Chapter 2:
1. Which of the following devices performs transparent bridging?
a. Ethernet hub
b. Layer 2 switch
c. Layer 3 switch
d. Router
2. When a PC is connected to a Layer 2 switch port, how far does the
collision domain
spread?
a. No collision domain exists.
b. One switch port.
c. One VLAN.
d. All ports on the switch.
3. What information is used to forward frames in a Layer 2 switch?
a. Source MAC address
b. Destination MAC address
c. Source switch port
d. IP addresses
4. What does a switch do if a MAC address cannot be found in the CAM
table?
a. The frame is forwarded to the default port.
b. The switch generates an ARP request for the address.
c. The switch floods the
frame out all ports (except the receiving port).--
d. The switch drops the frame.
5. In the Catalyst 6500, frames can be filtered with access lists for
security and QoS
purposes. This filtering occurs according to which of the following?
a. Before a CAM table lookup
b. After a CAM table lookup
c. Simultaneously with a CAM
table lookup
d. According to how the access lists are configured-
6. Access list contents can be merged into which of the following?
a. CAM table
b. TCAM table
c. FIB table--
d. ARP table
7. Multilayer switches using CEF are based on which of these techniques?
a. Route caching -
b. Netflow switching
c. Topology-based switching
8. Which answer describes multilayer switching with CEF?
a. The first packet is routed and then the flow is cached.--
b. The switch supervisor CPU forwards each packet.
c. The switching hardware learns station addresses and builds a routing
database.
d. A single database of
routing information is built for the switching hardware.
9. In a switch, frames are placed in which buffer after forwarding decisions
are made?
a. Ingress queues
b. Egress queues
c. CAM table -
d. TCAM
10. What size are the mask and pattern fields in a TCAM entry?
a. 64 bits
b. 128 bits
c. 134 bits
d. 168 bits
11. Access list rules are compiled as TCAM entries. When a packet is
matched against an
access list, in what order are the TCAM entries evaluated?
a. Sequentially in the order of the original access list.--
b. Numerically by the access list number.
c. Alphabetically by the access list name.
d. All entries are evaluated
in parallel.
12. Which Catalyst IOS command can you use to display the addresses in
the CAM table?
a. show cam
b. show mac address-table --
c. show mac
d. show cam address-table
Chapter 3:
1. What does the IEEE 802.3 standard define?
a. Spanning Tree Protocol
b. Token Ring
c. Ethernet --
d. Switched Ethernet
2. At what layer are traditional 10-Mbps Ethernet, Fast Ethernet, and
Gigabit Ethernet
the same?
a. Layer 1
b. Layer 2==
c. Layer 3
d. Layer 4
3. At what layer are traditional 10-Mbps Ethernet, Fast Ethernet, and
Gigabit Ethernet
different?
a. Layer 1
b. Layer 2
c. Layer 3
d. Layer 4
4. What is the maximum cable distance for a Category 5 100BASE-TX
connection?
a. 100 feet
b. 100 m
c. 328 m
d. 500 m
5. Ethernet autonegotiation determines which of the following?
a. Spanning-tree mode
b. Duplex mode
c. Quality of service mode
d. Error threshold
6. Which of the following cannot be automatically determined and set if
the far end of
a connection doesn’t support autonegotiation?
a. Link speed
b. Link duplex mode-
c. Link media type
d. MAC address
7. Which of these is not a standard type of gigabit interface converter
(GBIC) or small
form factor pluggable (SFP) module?
a. 1000BASE-LX/LH
b. 1000BASE-T
c. 1000BASE-FX
d. 1000BASE-ZX
8. What type of cable should you use to connect two switches back to back
using their
Fast Ethernet 10/100 ports?
a. Rollover cable
b. Transfer cable
c. Crossover cable -
d. Straight-through cable
9. Assume that you have just entered the configure terminal command. To
configure
the speed of the first Fast Ethernet interface on Cisco Catalyst switch
module number
one to 100 Mbps, which one of these commands should you enter first?
a. speed 100 mbps
b. speed 100
c. interface fastethernet
1/0/1--
d. interface fast ethernet 1/0/1
10. If a switch port is in the errdisable state, what is the first thing
you should do?
a. Reload the switch.
b. Use the clear errdisable port command.
c. Use the shut and no shut interface-configuration commands.
d. Determine the cause of
the problem.-
11. Which of the following show interface output information can you use
to diagnose a
switch port problem?
a. Port state.
b. Port speed.
c. Input errors.
d. Collisions.
e. All these answers are
correct.
Chapter 4:
1. A VLAN is which of the following?
a. Collision domain
b. Spanning-tree domain
c. Broadcast domain--
d. VTP domain
2. Switches provide VLAN connectivity at which layer of the OSI model?
a. Layer 1
b. Layer 2-
c. Layer 3
d. Layer 4
3. Which one of the following is needed to pass data between two PCs,
each connected
to a different VLAN?
a. Layer 2 switch
b. Layer 3 switch
c. Trunk
d. Tunnel
4. Which Catalyst IOS switch command is used to assign a port to a VLAN?
a. access vlan vlan-id
b. switchport access vlan
vlan-id-
c. vlan vlan-id
d. set port vlan vlan-id
5. Which of the following is a standardized method of trunk
encapsulation?
a. 802.1d
b. 802.1Q--
c. 802.3z
d. 802.1a
6. What is the Cisco proprietary method for trunk encapsulation?
a. CDP
b. EIGRP
c. ISL--
d. DSL
7. Which of these protocols dynamically negotiates trunking parameters?
a. PAgP
b. STP
c. CDP
d. DTP--
8. How many different VLANs can an 802.1Q trunk support?
a. 256
b. 1024
c. 4096-
d. 32,768
e. 65,536
9. Which of the following incorrectly describes a native VLAN?
a. Frames are untagged on an 802.1Q trunk.
b. Frames are untagged on an ISL
trunk.--
c. Frames can be interpreted by a nontrunking host.
d. The native VLAN can be configured for each trunking port.
10. If two switches each support all types of trunk encapsulation on a
link between
them, which one will be negotiated?
a. ISL
b. 802.1Q-
c. DTP
d. VTP
11. Which VLANs are allowed on a trunk link by default?
a. None
b. Only the native VLAN--
c. All active VLANs
d. Only negotiated VLANs
12. Which command configures a switch port to form a trunk without using
negotiation?
a. switchport mode trunk--
b. switchport mode trunk nonegotiate
c. switchport mode dynamic auto
d. switchport mode dynamic desirable
13. Two hosts are connected to switch interfaces Fast Ethernet 0/1 and
0/33, but they
cannot communicate with each other. Their IP addresses are in the
192.168.10.0/24
subnet, which is carried over VLAN 10. The show vlan id 10 command
generates the
following output:
Switch# show vlan id 10
VLAN Name Status Ports
—— ———————————————— ————- ———————————————
-
Users active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16,
Fa0/17, Fa0/18, Fa0/19, Fa0/20,
Fa0/21, Fa0/22, Fa0/23, Fa0/25,
Fa0/26, Fa0/27, Fa0/28, Fa0/31,
Fa0/32, Fa0/34, Fa0/35, Fa0/36,
Fa0/37, Fa0/39, Fa0/40, Fa0/41,
Fa0/42, Fa0/43, Fa0/46
The hosts are known to be up and connected. Which of the following
reasons might
be causing the problem?
a. The two hosts are assigned to VLAN 1.
b. The two hosts are
assigned to different VLANs.
c. Interface
FastEthernet0/33 is a VLAN trunk.
d. The two hosts are using unregistered MAC addresses.
