Commands and more

Question 1

Create a vlan

Answer 1

vlan ‘number’

Question 2

Command to place certain vlans are primary and secondary root

Answer 2

spanning-tree vlan ‘numbers’ root primary/secondary

Question 3

Name a vlan

Answer 3

vlan ‘number you want to name’

name ‘name’

Question 4

Make an accept port

Answer 4

Go into interface

switchport mode access
switchport access vlan

Question 5

Enable PortFast on interface

Answer 5

Go into interface

spanning-tree portfast

Question 6

Set up VTP

Answer 6

vtp domain ‘domain-name’
vtp mode [client/server/transparent]
vtp password ‘password’ ….for vtpv3

vtp version [1/2/3]
vtp pruning . if you want to prune

Question 7

Change spanning tree mode

Answer 7

Global config

spanning-tree mode [pvst/rapid-pvst/mst]

Question 8

Configure an SVI on a certain vlan

Answer 8

interface vlan ‘number’
ip address ~.~.~.~ -.-.-.-
no shutdown

Question 9

Set up a trunk and etherchannel. Only allow certain vlans. Layer 2.

Answer 9

Must go into interface and piut

no switchport mode access
no switchport access vlan ~
On interface

switchport trunk encapsulation [dot1q/isl]

channel-protocol [lacp/pagp]

channel-group ‘#’ mode [active/auto/desirable/on/passive]
no shutdown

no shutdown

switchport mode trunk

switchport trunk allowed vlan ‘vlans’

switchport trunk native vlan ~

Question 10

Set up a native vlan

Answer 10

switchport trunk native vlan ‘number’

Question 11

Verify vtp

Answer 11

show vtp status

Question 12

Verify spanning-tree

Answer 12

Show spanning-tree summary or show spanning-tree

Question 13

Verify vlan

Answer 13

Show vlan

Question 14

Verify etherchannel

Answer 14

show etherchannel summary

Question 15

Change priority of switch, for root bridge

Answer 15

In global config mode

spanning-tree vlan ~ priority ~

The lowest priority gets to be root bridge

Increments of 4096

Question 16

How do you change the priority of a port and what gets to be the priority?

Answer 16

In interface

spanning-tree vlan ~ port-priority ~

Increments of 64 and the lowest has traffic go to it

Question 17

What else can you do affect what port traffic will go to? How do you change it?

Answer 17

You change the cost

In interface

spanning-tree vlan ~ cost ~

Question 18

Which command gets you default gateways in some scenarios?

Answer 18

ipconfig

Question 19

AAA and dropping certain filter certain address-ranges on certain vlans

Answer 19

‘aaa new-model’

‘radius-server host ~.~.~.~ key ‘key’’

‘aaa authentication dot1x default group radius’

‘dot1x system-auth-control’ (globally enables 802.1x on switch)

‘interface ~’

‘dot1x port-control {force-authorized/force-unauthorized/auto}’

ip access-list standard boson 
#permit 180.190.20.0 0.0.0.255
#exit

‘(config)#vlan access-map MYMAP 10
(config-access-map)#match ip address boson
(config-access-map)#action forward/drop
(config-access-map)#vlan access-map MYMAP 20
(config-access-map)#action forward/drop’

Config global

Then apply to certain vlan
‘vlan filter MYMAP vlan-list ‘the one you want to apply to ‘

Everything gets dropped after first

vlan access-map [name] [sequence #] : creates a VACL with name [name] and places switch into access map config mode for sequence [seq. #] of the VACL.