to send traffic through switch. Force-unauthorized: configures the port to never allow authentication for a connected host. Host will be unable to send traffic through port Auto: enable 802.1X authentication on the port. If the host is configured with 802.1X authentication, the host will be authenticated and will be able to send traffic through the switch

Answer 93

SDM template can be used to maximize support for individual switch features depending on how the switch is used. Allows you to tune shared TCAM partitions. Template of stack master will propagate to all switches in stack 'sdm prefer [access/default/routing/vlan]' Access: provides for using a large number of ACLs by optimizing resources for ACLs Default: balances system resources for use in all features Routing: optimizes resources for use with IP version 4 (IPv4) unicast-routing VLAN: is typically used on Layer 2 switches to support the max number of unicast MAC addresses; disables routing in hardware 'show sdm prefer' to verify

Answer 94

'(config)#vlan access-map boson 10 (config-access-map)#match ip address ip-hosts (config-access-map)#action drop (config-access-map)#vlan access-map boson 20 (config-access-map)#action forward' vlan access-map [name] [sequence #] : creates a VACL with name [name] and places switch into access map config mode for sequence [seq. #] of the VACL. Every VACL sequence has an associated action that is taken if a packet satisfies all of the match criteria defined in sequence. The valid options for a VACL sequence action is: forward, drop, and redirect For example, 'action drop' specifies that sequence 10 will discard any packet that satisfies all the criteria listed in the match statements Later, since there were no match statements in sequence 20 (a random number after 10) all packets that reach the sequence will be forwarded normally. Sequence 20 is necessary because the default action for a VACL is to discard any packets that have not been explicitly forwarded or redirected by an access map sequence

Answer 95

PortFast is automatically enabled. However, PortFast is not automatically disabled when the same voice VLAN is disabled

Answer 96

30 seconds 'lldp timer [5 to 65534]'

Answer 97

'spanning-tree mode mst' It enables RSTP, which slows the transition of an STP port to the forwarding state, thereby increasing convergence speed

Answer 98

The region name, the configuration revision number, and the VLAN-to-instance mapping table must match First, enter MST configuration mode: 'spanning-tree mst configuration' Then, For MST region name: 'name [region name] MST configuration revision number: 'revision [revision-number]' To map VLANs to an instance: 'instance [instance-number] vlan [vlan-range]'

Answer 99

By default, storm control is disabled on Cisco switches It blocks a certain traffic type [unicast | multicast | broadcast] if the rising threshold is exceeded for the traffic type Storm control is supported on EtherChannel. You must configure storm control on the EtherChannel bundle Rising and falling threshold values can be expressed in terms of packets per second, bits per second, or as a percentage of available bandwidth 'storm-control [broadcast | multicast | unicast] level { [percent-rising [percent-falling]] bps [bps-rising[bps-falling] | pps [pps-rising [pps-falling]] } '

Answer 100

By default, storm control is disabled on Cisco switches It blocks a certain traffic type [unicast | multicast | broadcast] if the rising threshold is exceeded for the traffic type until the traffic rate falls below another threshold value called the falling threshold Storm control is supported on EtherChannel. You must configure storm control on the EtherChannel bundle Rising and falling threshold values can be expressed in terms of packets per second, bits per second, or as a percentage of available bandwidth 'storm-control [broadcast | multicast | unicast] level { [percent-rising [percent-falling]] bps [bps-rising[bps-falling] | pps [pps-rising [pps-falling]] } '

Answer 101

All untagged ingress traffic on trunk links should be dropped All egress traffic on trunk links should be tagged

Answer 102

'spanning-tree guard none' A root guard or loop guard is enabled on an interface

Answer 103

'show spanning-tree inconsistentports'

Answer 104

'monitor session 1 source/destination remote vlan 4, 10-12, 15' remote vlan is the keyword RSPAN enables you to monitor traffic on a network by capturing and sending traffic from a source port on one device to a destination port on a different device on a nonrouted network

Answer 105

- Create an RSPAN VLAN on both switches - Create a monitor session on the neighboring switch with the monitored port as the source and the RSPAN VLAN as the destination - Create a monitor session on the local switch with the RSPAN VLAN as the source and the monitoring port as the destination