14. A trunk link between two switches did not come up as expected. The
configuration
on Switch A is as follows:
Switch A# show running-config interface gigabitethernet0/1
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-10
switchport mode dynamic auto
no shutdown
The interface configuration on Switch B is as follows:
Switch B# show running-config interface gigabitethernet0/1
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode dynamic auto
switchport access vlan 5
no shutdown
Which one of the following reasons is probably causing the problem?
a. The two switches don’t have matching switchport trunk allowed vlan
commands.
b. Neither switch has a
native VLAN configured.
c. Both switches are
configured in the dynamic auto mode.
d. Switch B is configured to use access VLAN 5.--
Chapter 5:
1. Which of the following is not a Catalyst switch VTP mode?
a. Server
b. Client
c. Designated-
d. Transparent
2. A switch in VTP transparent mode can do which one of the following?
a. Create a new VLAN
b. Only listen to VTP advertisements
c. Send its own VTP advertisements
d. Cannot make VLAN configuration changes
3. Which one of the following is a valid VTP advertisement?
a. Triggered update
b. VLAN database -
c. Subset
d. Domain
4. Which one of the following is needed for VTP communication?
a. A Management VLAN
b. A Trunk link -
c. An Access VLAN
d. An IP address
5. Which one of the following VTP modes does not allow any manual VLAN
configuration
changes?
a. Server
b. Client -
c. Designated
d. Transparent
6. Select all the parameters that decide whether to accept new VTP
information:
a. VTP priority
b. VTP domain name
c. Configuration revision
number -
d. VTP server name
7. How many VTP management domains can a Catalyst switch participate in?
a. 1=
b. 2
c. Unlimited
d. 4096
8. Which IOS command configures a Catalyst switch for VTP client mode?
a. set vtp mode client-
b. vtp client
c. vtp mode client
d. vtp client mode
9. What is the purpose of VTP pruning?
a. Limit the number of VLANs in a domain
b. Stop unnecessary VTP advertisements-
c. Limit the extent of
broadcast traffic
d. Limit the size of the virtual tree
10. Which VLAN number is never eligible for VTP pruning?
a. 0
b. 1-
c. 1000
d. 1001
11. Which of the following might present a VTP problem?
a. Two or more VTP servers in a domain-
b. Two servers with the same configuration revision number
c. A server in two domains
d. A new server with a
higher configuration revision number
12. If a VTP server is configured for VTP version 2, what else must happen
for successful
VTP communication in a domain?
a. A VTP version 2 password must be set.
b. All other switches in the
domain must be version 2 capable.-
c. All other switches must be configured for VTP version 2.
d. The VTP configuration revision number must be reset
Chapter 6:
1. If Fast Ethernet ports are bundled into an EtherChannel, what is the
maximum
throughput supported on a Catalyst switch?
a. 100 Mbps--
b. 200 Mbps
c. 400 Mbps
d. 800 Mbps
e. 1600 Mbps
2. Which of these methods distributes traffic over an EtherChannel?
a. Round robin-
b. Least-used link
c. A function of address
d. A function of packet size
3. What type of interface represents an EtherChannel as a whole?
a. Channel
b. Port
c. Port channel
d. Channel port -
4. Which of the following is not a valid method for EtherChannel load
balancing?
a. Source MAC address
b. Source and destination MAC addresses
c. Source IP address
d. IP precedence
e. UDP/TCP port
5. How can the EtherChannel load-balancing method be set?
a. Per switch port
b. Per EtherChannel
c. Globally per switch
d. Can’t be configured
6. What logical operation is performed to calculate EtherChannel load
balancing as a
function of two addresses?
a. OR
b. AND
c. XOR
d. NOR
7. Which one of the following is a valid combination of ports for an
EtherChannel?
a. Two access links (one
VLAN 5, one VLAN 5)
b. Two access links (one VLAN 1, one VLAN 10)
c. Two trunk links (one VLANs 1 to 10, one VLANs 1, 11 to 20)
d. Two Fast Ethernet links (both full duplex, one 10 Mbps)
8. Which of these is a method for negotiating an EtherChannel?
a. PAP
b. CHAP
c. LAPD
d. LACP
9. Which of the following is a valid EtherChannel negotiation mode
combination between
two switches?
a. PAgP auto, PAgP auto
b. PAgP auto, PAgP desirable
c. on, PAgP auto
d. LACP passive, LACP passive
10. When is PAgP’s “desirable silent” mode useful?
a. When the switch should not send PAgP frames
b. When the switch should not form an EtherChannel
c. When the switch should
not expect to receive PAgP frames
d. When the switch is using LACP mode
11. Which of the following EtherChannel modes does not send or receive
any negotiation
frames?
a. channel-group 1 mode passive
b. channel-group 1 mode active
c. channel-group 1 mode on
d. channel-group 1 mode desirable
e. channel-group 1 mode auto
12. Two computers are the only hosts sending IP data across an
EtherChannel between
two switches. Several different applications are being used between them.
Which of
these load-balancing methods would be more likely to use the most links
in the
EtherChannel?
a. Source and destination MAC addresses.
b. Source and destination IP addresses.
c. Source and destination TCP/UDP
ports.
d. None of the other answers is correct.
13. Which command can be used to see the status of an EtherChannel’s
links?
a. show channel link
b. show etherchannel status--
c. show etherchannel summary
d. show ether channel status
Chapter 7:
1. How is a bridging loop best described?
a. A loop formed between switches for redundancy-
b. A loop formed by the Spanning Tree Protocol
c. A loop formed between
switches where frames circulate endlessly
d. The round-trip path a frame takes from source to destination
2. Which of these is one of the parameters used to elect a root bridge?
a. Root path cost
b. Path cost
c. Bridge priority -
d. BPDU revision number
3. If all switches in a network are left at their default STP values,
which one of the following
is not true?
a. The root bridge will be the switch with the lowest MAC address.-
b. The root bridge will be
the switch with the highest MAC address.
c. One or more switches will have a bridge priority of 32,768.
d. A secondary root bridge will be present on the network.
4. Configuration BPDUs are originated by which of the following?
a. All switches in the STP domain
b. Only the root bridge
switch -
c. Only the switch that detects a topology change
d. Only the secondary root bridge when it takes over
5. Which of these is the single most important design decision to be made
in a network
running STP?
a. Removing any redundant links--
b. Making sure all switches run the same version of IEEE 802.1D
c. Root bridge placement
d. Making sure all switches have redundant links
6. What happens to a port that is neither a root port nor a designated
port?
a. It is available for normal use.
b. It can be used for load balancing.
c. It is put into the
Blocking state.--
d. It is disabled.
