Here you will find answers to Drag and Drop Questions – Part 2

Question 1

Drag the choices on the left to the boxes on the right that should be included when creating a VLAN-based implementation plan. Not all choices will be used.

Answer:

+ reference to design documents
+ roll back guidelines
+ detailed implementation plans
+ time required to perform the implementation

(In this question we don’t need to sort in the correct order)

Explanation

An implementation plan requires:

+ A description of the task
+ References to design documents
+ Detailed implementation guidelines
+ Detailed rollback guidelines in case of failure
+ The estimated time required for implementation

Question 2

You have a VLAN implementation that requires inter-vlan routing using layer 3 switches. Drag the steps on the left that should be part of the verification plan to the spaces on the right. Not all choices will be used.

Answer:

+ Verify that there is inter-switch connectivity
+ Verify that the data and voice VLANs are NOT assigned a trunk’s native VLAN
+ Verify that the needed Switch Virtual interfaces have been created
+ Verify that the proper ports are assigned to the VLAN

Question 3

Match the SNMP versions and associated features

Answer:

v1:
+ get next request
+ unsolicited alert msg

v2:
+ informed request
+ incremental 64 bit of new data

v4:
+ user name
+ security level

Question 4

Categorize the high availability network resource or feature with the management level, network level, or system level used.

Answer:

Management Level:
+ IP SLA responder
+ NTP

Network Level:
+ RSTP
+ NSF

System Level:
+ Dual Power Supplies
+ SSO

Question 5

Match the HSRP states on the left with the correct definition on the right.

Answer:

+ Initial: State from which the router begin the HSRP process
+ Standby: A candidate to become the next active router
+ Learn: The router is still waiting to hear from the active router
+ Active: The router is currently forwarding packets
+ Listen: Listens for hello messages from the active and standby router
+ Speak: Participates in the election for the active or standby router

Question 6

Sort the syslog priority from highest to lowest

Answer:

1) emergency
2) alert
3) critical
4) error
5) warning
6) notice
7) informational
8) debug

Explanation

The syslog levels and descriptions are listed below:

Code	Severity	Description
0	Emergency	system is unusable (such as an imminent system crash)
1	Alert	action must be taken immediately (such as a corrupted system database)
2	Critical	Critical conditions (such as a hardware error)
3	Error	Error conditions
4	Warning	Warning conditions
5	Notice	normal but significant condition. It is not an error, but possibly should be handled in a special way
6	Informational	Informational message
7	Debug	Debug-level message

Question 7

Match the Attributes on the left with the types of VLAN designs on right.

Answer:

End-to-End VLANs:
+ As a user moves through a campus, the VLAN membership of the user remains the same, regardless of the physical switch this user attaches to.
+ Users are grouped into each VLAN regardless of the physical locations.

Local VLANs:
+ Create with Physical boundaries in mind rather then the departments or organization of the users on the devices.
+ VLANs on one switch are not advertised to all other switches in the network, nor do they need to be created in the VLAN database of any other switch.

Question 8

You have been tasked with planning a VLAN solution that will connect a seiver in one buliding to several hosts in another building. The solution should be built using the local vlan model and layer 3 switching at the distribution layer. Identify the questions related to this vlan solution that would ask the network administrator before you start the planning by dragging them into the target zone one the right. Not all questions will be used.

Answer:

+ Is there inter-switch connectivity?
+ What routing protocol will be used?
+ What VLANs are available on each switch?
+ What switch ports are available in each building?
+ What IP addresses are available on each subnet?

Question 9

Answer:

Local vlan:
+ 20/80 rule
+ leverages on stp
+ leverages on routing
+ locally significant

Distributed vlan:
+ 80/20 rule
+ leverages on vtp
+ leverages on switching
+ globally significant

Here you will find answers to VLAN, VTP, STP questions

If you are not sure about VLAN, VTP, STP please read my VLAN tutorial, VTP tutorial and STP tutorial.

Question 1

Two switches SA and SB are connected as shown below. Given the below partial configuration, which two statements are true about VLAN traffic? (Choose two)

A – VLANs 1-5 will be blocked if fa0/10 goes down.
B – VLANs 6-10 have a port priority of 128 on fa0/10.
C – VLANs 6-10 will use fa0/10 as a backup only.
D – VLANs 1-10 are configured to load share between fa0/10 and fa0/12.

Answer: C D

Explanation:

Let’s assume that SA is the root bridge for all VLANs, it will make the explanation a bit clearer…

First we should understand what will happen if nothing is configured (use default values). Because we assumed that SA is the root bridge so all of its ports will forward. SB will need to block one of its ports to avoid a bridging loop between the two switches. But how does SB select its blocked port? Well, the answer is based on the BPDUs it receives from SA. A BPDU is superior than another if it has:

1. A lower Root Bridge ID
2. A lower path cost to the Root
3. A lower Sending Bridge ID
4. A lower Sending Port ID

These four parameters are examined in order. In this specific case, all the BPDUs sent by SA have the same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID. The only parameter left to select the best one is the Sending Port ID (Port ID = port priority + port index). If using default values, the default port priority’s value is 32 or 128 (128 is much more popular today but 32 is also a default port priority’s value), so SB will compare port index values, which are unique to each port on the switch, and because Fa0/12 is inferior to Fa0/10, SB will select the port connected with Fa0/10 (of SA) as its root port and block the other port.

To change the default decision of selecting root port, we can change the port priority of each interface. The above picture is true for VLAN 1-5 because port Fa0/10 has a lower port-priority so the peer port will be chosen as the root port. For VLAN 6-10, port Fa0/12 has higher priority ID (lower port priority value) so SB will block its upper port.

For answer A – “VLANs 1-5 will be blocked if fa0/10 goes down” – is not correct because if Fa0/10 goes down, SB will unblock its lower port therefore VLANs 1-5 will still operate.

For answer B – “VLANs 6-10 have a port priority of 128 on fa0/10″ – is not always correct because VLAN 6-10 can have a different port priority (of 32) according to the Cisco’s link below.

Answer C is correct because VLAN 6-10 uses Fa0/12 link as it main path. Fa0/10 is the backup path and is only opened when port Fa0/12 fails.

Answer D is correct because this configuration provide load-balance traffic based on VLAN basis. VLANs 1-5 use Fa0/10 and VLANs 6-10 use Fa0/12 as their main paths.

Note: We can not assure the answer B is always correct so we should choose C and D if the question asks us to give only 2 choices).

Reference (and good resource, too):

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96a.shtml

Question 2:

The network operations center has received a call stating that Users in VLAN 107 are unable to access resources through R1. From the information contained in the graphic, what is the cause of this problem?

A – spanning tree is not enabled on VLAN 107
B – VTP is pruning VLAN 107
C – VLAN 107 does not exist on switch SA
D – VLAN 107 is not configured on the trunk

Answer: B

Explanation:

“VLAN allowed on trunk” – Each trunk allows all VLANs by default. However, administrator can remove or add to the list by using the “switchport trunk allowed” command.

“VLANs allowed and active in management” – To be active, a VLAN must be in this list.

“VLANs in spanning tree forwarding state and not pruned” – This list is a subset of the “allowed and active” list but with any VTP-pruned VLANs removed.

All VLANs were configured except VLAN 101 so D is not correct. VLAN 107 exists in the “allowed and active” section so A and C are not correct, too. In the “forwarding state and not pruned” we don’t see VLAN 107 so the administrator had wrongly configured this VLAN as pruned.

Question 3:

The network administrator needs to enable VTP pruning within the network. What action should a network administrator take to enable VTP pruning on an entire management domain?

A – enable VTP pruning on every switch in the domain
B – enable VTP pruning on any client switch in the domain
C – enable VTP pruning on any switch in the management domain
D – enable VTP pruning on a VTP server in the management domain

Answer: D

Question 4:

Study the diagram below carefully, which three statements are true? (Choose three)

A – DTP packets are sent from Switch SB.
B – DTP is not running on Switch SA.
C – A trunk link will be formed.
D – The native VLAN for Switch SB is VLAN 1.

Answer: A C D

Explanation:

Dynamic Trunking Protocol (DTP) is the Cisco-proprietary that actively attempts to negotiate a trunk link between two switches. If an interface is set to switchport mode dynamic desirable, it will actively attempt to convert the link into trunking mode. If the peer port is configured as switchport mode trunk, dynamic desirable, or dynamic auto mode, trunking is negotiated successfully -> C is correct.

SB is in “dynamic desirable” mode so it will send DTP packets to SA to negotiate a trunk link -> A is correct.

On an 802.1Q trunk, DTP packets are sent on the native VLAN. By default, it is VLAN 1 (notice that SA’s native VLAN is 5) -> D is correct.

(Note: an 802.1Q trunk’s native VLAN is the only VLAN that has untagged frames)

Below is the switchport modes for easy reference:

Mode	Function
Dynamic Auto	Creates the trunk based on the DTP request from the neighboring switch.
Dynamic Desirable	Communicates to the neighboring switch via DTP that the interface would like to become a trunk if the neighboring switch interface is able to become a trunk.
Trunk	Automatically enables trunking regardless of the state of the neighboring switch and regardless of any DTP requests sent from the neighboring switch.
Access	Trunking is not allowed on this port regardless of the state of the neighboring switch interface and regardless of any DTP requests sent from the neighboring switch.
Nonegotiate	Prevents the interface from generating DTP frames. This command can be used only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link.

 

Question 5:

Regarding the exhibit and the partial configuration of switch SA and SB. STP is configured on all switches in the network. SB receives this error message on the console port:

00:06:34: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half duplex), with SA FastEthernet0/4 (half duplex), with TBA05071417(Cat6K-B) 0/4 (half duplex).

What would be the possible outcome of the problem?

A – The root port on switch P4S-SB will fall back to full-duplex mode.
B – The interfaces between switches P4S-SA and P4S-SB will transition to a blocking state.
C – The root port on switch P4S-SA will automatically transition to full-duplex mode.
D – Interface Fa0/6 on switch SB will transit to a forwarding state and create a bridging loop.

