Schoolarship Materials Science and Engineering North Carolina State University – USA

Materials Science and Engineering NC State Univ.

Graduate student positions in experimental materials science are available in the group of Prof. Melechko starting Spring 2009 and Fall 2009.
Possible research projects include:
1) synthesis of vertically aligned carbon nanofibers and their integration in microfabricated devices
2) application of carbon nanofibers in interfacing live cells in tissue, i.e. gene delivery, intracellular probes, multielectrode arrays
3) alloy nanoparticle formation and behavior on surfaces Graduate students will be utilizing electron microscopy and spectroscopy, plasma enhanced chemical vapor deposition, photolithography, thin film
deposition and other microfabrication tools. The applicant should have a strong interest in a general area of experimental nanotechnology and satisfy admission requirements for Materials Science and Engineering
Department, North Carolina State University.

The successful applicant will be offered a yearly stipend, full tuition coverage, and health benefits.
To apply: To apply please sent your application materials to  anatoli_melechko@ ncsu.edu

anatoli_melechko[ at]ncsu.edu

http://www.mse. ncsu.edu/ faculty/profiles .php?id=avmelech .

CCNA Semester 3 Module 6 — Answers and Questions

Options With Highlight Colours are Correct Answer

1. Refer to the exhibit. Which three statements describe the network design shown in the exhibit? (Choose three.)
This design will not scale easily.
The router merges the VLANs into a single broadcast domain.
This design uses more switch and router ports than are necessary.
This design exceeds the maximum number of VLANs that can be attached to a switch.
This design requires the use of the ISL or 802.1q protocol on the links between the switch and the router.
If the physical interfaces between the switch and router are operational, the devices on the different VLANs can communicate through the router.

2. A router has two FastEthernet interfaces and needs to connect to four VLANs in the local network. How can this be accomplished using the fewest number of physical interfaces without unnecessarily decreasing network performance?
Implement a router-on-a-stick configuration.
Add a second router to handle the inter-VLAN traffic.
Use a hub to connect the four VLANS with a FastEthernet interface on the router.
Interconnect the VLANs via the two additional FastEthernet interfaces.

3. Refer to the exhibit. All devices are configured as shown in the exhibit. PC2 can successfully ping the F0/0 interface on R1. PC2 cannot ping PC1. What might be the reason for this failure?
R1 interface F0/1 has not been configured for subinterface operation.
S1 interface F0/6 needs to be configured for operation in VLAN10.
S1 interface F0/8 is in the wrong VLAN.
S1 port F0/6 is not in VLAN10.

4. Refer to the exhibit. The commands for a router to connect to a trunked uplink are shown in the exhibit. A packet is received from IP address 192.168.1.54. The packet destination address is 192.168.1.120. What will the router do with this packet?
The router will forward the packet out interface FastEthernet 0/1.1 tagged for VLAN 10.
The router will forward the packet out interface FastEthernet 0/1.2 tagged for VLAN 60.
The router will forward the packet out interface FastEthernet 0/1.3 tagged for VLAN 120.
The router will not process the packet since the source and destination are on the same subnet.
The router will drop the packet since no network that includes the source address is attached to the router.

5. What distinguishes traditional routing from router-on-a-stick?
Traditional routing is only able to use a single switch interface. Router-on-a-stick can use multiple switch interfaces.
Traditional routing requires a routing protocol. Router-on-a-stick only needs to route directly connected networks.
Traditional routing uses one port per logical network. Router-on-a-stick uses subinterfaces to connect multiple logical networks to a single router port.
Traditional routing uses multiple paths to the router and therefore requires STP. Router-on-a-stick does not provide multiple connections and therefore eliminates the need for STP.

6. Which statement is true about ARP when inter-VLAN routing is being used on the network?
When router-on-a-stick inter-VLAN routing is in use, each subinterface has a separate MAC address to send in response to ARP requests.
When VLANs are in use, the switch responds to ARP requests with the MAC address of the port to which the PC is connected.
When router-on-a-stick inter-VLAN routing is in use, the router returns the MAC address of the physical interface in response to ARP requests.
When traditional inter-VLAN routing is in use, devices on all VLANs use the same physical router interface as their source of proxy ARP responses.

7. What two statements are true regarding the use of subinterfaces for inter-VLAN routing? (Choose two.)
subinterfaces have no contention for bandwidth
more switch ports required than in traditional inter-VLAN routing
fewer router ports required than in traditional inter-VLAN routing
simpler Layer 3 troubleshooting than with traditional inter-VLAN routing
less complex physical connection than in traditional inter-VLAN routing

8. Which three elements must be used when configuring a router interface for VLAN trunking? (Choose three.)
one subinterface per VLAN
one physical interface for each subinterface
one IP network or subnetwork for each subinterface
one trunked link per VLAN
a management domain for each subinterface
a compatible trunking protocol encapsulation for each subinterface

9. Refer to the exhibit. Which two statements are true about the operation of the subinterfaces? (Choose two.)
Incoming traffic that has a VLAN ID of 2 is processed by subinterface fa0/0.2.
Incoming traffic with VLAN ID 0 is processed by interface fa0/0.
Subinterfaces use unique MAC addresses by adding the 802.1Q VLAN ID to the hardware address.
Traffic inbound on this router is processed by different subinterfaces, depending on the VLAN from which the traffic originated.
Reliability of both subinterfaces is poor because ARP is timing out.
Both subinterfaces remain up with line protocol up, even if fa0/0 line protocol is down.