7. What is the maximum number of root ports that a Catalyst switch can
have?
a. 1--
b. 2
c. Unlimited
d. None
8. What mechanism is used to set STP timer values for all switches in a
network?
a. Configuring the timers on every switch in the network.
b. Configuring the timers on
the root bridge switch.--
c. Configuring the timers on both primary and secondary root bridge
switches.
d. The timers can’t be adjusted.
9. MAC addresses can be placed into the CAM table, but no data can be
sent or received
if a switch port is in which of the following STP states?
a. Blocking
b. Forwarding
c. Listening--
d. Learning
10. What is the default “hello” time for IEEE 802.1D?
a. 1 second
b. 2 seconds--
c. 30 seconds
d. 60 seconds
11. Which of the following is the Spanning Tree Protocol defined in the
IEEE 802.1Q
standard?
a. PVST--
b. CST
c. EST
d. MST
12. If a switch has 10 VLANs defined and active, how many instances of
STP will run using
PVST+ versus CST?
a. 1 for PVST+, 1 for CST
b. 1 for PVST+, 10 for CST
c. 10 for PVST+, 1 for CST
d. 10 for PVST+, 10 for CST
Chapter 8:
1. Where should the root bridge be placed on a network?
a. On the fastest switch --
b. Closest to the most users
c. Closest to the center of
the network
d. On the least-used switch
2. Which of the following is a result of a poorly placed root bridge in a
network?
a. Bridging loops form.
b. STP topology can’t be resolved.
c. STP topology can take
unexpected paths.
d. Root bridge election flapping occurs.--
3. Which of these parameters should you change to make a switch become a
root bridge?
a. Switch MAC address
b. Path cost
c. Port priority
d. Bridge priority--
4. What is the default 802.1D STP bridge priority on a Catalyst switch?
a. 0
b. 1
c. 32,768-
d. 65,535
5. Which of the following commands is most likely to make a switch become
the root
bridge for VLAN 5, assuming that all switches have the default STP
parameters?
a. spanning-tree root
b. spanning-tree root vlan 5 -
c. spanning-tree vlan 5
priority 100
d. spanning-tree vlan 5 root
6. What is the default path cost of a Gigabit Ethernet switch port?
a. 1
b. 2
c. 4
d. 19 -
e. 1000
7. What command can change the path cost of interface Gigabit Ethernet
3/1 to a
value of 8?
a. spanning-tree path-cost 8
b. spanning-tree cost 8 -
c. spanning-tree port-cost 8
d. spanning-tree gig 3/1 cost 8
8. What happens if the root bridge switch and another switch are
configured with different
STP Hello timer values?
a. Nothing—each sends hellos at different times.--
b. A bridging loop could form because the two switches are out of sync.
c. The switch with the lower Hello timer becomes the root bridge.
d. The other switch changes
its Hello timer to match the root bridge
9. What network diameter value is the basis for the default STP timer
calculations?
a. 1
b. 3
c. 7
d. 9
e. 15
10. Where should the STP PortFast feature be used?
a. An access-layer switch
port connected to a PC-
b. An access-layer switch port connected to a hub
c. A distribution-layer switch port connected to an access layer switch
d. A core-layer switch port
11. Where should the STP UplinkFast feature be enabled?
a. An access-layer switch.--
b. A distribution-layer switch.
c. A core-layer switch.
d. All these answers are correct.
12. If used, the STP BackboneFast feature should be enabled on which of
these?
a. All backbone- or core-layer switches
b. All backbone- and distribution-layer switches
c. All access-layer switches-
d. All switches in the
network
13. Which one of the following commands can be used to verify the current
root bridge
in VLAN 10?
a. show root vlan 10
b. show root-bridge vlan 10
c. show spanning-tree vlan
10 root
d. show running-config --
Chapter 9:
1. Why is it important to protect the placement of the root bridge?
a. To keep two root bridges from becoming active
b. To keep the STP topology
stable--
c. So all hosts have the correct gateway
d. So the root bridge can have complete knowledge of the STP topology
2. Which of the following features protects a switch port from accepting
superior BPDUs?
a. STP Loop Guard
b. STP BPDU Guard--
c. STP Root Guard
d. UDLD
3. Which of the following commands can you use to enable STP Root Guard
on a
switch port?
a. spanning-tree root guard
b. spanning-tree root-guard
c. spanning-tree guard root
d. spanning-tree rootguard enable--
4. Where should the STP Root Guard feature be enabled on a switch?
a. All ports
b. Only ports where the root
bridge should never appear
c. Only ports where the root bridge should be located-
d. Only ports with PortFast enabled
5. Which of the following features protects a switch port from accepting
BPDUs when
PortFast is enabled?
a. STP Loop Guard
b. STP BPDU Guard-
c. STP Root Guard
d. UDLD
6. To maintain a loop-free STP topology, which one of the following
should a switch uplink
be protected against?
a. A sudden loss of BPDUs
b. Too many BPDUs
c. The wrong version of BPDUs
d. BPDUs relayed from the root bridge
7. Which of the following commands can enable STP Loop Guard on a switch
port?
a. spanning-tree loop guard-
b. spanning-tree guard loop
c. spanning-tree loop-guard
d. spanning-tree loopguard enable
8. STP Loop Guard detects which of the following conditions?
a. The sudden appearance of superior BPDUs
b. The sudden lack of BPDUs
c. The appearance of duplicate BPDUs-
d. The appearance of two root bridges
9. Which of the following features can actively test for the loss of the
receive side of a
link between switches?
a. POST
b. BPDU
c. UDLD
d. STP
10. UDLD must detect a unidirectional link before which of the following?
a. The Max Age timer expires.
b. STP moves the link to the Blocking state.
c. STP moves the link to the
Forwarding state.
d. STP moves the link to the Listening state.
11. What must a switch do when it receives a UDLD message on a link?
a. Relay the message on to other switches
b. Send a UDLD acknowledgment
c. Echo the message back
across the link
d. Drop the message
12. Which of the following features effectively disables spanning-tree
operation on a
switch port?
a. STP PortFast
b. STP BPDU filtering
c. STP BPDU Guard-
d. STP Root Guard
13. To reset switch ports that have been put into the errdisable mode by
UDLD, which
one of the following commands should be used?
a. clear errdisable udld-
b. udld reset
c. no udld
d. show udld errdisable
Chapter 10:
1. Which one of the following commands enables the use of RSTP?
a. spanning-tree mode
rapid-pvst--
b. no spanning-tree mode pvst
c. spanning-tree rstp
d. spanning-tree mode rstp
e. None. RSTP is enabled by default.
2. On which standard is RSTP based?
a. 802.1Q
b. 802.1D
c. 802.1w--
d. 802.1s
3. Which of the following is not a port state in RSTP?
a. Listening-
b. Learning
c. Discarding
d. Forwarding
4. When a switch running RSTP receives an 802.1D BPDU, what happens?
a. The BPDU is discarded or dropped.
b. An ICMP message is returned.
c. The switch begins to use
802.1D rules on that port.--
d. The switch disables RSTP.
