Files included:

+ MLS with EIGRP lab
+ LACP – STP Lab

Download these lab files from certprepare.com

Please say thanks to Jojo who created these lab-sims. Now you can practice with real SWITCH Lab questions.

Answer and Explanation:

Below is a good solution commented by toy_man123. Please say thank to him!

Each of these vlans has one host each on its port
SVI on vlan 1 – ip 192.168.1.11 with snm

Switch B –
Ports 3, 4 connected to ports 3 and 4 on Switch A

Port 15 connected to Port on Router.

Tasks to do

1. Use non proprietary mode of aggregation with Switch B being the initiator
— Assumed use LACP with B being in Active mode

2. Use non proprietary trunking and no negotiation
— Assumed use switchport mode trunk and switchport trunk encapsulation dot1q

3. Restrict only to vlans needed
— Assumed either vtp pruning or allowed vlan list. vtp pruning command did not seem to work on the simulator so landed using allowed vlan list

4. SVI on vlan 1 with some ip and subnet given

5. Configure switch A so that nodes other side of Router C are accessible
— Assumed this to mean that on switch A default gatway has to be configured.

6. Make switch B the root
— Could not get this to work. Exam hung when I tried the command
spanning-tree vlan 1,21-23 priority 4096
So passed on this configuration. Anyone else got this correct

What I tried ..
on Switch A
verify with show run if you need to create vlans 21-23

int range fa0/9 – 10
switchport mode access
switchport access vlan 21
spanning-tree portfast
no shut

int range fa0/13 – 14
switchport mode access
switchport access vlan 22
spanning-tree portfast
no shut

int range fa0/16 – 16
switchport mode access
switchport access vlan 23
spanning-tree portfast
no shut

int range fa0/3 – 4
channel-protocol lacp
channel group 1 mode passive
no shut

int port-channel 1
switchport mode trunk
switchport trunk encapsulation dot1q
spanning-tree allowed vlans 1,21-23
no shut

int vlan 1
ip address x.y.z.11 255.a.b.c
no shut

On switch B run the command show cdp neighbors detail and get the ip address of port from router C.

Now use this ip address of port of router C to configure as default gateway on Switch A
SA(config)# ip default-gateway 192.168.1.1

On switch B do only the channel group and port-channel stuff
Only mode is active instead of passive.

copy run start did not work. Tried combos of wr, copy running-config startup-config, copy system:running-config nvram:startup-config. All variations did not work.

Got some errors on mismatch of native VLAN. Switch B had some ports on vlan 98 configured for native vlan. Tried setting native vlan on Port-channel 1 on switch B to 1. Configuration command took but errors still were occuring. Ran out of time I had allocated so gave up.

If you learn anything new about this sim please share with us!

Other lab-sims in this site:

MLS and EIGRP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim
AAAdot1x Lab Sim

Notice: This is just a sketch about this sim. I can not guarantee the information posted below is correct. So if you know anything new about this sim please post here. Your ideas and comments are warmly welcome!

Question:

I am still not sure about the question but we need to configure the Multilayer Switch so that PCs from VLAN 2 and VLAN 3 can communicate with the Server.

Answer and Explanation

the config (commented by a certprepare.com’s reader but he does not leave his name, but please say thank to him!)

mls>enable
mls# configure terminal
mls(config)# int gi0/1
mls(config-if)#no switchport -> not sure about this command line, but you should use this command if the simulator does not let you assign IP address on Gi0/1 interface.
mls(config-if)# ip address 10.10.10.2 255.255.255.0
mls(config-if)# no shutdown
mls(config-if)# exit
mls(config)# int vlan 2
mls(config-if)# ip address 190.200.250.33 255.255.255.224
mls(config-if)# no shutdown
mls(config-if)# int vlan 3
mls(config-if)# ip address 190.200.250.65 255.255.255.224
mls(config-if)# no shutdown
mls(config-if)#exit
mls(config)# ip routing (Notice: MLS will not work without this command)
mls(config)# router eigrp 650
mls(config-router)# network 10.10.10.0 0.0.0.255
mls(config-router)# network 190.200.250.32 0.0.0.31
mls(config-router)# network 190.200.250.64 0.0.0.31

NOTE : THE ROUTER IS CORRECTLY CONFIGURED, so you will not miss within it in the exam , also don’t modify/delete any port just do the above configuration.

in order to complete the lab , you should expect the ping to SERVER to succeed from the MLS , and from the PCs as well.

If the above configuration does not work, you should configure EIGRP with “no auto-summary” command:
no auto-summary

Other lab-sims in this site:

LACP with STP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim
AAAdot1x Lab Sim

Acme is a small export company that has an existing enterprise network comprised of 5 switches;
CORE,DSW1,DSW2,ASW1 and ASW2. The topology diagram indicates their desired pre-VLAN spanning tree mapping.
Previous configuration attempts have resulted in the following issues:
– CORE should be the root bridge for VLAN 20; however, DSW1 is currently the root bridge for VLAN 20.
– Traffic for VLAN 30 should be forwarding over the gig 1/0/6 trunk port between DSW1 and DSW2. However VLAN 30 is currently using gig 1/0/5.
– Traffic for VLAN 40 should be forwarding over the gig 1/0/5 trunk port between DSW1 and DSW2. However VLAN 40 is currently using gig 1/0/6.

You have been tasked with isolating the cause of these issuer and implementing the appropriate solutions. You task is complicated by the fact that you only have full access to DSW1, with isolating the cause of these issues and implementing the appropriate solutions. Your task is complicated by the fact that you only have full access to DSW1, with the enable secret password cisco. Only limited show command access is provided on CORE, and DSW2 using the enable 2 level with a password of acme. No configuration changes will be possible on these routers. No access is provided to ASW1 or ASW2.

Answer and Explanation:

1) “CORE should be the root bridge for VLAN 20; however, DSW1 is currently the root bridge for VLAN 20″ -> We need to make CORE switch the root bridge for VLAN 20.

By using the “show spanning-tree” command as shown above, we learned that DSW1 is the root bridge for VLAN 20 (notice the line “This bridge is the root”).

DSW1>enable
DSW1#show spanning-tree

To determine the root bridge, switches send and compare their priorities and MAC addresses with each other. The switch with the lowest priority value will have highest priority and become the root bridge. Therefore, we can deduce that the priority of DSW1 switch is lower than the priority of the CORE switch so it becomes the root bridge. To make the CORE the root bridge we need to increase the DSW1′s priority value, the best value should be 61440 because it is the biggest value allowed to assign and it will surely greater than of CORE switch. (You can use another value but make sure it is greater than the CORE priority value by checking if the CORE becomes the root bridge or not; and that value must be in increments of 4096).

