Chapter 2. Switching Foundations

This chapter covers the following ICND1 objectives that fall under the content area, Implement a small switched network:

  • Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts.

  • Explain the technology and media access control method for Ethernet technologies.

  • Explain network segmentation and basic traffic management concepts.

  • Explain the operation of Cisco switches and basic switching concepts.

  • Perform, save, and verify initial switch configuration tasks including remote access management.

  • Verify network status and switch operation using basic utilities (including ping, traceroute, telnet, SSH, arp, ipconfig), and theSHOW and DEBUG commands.

  • Implement and verify basic security for a switch (port security, deactivate ports).

  • Identify, prescribe, and resolve common switched network media issues, configuration issues, auto-negotiation, and switch hardware failures.

1. In today’s networks, more and more corporations are replacing hubs with switches. Which of the following is a reason for switching to a Catalyst switch from a hub?

  1. Catalyst switches take less time to process frames than hubs take.

  1. Catalyst switches decrease the amount of bandwidth available to hosts.

  2. Catalyst switches increase the number of collision domains in the network.

  3. Catalyst switches do not forward broadcasts.

2. You want to configure your Cisco switch for remote access capabilities. Which of the following commands will move you into the correct mode for configuring the switch IP address?

  1. interface fa0/1

  2. interface loopback1

  3. interface vlan1

  4. interface fa0/24

  5. configure terminal

3. What are the default configuration settings on a Catalyst switch? (Choose three.)

  1. CDP Enabled

  2. CDP Disabled

  3. Ports set to 100Mbps/full duplex

  4. Ports set to auto-negotiate

  5. IP address set to 192.168.1.10

  6. No IP address set

4. A junior network administrator at your company asks you to brief him on the differences and similarities between bridges and switches. What should you tell him? (Choose two.)

  1. Switches are slower than bridges because they have fewer ports.

  2. A switch is a multiport bridge.

  3. Bridges and switches learn MAC addresses by examining the source MAC address of each frame received.

  4. A bridge forwards a broadcast, but a switch does not.

5. You are configuring a switch for remote access. What command must be issued in Global Configuration mode to allow the switch to be accessed from a subnet other than its own?

  1. ip default-gateway

  2. router ip

  3. router rip

  4. routing enabled

6. While verifying some configurations on your switch, you see that the Spanning-Tree Protocol (STP) is enabled. The junior network administrator working with you at the time asks you what STP does. What do you tell her?

  1. STP stops routing loops in your network.

  2. STP minimizes broadcasts in your network.

  3. STP allows routing loops in your network.

  4. STP monitors and prevents loops in your switched network.

7. What is the effective throughput for each of 24 PCs connecting to a Catalyst switch’s FastEthernet ports operating in half-duplex mode?

  1. 1Mbps

  2. 10Mbps

  3. 100Mbps

  4. 2400Mbps

8. You want to configure the FastEthernet 0/20 port on your Catalyst switch for port security. If anyone other than the MAC address 0001.3232.AABB connects to the port, it should immediately shut down. Which of the following configurations accomplishes this objective?

A.

interface fa0/20
 switchport mode access
 switchport port-security
 switchport port-security mac-address 0001.3232.AABB
 switchport port-security violation shutdown

B.

interface fa0/20
 switchport mode access
 mac-address 0001.3232.AABB
 port-security violation shutdown

C.

interface fa0/20
 switchport mode access
 port-security
 mac-address 0001.3232.AABB
 port-security violation shutdown

D.

interface fa0/20
 switchport mode access
 switchport port-security
 mac-address 0001.3232.AABB
 switchport port-security violation shutdown

9. What command allows you to verify your port security configuration on interface FastEthernet 0/20?

  1. show interface fa0/20

  2. show ip interface fa0/20

  3. show interface fa0/20 switchport

  4. show port-security interface fa0/20

10. Your boss asks you to explain why you purchased switches instead of the “cheaper” hubs, because they do the same thing. What do you tell him to justify the purchase of the switches?