Answer: D

Explanation:

From the output, we learned that the interfaces on two switches are operating in different duplex modes: Fa0/4 of SA in half-duplex mode & Fa0/5 of SB in full-duplex mode. In this case, because SB is operating in full duplex mode, it does not check the carrier sense before sending frames (CSMA/CD is not used in full-duplex mode). Therefore, SB can start to send frames even if SA is using the link and a collision will occur. The result of this is SA will wait a random time before attempting to transmit another frame. If B sends enough frames to A to make every frame sent from A (which includes the BPDUs) get dropped then SB can think it has lost root bridge (B does not receive BPDUs from A anymore). Therefore SB will unblock its Fa0/6 interface for transmitting and cause a bridging loop.

Here you will find answers to STP Questions

Question 1

Company uses MSTP within their switched LAN. What is the main purpose of Multiple Instance Spanning Tree Protocol (MSTP)?

A. To enhance Spanning Tree troubleshooting on multilayer switches
B. To reduce the total number of spanning tree instances necessary for a particular topology
C. To provide faster convergence when topology changes occur in a switched network
D. To provide protection for STP when a link is unidirectional and BPDUs are being sent but not received

Answer: B

Explanation

Instead of running an STP instance for every VLAN, MSTP runs a number of VLAN-independent STP instances. By allowing a single instance of STP to run for multiple VLANs, MSTP keeps the number of STP instances to minimum (saving switch resources) while optimizing Layer 2 switching environment (load balancing traffic to different paths for different VLANs.).

Question 2

Which of the following specifications will allow you to associate VLAN groups to STP instances so you can provide multiple forwarding paths for data traffic and enable load balancing?

A. IEEE 802.1d (STP)
B. IEEE 802.1s (MST)
C. IEEE 802.1q (CST)
D. IEEE 802.1w (RSTP)

Answer: B

Question 3

Refer to the exhibit. All network links are FastEthernet. Although there is complete connectivity throughout the network, Front Line users have been complaining that they experience slower network performance when accessing the Server Farm than the Reception office experiences. Based on the exhibit, which two statements are true? (Choose two)

A. Changing the bridge priority of S1 to 4096 would improve network performance.
B. Changing the bridge priority of S1 to 36864 would improve network performance.
C. Changing the bridge priority of S2 to 36864 would improve network performance.
D. Changing the bridge priority of S3 to 4096 would improve network performance.
E. Disabling the Spanning Tree Protocol would improve network performance.
F. Upgrading the link between S2 and S3 to Gigabit Ethernet would improve performance.

Answer: B D

Explanation

All three switches have the same bridge priority (32768 – default value) and S1 has the lowest MAC -> S1 is the root bridge and all traffic must go through it -> Front Line Users (S2) must go through S1 to reach Server Farm (S3). To overcome this problem, S2 or S3 should become the root switch and we can do it by changing the bridge priority of S1 to a higher value (which lower its priority – answer B) or lower the bridge priority value (which higher its priority – answer D)

Question 4

Refer to the exhibit. Initially, LinkA is connected and forwarding traffic. A new LinkB is then attached between SwitchA and HubA. Which two statements are true about the possible result of attaching the second link? (Choose two)

A. The switch port attached to LinkB will not transistion to up.
B. One of the two switch ports attached to the hub will go into blocking mode when a BPDU is received.
C. Both switch ports attached to the hub will transition to the blocking state.
D. A heavy traffic load could cause BPDU transmissions to be blocked and leave a switching loop.
E. The switch port attached to LinkA will immediately transition to the blocking state.

Answer: B D

Explanation

we know that there will have only one Designated port for each segment (notice that the two ports of SwitchA are on the same segment as they are connected to a hub). The other port will be in Blocking state. But how does SwitchA select its Designated and Blocking port? The decision process involves the following parameters inside the BPDU:

* Lowest path cost to the Root
* Lowest Sender Bridge ID (BID)
* Lowest Port ID

In this case, both interfaces of SwitchA have the same “path cost to the root” and “sender bridge ID” so the third parameter “lowest port ID” will be used. Suppose two interfaces of SwitchA are fa0/1 & fa0/2 then SwitchA will select fa0/1 as its Designated port (because fa0/1 is inferior to fa0/2) -> B is correct.

Suppose the port on LinkA (named portA) is in forwarding state and the port on LinkB (named portB) is in blocking state. In blocking state, port B still listens to the BPDUs. If the traffic passing through LinkA is too heavy and the BPDUs can not reach portB, portB will move to listening state (after 20 seconds for STP) then learning state (after 15 seconds) and forwarding state (after 15 seconds). At this time, both portA & portB are in forwarding state so a switching loop will occur -> D is correct.

Question 5

Refer to the exhibit. Switch S1 is running mst IEEE 802.1s. Switch S2 contains the default configuration running IEEE 802.1D. Switch S3 has had the command spanning-tree mode rapid-pvst running IEEE 802.1w. What will be the result?

A. IEEE 802.1D and IEEE 802.1w are incompatible. All three switches must use the same standard or no traffic will pass between any of the switches.
B. Switches S1, S2, and S3 will be able to pass traffic between themselves.
C. Switches S1, S2, and S3 will be able to pass traffic between themselves. However, if there is a topology change, Switch S2 will not receive notification of the change.
D. Switches S1 and S3 will be able to exchange traffic but neither will be able to exchange traffic with Switch S2

Answer: B

Explanation

A switch running both MSTP and RSTP supports a built-in protocol migration mechanism that enables it to interoperate with legacy 802.1D switches. If this switch receives a legacy 802.1D configuration BPDU (a BPDU with the protocol version set to 0), it sends only 802.1D BPDUs on that port. An MST switch can also detect that a port is at the boundary of a region when it receives a legacy BPDU, an MST BPDU (version 3) associated with a different region, or an RST BPDU (version 2).
However, the switch does not automatically revert to the MSTP mode if it no longer receives 802.1D BPDUs because it cannot determine whether the legacy switch has been removed from the link unless the legacy switch is the designated switch

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swmstp.html)

Question 6

Refer to the exhibit. Switch S2 contains the default configuration. Switches S1 and S3 both have had the command spanning-tree mode rapid-pvst issued on them. What will be the result?

A. IEEE 802.1D and IEEE 802.1w are incompatible. All three switches must use the same standard or no traffic will pass between any of the switches.
B. Switches S1, S2. and S3 will be able to pass traffic between themselves.
C. Switches S1, S2. and S3 will be able to pass traffic between themselves. However, if there is a topology change. Switch S2 will not receive notification of the change.
D. Switches S1 and S3 will be able to exchange traffic but neither will be able to exchange traffic with Switch S2.

Answer: B

Question 7

Which two statements are true when the extended system ID feature is enabled? (Choose two)

A. The BID is made up of the bridge priority value (2 bytes) and bridge MAC address (6 bytes).
B. The BID is made up of the bridge priority (4 bits), the system ID (12 bits), and a bridge MAC address (48 bits).
C. The BID is made up of the system ID (6 bytes) and bridge priority value (2 bytes).
D. The system ID value is the VLAN ID (VID).
E. The system ID value is a unique MAC address allocated from a pool of MAC addresses assigned to the switch or module.
F. The system ID value is a hex number used to measure the preference of a bridge in the spanning-tree algorithm.

Answer: B D

Explanation

In short, with the use of IEEE 802.1t spanning-tree extensions, some of the bits previously used for the switch priority are now used for the extended system ID

Only four high-order bits of the 16-bit Bridge Priority field carry actual priority. Therefore, priority can be incremented only in steps of 4096. In most cases, the Extended System ID holds the VLAN ID. For example, if our VLAN ID is 5 and we use the default bridge priority 32768 then the 16-bit Priority will be 32768 + 5 = 32773.

Note: The MAC address is reserved when the extended system ID feature is enabled.

Question 8

Which set of statements about Spanning Tree Protocol default timers is true?

A.
The hello time is 2 seconds.
The forward delay is 10 seconds.
The max_age timer is 15 seconds.

B.
The hello time is 2 seconds.
The forward delay is 15 seconds.
The max_age timer is 20 seconds.

C.
The hello time is 2 seconds.
The forward delay is 20 seconds.
The max_age timer is 30 seconds.

D.
The hello time is 5 seconds.
The forward delay is 10 seconds.
The max_age timer is 15 seconds.

E.
The hello time is 5 seconds.
The forward delay is 15 seconds.
The max_age timer is 20 seconds.

Answer: B

Explanation

There are several STP timers, as this list shows:

* Hello - The hello time is the time between each bridge protocol data unit (BPDU) that is sent on a port. This time is equal to 2 seconds (sec) by default, but you can tune the time to be between 1 and 10 sec.
* Forward delay – The forward delay is the time that is spent in the listening and learning state. This time is equal to 15 sec by default, but you can tune the time to be between 4 and 30 sec.
* Max age – The max age timer controls the maximum length of time that passes before a bridge port saves its configuration BPDU information. This time is 20 sec by default, but you can tune the time to be between 6 and 40 sec.

(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094954.shtml)

Question 9

Refer to the exhibit. Switch 15 is configured as the root switch for VLAN 10 but not for VLAN 20. If the STP configuration is correct, what will be true about Switch 15?

A. All ports will be in forwarding mode.
B. All ports in VLAN 10 will be in forwarding mode.
C. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in blocking mode.
D. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in standby mode.

Answer: B

Explanation

All ports on root bridge are designated ports, which are in forwarding state but notice in this case Switch 15 is the root switch for VLAN 10 -> all ports in VLAN 10 will be in forwarding state. We can not say anything about the modes of ports of Switch 15 in other VLANs.

Question 10

Refer to the exhibit. STP has been implemented in the network. Switch SW_A is the root switch for the default VLAN. To reduce the broadcast domain, the network administrator decides to split users on the network into VLAN 2 and VLAN 10. The administrator issues the command spanning-tree vlan 2 root primary on switch SW_A. What will happen as a result of this change?

A. All ports of the root switch SW_A will remain in forwarding mode throughout the reconvergence of the spanning tree domain.
B. Switch SW_A will change its spanning tree priority to become root for VLAN 2 only.
C. Switch SW_A will remain root for the default VLAN and will become root for VLAN 2.
D. No other switch in the network will be able to become root as long as switch SW_A is up and running.