10. Refer to the exhibit. Port Fa0/0 on router R1 is connected to port Fa0/1 on switch S1. After the commands shown are entered on both devices, the network administrator determines that the devices on VLAN 2 are unable to ping the devices on VLAN 1. What is the likely problem?
R1 is configured for router-on-a-stick, but S1 is not configured for trunking.
R1 does not have the VLANs entered in the VLAN database.
Spanning Tree Protocol is blocking port Fa0/0 on R1.
The subinterfaces on R1 have not been brought up with the no shutdown command yet.

11. Refer to the exhibit. PC1 has attempted to ping PC2 but has been unsuccessful. What could account for this failure?
PC1 and R1 interface F0/0.1 are on different subnets.
The encapsulation is missing on the R1 interface F0/0.
An IP address has not been assigned to the R1 physical interface.
The encapsulation command on the R1 F0/0.3 interface is incorrect.

12. Refer to the exhibit. R1 is routing between networks 192.168.10.0/28 and 192.168.30.0/28. PC1 can ping R1 interface F0/1, but cannot ping PC3. What is causing this failure?
PC1 and PC3 are not in the same VLAN.
The PC3 network address configuration is incorrect.
The S1 interface F0/11 should be assigned to VLAN30.
The F0/0 and F0/1 interfaces on R1 must be configured as trunks.

13. Devices on the network are connected to a 24-port Layer 2 switch that is configured with VLANs. Switch ports 0/2 to 0/4 are assigned to VLAN 10. Ports 0/5 to 0/8 are assigned to VLAN 20, and ports 0/9 to 0/12 are assigned to VLAN 30. All other ports are assigned to the default VLAN. Which solution allows all VLANs to communicate between each other while minimizing the number of ports necessary to connect the VLANs?
Configure ports 0/13 to 0/16 with the appropriate IP addresses to perform routing between VLANs.
Add a router to the topology and configure one FastEthernet interface on the router with multiple subinterfaces for VLANs 1, 10, 20, and 30.
Obtain a router with multiple LAN interfaces and configure each interface for a separate subnet, thereby allowing communication between VLANs.
Obtain a Layer 3 switch and configure a trunk link between the switch and router, and configure the router physical interface with an IP address on the native VLAN.

14. Which two statements are true about the interface fa0/0.10 command? (Choose two.)
The command applies VLAN 10 to router interface fa0/0.
The command is used in the configuration of router-on-a-stick inter-VLAN routing.
The command configures a subinterface.
The command configures interface fa0/0 as a trunk link.
Because the IP address is applied to the physical interface, the command does not include an IP address.

15. Refer to the exhibit. What two conclusions can be drawn from the output that is shown? (Choose two.)
The no shutdown command has not been issued on the FastEthernet 0/0 interface.
Both of the directly connected routes that are shown will share the same physical interface of the router.
A routing protocol must be configured on the network in order for the inter-VLAN routing to be successful.
Inter-VLAN routing between hosts on the 172.17.10.0/24 and 172.17.30.0/24 networks is successful on this network.
Hosts in this network must be configured with the IP address that is assigned to the router physical interface as their default gateway.

16. What are the steps which must be completed in order to enable inter-VLAN routing using router-on-a-stick?
Configure the physical interfaces on the router and enable a routing protocol.
Create the VLANs on the router and define the port membership assignments on the switch.
Create the VLANs on the switch to include port membership assignment and enable a routing protocol on the router.
Create the VLANs on the switch to include port membership assignment and configure subinterfaces on the router matching the VLANs.

17. Refer to the exhibit. The network administrator correctly configures RTA to perform inter-VLAN routing. The administrator connects RTA to port 0/4 on SW2, but inter-VLAN routing does not work. What could be the possible cause of the problem with the SW2 configuration?
Port 0/4 is not active.
Port 0/4 is not a member of VLAN1.
Port 0/4 is configured in access mode.
Port 0/4 is using the wrong trunking protocol.

18. What is important to consider while configuring the subinterfaces of a router when implementing inter-VLAN routing?
The physical interface must have an IP address configured.
The subinterface numbers must match the VLAN ID number.
The no shutdown command must be given on each subinterface.
The IP address of each subinterface must be the default gateway address for each VLAN subnet.

19. in which situation could individual router physical interfaces be used for InterVLAN routing, instead of a router-on-a-stick configuration?
a network with more than 100 subnetworks
a network with a limited number of VLANs
a network with experienced support personnel
a network using a router with one LAN interface

20. Refer to the exhibit. Switch1 is correctly configured for the VLANs that are displayed in the graphic. The configuration that is shown was applied to RTA to allow for interVLAN connectivity between hosts attached to Switch1. After testing the network, the administrator logged the following report:
Hosts within each VLAN can communicate with each other.
Hosts in VLAN5 and VLAN33 are able to communicate with each other.
Hosts connected to Fa0/1 through Fa0/5 do not have connectivity to host in other VLANs.
Why are hosts connected to Fa0/1 through Fa0/5 unable to communicate with hosts in different VLANs?
The router interface is shut down.
The VLAN IDs do not match the subinterface numbers.
All of the subinterface addresses on the router are in the same subnet.
The router was not configured to forward traffic for VLAN2.
The physical interface, FastEthernet0/0, was not configured with an IP address.

CCNA Semester 3: Module 5 — Answers and Questions

CCNA 3:Module 5

;

Options With Highlight Colours are Correct Answer

1. Which two statements are true about the default operation of STP in a Layer 2 switched environment that has redundant connections between switches? (Choose two.)

The root switch is the switch with the highest speed ports.
Decisions on which port to block when two ports have equal cost depend on the port priority and identity.
All trunking ports are designated and not blocked.
Root switches have all ports set as root ports.
Non-root switches each have only one root port.

2. Which two statements describe the BIDs used in a spanning tree topology? (Choose two.)
They are sent out by the root bridge only after the inferior BPDUs are sent.
They consist of a bridge priority and MAC address.
Only the root bridge will send out a BID.
They are used by the switches in a spanning tree topology to elect the root bridge.
The switch with the fastest processor will have the lowest BID.

