Lammle questions

Question 1

Enable Rapid Spanning Tree. Config

Answer 1

Switch(config)#spanning-tree mode rapid-pvst

Question 2

How do we know a spanning-tree network has converged?

Answer 2

All switch and bridge ports are assigned as either root or designated ports. When all bridges/switches have transitioned to either forwarding/blocking state.

Question 3

What are the two types of EtherChannels? What modes enable each?

Answer 3

Two types of EtherChannel: Cisco proprietary PAgP and the IEEE’s LACP.

For PAgP, use auto or desirable mode, and with LACP use passive or active

Question 4

What can you do to provide two switches higher bandwidth than the default configuration is already providing?

Answer 4

Place the links in the same EtherChannel bundle. Up to 8 ports between switches.

Question 5

What would put switch interfaces into EtherChannel port number 1, using LACP?

Answer 5

Switch(config)#interface port-channel 1

Switch(config-if)#channel-group 1 mode active

Question 6

What two commands would guarantee your switch to be the root bridge for VLAN 30?

Answer 6

spanning-tree vlan 30 priority 0

spanning-tree vlan 30 root primary

Question 7

Difference between TACACS+ and RADIUS

Answer 7

TACACS+ is Cisco proprietary (uses TCP also, port 49) (all AAA packets encrypted too) (multiprotocol support) (for devi ce administration)

RADIUS is an open standard (uses UDP also, port 1646/6, 1812/3) (only passwords encrypted) (authentication and authorization is combined) (for network access)

Question 8

Difference between SNMP v2 and v3

Answer 8

SNMP v2 sends passwords as clear-text (also UDP). SNMP v3 can authenticate and encrypt

Question 9

SNMP v3 three security modes and definitions

Answer 9

noAuthNoPriv: username authentication but no encryption

authNoPriv: MD5 or SHA (Secure Hash Algorithm) authentication but no encryption

authPriv: MD5 or SHA authentication and encryption

Question 10

Enable AAA on a router

Answer 10

aaa new-model

in global config mode

Question 11

What mitigates access layer threats?

Answer 11

Port security, DHCP snooping, dynamic ARP inspection, and identity-based networking

Question 12

What does DHCP snooping do?

Answer 12

DHCP snooping validates DHCP messages, builds and maintains the DHCP snooping binding database, and rate-limits DHCP traffic for trusted and untrusted sources.

Question 13

What are the HSRP (Hot Standby Router Protocol) states?

Answer 13

INIT, Learn, Listen, Speak, Standby, Active

Question 14

HSRPv1 and HSRPv2 attributes

Group #:
Virtual MAC address:
Multicast Address:
Port:

Answer 14

HSRP v1
Group #: 0-255
Virtual MAC address: 0000.0c07.acxx
Multicast Address: 224.0.0.2
Port: UDP port 1985

HSRP v2
Group #: 0-4095
Virtual MAC address: 0000.0c9f.fxxx
Multicast Address: 224.0.0.102
Port: UDP port 1985

Question 15

You want to configure RADIUS so your network devices have external authentication, but you also need to make sure you can fall back to local authentication. Which command will you use?

Answer 15

aaa authentication login default group MyRadiusGroup local

Question 16

What is Dynamic ARP Inspection (DAI)?

Answer 16

A security feature that verifies address resolution protocol (ARP) requests and responses in a network

Requires DHCP snooping for MAC-to-IP bindings

Question 17

Three roles for IEEE 802.1x standard

Answer 17

Client, authenticator, and authentication server

Question 18

What tables does EIGRP maintain in RAM

Answer 18

Neighbor, topology, and routing

Question 19

What do you do when troubleshooting EIGRP adjacency?

Answer 19

Interfaces between the devices are down.

The two routers have mismatching EIGRP autonomous system numbers.

Proper interfaces are not enabled for the EIGRP process.

An interface is configured as passive.

K values are mismatched.

EIGRP authentication is misconfigured

Question 20

What must match for two OSPF routers to become neighbors?

Answer 20

Area ID, stub area flag, authentication password if using one

Question 21

How is the default router-id chosen in OSPF

Answer 21

Cisco chooses the router ID by using the highest IP address of all configured loopback interfaces. If no loopback interfaces are configured with addresses, OSPF will choose the highest IP address of all active physical interfaces

Question 22

In OSPF, Hellos are sent to what IP address?

Answer 22

224.0.0.5

Question 23

Updates addressed to 224.0.0.6 are destined for which type of OSPF router?

Answer 23

224.0.0.6 is used on broadcast networks to reach the DR and BDR

Question 24

What must match for OSPF routers to create an adjacency?

Also, what other items might prevent adjacency?

Answer 24

The hello and dead timers must match, they must both be configured into the same area as well as being in the same subnet.