(Notice that the terms bridge and switch are used interchangeably when discussing STP)

DSW1#configure terminal
DSW1(config)#spanning-tree vlan 20 priority 61440

2) “Traffic for VLAN 30 should be forwarding over the gig 1/0/6 trunk port between DSW1 and DSW2. However VLAN 30 is currently using gig 1/0/5″

DSW1 is the root bridge for VLAN 30 (you can re-check with the show spanning-tree command as above), so all the ports are in forwarding state for VLAN 30. But the question said that VLAN 30 is currently using Gig1/0/5 so we can guess that port Gig1/0/6 on DSW2 is in blocking state (for VLAN 30 only), therefore all traffic for VLAN 30 will go through port Gig1/0/5.

The root bridge for VLAN 30, DSW1, originates the Bridge Protocol Data Units (BPDUs) and switch DSW2 receives these BPDUS on both Gig1/0/5 and Gig1/0/6 ports. It compares the two BPDUs received, both have the same bridge-id so it checks the port cost, which depends on the bandwidth of the link. In this case both have the same bandwidth so it continues to check the sender’s port id (includes port priority and the port number of the sending interface). The lower port-id value will be preferred so the interface which received this port-id will be the root and the other interface (higher port-id value) will be blocked.

In this case port Gig1/0/6 of DSW2 received a Priority Number of 128.6 (means that port priority is 128 and port number is 6) and it is greater than the value received on port Gig1/0/5 (with a Priority Number of 128.5) so port Gig1/0/6 will be blocked. You can check again with the “show spanning-tree” command. Below is the output (notice this command is issued on DSW1 – this is the value DSW2 received and used to compare).

Therefore, all we need to do is to change the priority of port Gig1/0/6 to a lower value so the neighboring port will be in forwarding state. Notice that we only need to change this value for VLAN 30, not for all VLANs.

DSW1(config)#interface g1/0/6
DSW1(config-if)#spanning-tree vlan 30 port-priority 64
DSW1(config-if)#exit

3) “Traffic for VLAN 40 should be forwarding over the gig 1/0/5 trunk port between DSW1 and DSW2. However VLAN 40 is currently using gig 1/0/6″

Next we need to make sure traffic for VLAN 40 should be forwarding over Gig1/0/5 ports. It is a similar job, right? But wait, we are not allowed to make any configurations on DSW2, how can we change its port-priority for VLAN 40? There is another solution for this…

Besides port-priority parameter, there is another value we can change: the Cost value (or Root Path Cost). Although it depends on the bandwidth of the link but a network administrator can change the cost of a spanning tree, if necessary, by altering the configuration parameter in such a way as to affect the choice of the root of the spanning tree.

Notice that the Root Path Cost is the cost calculated by adding the cost in the received hello to the cost of the interface the hello BPDU was received. Therefore if you change the cost on an interface of DSW1 then only DSW1 will learn the change.

By default, the cost of a 100Mbps link is 19 but we can change this value to make sure that VLAN 40 will use interface Gig1/0/5.

DSW1(config)#interface g1/0/5
DSW1(config-if)#spanning-tree vlan 40 cost 1

DSW1(config-if)#end

You should re-check to see if everything was configured correctly:

DSW1#show spanning-tree

Save the configuration:

DSW1#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Remember these facts about Spanning-tree:

Path Selection:

1) Prefer the neighbor advertising the lowest root ID
2) Prefer the neighbor advertising the lowest cost to root
3) Prefer the neighbor with the lowest bridge ID
4) Prefer the lowest sender port ID

Spanning-tree cost:

Other good resource for reference:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96a.shtml

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab
Spanning Tree Lab Sim
AAAdot1x Lab Sim

The headquarter offices for a book retailer are enhancing their wiring closets with Layer3 switches. The new distribution-layer switch has been installed and a new access-layer switch cabled to it. Your task is to configure VTP to share VLAN information from the distribution-layer switch to the access-layer devices. Then, it is necessary to configure interVLAN routing on the distribution layer switch to route traffic between the different VLANs that are configured on the access-layer switches; however, it is not necessary for you to make the specific VLAN port assignments on the access-layer switches. Also, because VLAN database mode is being deprecated by Cisco, all VLAN and VTP configurations are to be completed in the global configuration mode. Please reference the following table for the VTP and VLAN information to be configured:

Requirements:

These are your specific tasks:

1. Configure the VTP information with the distribution layer switch as the VTP server
2. Configure the VTP information with the access layer switch as a VTP client
3. Configure VLANs on the distribution layer switch
4. Configure inter-VLAN routing on the distribution layer switch
5. Specific VLAN port assignments will be made as users are added to the access layer switches in the future.
6. All VLANs and VTP configurations are to completed in the global configuration. To configure the switch click on the host icon that is connected to the switch be way of a serial console cable.

Answer and Explanation:

1) Configure the VTP information with the distribution layer switch as the VTP server:

DLSwitch#configure terminal
DLSwitch(config)#vtp mode server
DLSwitch(config)#vtp domain cisco (use cisco, not CISCO because it is case sensitive)

(Requirement 2 will be solved later)
3) Configure VLANs on the distribution layer switch

To create VLANs on a switch, use the vlan vlanID# command:
DLSwitch(config)#vlan 20
DLSwitch(config)#vlan 21

Configure Ip addresses for Vlans:

DLSwitch(config)#interface vlan 20
DLSwitch(if-config)#ip address 172.16.71.1 255.255.255.0
DLSwitch(if-config)#no shutdown
DLSwitch(if-config)#interface vlan 21
DLSwitch(if-config)#ip address 172.16.132.1 255.255.255.0
DLSwitch(if-config)#no shutdown
DLSwitch(if-config)#exit

4) Configure inter-VLAN routing on the distribution layer switch

DLSwitch(config)#ip routing
DLSwitch(config)#exit
DLSwitch#copy running-config startup-config

2) Configure the VTP information with the access layer switch as a VTP client

ALSwitch#configure terminal
ALSwitch(config)#vtp mode client
ALSwitch(config)#vtp domain cisco
ALSwitch(config)#exit

ALSwitch#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab 2
Spanning Tree Lab Sim
AAAdot1x Lab Sim

The headquarter office for a cement manufacturer is installing a temporary Catalyst 3550 in an IDF to connect 24 additional users. To prevent network corruption, it is important to have the correct configuration prior to connecting to the production network. It will be necessary to ensure that the switch does not participate in VTP but forwards VTP advertisements that are received on trunk ports.
Because of errors that have been experienced on office computers, all nontrunking interfaces should transition immediately to the forwarding state of Spanning tree. Also, configure the user ports (all FastEthernet ports) so that the ports are permanently nontrunking.

Requirements:
You will configure FastEthernet ports 0/12 through 0/24 for users who belong to VLAN 20. Also, all VLAN and VTP configurations are to be completed in global configuration mode as VLAN database mode is being deprecated by Cisco. You are required to accomplish the following tasks:

1. Ensure the switch does not participate in VTP but forwards VTP advertisements received on trunk ports.
2. Ensure all non-trunking interfaces (Fa0/1 to Fa0/24) transition immediately to the forwarding state of Spanning-Tree.
3. Ensure all FastEthernet interfaces are in a permanent non-trunking mode.
4. Place FastEthernet interfaces 0/12 through 0/24 in VLAN 20.