  1. Hubs do not extend the length of an Ethernet segment.

  2. Hubs do not offer half-duplex connections.

  3. Hubs do not give dedicated bandwidth to each end user.

  4. Hubs do not accept 100Mbps connections.

11. You have been asked to convert the management protocol for all the Cisco switches in your network from Telnet to SSH. You have entered the following configuration on one of the switches:

Switch(config)# username admin password cisco
Switch(config)# ip domain-name examcram.com
Switch(config)# crypto key generate rsa general-keys modulus 1024
Switch(config)# ip ssh version 2
Switch(config)# line vty 0 4
Switch(config-line)# login local
Switch(config-line)# transport input ssh

Does this configuration accomplish your objective?

  1. Yes, this configuration accomplishes the objective.

  2. No, to disable Telnet, you must also enter the command no transport input telnet.

  3. No, SSH requires RSA keys that are 512 bits or less.

  4. No, rather than using the VTY lines, you should be configuring SSH lines.

12. You are verifying your port security configuration and notice the following:

Switch#show port-security interface fa0/5
Port Security              : Enabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1
Last Source Address:Vlan   : 0015.c5af.ea37:1
Security Violation Count   : 18

What does this output indicate?

  1. A security violation has occurred, and the interface has been shut down.

  2. There have been security violations in the past, but at present, there is no device connected to the port.

  3. A MAC address is stuck on the interface and needs to be cleared.

  4. Port security requires at least one configured MAC address to be entered and is presently keeping the interface in the down state.

13. Your current switch is completely saturated with devices and has no available ports. As a temporary solution, you decide to attach an additional hub to the network to provide more ports. What type of cable should you use when attaching the network switch to the hub?

  1. Straight-through

  2. Crossover

  3. Rollover

  4. Serial

14. What field exists at the end of every Ethernet frame to ensure data corruption does not occur during transmission?

  1. Preamble

  2. CheckSEQ

  3. ACK

  4. FCS

15. Refer to figure 2.1 . HostA sends a single message into the switch. HostB , HostC , and HostD receive the message while HostE and HostF do not. What type of message was sent by HostA ?

Figure 2.1. Network diagram.

net2-1.gif

  1. Unicast

  2. Multiple unicast

  3. Multicast

  4. Broadcast

  5. VLAN-based

16. Which portion of the MAC address 00-19-D1-22-DC-F3 represents the vendor-assigned component?

  1. 00-19-D1

  2. 00-19

  3. 19-D1-22

  4. D1-22-DC

  5. 22-DC-F3

17. Refer to figure 2.2. You have just finished configuring SwitchB , shown in the network diagram. You have tested SSH connectivity from HostD successfully; however, the junior network administrator is unable to connect from HostA . Further testing reveals that HostA can ping HostD , but cannot ping SwitchB . What is the most likely cause of the problem?

Figure 2.2. Network diagram.

net2-2.gif

  1. A default-gateway is not configured on SwitchB .

  2. One of the routers is denying access to the IP subnet of SwitchB from HostA .

  3. HostA is on a different IP subnet than SwitchB .

  4. SwitchB and the Ethernet interface of RouterB are on different IP subnets.

  5. SwitchB and the Ethernet interface of RouterA are on different subnets.

18. One of your users is reporting a slow connection speed to the corporate server from his PC. Further investigation reveals that the PC is connected to FastEthernet 0/18. You perform the following show command from the switch:

CAT3550#show interfaces FastEthernet 0/23
FastEthernet0/23 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 000c.854c.0517 (bia 000c.854c.0517)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:20, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 376000 bits/sec, 92 packets/sec
  5 minute output rate 79000 bits/sec, 54 packets/sec
     170650256 packets input, 661378431 bytes, 0 no buffer
     Received 206362 broadcasts (0 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 26102 multicast, 0 pause input
     0 input packets with dribble condition detected
     246704306 packets output, 3116889248 bytes, 0 underruns
     0 output errors, 0 collisions, 3 interface resets
     0 babbles, 1926502 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

                 

<Based on this output, what is the most likely cause of the problem?

  1. The user is sending too much traffic and is likely saturating the link.

  2. The Ethernet cable length between the host and the server is too long.

  3. The switch is not configured to handle the multicast messages it is receiving.

  4. The keepalive has not been set.

19. How do two devices connected to a LAN respond when a collision is detected?

  1. The devices will first transmit a jam signal.

  2. The devices will wait a specific amount of time and then retransmit their data.

  3. The devices will ignore the collision and continue to transmit data.

  4. One device will transmit a specialized beam using the Ethernet cable, which causes the other device to melt.

20. Some users in your organization have reported network connectivity issues from their PCs. While physically inspecting the switch, you notice that the System LED is blinking green. What does this indicate?