5. When does an RSTP switch consider a neighbor to be down?
a. After three BPDUs are
missed--
b. After six BPDUs are missed
c. After the Max Age timer expires
d. After the Forward timer expires
6. Which process is used during RSTP convergence?
a. BPDU propagation --
b. Synchronization
c. Forward timer expiration
d. BPDU
7. What causes RSTP to view a port as a point-to-point port?
a. Port speed
b. Port media-
c. Port duplex
d. Port priority
8. Which of the following events triggers a topology change with RSTP on
a nonedge
port?
a. A port comes up or goes down.--
b. A port comes up.
c. A port goes down.
d. A port moves to the
Forwarding state.
9. Which of the following is not a characteristic of MST?
a. A reduced number of STP instances
b. Fast STP convergence
c. Eliminated need for CST
d. Interoperability with PVST+
10. Which of the following standards defines the MST protocol?
a. 802.1Q
b. 802.1D
c. 802.1w
d. 802.1s
11. How many instances of STP are supported in the Cisco implementation
of MST?
a. 1
b. 16
c. 256
d. 4096
12. What switch command can be used to change from PVST+ to MST?
a. spanning-tree mst enable
b. no spanning-tree pvst+
c. spanning-tree mode mst
d. spanning-tree mst
Chapter 11:
1. Which of the following arrangements can be considered interVLAN
routing?
a. One switch, two VLANs, one connection to a router.--
b. One switch, two VLANs, two connections to a router.
c. Two switches, two VLANs, two connections to a router.
d. All of these answers are
correct.
2. How many interfaces are needed in a “router on a stick” implementation
for inter-
VLAN routing among four VLANs?
a. 1 --
b. 2
c. 4
d. Cannot be determined
3. Which of the following commands configures a switch port for Layer 2
operation?
a. switchport--
b. no switchport
c. ip address 192.168.199.1 255.255.255.0
d. no ip address
4. Which of the following commands configures a switch port for Layer 3
operation?
a. switchport
b. no switchport
c. ip address 192.168.199.1 255.255.255.0--
d. no ip address
5. Which one of the following interfaces is an SVI?
a. interface fastethernet 0/1
b. interface gigabit 0/1
c. interface vlan 1
d. interface svi 1--
6. What information must be learned before CEF can forward packets?
a. The source and destination of the first packet in a traffic flow
b. The MAC addresses of both the source and destination
c. The contents of the
routing table--
d. The outbound port of the first packet in a flow
7. Which of the following best defines an adjacency?
a. Two switches connected by a common link.
b. Two contiguous routes in the FIB.--
c. Two multilayer switches
connected by a common link.
d. The MAC address of a host is known.
8. Assume that CEF is active on a switch. What happens to a packet that
arrives needing
fragmentation?
a. The packet is switched by CEF and kept intact.
b. The packet is fragmented by CEF.-
c. The packet is dropped.
d. The packet is sent to the
Layer 3 engine.
9. Suppose that a host sends a packet to a destination IP address and
that the CEFbased
switch does not yet have a valid MAC address for the destination. How is
the
ARP entry (MAC address) of the next-hop destination in the FIB obtained?
a. The sending host must send an ARP request for it.--
b. The Layer 3 forwarding engine (CEF hardware) must send an ARP request
for it.
c. CEF must wait until the
Layer 3 engine sends an ARP request for it.
d. All packets to the destination are dropped.
10. During a packet rewrite, what happens to the source MAC address?
a. There is no change.
b. It is changed to the destination MAC address.-
c. It is changed to the MAC
address of the outbound Layer 3 switch interface.
d. It is changed to the MAC address of the next-hop destination.
11. What command can you use to view the CEF FIB table contents?
a. show fib
b. show ip cef fib
c. show ip cef--
d. show fib-table
12. Which one of the following answers represents configuration commands
needed to
implement a DHCP relay function?
a. interface vlan 5
ip address 10.1.1.1 255.255.255.0
ip helper-address 10.1.1.10
b. interface vlan 5
ip address 10.1.1.1 255.255.255.0
ip dhcp-relay
c. ip dhcp pool staff
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
exit
d. hostname Switch
ip helper-address 10.1.1.10
Chapter 12:
1. Where does a collision domain exist in a switched network?
a. On a single switch port
b. Across all switch ports-
c. On a single VLAN
d. Across all VLANs
2. Where does a broadcast domain exist in a switched network?
a. On a single switch port
b. Across all switch ports
c. On a single VLAN-
d. Across all VLANs
3. What is a VLAN primarily used for?
a. To segment a collision domain
b. To segment a broadcast domain--
c. To segment an autonomous system
d. To segment a spanning-tree domain
4. How many layers are recommended in the hierarchical campus network
design model?
a. 1
b. 2
c. 3-
d. 4
e. 7
5. What is the purpose of breaking a campus network into a hierarchical
design?
a. To facilitate documentation
b. To follow political or organizational policies
c. To make the network
predictable and scalable
d. To make the network more redundant and secure--
6. End-user PCs should be connected into which of the following
hierarchical layers?
a. Distribution layer
b. Common layer
c. Access layer--
d. Core layer
7. In which OSI layer should devices in the distribution layer typically
operate?
a. Layer 1
b. Layer 2-
c. Layer 3
d. Layer 4
8. A hierarchical network’s distribution layer aggregates which of the
following?
a. Core switches
b. Broadcast domains
c. Routing updates
d. Access-layer switches
9. In the core layer of a hierarchical network, which of the following
are aggregated?
a. Routing tables--
b. Packet filters
c. Distribution switches
d. Access-layer switches
10. In a properly designed hierarchical network, a broadcast from one PC
is confined
to what?
a. One access-layer switch port
b. One access-layer switch
c. One switch block-
d. The entire campus network
11. Which one or more of the following are the components of a typical
switch block?
a. Access-layer switches
b. Distribution-layer
switches
c. Core-layer switches
d. E-commerce servers
e. Service provider switches-
12. What are two types of core, or backbone, designs?
a. Collapsed core
b. Loop-free core
c. Dual core
d. Layered core
13. What is the maximum number of access-layer switches that can connect
into a single
distribution-layer switch?
a. 1
b. 2
c. Limited only by the number of ports on the access-layer switch-
d. Limited only by the
number of ports on the distribution-layer switch
e. Unlimited
14. A switch block should be sized according to which two of the
following parameters?
a. The number of
access-layer users
b. A maximum of 250 access-layer users
c. A study of the traffic
patterns and flows
d. The amount of rack space available
15. What evidence can be seen when a switch block is too large? (Choose
all that apply.)
a. IP address space is exhausted.
b. You run out of access-layer switch ports.
c. Broadcast traffic becomes
excessive.
d. Traffic is throttled at
the distribution-layer switches.
e. Network congestion occurs.
16. How many distribution switches should be built into each switch
block?
a. 1
b. 2
c. 4
d. 8
17. What are the most important aspects to consider when designing the
core layer in a
large network? (Choose all that apply.)
a. Low cost
b. Switches that can
efficiently forward traffic, even when every uplink is at
100 percent capacity
c. High port density of
high-speed ports
d. A low number of Layer 3 routing peers
e. The number of servers accessed by users
Chapter 13:
1. Which one of the following do multilayer switches share when running
HSRP?
a. Routing tables
b. ARP cache
c. CAM table--
d. IP address
2. What HSRP group uses the MAC address 0000.0c07.ac11?
a. Group 0
b. Group 7
c. Group 11
d. Group 17
3. Two routers are configured for an HSRP group. One router uses the
default HSRP priority.