Answer and Explanation:

Switch>enable
Switch#configure terminal
Switch(config)#interface range fa0/1 – 24
Switch(config-if-range)#switchport mode access (Make all FasEthernet interfaces into access mode)
Switch(config-if-range)#spanning-tree portfast (Enables the PortFast on interface)

Next, we need to assign FastEthernet ports 0/12 through 0/24 to VLAN 20.

By default, all ports on the switch are in VLAN 1. To change the VLAN associated with a port, you need to go to each interface (or a range of interfaces) and tell it which VLAN to be a part of.

Switch(config-if-range)#interface range fa0/12 – 24
Switch(config-if-range)#switchport access vlan 20 (Make these ports members of vlan 20)
Switch(config-if-range)#exit

Next we need to make this switch in transparent mode. In this mode, switch doesn’t participate in the VTP domain, but it still forwards VTP advertisements through any configured trunk links.

Switch(config)#vtp mode transparent
Switch(config)#exit
Switch#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab 2
VTP Lab
AAAdot1x Lab Sim

Acme is a small shipping company that has an existing enterprise network comprised of 2 switches;DSW1 and ASW1. The topology diagram indicates their layer 2 mapping. VLAN 40 is a new VLAN that will be used to provide the shipping personnel access to the server. For security reasons, it is necessary to restrict access to VLAN 20 in the following manner:
– Users connecting to ASW1’s port must be authenticate before they are given access to the network. Authentication is to be done via a Radius server:
– Radius server host: 172.120.39.46
– Radius key: rad123
– Authentication should be implemented as close to the host device possible.
– Devices on VLAN 20 are restricted to in the address range of 172.120.40.0/24.
– Packets from devices in the address range of 172.120.40.0/24 should be passed on VLAN 20.
– Packets from devices in any other address range should be dropped on VLAN 20.
– Filtering should be implemented as close to the server farm as possible.
The Radius server and application servers will be installed at a future date. You have been tasked with implementing the above access control as a pre-condition to installing the servers. You must use the available IOS switch features.

Answer and Explanation:

1) Configure ASW1

Enable AAA on the switch:
ASW1(config)#aaa new-model

The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.

Define the server along with its secret shared password:
ASW1(config)#radius-server host 172.120.39.46 key rad123

ASW1(config)#aaa authentication dot1x default group radius
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.

Enable 802.1x on the switch:
ASW1(config)#dot1x system-auth-control

Configure Fa0/1 to use 802.1x:

ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#switchport mode access
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.

ASW1(config-if)#exit
ASW1#copy running-config startup-config

2) Configure DSW1:

Define an access-list:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
DSW1(config-ext-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-ext-nacl)#exit

Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit

Apply a vlan-map into a vlan:
DSW1(config)#vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)

DSW1#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim

Online Incorporated is an internet game provide. The game service network had recently added an additional switch block with multiple VLANs configured. Unfortunately, system administrators neglected to document the spanning-tree topology during configuration. For baseline purpose, you will be required to identify the spanning-tree topology for the switch block. Using the output of “show spanning-tree” command on switch SW-C and the provided physical topology, answer the following questions:

The output of “show spanning-tree” command on SW-C:

Question 1:

Which spanning Tree Protocol has been implemented on SW-B?

A. STP/IEEE 802.1D
B. MSTP/IEEE 802.1s
C. PVST+
D. PVRST
E. None of the above

Answer: C

Explanation:

On the Fa0/2 interface we can see the type of connection is P2p Peer (STP) and Cisco says that: “!— Type P2p Peer(STP) represents that the neighbor switch runs PVST.” Please visit this link to understand more http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a00807b0670.shtml

Question 2:

Which bridge ID belongs to SW-B?

A. 24623.000f.34f5.0138
B. 32768.000d.bd03.0380
C. 32768.000d.65db.0102
D. 32769.000d.65db.0102
E. 32874.000d.db03.0380
F. 32815.000d.db03.0380

Answer: A

Explanation:

Have a look at the output at VLAN0047:

Notice there are two “Cost” value in the picture, the above “Cost” is the total cost from the current switch to the root bridge while the second “Cost” refers to the cost on that interface (Fa0/2). Both these “Cost” are the same so we can deduce that the root bridge is connectly directly to this switch on Fa0/2 interface -> the root bridge is Switch B, and the “Address” field shows its MAC address 000f.34f5.0138. Notice Bridge ID = Bridge Priority + MAC address.

Question 3:

Which port role has interface Fa0/2 of SW-A adopted for VLAN 47?

A. Root port
B. Nondesigned port
C. Designated port
D. Backup port
E. Alternate port

Answer: C

Explanation:

We learned that Switch B is the root bridge for VLAN 47 so port Fa0/1 on SwitchA and Fa0/2 on SwitchC should be the root ports, and from the output of SwitchC, we knew that port Fa0/1 of SwitchC is in blocking state. Therefore its opposite port on SwitchA must be in designated state (forwarding).

So, can Fa0/2 of SW-A be in blocking state? The answer is no so that BPDU packets can be received on Fa0/1 of SW-C. It will remain in blocking state as long as a steady flow of BPDUs is received.

Question 4:

Which port state is interface Fa0/2 of SW-B in for VLANs 1 and 106?

A. Listening
B. Learning
C. Disabled
D. Blocking
E. Forwarding
F. Discarding

Answer: D

Explanation:

As explained in question 2, we can deduce SW-A is the root bridge for VLANs 1 and 106 so ports Fa0/1 on SW-B and SW-C will be the root ports. From the output of SW-C for VLANs 1 and 106, port Fa0/2 of this switch is designated (forwarding) so we can deduce interface Fa0/2 of SW-B is in blocking status.

Question 5:

Which bridge ID belongs to SW-A?

A. 24623.000f.34f5.0138
B. 32768.000d.bd03.0380
C. 32768.000d.65db.0102
D. 32769.000d.65db.0102
E. 32874.000d.db03.0380
F. 32815.000d.db03.0380

Answer: D

Explanation:

SW-A is the root bridge for VLANs 1 and 106 and we can easily find the MAC address of this root bridge from the output of SW-C, it is 000d.65db.0102. Notice that SW-A has 2 bridge IDs for VLANs 1 and 106, they are 32769.000d.65db.0102 and 24682.000d.65db.0102

- DSW1( Distribute switch 1) is the primary device for Vlan 101, 102, 105
– DSW2 ( Distribute switch 2) is the primary device for Vlan 103 and 104

Question 1:

During routine maintenance, it became necessary to shutdown G1/0/1 on DSW1. All other interface were up. During this time, DSW1 remained the active device for Vlan 102′s HSRP group. You have determined that there is an issue with the decrement value in the track command in Vlan 102′s HSRP group. What need to be done to make the group function properly?