3. In which two ways is the information that is contained in BPDUs used by switches? (Choose two.)
to negotiate a trunk between switches
to set the duplex mode of a redundant link
to identify the shortest path to the root bridge
to prevent loops by sharing bridging tables between connected switches
to determine which ports will forward frames as part of the spanning tree

4. Which two actions does an RSTP edge port take if it receives a BPDU? (Choose two.)
immediately loses its edge status
inhibits the generation of a TCN
goes immediately to a learning state
disables itself
becomes a normal spanning-tree port

5. Refer to the exhibit. All switches in the network have empty MAC tables. STP has been disabled on the switches in the network. How will a broadcast frame that is sent by host PC1 be handled on the network?
Switch SW1 will block the broadcast and drop the frame.
Switch SW1 will forward the broadcast out all switch ports, except the originating port. This will generate an endless loop in the network.
Switch SW1 will forward the broadcast out all switch ports, except the originating port. All hosts in the network will replay with a unicast frame sent to host PC1.
Switch SW1 will forward the traffic out all switch ports except the originating port as a unicast frame. All hosts in the network will replay with a unicast frame sent to switch SW1.

6. Which two items are true regarding the spanning-tree portfast command? (Choose two.)
PortFast is Cisco proprietary.
PortFast can negatively effect DHCP services.
PortFast is used to more quickly prevent and eliminate bridging loops.
Enabling PortFast on trunks that connect to other switches improves convergence.
If an access port is configured with PortFast, it immediately transitions from a blocking to a forwarding state.

7. Refer to the exhibit. Server sends an ARP request for the MAC address of its default gateway. If STP is not enabled, what will be the result of this ARP request?
Router_1 will drop the broadcast and reply with the MAC address of the next hop router.
Switch_A will reply with the MAC address of the Router_1 E0 interface.
Switch_A and Switch_B will continuously flood the message onto the network.
The message will cycle around the network until its TTL is exceeded.

8. What is the first step in the process of convergence in a spanning tree topology?
election of the root bridge
blocking of the non-designated ports
selection of the designated trunk port
determination of the designated port for each segment

9. How can a network administrator influence which STP switch becomes the root bridge?
Configure all the interfaces on the switch as the static root ports.
Change the BPDU to a lower value than that of the other switches in the network.
Assign a lower IP address to the switch than that of the other switches in the network.
Set the switch priority to a smaller value than that of the other switches in the network.

10. Refer to the exhibit. The spanning-tree port priority of each interface is at the default setting. The network administrator enters the spanning-tree vlan 1 root primary command on S4. What is the effect of the command?
Spanning tree blocks Gi0/1 on S3.
Gi0/2 on S3 transitions to a root port.
Port priority makes Gi0/2 on S1 a root port.
S4 is already the root bridge, so there are no port changes.

11. What two features of the Spanning-Tree Protocol contribute to the time it takes for a switched network to converge after a topology change occurs? (Choose two.)
the max-age timer
the spanning-tree hold down timer
the forward delay
the spanning-tree path cost
the blocking delay

12. In which STP state does a port record MAC addresses but not forward user data?
blocking
Learning
disabling
listening
forwarding

13. Which three statements are accurate regarding RSTP and STP? (Choose three.)
RSTP uses a faster algorithm to determine root ports.
RSTP introduced the extended system ID to allow for more than 4096 VLANs.
Both RSTP and STP use the portfast command to allow ports to immediately transition to forwarding state.
Like STP PortFast, an RSTP edge port that receives a BPDU loses its edge port status immediately and becomes a normal spanning-tree port.
Configuration commands to establish primary and secondary root bridges are identical for STP and RSTP.
Because of the format of the BPDU packet, RSTP is backward compatible with STP.

14. What two elements will exist in a converged network with one spanning tree? (Choose two.)
one root bridge per network
all non-designated ports forwarding
one root port per non-root bridge
multiple designated ports per segment
one designated port per network

15. Which statement or set of paired statements correctly compares STP with RSTP?
STP and RSTP use the same BPDU format.
STP specifies backup ports. RSTP has only root ports, alternate ports, and designated ports.
STP port states are independent of port roles. RSTP ties together the port state and port role.
STP waits for the network to converge before placing ports into forwarding state. RSTP places alternate ports into forwarding state immediately.

16. Refer to the exhibit. What can be determined from the output shown?
Two hosts communicating between ports Fa0/2 and Fa0/4 have a cost of 38.
The priority was statically configured to identify the root.
STP is disabled on this switch.
The timers have been altered to reduce convergence time.

17. Which two criteria does a switch use to select the root bridge? (Choose two.)
bridge priority
switching speed
number of ports
base MAC address
switch location
memory size

18. What three link types have been defined for Rapid Spanning-Tree Protocol? (Choose three.)
Shared
end-to-end
edge-type
boundary-type
point-to-many
point-to-point

19. What Rapid Spanning Tree Protocol (RSTP) role is assigned to the forwarding port elected for every switched Ethernet LAN segment?
alternate
backup
Designated
root

20. When PVST+ was developed, the Bridge ID was modified to include which information?
bridge priority
MAC address
protocol
VLAN ID

Common Security Attacks

Telnet Attacks

The Telnet protocol can be used by an attacker to gain remote access to a Cisco network switch. In an earlier topic, you configured a login password for the vty lines and set the lines to require password authentication to gain access. This provides an essential and basic level of security to help protect the switch from unauthorized access. However, it is not a secure method of securing access to the vty lines. There are tools available that allow an attacker to launch a brute force password cracking attack against the vty lines on the switch.

