Chapter 9 Configuring Switch interfaces Flashcards Preview

CCENT 105 Domain 2 > Chapter 9 Configuring Switch interfaces > Flashcards

Flashcards in Chapter 9 Configuring Switch interfaces Deck (36)
Loading flashcards...
1

Which of the following describes a way to disable IEEE standard autonegotiation on a 10/100 port on a Cisco switch?
a. Configure the negotiate disable interface subcommand
b. Configure the no negotiate interface subcommand
c. Configure the speed 100 interface subcommand
d. Configure the duplex half interface subcommand
e. Configure the duplex full interface subcommand
f. Configure the speed 100 and duplex full interface subcommands

f. Configure the speed 100 and duplex full interface subcommands

2

In which of the following modes of the CLI could you configure the duplex setting for interface Fast Ethernet 0/5?

e. Interface configuration mode

3

A Cisco Catalyst switch connects with its Gigabit0/1 port to an end user’s PC. The end user, thinking the user is helping, manually sets the PC’s OS to use a speed of 1000 Mbps and to use full duplex, and disables the use of autonegotiation. The switch’s G0/1 port has default settings for speed and duplex. What speed and duplex settings will the switch decide to use? (Choose two answers.)
a. Full duplex
b. Half duplex
c. 10 Mbps
d. 1000 Mbps

A,D

4

Which of the following is required when configuring port security with sticky learning?
a. Setting the maximum number of allowed MAC addresses on the interface with the switchport port-security maximum interface subcommand.
b. Enabling port security with the switchport port-security interface subcommand.
c. Defining the specific allowed MAC addresses using the switchport port-security
mac-address interface subcommand.
d. All the other answers list required commands.

B

5

A switch’s port Gi0/1 has been correctly enabled with port security. The configura- tion sets the violation mode to restrict. A frame that violates the port security policy enters the interface, followed by a frame that does not. Which of the following answers correctly describe what happens in this scenario? (Choose two answers.)
a. The switch puts the interface into an err-disabled state when the first frame arrives.
b. The switch generates syslog messages about the violating traffic for the first frame.
c. The switch increments the violation counter for Gi0/1 by 1.
d. The switch discards both the first and second frame.

B,C

6

A Cisco Catalyst switch connects to what should be individual user PCs. Each port has the same port security configuration, configured as follows:
interface range gigabitethernet 0/1 - 24
switchport mode access
switchport port-security
switchport port-security mac-address sticky
Which of the following answers describe the result of the port security configuration created with these commands? (Choose two answers.)

B,D

7

shows a way to shorten your configuration work when making the same setting on multiple consecutive interfaces.

To do so, use the interface range command.

8

You can define a range as long as

all interfaces are the same type and are numbered consecutively.

9

IOS does not actually put the interface range command into the configuration.Instead,

it acts as if you had typed the subcommand under every single interface in the specified range

10

Cisco uses two interface subcommands to configure the idea of administratively enabling and disabling an interface:

the shutdown command (to disable), and the no shutdown command (to enable)

11

IEEE autonegotiation defines some rules (defaults) that nodes should use as defaults when autonegotiation fails—that is, when a node tries to use autonegotiation but hears nothing from the device. The rules:

Speed: Use your slowest supported speed (often 10 Mbps).
■ Duplex: If your speed = 10 or 100, use half duplex; otherwise, use full duplex.

12

Cisco switches use this slightly different logic to choose the speed when autonegotia- tion fails:

Speed: Sense the speed (without using autonegotiation), but if that fails, use the IEEE default (slowest supported speed, often 10 Mbps).
■ Duplex: Use the IEEE defaults: If speed = 10 or 100, use half duplex; otherwise, use full duplex.

13

Basically, hubs do not react to autone- gotiation messages, and they do not forward the messages. As a result,

devices connected to a hub must use the IEEE rules for choosing default settings, which often results in the devices using 10 Mbps and half duplex.

14

summarizes these ideas common to all variations of port security:

■ Define a maximum number of source MAC addresses allowed for all frames coming in the interface.
■ Watch all incoming frames, and keep a list of all source MAC addresses, plus a counter of the number of different source MAC addresses.
■ When adding a new source MAC address to the list, if the number of MAC addresses pushes past the configured maximum, a port security violation has occurred. The switch takes action (the default action is to shut down the interface).

15

Port security provides an easy way to discover the MAC addresses used off each port using a feature called

ticky secure MAC addresses

16

Port Security config checklist


1.Make the switch interface either a static access or trunk interface using the switchport mode access or the switchport mode trunk interface subcom- mands, respectively.

2.Enable port security using the switchport port-security interface subcom- mand.

3.(Optional) Override the default maximum number of allowed MAC address- es associated with the interface (1) by using the switchport port-security maximum number interface subcommand.

4.(Optional) Override the default action to take upon a security violation (shutdown) using the switchport port-security violation {protect | restrict | shutdown} interface subcommand.

5.(Optional) Predefine any allowed source MAC addresses for this interface using the switchport port-security mac-address mac-address command. Use the command multiple times to define more than one MAC address.

6. (Optional) Tell the switch to “sticky learn” dynamically learned MAC addresses with the switchport port-security mac-address sticky interface subcommand.

17

how would you save the addresses learned by the switchport port-security mac-address sticky command?

Copy the running-config to the start up config file

18

What are two commands for verifying port security and what are the differences

1. show port-security int (type/#). -shows if port security is enabled on the interface, the violation mode configured, and the port status.

2.The show running-config int (type/#)show how port security was set up for this port including any sticky mac addresses learned.

19

What are the port security violation actions for the three types of violations?

1. Protect
Discards offending traffic.

2. Restrict
Discards offending traffic,sends log and SNMP messages, increments the the violation counter for each violating oncoming frame.

3. Shutdown
Restrict
Discards offending traffic,sends log and SNMP messages, increments the the violation counter for each violating oncoming frame.
And shutsdown the interface.

20

Once a switch port has been configured with port security, the switch no longer considers MAC addresses associated with that port as being dynamic entries as listed with the show mac address-table dynamic EXEC command. Even if the MAC addresses are dynamically learned, once port security has been enabled, you need to use one of these options to see the MAC table entries associated with ports using port security:

■ show mac address-table secure: Lists MAC addresses associated with ports that use port security

■ show mac address-table static: Lists MAC addresses associated with ports that use port security, as well as any other statically defined MAC addresses

21

Interface mode. Lists any information text that the engineer wants to track for the interface, such as the expected device on the other end of the cable.

description text

22

Reverts to the default setting for each interface subcommand of speed auto, duplex auto, and the absence of a description command.

no duplex
no speed
no description

23

Interface configuration mode command that tells the switch to always be an access port, or always be a trunk port

switchport mode {access | trunk}
I

24

Interface configuration mode command that statically adds a specific MAC address as an allowed MAC address on the interface

switchport port-security mac-address
mac-address

25

Interface subcommand that tells the switch to learn MAC addresses on the interface and add them to the configuration for the interface as secure MAC addresses

switchport port-security mac-address sticky

26

Interface subcommand that sets the maximum number of static secure MAC addresses that can be assigned to a single interface

switchport port-security maximum value
I

27

Interface subcommand that tells the switch what to do if an inappropriate MAC address tries to access the network through a secure switch port

switchport port-security violation {protect | restrict | shutdown}

28

Lists the currently used configuration

show running-config

29

Displays the running-configuration excerpt of the listed interface and its subcommands only

show running-config | interface type number

30

Lists the dynamically learned entries in the switch’s address (forwarding) table

show mac address-table dynamic [interface type number]