A. The DSW1′s decrement value should be configured with a value from 5 to 15
B. The DSW1′s decrement value should be configured with a value from 9 to 15
C. The DSW1′s decrement value should be configured with a value from 11 to 18
D. The DSW1′s decrement value should be configured with a value from 195 to less than 205
E. The DSW1′s decrement value should be configured with a value from 200 to less than 205
F. The DSW1′s decrement value should be greater than 190 and less 200

Answer: C

Explanation:

The question clearly stated that there was an issue with the decrement value in VLAN 102 so we should check VLAN 102 on both DSW1 and DSW2 switches first. Click on the PC Console1 and PC Console2 to access these switches then use the “show running-config” command on both switches

DSW1>enable
DSW1#show running-config

DSW2>enable
DSW2#show running-config

As shown in the outputs, the DSW1′s priority is 200 and is higher than that of DSW2 so DSW1 becomes active switch for the group. Notice that the interface Gig1/0/1 on DSW1 is being tracked so when this interface goes down, HSRP automatically reduces the router’s priority by a configurable amount, in this case 5. Therefore the priority of DSW1 goes down from 200 to 195. But this value is still higher than that of DSW2 (190) so DSW1 remains the active switch for the group. To make DSW2 takes over this role, we have to configure DSW1′s decrement value with a value equal or greater than 11 so that its result is smaller than that of DSW2 (200 – 11 < 190). Therefore C is the correct answer.

Question 2:

During routine maintenance, G1/0/1 on DSW1 was shutdown. All other interface were up. DSW2 became the active HSRP device for Vlan101 as desired. However, after G1/0/1 on DSW1 was reactivated. DSW1 did not become the active HSRP device as desired. What need to be done to make the group for Vlan101 function properly?

A. Enable preempt on DSW1′s Vlan101 HSRP group
B. Disable preempt on DSW1′s Vlan101 HSRP group
C. Decrease DSW1′s priority value for Vlan101 HSRP group to a value that is less than priority value configured on DSW2′s HSRP group for Vlan101
D. Decrease the decrement in the track command for DSW1′s Vlan 101 HSRP group to a value less than the value in the track command for DSW2′s Vlan 101 HSRP group.

Answer: A

Explanation:

Continue to check VLAN 101 on both switches…

We learned that DSW1 doesn’t have the “standby 1 preempt” command so it can’t take over the active role again even if its priority is the highest. So we need to enable this command on VLAN 101 of DSW1.

Question 3:

DSW2 has not become the active device for Vlan103′s HSRP group even though all interfaces are active. As related to Vlan103′s HSRP group. What can be done to make the group function properly?

A. On DSW1, disable preempt
B. On DSW1, decrease the priority value to a value less than 190 and greater than 150
C. On DSW2, increase the priority value to a value greater 241 and less than 249
D. On DSW2, increase the decrement value in the track command to a value greater than 10 and less than 50.

Answer: B or C

Explanation:

The reason DSW2 has not become the active switch for Vlan103 is because the priority value of DSW1 is higher than that of DSW2. In order to make DSW2 become the active switch, we need to increase DSW2′s priority (to higher than 200) or decrease DSW1′s priority (to lower than 190).

Question 4:

If G1/0/1 on DSW1 is shutdown, what will be the current priority value of the Vlan105′s group on DSW1?

A. 95
B. 100
C. 150
D. 200

Answer: A

Explanation:

Below is the output of VLAN 105:

If G1/0/1 on DSW1 is shutdown, its priority will decrease 55 so, its value will be 150 – 55 = 95

Question 5:

What is the configured priority value of the Vlan105′s group on DSW2 ?

A. 50
B. 100
C. 150
D. 200

Answer: B

Explanation:

Below is the output of VLAN 105 of DSW2:

We don’t see the priority of DSW2 so it is using the default value (100).

Question 6:

During routine maintenance, it became necessary to shutdown G1/0/1 on DSW1 and DSW2. All other interface were up. During this time, DSW1 became the active device for Vlan104′s HSRP group. As related to Vlan104′s HSRP group, what can be done to make the group function properly?

A. On DSW1, disable preempt
B. On DSW2, decrease the priority value to a value less than 150
C. On DSW1, increase the decrement value in the track command to a value greater than 6
D. On DSW1, disable track command.

Answer: C

Explanation:

The question asks us how to keep the active role of DSW2. From the outputs, we learned that if both interfaces G1/0/1 of DSW1 and DSW2 are shutdown, the priority of DSW1 will be 150 – 1 = 149 and that of DSW2 will be 200 – 55 = 145 -> DSW1 will become the active switch.

The main point here is that we have to configure so in such a way that when both interfaces G1/0/1 of DSW1 and DSW2 are shutdown, the priority of DSW2 is still greater than that of DSW1. Therefore the priority value of DSW1 should be smaller than 145, or we have to configure the decrement value of DSW1 to a value greater than 6 ( 6 = 150 – 144) -> C is the correct answer.

Notice: To keep the active role of DSW2, we can disable “preempt” on DSW1 (answer A) so that it will not take over the active role when DSW1 is downed but it also means that VLAN 104 will not have active switch -> VLAN104 will fail.

Question 1:

Place the DTP mode with its correct description:

Answer:

1) Trunk: Set the switch port to trunk mode and negotiate to become a trunk.
2) Nonegotiate: Specify that the DTP packets are not sent out of this interface.
3) Access: Set a switch port to permanent nontrunking mode.
4) Dynamic Auto: Set the switch port to respond, but not actively send DTP frames.
5) Dynamic Desirable: Make the interface actively attempt to convert the link to a trunk link. (This means the interface is ready to autonegotiate trunking encapsulation and form a trunk link (using DTP) with a neighbor port in desirable, auto, or on mode.)

Explanation:

Dynamic Trunking Protocol (DTP) is the Cisco-proprietary that actively attempts to negotiate a trunk link between two switches. Below is the switchport modes (or DTP modes) for easy reference:

Question 2:

This is a drag and drop question which is about the correct sequence of steps that a wireless client takes during the process of association with an access point (AP). Drag the items to the proper locations.

Answer:

Explanation:

Any wireless client attempting to use the wireless network must first arrange a membership with the AP. Membership with the AP is called an association. The client must send an association request message, and the AP grants or denies the request by sending an association reply message. Once associated, all communications to and from the client must pass through the AP. Clients associate with access points as follows:

1) The client sends a probe request.
2) The AP sends a probe response.
3) The client initiates an association to an AP. Authentication and any other security information is sent to the AP.
4) The AP accepts the association.
5) The AP adds the client’s MAC address to its association table.

Question 3:

Drag and drop question. Drag the items to the proper locations.

Answer:

1) Listening: sends and receives BPDUs to determine root, but does not update the MAC address table.
2) Disabled: does not participate in frame forwarding or in STP.
3) Blocking: does not participate in frame forwarding.
4) Fowarding: sends and receives data frames.
5) Learning: populates the MAC address table, but will not forward user data.

Notice: A port begins its life in a Disabled state, moving through several passive states and, finally, into an active state if allowed to forward traffic.