Brute Force Password Attack

The first phase of a brute force password attack starts with the attacker using a list of common passwords and a program designed to try to establish a Telnet session using each word on the dictionary list. Luckily, you are smart enough not use a dictionary word, so you are safe for now. In the second phase of a brute force attack, the attacker uses a program that creates sequential character combinations in an attempt to “guess” the password. Given enough time, a brute force password attack can crack almost all passwords used.

The simplest thing that you can do to limit the vulnerability to brute force password attacks is to change your passwords frequently and use strong passwords randomly mixing upper and lowercase letters with numerals. More advanced configurations allow you to limit who can communicate with the vty lines by using access lists, but that is beyond the scope of this course.

DoS Attack

Another type of Telnet attack is the DoS attack. In a DoS attack, the attacker exploits a flaw in the Telnet server software running on the switch that renders the Telnet service unavailable. This sort of attack is mostly a nuisance because it prevents an administrator from performing switch management functions.

Vulnerabilities in the Telnet service that permit DoS attacks to occur are usually addressed in security patches that are included in newer Cisco IOS revisions. If you are experiencing a DoS attack against the Telnet service, or any other service on a Cisco device, check to see if there is a newer Cisco IOS revision available.

MAC Address Flooding

MAC Address Flooding

Unfortunately, basic switch security does not stop malicious attacks from occurring. In this topic, you will learn about a few common security attacks and how dangerous they are. This topic provides introductory level information about security attacks. The details of how some of these common attacks work are beyond the scope of the course. If you find network security of interest, you should explore the course CCNA Exploration: Accessing the WAN.

MAC Address Flooding

MAC address flooding is a common attack. Recall that the MAC address table in a switch contains the MAC addresses available on a given physical port of a switch and the associated VLAN parameters for each. When a Layer 2 switch receives a frame, the switch looks in the MAC address table for the destination MAC address. All Catalyst switch models use a MAC address table for Layer 2 switching. As frames arrive on switch ports, the source MAC addresses are learned and recorded in the MAC address table. If an entry exists for the MAC address, the switch forwards the frame to the MAC address port designated in the MAC address table. If the MAC address does not exist, the switch acts like a hub and forwards the frame out every port on the switch. MAC address table overflow attacks are sometimes referred to as MAC flooding attacks. To understand the mechanism of a MAC address table overflow attack, recall the basic operation of a switch.

Click the Step 1 button in the figure to see how MAC address table overflow attack begins.

In the figure, host A sends traffic to host B. The switch receives the frames and looks up the destination MAC address in its MAC address table. If the switch cannot find the destination MAC in the MAC address table, the switch then copies the frame and broadcasts it out every switch port.

Click the Step 2 button in the figure to see the next step.

Host B receives the frame and sends a reply to host A. The switch then learns that the MAC address for host B is located on port 2 and writes that information into the MAC address table.

Host C also receives the frame from host A to host B, but because the destination MAC address of that frame is host B, host C drops that frame.

Click the Step 3 button in the figure to see the next step.

Now, any frame sent by host A (or any other host) to host B is forwarded to port 2 of the switch and not broadcast out every port.

The key to understanding how MAC address table overflow attacks work is to know that MAC address tables are limited in size. MAC flooding makes use of this limitation to bombard the switch with fake source MAC addresses until the switch MAC address table is full. The switch then enters into what is known as a fail-open mode, starts acting as a hub, and broadcasts packets to all the machines on the network. As a result, the attacker can see all of the frames sent from a victim host to another host without a MAC address table entry.

Click the Step 4 button in the figure to see how an attacker uses legitimate tools maliciously.

The figure shows how an attacker can use the normal operating characteristics of the switch to stop the switch from operating.

MAC flooding can be performed using a network attack tool. The network intruder uses the attack tool to flood the switch with a large number of invalid source MAC addresses until the MAC address table fills up. When the MAC address table is full, the switch floods all ports with incoming traffic because it cannot find the port number for a particular MAC address in the MAC address table. The switch, in essence, acts like a hub.

Some network attack tools can generate 155,000 MAC entries on a switch per minute. Depending on the switch, the maximum MAC address table size varies. In the figure, the attack tool is running on the host with MAC address C in the bottom right of the screen. This tool floods a switch with packets containing randomly generated source and destination MAC and IP addresses. Over a short period of time, the MAC address table in the switch fills up until it cannot accept new entries. When the MAC address table fills up with invalid source MAC addresses, the switch begins to forward all frames that it receives to every port.

Click the Step 5 button in the figure to see the next step.

As long as the network attack tool is left running, the MAC address table on the switch remains full. When this happens, the switch begins to broadcast all received frames out every port so that frames sent from host A to host B are also broadcast out of port 3 on the switch.

CCNA Semester 3 Module 3 : Answers and Questions

Options With Highlight Colours are Correct Answer

1. Refer to the exhibit. The switches in the exhibit are connected with trunks within the same VTP management domain. Each switch is labeled with its VTP mode. A new VLAN is added to Switch3. This VLAN does not show up on the other switches. What is the reason for this?
VLANs cannot be created on transparent mode switches.
Transparent mode switches do not forward VTP advertisements.
VLANs created on transparent mode switches are not included in VTP advertisements.
Server mode switches neither listen to nor forward VTP messages from transparent mode switches.

2. Which two statements are true about the implementation of VTP? (Choose two.)
Switches must be connected via trunks.
The VTP domain name is case sensitive.
Transparent mode switches cannot be configured with new VLANs.
The VTP password is mandatory and case sensitive.
Switches that use VTP must have the same switch name.