What priority should be assigned to the other router to make it more
likely to
be the active router?
a. 1
b. 100
c. 200
d. 500
4. How many routers are in the Standby state in an HSRP group?
a. 0
b. 1
c. 2
d. All but the active router
5. A multilayer switch is configured as follows:
interface fastethernet 1/1
no switchport
ip address 192.168.199.3 255.255.255.0
standby 1 ip 192.168.199.2
Which IP address should a client PC use as its default gateway?
a. 192.168.199.1
b. 192.168.199.2
c. 192.168.199.3
d. Any of these
6. Which one of the following is based on an IETF RFC standard?
a. HSRP
b. VRRP
c. GLBP
d. STP
7. What VRRP group uses the virtual MAC address 0000.5e00.01ff?
a. Group 0
b. Group 1
c. Group 255
d. Group 94
8. Which one of the following protocols is the best choice for load
balancing redundant
gateways?
a. HSRP
b. VRRP
c. GLBP
d. GVRP
9. Which one of the following GLBP functions answers ARP requests?
a. AVF
b. VARP
c. AVG
d. MVR
10. By default, which of the following virtual MAC addresses will be sent
to the next
client that looks for the GLBP virtual gateway?
a. The GLBP interface’s MAC address
b. The next virtual MAC
address in the sequence
c. The virtual MAC address of the least-used router
d. 0000.0c07.ac00
11. Which one of these features is used to reduce the amount of time
needed to rebuild
the routing information after a supervisor module failure?
a. NFS
b. NSF
c. RPR+
d. SSO
12. Which one of the following features provides the fastest failover for
supervisor or
route processor redundancy?
a. SSL
b. SSO
c. RPR+
Chapter 14:
1. For a Catalyst switch to offer Power over Ethernet to a device, what
must occur?
a. Nothing; power always is enabled on a port.
b. The switch must detect
that the device needs inline power.
c. The device must send a CDP message asking for power.
d. The switch is configured to turn on power to the port.
2. Which one of these commands can enable Power over Ethernet to a switch
interface?
a. inline power enable
b. inline power on
c. power inline on
d. power inline auto
3. What does a Cisco IP Phone contain to allow it to pass both voice and
data packets?
a. An internal Ethernet hub
b. An internal two-port switch
c. An internal three-port
switch
d. An internal four-port switch
4. How can voice traffic be kept separate from any other data traffic
through an IP Phone?
a. Voice and data travel over separate links.
b. A special-case 802.1Q
trunk is used to connect to the switch.
c. Voice and data can’t be separated; they must intermingle on the link.
d. Voice and data packets both are encapsulated over an ISL trunk.
5. What command configures an IP Phone to use VLAN 9 for voice traffic?
a. switchport voice vlan 9
b. switchport voice-vlan 9
c. switchport voice 9
d. switchport voip 9
6. What is the default voice VLAN condition for a switch port?
a. switchport voice vlan 1
b. switchport voice vlan dot1p
c. switchport voice vlan untagged
d. switchport voice vlan
none
7. If the following interface configuration commands have been used, what
VLAN numbers
will the voice and PC data be carried over, respectively?
interface gigabitethernet1/0/1
switchport access vlan 10
switchport trunk native vlan 20
switchport voice vlan 50
switchport mode access
a. VLAN 50, VLAN 20
b. VLAN 50, VLAN 1
c. VLAN 1, VLAN 50
d. VLAN 20, VLAN 50
e. VLAN 50, VLAN 10
8. What command can verify the voice VLAN used by a Cisco IP Phone?
a. show cdp neighbor
b. show interface switchport
c. show vlan
d. show trunk
9. When a PC is connected to the PC switch port on an IP Phone, how is
QoS trust
handled?
a. The IP Phone always trusts the class of service (CoS) information
coming
from the PC.
b. The IP Phone never trusts the PC and always overwrites the CoS bits.
c. QoS trust for the PC data is handled at the Catalyst switch port, not
the
IP Phone.
d. The Catalyst switch
instructs the IP Phone how to trust the PC QoS information.
10. An IP Phone should mark all incoming traffic from an attached PC to
have CoS 1.
Complete the following switch command to make that happen:
switchport priority extend __________
a. untrusted
b. 1
c. cos 1
d. overwrite 1
11. What command can verify the Power over Ethernet status of each switch
port?
a. show inline power
b. show power inline
c. show interface
d. show running-config
12. Which DSCP codepoint name usually is used for time-critical packets
containing
voice data?
a. 7
b. Critical
c. AF
d. EF
Chapter 15:
1. Which one of the following standard sets is used in wireless LANs?
a. IEEE 802.1
b. IEEE 802.3
c. IEEE 802.5
d. IEEE 802.11-
2. Which one of the following methods is used to minimize collisions in a
wireless LAN?
a. CSMA/CD-
b. CSMA/CA
c. LWAPP
d. LACP
3. A wireless scenario is made up of five wireless clients and two APs
connected by a
switch. Which one of the following correctly describes the wireless
network?
a. BSS
b. ESS
c. IBSS
d. CBS
4. If a wireless access point is connected to a switch by a trunk port,
which one of the
following is mapped to a VLAN?
a. Channel
b. Frequency
c. BSS
d. SSID
5. Which of the following terms represents a Cisco wireless access point
that cannot operate
independently?
a. Autonomous AP
b. Roaming AP
c. Lightweight AP
d. Dependent AP
6. Suppose that an autonomous AP is used to support wireless clients.
Which one of the
following answers lists the devices that traffic must take when passing
from one wireless
client to another?
a. Through the AP only.
b. Through the AP and its controller.
c. Through the controller only.
d. None of these answers is correct; traffic can go directly over the
air.
7. Suppose that a lightweight AP is used to support wireless clients.
Which one of the
following answers lists the device path that traffic must take when
passing from one
wireless client to another?
a. Through the AP only.
b. Through the AP and its
controller.
c. Through the controller only.
d. None of these answers is correct.
8. A lightweight access point is said to have which one of the following
architectures?
a. Proxy MAC
b. Tunnel MAC
c. Split-MAC
d. Fat MAC
9. How does a lightweight access point communicate with a wireless LAN
controller?
a. Through an IPsec tunnel
b. Through an LWAPP or
CAPWAP tunnel
c. Through a GRE tunnel
d. Directly over Layer 2
10. Which one of the following types of traffic is sent securely over an
LWAPP tunnel?
a. Control messages
b. User data
c. DHCP requests
d. 802.11 beacons
11. Which one of the following must be consistent for a wireless client
to roam between
lightweight APs that are managed by the same WLC?
a. SSID
b. Mobility group
c. VLAN ID
d. AP management VLAN
12. Which one of the following must be consistent for a wireless client
to roam between
lightweight APs that are managed by two different WLCs?
a. VLAN ID
b. SSID
c. AP management VLAN
d. Mobility group
13. Which one of the following locations is appropriate for an LAP?
a. Access-layer switch port
b. Distribution-layer switch port
c. Core-layer switch port
d. Data center switch port
14. Which one of the following locations is appropriate for a WLC?
a. Access-layer switch port
b. Distribution-layer switch
port
c. Core-layer switch port
d. Data center switch port
15. Which one of the following is the correct switch configuration for a
port connected
to an LAP?
a. switchport mode trunk
b. switchport mode lap
c. switchport mode access
d. switchport mode transparent
16. Suppose an LAP/WLC combination is used to provide connectivity from
SSID “staff’’
to VLAN 17. Which one of the following is the correct extent for the
VLAN?
a. VLAN 17 exists on the LAP only.
b. VLAN 17 extends from the LAP to the access switch only.
c. VLAN 17 extends from the LAP to the WLC.
d. VLAN 17 extends from the
LAP to the access switch and from the distribution
switch to the WLC.