Answer: C

Explanation

This command sets the switch to become root for a given VLAN. It works by lowering the priority of the switch until it becomes root. Once the switch is root, it will not prevent any other switch from becoming root. In particular, if the current root bridge is greater than 24576 then our switch will drop to 24576. If the current root bridge is less than 24576, our new bridge priority will be (Priority value of the current root bridge – 4096).

This command does not affect other VLAN so SW_A will remain root for the default VLAN -> C is correct.

Note: This command is not shown in a Catalyst switch configuration because the command is actually a macro executing other switch commands.

Here you will find answers to STP Questions – Part 2

Question 1

Refer to the exhibit. Based on the output of the show spanning-tree command, which statement is true?

A. Switch SW1 has been configured with the spanning-tree vlan 1 root primary global configuration command.
B. Switch SW1 has been configured with the spanning-tree vlan 1 root secondary global configuration command.
C. Switch SW1 has been configured with the spanning-tree vlan 1 priority 24577 global configuration command.
D. Switch SW1 has been configured with the spanning-tree vlan 1 hello-time 2 global configuration command.
E. The root bridge has been configured with the spanning-tree vlan 1 root secondary global configuration command.

Answer: B

Explanation

The command “spanning-tree vlan 1 root secondary” sets its bridge ID to a value which is higher than the current root bridge but higher than other switches in the network -> If the current root bridge fails, Sw1 will become the root bridge.

If no priority has been configured, every switch will have the same default priority of 32768. Assuming all other switches are at default priority, the spanning-tree vlan vlan-id root primary command sets a value of 24576. Also, assuming all other switches are at default priority, the spanning-tree vlan vlan-id root secondary command sets a value of 28672.

In this question, the bridge priority of Sw1 is 28673, not 28672 because the extended system ID (indicated as sys-id-ext) is 1, indicating this is the STP instance for VLAN 1. In fact, the bridge priority is 28672.

Question 2

Refer to the exhibit. On the basis of the output of the show spanning-tree inconsistentports command, which statement about interfaces FastEthernet 0/1 and FastEthernet 0/2 is true?

A. They have been configured with the spanning-tree bpdufilter disable command.
B. They have been configured with the spanning-tree bpdufilter enable command.
C. They have been configured with the spanning-tree bpduguard disable command.
D. They have been configured with the spanning-tree bpduguard enable command.
E. They have been configured with the spanning-tree guard loop command.
F. They have been configured with the spanning-tree guard root command.

Answer: F

Explanation

We can configure the root guard feature to prevent unauthorized switches from becoming the root bridge. When you enable root guard on a port, if that port receives a superior BPDU, instead of believing the BPDU, the port goes into a root-inconsistent state. While a port is in the root-inconsistent state, no user data is sent across it. However, after the superior BPDUs stop, the port returns to the forwarding state.

For example, in the topology above suppose S1 is the current root bridge. If a hacker plugs a switch on S3 which sends superior BPDUs then it will become the new root bridge, this will also change the traffic path and may result in a traffic jam. By enabling root guard on S3 port, if spanning-tree calculations cause an interface to be selected as the root port, the interface transitions to the root-inconsistent (blocked) state instead to prevent the hacker’s switch from becoming the root switch or being in the path to the root.

Question 3

Refer to the exhibit. What information can be derived from the output?

A. Devices connected to interfaces FastEthemet3/1 and FastEthemet3/2 are sending BPDUs with a superior root bridge parameter and no traffic is forwarded across the ports. Once inaccurate BPDUs have been stopped, the interfaces will need to be administratively shut down, and brought back up, to resume normal operation.
B. Devices connected to interfaces FastEthemet3/1 and FastEthernet3/2 are sending BPDUs with a superior root bridge parameter, but traffic is still forwarded across the ports.
C. Devices connected to interfaces FastEthemet3/1 and FastEthemet3/2 are sending BPDUs with a superior root bridge parameter and no traffic is forwarded across the ports. Once inaccurate BPDUs have been stopped, the interfaces automatically recover and resume normal operation.
D. Interfaces FastEthemet3/1 and FastEthemet3/2 are candidate for becoming the STP root port, but neither can realize that role until BPDUs with a superior root bridge parameter are no longer received on at least one of the interfaces.

Answer: C

Explanation

Same explanation as question 2.

Question 4

Which statement is correct about RSTP port roles?

A. The designated port is the switch port on every nonroot bridge that is the chosen path to the root bridge. There can be only one designated port on every switch. The designated port assumes the forwarding state in a stable active topology. All switches connected to a given segment listen to all BPDUs and determine the switch that will be the root switch for a particular segment.
B. The disabled port is an additional switch port on the designated switch with a redundant link to the segment for which the switch is designated. A disabled port has a higher port 10 than the disabled port on the designated switch. The disabled port assumes the discarding state in a stable active topology.
C. The backup port is a switch port that offers an alternate path toward the root bridge. The backup port assumes a discarding state in a stable, active topology. The backup port will be present on nondesignated switches and will make a transition to a designated port if the current designated path fails.
D. The root port is the switch port on every nonroot bridge that is the chosen path to the root bridge. There can be only one root port on every switch. The root port assumes the forwarding state in a stable active topology.

Answer: D

Explanation

To learn about RSTP port roles, please read my RSTP tutorial.

Question 5

How are STP timers and state transitions affected when a topology change occurs in an STP environment?

A. All ports will temporarily transition to the learning state for a period equal to the max age timer plus the forward delay interval.
B. All ports will transition temporarily to the learning state for a period equal to the forward delay interval.
C. The default aging time for MAC address entries will be reduced for a period of the max age timer plus the forward delay interval.
D. The default hello time for configuration BPDUs will be reduced for the period of the max age timer.

Answer: C (but the wording may cause you to misunderstand)

Explanation

If a switch stops receiving Hellos, it means that there is a failure in the network. The switch will initiate the process of changing the Spanning-tree topology. The process requires the use of 3 STP timers:
* Hello - the time between each bridge protocol data unit (BPDU) that is sent on a port. This time is equal to 2 seconds (sec) by default, but you can tune the time to be between 1 and 10 sec.
* Forward delay – the time that is spent in the listening and learning state. This time is equal to 15 sec by default, but you can tune the time to be between 4 and 30 sec.
* Max age – maximum length of time a BPDU can be stored without receiving an update.. This time is 20 sec by default, but you can tune the time to be between 6 and 40 sec.

Max Age is the time that a bridge stores a BPDU before discarding it.

Switches (Bridges) keep its MAC address table entries for 300 seconds (5 minutes, known as aging time), by default. When a network topology change happens, the Switch (Bridge) temporarily lowers the aging time to the same as the forward delay time (15 seconds) to relearn the MAC address changes happened because of topology change.

This is important because normally only after five minutes an entry is aged out from the MAC address table of the switch and the network devices could be unreachable for up to 5 minutes. This is known as a black hole because frames can be forwarded to a device, which is no longer available.

Notice that shortening the aging time to 15 seconds does not flush the entire table, it just accelerates the aging process. Devices that continue to “speak” during the 15-second age-out period never leave the bridging table.

Therefore in this question, to be clearer answer C should state “The default aging time for MAC address entries will be reduced to forward_delay time for a period of the max age timer plus the forward delay interval.”

(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094797.shtml)

Question 6

Refer to the exhibit. The command spanning-tree guard root is configured on interface Gi0/0 on both switch S2 and S5. The global configuration command spanning-tree uplinkfast has been configured on both switch S2 and S5. The link between switch S4 and S5 fails. Will Host A be able to reach Host B?

A. Fifty percent of the traffic will successfully reach Host B, and fifty percent will dead-end at switch S3 because of a partial spanning-tree loop.
B. No. Traffic will pass from switch S6 to S2 and dead-end at S2.
C. No. Traffic will loop back and forth between switch S6 and Host A.
D. No. Traffic will loop back and forth between switches S2 and S3.
E. Yes. Traffic will pass from switch S6 to S2 to S1.

Answer: E

Explanation

First we should understand about UpLinkFast.

Suppose S1 is the root bridge in the topology above. S3 is connected to S1 via two paths: one direct path and another goes through S2. Suppose the port directly connected to S1 is root port -> port connected to S2 will be in Blocking state. If the primary link goes down, the blocked port will need about 50 seconds to move from Blocking -> Listening -> Learning -> Forwarding to be used.

To shorten the downtime, a feature called Uplink Fast can be used. When the primary (root) link fails, another blocked link can be brought up immediately for use. When UplinkFast is enabled, it is enabled for the entire switch and all VLANs. It cannot be enabled for individual VLANs.

In this question, the Root Guard feature has been enabled on Gi0/0 of S2 & S5 so these two Gi0/0 ports cannot be root ports and cannot forward traffic -> the link between S2 & S6 must be used.

Note: The idea of Uplink Fast is based on blocked ports which are possible to become a root port. Therefore the Uplink Fast feature is not allowed on the root bridge -> S2 & S5 cannot be root bridges in this case.

Question 7

Refer to the exhibit. The command spanning-tree guard root is configured on interface Gi0/0 on both switch S2 and S5. The global configuration command spanning-tree uplinkfast has been configured on both switch S2 and S5. The link between switch S4 and S5 fails. Will Host A be able to reach Host B?

A. Yes. Traffic can pass either from switch S6 to S3 to S2 to S1, or, from switch S6 to S5 to S2 to S1.
B. No. Traffic will pass from switch S6 to S5 and dead-end at interface Gi0/0.
C. No. Traffic will loop back and forth between switch S5 and S2.
D. Yes. Traffic will pass from switch S6 to S3 to S2 to S1.
E. No. Traffic will either pass from switch S6 to S5 and dead-end, or traffic will pass from switch S6 to S3 to S2 and dead-end.

Answer: D

Explanation

Same explanation as Question 6. When the link between S4 – S5 goes down, Gi0/0 on S5 cannot become root port because of Root Guard feature on it. But maybe Host A can’t reach host B in the first 15 seconds after the link between S4 & S5 fails by default. It is the time for S5 to clear the MAC address table (please read the explanation of Question 5 for more detail).