Answer 106

``` TPID (16 bits) Priority field (3 bits) CFI field (1 bit) VID field (12 bits) ```

Answer 107

0007.B400.0102 GLBP Virtual MAC address starts with the prefix 0007.B4, the next four hexadecimal values represent the group number, and the final two hexadecimal values represent the gateway number.

Answer 108

Multiple Spanning Tree (MST), used to create a spanning tree instance for each group of virtual LANs (VLANs). Although MST can be used to define a spanning tree instance for each VLAN, it is best used to define a spanning tree instance for each set of VLANs along a redundant path.

Answer 109

Multiple Spanning Tree (MST), used to create a spanning tree instance for each group of virtual LANs (VLANs). Altough MST can be used to define a spanning tree instance for each VLAN, it is best used to define a spanning tree instance for each set of VLANs along a redundant path.

Answer 110

PVST+ always creates a spanning tree instance for each VLAN. PVST+ is a Cisco-proprietary form of STP. When implemented, 802.1Q encapsulation must be used. If ISL encapsulation is used, PVST must be used instead of PVST+

Answer 111

It is an authorization protocol that enables access to an existing directory, such as Microsoft Active Directory Domain Services (AD DS). It uses Transmission Control Protocol (TCP) port 389 by default.

Answer 112

It's a standards-based authentication protocol that can use TCP port number 88 or UDP port number 88

Answer 113

LLDP is a Layer 2 open-standard discovery protocol that is used to facilitate interoperability between Cisco devices and non-Cisco devices. It only operates between network devices (such as routers, switches, and access server, not between endpoint)

Answer 114

It is an extension of LLDP. It operates between endpoints devices (such as PC or VoIP phone) and vendor-neutral network devices

Answer 115

CDP is a Layer 2 Cisco-proprietary protocol that is used to advertise and discover only directly connected Cisco devices on a local network. For example, a Cisco switch would use CDP in order to determine whether an attached VoIP phone is a Cisco device. CDPv2 is an enhancement to CDP that reduces downtime through a feature that allows for rapid error tracking.

Answer 116

If the port receives a BPDU, the port will go into err-disabled state

Answer 117

1. ) A layer 3 switch with IP routing enabled and SVIs configured (config) #ip routing (config) #interface vlan 2 (config-if)#ip address 192.168.2.1 255.255.255.0 [could be anything, pretty sure] (config-if)#no shutdown (config-if)#interface vlan 3 (config-if)#ip address 192.168.3.1 255.255.255.0[could be anything, pretty sure] (config-if)#no shutdown 2. ) A layer 2 switch connected via a trunk link to a router with subinterfaces configured * Boson for config*

Answer 118

'show mac address-table interface fastethernet 0/2 | include DYNAMIC' Make sure dynamic is capitalized because it's case sensitive, also for STATIC Other options are exclude and begin instead of include

Answer 119

memory partitions in TCAM memory, only on switches with single TCAM chips. Guidelines to how to divide memory.

Answer 120

- Broadcast storms are detected by the Storm Control feature - ARP inspection violations - A flapping of trunking encapsulation types - BPDUGuard

Answer 121

The port will go back up after 300( 5 minutes) by default if the port was sent to errdisable by BPDU or other cause(. If you want to to change, you have to put 'errdisable recovery interval [30 to 65535]'

Answer 122

UDLD has two modes - Normal and Aggressive. Normal just prints out a syslog message, while aggressive pushes violations into error-disabled mode after 3 misses.

Answer 123

If the port goes from bi-direction to unidirectional

Answer 124

The specific VLAN goes to inactive mode (inactive in Access Mode) and the interface does not go back to the native VLAN, it just doesn't work

Answer 125

'(Config)#vlan 5 (Config-vlan)#interface FastEthernet0/5 (Config-if)#switchport mode access (Config-if)#switchport access vlan 5' Won't form VLAN trunk because of mode access command

Answer 126

Extended VLANs, 1006 to 4094

Answer 127

Local VLAN pretty much just stays in building or department, end-to-end is to a wider area per say. Local VLANs should only be designed into network that traffic is expected to follow the 20/80 rule(80% of traffic will leave the VLAN). For end-to-end, it's 80/20 rule (80% of traffic stays in VLAN)

Answer 128

By default, laptops and PCs can not understand 802.1Q tags. So it could be useful in certain scenarios, opposed to using ISL.

Answer 129

Switch with the "primary server" operating mode If the VTPv3 switch is VTP Operating Mode; Primary Server while the VTPv2 switch on Server mode, they won't be able to update each other because each switch will think it's the leader. Also, the Configuration revision number could mismatch

Answer 130