Also, if authentication is configured, that info must match as well.

Check if an ACL is set and if a passive interface is configured
Every OSPF router must use a different RID.

Question 25

What is the relationship with OSPFv3, IPv4, and RID

Answer 25

If you have IPv4 configured on the router, it is not mandatory that you configure the RID.

If you don’t have IPv4 configured on the router, it is mandatory that you configure the RID.

32-bit RID (router ID)

Question 26

Which command will show all the LSAs known by a router? OSPF

Answer 26

show ip ospf database

Question 27

Troubleshooting steps for OSPF

Answer 27

• Make sure interfaces are operational and enabled for OSPF
• Verify Hello and Dead Timers
• Make sure interfaces are in the same area
• Make sure no passive interfaces are configured

Question 28

What is the default port mode of Cisco switches?

What needs to be done to trunk between switches

Answer 28

Auto. Need to switch one to either on or desirable

Question 29

Which command will display the CHAP authentication process as it occurs between two routers in the network?

Answer 29

debug ppp authentication

Question 30

R1(config-router)# neighbor 10.10.200.1 remote-as 6200

What is 10.10.200.1?

What is 6200?

Answer 30

IP Address of neighbor

AS # of the remote router

Question 31

What are some GRE characteristics?

Answer 31

• GRE uses a protocol-type field in the GRE header so any layer 3 protocol can be used through the tunnel
• GRE is stateless and has no flow control
• GRE offers no security
• GRE creates additional overhead for tunneled packets—at least 24 bytes.

Question 32

What does it mean when you receive a flapping message when you configure your GRE tunnel?

Answer 32

It means you have used your tunnel interface address instead of the tunnel destination address

Question 33

What command will show you the IP addresses and tunnel source and destination addresses of the interfaces?

Answer 33

show interface tunnel 0

Question 34

What do you need to configure to use frame relay?

Answer 34

DLCI

Question 35

Difference between VPN and GRE tunnel

Answer 35

If you are looking to provide a secure method of connecting remote users to resources stored within a central location, you should probably implement a VPN. However, if you need to pass traffic over an otherwise incompatible network, a GRE tunnel should be implemented.

Question 36

Which two technologies are examples of layer 2 MPLS VPN technologies?

Answer 36

Virtual Private Lan Switch (VPLS) and Virtual Private Wire Service (VPWS) are two technologies that provide layer 2 MPLS VPN’s

Question 37

What are one-way requirements for voice traffic?

Answer 37

One-way requirements include latency < 150 ms, jitter <30 ms, and loss < 1%, and bandwidth needs to be 30 to 128 Kbps.

Question 38

On which SDN architecture layer does Cisco APIC-EM reside?

Answer 38

Control

Question 39

What is a trust boundary and what are some examples of trust boundaries?

Answer 39

A trust boundary is where packets are classified and marked. IP phones and the boundary between the ISP and enterprise networks are common examples of trust boundaries.

Question 40

What is the traditional Data Plane?

Answer 40

It is responsible for forwarding frames and packets from ingress to egress interfaces using protocols. Needs the control plane for good info.

Question 41

What is the traditional Control Plane?

Answer 41

For managing and controlling any forwarding table the data plane uses. Routing protocols are managed by control plane.

Question 42

What is the SDN Data Plane?

Answer 42

Contains network elements, meaning any physical or virtual device that deals with traffic

Question 43

What is the SDN Control Plane?

Answer 43

Software solution, provides centralized control of the router and switches that populate the data plane

Question 44

What is the SDN Application Plane?

Answer 44

Contains applications that communicate their network requirements towards the controller using APIs

Question 45

What are Southbound APIs?

List the southbound API standards

Answer 45

They are used for communication between controllers and network elements.

OpenFlow, NETCONF, onePK, OpFlex

Question 46

What are Northbound APIs?

Answer 46

Used for communication between SDN applications and controllers

Question 47

What are trust boundaries?

Answer 47

Point where packet marking (which identify traffic such as voice, data, or video) can be created, removes, or rewritten.

Question 48

What are the three ways of classifying traffic?

Answer 48

Marking, Addressing, and Application signatures

Question 49

What is NBAR?

Answer 49

Provides deep-packet inspection on layer 4 to 7 on a packet

Question 50

Explain the difference between Policers and Shapers in terms of where to deploy them, TCP resends, and jitter/delay

Answer 50

Policers: deploy them on the ingress if possible, more TCP resends (since theres a higher drop probability), and no jitter/delay

Shapers: deploy on the egress side, fewer TCP resends than policers, and introduces jitter/delay

Question 51

What is VTP pruning?

Answer 51

A way to preserve bandwidth, only sending the broadcast to trunk links that must actually have the info