Switch Part Deux

Question 1

To access Telnet or SSH

Answer 1

A switch needs a working IP configuration, as well as login security on the vty lines (password and/or username)

Question 2

Enable password

Answer 2

used to protect enable mode

Question 3

Parameters for usernames and passwords

Answer 3

login local line subcommand

username teresa password (or secret) giudice global config command

Question 4

AAA server

Answer 4

Switch sends message to the AAA server asking whether the name and password are allowed and the AAA server replies; usually use either the RADIUS or TACACS+ protocol

Question 5

Configuring SSH

Answer 5

1. use login local line subcommand
2. username teresa password(or secret) giudice global config command
3. ip domain-name example.com to configure a DNS domain name
4. Create encryption keys using the crypto key generate rsa global config command
5. ip ssh version 2 global config command for enhanced security

Question 6

Info about status of SSH on the switch

Answer 6

show ip ssh: status info about the SSH server itself

show ssh: shows info about each user currently connected into the switch

Question 7

Controlling support of Telnet and SSH command

Answer 7

transport input {all|none|telnet|ssh} vty subcommand

Question 8

service password-encryption

Answer 8

offers weak password encryption to all unencrypted passwords; usually start with 7

Question 9

MOTD bammer

Answer 9

Shown before the login prompt; used for temporary messages that can change from time to time (banner motd # message #) global config command

Question 10

Login banner

Answer 10

Shown before login prompt but after MOTD banner; used for permanent messages (banner login # message #) global config command

Question 11

Exec banner

Answer 11

shown after login prompt

Question 12

show history

Answer 12

lists commands currently held in the history buffer

Question 13

history size

Answer 13

from console or vty line config mode, sets number of commands saved in the history buffer

Question 14

terminal history size

Answer 14

from enable mode, set number of commands saved in the history buffer for this one terminal session

Question 15

logging console

Answer 15

global config command that enables syslog messages

Question 16

logging synchronous

Answer 16

console line subcommand that displays syslog messages only at more convenient times, such as after a show command

Question 17

Configuring IPv4 on a switch

Answer 17

1. interface vlan 1
2. ip address ip-address mask
3. no shutdown
4. ip default-gateway 192.168.1.1 global config command
5. ip name-server ip-address1 ip-address2

Question 18

Enabling DHCP on a switch

Answer 18

1. int vlan 1
2. no shutdown
3. ip address dhcp

show dhcp lease to view DHCP info

Question 19

duplex and speed

Answer 19

interface subcommands used to statically configure the duplex and speed of port

Question 20

Port security

Answer 20

identifies devices based on the source MAC address of Ethernet frames the devices send

Question 21

switch port violation

Answer 21

occurs whenever a new source MAC address arrives at the port, pushing the number of allowed MAC addresses past the allowed maximum

Question 22

sticky secure MAC addresses

Answer 22

Port security learns the MAC addresses off each port and stores those in the port security configuration (in the running-config file).

Question 23

Configuration of port security

3-6 are optional

Answer 23

1. make switch either a static access or trunk interface (switchport mode access (or trunk) if subcommand)
2. enable port security (switchport port-security if subcom)
3. switchport port-security maximum 5
4. siwtchport port-security violation {protect|restrict|shutdown}
5. switchport port-security mac-address
6. switchport port-security mac-address sticky

Question 24

Securing unused switch interfaces

Answer 24

Shutdown interface
make port a nontrunking interface
assign port to an unused VLAN via switchport access vlan 30
set native VLAN to an unused VLAN

Question 25

Reasons for choosing VLANs

Answer 25

1. reduces CPU overhead on each device by shrinking broadcast domain 2. reduce securtity risks 3. create more flexible designs 4. solve problems more quickly 5. reduce workload for STP

Question 26

VLAN trunking .....

Answer 26

Adds another header to the frame before sending it over the trunk that includes the VLAN ID

Question 27

802.1Q

Answer 27

trunking protocol that inserts a 4-byte VLAN header into the Ethernet header

Question 28

Native VLAN...

Answer 28

802.1Q does not add its header; both switches must agree on which VLAN is the native VLAN; supports connections to devices that do not understand trunking

Question 29

Layer 3 switches are known as....

Answer 29

Multilayer switches and they are based on the function between a layer 2 switch and a layer 3 router

Question 30

Layer 2 switches will not....

Answer 30

forward data between two VLANs

Question 31

Purpose of VLAN Trunking Protocol (VTP)

Answer 31

To dynamically advertise VLAN configuration information

Question 32

Dynamic Trunking Protocol

Answer 32

used for Cisco switches that support both the ISL and 802.1Q trunking methods

Question 33

switchport trunk encapsulation {dot1q|isl|negotiate}

Answer 33

used for Cisco switches that support both trunking methods or use DTP to negotiate the method

Question 34

Limit VLANs using this if subcommand:

Answer 34

switchport trunk allowed vlan {add|all|except|remove} 3-5

Question 35

Reasons a particular VLAN may be prevented to cross a trunk:

Answer 35

1. VLAN is removed from the trunk's allowed VLAN list 2. A VLAN dne in the switch's configuration 3. VLAN has been administratively disabled 4. A VLAN has been automatically pruned by VTP 5. STP has placed the trunk into a blocking state