``` (Config)#vtp domain ‘name’ (Config)#end #vtp version 3 #vtp primary #config t (Config)#vlan 999 ```

Answer 131

The 'switchport trunk pruning vlan 4, 9' . The command is a prune eligibility list. The vlans listed in this command are the VLANs eligible for pruning. By default, all VLANs are allowed on a trunk and all VLANs (between 2 and 1001, inclusive) are eligible for pruning if pruning is enabled globally with the 'vtp pruning' command. Once you manually configure an eligibility list then only those VLANs on the list are eligible for pruning If 'switchport trunk allowed vlan 3' , then VLAN 3 will never be pruned -switchport trunk allowed vlan{add/all/except/remove ['vlan-list'/all/none]} Specifies which VLANs are allowed or denied on a trunk port

Answer 132

(config)#interface 'interface #' (config-if)#no ip address (config-if)#channel-protocol [lacp/pagp] (config-if)#channel-group '#' mode [active | passive | desirable | auto | on ] Verify: show running-config interface 'interface' show interfaces 'interface' etherchannel

Answer 133

(config)# interface port-channel 'group #' (config-if)#ip address 1.1.1.1 255.255.255.0 (config-if)#no shutdown (config-if)#end (config)#interface 'interface' -or- (config)#interface range 'interface range' (config-if)#no switchport (config-if)#channel-group # mode [active | passive | desirable | auto | on] Verify: show running-config interface 'interface' show interfaces 'interface' etherchannel

Answer 134

(config)#port-channel load-balance

Answer 135

'show etherchannel summary' It means that EtherChannel is not fully functional and not bundled in an EtherChannel

Answer 136

When a switch configured for EtherChannel receives Spanning-Tree BPDUs from a remote switch with unique STP Sending Port-IDs, this will trigger EtherChannel Misconfiguration Guard

Answer 137

Max-age timer: 20 seconds, time after a root port receives a BPDU, after it goes to listening stage Forwarding-Delay timer: 15 seconds, after this the port will go from Listening to Learning stage Forwarding-Delay timer: 15 seconds (again), after this the port will go from learning to forwarding (designated port) 50 seconds total

Answer 138

All dynamic MAC addresses learned in VLAN-2 will have their Aging Timer modified to match the value of the Spanning-Tree Forwarding Delay

Answer 139

Rapid-PVST allows any Bridge to send a Topology Change BPDU whereas PVST+ restricts this action solely to the Root Bridge

Answer 140

If two switches are connected directly with full-duplex the ports converge to final state in 2 seconds

Answer 141

- That switch is connected to another switch running 802.1w - That switch is connected to another switch in a different MST Region - That switch is connected to another switch running 802.1d

Answer 142

With 'show interface trunk' The number of instances (other than instance 0) determiens number of Mrecords

Answer 143

``` Config t Spanning-tree mst config name ‘name’ Revision 1 Instance 1 vlan ‘range vlan’ Instance 2 vlan ‘range vlan’ Exit Spanning-tree mode mst ```

Answer 144

- The RSPAN destination interface will be placed in ‘monitoring’ mode by default - A SPAN session requires that the destination be a physical interface on the same switch as the SPAN source

Answer 145

The router with the highest IP address becomes the active router and the second-highest becomes the standby router. They will be sending HSRP hello packets every 2 seconds. If there are 3 or more routers, the others will be in the listening state.