Question 8

Which two statements about the various implementations of STP are true? (Choose two)

A. Common Spanning Tree maintains a separate spanning-tree instance for each VLAN configured in the network.
B. The Spanning Tree Protocol (STP) is an evolution of the IEEE 802.1w standard.
C. Per-VLAN Spanning Tree (PVST) supports 802.1Q trunking.
D. Per-VLAN Spanning Tree Plus (PVST+) is an enhancement to 802.1Q specification and is supported only on Cisco devices.
E. Rapid Spanning Tree Protocol (RSTP) includes features equivalent to Cisco PortFast, UplinkFast, and BackboneFast for faster network reconvergence.
F. Multiple Spanning Tree (MST) assumes one spanning-tree instance for the entire Layer 2 network, regardless of the multiple number of VLANs.

Answer: D E

Explanation

Common Spanning Tree only uses one spanning-tree instance for all VLANs in the network -> A is not correct.

Rapid Spanning Tree Protocol (RSTP; IEEE 802.1w) can be seen as an evolution of the 802.1D standard more than a revolution. The 802.1D terminology remains primarily the same. Most parameters have been left unchanged so users familiar with 802.1D can rapidly configure the new protocol comfortably -> B is not correct.

Per-VLAN spanning tree protocol plus (PVST+) is a Cisco proprietary protocol that expands on the Spanning Tree Protocol (STP) by allowing a separate spanning tree for each VLAN. Cisco first developed this protocol as PVST, which worked with the Cisco ISL trunking protocol, and then later developed PVST+ which utilizes the 802.1Q trunking protocol. PVST+ allows interoperability between CST and PVST in Cisco switches -> C is not correct but D is correct.

RSTP significantly reduces the time to reconverge the active topology of the network when changes to the physical topology or its configuration parameters occur. RSTP supports Edge Ports (similar to PortFast), UplinkFast, and BackboneFast for faster network reconvergence. Rapid Spanning Tree Protocol (RSTP) can also revert back to 802.1D STP for interoperability with older switches and existing infrastructures -> E is correct.

Multiple Spanning Tree can map one or more VLANs to a single STP instance. Multiple instances of STP can be used (hence the name MST), with each instance supporting a different group of VLANs. For example, instead of creating 50 STP separate STP instances for 50 VLANs, we can create only 2 STP instances – each for 25 VLANs. This helps saving switch resources -> F is not correct.

Question 9

Given the diagram and assuming that STP is enabled on all switch devices, which two statements are true? (Choose two)

A. DSW11 will be elected the root bridge.
B. DSW12 will be elected the root bridge.
C. ASW13 will be elected the root bridge.
D. P3/1 will be elected the nondesignated port.
E. P2/2 will be elected the nondesignated port.
F. P3/2 will be elected the nondesignated port.

Answer: A D

Question 10

Which two RSTP port roles include the port as part of the active topology? (Choose two)

A. root
B. designated
C. alternate
D. backup
E. forwarding
F. learning

Answer: A B

Here you will find answers to STP Questions – Part 3

Question 1

What is the result of entering the command spanning-tree loopguard default?

A. The command enables both loop guard and root guard.
B. The command changes the status of loop guard from the default of disabled to enabled.
C. The command activates loop guard on point-to-multipoint links in the switched network.
D. The command will disable EtherChannel guard.

Answer: B

Explanation

This command is used in global configuration mode to enable loop guard on all ports of a given switch. To disable it, use the “no” keyword at the beginning of this command.

Question 2

Refer to the exhibit. The service provider wants to ensure that switch S1 is the root switch for its own network and the network of the customer. On which interfaces should root guard be configured to ensure that this happens?

A. interfaces 1 and 2
B. interfaces 1,2,3, and 4
C. interfaces 1, 3, 5, and 6
D. interfaces 5 and 6
E. interfaces 5, 6, 7, and 8
F. interfaces 11 and 12

Answer: D

Explanation

Let’s see what will happen if we set port 5 & 6 as “root guard” ports:

First, notice that the “root guard” command cannot be used on root switch (because this command is based on blocked port – while a root switch can’t have a blocked port -> two middle switches cannot become root bridges.

Moreover, the neighbor switch which has its port connected with this “root guard” port can’t be the root bridge. For example if we configure port 6 as “root guard” port, the left-bottom switch (the switch with ports 3, 4) can’t be root bridge because that will make port 6 root port. Therefore by configuring port 5 & 6 as “root guard” ports, two switches in the “Customer network” cannot become root bridge.

Question 3

Examine the diagram. A network administrator has recently installed the above switched network using 3550s and would like to control the selection of the root bridge. Which switch should the administrator configure as the root bridge and which configuration command must the administrator enter to accomplish this?

A. DSW11(config)# spanning-tree vlan 1 priority 4096
B. DSW12(config)# set spanning-tree priority 4096
C. ASW13(config)# spanning-tree vlan 1 priority 4096
D. DSW11(config)# set spanning-tree priority 4096
E. DSW12(config)# spanning-tree vlan 1 priority 4096
F. ASW13(config)# set spanning-tree priority 4096

Answer: E

Explanation

First, only switches in Distribution section should become root bridge -> only DSW11 or DSW12 should be chosen.

The traffic passing root bridge is always higher than other switches so we should choose switch with highest speed connection to be root bridge -> DSW12 with two 100Mbps connections should be chosen.

Also, the correct command to change priority value for a specific VLAN is spanning-treee vlan VLAN-ID priority Priority-number.

Question 4

What must be the same to make multiple switches part of the same Multiple Spanning Tree (MST)?

A. VLAN instance mapping and revision number
B. VLAN instance mapping and member list
C. VLAN instance mapping, revision number, and member list
D. VLAN instance mapping, revision number, member list, and timers

Answer: A

Explanation

MST maps multiple VLANs that have the same traffic flow requirements into the same spanning-tree instance. The main enhancement introduced by MST raises the problem, however, of determining what VLAN is to be associated with what instance. More precisely, based on received BPDUs, devices need to identify these instances and the VLANs that are mapped to the instance.

To be part of a common MST region, a group of switches must share the same configuration attributes. In particular, the configuration name (or region name – 32 bits), revision number (16 bits), and VLAN mapping (associate VLANs with spanning-tree instances) need to be the same for all the switches within the same region.

An example of configuring MST on a switch is shown below:

Configuration	Description
Switch(config)# spanning-tree mode mst	Turn on MST (and RSTP) on this switch
Switch(config)# spanning-tree mst configuration	Enter MST configuration submode
Switch(config-mst)# name certprepare	Name MST instance
Switch(config-mst)# revision 5	Set the 16-bit MST revision number. It is not incremented automatically when you commit a new MST configuration.
Switch(config-mst)#instance 1 vlan 5-10	Map instance with respective VLANs
Switch(config-mst)#instance 2 vlan 11-15

Question 5

Which three items are configured in MST configuration submode? (Choose three)

A. Region name
B. Configuration revision number
C. VLAN instance map
D. IST STP BPDU hello timer
E. CST instance map
F. PVST+ instance map

Answer: A B C

Explanation

Same as Question 4.

Question 6

Which three statements about the MST protocol (IEEE 802.1S) are true? (Choose three)

A. To verify the MST configuration, the show pending command can be used in MST configuration mode.
B. When RSTP and MSTP are configured; UplinkFast and BackboneFast must also be enabled.
C. All switches in the same MST region must have the same VLAN-to-instance mapping, but different configuration revision numbers.
D. All switches in an MST region, except distribution layer switches, should have their priority lowered from the default value 32768.
E. An MST region is a group of MST switches that appear as a single virtual bridge to adjacent CST and MST regions.
F. Enabling MST with the “spanning-tree mode mst” global configuration command also enables RSTP.

Answer: A E F

Explanation

The show pending command can be used to verify the MST configuration (pending configuration). An example of this command is shown below:

Note:

The above commands do these tasks:
+ Enter MST configuration mode
+ Map VLANs 10 to 20 to MST instance 1
+ Name the region certprepare
+ Set the configuration revision to 1
+ Display the pending configuration
+ Apply the changes, and return to global configuration mode

The MST region appears as a single bridge to spanning tree configurations outside the region -> a MST region appears as a single virtual bridge to adjacent CST and MST regions -> E is correct.

By enabling MST you also enable RSTP because MST relies on the RSTP configuration to operate -> F is correct.

Question 7

Which two statements concerning STP state changes are true? (Choose two)

A. Upon bootup, a port transitions from blocking to forwarding because it assumes itself as root.
B. Upon bootup, a port transitions from blocking to listening because it assumes itself as root.
C. Upon bootup, a port transitions from listening to forwarding because it assumes itself as root.
D. If a forwarding port receives no BPDUs by the max_age time limit, it will transition to listening.
E. If a forwarding port receives an inferior BPDU, it will transition to listening.
F. If a blocked port receives no BPDUs by the max_age time limit, it will transition to listening.

Answer: B F

Question 8

Which statement correctly describes the Cisco implementation of RSTP?

A. PortFast, UplinkFast, and BackboneFast specific configurations are ignored in Rapid PVST mode.
B. RSTP is enabled globally and uses existing STP configuration.
C. Root and alternative ports transition immediately to the forwarding state.
D. Convergence is improved by using sub-second timers for the blocking, listening, learning, and forwarding port states.

Answer: B

Explanation

To turn on RSTP, use this command in global configuration mode:

Switch(config)# spanning-tree mode mst

Note: This command turn on both MST & RSTP.

Question 9

The network administrator maps VLAN 10 through 20 to MST instance 2. How will this information be propagated to all appropriate switches?

A. Information will be carried in the RSTP BPDUs.
B. It will be propagated in VTP updates.
C. Information stored in the Forwarding Information Base and the switch will reply on query.
D. Multiple Spanning Tree must be manually configured on the appropriate switches.

Answer: D

Question 10

Which MST configuration statement is correct?