Chapter 16:
1. Which switch feature can grant access through a port only if the host
with MAC address
0005.0004.0003 is connected?
a. SPAN
b. MAC address ACL
c. Port security
d. Port-based authentication
2. Port security is being used to control access to a switch port.Which
one of these commands
will put the port into the errdisable state if an unauthorized station
connects?
a. switchport port-security violation protect
b. switchport port-security violation restrict
c. switchport port-security violation errdisable
d. switchport port-security
violation shutdown
3. If port security is left to its default configuration, how many
different MAC addresses
can be learned at one time on a switch port?
a. 0
b. 1
c. 16
d. 256
4. The following commands are configured on a Catalyst switch port. What
happens
when the host with MAC address 0001.0002.0003 tries to connect?
switchport port-security
switchport port-security maximum 3
switchport port-security mac-address 0002.0002.0002
switchport port-security violation shutdown
a. The port shuts down.
b. The host is allowed to
connect.
c. The host is denied a connection.
d. The host can connect only when 0002.0002.0002 is not connected.
5. What protocol is used for port-based authentication?
a. 802.1D
b. 802.1Q
c. 802.1x
d. 802.1w
6. When 802.1x is used for a switch port, where must it be configured?
a. Switch port and client PC
b. Switch port only
c. Client PC only
d. Switch port and a RADIUS server
7. When port-based authentication is enabled globally, what is the
default behavior for
all switch ports?
a. Authenticate users before enabling the port.
b. Allow all connections
without authentication.
c. Do not allow any connections.
d. There is no default behavior.
8. When port-based authentication is enabled, what method is available
for a user to
authenticate?
a. Web browser
b. Telnet session
c. 802.1x client
d. DHCP
9. The users in a department are using a variety of host platforms, some
old and some
new. All of them have been approved with a user ID in a RADIUS server
database.
Which one of these features should be used to restrict access to the
switch ports in
the building?
a. AAA authentication
b. AAA authorization
c. Port security
d. Port-based authentication
10. With DHCP snooping, an untrusted port filters out which one of the
following?
a. DHCP replies from legitimate DHCP servers
b. DHCP replies from rogue
DHCP servers
c. DHCP requests from legitimate clients
d. DHCP requests from rogue clients
11. Which two of the following methods does a switch use to detect
spoofed addresses
when IP Source Guard is enabled?
a. ARP entries
b. DHCP database
c. DHCP snooping database
d. Static IP source binding
entries
e. Reverse path-forwarding entries
12. Which one of the following should be configured as a trusted port for
dynamic ARP
inspection?
a. The port where the ARP server is located.
b. The port where an end-user host is located.
c. The port where another
switch is located.
d. None; all ports are untrusted.
13. Which two of the following methods should you use to secure inbound
CLI sessions
to a switch?
a. Disable all inbound CLI connections.
b. Use SSH only.
c. Use Telnet only.
d. Apply an access list to
the vty lines.
14. Suppose you need to disable CDP advertisements on a switch port so
that untrusted
devices cannot learn anything about your switch. Which one of the
following interface
configuration commands should be used?
a. cdp disable
b. no cdp
c. no cdp enable
d. no cdp trust
Chapter 17:
1. Which one of the following can filter packets even if they are not
routed to another
Layer 3 interface?
a. IP extended access lists
b. MAC address access lists
c. VLAN access lists
d. Port-based access lists
2. In what part of a Catalyst switch are VLAN ACLs implemented?
a. NVRAM
b. CAM
c. RAM
d. TCAM
3. Which one of the following commands can implement a VLAN ACL called
test?
a. access-list vlan test
b. vacl test
c. switchport vacl test
d. vlan access-map test
4. After a VACL is configured, where is it applied?
a. Globally on a VLAN
b. On the VLAN interface
c. In the VLAN configuration
d. On all ports or interfaces mapped to a VLAN
5. Which of the following private VLANs is the most restrictive?
a. Community VLAN
b. Isolated VLAN
c. Restricted VLAN
d. Promiscuous VLAN
6. The vlan 100 command has just been entered. What is the next command
needed to
configure VLAN 100 as a secondary isolated VLAN?
a. private-vlan isolated
b. private-vlan isolated 100
c. pvlan secondary isolated
d. No further configuration necessary
7. What type of port configuration should you use for private VLAN
interfaces that
connect to a router?
a. Host
b. Gateway
c. Promiscuous
d. Transparent
8. Promiscuous ports must be ______________ to primary and secondary
VLANs, and
host ports must be ________________.
a. Mapped, associated
b. Mapped, mapped
c. Associated, mapped
d. Associated, associated
9. In a switch spoofing attack, an attacker makes use of which one of the
following?
a. The switch management IP address
b. CDP message exchanges
c. Spanning Tree Protocol
d. DTP to negotiate a trunk
10. Which one of the following commands can be used to prevent a switch
spoofing attack
on an end-user port?
a. switchport mode access
b. switchport mode trunk
c. no switchport spoof
d. spanning-tree spoof-guard
11. Which one of the following represents the spoofed information an
attacker sends in a
VLAN hopping attack?
a. 802.1Q tags
b. DTP information
c. VTP information
d. 802.1x information
12. Which one of the following methods can be used to prevent a VLAN
hopping attack?
a. Use VTP throughout the network.
b. Set the native VLAN to the user access VLAN.
c. Prune the native VLAN off
a trunk link.
d. Avoid using EtherChannel link bundling.
GLOSSARY:
20/80 rule
Network
traffic pattern where 20 percent of traffic stays in a local area,
while 80 percent travels to or from a
remote resource.
802.1Q A method
of passing frames and their VLAN associations over a trunk link,
based on the IEEE 802.1Q standard.
access
layer The layer of the network where end users are connected.
active
virtual forwarder (AVF) A GLBP router that takes on a virtual MAC
address
and forwards traffic received on that
address.
active
virtual gateway (AVG) The GLBP router that answers all ARP requests
for the
virtual router address and assigns
virtual MAC addresses to each router in the GLBP
group.
adjacency
table A table used by CEF to collect the MAC addresses of nodes that can
be reached in a single Layer 2 hop.
alternate
port In RSTP, a port other than the root port that has an alternative
path to
the root bridge.
ARP
poisoning Also known as ARP spoofing. An attack whereby an attacker sends
specially crafted ARP replies so that
its own MAC address appears as the gateway or
some other targeted host. From that
time on, unsuspecting clients unknowingly send
traffic to the attacker.
Auto-QoS An
automated method to configure complex QoS parameters with a simple
IOS macro command.
autonegotiation
A
mechanism used by a device and a switch port to automatically
negotiate the link speed and duplex
mode.
autonomous
mode AP An access point that operates in a standalone mode, such that
it is autonomous and can offer a
functioning WLAN cell itself.
BackboneFast
An
STP feature that can detect an indirect link failure and shorten the
STP convergence time to 30 seconds by
bypassing the Max Age timeout period.
backup port In RSTP, a port that provides a
redundant (but less desirable
best
effort delivery Packets are forwarded in the order in which
they are received,
regardless of any policy or the packet
contents.
BPDU Bridge
protocol data unit; the data message exchanged by switches participating
in the Spanning Tree Protocol.
BPDU
filtering Prevents BPDUs from being sent or processed on a switch port.
BPDU Guard
An
STP feature that disables a switch port if any BPDU is received there.
bridging
loop A condition where Ethernet frames are forwarded endlessly around a
Layer 2 loop formed between switches.
broadcast
domain The extent of a network where a single broadcast frame or packet
will be seen.
CAM Content-addressable
memory; the high-performance table used by a switch to
correlate MAC addresses with the
switch interfaces where they can be found.
CEF Cisco
Express Forwarding; an efficient topology-based system for forwarding IP
packets.
collapsed
core A network design where the core and distribution layers are
collapsed
or combined into a single layer of
switches.
collision
domain The extent within a network that an Ethernet collision will be
noticed
or experienced.
Common
Spanning Tree (CST) A single instance of STP defined in the IEEE
802.1Q
standard.
community
VLAN A type of secondary private VLAN; switch ports associated with a
community VLAN can communicate with
each other.
Control
and Provisioning Wireless Access Point (CAPWAP) A
standards-based
tunneling protocol used to transport
control messages and data packets between a WLC
and an LAP. CAPWAP is defined in RFC
4118.
core layer
The
“backbone” layer of the network where all distribution layer switches
are aggregated.
CoS
marking A method of marking frames with a QoS value as they cross a trunk
link
between two switches.
CSMA/CA Carrier
sense multiple access collision avoidance. The mechanism used in
802.11 WLANs by which clients attempt
to avoid collisions.
CSMA/CD Carrier
sense multiple access collision detect. A mechanism used on
Ethernet networks to detect collisions
and cause transmitting devices to back off for a
random time.
delay The amount
of time required for a packet to be forwarded across a network.
designated
port One nonroot port selected on a network segment, such that only one
switch forwards traffic to and from that
segment.
DHCP Dynamic
Host Configuration Protocol; a protocol used to negotiate IP address
assignment between a client and a
server. The client and server must reside on the same
VLAN.
DHCP relay
A
multilayer switch that intercepts and relays DHCP negotiation messages
between a client and a DHCP server,
even if they exist on different VLANs.
DHCP
snooping A security feature that enables a switch to intercept all DHCP
requests coming from untrusted switch
ports before they are flooded to unsuspecting
users.
differentiated
services (DiffServ) model Packet forwarding is handled according to
local QoS policies on a per-device or
per-hop basis.
discarding
state In RSTP, incoming frames are dropped and no MAC addresses are
learned.
distribution
layer The layer of the network where access layer switches are
aggregated
and routing is performed.
DTP Dynamic
Trunking Protocol; a Cisco-proprietary method of negotiating a trunk
link between two switches.
dual core A network
design that has a distinct core layer made up of a redundant pair
of switches.
duplex
mismatch A condition where the devices on each end of a link use
conflicting
duplex modes.
duplex
mode The Ethernet mode that governs how devices can transmit over a
connection—
half-duplex mode forces only one
device to transmit at a time, as all devices
share the same media; full-duplex mode
is used when only two devices share the media,
such that both devices can transmit
simultaneously.
Dynamic
ARP Inspection (DAI) A security feature that can mitigate ARP-based
attacks. ARP replies received on
untrusted switch ports are checked against known, good
values contained in the DHCP snooping
database.
edge port In RSTP, a
port at the “edge” of the network, where only a single host connects.
end-to-end
VLAN A single VLAN that spans the entire switched network, from one
end to the other.
EtherChannel
A
logical link made up of bundled or aggregated physical links.
expedited
forwarding (EF) The DSCP value used to mark time-critical
packets for
premium QoS handling. EF is usually
reserved for voice bearer traffic.
FIB Forwarding
Information Base; a CEF database that contains the current routing
table.
flooding An Ethernet frame is replicated and
sent out every available switch port.
forward
delay The time interval that a switch spends in the Listening and
Learning
states; default 15 seconds.
hello time
The
time interval between configuration BPDUs sent by the root bridge;
defaults to 2 seconds.
hierarchical
network design A campus network that is usually organized into an
access layer, a distribution layer,
and a core layer.
host port A switch
port mapped to a private VLAN such that a connected device can
communicate with only a promiscuous
port or ports within the same community VLAN.
HSRP
active router The router in an HSRP group that forwards traffic sent to the
virtual
gateway IP and MAC address.
HSRP
standby router A router in an HSRP group that waits until the active router
fails before taking over that role.
Hybrid
Remote Edge Access Point (HREAP) A special mode where an LAP at a
remote site can take on
characteristics of a lightweight AP, as long as the LAP can reach
the WLC, or an autonomous AP, when the
WLC is unreachable.
IEEE
802.1x The standard that defines port-based authentication between a
network
device and a client device.
IEEE 802.3
The
standard upon which all generations of Ethernet (Ethernet, Fast
Ethernet, Gigabit Ethernet, 10 Gigabit
Ethernet) are based.
InterVLAN
routing The function performed by a Layer 3 device that connects and
forwards
packets between multiple VLANs.
ISL Inter-Switch
Link; a Cisco-proprietary method of tagging frames passing over a
trunk link.
isolated
VLAN A type of secondary private VLAN; switch ports associated with an
isolated VLAN are effectively isolated
from each other.
IST
instance Internal spanning-tree instance; used by MST to represent an
entire
region as a single virtual bridge to a
common spanning tree.
jitter The
variation in packet delivery delay times.
LACP Link
Aggregation Control Protocol; a standards-based method for negotiating
EtherChannels automatically.
Layer 2
roaming Movement of a WLAN client from one AP to another, while keeping
its same IP address.
Layer 3
roaming Movement of a WLAN client from one AP to another, where the
APs are located across IP subnet
boundaries.
lightweight
access point (LAP) An access point that runs a lightweight code
image
that performs real-time 802.11
operations. An LAP cannot offer a fully functioning
WLAN cell by itself; instead, it must coexist
with a wireless LAN controller.
Lightweight
Access Point Protocol (LWAPP) The tunneling protocol developed by
Cisco that is used to transport
control messages and data packets between a WLC and an
LAP.
local VLAN
A
single VLAN that is bounded by a small area of the network, situated
locally with a group of member
devices.
Loop Guard
An
STP feature that disables a switch port if expected BPDUs suddenly
go missing.
max age
time The time interval that a switch stores a BPDU before discarding it
or
aging it out; the default is 20
seconds.
MST Multiple
Spanning-Tree protocol, used to map one or more VLANs to a single
STP instance, reducing the total
number of STP instances.
MST
instance (MSTI) A single instance of STP running within an MST
region; multiple
VLANs can be mapped to the MST
instance.
MST region
A
group of switches running compatible MST configurations.
native
VLAN On an 802.1Q trunk link, frames associated with the native VLAN
are not
tagged at all.
Non-Stop
Forwarding (NSF) A redundancy method that quickly rebuilds
routing
information after a redundant Catalyst
switch supervisor takes over.
packet
loss Packets are simply dropped without delivery for some reason.
packet
rewrite Just before forwarding a packet, a multilayer switch has to change
several
fields in the packet to reflect the
Layer 3 forwarding operation.
PAgP Port
Aggregation Protocol; a Cisco-developed method for negotiating
EtherChannels automatically.
point-to-point
port In the Cisco implementation of RSTP, a full-duplex port that
connects
to another switch and becomes a
designated port.
PortFast An STP
feature used on a host port, where a single host is connected, that
shortens the Listening and Learning
states so that the host can gain quick access to the
network.
power
class Categories of PoE devices based on the maximum amount of power
required; power classes range from 0
to 4.
Power over
Ethernet (PoE) Electrical power supplied to a networked device over the
network cabling itself.
primary
VLAN A normal Layer 2 VLAN used as the basis for a private VLAN when it
is associated with one or more
secondary VLANs.
private
VLAN A special purpose VLAN, designated as either primary or secondary,
which can restrict or isolate traffic flow
with other private VLANs.
promiscuous
port A switch port mapped to a private VLAN such that a connected
device can communicate with any other
switch port in the private VLAN.
PVST Per-VLAN
Spanning Tree; a Cisco-proprietary version of STP where one instance
of STP runs on each VLAN present in a
Layer 2 switch.
PVST+ Per-VLAN
Spanning Tree Plus; a Cisco-proprietary version of PVST that
enables PVST, PVST+, and CST to
interoperate on a switch.
quality of
service (QoS) The overall method used in a network to protect and prioritize
time-critical or important traffic.
root
bridge The single STP device that is elected as a common frame of
reference for
working out a loop-free topology.
Root Guard
An
STP feature that controls where candidate root bridges can be found
on a switch.
root path
cost The cumulative cost of all the links leading to the root bridge.
root port Each
switch selects one port that has the lowest root path cost leading
toward the root bridge.
Route
Processor Redundancy (RPR) A redundancy mode where a redundant supervisor
partially boots and waits to become
active after the primary supervisor fails.
Route
Processor Redundancy Plus (RPR+) A redundancy mode where a redundant
supervisor boots up and waits to begin
Layer 2 or Layer 3 functions.
RPVST+ Also known
as Rapid PVST+, where RSTP is used on a per-VLAN basis; in
effect, RSTP replaces traditional
802.1D STP in the PVST+ operation.
RSTP The Rapid
Spanning-Tree Protocol, based on the IEEE 802.1w standard.
secondary
VLAN A unidirectional VLAN that can pass traffic to and from its
associated
primary VLAN, but not with any other
secondary VLAN.
Spanning
Tree Protocol (STP) A protocol communicated between Layer 2
switches
that attempts to detect a loop in the
topology before it forms, thus preventing a bridging
loop from occurring.
Split-MAC
architecture Normal Media Access Control (MAC) operations are divided
into two distinct locations—the LAP
and theWLC, such that the two form a completely
functioningWLAN cell.
SSID Service
set identifier; a text string that identifies a service set, or a group of
WLAN devices, that can communicate
with each other.
stateful
switchover (SSO) A redundancy mode where a redundant supervisor
fully
boots and initializes, allowing
configurations and Layer 2 tables to be synchronized
between an active supervisor and a
redundant one.
sticky MAC address MAC
addresses dynamically learned by the port
superior
BPDU A received BPDU that contains a better bridge ID than the current
root bridge.
SVI Switched
virtual interface; a logical interface used to assign a Layer 3 address to an
entire VLAN.
switch
block A network module or building block that contains a group of access
layer switches, together with the pair
of distribution switches that connect them.
switch
spoofing A malicious host uses DTP to masquerade as a switch, with the goal
of negotiating a trunk link and
gaining access to additional VLANs.
synchronization
In
RSTP, the process by which two switches exchange a proposalagreement
handshake to make sure neither will
introduce a bridging loop.
TCAM Ternary
content-addressable memory; a switching table found in Catalyst
switches that is used to evaluate
packet forwarding decisions based on policies or access
lists. TCAM evaluation is performed
simultaneously with the Layer 2 or Layer 3 forwarding
decisions.
TCN Topology
Change Notification; a message sent out the root port of a switch when
it detects a port moving into the
Forwarding state or back into the Blocking state. The
TCN is sent toward the root bridge,
where it is reflected and propagated to every other
switch in the Layer 2 network.
transparent
bridge A network device that isolates two physical LANs but forwards
Ethernet frames between them.
trust
boundary A perimeter in a network, formed by switches and routers, where
QoS
decisions take place. QoS information
found inside incoming traffic is evaluated at the
trust boundary; either it is trusted
or it is not trusted. In the latter case, the QoS information
can be altered or overridden. All
devices inside the trust boundary can assume that
QoS information is correct and
trusted, such that the QoS information already conforms
to enterprise policies.
UDLD Unidirectional
Link Detection; a feature that enables a switch to confirm that a
link is operating bidirectionally. If
not, the port can be disabled automatically.
unknown
unicast flooding The action taken by a switch when the
destination MAC
address cannot be found; the frame is
flooded or replicated out all switch ports except
the receiving port.
UplinkFast
An
STP feature that enables access layer switches to unblock a redundant
uplink when the primary root port
fails.
VACL VLAN
access control list; a filter that can control traffic passing within a VLAN.
VLAN Virtual
LAN; a logical network existing on one or more Layer 2 switches, forming
a single broadcast domain.
VLAN
hopping A malicious host sends specially crafted frames that contain
extra,
spoofed 802.1Q trunking tags into an
access port, while the packet payloads appear on a
totally different VLAN.
VLAN
number A unique index number given to a VLAN on a switch, differentiating
it
from other VLANs on the switch.
VLAN trunk
A
physical link that can carry traffic on more than one VLAN through
logical tagging.
voice VLAN
The
VLAN used between a Cisco IP Phone and a Catalyst switch to carry
voice traffic.
VRRP
backup router A router in a VRRP group that waits until the master router fails
before taking over that role.
VRRP
master router The router in a VRRP group that forwards traffic sent to the
virtual
gateway IP and MAC address.
VTP VLAN
Trunking Protocol; used to communicate VLAN configuration information
among a group of switches.
VTP
configuration revision number An index that indicates the current
version of
VLAN information used in the VTP
domain; a higher number is more preferable.
VTP domain
A
logical grouping of switches that share a common set of VLAN
requirements.
VTP
pruning VTP reduces unnecessary flooded traffic by pruning or removing
VLANs from a trunk link, only when
there are no active hosts associated with the
VLANs.
VTP
synchronization problem An unexpected VTP advertisement with a higher
configuration
revision number is received,
overriding valid information in a VTP domain.
wireless
LAN controller (WLC) A Cisco device that provides management
functions
to lightweight access points and aggregates
all traffic to and from the LAPs.