Question 4 (not sure about the question)

network level – RSTP, NSF
system level – Dual power supply, SSO
management level – NTP , IP SLA

verify that the vlan is assigned to the proper ports
verify that creation of the virtual interface
Verify that there is inter-switch connectivity
verify that switchports are properly pruned

Number of IP Subnets
VLAN to IP mapping
Location of each VLAN
VLAN assignments

If you are not sure about VLAN, VTP, STP please read my VLAN tutorial, VTP tutorial and STP tutorial.

Question 1

Two switches SA and SB are connected as shown below. Given the below partial configuration, which two statements are true about VLAN traffic? (Choose two)

A – VLANs 1-5 will be blocked if fa0/10 goes down.
B – VLANs 6-10 have a port priority of 128 on fa0/10.
C – VLANs 6-10 will use fa0/10 as a backup only.
D – VLANs 1-10 are configured to load share between fa0/10 and fa0/12.

Answer: C D

Explanation:

Let’s assume that SA is the root bridge for all VLANs, it will make the explanation a bit clearer…

First we should understand what will happen if nothing is configured (use default values). Because we assumed that SA is the root bridge so all of its ports will forward. SB will need to block one of its ports to avoid a bridging loop between the two switches. But how does SB select its blocked port? Well, the answer is based on the BPDUs it receives from SA. A BPDU is superior than another if it has:

1. A lower Root Bridge ID
2. A lower path cost to the Root
3. A lower Sending Bridge ID
4. A lower Sending Port ID

These four parameters are examined in order. In this specific case, all the BPDUs sent by SA have the same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID. The only parameter left to select the best one is the Sending Port ID (Port ID = port priority + port index). If using default values, the default port priority’s value is 32 or 128 (128 is much more popular today but 32 is also a default port priority’s value), so SB will compare port index values, which are unique to each port on the switch, and because Fa0/12 is inferior to Fa0/10, SB will select the port connected with Fa0/10 (of SA) as its root port and block the other port.

To change the default decision of selecting root port, we can change the port priority of each interface. The above picture is true for VLAN 1-5 because port Fa0/10 has a lower port-priority so the peer port will be chosen as the root port. For VLAN 6-10, port Fa0/12 has higher priority ID (lower port priority value) so SB will block its upper port.

For answer A – “VLANs 1-5 will be blocked if fa0/10 goes down” – is not correct because if Fa0/10 goes down, SB will unblock its lower port therefore VLANs 1-5 will still operate.

For answer B – “VLANs 6-10 have a port priority of 128 on fa0/10″ – is not always correct because VLAN 6-10 can have a different port priority (of 32) according to the Cisco’s link below.

Answer C is correct because VLAN 6-10 uses Fa0/12 link as it main path. Fa0/10 is the backup path and is only opened when port Fa0/12 fails.

Answer D is correct because this configuration provide load-balance traffic based on VLAN basis. VLANs 1-5 use Fa0/10 and VLANs 6-10 use Fa0/12 as their main paths.

Note: We can not assure the answer B is always correct so we should choose C and D if the question asks us to give only 2 choices).

Reference (and good resource, too):

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96a.shtml

Question 2:

The network operations center has received a call stating that Users in VLAN 107 are unable to access resources through R1. From the information contained in the graphic, what is the cause of this problem?

A – spanning tree is not enabled on VLAN 107
B – VTP is pruning VLAN 107
C – VLAN 107 does not exist on switch SA
D – VLAN 107 is not configured on the trunk

Answer: B

Explanation:

“VLAN allowed on trunk” – Each trunk allows all VLANs by default. However, administrator can remove or add to the list by using the “switchport trunk allowed” command.

“VLANs allowed and active in management” – To be active, a VLAN must be in this list.

“VLANs in spanning tree forwarding state and not pruned” – This list is a subset of the “allowed and active” list but with any VTP-pruned VLANs removed.

All VLANs were configured except VLAN 101 so D is not correct. VLAN 107 exists in the “allowed and active” section so A and C are not correct, too. In the “forwarding state and not pruned” we don’t see VLAN 107 so the administrator had wrongly configured this VLAN as pruned.

Question 3:

The network administrator needs to enable VTP pruning within the network. What action should a network administrator take to enable VTP pruning on an entire management domain?

A – enable VTP pruning on every switch in the domain
B – enable VTP pruning on any client switch in the domain
C – enable VTP pruning on any switch in the management domain
D – enable VTP pruning on a VTP server in the management domain

Answer: D

Question 4:

Study the diagram below carefully, which three statements are true? (Choose three)

A – DTP packets are sent from Switch SB.
B – DTP is not running on Switch SA.
C – A trunk link will be formed.
D – The native VLAN for Switch SB is VLAN 1.

Answer: A C D

Explanation:

Dynamic Trunking Protocol (DTP) is the Cisco-proprietary that actively attempts to negotiate a trunk link between two switches. If an interface is set to switchport mode dynamic desirable, it will actively attempt to convert the link into trunking mode. If the peer port is configured as switchport mode trunk, dynamic desirable, or dynamic auto mode, trunking is negotiated successfully -> C is correct.

SB is in “dynamic desirable” mode so it will send DTP packets to SA to negotiate a trunk link -> A is correct.

On an 802.1Q trunk, DTP packets are sent on the native VLAN. By default, it is VLAN 1 (notice that SA’s native VLAN is 5) -> D is correct.

(Note: an 802.1Q trunk’s native VLAN is the only VLAN that has untagged frames)

Below is the switchport modes for easy reference:

Question 5:

Regarding the exhibit and the partial configuration of switch SA and SB. STP is configured on all switches in the network. SB receives this error message on the console port:

00:06:34: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half duplex), with SA FastEthernet0/4 (half duplex), with TBA05071417(Cat6K-B) 0/4 (half duplex).

What would be the possible outcome of the problem?

A – The root port on switch P4S-SB will fall back to full-duplex mode.
B – The interfaces between switches P4S-SA and P4S-SB will transition to a blocking state.
C – The root port on switch P4S-SA will automatically transition to full-duplex mode.
D – Interface Fa0/6 on switch SB will transit to a forwarding state and create a bridging loop.

Answer: D

Explanation:

From the output, we learned that the interfaces on two switches are operating in different duplex modes: Fa0/4 of SA in half-duplex mode & Fa0/5 of SB in full-duplex mode. In this case, because SB is operating in full duplex mode, it does not check the carrier sense before sending frames (CSMA/CD is not used in full-duplex mode). Therefore, SB can start to send frames even if SA is using the link and a collision will occur. The result of this is SA will wait a random time before attempting to transmit another frame. If B sends enough frames to A to make every frame sent from A (which includes the BPDUs) get dropped then SB can think it has lost root bridge (B does not receive BPDUs from A anymore). Therefore SB will unblock its Fa0/6 interface for transmitting and cause a bridging loop.

Question 1:

Study the exhibit carefully. Both host stations are part of the same subnet but are in different VLANs. On the basis of the information presented in the exhibit, which statement is true about an attempt to ping from host to host?

A – Layer 3 device is needed for the ping command to be successful.
B – A trunk port will need to be configured on the link between SA and SB for the ping command to be successful.
C – The two different hosts will need to be in the same VLAN in order for the ping command to be successful.
D – The ping command will be successful without any further configuration changes.

