Switch Part Deux Flashcards Preview

CCNA > Switch Part Deux > Flashcards

Flashcards in Switch Part Deux Deck (35):

To access Telnet or SSH

A switch needs a working IP configuration, as well as login security on the vty lines (password and/or username)


Enable password

used to protect enable mode


Parameters for usernames and passwords

login local line subcommand
username teresa password (or secret) giudice global config command


AAA server

Switch sends message to the AAA server asking whether the name and password are allowed and the AAA server replies; usually use either the RADIUS or TACACS+ protocol


Configuring SSH

1. use login local line subcommand
2. username teresa password(or secret) giudice global config command
3. ip domain-name example.com to configure a DNS domain name
4. Create encryption keys using the crypto key generate rsa global config command
5. ip ssh version 2 global config command for enhanced security


Info about status of SSH on the switch

show ip ssh: status info about the SSH server itself
show ssh: shows info about each user currently connected into the switch


Controlling support of Telnet and SSH command

transport input {all|none|telnet|ssh} vty subcommand


service password-encryption

offers weak password encryption to all unencrypted passwords; usually start with 7


MOTD bammer

Shown before the login prompt; used for temporary messages that can change from time to time (banner motd # message #) global config command


Login banner

Shown before login prompt but after MOTD banner; used for permanent messages (banner login # message #) global config command


Exec banner

shown after login prompt


show history

lists commands currently held in the history buffer


history size

from console or vty line config mode, sets number of commands saved in the history buffer


terminal history size

from enable mode, set number of commands saved in the history buffer for this one terminal session


logging console

global config command that enables syslog messages


logging synchronous

console line subcommand that displays syslog messages only at more convenient times, such as after a show command


Configuring IPv4 on a switch

1. interface vlan 1
2. ip address ip-address mask
3. no shutdown
4. ip default-gateway global config command
5. ip name-server ip-address1 ip-address2


Enabling DHCP on a switch

1. int vlan 1
2. no shutdown
3. ip address dhcp

show dhcp lease to view DHCP info


duplex and speed

interface subcommands used to statically configure the duplex and speed of port


Port security

identifies devices based on the source MAC address of Ethernet frames the devices send


switch port violation

occurs whenever a new source MAC address arrives at the port, pushing the number of allowed MAC addresses past the allowed maximum


sticky secure MAC addresses

Port security learns the MAC addresses off each port and stores those in the port security configuration (in the running-config file).


Configuration of port security
(3-6 are optional)

1. make switch either a static access or trunk interface (switchport mode access (or trunk) if subcommand)
2. enable port security (switchport port-security if subcom)
3. switchport port-security maximum 5
4. siwtchport port-security violation {protect|restrict|shutdown}
5. switchport port-security mac-address
6. switchport port-security mac-address sticky


Securing unused switch interfaces

Shutdown interface
make port a nontrunking interface
assign port to an unused VLAN via switchport access vlan 30
set native VLAN to an unused VLAN


Reasons for choosing VLANs

1. reduces CPU overhead on each device by shrinking broadcast domain
2. reduce securtity risks
3. create more flexible designs
4. solve problems more quickly
5. reduce workload for STP


VLAN trunking .....

Adds another header to the frame before sending it over the trunk that includes the VLAN ID



trunking protocol that inserts a 4-byte VLAN header into the Ethernet header


Native VLAN...

802.1Q does not add its header; both switches must agree on which VLAN is the native VLAN; supports connections to devices that do not understand trunking


Layer 3 switches are known as....

Multilayer switches and they are based on the function between a layer 2 switch and a layer 3 router


Layer 2 switches will not....

forward data between two VLANs


Purpose of VLAN Trunking Protocol (VTP)

To dynamically advertise VLAN configuration information


Dynamic Trunking Protocol

used for Cisco switches that support both the ISL and 802.1Q trunking methods


switchport trunk encapsulation {dot1q|isl|negotiate}

used for Cisco switches that support both trunking methods or use DTP to negotiate the method


Limit VLANs using this if subcommand:

switchport trunk allowed vlan {add|all|except|remove} 3-5


Reasons a particular VLAN may be prevented to cross a trunk:

1. VLAN is removed from the trunk's allowed VLAN list
2. A VLAN dne in the switch's configuration
3. VLAN has been administratively disabled
4. A VLAN has been automatically pruned by VTP
5. STP has placed the trunk into a blocking state