Switch Part Deux Flashcards Preview

CCNA > Switch Part Deux > Flashcards

Flashcards in Switch Part Deux Deck (35):
1

To access Telnet or SSH

A switch needs a working IP configuration, as well as login security on the vty lines (password and/or username)

2

Enable password

used to protect enable mode

3

Parameters for usernames and passwords

login local line subcommand
username teresa password (or secret) giudice global config command

4

AAA server

Switch sends message to the AAA server asking whether the name and password are allowed and the AAA server replies; usually use either the RADIUS or TACACS+ protocol

5

Configuring SSH

1. use login local line subcommand
2. username teresa password(or secret) giudice global config command
3. ip domain-name example.com to configure a DNS domain name
4. Create encryption keys using the crypto key generate rsa global config command
5. ip ssh version 2 global config command for enhanced security

6

Info about status of SSH on the switch

show ip ssh: status info about the SSH server itself
show ssh: shows info about each user currently connected into the switch

7

Controlling support of Telnet and SSH command

transport input {all|none|telnet|ssh} vty subcommand

8

service password-encryption

offers weak password encryption to all unencrypted passwords; usually start with 7

9

MOTD bammer

Shown before the login prompt; used for temporary messages that can change from time to time (banner motd # message #) global config command

10

Login banner

Shown before login prompt but after MOTD banner; used for permanent messages (banner login # message #) global config command

11

Exec banner

shown after login prompt

12

show history

lists commands currently held in the history buffer

13

history size

from console or vty line config mode, sets number of commands saved in the history buffer

14

terminal history size

from enable mode, set number of commands saved in the history buffer for this one terminal session

15

logging console

global config command that enables syslog messages

16

logging synchronous

console line subcommand that displays syslog messages only at more convenient times, such as after a show command

17

Configuring IPv4 on a switch

1. interface vlan 1
2. ip address ip-address mask
3. no shutdown
4. ip default-gateway 192.168.1.1 global config command
5. ip name-server ip-address1 ip-address2

18

Enabling DHCP on a switch

1. int vlan 1
2. no shutdown
3. ip address dhcp

show dhcp lease to view DHCP info

19

duplex and speed

interface subcommands used to statically configure the duplex and speed of port

20

Port security

identifies devices based on the source MAC address of Ethernet frames the devices send

21

switch port violation

occurs whenever a new source MAC address arrives at the port, pushing the number of allowed MAC addresses past the allowed maximum

22

sticky secure MAC addresses

Port security learns the MAC addresses off each port and stores those in the port security configuration (in the running-config file).

23

Configuration of port security
(3-6 are optional)

1. make switch either a static access or trunk interface (switchport mode access (or trunk) if subcommand)
2. enable port security (switchport port-security if subcom)
3. switchport port-security maximum 5
4. siwtchport port-security violation {protect|restrict|shutdown}
5. switchport port-security mac-address
6. switchport port-security mac-address sticky

24

Securing unused switch interfaces

Shutdown interface
make port a nontrunking interface
assign port to an unused VLAN via switchport access vlan 30
set native VLAN to an unused VLAN

25

Reasons for choosing VLANs

1. reduces CPU overhead on each device by shrinking broadcast domain
2. reduce securtity risks
3. create more flexible designs
4. solve problems more quickly
5. reduce workload for STP

26

VLAN trunking .....

Adds another header to the frame before sending it over the trunk that includes the VLAN ID

27

802.1Q

trunking protocol that inserts a 4-byte VLAN header into the Ethernet header

28

Native VLAN...

802.1Q does not add its header; both switches must agree on which VLAN is the native VLAN; supports connections to devices that do not understand trunking

29

Layer 3 switches are known as....

Multilayer switches and they are based on the function between a layer 2 switch and a layer 3 router

30

Layer 2 switches will not....

forward data between two VLANs

31

Purpose of VLAN Trunking Protocol (VTP)

To dynamically advertise VLAN configuration information

32

Dynamic Trunking Protocol

used for Cisco switches that support both the ISL and 802.1Q trunking methods

33

switchport trunk encapsulation {dot1q|isl|negotiate}

used for Cisco switches that support both trunking methods or use DTP to negotiate the method

34

Limit VLANs using this if subcommand:

switchport trunk allowed vlan {add|all|except|remove} 3-5

35

Reasons a particular VLAN may be prevented to cross a trunk:

1. VLAN is removed from the trunk's allowed VLAN list
2. A VLAN dne in the switch's configuration
3. VLAN has been administratively disabled
4. A VLAN has been automatically pruned by VTP
5. STP has placed the trunk into a blocking state