Answer: D

Explanation:

For two hosts in different VLANs, we must use a layer 3 device to transport packages between them. However, in this case both switches are set in “access” mode therefore the VLAN information sent between them will be set as untagged. Moreover, they are in the same subnet so they can ping each other without a layer 3 device.

Question 2:

Based on the following exhibit, which problem is preventing users on VLAN 100 from pinging addresses on VLAN 200?

A – Native VLAN mismatch.
B – Subinterfaces should be created on Fa0/7 and Fa0/8 on DLS1.
C – Trunking needs to be enabled.
D – The ip routing command is missing on DLS1.

Answer: D

Explanation:

To allow communication between two VLANs, we need to enables Layer 3 routing on the switch with the “ip routing” command. Some flatforms are enabled by default but some are not.

Question 3:

Based on the network diagram and routing table output in the exhibit, which one of these statements is true?

A – InterVLAN routing has been configured properly, and the workstations have connectivity to each other.
B – InterVLAN routing will not occur since no routing protocol has been configured.
C – Although interVLAN routing is not enabled, both workstations will have connectivity to each other.
D – Although interVLAN routing is enabled, the workstations will not have connectivity to each other.
E – None of the above.

Answer: A

Explanation:

In the output we can see both VLAN10 and VLAN20 are shown up (as networks 10.1.1.0 and 10.2.2.0) so the routing has been configured properly. Notice that the “C” letter indicates that these networks are directly connected with the router.

Question 4:

Study the following exhibit carefully, what is the reason that users from VLAN 100 can’t ping users on VLAN 200?

A – IP routing needs to be enabled on the switch
B – Trunking needs to be enabled on Fa0/1
C – VLAN 1 needs the no shutdown command
D – The native VLAN is wrong

Answer: B

Explanation:

The Fa0/1 interface on the switch is not configured with trunking mode. It needs to be configured as shown below:

SA(config)#interface Fa0/1
SA(config-if)#switchport mode trunk
SA(config-if)#switchport trunk encapsulation dot1q

Question 5:

Assume that a host sends a packet to a destination IP address and that the CEF-based switch does not yet have a valid MAC address for the destination. How is the ARP entry (MAC address) of the next-hop destination in the FIB get?

A – The sending host must send an ARP request for it
B – All packets to the destination are dropped
C – The Layer 3 forwarding engine (CEF hardware) must send an ARP request for it
D – CEF must wait until the Layer 3 engine sends an ARP request for it

Answer: D

Explanation:

If a valid MAC address for the destination is not found, the Layer 3 forwarding engine can’t forward the packet in hardware due to the missing Layer 2 next-hop address. Therefore the packet is sent to the Layer 3 Engine so that it can generate an ARP request (this is called the “CEF glean” state)

Question 6:

CEF is a complete new routing switch technology . Which two table types are CEF components?(Choose two)

A – adjacency tables
B – caching tables
C – neighbor tables
D – forwarding information base

Answer: A D

(Questions 1 to 4 use the same picture)

Question 1:

You work as a network technician, study the exhibit carefully. What is the effect on the trust boundary of configuring the command mls qos trust cos on the switch port that is connected to the IP phone?

A – Effectively the trust boundary has been moved to the IP phone.
B – The host is now establishing the CoS value and has effectively become the trust boundary.
C – The switch SW is rewriting packets it receives from the IP phone and determining the CoS value.
D – The switch SW will no longer tag incoming voice packets and will trust the distribution layer switch to set the CoS.

Answer: A

Explanation:

The “mls qos trust cos” command is used to configure the port trust state (by default, the port is not trusted). By using this command, you can configure the switch port to which the telephone is connected to trust the CoS labels of all traffic received on that port.

(Note: All current Cisco IP Phones include an internal three-port Layer 2 switch therefore you can think an IP Phone as a switch and network administrators generally accept a Cisco IP Phone as a trusted device.)

Question 2:

If you are a network technician, study the exhibit carefully. Which switch interface configuration command would automatically configure quality of service (QoS) for voice over IP (VoIP) within a QoS domain?

A. auto qos voip cisco-phone
B. mls qos trust
C. switchport priority extend cos 7
D. switchport priority extend trust

Answer: A

Explanation:

The command “mls qos trust” is used to configure the port trust state (by default, the port is not trusted).

The command “switchport priority extend cos 7″ sets the IP phone port to override the priority received from the PC or the attached device (7 is the highest priority).

The command “switchport priority extend trust” tells the Cisco IP Phone to trust the CoS value of the connected PC without remark all packets sent form PC to CoS 0, by default.

Question 3:

Study the exhibit carefully. Which statement is true about the voice traffic coming to the switch access port that is connected to the IP phone?

A. The voice VLAN must be configured as a native VLAN on the switch.
B. A PC connected to a switch port via an IP phone must support a trunking encapsulation.
C. The traffic on the voice VLAN must be tagged with 802.1p encapsulation in order to coexist on the same LAN segment with a PC.
D. A PC connected to a switch port via an IP phone is unaware of the presence of the phone.

Answer: D

Explanation:

The voice VLAN can be configured over a unique voice VLAN (known as the voice VLAN ID or VVID) or over native VLAN -> A is not correct.

The ports k between PC and IP Phone are always functioned as access-mode switch ports so there is no need to support a trunking encapsulation -> B is not correct.

The traffic on the voice VLAN can be tagged with 802.1p encapsulation or 802.1q encapsulation -> C is not correct.

Most Cisco IP Phone models operate as a three-port switch as shown below. Nowadays, the voice traffic and data traffic will normally be on different IP subnets and the IP Phone is unaware of the presence of the phone.

Question 4:

Study the exhibit carefully. Which statement is true when voice traffic is forwarded on the same VLAN used by the data traffic?

A. Quality of service cannot be applied for the voice traffic.
B. The voice traffic cannot be forwarded to the distribution layer.
C. Port security cannot be enabled on the switch that is attached to the IP phone.
D. The voice traffic cannot use 802.1p priority tagging.

Answer: D

Question 5:

Which two codes are supported by Cisco VoIP equipment?

A. G.701 and G719
B. G.711 and G.729
C. G.721 and G.739
D. G.731 and G.749

Answer: B

Question 6:

Study the exhibit carefully, then tell me what is the problem with this configuration?

A – Spanning tree PortFast cannot be configured on a port where a voice VLAN is configured.
B – The switch port must be configured as a trunk.
C – Sticky secure MAC addresses cannot be used on a port when a voice VLAN is configured.
D – Spanning tree PortFast cannot be configured on a port when a sticky secure MAC address is used.

Answer: C

Quick summary:

HSRP, VRRP, or GLBP is used to allow specific routers to appear as a single router to make the failover transparent to the end users.