A. MST configurations can be propagated to other switches using VTP.
B. After MST is configured on a Switch, PVST+ operations will also be enabled by default.
C. MST configurations must be manually configured on each switch within the MST region.
D. MST configurations only need to be manually configured on the Root Bridge.
E. MST configurations are entered using the VLAN Database mode on Cisco Catalyst switches.

Answer: C

Here you will find answers to STP Questions – Part 4

Question 1

While logged into a Company switch you issue the following command:

CompanySwitch(config-mst)#instance 10 vlan 11-12

What does this command accomplish?

A. It enables a PVST+ instance of 10 for vlan 11 and vlan 12
B. It enables vlan 11 and vlan 12 to be part of the MST region 10
C. It maps vlan 11 and vlan 12 to the MST instance of 10.
D. It creates an Internal Spanning Tree (1ST) instance of 10 for vlan 11 and vlan 12
E. It create a Common Spanning Tree (CST) instance of 10 for vlan 11 and vlan 12
F. It starts two instances of MST, one instance for vlan 11 and another instance for vlan 12.

Answer: C

Explanation

MST maps multiple VLANs that have the same traffic flow requirements into the same spanning-tree instance. The main enhancement introduced by MST raises the problem, however, of determining what VLAN is to be associated with what instance. More precisely, based on received BPDUs, devices need to identify these instances and the VLANs that are mapped to the instance.

An example of configuring MST on a switch is shown below:

Configuration	Description
Switch(config)# spanning-tree mode mst	Turn on MST (and RSTP) on this switch
Switch(config)# spanning-tree mst configuration	Enter MST configuration submode
Switch(config-mst)# name certprepare	Name MST instance
Switch(config-mst)# revision 5	Set the 16-bit MST revision number. It is not incremented automatically when you commit a new MST configuration.
Switch(config-mst)#instance 1 vlan 5-10	Map instance 1 with respective VLANs (VLAN 5 to 10)
Switch(config-mst)#instance 2 vlan 11-15	Map instance 2 with respective VLANs (VLAN 11 to 15)

Note: To be part of a common MST region, a group of switches must share the same configuration attributes. In particular, the configuration name (or region name – 32 bits), revision number (16 bits), and VLAN mapping (associate VLANs with spanning-tree instances) need to be the same for all the switches within the same region.

Question 2

By default, all VLANs will belong to which MST instance when using Multiple STP?

A. MST00
B. MST01
C. the last MST instance configured
D. none

Answer: A

Explanation

By default, all VLANs are assigned to MST instance 0. Instance 0 is known as the Internal Spanning-Tree (IST), which is reserved for interacting with other Spanning-Tree Protocols (STPs) and other MST regions.

Question 3

What will occur when a nonedge switch port that is configured for Rapid Spanning Tree does not receive a BPDU from its neighbor for three consecutive hello time intervals?

A. RSTP information is automatically aged out.
B. The port sends a TCN to the root bridge.
C. The port moves to listening state,
D. The port becomes a normal spanning tree port.

Answer: A

Explanation

In STP 802.1D, a non-root bridge only generates BPDUs when it receives one on the root port. But in RSTP 802.1w, a bridge sends a BPDU with its current information every hello-time seconds (2 by default), even if it does not receive any from the root bridge. Also, on a given port, if hellos are not received three consecutive times, protocol information can be immediately aged out (or if max_age expires). Because of the previously mentioned protocol modification, BPDUs are now used as a keep-alive mechanism between bridges. A bridge considers that it loses connectivity to its direct neighbor root or designated bridge if it misses three BPDUs in a row. This fast aging of the information allows quick failure detection. If a bridge fails to receive BPDUs from a neighbor, it is certain that the connection to that neighbor is lost. This is opposed to 802.1D where the problem might have been anywhere on the path to the root.

(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml)

Question 4

A port in a redundant topology is currently in the blocking state and is not receiving BPDUs. To ensure that this port does not erroneously transition to the forwarding state, which command should be configured to satisfy the requirement?

A. Switch(config)#spanning-tree loopguard default
B. Switch(config-if)#spanning-tree bpdufilter
C. Switch(config)#udld aggressive
D. Switch(config-if)#spanning-tree bpduguard

Answer: A

Explanation

Loop guard prevents alternate or root ports from becoming the designated port due to a failure that could lead to a unidirectional link. An example is shown below:

Suppose S1 is the root bridge. S3′s port connected with S2 is currently blocked. Because of unidirectional link failure on the link
between S2 and S3, S3 is not receiving BPDUs from S2.

Without loop guard, the blocking port on S3 will transition to listening (upon max age timer expiration) -> learning -> forwarding state which create a loop.n

With loop guard enabled, the blocking port on S3 will transition into the STP loop-inconsistent state upon expiration of the max age timer. Because a port in the STP loop-inconsistent state will not pass user traffic, no loop is created. The loop-inconsistent state is effectively equal to the blocking state.

To enable loop guard globally use the command spanning-tree loopguard default.

Question 5

You are the administrator of a switch and currently all host-connected ports are configured with the portfast command. You have received a new directive from your manager that states that, in the future, any host-connected port that receives a BPDU should automatically disable PortFast and begin transmitting BPDUs. Which of the following commands will support this new requirement?

A. Switch(config)# spanning-tree portfast bpduguard default
B. Switch(config-if)# spanning-tree bpduguard enable
C. Switch(config-if)# spanning-tree bpdufilter enable
D. Switch(config)# spanning-tree portfast bpdufilter default

Answer: D

Explanation

The bpdufilter option feature is used to globally enable BPDU filtering on all Port Fast-enabled interfaces and this prevent the switch interfaces connected to end stations from sending or receiving BPDUs.

Note: The spanning-tree portfast bpdufilter default global configuration command can be overridden by the spanning-tree bdpufilter enable command in interface mode.

Question 6

Which two statements correctly describe characteristics of the PortFast feature? (Choose two)

A. STP will be disabled on the port.
B. PortFast can also be configured on trunk ports.
C. PortFast is required to enable port-based BPDU guard.
D. PortFast is used for both STP and RSTP host ports.
E. PortFast is used for STP-only host ports.

Answer: B D

Explanation

You can use PortFast on switch or trunk ports connected to a single workstation, switch, or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state -> B is correct.

Also, PortFast can be used for both STP and RSTP -> D is correct.

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.4/configuration/guide/stp_enha.html)

Answer C is not correct because BPDU guard can be enabled without PortFast. But what will happen if the PortFast and BPDU guard features are configured on the same port?

Well, at the reception of BPDUs, the BPDU guard operation disables the port that has PortFast configured. The BPDU guard transitions the port into errdisable state, and a message appears on the console

2000 May 12 15:13:32 %SPANTREE-2-RX_PORTFAST:Received BPDU on PortFast enable port. Disabling 2/1 2000 May 12 15:13:32 %PAGP-5-PORTFROMSTP:Port 2/1 left bridge port 2/1

(Reference and good resource: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml)

Question 7

Which of the following commands can be issued without interfering with the operation of loop guard?

A. Switch(config-if)#spanning-tree guard root
B. Switch(config-if)#spanning-tree portfast
C. Switch(config-if)#switchport mode trunk
D. Switch(config-if)#switchport mode access

Answer: C

Explanation

PortFast & Root guard should be placed on ports configured as access ports while loop guard should be placed on trunk ports -> we can use the “switchport mode trunk” without interfering with the operation of loop guard.

Question 8

Which statement correctly describes enabling BPDU guard on an access port that is also enabled for PortFast?

A. Upon startup, the port transmits 10 BPDUs. If the port receives a BPDU, PortFast and BPDU guard are disabled on that port and it assumes normal STP operation.
B. The access port ignores any received BPDU.
C. If the port receives a BPDU, it is placed into the error-disable state.
D. BPDU guard is only configured globally and the BPDU filter is required for port-level configuration.

Answer: C

Explanation

If any BPDU is received on a port where BPDU guard is enabled, that port is put into the err-disable state immediately. The port is shut down in an error condition and must be either manually re-enabled or automatically recovered through the errdisable timeout function.

Note: A port that has PortFast enabled also has BPDU guard automatically enabled. By combining PortFast & BPDU guard we have a port that can quickly enter the Forwarding state from Blocking state and automatically shut down when receiving BPDUs.

Question 9

Why is BPDU guard an effective way to prevent an unauthorized rogue switch from altering the spanning-tree topology of a network?

A. BPDU guard can guarantee proper selection of the root bridge.
B. BPDU guard can be utilized along with PortFast to shut down ports when a switch is connected to the port.
C. BPDU guard can be utilized to prevent the switch from transmitteing BPDUs and incorrectly altering the root bridge election.
D. BPDU guard can be used to prevent invalid BPDUs from propagating throughout the network.

Answer: B

Question 10

Which three statements about STP timers are true? (Choose three)

A. STP timers values (hello, forward delay, max age) are included in each BPDU.
B. A switch is not concerned about its local configuration of the STP timers values. It will only consider the value of the STP timers contained in the BPDU it is receiving.
C. To successfully exchange BPDUs between two switches, their STP timers value (hello, forward delay, max age) must be the same.
D. If any STP timer value (hello, forward delay, max age) needs to be changed, it should at least be changed on the root bridge and backup root bridge.
E. On a switched network with a small network diameter, the STP hello timer can be tuned to a lower value to decrease the load on the switch CPU.
F. The root bridge passes the timer information in BPDUs to all routers in the Layer 3 configuration.

Answer: A B D

Explanation

Each BPDU includes the hello, forward delay, and max age STP timers. An IEEE bridge is not concerned about the local configuration of the timers value. The IEEE bridge considers the value of the timers in the BPDU that the bridge receives. Effectively, only a timer that is configured on the root bridge of the STP is important. If you lose the root, the new root starts to impose its local timer value on the entire network. So, even if you do not need to configure the same timer value in the entire network, you must at least configure any timer changes on the root bridge and on the backup root bridge.

(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094954.shtml)

Here you will find answers to STP Questions – Part 5

Quick notes:

BPDU filtering: prevents the switch interfaces connected to end stations from sending or receiving BPDUs.
BPDU port-guard: If any BPDU is received on a port where BPDU guard is enabled, that port is put into the err-disable state immediately.