3. Which two statements describe VTP transparent mode operation? (Choose two.)
Transparent mode switches can create VLAN management information.
Transparent mode switches can add VLANs of local significance only.
Transparent mode switches pass any VLAN management information that they receive to other switches.
Transparent mode switches can adopt VLAN management changes that are received from other switches.
Transparent mode switches originate updates about the status of their VLANS and inform other switches about that status.

4. Which three VTP parameters must be identical on all switches to participate in the same VTP domain? (Choose three.)
revision number
domain name
pruning
mode
domain password
version number

5. What causes a VTP configured switch to issue a summary advertisement?
A five-minute update timer has elapsed.
A port on the switch has been shutdown.
The switch is changed to the transparent mode.
A new host has been attached to a switch in the management domain.

6. Refer to the exhibit. Switches SW1 and SW2 are interconnected via a trunk link but failed to exchange VLAN information. The network administrator issued the show vtp status command to troubleshoot the problem. On the basis of the provided command output, what could be done to correct the problem?
Switch SW2 must be configured as a VTP client.
The switches must be interconnected via an access link.
The switches must be configured with the same VTP domain name.
Both switches must be configured with the same VTP revision number.

7. Refer to the exhibit. Which two facts can be confirmed by this output? (Choose two.)
If this switch is added to an established network, the other VTP-enabled switches in the same VTP domain will consider their own VLAN information to be more recent than the VLAN information advertised by this switch.
This switch shows no configuration revision errors.
This switch has established two-way communication with the neighboring devices.
This switch is configured to advertise its VLAN configuration to other VTP-enabled switches in the same VTP domain.
This switch is configured to allows the network manager to maximize bandwidth by restricting traffic to specific network devices.

8. Refer to the exhibit. Switch S1 is in VTP server mode. Switches S2 and S3 are in client mode. An administrator accidentally disconnects the cable from F0/1 on S2. What will the effect be on S2?
S2 will automatically transition to VTP transparent mode.
S2 will remove all VLANs from the VLAN database until the cable is reconnected.
S2 will retain the VLANs as of the latest known revision, but will lose the VLANs if it is reloaded.
S2 will automatically send a VTP request advertisement to 172.17.99.11 when the cable is reconnected.

9. Refer to the exhibit. What information can be learned from the output provided?
It verifies the configured VTP password.
It verifies the VTP domain is configured to use VTP version 2.
It verifies VTP advertisements are being exchanged.
It verifies the VTP domain name is V1.

10. How are VTP messages sent between switches in a domain?
Layer 2 broadcast
Layer 2 multicast
Layer 2 unicast
Layer 3 broadcast
Layer 3 multicast
Layer 3 unicast

11. What statement describes the default propagation of VLANs on a trunked link?
only VLAN 1
all VLANs
no VLANs
the native VLAN

12. Which two statements are true about VTP pruning? (Choose two.)
Pruning is enabled by default.
Pruning can only be configured on VTP servers.
Pruning must be configured on all VTP servers in the domain.
VLANs on VTP client-mode switches will not be pruned.
Pruning will prevent unnecessary flooding of broadcasts across trunks.

13. What does a client mode switch in a VTP management domain do when it receives a summary advertisement with a revision number higher than its current revision number?
It suspends forwarding until a subset advertisement update arrives.
It issues an advertisement request for new VLAN information.
It increments the revision number and forwards it to other switches.
It deletes the VLANs not included in the summary advertisement.
It issues summary advertisements to advise other switches of status changes.

14. Refer to the exhibit. All switches in the network participate in the same VTP domain. What happens when the new switch SW2 with a default configuration and revision number of 0 is inserted in the existing VTP domain Lab_Network?
The switch operates as a VTP client.
The switch operates in VTP transparent mode.
The switch operates as a VTP server and deletes the existing VLAN configuration in the domain.
The switch operates as a VTP server, but does not impact the existing VLAN configuration in the domain.
The switch operates as a VTP server in the default VTP domain and does not affect the configuration in the existing VTP domain.

15. What are two features of VTP client mode operation? (Choose two.)
unable to add VLANs
can add VLANs of local significance
forward broadcasts out all ports with no respect to VLAN information
can only pass VLAN management information without adopting changes
can forward VLAN information to other switches in the same VTP domain

16. Refer to the exhibit. S2 was previously used in a lab environment and has been added to the production network in server mode. The lab and production networks use the same VTP domain name, so the network administrator made no configuration changes to S2 before adding it to the production network. The lab domain has a higher revision number. After S2 was added to the production network, many computers lost network connectivity. What will solve the problem?
Reset the revision number on S2 with either the delete VTP command or by changing the domain name and then changing it back.
Re-enter all appropriate VLANs, except VLAN 1, manually on Switch1 so that they propagate throughout the network.*
Change S1 to transparent VTP mode to reclaim all VLANs in vlan.dat and change back to server mode.
Change S2 to client mode so the VLANs will automatically propagate.

17. A network administrator is replacing a failed switch with a switch that was previously on the network. What precautionary step should the administrator take on the replacement switch to avoid incorrect VLAN information from propagating through the network?
Enable VTP pruning.
Change the VTP domain name.
Change the VTP mode to client.
Change all the interfaces on the switch to access ports.

18. Refer to the exhibit. Switch1 is not participating in the VTP management process with the other switches that are shown in the exhibit. What are two possible explanations for this? (Choose two.)
Switch1 is in client mode.
Switch2 is in server mode.
Switch2 is in transparent mode.
Switch1 is in a different management domain.
Switch1 has end devices that are connected to the ports.
Switch1 is using VTP version 1, and Switch2 is using VTP version 2.