  1. The switch has experienced a hardware failure.

  2. One or more of the ports on the switch are experiencing a speed or duplex mismatch.

  3. The devices attached to the switch have flapping interfaces.

  4. The switch is currently rebooting.

21. Telnet sessions to one of your switches in your organization continually fail. After connecting to the console port of your switch, you execute the following command:

CAT3550#show interfaces vlan 1
Vlan1 is administratively down, line protocol is down
  Hardware is EtherSVI, address is 000c.854c.0500 (bia 000c.854c.0500)
  Internet address is 172.30.1.1/24
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 02:18:34, output 00:00:04, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 4
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     27283 packets input, 6886373 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     1017635 packets output, 76798877 bytes, 0 underruns
     0 output errors, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out

                 

What is the cause of the problem?

  1. he interface has an unusually high number of output drops.

  2. The management interface has been moved from VLAN 1.

  3. The management interface is shutdown.

  4. The Catalyst 3550 supports only SSH connections.

22. You want to configure the IP default gateway to 192.168.1.1 on your Catalyst switch. Which of the following commands will accomplish this objective?

  1. Switch(config)#ip default-gateway 192.168.1.1

  2. Switch(config)#default-gateway 192.168.1.1 255.255.255.0

  3. Switch(config)#default-gateway 192.168.1.1

  4. Switch(config-if)#ip address 192.168.1.1 255.255.255.0

23. Observe the following output:

Cisco IOS Software, C3550 Software (C3550-I5K91L2Q3-M), Version 12.2(25)SEA, RELEASE SOFTWARE (fc)
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Tue 25-Jan-05 23:50 by antonino
ROM: Bootstrap program is C3550 boot loader

CAT3550 uptime is 7 weeks, 3 days, 20 hours, 28 minutes
System returned to ROM by power-on
System image file is "flash:c3550-i5k91l2q3-mz.122- 25.SEA/c3550-i5k91l2q3-mz.122-25.S"

Cisco WS-C3550-24-PWR (PowerPC) processor (revision B0) with 65526K/8192K bytes
of memory.
Processor board ID CAT0711Z0WH
Last reset from warm-reset
Running Layer2/3 Switching Image

The password-recovery mechanism is enabled.
384K bytes of flash-simulated NVRAM.
Base ethernet MAC Address: 00:0C:85:4C:05:00
Motherboard assembly number: 73-8100-06
Power supply part number: 341-0029-01
Motherboard serial number: CAT071105Z3
Power supply serial number: DTH0710060S
Model revision number: B0
Motherboard revision number: A0
Model number: WS-C3550-24PWR-SMI
System serial number: CAT0711Z0WH
Configuration register is 0x10F

                 

Which of the following commands generated this output?

  1. Switch#show config

  2. Switch#show run

  3. Switch#show ios

  4. Switch#show version

  5. Switch#show uptime

24. Observe the following output:

Code View: Scroll /

CAT3550#show mac-address-table
          Mac Address Table
–––––––––––––––––––––––––––––––––––––––––
Vlan    Mac Address        Type      Ports
––––    –––––––––––       ––––––––  –––––
 All    000c.854c.0500     STATIC    CPU
 All    000c.854c.0501     STATIC    CPU
 All    000c.854c.0502     STATIC    CPU
 All    000c.854c.0503     STATIC    CPU
 All    000c.854c.0504     STATIC    CPU
 All    000c.854c.0505     STATIC    CPU
 All    000c.854c.0506     STATIC    CPU
 All    000c.854c.0507     STATIC    CPU
 All    000c.854c.0508     STATIC    CPU
 200    0012.1723.01da     DYNAMIC   Fa0/13
 200    0012.17fc.a3db     DYNAMIC   Fa0/13
 200    0014.1c48.e6d1     DYNAMIC   Fa0/7
 200    0014.1c48.e71a     DYNAMIC   Fa0/10
 200    0014.6a9c.3309     DYNAMIC   Fa0/16
 200    0014.a89e.f845     DYNAMIC   Fa0/8
 200    0018.8b7c.3712     DYNAMIC   Fa0/7
 200    0019.d122.dcf3     DYNAMIC   Fa0/9

                 

How did the Static and Dynamic MAC addresses end up in the CAM table?