Question 1:

You have just purchased a new Cisco 3550 switch running the enhanced IOS and need to configure it to be installed in a high availability network. Which three types of interfaces can be used to configure HSRP on a 3550 EMI switch? (Choose three)

A – BVI interface
B – routed port
C – SVI interface
D – Access port
E – EtherChannel port channel
F – Loopback Interface

Answer: B C E

Explanation:

To configure HSRP, a Layer 3 interface is needed. They can be:

- Routed port: a physical port configured as a Layer 3 port by entering the no switchport interface configuration command.
– SVI: a VLAN interface created by using the interface vlan vlan_id global configuration command and by default a Layer 3 interface.
– Etherchannel port channel in Layer 3 mode: a port-channel logical interface created by using the interface port-channel port-channel-number global configuration command and binding the Ethernet interface into the channel group.

Reference:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1/configuration/guide/swhsrp.html

Question 2:

You work as a network technician , study the exhibit carefully. Which two statements are true about the output from the show standby vlan 50 command? (Choose two)

A. Catalyst_A is load sharing traffic in VLAN 50.
B. Hosts using the default gateway address of 192.168.1.2 will have their traffic sent to Catalyst_A.
C. The command standby 1 preempt was added to Catalyst_A.
D. Hosts using the default gateway address of 192.168.1.1 will have their traffic sent to 192.168.1.11 even after Catalyst _A becomes available again.

Answer: A C

Explanation:

The output shows that the Catalyst_A switch is the active router for HSRP group 1 and the standby router for HSRP group 2 on interface VLAN 50. This means that another switch is the active router for HSRP group 2 on interface VLAN 50 -> A is correct, Catalyst_A is load sharing traffic in VLAN 50.

B is not correct, only hosts using the default gateway address of 192.168.1.1 will have their traffic sent to Catalyst_A

From the output, we notice that there is a line showing that “Local State is Active, priority 200 may preempt”. This indicates the command “standby 1 preempt” was added to Catalyst_A. If the active router (this router) fails, another router takes over its active role. The original active router is not allowed to resume the active role when it is restored until the new active router fails. Pre-empting allows a higher-priority router to take over the active role immediately.

Question 3:

You are a network technician, study the exhibit carefully. Both routers are configured for the Gateway Load Balancing Protocol (GLBP). Which statement is true?

A. The default gateway address of each host should be set to to the virtual IP address.
B. The default gateway addresses of both hosts should be set to the IP addresses of both routers.
C. The hosts will have different default gateway IP addresses and different MAC addresses for each.
D. The hosts will learn the proper default gateway IP address from Router RA.

Answer: A

Question 4:

You are a network technician, study the exhibit carefully. Assume that Host PC can ping the Ccorporate Headquarters and that HSRP is configured on DS1, which is then reloaded. Assume that DS2 is then configured and reloaded. On the basis of this information, what conclusion can be drawn?

A. DS1 will be the active router because it booted first.
B. DS1 will be the standby router because it has the lower IP address.
C. DS1 will be the active router because it has the lower priority configured.
D. DS2 will be the active router because it booted last.

Answer: A

Explanation:

The configuration does not have the “standby 60 preempt”command so the first booted router will take the active role with any priority.

Question 5:

HSRP is a Cisco-proprietary protocol developed to allow several routers (or multilayer switches) to appear as a single gateway address. Which two statements are true about the Hot Standby Router Protocol (HSRP)? (Choose two)

A – Load sharing with HSRP is achieved by creating multiple subinterfaces on the HSRP routers.
B – Routers configured for HSRP can belong to multiple groups and multiple VLANs.
C – All routers configured for HSRP load balancing must be configured with the same priority.
D – Load sharing with HSRP is achieved by creating HSRP groups on the HSRP routers.

Answer: B D

Question 6:

If you are a network technician, study the exhibit carefully. Which Virtual Router Redundancy Protocol (VRRP) statement is true about the roles of the master virtual router and the backup virtual router?

A – Router RA is the master virtual router, and Router RB is the backup virtual router. When Router RA fails, Router RB will become the master virtual router. When Router RA recovers, Router RB will maintain the role of master virtual router.
B – Router RA is the master virtual router, and Router RB is the backup virtual router. When Router RA fails, Router RB will become the master virtual router. When Router RA recovers, it will regain the master virtual router role.
C – Router RB is the master virtual router, and Router RA is the backup virtual router. When Router RB fails, Router RA will become the master virtual router. When Router RB recovers, RouterRA will maintain the role of master.
D – Router P4S-RB is the master virtual router, and Router RA is the backup virtual router. When Router P4S-RB fails, Router
RA will become the master virtual router. When Router RB recovers, it will regain the master virtual router role.

Answer: B

Explanation:

Router RA is the master virtual router because of its higher priority (110). By default, the pre-empting function is enabled so Router RB will become the master virtual router when RA fails; and when RA recovers, it will take the master role again.

Question 7:

You are a network technician, do you know which three statements are correct about a default HSRP configuration? (Choose three)

A – The Standby track interface priority is 10.
B – The Standby priority is 100.
C – The Standby hold time is 10 seconds.
D – Two HSRP groups are configured.

Answer: A B C

Question 8:

You work as a network technician at Technical Corporation. Your boss is interested in GLBP. Study the network topology exhibit carefully. Which three statements accurately describe this GLBP topology? (Choose three)

A – If RA becomes unavailable, RB will forward packets sent to the virtual MAC address of RA.
B – RA is responsible for answering ARP requests sent to the virtual IP address.
C – If another router were added to this GLBP group, there would be two backup AVGs.
D – RA alternately responds to ARP requests with different virtual MAC addresses.

Answer: A B D

Explanation:

If RA fails, the GLBP protocol informs RB to replace the AVG that is down. The new AVG (in this case RB) will forward the packet sent to the 0008.b400.0101 virtual mac address, so the client sees no disruption of service nor does it need to resolve a new MAC address for the default gateway. -> A is correct.

RA, which is the AVG, replies to the ARP requests from clients with different virtual MAC addresses, thus achieving load balancing -> B is correct.

RA is elected as the AVG and RB is elected as the standby virtual gateway. If another router is added to this GLBP group, it will become a backup AVG -> there is only one backup AVG -> C is not correct.

“RA alternately responds to ARP requests with different virtual MAC addresses” this is the way GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Which MAC address it returns depends on which load-balancing algorithm it is configured to use -> D is correct.

Question 1:

Which two Lightweight Access Point Protocol (LWAPP) statements are true? (Choose two)

A. Layer 3 LWAPP is a UDP / IP frame that requires a Cisco Aironet AP to obtain an IP address using DHCP.
B. Data traffic is encapsulated in UDP packets with a source port of 1024 and a destination port of 12223.
C. Data traffic is encapsulated in TCP packets with a source port of 1024 and destination port of 12223.
D. Control traffic is encapsulated in UDP packets with a source port of 1024 and a destination port of 12223.

Answer: A D

Question 2:

Which statement about the Lightweight Access Point Protocol (LWAPP) is true?

A – LWAPP encrypts control traffic between the AP and the controller.
B – LWAPP encrypts user traffic with a x.509 certificate using AES-CCMP.
C – LWAPP encrypts both control traffic and user data.
D – When set to Layer 3, LWAPP uses a proprietary protocol to communicate with the Cisco Aironet APs.