19. Refer to the exhibit. All switches in the VTP domain are new. Switch SW1 is configured as a VTP server, switches SW2 and SW4 are configured as VTP clients, and switch SW3 is configured in VTP transparent mode. Which switch or switches receive VTP updates and synchronize their VLAN configuration based on those updates?
All switches receive updates and synchronize VLAN information.
Only switch SW2 receives updates and synchronizes VLAN information.
Only switches SW3 and SW4 receive updates and synchronize VLAN information.
SW3 and SW4 receive updates, but only switch SW4 synchronizes VLAN information.

20. Which statement is true when VTP is configured on a switched network that incorporates VLANs?
VTP is only compatible with the 802.1Q standard.
VTP adds to the complexity of managing a switched network.
VTP allows a switch to be configured to belong to more than one VTP domain.
VTP dynamically communicates VLAN changes to all switches in the same VTP domain.

Back up Configuration Files to a TFTP Server

Back up Configuration Files to a TFTP Server

Once you have configured your switch with all the options you want to set, it is a good idea to back up the configuration on the network where it can then be archived along with the rest of your network data being backed up nightly. Having the configuration stored safely off the switch protects it in the event there is some major catastrophic problem with your switch.

Some switch configurations take many hours to get working correctly. If you lost the configuration because of switch hardware failure, a new switch needs to be configured. If there is a backup configuration for the failed switch, it can be loaded quickly onto the new switch. If there is no backup configuration, you must configure the new switch from scratch.

You can use TFTP to back up your configuration files over the network. Cisco IOS software comes with a built-in TFTP client that allows you to connect to a TFTP server on your network.

Note: There are free TFTP server software packages available on the Internet that you can use if you do not already have a TFTP server running. One commonly used TFTP server is from http://www.solarwinds.com.

Backing up the Configuration

To upload a configuration file from a switch to a TFTP server for storage, follow these steps:

Step 1. Verify that the TFTP server is running on your network.

Step 2. Log in to the switch through the console port or a Telnet session. Enable the switch and then ping the TFTP server.

Step 3. Upload the switch configuration to the TFTP server. Specify the IP address or hostname of the TFTP server and the destination filename. The Cisco IOS command is: #copy system:running-config tftp:[[[//location]/directory]/filename] or #copy nvram:startup-config tftp:[[[//location]/directory]/filename].

The figure shows an example of backing up the configuration to a TFTP server.

Restoring the Configuration

Once the configuration is stored successfully on the TFTP server, it can be copied back to the switch using the following steps:

Step 1. Copy the configuration file to the appropriate TFTP directory on the TFTP server if it is not already there.

Step 2. Verify that the TFTP server is running on your network.

Step 3. Log in to the switch through the console port or a Telnet session. Enable the switch and then ping the TFTP server.

Step 4. Download the configuration file from the TFTP server to configure the switch. Specify the IP address or hostname of the TFTP server and the name of the file to download. The Cisco IOS command is: #copy tftp:[[[//location]/directory]/filename] system:running-config or #copy tftp:[[[//location]/directory]/filename] nvram:startup-config.

If the configuration file is downloaded into the running-config, the commands are executed as the file is parsed line by line. If the configuration file is downloaded into the startup-config, the switch must be reloaded for the changes to take effect.

Switch Packet Forwarding Methods

Switch Packet Forwarding Methods

In this topic, you will learn how switches forward Ethernet frames on a network. Switches can operate in different modes that can have both positive and negative effects.

In the past, switches used one of the following forwarding methods for switching data between network ports: store-and-forward or cut-through switching. Referencing the Switch Forwarding Methods button shows these two methods. However, store-and-forward is the sole forwarding method used on current models of Cisco Catalyst switches.

Store-and-Forward Switching

In store-and-forward switching, when the switch receives the frame, it stores the data in buffers until the complete frame has been received. During the storage process, the switch analyzes the frame for information about its destination. In this process, the switch also performs an error check using the Cyclic Redundancy Check (CRC) trailer portion of the Ethernet frame.

CRC uses a mathematical formula, based on the number of bits (1s) in the frame, to determine whether the received frame has an error. After confirming the integrity of the frame, the frame is forwarded out the appropriate port toward its destination. When an error is detected in a frame, the switch discards the frame. Discarding frames with errors reduces the amount of bandwidth consumed by corrupt data. Store-and-forward switching is required for Quality of Service (QoS) analysis on converged networks where frame classification for traffic prioritization is necessary. For example, voice over IP data streams need to have priority over web-browsing traffic.

Click on the Store-and-Forward Switching button and play the animation for a demonstration of the store-and-forward process.

Cut-through Switching

In cut-through switching, the switch acts upon the data as soon as it is received, even if the transmission is not complete. The switch buffers just enough of the frame to read the destination MAC address so that it can determine to which port to forward the data. The destination MAC address is located in the first 6 bytes of the frame following the preamble. The switch looks up the destination MAC address in its switching table, determines the outgoing interface port, and forwards the frame onto its destination through the designated switch port. The switch does not perform any error checking on the frame. Because the switch does not have to wait for the entire frame to be completely buffered, and because the switch does not perform any error checking, cut-through switching is faster than store-and-forward switching. However, because the switch does not perform any error checking, it forwards corrupt frames throughout the network. The corrupt frames consume bandwidth while they are being forwarded. The destination NIC eventually discards the corrupt frames.

Click on the Cut-Through Switching button and play the animation for a demonstration of the cut-through switching process.

There are two variants of cut-through switching:

Fast-forward switching: Fast-forward switching offers the lowest level of latency. Fast-forward switching immediately forwards a packet after reading the destination address. Because fast-forward switching starts forwarding before the entire packet has been received, there may be times when packets are relayed with errors. This occurs infrequently, and the destination network adapter discards the faulty packet upon receipt. In fast-forward mode, latency is measured from the first bit received to the first bit transmitted. Fast-forward switching is the typical cut-through method of switching.
Fragment-free switching: In fragment-free switching, the switch stores the first 64 bytes of the frame before forwarding. Fragment-free switching can be viewed as a compromise between store-and-forward switching and cut-through switching. The reason fragment-free switching stores only the first 64 bytes of the frame is that most network errors and collisions occur during the first 64 bytes. Fragment-free switching tries to enhance cut-through switching by performing a small error check on the first 64 bytes of the frame to ensure that a collision has not occurred before forwarding the frame. Fragment-free switching is a compromise between the high latency and high integrity of store-and-forward switching, and the low latency and reduced integrity of cut-through switching.

Some switches are configured to perform cut-through switching on a per-port basis until a user-defined error threshold is reached and then they automatically change to store-and-forward. When the error rate falls below the threshold, the port automatically changes back to cut-through switching.

CCNA 3 Module 3 : Answers and Questions

Options With Highlight Colours are Correct Answer

1. What statement about the 802.1q trunking protocol is true?
802.1q is Cisco proprietary.
802.1q frames are mapped to VLANs by MAC address.
802.1q does NOT require the FCS of the original frame to be recalculated.
802.1q will not perform operations on frames that are forwarded out access ports.

2. Which two statements describe the benefits of VLANs? (Choose two.)
VLANs improve network performance by regulating flow control and window size.
VLANs enable switches to route packets to remote networks via VLAN ID filtering.
VLANs reduce network cost by reducing the number of physical ports required on switches.
VLANs improve network security by isolating users that have access to sensitive data and applications.
VLANs divide a network into smaller logical networks, resulting in lower susceptibility to broadcast storms.

3. What are two characteristics of VLAN1 in a default switch configuration? (Choose two.)
VLAN1 should renamed.
VLAN 1 is the management VLAN.
All switch ports are members of VLAN1.
Only switch port 0/1 is assigned to VLAN1.
Links between switches must be members of VLAN1.

4. Refer to the exhibit. SW1 and SW2 are new switches being installed in the topology shown in the exhibit. Interface Fa0/1 on switch SW1 has been configured with trunk mode “on”. Which statement is true about forming a trunk link between the switches SW1 and SW2?
Interface Fa0/2 on switch SW2 will negotiate to become a trunk link if it supports DTP.
Interface Fa0/2 on switch SW2 can only become a trunk link if statically configured as a trunk.
Interface Fa0/1 converts the neighboring link on the adjacent switch into a trunk link if the neighboring interface is configured in nonegotiate mode.
Interface Fa0/1 converts the neighboring link on the adjacent switch into a trunk link automatically with no consideration of the configuration on the neighboring interface.

5. Refer to the exhibit. Computer 1 sends a frame to computer 4. On which links along the path between computer 1 and computer 4 will a VLAN ID tag be included with the frame?
A
A, B
A, B, D, G
A, D, F
C, E
C, E, F

6. The network administrator wants to separate hosts in Building A into two VLANs numbered 20 and 30. Which two statements are true concerning VLAN configuration? (Choose two.)
The VLANs may be named.
VLAN information is saved in the startup configuration.
Non-default VLANs created manually must use the extended range VLAN numbers.
The network administrator may create the VLANs in either global configuration mode or VLAN database mode.
Both VLANs may be named BUILDING_A to distinguish them from other VLANs in different geographical locations.

7. Refer to the exhibit. Which two conclusions can be drawn regarding the switch that produced the output shown? (Choose two.)
The network administrator configured VLANs 1002-1005.
The VLANs are in the active state and are in the process of negotiating configuration parameters.
A FDDI trunk has been configured on this switch.
The command switchport access vlan 20 was entered in interface configuration mode for Fast Ethernet interface 0/1.
Devices attached to ports fa0/5 through fa0/8 cannot communicate with devices attached to ports fa0/9 through fa0/12 without the use of a Layer 3 device.

8. What happens to the member ports of a VLAN when the VLAN is deleted?
The ports cannot communicate with other ports.
The ports default back to the management VLAN.
The ports automatically become a part of VLAN1.
The ports remain a part of that VLAN until the switch is rebooted. They then become members of the management VLAN.

9. A network administrator is removing several VLANs from a switch. When the administrator enters the no vlan 1 command, an error is received. Why did this command generate an error?
VLAN 1 can never be deleted.
VLAN 1 can only be deleted by deleting the vlan.dat file.
VLAN 1 can not be deleted until all ports have been removed from it.
VLAN 1 can not be deleted until another VLAN has been assigned its responsibilities.

10. What is the effect of the switchport mode dynamic desirable command?
DTP cannot negotiate the trunk since the native VLAN is not the default VLAN.
The remote connected interface cannot negotiate a trunk unless it is also configured as dynamic desirable.
The connected devices dynamically determine when data for multiple VLANs must be transmitted across the link and bring the trunk up as needed.
A trunk link is formed if the remote connected device is configured with the switchport mode dynamic auto or switchport mode trunk commands.

11. Refer to the exhibit. The exhibited configurations do not allow the switches to form a trunk. What is the most likely cause of this problem?
Cisco switches only support the ISL trunking protocol.
The trunk cannot be negotiated with both ends set to auto.
By default, Switch1 will only allow VLAN 5 across the link.
A common native VLAN should have been configured on the switches.

12. Switch port fa0/1 was manually configured as a trunk, but now it will be used to connect a host to the network. How should the network administrator reconfigure switch port Fa0/1?
Disable DTP.
Delete any VLANs currently being trunked through port Fa0/1.
Administratively shut down and re-enable the interface to return it to default.
Enter the switchport mode access command in interface configuration mode.

13. Refer to the exhibit. Computer B is unable to communicate with computer D. What is the most likely cause of this problem?
The link between the switches is up but not trunked.
VLAN 3 is not an allowed VLAN to enter the trunk between the switches.
The router is not properly configured to route traffic between the VLANs.
Computer D does not have a proper address for the VLAN 3 address space.

14. Refer to the exhibit. The network administrator has just added VLAN 50 to Switch1 and Switch2 and assigned hosts on the IP addresses of the VLAN in the 10.1.50.0/24 subnet range. Computer A can communicate with computer B, but not with computer C or computer D. What is the most likely cause of this problem?
There is a native VLAN mismatch.
The link between Switch1 and Switch2 is up but not trunked.
The router is not properly configured for inter-VLAN routing.
VLAN 50 is not allowed to entering the trunk between Switch1 and Switch2.

15. Refer to the exhibit. Which statement is true concerning interface Fa0/5?
The default native VLAN is being used.
The trunking mode is set to auto.
Trunking can occur with non-Cisco switches.
VLAN information about the interface encapsulates the Ethernet frames.

16. What statements describe how hosts on VLANs communicate?
Hosts on different VLANs use VTP to negotiate a trunk.
Hosts on different VLANs communicate through routers.
Hosts on different VLANs should be in the same IP network.
Hosts on different VLANs examine VLAN ID in the frame tagging to determine if the frame for their network.

17. Refer to the exhibit. How far is a broadcast frame that is sent by computer A propagated in the LAN domain?
none of the computers will receive the broadcast frame
computer A, computer B, computer C
computer A, computer D, computer G
computer B, computer C
computer D, computer G
computer A, computer B, computer C, computer D, computer E, computer F, computer G, computer H, computer I

18. What is a valid consideration for planning VLAN traffic across multiple switches?
Configuring interswitch connections as trunks will cause all hosts on any VLAN to receive broadcasts from the other VLANs.
A trunk connection is affected by broadcast storms on any particular VLAN that is carried by that trunk.
Restricting trunk connections between switches to a single VLAN will improve efficiency of port usage.
Carrying all required VLANs on a single access port will ensure proper traffic separation.

19. Which two statements about the 802.1q trunking protocol are true? (Choose two.)
802.1q is Cisco proprietary.
802.1q frames are mapped to VLANs by MAC address.
If 802.1q is used on a frame, the FCS must be recalculated.
802.1q will not perform operations on frames that are forwarded out access ports.
802.1q allows the encapsulation of the original frame to identify the VLAN from which a frame originated.

20. What switch port modes will allow a switch to successfully form a trunking link if the neighboring switch port is in “dynamic desirable” mode?
dynamic desirable mode
on or dynamic desirable mode
on, auto, or dynamic desirable mode
on, auto, dynamic desirable, or nonegotiate mode

21. Refer to the exhibit. Company HR is adding PC4, a specialized application workstation, to a new company office. The company will add a switch, S3, connected via a trunk link to S2, another switch. For security reasons the new PC will reside in the HR VLAN, VLAN 10. The new office will use the 172.17.11.0/24 subnet. After installation, the existing PCs are unable to access shares on PC4. What is the likely cause?
The switch to switch connection must be configured as an access port to permit access to VLAN 10 on S3.
The new PC is on a different subnet so Fa0/2 on S3 must be configured as a trunk port.
PC4 must use the same subnet as the other HR VLAN PCs.
A single VLAN cannot span multiple switches.

22. What must the network administrator do to remove Fast Ethernet port fa0/1 from VLAN 2 and assign it to VLAN 3?
Enter the no vlan 2 and the vlan 3 commands in global configuration mode.
Enter the switchport access vlan 3 command in interface configuration mode.
Enter the switchport trunk native vlan 3 command in interface configuration mode.
Enter the no shutdown in interface configuration mode to return it to the default configuration and then configure the port for VLAN 3.

Managing the MAC Address Table

Managing the MAC Address Table

Switches use MAC address tables to determine how to forward traffic between ports. These MAC tables include dynamic and static addresses. The figure shows a sample MAC address table from the output of the show mac-address-table command that includes static and dynamic MAC addresses.

Note: The MAC address table was previously referred to as content addressable memory (CAM) or as the CAM table.

Dynamic addresses are source MAC addresses that the switch learns and then ages when they are not in use. You can change the aging time setting for MAC addresses. The default time is 300 seconds. Setting too short an aging time can cause addresses to be prematurely removed from the table. Then, when the switch receives a packet for an unknown destination, it floods the packet to all ports in the same LAN (or VLAN) as the receiving port. This unnecessary flooding can impact performance. Setting too long an aging time can cause the address table to be filled with unused addresses, which prevents new addresses from being learned. This can also cause flooding.

The switch provides dynamic addressing by learning the source MAC address of each frame that it receives on each port, and then adding the source MAC address and its associated port number to the MAC address table. As computers are added or removed from the network, the switch updates the MAC address table, adding new entries and aging out those that are currently not in use.

A network administrator can specifically assign static MAC addresses to certain ports. Static addresses are not aged out, and the switch always knows which port to send out traffic destined for that specific MAC address. As a result, there is no need to relearn or refresh which port the MAC address is connected to. One reason to implement static MAC addresses is to provide the network administrator complete control over access to the network. Only those devices that are known to the network administrator can connect to the network.

To create a static mapping in the MAC address table, use the mac-address-table static vlan {1-4096, ALL} interfaceinterface-id command.

To remove a static mapping in the MAC address table, use the no mac-address-table static vlan {1-4096, ALL} interfaceinterface-id command.

The maximum size of the MAC address table varies with different switches. For example, the Catalyst 2960 series switch can store up to 8,192 MAC addresses. There are other protocols that may limit the absolute number of MAC address available to a switch.