Question 1

Refer to the exhibit. Which statement is true about the output?

CAT1# show spanning-tree interface FastEthernet 0/1 detail Port 1 (FastEthernet0/1) of VLAN0001 is forwarding Port path cost 19, Port priority 128, Port Identifier 128.1. Designated root has priority 32769, address 000a.4107.7400 Designated bridge has priority 32769, address 000a.4107.7400 Designated port id is 128.1, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 BPDU: sent 237, received 1

CAT2# show spanning-tree interface FastEthernet 0/2 detail Port 2 (FastEthernet0/2) of VLAN0001 is blocking Port path cost 19, Port priority 128, Port Identifier 128.2. Designated root has priority 32769, address 000a.4107.7400 Designated bridge has priority 32769, address 000a.4107.7400 Designated port id is 128.1, designated path cost 0 Timers: message age 1, forward delay 0, hold 0 Number of transitions to forwarding state: 0 BPDU: sent 1, received 242

CAT3# show spanning-tree interface FastEthernet 0/1 detail Port 1 (FastEthernet0/1) of VLAN0001 is forwarding Port path cost 19, Port priority 128, Port Identifier 128.1. Designated root has priority 32769, address 000a.4107.7400 Designated bridge has priority 32769, address 000a.4107.7400 Designated port id is 128.1, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 BPDU: sent 24, received 0

A. The port on switch CAT1 is forwarding and sending BPDUs correctly.
B. The port on switch CAT1 is blocking and sending BPDUs correctly.
C. The port on switch CAT2 is forwarding and receiving BPDUs correctly.
D. The port on switch CAT2 is blocking and sending BPDUs correctly.
E. The port on switch CAT3 is forwarding and receiving BPDUs correctly.
F. The port on switch CAT3 is forwarding, sending, and receiving BPDUs correctly.

Answer: A

Explanation

From the first lines of the “show” commands and the BPDU sent and received we can conclude:

CAT1 is forwarding and sending BPDUs correctly (BPDU: sent 237, received 1) but it is not receiving BPDUs.
CAT2 is blocking and receiving BPDUs correctly (BPDU: sent 1, received 242) but it is not sending BPDUs.
CAT3 is forwarding and sending BPDUs correctly (BPDU: sent 24, received 0) but it is not receiving BPDUs.

-> only answer A is correct.

Question 2

Which of the following specifications is a companion to the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) algorithm, and warrants the use multiple spanning-trees?

A. IEEE 802.1s (MST)
B. IEEE 802.1Q (CST)
C. Cisco PVST+
D. IEEE 802.1d (STP)

Answer: A

Explanation

MST maps multiple VLANs into a spanning tree instance, with each instance having a spanning tree topology independent of other spanning tree instances. This architecture provides multiple forwarding paths for data traffic, enables load balancing, and reduces the number of STP instances required to support a large number of VLANs. MST improves the fault tolerance of the network because a failure in one instance (forwarding path) does not affect other instances (forwarding paths).

Note: RSTP is automatically turned on along with MST (the “spanning-tree mode mst” in global configuration mode will turn on both RSTP & MST)

(Reference: http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/MST.html)

Question 3

What two things will occur when an edge port receives a BPDU? (Choose two)

A. The port immediately transitions to the Forwarding state.
B. The switch generates a Topology Change Notification (TCN) BPDU.
C. The port immediately transitions to the err-disable state.
D. The port becomes a normal STP switch port.

Answer: B D

Explanation

The concept of edge port basically corresponds to the PortFast feature. An edge port directly transitions to the forwarding state, and skips the listening and learning stages. An edge port that receives a BPDU immediately loses edge port status and becomes a normal spanning tree port.

(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml#edge)

Question 4

Which statement is true about RSTP topology changes?

A. Only nonedge ports moving to the blocking state generate a TC BPDU.
B. Any loss of connectivity generates a TC BPDU.
C. Any change in the state of the port generates a TC BPDU.
D. Only nonedge ports moving to the forwarding state generate a TC BPDU.
E. If either an edge port or a nonedge port moves to a block state, then a TC BPDU is generated.

Answer: D

Explanation

When a Switch (Bridge) discovers topology change, it generates a TCN (Topology Change Notification) BPDU (Bridge Protocol Data Unit) and sends the TCN BPDU on its root port. The upstream Switch (Bridge) responds back the sender with TCA (Topology Change Acknowledgment) BPDU (Bridge Protocol Data Unit) and TCA (Topology Change Acknowledgment) BPDU (Bridge Protocol Data Unit)
The upstream Switch (Bridge) (bridge which received the TCN BPDU) generates another TCN BPDU and sends out via its Root Port. The process continues until the Root Switch (Bridge) receives the TCN BPDU.
When the Root Switch (Bridge) is aware that there is a topology change in the network, it starts to send out its Configuration BPDUs with the topology change (TC) bit set. Configuration BPDUs are received by every Switch (Bridge) in the network and all bridges become aware of the network topology change.

The switch never generates a TCN when a port configured for PortFast goes up or down -> it means no TC will be created for PortFast (or Edge Port) -> D is correct.

(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094797.shtml)

Question 5

Which of the following conditions guarantees that a broadcast storm cannot occur?

A. a native VLAN mismatch on either side of an 802.1Q link
B. BPDU filter configured on a link to another switch
C. Spanning Tree Protocol enabled on both Layer 2 and multilayer switches
D. PortFast enabled on all access and trunk ports

Answer: C

Question 6

Which two statements are true about port BPDU Guard and BPDU filtering? (Choose two)

A. BPDU guard can be enabled globally, whereas BPDU filtering must be enabled on a per-interface basis.
B. When globally enabled, BPDU port-guard and BPDU filtering apply only to PortFast enabled ports.
C. When globally enabled. BPDU port-guard and BPDU filtering apply only to trunking-enabled ports.
D. When a BPDU is received on a BPDU port-guard enabled port, the interface goes into the err-disabled state.
E. When a BPDU is received on a BPDU filtering enabled port, the interface goes into the err-disabled state.
F. When a BPDU is received on a BPDU filtering enabled port, the interface goes into the STP blocking state.

Answer: B D

Question 7

Which of the following will generate an RSTP topology change notification?

A. an edge port that transitions to the forwarding state
B. a non-edge port that transitions to the blocking state
C. a non-edge port that transitions to the forwarding state
D. an edge port that transitions to the blocking state
E. any port that transitions to the blocking state
F. any port that transitions to the forwarding state

Answer: C

Question 8

What is the effect of configuring the following command on a switch?

Switch(config)# spanning-tree portfast bpdufilter default

A. If BPDUs are received by a port configured for PortFast, then PortFast is disabled and the BPDUs are processed normally.
B. If BPDUs are received by a port configured for PortFast, they are ignored and none are sent.
C. If BPDUs are received by a port configured for PortFast, the port will transition to forwarding state.
D. The command will enable BPDU filtering on all ports regardless of whether they are configured for BPDU filtering at the interface level.

Answer: A

Explanation

Please read the explanation of Question 3

Question 9

Refer to the show spanning-tree mst configuration output shown in the exhibit. What should be changed in the configuration of the switch SW_2 in order for it to participate in the same MST region?

A. Switch SW_2 must be configured with the revision number of 2.
B. Switch SW_2 must be configured with a different VLAN range.
C. Switch SW_2 must be configured with the revision number of 1.
D. Switch SW_2 must be configured with a different MST name.

Answer: C

Question 10

Switch R1 has been configured with the root guard feature. What statement is true if the spanning tree enhancement Root Guard is enabled?
A. If BPDUs are not received on a non-designated port, the port is moved into the STP loop-inconsistent blocked state
B. If BPDUs are received on a PortFast enabled port, the port is disabled.
D C. If superior BPDUs are received on a designated port, the interface is placed into the root-inconsistent blocked state.
D. If inferior BPDUs are received on a root port, all blocked ports become alternate paths to the root bride.

Answer: C

Question 11

Based on the show spanning-tree vlan 200 output shown in the exhibit, which two statements about the STP process for VLAN 200 are true? (Choose two)

A. BPDUs will be sent out every two seconds.
B. The time spent in the listening state will be 30 seconds.
C. The time spent in the learning state will be 15 seconds.
D. The maximum length of time that the BPDU information will be saved is 30 seconds.
E. This switch is the root bridge for VLAN 200.
F. BPDUs will be sent out every 10 seconds.

Answer: B F

Explanation

From the output you learn that:

+ This is not the root bridge for VLAN 200 (it does not have the line “This bridge is the root” and the root bridge information is shown first. It has a Alternative port).
+ The root bridge is sending Hello every 10 seconds, Max Age is 20 seconds and Forward Delay is 15 seconds while the local bridge is sending Hello every 2 seconds, Max Age is 20 seconds and Forward Delay is 15 seconds.

Aan IEEE bridge is not concerned about the local configuration of the timers value. The IEEE bridge considers the value of the timers in the BPDU that the bridge receives. Effectively, only a timer that is configured on the root bridge of the STP is important. In this case, the local switch will import STP timers from the root bridge -> The listening state (or learning state) will be 30 seconds, which equals to Forward Delay. Also BPDUs will be sent out every 10 seconds (Hello packets).

(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094954.shtml)

Here you will find answers to EtherChannel Questions

Notes:

The Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) facilitate the automatic creation of EtherChannels by exchanging packets between Ethernet interfaces. The Port Aggregation Protocol (PAgP) is a Cisco-proprietary solution, and the Link Aggregation Control Protocol (LACP) is standards based.

LACP modes:

+ on: the link aggregation is forced to be formed without any LACP negotiation. A port-channel is formed only if the peer port is also in “on” mode.
+ off: disable LACP and prevent ports to form a port-channel
+ passive: the switch does not initiate the channel, but does understand incoming LACP packets
+ active: send LACP packets and willing to form a port-channel

PAgP modes:

+ on: The link aggregation is forced to be formed without any PAgP negotiation. A port-channel is formed only if the peer port is also in “on” mode.
+ off: disable PAgP and prevent ports to form a port-channel
+ desirable: send PAgP packets and willing to form a port-channel
+ auto: does not start PAgP packet negotiation but responds to PAgP packets it receives

An EtherChannel in Cisco can be defined as a Layer 2 EtherChannel or a Layer 3 EtherChannel.
+ For Layer 2 EtherChannel, physical ports are placed into an EtherChannel group. A logical port-channel interface will be created automatically. An example of configuring Layer 2 EtherChannel can be found in Question 1 in this article.

+ For Layer 3 EtherChannel, a Layer 3 Switch Virtual Interface (SVI) is created and then the physical ports are bound into this Layer 3 SVI. An example of configuring Layer 3 EtherChannel can be found in Question 6 in this article.

Question 1

Refer to the exhibit. LACP has been configured on Switch1 as shown. Which is the correct command set to configure LACP on Switch2?

A.
Switch2# configure terminal
Switch2(config)# interface range gigabitethernet3/1 -2
Switch2(config-if)# channel-group 5 mode auto

B.
Switch2# configure terminal
Switch2(config)# interface range gigabitethemet3/1 -2
Switch2(config-if)# channel-group 5 mode passive

C.
Switch2# configure terminal
Switch2(config)# interface range gigabitethernet3/1 -2
Switch2(config-if)# channel-group 5 mode desirable

D.
Switch2# configure terminal
Switch2(config)# interface range gigabitethernet3/1 -2
Switch2(config-if)# channel-group 5 mode on

Answer: B

Explanation

LACP trunking supports four modes of operation, as follows:
* On: The link aggregation is forced to be formed without any LACP negotiation. In other words, the switch will neither send the LACP packet nor process any incoming LACP packet. This is similar to the on state for PAgP.
* Off: The link aggregation will not be formed. We do not send or understand the LACP packet. This is similar to the off state for PAgP.
* Passive: The switch does not initiate the channel, but does understand incoming LACP packets. The peer (in active state) initiates negotiation (by sending out an LACP packet) which we receive and reply to, eventually forming the aggregation channel with the peer. This is similar to the auto mode in PAgP.
* Active: We are willing to form an aggregate link, and initiate the negotiation. The link aggregate will be formed if the other end is running in LACP active or passive mode. This is similar to the desirable mode of PAgP.

LACP does not have “auto” & “desirable” modes so A & C are not correct.

Also there are only three valid combinations to run the LACP link aggregate, as follows:

Switch	Switch	Description
active	active	Recommended
active	passive	Link aggregation occurs if negotiation is successful.
on	on	Link aggregation occurs without LACP. Although this works, it is not recommended.

Therefore if Switch1 is set “active” mode, we cannot set “on” mode on Switch2 -> D is not correct.

Only answer B is suitable in this case.

(Reference: http://www.cisco.com/en/US/tech/tk389/tk213/technologies_configuration_example09186a0080094470.shtml)

An example of configuring Layer 2 EtherChannel using LACP (applied these commands to both switches):

SW(config)#interface range f0/1 – 2 SW(config-if-range)#channel-group 1 mode active

Question 2

Refer to the exhibit. The command switchport mode access is issued on interface FastEthernet0/13 on switch CAT1. What will be the result?

A. The command will be rejected by the switch.
B. Interfaces FastEthernet0/13 and FastEthemet0/14 will no longer be bundled.
C. Dynamic Trunking Protocol will be turned off on interfaces FastEthernet0/13 and FastEthemet0/14.
D. Interfaces FastEthernet0/13 and FastEthernet0/14 will only allow traffic from the native VLAN.
E. Interfaces FastEthernet0/13 and FastEthernet0/14 will continue to pass traffic for VLANs 88,100,360.

Answer: B

Explanation

The default channel protocol in Cisco switches is Port Aggregation Protocol (PAgP). PAgP groups the interfaces with the same speed, duplex mode, native VLAN, VLAN range, and trunking status and type. After grouping the links into an EtherChannel, PAgP adds the group to the spanning tree as a single switch port.

An interface in the on mode that is added to a port channel is forced to have the same characteristics as the already existing on mode interfaces in the channel (applied for both PAgP & LACP). So if we configure “switchport mode access” on Fa0/13, this interface will no longer be bundled with Fa0/14.

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_14_ea1/configuration/guide/swethchl.html#wpxref12539)

Question 3

What is the result of entering the command “port-channel load-balance src-dst-ip” on an EtherChannel link?

A. Packets are distributed across the ports in the channel based on both the source and destination MAC addresses.
B. Packets are distributed across the ports in the channel based on both the source and destination IP addresses.
C. Packets are balanced across the ports in the channel based first on the source MAC address, then on the destination MAC address, then on the IP address.
D. Packets are distributed across the access ports in the channel based first on the source IP address and then the destination IP addresses.

Answer: B

Explanation

The syntax of configuring load balancing on a Cisco switch is:

Switch(config)# port-channel load-balance method

Many methods can be used here. By default, the “src-dst-ip” (source and destination IP address) method is used for Layer 3 switching. Let’s take an example to understand more about this method.

In the topology above, Switch1 uses the “src-dst-ip” method to load balancing traffic to Switch2. With this method, only one link is used for a specific pair of source & destination IP address and the switch uses the XOR function to generate the hash that is used to determine which interface to use. Suppose the packets have the source IP of 1.1.1.1 & destination IP of 1.1.1.2. Write them in binary we get:

1.1.1.1 = 0000 0001.0000 0001.0000 0001.0000 0001
1.1.1.2 = 0000 0001.0000 0001.0000 0001.0000 0010

In this case we have only 2 interfaces in this channel group so the XOR function only gets the last bit, which means 1 XOR 0 = 1. Each interface is assigned an index that starts from 0 so Fa0/2 will be indexed 1 -> traffic will be sent over Fa0/2.

If we have 4 interfaces in a channel group then XOR function gets last 2 bits. If we have 8 interfaces, it gets 3 bits and so on. For example, with 8 interfaces the result will be 3 (because 001 XOR 010 = 011) -> Fa0/4 will be used.

Note: If the two address values have the same bit value, the XOR result is always 0. If the two address bits differ, the XOR result is always 1. For example, 0 XOR 0 = 0; 0 XOR 1 = 1; 1 XOR 0 = 1; 1 XOR 1 = 0.

In conclusion, the “port-channel load-balance src-dst-ip” command uses a pair of source & destination IP address to select the port to send traffic to -> B is correct.

Question 4

Refer to the exhibit. Which statement is true about the display of the command “show pagp 1 neighbor” command?

A. STP packets are sent out the Gi0/1 interface only.
B. STP packets are sent out both the Gi0/1 and Gi0/2 interfaces.
C. CDP packets are sent out the Gi0/1 interface only.
D. CDP packets are sent out the Gi0/2 interface only.

Answer: A

Explanation

DTP and CDP send and receive packets over all the physical interfaces in the EtherChannel while STP always chooses the first operational port in an EtherChannel bundle -> A is correct.

Question 5

Refer to the exhibit. On the basis of the information that is generated by the show commands, which two EtherChannel statements are true? (Choose two)

A. Interfaces FastEthernet 0/1 and 0/2 have been configured with the channel-group 1 mode desirable command.
B. Interfaces FastEthernet 0/3 and 0/4 have been configured with the no switchport command.
C. Interface Port-Channels 1 and 2 have been assigned IP addresses with the ip address commands.
D. Port-Channels 1 and 2 are providing two 400 Mbps EtherChannels.
E. Port-Channels 1 and 2 are capable of combining up to 8 FastEthernet ports to provide full-duplex bandwidth of up to 16 Gbps between a switch and another switch or host.
F. Switch SW1 has been configured with a Layer 3 EtherChannel.

Answer: A D

Explanation

In fact answer A is not totally correct because two ports Fa0/1 & Fa0/2 of Sw1 can use the “channel-group 1 mode auto” command while the peer ports use the “channel-group 1 mode desirable” command. But maybe it is the best choice in this case.

Answer B is not correct because this is a Layer 2 EtherChannel (from the lines “Po1 (SU)” & “Group state = L2″) but the “no switchport” is only used to configure Layer 3 EtherChannel.

Answer C is not correct because the port-channel is automatically created in a Layer 2 EtherChannel.

In this case we can see the ports are FastEthernet ports -> Port-Channels 1 and 2 are capable of combining up to 8 FastEthernet ports to provide full-duplex bandwidth of up to 1.6 Gbps (8 links of FastEthernet ports), not 16 Gbps. Port-Channels can provide up to 16 Gbps if they group 8 links of GigabitEthernet -> E is not correct.

SW1 has been configured with a Layer 2 EtherChannel (from the lines “Po1 (SU)” & “Group state = L2″) -> F is not correct.

Usually the EtherChannel protocol is shown when using the “show etherchannel summary” command (after the “Port-channel” column) but in this case we see no “protocol” column so we can assume it uses the default EtherChannel protocol PAgP.

There are 2 ports in each group so there are 4 Ethernet ports in total -> 4 x 100Mbps = 400Mbps in full duplex (which means “two 400 Mbps EtherChannels” in answer D) -> D is correct.

Question 6

Which statement is true regarding the Port Aggregation Protocol?

A. Configuration changes made on the port-channel interface apply to all physical ports assigned to the portchannel interface.
B. Configuration changes made on a physical port that is a member of a port-channel interface apply to the port-channel interface.
C. Configuration changes are not permitted with Port Aggregation Protocol; instead, the standardized Link Aggregation Control Protocol should be used if configuration changes are required.
D. The physical port must first be disassociated from the port-channel interface before any configuration changes can be made.

Answer: A

Explanation

The port-channel interface represents for the whole bundle and all the configurations on this interface are applied to all physical ports that are assigned to this logical interface.

Note: We must manually create port-channel logical interface when configuring Layer 3 EtherChannels. The port-channel logical interface is automatically created when configuring Layer 2 EtherChannels (you can’t put Layer 2 ports into a manually created port channel interface).

An example of configuring Layer 3 EtherChannels with port-channel interfaces:

Switch1(config)# interface port-channel 1 Switch1(config-if)# no switchport Switch1(config-if)# ip address 192.168.1.1 255.255.255.0 Switch1(config-if)# exit Switch1(config)# interface range fastethernet0/1 -2 Switch1(config-if-range)# no switchport Switch1(config-if-range)# no ip address Switch1(config-if-range)# channel-group 1 mode desirable

Switch2(config)# interface port-channel 1 Switch2(config-if)# no switchport Switch2(config-if)# ip address 192.168.1.2 255.255.255.0 Switch2(config-if)# exit Switch2(config)# interface range fastethernet0/1 -2 Switch2(config-if-range)# no switchport Switch2(config-if-range)# no ip address Switch2(config-if-range)# channel-group 1 mode auto

Note: The “no switchport” command is required to change interface from layer2 to layer3 mode.

Question 7

Which three statements are true of the Link Aggregation Control Protocol (LACP)? (Choose three)

A. LACP is used to connect to non-Cisco devices.
B. LACP packets are sent with the command channel-group 1 mode desirable.
C. LACP packets are sent with the command channel-group 1 mode active.
D. Standby interfaces should be configured with a higher priority.
E. Standby interfaces should be configured with a lower priority.

Answer: A C D

Explanation

LACP is part of the IEEE specification 802.3ad so that it can be used on non-Cisco devices -> A is correct.

With mode “active”, the switch will send LACP packets, initiates negotiations with remote ports and willing to form a port-channel if it receives a response -> C is correct.

LACP uses the port priority with the port number to form the port identifier. The port priority determines which ports should be put in standby mode when there is a hardware limitation that prevents all compatible ports from aggregating.

An example of configuring LACP port priority:

Router(config-if)# lacp port-priority 100

Note: Valid range is from 1 to 65535. The higher the number, the lower the priority so standby interfaces should be configured with a higher priority -> D is correct.

Question 8

Refer to the exhibit. What does the command channel-group 1 mode desirable do?

Interface FastEthernet 0/13 Channel-group 1 mode desirable

A. enables LACP unconditionally
B. enables PAgP only if a PAgP device is detected
C. enables PAgP unconditionally
D. enables Etherchannel only
E. enables LACP only if a LACP device is detected

Answer: C

Explanation

First, “desirable” is a mode on PAgP, not LACP. “enable PAgP unconditionally” means that port will send PAgP packets to form an EtherChannel port (initiate negotiations with other ports). A channel is formed with another port group in either desirable or auto mode.

Note:

Mode “auto” enables PAgP only if a PAgP device is detected and mode “on” forces the port to form a channel.

Question 9

Which statement best describes implementing a Layer 3 EtherChannel?

A. EtherChannel is a Layer 2 and not a Layer 3 feature.
B. Implementation requires switchport mode trunk and matching parameters between switches.
C. Implementation requires disabling switchport mode.
D. A Layer 3 address is assigned to the channel-group interface.

Answer: C

Explanation

By default, the ports on a multilayer switch (MLS) will all be running in Layer 2 mode. A port must be configured as a routing port before it is configured as a Layer 3 EtherChannel -> require to use the “no switchport” command.

Here you will find answers to InterVLAN Routing questions

Question 1:

Study the exhibit carefully. Both host stations are part of the same subnet but are in different VLANs. On the basis of the information presented in the exhibit, which statement is true about an attempt to ping from host to host?

A – Layer 3 device is needed for the ping command to be successful.
B – A trunk port will need to be configured on the link between SA and SB for the ping command to be successful.
C – The two different hosts will need to be in the same VLAN in order for the ping command to be successful.
D – The ping command will be successful without any further configuration changes.

Answer: D

Explanation:

For two hosts in different VLANs, we must use a layer 3 device to transport packages between them. However, in this case both switches are set in “access” mode therefore the VLAN information sent between them will be set as untagged. Moreover, they are in the same subnet so they can ping each other without a layer 3 device.

Question 2:

Based on the following exhibit, which problem is preventing users on VLAN 100 from pinging addresses on VLAN 200?

A – Native VLAN mismatch.
B – Subinterfaces should be created on Fa0/7 and Fa0/8 on DLS1.
C – Trunking needs to be enabled.
D – The ip routing command is missing on DLS1.

Answer: D

Explanation:

To allow communication between two VLANs, we need to enables Layer 3 routing on the switch with the “ip routing” command. Some flatforms are enabled by default but some are not.

Question 3:

Based on the network diagram and routing table output in the exhibit, which one of these statements is true?

A – InterVLAN routing has been configured properly, and the workstations have connectivity to each other.
B – InterVLAN routing will not occur since no routing protocol has been configured.
C – Although interVLAN routing is not enabled, both workstations will have connectivity to each other.
D – Although interVLAN routing is enabled, the workstations will not have connectivity to each other.
E – None of the above.

Answer: A

Explanation:

In the output we can see both VLAN10 and VLAN20 are shown up (as networks 10.1.1.0 and 10.2.2.0) so the routing has been configured properly. Notice that the “C” letter indicates that these networks are directly connected with the router.

Question 4:

Study the following exhibit carefully, what is the reason that users from VLAN 100 can’t ping users on VLAN 200?

A – IP routing needs to be enabled on the switch
B – Trunking needs to be enabled on Fa0/1
C – VLAN 1 needs the no shutdown command
D – The native VLAN is wrong

Answer: B

Explanation:

The Fa0/1 interface on the switch is not configured with trunking mode. It needs to be configured as shown below:

SA(config)#interface Fa0/1
SA(config-if)#switchport mode trunk
SA(config-if)#switchport trunk encapsulation dot1q

Question 5:

Assume that a host sends a packet to a destination IP address and that the CEF-based switch does not yet have a valid MAC address for the destination. How is the ARP entry (MAC address) of the next-hop destination in the FIB get?

A – The sending host must send an ARP request for it
B – All packets to the destination are dropped
C – The Layer 3 forwarding engine (CEF hardware) must send an ARP request for it
D – CEF must wait until the Layer 3 engine sends an ARP request for it

Answer: D

Explanation:

If a valid MAC address for the destination is not found, the Layer 3 forwarding engine can’t forward the packet in hardware due to the missing Layer 2 next-hop address. Therefore the packet is sent to the Layer 3 Engine so that it can generate an ARP request (this is called the “CEF glean” state)

Question 6:

CEF is a complete new routing switch technology . Which two table types are CEF components?(Choose two)

A – adjacency tables
B – caching tables
C – neighbor tables
D – forwarding information base

Answer: A D

Here you will find answers to Voice Support Questions

(Questions 1 to 4 use the same picture)

Question 1:

You work as a network technician, study the exhibit carefully. What is the effect on the trust boundary of configuring the command mls qos trust cos on the switch port that is connected to the IP phone?

A – Effectively the trust boundary has been moved to the IP phone.
B – The host is now establishing the CoS value and has effectively become the trust boundary.
C – The switch SW is rewriting packets it receives from the IP phone and determining the CoS value.
D – The switch SW will no longer tag incoming voice packets and will trust the distribution layer switch to set the CoS.

Answer: A

Explanation:

The “mls qos trust cos” command is used to configure the port trust state (by default, the port is not trusted). By using this command, you can configure the switch port to which the telephone is connected to trust the CoS labels of all traffic received on that port.

(Note: All current Cisco IP Phones include an internal three-port Layer 2 switch therefore you can think an IP Phone as a switch and network administrators generally accept a Cisco IP Phone as a trusted device.)

Question 2:

If you are a network technician, study the exhibit carefully. Which switch interface configuration command would automatically configure quality of service (QoS) for voice over IP (VoIP) within a QoS domain?

A. auto qos voip cisco-phone
B. mls qos trust
C. switchport priority extend cos 7
D. switchport priority extend trust

Answer: A

Explanation:

The command “mls qos trust” is used to configure the port trust state (by default, the port is not trusted).

The command “switchport priority extend cos 7″ sets the IP phone port to override the priority received from the PC or the attached device (7 is the highest priority).

The command “switchport priority extend trust” tells the Cisco IP Phone to trust the CoS value of the connected PC without remark all packets sent form PC to CoS 0, by default.

Question 3:

Study the exhibit carefully. Which statement is true about the voice traffic coming to the switch access port that is connected to the IP phone?

A. The voice VLAN must be configured as a native VLAN on the switch.
B. A PC connected to a switch port via an IP phone must support a trunking encapsulation.
C. The traffic on the voice VLAN must be tagged with 802.1p encapsulation in order to coexist on the same LAN segment with a PC.
D. A PC connected to a switch port via an IP phone is unaware of the presence of the phone.

Answer: D

Explanation:

The voice VLAN can be configured over a unique voice VLAN (known as the voice VLAN ID or VVID) or over native VLAN -> A is not correct.

The ports k between PC and IP Phone are always functioned as access-mode switch ports so there is no need to support a trunking encapsulation -> B is not correct.

The traffic on the voice VLAN can be tagged with 802.1p encapsulation or 802.1q encapsulation -> C is not correct.

Most Cisco IP Phone models operate as a three-port switch as shown below. Nowadays, the voice traffic and data traffic will normally be on different IP subnets and the IP Phone is unaware of the presence of the phone.

Question 4:

Study the exhibit carefully. Which statement is true when voice traffic is forwarded on the same VLAN used by the data traffic?

A. Quality of service cannot be applied for the voice traffic.
B. The voice traffic cannot be forwarded to the distribution layer.
C. Port security cannot be enabled on the switch that is attached to the IP phone.
D. The voice traffic cannot use 802.1p priority tagging.

Answer: D

Question 5:

Which two codes are supported by Cisco VoIP equipment?

A. G.701 and G719
B. G.711 and G.729
C. G.721 and G.739
D. G.731 and G.749

Answer: B

Question 6:

Study the exhibit carefully, then tell me what is the problem with this configuration?

A – Spanning tree PortFast cannot be configured on a port where a voice VLAN is configured.
B – The switch port must be configured as a trunk.
C – Sticky secure MAC addresses cannot be used on a port when a voice VLAN is configured.
D – Spanning tree PortFast cannot be configured on a port when a sticky secure MAC address is used.

Answer: C