Answer: A

Question 3:

LWAPP is meant to be a network protocol for access points that also provides for centralized management. Which issue or set of issues does the Lightweight Access Point Protocol (LWAPP) address?

A. provides security by blocking communication between access points and wireless clients.
B. reduction of processing in wireless controllers.
C. distributed approach to authentication, encryption, and policy enforcement.
D. access point discovery, information exchange, and configuration.

Answer: D

Question 4:

If you are a network technician, which two WLAN client utility statements do you think are true? (Choose two)

A. In a Windows XP environment, a client adapter can only be configured and managed with the Microsoft Wireless Configuration Manager.
B. The Microsoft Wireless Configuration Manager can be configured to display the Aironet System Tray Utility (ASTU) icon in the Windows system tray.
C. The Cisco Aironet Desktop Utility (ADU) and the Microsoft Wireless Configuration Manager can both be enabled at the same time to setup WLAN client cards.
D. The Aironet Desktop Utility (ADU) can be used to enable or disable the adapter radio and to configure LEAP authentication with dynamic WEP.

Answer: B D

Question 5:

In order to enhance worker productivity, a Cisco wireless network has been implemented at all pass4sure locations. Which three WLAN statements are true? (Choose three)

A. A WLAN client that is operating in half-duplex mode will delay all clients in that WLAN.
B. Ad hoc mode allows mobile clients to connect directly without an intermediate AP.
C. A lightweight AP receives control and configuration from a WLAN controller to which it is associated.
D. WLANs are designed to share the medium and can easily handle an increased demand of channel contention.

Answer: A B C

Question 6:

Currently in draft status at the IETF, LWAPP outlines a standard protocol to be used by switches or routers to control a group of IEEE 802.11 wireless LAN access points and make their deployment much simpler than is possible today. Which statement about the Lightweight Access Point Protocol (LWAPP) protocol is true?

A. The processing of 802.11 data and management protocols and access point capabilities is distributed between a lightweight access point and a centralized WLAN controller.
B. LWAPP authenticates all access points in the subnet and establishes a secure communication channel with each of them.
C. LWAPP advertises its WDS capability and participates in electing the best WDS device for the wireless LAN.
D. LWAPP aggregates radio management forward information and sends it to a wireless LAN solution engine.

Answer: A

Question 7:

Which set of statements describes the correct order and process of a wireless client associating with a wireless access point?

A.
1. Client sends probe request.
2. Access point sends probe response.
3. Client initiates association.
4. Access point accepts association.
5. Access point adds client MAC address to association table.

B.
1. Client sends probe request.
2. Access point sends probe response.
3. Access point initiates association.
4. Client accepts association.
5. Access point adds client MAC address to association table.

C.
1. Access point sends probe request .
2. Client sends probe response.
3. Client initiates association.
4. Access point accepts association.
5. Client adds access point MAC address to association table.

D.
1. Client sends probe request.
2. Access point sends probe response.
3. Client initiates association.
4. Access point accepts association.
5. Client adds access point MAC address to association table.

Answer: A

Question 8:

You are a network technician, study the exhibit carefully. What should be taken into consideration when using the Cisco Aironet Desktop Utility (ADU) to configure the static WEP keys on the wireless client adapter?

A – Before the client adapter WEP key is generated, all wireless infrastructure devices (such as access points, servers, etc.) must be properly configured for LEAP authentication.
B – The client adapter WEP key should be generated by the AP and forwarded to the client adapter before the client adapter can establish communication with the wireless network.
C – In infrastructure mode the client adapter WEP key must match the WEP key used by the access point. In ad hoc mode all client WEP keys within the wireless network must match each other.
D – The client adapter WEP key should be generated by the authentication server and forwarded to the client adapter before the client adapter can establish communication with the wireless network.

Answer: C

Question 9:

You work as a network technician ,please study the exhibit carefully. When it attempts to register to a wireless LAN controller (WLC), what type of message is transmitted by the lightweight access point (LAP)?

A – The LAP will send both Layer 2 and Layer 3 Lightweight Access Point Protocol (LWAPP) mode discovery request messages at the same time.
B – The LAP will send Layer 2 Lightweight Access Point Protocol (LWAPP) mode discovery request messages only.
C – The LAP will send Layer 3 Lightweight Access Point Protocol (LWAPP) mode discovery request messages only.
D – The LAP will send Layer 2 Lightweight Access Point Protocol (LWAPP) mode discovery request messages. If the attempt fails, the LAP will try Layer 3 LWAPP WLC discovery.

Answer: D

Question 10:

Please study the exhibit carefully. Which one is true about the configuration of access point MAC addresses on the wireless client?

A – If the wireless client is out of range of the specified access point or points it will not associate with other access points.
B – Each access point MAC address that is specified must have a separate SSID configured on the GENERAL configuration tab.
C – Each access point MAC address that is specified must have the same SSID configured on the GENERAL configuration tab.
D – If the wireless client is out of range of the specified access point or points it can associate with other access points.

Answer: D

1. Please tell me how many questions in the real SWITCH exam, and how much time to answer them?

There are 50 questions, including 3 lab-sims. You have 90 minutes to answer them but if your native language is not English, Cisco allows you a 30-minute exam time extension.

2. How much does the SWITCH 642-813 cost? And how many points I need to pass the exam?

This exam costs $200. You need at least 790/1000 points to pass this exam.

3. I passed the SWITCH exam, will I get a certificate for it?

No, Cisco does not ship SWITCH Exam certificate, it only ships you a certificate after completing the full CCNP track of 3 exams (ROUTE, SWITCH & TSHOOT).

4. Which sims will I see in the SWITCH exam?

The popular sims now are LACP with STP Sim, MLS and EIGRP Sim, AAAdot1x Lab Sim and please notice that the IP addresses, switch names may be different (it is also true for Drag and Drop questions)

5. How many points will I get for one sim?

Maybe you will get about 80 to 100 points for each sim, just like the CCNA exam.

6. In the real exam, I clicked “Next” after choosing the answer, can I go back for reviewing?

No, you can’t go back so you can’t re-check your answers after clicking the “Next” button.

7. I understand I will get CCNP certificate after completing 3 exams ROUTE, SWITCH and TSHOOT but can I take them in any order I like?

Yes, you can take these 3 exams in any order you like but the most popular “roadmap” is ROUTE then SWITCH and TSHOOT.

8. What are your recommended materials for SWITCH 642-813?

There are many options you can choose, but below are materials used and recommended by many candidates:

Books:

• CCNP SWITCH 642-813 Official Certification Guide
• CCNP SWITCH Portable Command Guide
• SWITCH 642-813 Student Guide (Volume 1 & 2)
• SWITCH 642-813 Quick Reference

Video Training:

• CCNP SWITCH 642-813 CBT Nuggets
• SWITCH 642-813 Cisco Video Mentor

Please don’t post links to copyrighted work here!