  1. The Static MAC addresses had to be input by an administrator; the Dynamic MAC addresses were learned by the switch.

  2. The Static MAC addresses belong to the switch itself; the Dynamic MAC addresses were learned by the switch.

  3. The Static MAC addresses had to be learned by the switch; the Dynamic MAC addresses were input by an administrator.

  4. The Static MAC addresses are reversed duplicates of the Dynamic MAC addresses and were learned by the switch.

25. The switch pictured in figure 2.2 receives a frame destined for the MAC address 00aa:911b:9cc3. How is this frame handled?

Figure 2.3. Network diagram.

net2-3.gif

  1. The frame is dropped.

  2. The frame is sent out Fa0/3.

  3. The frame is sent out all ports.

  4. The frame is sent out all ports with the exception of the port on which it was received.

26. You want to implement port security in your company to protect against unauthorized network access. After logging in to the switch, you enter the following commands:

Switch(config)#interface range fa0/1-20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport port-security
Switch(config-if-range)#switchport port-security maximum 1
Switch(config-if-range)#switchport port-security mac-address sticky
Switch(config-if-range)#switchport port-security violation shutdown

What does this configuration accomplish?

  1. Port security is enabled, and ports are limited to a maximum of one violation per port. The first MAC address to transmit data on the port will be the only MAC address allowed. After a second violation has occurred, the interface will shut down.

  2. Port security is enabled, and the port is limited to an access port, which can only be used between switches. Only one upstream switch is allowed to connect to the port. All MAC addresses learned on the port will “stick” to the interface. If more than one upstream switch is attached, the port will shut down.

  3. Port security is enabled, and ports are limited to a maximum of one MAC address each. The first MAC address to transmit data on the port will be the only MAC address allowed. Any other MAC addresses will cause the interface to enter an err-disabled state.

  4. Port security is not enabled because the syntax “switchport port-security on” was not used. All other port-security commands will not take effect until this command is entered.

27. The switch pictured in figure 2.4 does not have a green or amber light on the FastEthernet ports shown in the figure. What areas would you inspect on the switch? (Choose three.)

Figure 2.4. Network diagram.

net2-4.gif

  1. Ensure the cables being used are crossover cables.

  2. Ensure the ports are configured as trunk ports.

  3. Ensure the cables being used are straight-through cables.

  4. Ensure the switch has power.

  5. Reboot all devices pictured.

  6. Reseat all cables pictured.

28. Workstation A needs to be able to telnet to SW_B (shown in figure 2.5). What must be configured to make this connection possible?

Figure 2.5. Network diagram.

net2-5.gif

  1. VLAN 1 on RT_A

  2. VLAN 1 on SW_A

  3. Default gateway on SW_B

  4. Crossover cable connecting SW_B to RT_A

  5. Trunk port connecting SW_B to RT_A

29. What are two advantages of switches over hubs? (Choose two.)

  1. Decreased collision domains

  2. Increasing the maximum length of Category 5 UTP cable between devices

  3. Increasing the broadcast domain size

  4. Allowing simultaneous transmissions from multiple devices

  5. Filtering frames based on the MAC address fields in the header

<30. What is the effect of entering the following command on a switch?

Switch(config)#service password-encryption

  1. The enable secret password is encrypted.

  2. Only the enable password is encrypted.

  3. The telnet and console passwords are encrypted.

  4. The enable secret will now supersede the enable password.

  5. All passwords are encrypted.

QuizSolutionsCh2ICND1

  • *
Topic attachments
I Attachment Action Size Date Who Comment
Gifgif net2-1.gif manage 21.2 K 2013-02-12 - 03:41 JimSkon Figure 2.1
Gifgif net2-2.gif manage 14.3 K 2013-02-12 - 03:42 JimSkon Figure 2.2
Gifgif net2-3.gif manage 7.4 K 2013-02-12 - 03:42 JimSkon Figure 2.3
Gifgif net2-4.gif manage 6.1 K 2013-02-12 - 03:43 JimSkon Figure 2.4
Gifgif net2-5.gif manage 5.6 K 2013-02-12 - 03:43 JimSkon Figure 2.5
Topic revision: r6 - 2013-02-18 - JimSkon
 
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback