Files included:

+ MLS with EIGRP lab
+ LACP – STP Lab

Download these lab files from certprepare.com

Please say thanks to Jojo who created these lab-sims. Now you can practice with real SWITCH Lab questions.

Answer and Explanation:

Below is a good solution commented by toy_man123. Please say thank to him!

Each of these vlans has one host each on its port
SVI on vlan 1 – ip 192.168.1.11 with snm

Switch B –
Ports 3, 4 connected to ports 3 and 4 on Switch A

Port 15 connected to Port on Router.

Tasks to do

1. Use non proprietary mode of aggregation with Switch B being the initiator
— Assumed use LACP with B being in Active mode

2. Use non proprietary trunking and no negotiation
— Assumed use switchport mode trunk and switchport trunk encapsulation dot1q

3. Restrict only to vlans needed
— Assumed either vtp pruning or allowed vlan list. vtp pruning command did not seem to work on the simulator so landed using allowed vlan list

4. SVI on vlan 1 with some ip and subnet given

5. Configure switch A so that nodes other side of Router C are accessible
— Assumed this to mean that on switch A default gatway has to be configured.

6. Make switch B the root
— Could not get this to work. Exam hung when I tried the command
spanning-tree vlan 1,21-23 priority 4096
So passed on this configuration. Anyone else got this correct

What I tried ..
on Switch A
verify with show run if you need to create vlans 21-23

int range fa0/9 – 10
switchport mode access
switchport access vlan 21
spanning-tree portfast
no shut

int range fa0/13 – 14
switchport mode access
switchport access vlan 22
spanning-tree portfast
no shut

int range fa0/16 – 16
switchport mode access
switchport access vlan 23
spanning-tree portfast
no shut

int range fa0/3 – 4
channel-protocol lacp
channel group 1 mode passive
no shut

int port-channel 1
switchport mode trunk
switchport trunk encapsulation dot1q
spanning-tree allowed vlans 1,21-23
no shut

int vlan 1
ip address x.y.z.11 255.a.b.c
no shut

On switch B run the command show cdp neighbors detail and get the ip address of port from router C.

Now use this ip address of port of router C to configure as default gateway on Switch A
SA(config)# ip default-gateway 192.168.1.1

On switch B do only the channel group and port-channel stuff
Only mode is active instead of passive.

copy run start did not work. Tried combos of wr, copy running-config startup-config, copy system:running-config nvram:startup-config. All variations did not work.

Got some errors on mismatch of native VLAN. Switch B had some ports on vlan 98 configured for native vlan. Tried setting native vlan on Port-channel 1 on switch B to 1. Configuration command took but errors still were occuring. Ran out of time I had allocated so gave up.

If you learn anything new about this sim please share with us!

Other lab-sims in this site:

MLS and EIGRP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim
AAAdot1x Lab Sim

Notice: This is just a sketch about this sim. I can not guarantee the information posted below is correct. So if you know anything new about this sim please post here. Your ideas and comments are warmly welcome!

Question:

I am still not sure about the question but we need to configure the Multilayer Switch so that PCs from VLAN 2 and VLAN 3 can communicate with the Server.

Answer and Explanation

the config (commented by a certprepare.com’s reader but he does not leave his name, but please say thank to him!)

mls>enable
mls# configure terminal
mls(config)# int gi0/1
mls(config-if)#no switchport -> not sure about this command line, but you should use this command if the simulator does not let you assign IP address on Gi0/1 interface.
mls(config-if)# ip address 10.10.10.2 255.255.255.0
mls(config-if)# no shutdown
mls(config-if)# exit
mls(config)# int vlan 2
mls(config-if)# ip address 190.200.250.33 255.255.255.224
mls(config-if)# no shutdown
mls(config-if)# int vlan 3
mls(config-if)# ip address 190.200.250.65 255.255.255.224
mls(config-if)# no shutdown
mls(config-if)#exit
mls(config)# ip routing (Notice: MLS will not work without this command)
mls(config)# router eigrp 650
mls(config-router)# network 10.10.10.0 0.0.0.255
mls(config-router)# network 190.200.250.32 0.0.0.31
mls(config-router)# network 190.200.250.64 0.0.0.31

NOTE : THE ROUTER IS CORRECTLY CONFIGURED, so you will not miss within it in the exam , also don’t modify/delete any port just do the above configuration.

in order to complete the lab , you should expect the ping to SERVER to succeed from the MLS , and from the PCs as well.

If the above configuration does not work, you should configure EIGRP with “no auto-summary” command:
no auto-summary

Other lab-sims in this site:

LACP with STP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim
AAAdot1x Lab Sim

Acme is a small export company that has an existing enterprise network comprised of 5 switches;
CORE,DSW1,DSW2,ASW1 and ASW2. The topology diagram indicates their desired pre-VLAN spanning tree mapping.
Previous configuration attempts have resulted in the following issues:
– CORE should be the root bridge for VLAN 20; however, DSW1 is currently the root bridge for VLAN 20.
– Traffic for VLAN 30 should be forwarding over the gig 1/0/6 trunk port between DSW1 and DSW2. However VLAN 30 is currently using gig 1/0/5.
– Traffic for VLAN 40 should be forwarding over the gig 1/0/5 trunk port between DSW1 and DSW2. However VLAN 40 is currently using gig 1/0/6.

You have been tasked with isolating the cause of these issuer and implementing the appropriate solutions. You task is complicated by the fact that you only have full access to DSW1, with isolating the cause of these issues and implementing the appropriate solutions. Your task is complicated by the fact that you only have full access to DSW1, with the enable secret password cisco. Only limited show command access is provided on CORE, and DSW2 using the enable 2 level with a password of acme. No configuration changes will be possible on these routers. No access is provided to ASW1 or ASW2.

Answer and Explanation:

1) “CORE should be the root bridge for VLAN 20; however, DSW1 is currently the root bridge for VLAN 20″ -> We need to make CORE switch the root bridge for VLAN 20.

By using the “show spanning-tree” command as shown above, we learned that DSW1 is the root bridge for VLAN 20 (notice the line “This bridge is the root”).

DSW1>enable
DSW1#show spanning-tree

To determine the root bridge, switches send and compare their priorities and MAC addresses with each other. The switch with the lowest priority value will have highest priority and become the root bridge. Therefore, we can deduce that the priority of DSW1 switch is lower than the priority of the CORE switch so it becomes the root bridge. To make the CORE the root bridge we need to increase the DSW1′s priority value, the best value should be 61440 because it is the biggest value allowed to assign and it will surely greater than of CORE switch. (You can use another value but make sure it is greater than the CORE priority value by checking if the CORE becomes the root bridge or not; and that value must be in increments of 4096).

(Notice that the terms bridge and switch are used interchangeably when discussing STP)

DSW1#configure terminal
DSW1(config)#spanning-tree vlan 20 priority 61440

2) “Traffic for VLAN 30 should be forwarding over the gig 1/0/6 trunk port between DSW1 and DSW2. However VLAN 30 is currently using gig 1/0/5″

DSW1 is the root bridge for VLAN 30 (you can re-check with the show spanning-tree command as above), so all the ports are in forwarding state for VLAN 30. But the question said that VLAN 30 is currently using Gig1/0/5 so we can guess that port Gig1/0/6 on DSW2 is in blocking state (for VLAN 30 only), therefore all traffic for VLAN 30 will go through port Gig1/0/5.

The root bridge for VLAN 30, DSW1, originates the Bridge Protocol Data Units (BPDUs) and switch DSW2 receives these BPDUS on both Gig1/0/5 and Gig1/0/6 ports. It compares the two BPDUs received, both have the same bridge-id so it checks the port cost, which depends on the bandwidth of the link. In this case both have the same bandwidth so it continues to check the sender’s port id (includes port priority and the port number of the sending interface). The lower port-id value will be preferred so the interface which received this port-id will be the root and the other interface (higher port-id value) will be blocked.

In this case port Gig1/0/6 of DSW2 received a Priority Number of 128.6 (means that port priority is 128 and port number is 6) and it is greater than the value received on port Gig1/0/5 (with a Priority Number of 128.5) so port Gig1/0/6 will be blocked. You can check again with the “show spanning-tree” command. Below is the output (notice this command is issued on DSW1 – this is the value DSW2 received and used to compare).

Therefore, all we need to do is to change the priority of port Gig1/0/6 to a lower value so the neighboring port will be in forwarding state. Notice that we only need to change this value for VLAN 30, not for all VLANs.

DSW1(config)#interface g1/0/6
DSW1(config-if)#spanning-tree vlan 30 port-priority 64
DSW1(config-if)#exit

3) “Traffic for VLAN 40 should be forwarding over the gig 1/0/5 trunk port between DSW1 and DSW2. However VLAN 40 is currently using gig 1/0/6″

Next we need to make sure traffic for VLAN 40 should be forwarding over Gig1/0/5 ports. It is a similar job, right? But wait, we are not allowed to make any configurations on DSW2, how can we change its port-priority for VLAN 40? There is another solution for this…

Besides port-priority parameter, there is another value we can change: the Cost value (or Root Path Cost). Although it depends on the bandwidth of the link but a network administrator can change the cost of a spanning tree, if necessary, by altering the configuration parameter in such a way as to affect the choice of the root of the spanning tree.

Notice that the Root Path Cost is the cost calculated by adding the cost in the received hello to the cost of the interface the hello BPDU was received. Therefore if you change the cost on an interface of DSW1 then only DSW1 will learn the change.

By default, the cost of a 100Mbps link is 19 but we can change this value to make sure that VLAN 40 will use interface Gig1/0/5.

DSW1(config)#interface g1/0/5
DSW1(config-if)#spanning-tree vlan 40 cost 1

DSW1(config-if)#end

You should re-check to see if everything was configured correctly:

DSW1#show spanning-tree

Save the configuration:

DSW1#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Remember these facts about Spanning-tree:

Path Selection:

1) Prefer the neighbor advertising the lowest root ID
2) Prefer the neighbor advertising the lowest cost to root
3) Prefer the neighbor with the lowest bridge ID
4) Prefer the lowest sender port ID

Spanning-tree cost:

Other good resource for reference:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96a.shtml

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab
Spanning Tree Lab Sim
AAAdot1x Lab Sim

The headquarter offices for a book retailer are enhancing their wiring closets with Layer3 switches. The new distribution-layer switch has been installed and a new access-layer switch cabled to it. Your task is to configure VTP to share VLAN information from the distribution-layer switch to the access-layer devices. Then, it is necessary to configure interVLAN routing on the distribution layer switch to route traffic between the different VLANs that are configured on the access-layer switches; however, it is not necessary for you to make the specific VLAN port assignments on the access-layer switches. Also, because VLAN database mode is being deprecated by Cisco, all VLAN and VTP configurations are to be completed in the global configuration mode. Please reference the following table for the VTP and VLAN information to be configured:

Requirements:

These are your specific tasks:

1. Configure the VTP information with the distribution layer switch as the VTP server
2. Configure the VTP information with the access layer switch as a VTP client
3. Configure VLANs on the distribution layer switch
4. Configure inter-VLAN routing on the distribution layer switch
5. Specific VLAN port assignments will be made as users are added to the access layer switches in the future.
6. All VLANs and VTP configurations are to completed in the global configuration. To configure the switch click on the host icon that is connected to the switch be way of a serial console cable.

Answer and Explanation:

1) Configure the VTP information with the distribution layer switch as the VTP server:

DLSwitch#configure terminal
DLSwitch(config)#vtp mode server
DLSwitch(config)#vtp domain cisco (use cisco, not CISCO because it is case sensitive)

(Requirement 2 will be solved later)
3) Configure VLANs on the distribution layer switch

To create VLANs on a switch, use the vlan vlanID# command:
DLSwitch(config)#vlan 20
DLSwitch(config)#vlan 21

Configure Ip addresses for Vlans:

DLSwitch(config)#interface vlan 20
DLSwitch(if-config)#ip address 172.16.71.1 255.255.255.0
DLSwitch(if-config)#no shutdown
DLSwitch(if-config)#interface vlan 21
DLSwitch(if-config)#ip address 172.16.132.1 255.255.255.0
DLSwitch(if-config)#no shutdown
DLSwitch(if-config)#exit

4) Configure inter-VLAN routing on the distribution layer switch

DLSwitch(config)#ip routing
DLSwitch(config)#exit
DLSwitch#copy running-config startup-config

2) Configure the VTP information with the access layer switch as a VTP client

ALSwitch#configure terminal
ALSwitch(config)#vtp mode client
ALSwitch(config)#vtp domain cisco
ALSwitch(config)#exit

ALSwitch#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab 2
Spanning Tree Lab Sim
AAAdot1x Lab Sim

The headquarter office for a cement manufacturer is installing a temporary Catalyst 3550 in an IDF to connect 24 additional users. To prevent network corruption, it is important to have the correct configuration prior to connecting to the production network. It will be necessary to ensure that the switch does not participate in VTP but forwards VTP advertisements that are received on trunk ports.
Because of errors that have been experienced on office computers, all nontrunking interfaces should transition immediately to the forwarding state of Spanning tree. Also, configure the user ports (all FastEthernet ports) so that the ports are permanently nontrunking.

Requirements:
You will configure FastEthernet ports 0/12 through 0/24 for users who belong to VLAN 20. Also, all VLAN and VTP configurations are to be completed in global configuration mode as VLAN database mode is being deprecated by Cisco. You are required to accomplish the following tasks:

1. Ensure the switch does not participate in VTP but forwards VTP advertisements received on trunk ports.
2. Ensure all non-trunking interfaces (Fa0/1 to Fa0/24) transition immediately to the forwarding state of Spanning-Tree.
3. Ensure all FastEthernet interfaces are in a permanent non-trunking mode.
4. Place FastEthernet interfaces 0/12 through 0/24 in VLAN 20.

Answer and Explanation:

Switch>enable
Switch#configure terminal
Switch(config)#interface range fa0/1 – 24
Switch(config-if-range)#switchport mode access (Make all FasEthernet interfaces into access mode)
Switch(config-if-range)#spanning-tree portfast (Enables the PortFast on interface)

Next, we need to assign FastEthernet ports 0/12 through 0/24 to VLAN 20.

By default, all ports on the switch are in VLAN 1. To change the VLAN associated with a port, you need to go to each interface (or a range of interfaces) and tell it which VLAN to be a part of.

Switch(config-if-range)#interface range fa0/12 – 24
Switch(config-if-range)#switchport access vlan 20 (Make these ports members of vlan 20)
Switch(config-if-range)#exit

Next we need to make this switch in transparent mode. In this mode, switch doesn’t participate in the VTP domain, but it still forwards VTP advertisements through any configured trunk links.

Switch(config)#vtp mode transparent
Switch(config)#exit
Switch#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab 2
VTP Lab
AAAdot1x Lab Sim

Acme is a small shipping company that has an existing enterprise network comprised of 2 switches;DSW1 and ASW1. The topology diagram indicates their layer 2 mapping. VLAN 40 is a new VLAN that will be used to provide the shipping personnel access to the server. For security reasons, it is necessary to restrict access to VLAN 20 in the following manner:
– Users connecting to ASW1’s port must be authenticate before they are given access to the network. Authentication is to be done via a Radius server:
– Radius server host: 172.120.39.46
– Radius key: rad123
– Authentication should be implemented as close to the host device possible.
– Devices on VLAN 20 are restricted to in the address range of 172.120.40.0/24.
– Packets from devices in the address range of 172.120.40.0/24 should be passed on VLAN 20.
– Packets from devices in any other address range should be dropped on VLAN 20.
– Filtering should be implemented as close to the server farm as possible.
The Radius server and application servers will be installed at a future date. You have been tasked with implementing the above access control as a pre-condition to installing the servers. You must use the available IOS switch features.

Answer and Explanation:

1) Configure ASW1

Enable AAA on the switch:
ASW1(config)#aaa new-model

The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.

Define the server along with its secret shared password:
ASW1(config)#radius-server host 172.120.39.46 key rad123

ASW1(config)#aaa authentication dot1x default group radius
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.

Enable 802.1x on the switch:
ASW1(config)#dot1x system-auth-control

Configure Fa0/1 to use 802.1x:

ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#switchport mode access
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.

ASW1(config-if)#exit
ASW1#copy running-config startup-config

2) Configure DSW1:

Define an access-list:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
DSW1(config-ext-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-ext-nacl)#exit

Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit

Apply a vlan-map into a vlan:
DSW1(config)#vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)

DSW1#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim

Online Incorporated is an internet game provide. The game service network had recently added an additional switch block with multiple VLANs configured. Unfortunately, system administrators neglected to document the spanning-tree topology during configuration. For baseline purpose, you will be required to identify the spanning-tree topology for the switch block. Using the output of “show spanning-tree” command on switch SW-C and the provided physical topology, answer the following questions:

The output of “show spanning-tree” command on SW-C:

Question 1:

Which spanning Tree Protocol has been implemented on SW-B?

A. STP/IEEE 802.1D
B. MSTP/IEEE 802.1s
C. PVST+
D. PVRST
E. None of the above

Answer: C

Explanation:

On the Fa0/2 interface we can see the type of connection is P2p Peer (STP) and Cisco says that: “!— Type P2p Peer(STP) represents that the neighbor switch runs PVST.” Please visit this link to understand more http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a00807b0670.shtml

Question 2:

Which bridge ID belongs to SW-B?

A. 24623.000f.34f5.0138
B. 32768.000d.bd03.0380
C. 32768.000d.65db.0102
D. 32769.000d.65db.0102
E. 32874.000d.db03.0380
F. 32815.000d.db03.0380

Answer: A

Explanation:

Have a look at the output at VLAN0047:

Notice there are two “Cost” value in the picture, the above “Cost” is the total cost from the current switch to the root bridge while the second “Cost” refers to the cost on that interface (Fa0/2). Both these “Cost” are the same so we can deduce that the root bridge is connectly directly to this switch on Fa0/2 interface -> the root bridge is Switch B, and the “Address” field shows its MAC address 000f.34f5.0138. Notice Bridge ID = Bridge Priority + MAC address.

Question 3:

Which port role has interface Fa0/2 of SW-A adopted for VLAN 47?

A. Root port
B. Nondesigned port
C. Designated port
D. Backup port
E. Alternate port

Answer: C

Explanation:

We learned that Switch B is the root bridge for VLAN 47 so port Fa0/1 on SwitchA and Fa0/2 on SwitchC should be the root ports, and from the output of SwitchC, we knew that port Fa0/1 of SwitchC is in blocking state. Therefore its opposite port on SwitchA must be in designated state (forwarding).

So, can Fa0/2 of SW-A be in blocking state? The answer is no so that BPDU packets can be received on Fa0/1 of SW-C. It will remain in blocking state as long as a steady flow of BPDUs is received.

Question 4:

Which port state is interface Fa0/2 of SW-B in for VLANs 1 and 106?

A. Listening
B. Learning
C. Disabled
D. Blocking
E. Forwarding
F. Discarding

Answer: D

Explanation:

As explained in question 2, we can deduce SW-A is the root bridge for VLANs 1 and 106 so ports Fa0/1 on SW-B and SW-C will be the root ports. From the output of SW-C for VLANs 1 and 106, port Fa0/2 of this switch is designated (forwarding) so we can deduce interface Fa0/2 of SW-B is in blocking status.

Question 5:

Which bridge ID belongs to SW-A?

A. 24623.000f.34f5.0138
B. 32768.000d.bd03.0380
C. 32768.000d.65db.0102
D. 32769.000d.65db.0102
E. 32874.000d.db03.0380
F. 32815.000d.db03.0380

Answer: D

Explanation:

SW-A is the root bridge for VLANs 1 and 106 and we can easily find the MAC address of this root bridge from the output of SW-C, it is 000d.65db.0102. Notice that SW-A has 2 bridge IDs for VLANs 1 and 106, they are 32769.000d.65db.0102 and 24682.000d.65db.0102

- DSW1( Distribute switch 1) is the primary device for Vlan 101, 102, 105
– DSW2 ( Distribute switch 2) is the primary device for Vlan 103 and 104

Question 1:

During routine maintenance, it became necessary to shutdown G1/0/1 on DSW1. All other interface were up. During this time, DSW1 remained the active device for Vlan 102′s HSRP group. You have determined that there is an issue with the decrement value in the track command in Vlan 102′s HSRP group. What need to be done to make the group function properly?

A. The DSW1′s decrement value should be configured with a value from 5 to 15
B. The DSW1′s decrement value should be configured with a value from 9 to 15
C. The DSW1′s decrement value should be configured with a value from 11 to 18
D. The DSW1′s decrement value should be configured with a value from 195 to less than 205
E. The DSW1′s decrement value should be configured with a value from 200 to less than 205
F. The DSW1′s decrement value should be greater than 190 and less 200

Answer: C

Explanation:

The question clearly stated that there was an issue with the decrement value in VLAN 102 so we should check VLAN 102 on both DSW1 and DSW2 switches first. Click on the PC Console1 and PC Console2 to access these switches then use the “show running-config” command on both switches

DSW1>enable
DSW1#show running-config

DSW2>enable
DSW2#show running-config

As shown in the outputs, the DSW1′s priority is 200 and is higher than that of DSW2 so DSW1 becomes active switch for the group. Notice that the interface Gig1/0/1 on DSW1 is being tracked so when this interface goes down, HSRP automatically reduces the router’s priority by a configurable amount, in this case 5. Therefore the priority of DSW1 goes down from 200 to 195. But this value is still higher than that of DSW2 (190) so DSW1 remains the active switch for the group. To make DSW2 takes over this role, we have to configure DSW1′s decrement value with a value equal or greater than 11 so that its result is smaller than that of DSW2 (200 – 11 < 190). Therefore C is the correct answer.

Question 2:

During routine maintenance, G1/0/1 on DSW1 was shutdown. All other interface were up. DSW2 became the active HSRP device for Vlan101 as desired. However, after G1/0/1 on DSW1 was reactivated. DSW1 did not become the active HSRP device as desired. What need to be done to make the group for Vlan101 function properly?

A. Enable preempt on DSW1′s Vlan101 HSRP group
B. Disable preempt on DSW1′s Vlan101 HSRP group
C. Decrease DSW1′s priority value for Vlan101 HSRP group to a value that is less than priority value configured on DSW2′s HSRP group for Vlan101
D. Decrease the decrement in the track command for DSW1′s Vlan 101 HSRP group to a value less than the value in the track command for DSW2′s Vlan 101 HSRP group.

Answer: A

Explanation:

Continue to check VLAN 101 on both switches…

We learned that DSW1 doesn’t have the “standby 1 preempt” command so it can’t take over the active role again even if its priority is the highest. So we need to enable this command on VLAN 101 of DSW1.

Question 3:

DSW2 has not become the active device for Vlan103′s HSRP group even though all interfaces are active. As related to Vlan103′s HSRP group. What can be done to make the group function properly?

A. On DSW1, disable preempt
B. On DSW1, decrease the priority value to a value less than 190 and greater than 150
C. On DSW2, increase the priority value to a value greater 241 and less than 249
D. On DSW2, increase the decrement value in the track command to a value greater than 10 and less than 50.

Answer: B or C

Explanation:

The reason DSW2 has not become the active switch for Vlan103 is because the priority value of DSW1 is higher than that of DSW2. In order to make DSW2 become the active switch, we need to increase DSW2′s priority (to higher than 200) or decrease DSW1′s priority (to lower than 190).

Question 4:

If G1/0/1 on DSW1 is shutdown, what will be the current priority value of the Vlan105′s group on DSW1?

A. 95
B. 100
C. 150
D. 200

Answer: A

Explanation:

Below is the output of VLAN 105:

If G1/0/1 on DSW1 is shutdown, its priority will decrease 55 so, its value will be 150 – 55 = 95

Question 5:

What is the configured priority value of the Vlan105′s group on DSW2 ?

A. 50
B. 100
C. 150
D. 200

Answer: B

Explanation:

Below is the output of VLAN 105 of DSW2:

We don’t see the priority of DSW2 so it is using the default value (100).

Question 6:

During routine maintenance, it became necessary to shutdown G1/0/1 on DSW1 and DSW2. All other interface were up. During this time, DSW1 became the active device for Vlan104′s HSRP group. As related to Vlan104′s HSRP group, what can be done to make the group function properly?

A. On DSW1, disable preempt
B. On DSW2, decrease the priority value to a value less than 150
C. On DSW1, increase the decrement value in the track command to a value greater than 6
D. On DSW1, disable track command.

Answer: C

Explanation:

The question asks us how to keep the active role of DSW2. From the outputs, we learned that if both interfaces G1/0/1 of DSW1 and DSW2 are shutdown, the priority of DSW1 will be 150 – 1 = 149 and that of DSW2 will be 200 – 55 = 145 -> DSW1 will become the active switch.

The main point here is that we have to configure so in such a way that when both interfaces G1/0/1 of DSW1 and DSW2 are shutdown, the priority of DSW2 is still greater than that of DSW1. Therefore the priority value of DSW1 should be smaller than 145, or we have to configure the decrement value of DSW1 to a value greater than 6 ( 6 = 150 – 144) -> C is the correct answer.

Notice: To keep the active role of DSW2, we can disable “preempt” on DSW1 (answer A) so that it will not take over the active role when DSW1 is downed but it also means that VLAN 104 will not have active switch -> VLAN104 will fail.

Question 1:

Place the DTP mode with its correct description:

Answer:

1) Trunk: Set the switch port to trunk mode and negotiate to become a trunk.
2) Nonegotiate: Specify that the DTP packets are not sent out of this interface.
3) Access: Set a switch port to permanent nontrunking mode.
4) Dynamic Auto: Set the switch port to respond, but not actively send DTP frames.
5) Dynamic Desirable: Make the interface actively attempt to convert the link to a trunk link. (This means the interface is ready to autonegotiate trunking encapsulation and form a trunk link (using DTP) with a neighbor port in desirable, auto, or on mode.)

Explanation:

Dynamic Trunking Protocol (DTP) is the Cisco-proprietary that actively attempts to negotiate a trunk link between two switches. Below is the switchport modes (or DTP modes) for easy reference:

Question 2:

This is a drag and drop question which is about the correct sequence of steps that a wireless client takes during the process of association with an access point (AP). Drag the items to the proper locations.

Answer:

Explanation:

Any wireless client attempting to use the wireless network must first arrange a membership with the AP. Membership with the AP is called an association. The client must send an association request message, and the AP grants or denies the request by sending an association reply message. Once associated, all communications to and from the client must pass through the AP. Clients associate with access points as follows:

1) The client sends a probe request.
2) The AP sends a probe response.
3) The client initiates an association to an AP. Authentication and any other security information is sent to the AP.
4) The AP accepts the association.
5) The AP adds the client’s MAC address to its association table.

Question 3:

Drag and drop question. Drag the items to the proper locations.

Answer:

1) Listening: sends and receives BPDUs to determine root, but does not update the MAC address table.
2) Disabled: does not participate in frame forwarding or in STP.
3) Blocking: does not participate in frame forwarding.
4) Fowarding: sends and receives data frames.
5) Learning: populates the MAC address table, but will not forward user data.

Notice: A port begins its life in a Disabled state, moving through several passive states and, finally, into an active state if allowed to forward traffic.

Question 4 (not sure about the question)

network level – RSTP, NSF
system level – Dual power supply, SSO
management level – NTP , IP SLA

verify that the vlan is assigned to the proper ports
verify that creation of the virtual interface
Verify that there is inter-switch connectivity
verify that switchports are properly pruned

Number of IP Subnets
VLAN to IP mapping
Location of each VLAN
VLAN assignments

Question 1

Drag the choices on the left to the boxes on the right that should be included when creating a VLAN-based implementation plan. Not all choices will be used.

Answer:

+ reference to design documents
+ roll back guidelines
+ detailed implementation plans
+ time required to perform the implementation

(In this question we don’t need to sort in the correct order)

Explanation

An implementation plan requires:

+ A description of the task
+ References to design documents
+ Detailed implementation guidelines
+ Detailed rollback guidelines in case of failure
+ The estimated time required for implementation

Question 2

You have a VLAN implementation that requires inter-vlan routing using layer 3 switches. Drag the steps on the left that should be part of the verification plan to the spaces on the right. Not all choices will be used.

Answer:

+ Verify that there is inter-switch connectivity
+ Verify that the data and voice VLANs are NOT assigned a trunk’s native VLAN
+ Verify that the needed Switch Virtual interfaces have been created
+ Verify that the proper ports are assigned to the VLAN

Question 3

Match the SNMP versions and associated features

Answer:

v1:
+ get next request
+ unsolicited alert msg

v2:
+ informed request
+ incremental 64 bit of new data

v4:
+ user name
+ security level

Question 4

Categorize the high availability network resource or feature with the management level, network level, or system level used.

Answer:

Management Level:
+ IP SLA responder
+ NTP

Network Level:
+ RSTP
+ NSF

System Level:
+ Dual Power Supplies
+ SSO

Question 5

Match the HSRP states on the left with the correct definition on the right.

Answer:

+ Initial: State from which the router begin the HSRP process
+ Standby: A candidate to become the next active router
+ Learn: The router is still waiting to hear from the active router
+ Active: The router is currently forwarding packets
+ Listen: Listens for hello messages from the active and standby router
+ Speak: Participates in the election for the active or standby router

Question 6

Sort the syslog priority from highest to lowest

Answer:

1) emergency
2) alert
3) critical
4) error
5) warning
6) notice
7) informational
8) debug

Explanation

The syslog levels and descriptions are listed below:

Question 7

Match the Attributes on the left with the types of VLAN designs on right.

Answer:

End-to-End VLANs:
+ As a user moves through a campus, the VLAN membership of the user remains the same, regardless of the physical switch this user attaches to.
+ Users are grouped into each VLAN regardless of the physical locations.

Local VLANs:
+ Create with Physical boundaries in mind rather then the departments or organization of the users on the devices.
+ VLANs on one switch are not advertised to all other switches in the network, nor do they need to be created in the VLAN database of any other switch.

Question 8

You have been tasked with planning a VLAN solution that will connect a seiver in one buliding to several hosts in another building. The solution should be built using the local vlan model and layer 3 switching at the distribution layer. Identify the questions related to this vlan solution that would ask the network administrator before you start the planning by dragging them into the target zone one the right. Not all questions will be used.

Answer:

+ Is there inter-switch connectivity?
+ What routing protocol will be used?
+ What VLANs are available on each switch?
+ What switch ports are available in each building?
+ What IP addresses are available on each subnet?

Question 9

Answer:

Local vlan:
+ 20/80 rule
+ leverages on stp
+ leverages on routing
+ locally significant

Distributed vlan:
+ 80/20 rule
+ leverages on vtp
+ leverages on switching
+ globally significant

If you are not sure about VLAN, VTP, STP please read my VLAN tutorial, VTP tutorial and STP tutorial.

Question 1

Two switches SA and SB are connected as shown below. Given the below partial configuration, which two statements are true about VLAN traffic? (Choose two)

A – VLANs 1-5 will be blocked if fa0/10 goes down.
B – VLANs 6-10 have a port priority of 128 on fa0/10.
C – VLANs 6-10 will use fa0/10 as a backup only.
D – VLANs 1-10 are configured to load share between fa0/10 and fa0/12.

Answer: C D

Explanation:

Let’s assume that SA is the root bridge for all VLANs, it will make the explanation a bit clearer…

First we should understand what will happen if nothing is configured (use default values). Because we assumed that SA is the root bridge so all of its ports will forward. SB will need to block one of its ports to avoid a bridging loop between the two switches. But how does SB select its blocked port? Well, the answer is based on the BPDUs it receives from SA. A BPDU is superior than another if it has:

1. A lower Root Bridge ID
2. A lower path cost to the Root
3. A lower Sending Bridge ID
4. A lower Sending Port ID

These four parameters are examined in order. In this specific case, all the BPDUs sent by SA have the same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID. The only parameter left to select the best one is the Sending Port ID (Port ID = port priority + port index). If using default values, the default port priority’s value is 32 or 128 (128 is much more popular today but 32 is also a default port priority’s value), so SB will compare port index values, which are unique to each port on the switch, and because Fa0/12 is inferior to Fa0/10, SB will select the port connected with Fa0/10 (of SA) as its root port and block the other port.

To change the default decision of selecting root port, we can change the port priority of each interface. The above picture is true for VLAN 1-5 because port Fa0/10 has a lower port-priority so the peer port will be chosen as the root port. For VLAN 6-10, port Fa0/12 has higher priority ID (lower port priority value) so SB will block its upper port.

For answer A – “VLANs 1-5 will be blocked if fa0/10 goes down” – is not correct because if Fa0/10 goes down, SB will unblock its lower port therefore VLANs 1-5 will still operate.

For answer B – “VLANs 6-10 have a port priority of 128 on fa0/10″ – is not always correct because VLAN 6-10 can have a different port priority (of 32) according to the Cisco’s link below.

Answer C is correct because VLAN 6-10 uses Fa0/12 link as it main path. Fa0/10 is the backup path and is only opened when port Fa0/12 fails.

Answer D is correct because this configuration provide load-balance traffic based on VLAN basis. VLANs 1-5 use Fa0/10 and VLANs 6-10 use Fa0/12 as their main paths.

Note: We can not assure the answer B is always correct so we should choose C and D if the question asks us to give only 2 choices).

Reference (and good resource, too):

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96a.shtml

Question 2:

The network operations center has received a call stating that Users in VLAN 107 are unable to access resources through R1. From the information contained in the graphic, what is the cause of this problem?

A – spanning tree is not enabled on VLAN 107
B – VTP is pruning VLAN 107
C – VLAN 107 does not exist on switch SA
D – VLAN 107 is not configured on the trunk

Answer: B

Explanation:

“VLAN allowed on trunk” – Each trunk allows all VLANs by default. However, administrator can remove or add to the list by using the “switchport trunk allowed” command.

“VLANs allowed and active in management” – To be active, a VLAN must be in this list.

“VLANs in spanning tree forwarding state and not pruned” – This list is a subset of the “allowed and active” list but with any VTP-pruned VLANs removed.

All VLANs were configured except VLAN 101 so D is not correct. VLAN 107 exists in the “allowed and active” section so A and C are not correct, too. In the “forwarding state and not pruned” we don’t see VLAN 107 so the administrator had wrongly configured this VLAN as pruned.

Question 3:

The network administrator needs to enable VTP pruning within the network. What action should a network administrator take to enable VTP pruning on an entire management domain?

A – enable VTP pruning on every switch in the domain
B – enable VTP pruning on any client switch in the domain
C – enable VTP pruning on any switch in the management domain
D – enable VTP pruning on a VTP server in the management domain

Answer: D

Question 4:

Study the diagram below carefully, which three statements are true? (Choose three)

A – DTP packets are sent from Switch SB.
B – DTP is not running on Switch SA.
C – A trunk link will be formed.
D – The native VLAN for Switch SB is VLAN 1.

Answer: A C D

Explanation:

Dynamic Trunking Protocol (DTP) is the Cisco-proprietary that actively attempts to negotiate a trunk link between two switches. If an interface is set to switchport mode dynamic desirable, it will actively attempt to convert the link into trunking mode. If the peer port is configured as switchport mode trunk, dynamic desirable, or dynamic auto mode, trunking is negotiated successfully -> C is correct.

SB is in “dynamic desirable” mode so it will send DTP packets to SA to negotiate a trunk link -> A is correct.

On an 802.1Q trunk, DTP packets are sent on the native VLAN. By default, it is VLAN 1 (notice that SA’s native VLAN is 5) -> D is correct.

(Note: an 802.1Q trunk’s native VLAN is the only VLAN that has untagged frames)

Below is the switchport modes for easy reference:

Question 5:

Regarding the exhibit and the partial configuration of switch SA and SB. STP is configured on all switches in the network. SB receives this error message on the console port:

00:06:34: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half duplex), with SA FastEthernet0/4 (half duplex), with TBA05071417(Cat6K-B) 0/4 (half duplex).

What would be the possible outcome of the problem?

A – The root port on switch P4S-SB will fall back to full-duplex mode.
B – The interfaces between switches P4S-SA and P4S-SB will transition to a blocking state.
C – The root port on switch P4S-SA will automatically transition to full-duplex mode.
D – Interface Fa0/6 on switch SB will transit to a forwarding state and create a bridging loop.

Answer: D

Explanation:

From the output, we learned that the interfaces on two switches are operating in different duplex modes: Fa0/4 of SA in half-duplex mode & Fa0/5 of SB in full-duplex mode. In this case, because SB is operating in full duplex mode, it does not check the carrier sense before sending frames (CSMA/CD is not used in full-duplex mode). Therefore, SB can start to send frames even if SA is using the link and a collision will occur. The result of this is SA will wait a random time before attempting to transmit another frame. If B sends enough frames to A to make every frame sent from A (which includes the BPDUs) get dropped then SB can think it has lost root bridge (B does not receive BPDUs from A anymore). Therefore SB will unblock its Fa0/6 interface for transmitting and cause a bridging loop.

Question 1

Company uses MSTP within their switched LAN. What is the main purpose of Multiple Instance Spanning Tree Protocol (MSTP)?

A. To enhance Spanning Tree troubleshooting on multilayer switches
B. To reduce the total number of spanning tree instances necessary for a particular topology
C. To provide faster convergence when topology changes occur in a switched network
D. To provide protection for STP when a link is unidirectional and BPDUs are being sent but not received

Answer: B

Explanation

Instead of running an STP instance for every VLAN, MSTP runs a number of VLAN-independent STP instances. By allowing a single instance of STP to run for multiple VLANs, MSTP keeps the number of STP instances to minimum (saving switch resources) while optimizing Layer 2 switching environment (load balancing traffic to different paths for different VLANs.).

Question 2

Which of the following specifications will allow you to associate VLAN groups to STP instances so you can provide multiple forwarding paths for data traffic and enable load balancing?

A. IEEE 802.1d (STP)
B. IEEE 802.1s (MST)
C. IEEE 802.1q (CST)
D. IEEE 802.1w (RSTP)

Answer: B

Question 3

Refer to the exhibit. All network links are FastEthernet. Although there is complete connectivity throughout the network, Front Line users have been complaining that they experience slower network performance when accessing the Server Farm than the Reception office experiences. Based on the exhibit, which two statements are true? (Choose two)

A. Changing the bridge priority of S1 to 4096 would improve network performance.
B. Changing the bridge priority of S1 to 36864 would improve network performance.
C. Changing the bridge priority of S2 to 36864 would improve network performance.
D. Changing the bridge priority of S3 to 4096 would improve network performance.
E. Disabling the Spanning Tree Protocol would improve network performance.
F. Upgrading the link between S2 and S3 to Gigabit Ethernet would improve performance.

Answer: B D

Explanation

All three switches have the same bridge priority (32768 – default value) and S1 has the lowest MAC -> S1 is the root bridge and all traffic must go through it -> Front Line Users (S2) must go through S1 to reach Server Farm (S3). To overcome this problem, S2 or S3 should become the root switch and we can do it by changing the bridge priority of S1 to a higher value (which lower its priority – answer B) or lower the bridge priority value (which higher its priority – answer D)

Question 4

Refer to the exhibit. Initially, LinkA is connected and forwarding traffic. A new LinkB is then attached between SwitchA and HubA. Which two statements are true about the possible result of attaching the second link? (Choose two)

A. The switch port attached to LinkB will not transistion to up.
B. One of the two switch ports attached to the hub will go into blocking mode when a BPDU is received.
C. Both switch ports attached to the hub will transition to the blocking state.
D. A heavy traffic load could cause BPDU transmissions to be blocked and leave a switching loop.
E. The switch port attached to LinkA will immediately transition to the blocking state.

Answer: B D

Explanation

we know that there will have only one Designated port for each segment (notice that the two ports of SwitchA are on the same segment as they are connected to a hub). The other port will be in Blocking state. But how does SwitchA select its Designated and Blocking port? The decision process involves the following parameters inside the BPDU:

* Lowest path cost to the Root
* Lowest Sender Bridge ID (BID)
* Lowest Port ID

In this case, both interfaces of SwitchA have the same “path cost to the root” and “sender bridge ID” so the third parameter “lowest port ID” will be used. Suppose two interfaces of SwitchA are fa0/1 & fa0/2 then SwitchA will select fa0/1 as its Designated port (because fa0/1 is inferior to fa0/2) -> B is correct.

Suppose the port on LinkA (named portA) is in forwarding state and the port on LinkB (named portB) is in blocking state. In blocking state, port B still listens to the BPDUs. If the traffic passing through LinkA is too heavy and the BPDUs can not reach portB, portB will move to listening state (after 20 seconds for STP) then learning state (after 15 seconds) and forwarding state (after 15 seconds). At this time, both portA & portB are in forwarding state so a switching loop will occur -> D is correct.

Question 5

Refer to the exhibit. Switch S1 is running mst IEEE 802.1s. Switch S2 contains the default configuration running IEEE 802.1D. Switch S3 has had the command spanning-tree mode rapid-pvst running IEEE 802.1w. What will be the result?

A. IEEE 802.1D and IEEE 802.1w are incompatible. All three switches must use the same standard or no traffic will pass between any of the switches.
B. Switches S1, S2, and S3 will be able to pass traffic between themselves.
C. Switches S1, S2, and S3 will be able to pass traffic between themselves. However, if there is a topology change, Switch S2 will not receive notification of the change.
D. Switches S1 and S3 will be able to exchange traffic but neither will be able to exchange traffic with Switch S2

Answer: B

Explanation

A switch running both MSTP and RSTP supports a built-in protocol migration mechanism that enables it to interoperate with legacy 802.1D switches. If this switch receives a legacy 802.1D configuration BPDU (a BPDU with the protocol version set to 0), it sends only 802.1D BPDUs on that port. An MST switch can also detect that a port is at the boundary of a region when it receives a legacy BPDU, an MST BPDU (version 3) associated with a different region, or an RST BPDU (version 2).
However, the switch does not automatically revert to the MSTP mode if it no longer receives 802.1D BPDUs because it cannot determine whether the legacy switch has been removed from the link unless the legacy switch is the designated switch

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swmstp.html)

Question 6

Refer to the exhibit. Switch S2 contains the default configuration. Switches S1 and S3 both have had the command spanning-tree mode rapid-pvst issued on them. What will be the result?

A. IEEE 802.1D and IEEE 802.1w are incompatible. All three switches must use the same standard or no traffic will pass between any of the switches.
B. Switches S1, S2. and S3 will be able to pass traffic between themselves.
C. Switches S1, S2. and S3 will be able to pass traffic between themselves. However, if there is a topology change. Switch S2 will not receive notification of the change.
D. Switches S1 and S3 will be able to exchange traffic but neither will be able to exchange traffic with Switch S2.

Answer: B

Question 7

Which two statements are true when the extended system ID feature is enabled? (Choose two)

A. The BID is made up of the bridge priority value (2 bytes) and bridge MAC address (6 bytes).
B. The BID is made up of the bridge priority (4 bits), the system ID (12 bits), and a bridge MAC address (48 bits).
C. The BID is made up of the system ID (6 bytes) and bridge priority value (2 bytes).
D. The system ID value is the VLAN ID (VID).
E. The system ID value is a unique MAC address allocated from a pool of MAC addresses assigned to the switch or module.
F. The system ID value is a hex number used to measure the preference of a bridge in the spanning-tree algorithm.

Answer: B D

Explanation

In short, with the use of IEEE 802.1t spanning-tree extensions, some of the bits previously used for the switch priority are now used for the extended system ID

Only four high-order bits of the 16-bit Bridge Priority field carry actual priority. Therefore, priority can be incremented only in steps of 4096. In most cases, the Extended System ID holds the VLAN ID. For example, if our VLAN ID is 5 and we use the default bridge priority 32768 then the 16-bit Priority will be 32768 + 5 = 32773.

Note: The MAC address is reserved when the extended system ID feature is enabled.

Question 8

Which set of statements about Spanning Tree Protocol default timers is true?

A.
The hello time is 2 seconds.
The forward delay is 10 seconds.
The max_age timer is 15 seconds.

B.
The hello time is 2 seconds.
The forward delay is 15 seconds.
The max_age timer is 20 seconds.

C.
The hello time is 2 seconds.
The forward delay is 20 seconds.
The max_age timer is 30 seconds.

D.
The hello time is 5 seconds.
The forward delay is 10 seconds.
The max_age timer is 15 seconds.

E.
The hello time is 5 seconds.
The forward delay is 15 seconds.
The max_age timer is 20 seconds.

Answer: B

Explanation

There are several STP timers, as this list shows:

* Hello - The hello time is the time between each bridge protocol data unit (BPDU) that is sent on a port. This time is equal to 2 seconds (sec) by default, but you can tune the time to be between 1 and 10 sec.
* Forward delay – The forward delay is the time that is spent in the listening and learning state. This time is equal to 15 sec by default, but you can tune the time to be between 4 and 30 sec.
* Max age – The max age timer controls the maximum length of time that passes before a bridge port saves its configuration BPDU information. This time is 20 sec by default, but you can tune the time to be between 6 and 40 sec.

(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094954.shtml)

Question 9

Refer to the exhibit. Switch 15 is configured as the root switch for VLAN 10 but not for VLAN 20. If the STP configuration is correct, what will be true about Switch 15?

A. All ports will be in forwarding mode.
B. All ports in VLAN 10 will be in forwarding mode.
C. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in blocking mode.
D. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in standby mode.

Answer: B

Explanation

All ports on root bridge are designated ports, which are in forwarding state but notice in this case Switch 15 is the root switch for VLAN 10 -> all ports in VLAN 10 will be in forwarding state. We can not say anything about the modes of ports of Switch 15 in other VLANs.

Question 10

Refer to the exhibit. STP has been implemented in the network. Switch SW_A is the root switch for the default VLAN. To reduce the broadcast domain, the network administrator decides to split users on the network into VLAN 2 and VLAN 10. The administrator issues the command spanning-tree vlan 2 root primary on switch SW_A. What will happen as a result of this change?

A. All ports of the root switch SW_A will remain in forwarding mode throughout the reconvergence of the spanning tree domain.
B. Switch SW_A will change its spanning tree priority to become root for VLAN 2 only.
C. Switch SW_A will remain root for the default VLAN and will become root for VLAN 2.
D. No other switch in the network will be able to become root as long as switch SW_A is up and running.

Answer: C

Explanation

This command sets the switch to become root for a given VLAN. It works by lowering the priority of the switch until it becomes root. Once the switch is root, it will not prevent any other switch from becoming root. In particular, if the current root bridge is greater than 24576 then our switch will drop to 24576. If the current root bridge is less than 24576, our new bridge priority will be (Priority value of the current root bridge – 4096).

This command does not affect other VLAN so SW_A will remain root for the default VLAN -> C is correct.

Note: This command is not shown in a Catalyst switch configuration because the command is actually a macro executing other switch commands.

Question 1

Refer to the exhibit. Based on the output of the show spanning-tree command, which statement is true?

A. Switch SW1 has been configured with the spanning-tree vlan 1 root primary global configuration command.
B. Switch SW1 has been configured with the spanning-tree vlan 1 root secondary global configuration command.
C. Switch SW1 has been configured with the spanning-tree vlan 1 priority 24577 global configuration command.
D. Switch SW1 has been configured with the spanning-tree vlan 1 hello-time 2 global configuration command.
E. The root bridge has been configured with the spanning-tree vlan 1 root secondary global configuration command.

Answer: B

Explanation

The command “spanning-tree vlan 1 root secondary” sets its bridge ID to a value which is higher than the current root bridge but higher than other switches in the network -> If the current root bridge fails, Sw1 will become the root bridge.

If no priority has been configured, every switch will have the same default priority of 32768. Assuming all other switches are at default priority, the spanning-tree vlan vlan-id root primary command sets a value of 24576. Also, assuming all other switches are at default priority, the spanning-tree vlan vlan-id root secondary command sets a value of 28672.

In this question, the bridge priority of Sw1 is 28673, not 28672 because the extended system ID (indicated as sys-id-ext) is 1, indicating this is the STP instance for VLAN 1. In fact, the bridge priority is 28672.

Question 2

Refer to the exhibit. On the basis of the output of the show spanning-tree inconsistentports command, which statement about interfaces FastEthernet 0/1 and FastEthernet 0/2 is true?

A. They have been configured with the spanning-tree bpdufilter disable command.
B. They have been configured with the spanning-tree bpdufilter enable command.
C. They have been configured with the spanning-tree bpduguard disable command.
D. They have been configured with the spanning-tree bpduguard enable command.
E. They have been configured with the spanning-tree guard loop command.
F. They have been configured with the spanning-tree guard root command.

Answer: F

Explanation

We can configure the root guard feature to prevent unauthorized switches from becoming the root bridge. When you enable root guard on a port, if that port receives a superior BPDU, instead of believing the BPDU, the port goes into a root-inconsistent state. While a port is in the root-inconsistent state, no user data is sent across it. However, after the superior BPDUs stop, the port returns to the forwarding state.

For example, in the topology above suppose S1 is the current root bridge. If a hacker plugs a switch on S3 which sends superior BPDUs then it will become the new root bridge, this will also change the traffic path and may result in a traffic jam. By enabling root guard on S3 port, if spanning-tree calculations cause an interface to be selected as the root port, the interface transitions to the root-inconsistent (blocked) state instead to prevent the hacker’s switch from becoming the root switch or being in the path to the root.

Question 3

Refer to the exhibit. What information can be derived from the output?

A. Devices connected to interfaces FastEthemet3/1 and FastEthemet3/2 are sending BPDUs with a superior root bridge parameter and no traffic is forwarded across the ports. Once inaccurate BPDUs have been stopped, the interfaces will need to be administratively shut down, and brought back up, to resume normal operation.
B. Devices connected to interfaces FastEthemet3/1 and FastEthernet3/2 are sending BPDUs with a superior root bridge parameter, but traffic is still forwarded across the ports.
C. Devices connected to interfaces FastEthemet3/1 and FastEthemet3/2 are sending BPDUs with a superior root bridge parameter and no traffic is forwarded across the ports. Once inaccurate BPDUs have been stopped, the interfaces automatically recover and resume normal operation.
D. Interfaces FastEthemet3/1 and FastEthemet3/2 are candidate for becoming the STP root port, but neither can realize that role until BPDUs with a superior root bridge parameter are no longer received on at least one of the interfaces.

Answer: C

Explanation

Same explanation as question 2.

Question 4

Which statement is correct about RSTP port roles?

A. The designated port is the switch port on every nonroot bridge that is the chosen path to the root bridge. There can be only one designated port on every switch. The designated port assumes the forwarding state in a stable active topology. All switches connected to a given segment listen to all BPDUs and determine the switch that will be the root switch for a particular segment.
B. The disabled port is an additional switch port on the designated switch with a redundant link to the segment for which the switch is designated. A disabled port has a higher port 10 than the disabled port on the designated switch. The disabled port assumes the discarding state in a stable active topology.
C. The backup port is a switch port that offers an alternate path toward the root bridge. The backup port assumes a discarding state in a stable, active topology. The backup port will be present on nondesignated switches and will make a transition to a designated port if the current designated path fails.
D. The root port is the switch port on every nonroot bridge that is the chosen path to the root bridge. There can be only one root port on every switch. The root port assumes the forwarding state in a stable active topology.

Answer: D

Explanation

To learn about RSTP port roles, please read my RSTP tutorial.

Question 5

How are STP timers and state transitions affected when a topology change occurs in an STP environment?

A. All ports will temporarily transition to the learning state for a period equal to the max age timer plus the forward delay interval.
B. All ports will transition temporarily to the learning state for a period equal to the forward delay interval.
C. The default aging time for MAC address entries will be reduced for a period of the max age timer plus the forward delay interval.
D. The default hello time for configuration BPDUs will be reduced for the period of the max age timer.

Answer: C (but the wording may cause you to misunderstand)

Explanation

If a switch stops receiving Hellos, it means that there is a failure in the network. The switch will initiate the process of changing the Spanning-tree topology. The process requires the use of 3 STP timers:
* Hello - the time between each bridge protocol data unit (BPDU) that is sent on a port. This time is equal to 2 seconds (sec) by default, but you can tune the time to be between 1 and 10 sec.
* Forward delay – the time that is spent in the listening and learning state. This time is equal to 15 sec by default, but you can tune the time to be between 4 and 30 sec.
* Max age – maximum length of time a BPDU can be stored without receiving an update.. This time is 20 sec by default, but you can tune the time to be between 6 and 40 sec.

Max Age is the time that a bridge stores a BPDU before discarding it.

Switches (Bridges) keep its MAC address table entries for 300 seconds (5 minutes, known as aging time), by default. When a network topology change happens, the Switch (Bridge) temporarily lowers the aging time to the same as the forward delay time (15 seconds) to relearn the MAC address changes happened because of topology change.

This is important because normally only after five minutes an entry is aged out from the MAC address table of the switch and the network devices could be unreachable for up to 5 minutes. This is known as a black hole because frames can be forwarded to a device, which is no longer available.

Notice that shortening the aging time to 15 seconds does not flush the entire table, it just accelerates the aging process. Devices that continue to “speak” during the 15-second age-out period never leave the bridging table.

Therefore in this question, to be clearer answer C should state “The default aging time for MAC address entries will be reduced to forward_delay time for a period of the max age timer plus the forward delay interval.”

(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094797.shtml)

Question 6

Refer to the exhibit. The command spanning-tree guard root is configured on interface Gi0/0 on both switch S2 and S5. The global configuration command spanning-tree uplinkfast has been configured on both switch S2 and S5. The link between switch S4 and S5 fails. Will Host A be able to reach Host B?

A. Fifty percent of the traffic will successfully reach Host B, and fifty percent will dead-end at switch S3 because of a partial spanning-tree loop.
B. No. Traffic will pass from switch S6 to S2 and dead-end at S2.
C. No. Traffic will loop back and forth between switch S6 and Host A.
D. No. Traffic will loop back and forth between switches S2 and S3.
E. Yes. Traffic will pass from switch S6 to S2 to S1.

Answer: E

Explanation

First we should understand about UpLinkFast.

Suppose S1 is the root bridge in the topology above. S3 is connected to S1 via two paths: one direct path and another goes through S2. Suppose the port directly connected to S1 is root port -> port connected to S2 will be in Blocking state. If the primary link goes down, the blocked port will need about 50 seconds to move from Blocking -> Listening -> Learning -> Forwarding to be used.

To shorten the downtime, a feature called Uplink Fast can be used. When the primary (root) link fails, another blocked link can be brought up immediately for use. When UplinkFast is enabled, it is enabled for the entire switch and all VLANs. It cannot be enabled for individual VLANs.

In this question, the Root Guard feature has been enabled on Gi0/0 of S2 & S5 so these two Gi0/0 ports cannot be root ports and cannot forward traffic -> the link between S2 & S6 must be used.

Note: The idea of Uplink Fast is based on blocked ports which are possible to become a root port. Therefore the Uplink Fast feature is not allowed on the root bridge -> S2 & S5 cannot be root bridges in this case.

Question 7

Refer to the exhibit. The command spanning-tree guard root is configured on interface Gi0/0 on both switch S2 and S5. The global configuration command spanning-tree uplinkfast has been configured on both switch S2 and S5. The link between switch S4 and S5 fails. Will Host A be able to reach Host B?

A. Yes. Traffic can pass either from switch S6 to S3 to S2 to S1, or, from switch S6 to S5 to S2 to S1.
B. No. Traffic will pass from switch S6 to S5 and dead-end at interface Gi0/0.
C. No. Traffic will loop back and forth between switch S5 and S2.
D. Yes. Traffic will pass from switch S6 to S3 to S2 to S1.
E. No. Traffic will either pass from switch S6 to S5 and dead-end, or traffic will pass from switch S6 to S3 to S2 and dead-end.

Answer: D

Explanation

Same explanation as Question 6. When the link between S4 – S5 goes down, Gi0/0 on S5 cannot become root port because of Root Guard feature on it. But maybe Host A can’t reach host B in the first 15 seconds after the link between S4 & S5 fails by default. It is the time for S5 to clear the MAC address table (please read the explanation of Question 5 for more detail).

Question 8

Which two statements about the various implementations of STP are true? (Choose two)

A. Common Spanning Tree maintains a separate spanning-tree instance for each VLAN configured in the network.
B. The Spanning Tree Protocol (STP) is an evolution of the IEEE 802.1w standard.
C. Per-VLAN Spanning Tree (PVST) supports 802.1Q trunking.
D. Per-VLAN Spanning Tree Plus (PVST+) is an enhancement to 802.1Q specification and is supported only on Cisco devices.
E. Rapid Spanning Tree Protocol (RSTP) includes features equivalent to Cisco PortFast, UplinkFast, and BackboneFast for faster network reconvergence.
F. Multiple Spanning Tree (MST) assumes one spanning-tree instance for the entire Layer 2 network, regardless of the multiple number of VLANs.

Answer: D E

Explanation

Common Spanning Tree only uses one spanning-tree instance for all VLANs in the network -> A is not correct.

Rapid Spanning Tree Protocol (RSTP; IEEE 802.1w) can be seen as an evolution of the 802.1D standard more than a revolution. The 802.1D terminology remains primarily the same. Most parameters have been left unchanged so users familiar with 802.1D can rapidly configure the new protocol comfortably -> B is not correct.

Per-VLAN spanning tree protocol plus (PVST+) is a Cisco proprietary protocol that expands on the Spanning Tree Protocol (STP) by allowing a separate spanning tree for each VLAN. Cisco first developed this protocol as PVST, which worked with the Cisco ISL trunking protocol, and then later developed PVST+ which utilizes the 802.1Q trunking protocol. PVST+ allows interoperability between CST and PVST in Cisco switches -> C is not correct but D is correct.

RSTP significantly reduces the time to reconverge the active topology of the network when changes to the physical topology or its configuration parameters occur. RSTP supports Edge Ports (similar to PortFast), UplinkFast, and BackboneFast for faster network reconvergence. Rapid Spanning Tree Protocol (RSTP) can also revert back to 802.1D STP for interoperability with older switches and existing infrastructures -> E is correct.

Multiple Spanning Tree can map one or more VLANs to a single STP instance. Multiple instances of STP can be used (hence the name MST), with each instance supporting a different group of VLANs. For example, instead of creating 50 STP separate STP instances for 50 VLANs, we can create only 2 STP instances – each for 25 VLANs. This helps saving switch resources -> F is not correct.

Question 9

Given the diagram and assuming that STP is enabled on all switch devices, which two statements are true? (Choose two)

A. DSW11 will be elected the root bridge.
B. DSW12 will be elected the root bridge.
C. ASW13 will be elected the root bridge.
D. P3/1 will be elected the nondesignated port.
E. P2/2 will be elected the nondesignated port.
F. P3/2 will be elected the nondesignated port.

Answer: A D

Question 10

Which two RSTP port roles include the port as part of the active topology? (Choose two)

A. root
B. designated
C. alternate
D. backup
E. forwarding
F. learning

Answer: A B

Question 1

What is the result of entering the command spanning-tree loopguard default?

A. The command enables both loop guard and root guard.
B. The command changes the status of loop guard from the default of disabled to enabled.
C. The command activates loop guard on point-to-multipoint links in the switched network.
D. The command will disable EtherChannel guard.

Answer: B

Explanation

This command is used in global configuration mode to enable loop guard on all ports of a given switch. To disable it, use the “no” keyword at the beginning of this command.

Question 2

Refer to the exhibit. The service provider wants to ensure that switch S1 is the root switch for its own network and the network of the customer. On which interfaces should root guard be configured to ensure that this happens?

A. interfaces 1 and 2
B. interfaces 1,2,3, and 4
C. interfaces 1, 3, 5, and 6
D. interfaces 5 and 6
E. interfaces 5, 6, 7, and 8
F. interfaces 11 and 12

Answer: D

Explanation

Let’s see what will happen if we set port 5 & 6 as “root guard” ports:

First, notice that the “root guard” command cannot be used on root switch (because this command is based on blocked port – while a root switch can’t have a blocked port -> two middle switches cannot become root bridges.

Moreover, the neighbor switch which has its port connected with this “root guard” port can’t be the root bridge. For example if we configure port 6 as “root guard” port, the left-bottom switch (the switch with ports 3, 4) can’t be root bridge because that will make port 6 root port. Therefore by configuring port 5 & 6 as “root guard” ports, two switches in the “Customer network” cannot become root bridge.

Question 3

Examine the diagram. A network administrator has recently installed the above switched network using 3550s and would like to control the selection of the root bridge. Which switch should the administrator configure as the root bridge and which configuration command must the administrator enter to accomplish this?

A. DSW11(config)# spanning-tree vlan 1 priority 4096
B. DSW12(config)# set spanning-tree priority 4096
C. ASW13(config)# spanning-tree vlan 1 priority 4096
D. DSW11(config)# set spanning-tree priority 4096
E. DSW12(config)# spanning-tree vlan 1 priority 4096
F. ASW13(config)# set spanning-tree priority 4096

Answer: E

Explanation

First, only switches in Distribution section should become root bridge -> only DSW11 or DSW12 should be chosen.

The traffic passing root bridge is always higher than other switches so we should choose switch with highest speed connection to be root bridge -> DSW12 with two 100Mbps connections should be chosen.

Also, the correct command to change priority value for a specific VLAN is spanning-treee vlan VLAN-ID priority Priority-number.

Question 4

What must be the same to make multiple switches part of the same Multiple Spanning Tree (MST)?

A. VLAN instance mapping and revision number
B. VLAN instance mapping and member list
C. VLAN instance mapping, revision number, and member list
D. VLAN instance mapping, revision number, member list, and timers

Answer: A

Explanation

MST maps multiple VLANs that have the same traffic flow requirements into the same spanning-tree instance. The main enhancement introduced by MST raises the problem, however, of determining what VLAN is to be associated with what instance. More precisely, based on received BPDUs, devices need to identify these instances and the VLANs that are mapped to the instance.

To be part of a common MST region, a group of switches must share the same configuration attributes. In particular, the configuration name (or region name – 32 bits), revision number (16 bits), and VLAN mapping (associate VLANs with spanning-tree instances) need to be the same for all the switches within the same region.

An example of configuring MST on a switch is shown below:

Question 5

Which three items are configured in MST configuration submode? (Choose three)

A. Region name
B. Configuration revision number
C. VLAN instance map
D. IST STP BPDU hello timer
E. CST instance map
F. PVST+ instance map

Answer: A B C

Explanation

Same as Question 4.

Question 6

Which three statements about the MST protocol (IEEE 802.1S) are true? (Choose three)

A. To verify the MST configuration, the show pending command can be used in MST configuration mode.
B. When RSTP and MSTP are configured; UplinkFast and BackboneFast must also be enabled.
C. All switches in the same MST region must have the same VLAN-to-instance mapping, but different configuration revision numbers.
D. All switches in an MST region, except distribution layer switches, should have their priority lowered from the default value 32768.
E. An MST region is a group of MST switches that appear as a single virtual bridge to adjacent CST and MST regions.
F. Enabling MST with the “spanning-tree mode mst” global configuration command also enables RSTP.

Answer: A E F

Explanation

The show pending command can be used to verify the MST configuration (pending configuration). An example of this command is shown below:

Note:

The above commands do these tasks:
+ Enter MST configuration mode
+ Map VLANs 10 to 20 to MST instance 1
+ Name the region certprepare
+ Set the configuration revision to 1
+ Display the pending configuration
+ Apply the changes, and return to global configuration mode

The MST region appears as a single bridge to spanning tree configurations outside the region -> a MST region appears as a single virtual bridge to adjacent CST and MST regions -> E is correct.

By enabling MST you also enable RSTP because MST relies on the RSTP configuration to operate -> F is correct.

Question 7

Which two statements concerning STP state changes are true? (Choose two)

A. Upon bootup, a port transitions from blocking to forwarding because it assumes itself as root.
B. Upon bootup, a port transitions from blocking to listening because it assumes itself as root.
C. Upon bootup, a port transitions from listening to forwarding because it assumes itself as root.
D. If a forwarding port receives no BPDUs by the max_age time limit, it will transition to listening.
E. If a forwarding port receives an inferior BPDU, it will transition to listening.
F. If a blocked port receives no BPDUs by the max_age time limit, it will transition to listening.

Answer: B F

Question 8

Which statement correctly describes the Cisco implementation of RSTP?

A. PortFast, UplinkFast, and BackboneFast specific configurations are ignored in Rapid PVST mode.
B. RSTP is enabled globally and uses existing STP configuration.
C. Root and alternative ports transition immediately to the forwarding state.
D. Convergence is improved by using sub-second timers for the blocking, listening, learning, and forwarding port states.

Answer: B

Explanation

To turn on RSTP, use this command in global configuration mode:

Note: This command turn on both MST & RSTP.

Question 9

The network administrator maps VLAN 10 through 20 to MST instance 2. How will this information be propagated to all appropriate switches?

A. Information will be carried in the RSTP BPDUs.
B. It will be propagated in VTP updates.
C. Information stored in the Forwarding Information Base and the switch will reply on query.
D. Multiple Spanning Tree must be manually configured on the appropriate switches.

Answer: D

Question 10

Which MST configuration statement is correct?

A. MST configurations can be propagated to other switches using VTP.
B. After MST is configured on a Switch, PVST+ operations will also be enabled by default.
C. MST configurations must be manually configured on each switch within the MST region.
D. MST configurations only need to be manually configured on the Root Bridge.
E. MST configurations are entered using the VLAN Database mode on Cisco Catalyst switches.

Answer: C

Question 1

While logged into a Company switch you issue the following command:

CompanySwitch(config-mst)#instance 10 vlan 11-12

What does this command accomplish?

A. It enables a PVST+ instance of 10 for vlan 11 and vlan 12
B. It enables vlan 11 and vlan 12 to be part of the MST region 10
C. It maps vlan 11 and vlan 12 to the MST instance of 10.
D. It creates an Internal Spanning Tree (1ST) instance of 10 for vlan 11 and vlan 12
E. It create a Common Spanning Tree (CST) instance of 10 for vlan 11 and vlan 12
F. It starts two instances of MST, one instance for vlan 11 and another instance for vlan 12.

Answer: C

Explanation

MST maps multiple VLANs that have the same traffic flow requirements into the same spanning-tree instance. The main enhancement introduced by MST raises the problem, however, of determining what VLAN is to be associated with what instance. More precisely, based on received BPDUs, devices need to identify these instances and the VLANs that are mapped to the instance.

An example of configuring MST on a switch is shown below:

Note: To be part of a common MST region, a group of switches must share the same configuration attributes. In particular, the configuration name (or region name – 32 bits), revision number (16 bits), and VLAN mapping (associate VLANs with spanning-tree instances) need to be the same for all the switches within the same region.

Question 2

By default, all VLANs will belong to which MST instance when using Multiple STP?

A. MST00
B. MST01
C. the last MST instance configured
D. none

Answer: A

Explanation

By default, all VLANs are assigned to MST instance 0. Instance 0 is known as the Internal Spanning-Tree (IST), which is reserved for interacting with other Spanning-Tree Protocols (STPs) and other MST regions.

Question 3

What will occur when a nonedge switch port that is configured for Rapid Spanning Tree does not receive a BPDU from its neighbor for three consecutive hello time intervals?

A. RSTP information is automatically aged out.
B. The port sends a TCN to the root bridge.
C. The port moves to listening state,
D. The port becomes a normal spanning tree port.

Answer: A

Explanation

In STP 802.1D, a non-root bridge only generates BPDUs when it receives one on the root port. But in RSTP 802.1w, a bridge sends a BPDU with its current information every hello-time seconds (2 by default), even if it does not receive any from the root bridge. Also, on a given port, if hellos are not received three consecutive times, protocol information can be immediately aged out (or if max_age expires). Because of the previously mentioned protocol modification, BPDUs are now used as a keep-alive mechanism between bridges. A bridge considers that it loses connectivity to its direct neighbor root or designated bridge if it misses three BPDUs in a row. This fast aging of the information allows quick failure detection. If a bridge fails to receive BPDUs from a neighbor, it is certain that the connection to that neighbor is lost. This is opposed to 802.1D where the problem might have been anywhere on the path to the root.

(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml)

Question 4

A port in a redundant topology is currently in the blocking state and is not receiving BPDUs. To ensure that this port does not erroneously transition to the forwarding state, which command should be configured to satisfy the requirement?

A. Switch(config)#spanning-tree loopguard default
B. Switch(config-if)#spanning-tree bpdufilter
C. Switch(config)#udld aggressive
D. Switch(config-if)#spanning-tree bpduguard

Answer: A

Explanation

Loop guard prevents alternate or root ports from becoming the designated port due to a failure that could lead to a unidirectional link. An example is shown below:

Suppose S1 is the root bridge. S3′s port connected with S2 is currently blocked. Because of unidirectional link failure on the link
between S2 and S3, S3 is not receiving BPDUs from S2.

Without loop guard, the blocking port on S3 will transition to listening (upon max age timer expiration) -> learning -> forwarding state which create a loop.n

With loop guard enabled, the blocking port on S3 will transition into the STP loop-inconsistent state upon expiration of the max age timer. Because a port in the STP loop-inconsistent state will not pass user traffic, no loop is created. The loop-inconsistent state is effectively equal to the blocking state.

To enable loop guard globally use the command spanning-tree loopguard default.

Question 5

You are the administrator of a switch and currently all host-connected ports are configured with the portfast command. You have received a new directive from your manager that states that, in the future, any host-connected port that receives a BPDU should automatically disable PortFast and begin transmitting BPDUs. Which of the following commands will support this new requirement?

A. Switch(config)# spanning-tree portfast bpduguard default
B. Switch(config-if)# spanning-tree bpduguard enable
C. Switch(config-if)# spanning-tree bpdufilter enable
D. Switch(config)# spanning-tree portfast bpdufilter default

Answer: D

Explanation

The bpdufilter option feature is used to globally enable BPDU filtering on all Port Fast-enabled interfaces and this prevent the switch interfaces connected to end stations from sending or receiving BPDUs.

Note: The spanning-tree portfast bpdufilter default global configuration command can be overridden by the spanning-tree bdpufilter enable command in interface mode.

Question 6

Which two statements correctly describe characteristics of the PortFast feature? (Choose two)

A. STP will be disabled on the port.
B. PortFast can also be configured on trunk ports.
C. PortFast is required to enable port-based BPDU guard.
D. PortFast is used for both STP and RSTP host ports.
E. PortFast is used for STP-only host ports.

Answer: B D

Explanation

You can use PortFast on switch or trunk ports connected to a single workstation, switch, or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state -> B is correct.

Also, PortFast can be used for both STP and RSTP -> D is correct.

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.4/configuration/guide/stp_enha.html)

Answer C is not correct because BPDU guard can be enabled without PortFast. But what will happen if the PortFast and BPDU guard features are configured on the same port?

Well, at the reception of BPDUs, the BPDU guard operation disables the port that has PortFast configured. The BPDU guard transitions the port into errdisable state, and a message appears on the console

(Reference and good resource: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml)

Question 7

Which of the following commands can be issued without interfering with the operation of loop guard?

A. Switch(config-if)#spanning-tree guard root
B. Switch(config-if)#spanning-tree portfast
C. Switch(config-if)#switchport mode trunk
D. Switch(config-if)#switchport mode access

Answer: C

Explanation

PortFast & Root guard should be placed on ports configured as access ports while loop guard should be placed on trunk ports -> we can use the “switchport mode trunk” without interfering with the operation of loop guard.

Question 8

Which statement correctly describes enabling BPDU guard on an access port that is also enabled for PortFast?

A. Upon startup, the port transmits 10 BPDUs. If the port receives a BPDU, PortFast and BPDU guard are disabled on that port and it assumes normal STP operation.
B. The access port ignores any received BPDU.
C. If the port receives a BPDU, it is placed into the error-disable state.
D. BPDU guard is only configured globally and the BPDU filter is required for port-level configuration.

Answer: C

Explanation

If any BPDU is received on a port where BPDU guard is enabled, that port is put into the err-disable state immediately. The port is shut down in an error condition and must be either manually re-enabled or automatically recovered through the errdisable timeout function.

Note: A port that has PortFast enabled also has BPDU guard automatically enabled. By combining PortFast & BPDU guard we have a port that can quickly enter the Forwarding state from Blocking state and automatically shut down when receiving BPDUs.

Question 9

Why is BPDU guard an effective way to prevent an unauthorized rogue switch from altering the spanning-tree topology of a network?

A. BPDU guard can guarantee proper selection of the root bridge.
B. BPDU guard can be utilized along with PortFast to shut down ports when a switch is connected to the port.
C. BPDU guard can be utilized to prevent the switch from transmitteing BPDUs and incorrectly altering the root bridge election.
D. BPDU guard can be used to prevent invalid BPDUs from propagating throughout the network.

Answer: B

Question 10

Which three statements about STP timers are true? (Choose three)

A. STP timers values (hello, forward delay, max age) are included in each BPDU.
B. A switch is not concerned about its local configuration of the STP timers values. It will only consider the value of the STP timers contained in the BPDU it is receiving.
C. To successfully exchange BPDUs between two switches, their STP timers value (hello, forward delay, max age) must be the same.
D. If any STP timer value (hello, forward delay, max age) needs to be changed, it should at least be changed on the root bridge and backup root bridge.
E. On a switched network with a small network diameter, the STP hello timer can be tuned to a lower value to decrease the load on the switch CPU.
F. The root bridge passes the timer information in BPDUs to all routers in the Layer 3 configuration.

Answer: A B D

Explanation

Each BPDU includes the hello, forward delay, and max age STP timers. An IEEE bridge is not concerned about the local configuration of the timers value. The IEEE bridge considers the value of the timers in the BPDU that the bridge receives. Effectively, only a timer that is configured on the root bridge of the STP is important. If you lose the root, the new root starts to impose its local timer value on the entire network. So, even if you do not need to configure the same timer value in the entire network, you must at least configure any timer changes on the root bridge and on the backup root bridge.

(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094954.shtml)

Quick notes:

BPDU filtering: prevents the switch interfaces connected to end stations from sending or receiving BPDUs.
BPDU port-guard: If any BPDU is received on a port where BPDU guard is enabled, that port is put into the err-disable state immediately.

Question 1

Refer to the exhibit. Which statement is true about the output?

A. The port on switch CAT1 is forwarding and sending BPDUs correctly.
B. The port on switch CAT1 is blocking and sending BPDUs correctly.
C. The port on switch CAT2 is forwarding and receiving BPDUs correctly.
D. The port on switch CAT2 is blocking and sending BPDUs correctly.
E. The port on switch CAT3 is forwarding and receiving BPDUs correctly.
F. The port on switch CAT3 is forwarding, sending, and receiving BPDUs correctly.

Answer: A

Explanation

From the first lines of the “show” commands and the BPDU sent and received we can conclude:

CAT1 is forwarding and sending BPDUs correctly (BPDU: sent 237, received 1) but it is not receiving BPDUs.
CAT2 is blocking and receiving BPDUs correctly (BPDU: sent 1, received 242) but it is not sending BPDUs.
CAT3 is forwarding and sending BPDUs correctly (BPDU: sent 24, received 0) but it is not receiving BPDUs.

-> only answer A is correct.

Question 2

Which of the following specifications is a companion to the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) algorithm, and warrants the use multiple spanning-trees?

A. IEEE 802.1s (MST)
B. IEEE 802.1Q (CST)
C. Cisco PVST+
D. IEEE 802.1d (STP)

Answer: A

Explanation

MST maps multiple VLANs into a spanning tree instance, with each instance having a spanning tree topology independent of other spanning tree instances. This architecture provides multiple forwarding paths for data traffic, enables load balancing, and reduces the number of STP instances required to support a large number of VLANs. MST improves the fault tolerance of the network because a failure in one instance (forwarding path) does not affect other instances (forwarding paths).

Note: RSTP is automatically turned on along with MST (the “spanning-tree mode mst” in global configuration mode will turn on both RSTP & MST)

(Reference: http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/MST.html)

Question 3

What two things will occur when an edge port receives a BPDU? (Choose two)

A. The port immediately transitions to the Forwarding state.
B. The switch generates a Topology Change Notification (TCN) BPDU.
C. The port immediately transitions to the err-disable state.
D. The port becomes a normal STP switch port.

Answer: B D

Explanation

The concept of edge port basically corresponds to the PortFast feature. An edge port directly transitions to the forwarding state, and skips the listening and learning stages. An edge port that receives a BPDU immediately loses edge port status and becomes a normal spanning tree port.

(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml#edge)

Question 4

Which statement is true about RSTP topology changes?

A. Only nonedge ports moving to the blocking state generate a TC BPDU.
B. Any loss of connectivity generates a TC BPDU.
C. Any change in the state of the port generates a TC BPDU.
D. Only nonedge ports moving to the forwarding state generate a TC BPDU.
E. If either an edge port or a nonedge port moves to a block state, then a TC BPDU is generated.

Answer: D

Explanation

When a Switch (Bridge) discovers topology change, it generates a TCN (Topology Change Notification) BPDU (Bridge Protocol Data Unit) and sends the TCN BPDU on its root port. The upstream Switch (Bridge) responds back the sender with TCA (Topology Change Acknowledgment) BPDU (Bridge Protocol Data Unit) and TCA (Topology Change Acknowledgment) BPDU (Bridge Protocol Data Unit)
The upstream Switch (Bridge) (bridge which received the TCN BPDU) generates another TCN BPDU and sends out via its Root Port. The process continues until the Root Switch (Bridge) receives the TCN BPDU.
When the Root Switch (Bridge) is aware that there is a topology change in the network, it starts to send out its Configuration BPDUs with the topology change (TC) bit set. Configuration BPDUs are received by every Switch (Bridge) in the network and all bridges become aware of the network topology change.

The switch never generates a TCN when a port configured for PortFast goes up or down -> it means no TC will be created for PortFast (or Edge Port) -> D is correct.

(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094797.shtml)

Question 5

Which of the following conditions guarantees that a broadcast storm cannot occur?

A. a native VLAN mismatch on either side of an 802.1Q link
B. BPDU filter configured on a link to another switch
C. Spanning Tree Protocol enabled on both Layer 2 and multilayer switches
D. PortFast enabled on all access and trunk ports

Answer: C

Question 6

Which two statements are true about port BPDU Guard and BPDU filtering? (Choose two)

A. BPDU guard can be enabled globally, whereas BPDU filtering must be enabled on a per-interface basis.
B. When globally enabled, BPDU port-guard and BPDU filtering apply only to PortFast enabled ports.
C. When globally enabled. BPDU port-guard and BPDU filtering apply only to trunking-enabled ports.
D. When a BPDU is received on a BPDU port-guard enabled port, the interface goes into the err-disabled state.
E. When a BPDU is received on a BPDU filtering enabled port, the interface goes into the err-disabled state.
F. When a BPDU is received on a BPDU filtering enabled port, the interface goes into the STP blocking state.

Answer: B D

Question 7

Which of the following will generate an RSTP topology change notification?

A. an edge port that transitions to the forwarding state
B. a non-edge port that transitions to the blocking state
C. a non-edge port that transitions to the forwarding state
D. an edge port that transitions to the blocking state
E. any port that transitions to the blocking state
F. any port that transitions to the forwarding state

Answer: C

Question 8

What is the effect of configuring the following command on a switch?

A. If BPDUs are received by a port configured for PortFast, then PortFast is disabled and the BPDUs are processed normally.
B. If BPDUs are received by a port configured for PortFast, they are ignored and none are sent.
C. If BPDUs are received by a port configured for PortFast, the port will transition to forwarding state.
D. The command will enable BPDU filtering on all ports regardless of whether they are configured for BPDU filtering at the interface level.

Answer: A

Explanation

Please read the explanation of Question 3

Question 9

Refer to the show spanning-tree mst configuration output shown in the exhibit. What should be changed in the configuration of the switch SW_2 in order for it to participate in the same MST region?

A. Switch SW_2 must be configured with the revision number of 2.
B. Switch SW_2 must be configured with a different VLAN range.
C. Switch SW_2 must be configured with the revision number of 1.
D. Switch SW_2 must be configured with a different MST name.

Answer: C

Question 10

Switch R1 has been configured with the root guard feature. What statement is true if the spanning tree enhancement Root Guard is enabled?
A. If BPDUs are not received on a non-designated port, the port is moved into the STP loop-inconsistent blocked state
B. If BPDUs are received on a PortFast enabled port, the port is disabled.
D C. If superior BPDUs are received on a designated port, the interface is placed into the root-inconsistent blocked state.
D. If inferior BPDUs are received on a root port, all blocked ports become alternate paths to the root bride.

Answer: C

Question 11

Based on the show spanning-tree vlan 200 output shown in the exhibit, which two statements about the STP process for VLAN 200 are true? (Choose two)

A. BPDUs will be sent out every two seconds.
B. The time spent in the listening state will be 30 seconds.
C. The time spent in the learning state will be 15 seconds.
D. The maximum length of time that the BPDU information will be saved is 30 seconds.
E. This switch is the root bridge for VLAN 200.
F. BPDUs will be sent out every 10 seconds.

Answer: B F

Explanation

From the output you learn that:

+ This is not the root bridge for VLAN 200 (it does not have the line “This bridge is the root” and the root bridge information is shown first. It has a Alternative port).
+ The root bridge is sending Hello every 10 seconds, Max Age is 20 seconds and Forward Delay is 15 seconds while the local bridge is sending Hello every 2 seconds, Max Age is 20 seconds and Forward Delay is 15 seconds.

Aan IEEE bridge is not concerned about the local configuration of the timers value. The IEEE bridge considers the value of the timers in the BPDU that the bridge receives. Effectively, only a timer that is configured on the root bridge of the STP is important. In this case, the local switch will import STP timers from the root bridge -> The listening state (or learning state) will be 30 seconds, which equals to Forward Delay. Also BPDUs will be sent out every 10 seconds (Hello packets).

(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094954.shtml)

Notes:

The Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) facilitate the automatic creation of EtherChannels by exchanging packets between Ethernet interfaces. The Port Aggregation Protocol (PAgP) is a Cisco-proprietary solution, and the Link Aggregation Control Protocol (LACP) is standards based.

LACP modes:

+ on: the link aggregation is forced to be formed without any LACP negotiation. A port-channel is formed only if the peer port is also in “on” mode.
+ off: disable LACP and prevent ports to form a port-channel
+ passive: the switch does not initiate the channel, but does understand incoming LACP packets
+ active: send LACP packets and willing to form a port-channel

PAgP modes:

+ on: The link aggregation is forced to be formed without any PAgP negotiation. A port-channel is formed only if the peer port is also in “on” mode.
+ off: disable PAgP and prevent ports to form a port-channel
+ desirable: send PAgP packets and willing to form a port-channel
+ auto: does not start PAgP packet negotiation but responds to PAgP packets it receives

An EtherChannel in Cisco can be defined as a Layer 2 EtherChannel or a Layer 3 EtherChannel.
+ For Layer 2 EtherChannel, physical ports are placed into an EtherChannel group. A logical port-channel interface will be created automatically. An example of configuring Layer 2 EtherChannel can be found in Question 1 in this article.

+ For Layer 3 EtherChannel, a Layer 3 Switch Virtual Interface (SVI) is created and then the physical ports are bound into this Layer 3 SVI. An example of configuring Layer 3 EtherChannel can be found in Question 6 in this article.

Question 1

Refer to the exhibit. LACP has been configured on Switch1 as shown. Which is the correct command set to configure LACP on Switch2?

A.
Switch2# configure terminal
Switch2(config)# interface range gigabitethernet3/1 -2
Switch2(config-if)# channel-group 5 mode auto

B.
Switch2# configure terminal
Switch2(config)# interface range gigabitethemet3/1 -2
Switch2(config-if)# channel-group 5 mode passive

C.
Switch2# configure terminal
Switch2(config)# interface range gigabitethernet3/1 -2
Switch2(config-if)# channel-group 5 mode desirable

D.
Switch2# configure terminal
Switch2(config)# interface range gigabitethernet3/1 -2
Switch2(config-if)# channel-group 5 mode on

Answer: B

Explanation

LACP trunking supports four modes of operation, as follows:
* On: The link aggregation is forced to be formed without any LACP negotiation. In other words, the switch will neither send the LACP packet nor process any incoming LACP packet. This is similar to the on state for PAgP.
* Off: The link aggregation will not be formed. We do not send or understand the LACP packet. This is similar to the off state for PAgP.
* Passive: The switch does not initiate the channel, but does understand incoming LACP packets. The peer (in active state) initiates negotiation (by sending out an LACP packet) which we receive and reply to, eventually forming the aggregation channel with the peer. This is similar to the auto mode in PAgP.
* Active: We are willing to form an aggregate link, and initiate the negotiation. The link aggregate will be formed if the other end is running in LACP active or passive mode. This is similar to the desirable mode of PAgP.

LACP does not have “auto” & “desirable” modes so A & C are not correct.

Also there are only three valid combinations to run the LACP link aggregate, as follows:

Therefore if Switch1 is set “active” mode, we cannot set “on” mode on Switch2 -> D is not correct.

Only answer B is suitable in this case.

(Reference: http://www.cisco.com/en/US/tech/tk389/tk213/technologies_configuration_example09186a0080094470.shtml)

An example of configuring Layer 2 EtherChannel using LACP (applied these commands to both switches):

Question 2

Refer to the exhibit. The command switchport mode access is issued on interface FastEthernet0/13 on switch CAT1. What will be the result?

A. The command will be rejected by the switch.
B. Interfaces FastEthernet0/13 and FastEthemet0/14 will no longer be bundled.
C. Dynamic Trunking Protocol will be turned off on interfaces FastEthernet0/13 and FastEthemet0/14.
D. Interfaces FastEthernet0/13 and FastEthernet0/14 will only allow traffic from the native VLAN.
E. Interfaces FastEthernet0/13 and FastEthernet0/14 will continue to pass traffic for VLANs 88,100,360.

Answer: B

Explanation

The default channel protocol in Cisco switches is Port Aggregation Protocol (PAgP). PAgP groups the interfaces with the same speed, duplex mode, native VLAN, VLAN range, and trunking status and type. After grouping the links into an EtherChannel, PAgP adds the group to the spanning tree as a single switch port.

An interface in the on mode that is added to a port channel is forced to have the same characteristics as the already existing on mode interfaces in the channel (applied for both PAgP & LACP). So if we configure “switchport mode access” on Fa0/13, this interface will no longer be bundled with Fa0/14.

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_14_ea1/configuration/guide/swethchl.html#wpxref12539)

Question 3

What is the result of entering the command “port-channel load-balance src-dst-ip” on an EtherChannel link?

A. Packets are distributed across the ports in the channel based on both the source and destination MAC addresses.
B. Packets are distributed across the ports in the channel based on both the source and destination IP addresses.
C. Packets are balanced across the ports in the channel based first on the source MAC address, then on the destination MAC address, then on the IP address.
D. Packets are distributed across the access ports in the channel based first on the source IP address and then the destination IP addresses.

Answer: B

Explanation

The syntax of configuring load balancing on a Cisco switch is:

Many methods can be used here. By default, the “src-dst-ip” (source and destination IP address) method is used for Layer 3 switching. Let’s take an example to understand more about this method.

In the topology above, Switch1 uses the “src-dst-ip” method to load balancing traffic to Switch2. With this method, only one link is used for a specific pair of source & destination IP address and the switch uses the XOR function to generate the hash that is used to determine which interface to use. Suppose the packets have the source IP of 1.1.1.1 & destination IP of 1.1.1.2. Write them in binary we get:

1.1.1.1 = 0000 0001.0000 0001.0000 0001.0000 0001
1.1.1.2 = 0000 0001.0000 0001.0000 0001.0000 0010

In this case we have only 2 interfaces in this channel group so the XOR function only gets the last bit, which means 1 XOR 0 = 1. Each interface is assigned an index that starts from 0 so Fa0/2 will be indexed 1 -> traffic will be sent over Fa0/2.

If we have 4 interfaces in a channel group then XOR function gets last 2 bits. If we have 8 interfaces, it gets 3 bits and so on. For example, with 8 interfaces the result will be 3 (because 001 XOR 010 = 011) -> Fa0/4 will be used.

Note: If the two address values have the same bit value, the XOR result is always 0. If the two address bits differ, the XOR result is always 1. For example, 0 XOR 0 = 0; 0 XOR 1 = 1; 1 XOR 0 = 1; 1 XOR 1 = 0.

In conclusion, the “port-channel load-balance src-dst-ip” command uses a pair of source & destination IP address to select the port to send traffic to -> B is correct.

Question 4

Refer to the exhibit. Which statement is true about the display of the command “show pagp 1 neighbor” command?

A. STP packets are sent out the Gi0/1 interface only.
B. STP packets are sent out both the Gi0/1 and Gi0/2 interfaces.
C. CDP packets are sent out the Gi0/1 interface only.
D. CDP packets are sent out the Gi0/2 interface only.

Answer: A

Explanation

DTP and CDP send and receive packets over all the physical interfaces in the EtherChannel while STP always chooses the first operational port in an EtherChannel bundle -> A is correct.

Question 5

Refer to the exhibit. On the basis of the information that is generated by the show commands, which two EtherChannel statements are true? (Choose two)

A. Interfaces FastEthernet 0/1 and 0/2 have been configured with the channel-group 1 mode desirable command.
B. Interfaces FastEthernet 0/3 and 0/4 have been configured with the no switchport command.
C. Interface Port-Channels 1 and 2 have been assigned IP addresses with the ip address commands.
D. Port-Channels 1 and 2 are providing two 400 Mbps EtherChannels.
E. Port-Channels 1 and 2 are capable of combining up to 8 FastEthernet ports to provide full-duplex bandwidth of up to 16 Gbps between a switch and another switch or host.
F. Switch SW1 has been configured with a Layer 3 EtherChannel.

Answer: A D

Explanation

In fact answer A is not totally correct because two ports Fa0/1 & Fa0/2 of Sw1 can use the “channel-group 1 mode auto” command while the peer ports use the “channel-group 1 mode desirable” command. But maybe it is the best choice in this case.

Answer B is not correct because this is a Layer 2 EtherChannel (from the lines “Po1 (SU)” & “Group state = L2″) but the “no switchport” is only used to configure Layer 3 EtherChannel.

Answer C is not correct because the port-channel is automatically created in a Layer 2 EtherChannel.

In this case we can see the ports are FastEthernet ports -> Port-Channels 1 and 2 are capable of combining up to 8 FastEthernet ports to provide full-duplex bandwidth of up to 1.6 Gbps (8 links of FastEthernet ports), not 16 Gbps. Port-Channels can provide up to 16 Gbps if they group 8 links of GigabitEthernet -> E is not correct.

SW1 has been configured with a Layer 2 EtherChannel (from the lines “Po1 (SU)” & “Group state = L2″) -> F is not correct.

Usually the EtherChannel protocol is shown when using the “show etherchannel summary” command (after the “Port-channel” column) but in this case we see no “protocol” column so we can assume it uses the default EtherChannel protocol PAgP.

There are 2 ports in each group so there are 4 Ethernet ports in total -> 4 x 100Mbps = 400Mbps in full duplex (which means “two 400 Mbps EtherChannels” in answer D) -> D is correct.

Question 6

Which statement is true regarding the Port Aggregation Protocol?

A. Configuration changes made on the port-channel interface apply to all physical ports assigned to the portchannel interface.
B. Configuration changes made on a physical port that is a member of a port-channel interface apply to the port-channel interface.
C. Configuration changes are not permitted with Port Aggregation Protocol; instead, the standardized Link Aggregation Control Protocol should be used if configuration changes are required.
D. The physical port must first be disassociated from the port-channel interface before any configuration changes can be made.

Answer: A

Explanation

The port-channel interface represents for the whole bundle and all the configurations on this interface are applied to all physical ports that are assigned to this logical interface.

Note: We must manually create port-channel logical interface when configuring Layer 3 EtherChannels. The port-channel logical interface is automatically created when configuring Layer 2 EtherChannels (you can’t put Layer 2 ports into a manually created port channel interface).

An example of configuring Layer 3 EtherChannels with port-channel interfaces:

Note: The “no switchport” command is required to change interface from layer2 to layer3 mode.

Question 7

Which three statements are true of the Link Aggregation Control Protocol (LACP)? (Choose three)

A. LACP is used to connect to non-Cisco devices.
B. LACP packets are sent with the command channel-group 1 mode desirable.
C. LACP packets are sent with the command channel-group 1 mode active.
D. Standby interfaces should be configured with a higher priority.
E. Standby interfaces should be configured with a lower priority.

Answer: A C D

Explanation

LACP is part of the IEEE specification 802.3ad so that it can be used on non-Cisco devices -> A is correct.

With mode “active”, the switch will send LACP packets, initiates negotiations with remote ports and willing to form a port-channel if it receives a response -> C is correct.

LACP uses the port priority with the port number to form the port identifier. The port priority determines which ports should be put in standby mode when there is a hardware limitation that prevents all compatible ports from aggregating.

An example of configuring LACP port priority:

Note: Valid range is from 1 to 65535. The higher the number, the lower the priority so standby interfaces should be configured with a higher priority -> D is correct.

Question 8

Refer to the exhibit. What does the command channel-group 1 mode desirable do?

A. enables LACP unconditionally
B. enables PAgP only if a PAgP device is detected
C. enables PAgP unconditionally
D. enables Etherchannel only
E. enables LACP only if a LACP device is detected

Answer: C

Explanation

First, “desirable” is a mode on PAgP, not LACP. “enable PAgP unconditionally” means that port will send PAgP packets to form an EtherChannel port (initiate negotiations with other ports). A channel is formed with another port group in either desirable or auto mode.

Note:

Mode “auto” enables PAgP only if a PAgP device is detected and mode “on” forces the port to form a channel.

Question 9

Which statement best describes implementing a Layer 3 EtherChannel?

A. EtherChannel is a Layer 2 and not a Layer 3 feature.
B. Implementation requires switchport mode trunk and matching parameters between switches.
C. Implementation requires disabling switchport mode.
D. A Layer 3 address is assigned to the channel-group interface.

Answer: C

Explanation

By default, the ports on a multilayer switch (MLS) will all be running in Layer 2 mode. A port must be configured as a routing port before it is configured as a Layer 3 EtherChannel -> require to use the “no switchport” command.

Question 1:

Study the exhibit carefully. Both host stations are part of the same subnet but are in different VLANs. On the basis of the information presented in the exhibit, which statement is true about an attempt to ping from host to host?

A – Layer 3 device is needed for the ping command to be successful.
B – A trunk port will need to be configured on the link between SA and SB for the ping command to be successful.
C – The two different hosts will need to be in the same VLAN in order for the ping command to be successful.
D – The ping command will be successful without any further configuration changes.

Answer: D

Explanation:

For two hosts in different VLANs, we must use a layer 3 device to transport packages between them. However, in this case both switches are set in “access” mode therefore the VLAN information sent between them will be set as untagged. Moreover, they are in the same subnet so they can ping each other without a layer 3 device.

Question 2:

Based on the following exhibit, which problem is preventing users on VLAN 100 from pinging addresses on VLAN 200?

A – Native VLAN mismatch.
B – Subinterfaces should be created on Fa0/7 and Fa0/8 on DLS1.
C – Trunking needs to be enabled.
D – The ip routing command is missing on DLS1.

Answer: D

Explanation:

To allow communication between two VLANs, we need to enables Layer 3 routing on the switch with the “ip routing” command. Some flatforms are enabled by default but some are not.

Question 3:

Based on the network diagram and routing table output in the exhibit, which one of these statements is true?

A – InterVLAN routing has been configured properly, and the workstations have connectivity to each other.
B – InterVLAN routing will not occur since no routing protocol has been configured.
C – Although interVLAN routing is not enabled, both workstations will have connectivity to each other.
D – Although interVLAN routing is enabled, the workstations will not have connectivity to each other.
E – None of the above.

Answer: A

Explanation:

In the output we can see both VLAN10 and VLAN20 are shown up (as networks 10.1.1.0 and 10.2.2.0) so the routing has been configured properly. Notice that the “C” letter indicates that these networks are directly connected with the router.

Question 4:

Study the following exhibit carefully, what is the reason that users from VLAN 100 can’t ping users on VLAN 200?

A – IP routing needs to be enabled on the switch
B – Trunking needs to be enabled on Fa0/1
C – VLAN 1 needs the no shutdown command
D – The native VLAN is wrong

Answer: B

Explanation:

The Fa0/1 interface on the switch is not configured with trunking mode. It needs to be configured as shown below:

SA(config)#interface Fa0/1
SA(config-if)#switchport mode trunk
SA(config-if)#switchport trunk encapsulation dot1q

Question 5:

Assume that a host sends a packet to a destination IP address and that the CEF-based switch does not yet have a valid MAC address for the destination. How is the ARP entry (MAC address) of the next-hop destination in the FIB get?

A – The sending host must send an ARP request for it
B – All packets to the destination are dropped
C – The Layer 3 forwarding engine (CEF hardware) must send an ARP request for it
D – CEF must wait until the Layer 3 engine sends an ARP request for it

Answer: D

Explanation:

If a valid MAC address for the destination is not found, the Layer 3 forwarding engine can’t forward the packet in hardware due to the missing Layer 2 next-hop address. Therefore the packet is sent to the Layer 3 Engine so that it can generate an ARP request (this is called the “CEF glean” state)

Question 6:

CEF is a complete new routing switch technology . Which two table types are CEF components?(Choose two)

A – adjacency tables
B – caching tables
C – neighbor tables
D – forwarding information base

Answer: A D

(Questions 1 to 4 use the same picture)

Question 1:

You work as a network technician, study the exhibit carefully. What is the effect on the trust boundary of configuring the command mls qos trust cos on the switch port that is connected to the IP phone?

A – Effectively the trust boundary has been moved to the IP phone.
B – The host is now establishing the CoS value and has effectively become the trust boundary.
C – The switch SW is rewriting packets it receives from the IP phone and determining the CoS value.
D – The switch SW will no longer tag incoming voice packets and will trust the distribution layer switch to set the CoS.

Answer: A

Explanation:

The “mls qos trust cos” command is used to configure the port trust state (by default, the port is not trusted). By using this command, you can configure the switch port to which the telephone is connected to trust the CoS labels of all traffic received on that port.

(Note: All current Cisco IP Phones include an internal three-port Layer 2 switch therefore you can think an IP Phone as a switch and network administrators generally accept a Cisco IP Phone as a trusted device.)

Question 2:

If you are a network technician, study the exhibit carefully. Which switch interface configuration command would automatically configure quality of service (QoS) for voice over IP (VoIP) within a QoS domain?

A. auto qos voip cisco-phone
B. mls qos trust
C. switchport priority extend cos 7
D. switchport priority extend trust

Answer: A

Explanation:

The command “mls qos trust” is used to configure the port trust state (by default, the port is not trusted).

The command “switchport priority extend cos 7″ sets the IP phone port to override the priority received from the PC or the attached device (7 is the highest priority).

The command “switchport priority extend trust” tells the Cisco IP Phone to trust the CoS value of the connected PC without remark all packets sent form PC to CoS 0, by default.

Question 3:

Study the exhibit carefully. Which statement is true about the voice traffic coming to the switch access port that is connected to the IP phone?

A. The voice VLAN must be configured as a native VLAN on the switch.
B. A PC connected to a switch port via an IP phone must support a trunking encapsulation.
C. The traffic on the voice VLAN must be tagged with 802.1p encapsulation in order to coexist on the same LAN segment with a PC.
D. A PC connected to a switch port via an IP phone is unaware of the presence of the phone.

Answer: D

Explanation:

The voice VLAN can be configured over a unique voice VLAN (known as the voice VLAN ID or VVID) or over native VLAN -> A is not correct.

The ports k between PC and IP Phone are always functioned as access-mode switch ports so there is no need to support a trunking encapsulation -> B is not correct.

The traffic on the voice VLAN can be tagged with 802.1p encapsulation or 802.1q encapsulation -> C is not correct.

Most Cisco IP Phone models operate as a three-port switch as shown below. Nowadays, the voice traffic and data traffic will normally be on different IP subnets and the IP Phone is unaware of the presence of the phone.

Question 4:

Study the exhibit carefully. Which statement is true when voice traffic is forwarded on the same VLAN used by the data traffic?

A. Quality of service cannot be applied for the voice traffic.
B. The voice traffic cannot be forwarded to the distribution layer.
C. Port security cannot be enabled on the switch that is attached to the IP phone.
D. The voice traffic cannot use 802.1p priority tagging.

Answer: D

Question 5:

Which two codes are supported by Cisco VoIP equipment?

A. G.701 and G719
B. G.711 and G.729
C. G.721 and G.739
D. G.731 and G.749

Answer: B

Question 6:

Study the exhibit carefully, then tell me what is the problem with this configuration?

A – Spanning tree PortFast cannot be configured on a port where a voice VLAN is configured.
B – The switch port must be configured as a trunk.
C – Sticky secure MAC addresses cannot be used on a port when a voice VLAN is configured.
D – Spanning tree PortFast cannot be configured on a port when a sticky secure MAC address is used.

Answer: C

Quick summary:

HSRP, VRRP, or GLBP is used to allow specific routers to appear as a single router to make the failover transparent to the end users.

Question 1:

You have just purchased a new Cisco 3550 switch running the enhanced IOS and need to configure it to be installed in a high availability network. Which three types of interfaces can be used to configure HSRP on a 3550 EMI switch? (Choose three)

A – BVI interface
B – routed port
C – SVI interface
D – Access port
E – EtherChannel port channel
F – Loopback Interface

Answer: B C E

Explanation:

To configure HSRP, a Layer 3 interface is needed. They can be:

- Routed port: a physical port configured as a Layer 3 port by entering the no switchport interface configuration command.
– SVI: a VLAN interface created by using the interface vlan vlan_id global configuration command and by default a Layer 3 interface.
– Etherchannel port channel in Layer 3 mode: a port-channel logical interface created by using the interface port-channel port-channel-number global configuration command and binding the Ethernet interface into the channel group.

Reference:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1/configuration/guide/swhsrp.html

Question 2:

You work as a network technician , study the exhibit carefully. Which two statements are true about the output from the show standby vlan 50 command? (Choose two)

A. Catalyst_A is load sharing traffic in VLAN 50.
B. Hosts using the default gateway address of 192.168.1.2 will have their traffic sent to Catalyst_A.
C. The command standby 1 preempt was added to Catalyst_A.
D. Hosts using the default gateway address of 192.168.1.1 will have their traffic sent to 192.168.1.11 even after Catalyst _A becomes available again.

Answer: A C

Explanation:

The output shows that the Catalyst_A switch is the active router for HSRP group 1 and the standby router for HSRP group 2 on interface VLAN 50. This means that another switch is the active router for HSRP group 2 on interface VLAN 50 -> A is correct, Catalyst_A is load sharing traffic in VLAN 50.

B is not correct, only hosts using the default gateway address of 192.168.1.1 will have their traffic sent to Catalyst_A

From the output, we notice that there is a line showing that “Local State is Active, priority 200 may preempt”. This indicates the command “standby 1 preempt” was added to Catalyst_A. If the active router (this router) fails, another router takes over its active role. The original active router is not allowed to resume the active role when it is restored until the new active router fails. Pre-empting allows a higher-priority router to take over the active role immediately.

Question 3:

You are a network technician, study the exhibit carefully. Both routers are configured for the Gateway Load Balancing Protocol (GLBP). Which statement is true?

A. The default gateway address of each host should be set to to the virtual IP address.
B. The default gateway addresses of both hosts should be set to the IP addresses of both routers.
C. The hosts will have different default gateway IP addresses and different MAC addresses for each.
D. The hosts will learn the proper default gateway IP address from Router RA.

Answer: A

Question 4:

You are a network technician, study the exhibit carefully. Assume that Host PC can ping the Ccorporate Headquarters and that HSRP is configured on DS1, which is then reloaded. Assume that DS2 is then configured and reloaded. On the basis of this information, what conclusion can be drawn?

A. DS1 will be the active router because it booted first.
B. DS1 will be the standby router because it has the lower IP address.
C. DS1 will be the active router because it has the lower priority configured.
D. DS2 will be the active router because it booted last.

Answer: A

Explanation:

The configuration does not have the “standby 60 preempt”command so the first booted router will take the active role with any priority.

Question 5:

HSRP is a Cisco-proprietary protocol developed to allow several routers (or multilayer switches) to appear as a single gateway address. Which two statements are true about the Hot Standby Router Protocol (HSRP)? (Choose two)

A – Load sharing with HSRP is achieved by creating multiple subinterfaces on the HSRP routers.
B – Routers configured for HSRP can belong to multiple groups and multiple VLANs.
C – All routers configured for HSRP load balancing must be configured with the same priority.
D – Load sharing with HSRP is achieved by creating HSRP groups on the HSRP routers.

Answer: B D

Question 6:

If you are a network technician, study the exhibit carefully. Which Virtual Router Redundancy Protocol (VRRP) statement is true about the roles of the master virtual router and the backup virtual router?

A – Router RA is the master virtual router, and Router RB is the backup virtual router. When Router RA fails, Router RB will become the master virtual router. When Router RA recovers, Router RB will maintain the role of master virtual router.
B – Router RA is the master virtual router, and Router RB is the backup virtual router. When Router RA fails, Router RB will become the master virtual router. When Router RA recovers, it will regain the master virtual router role.
C – Router RB is the master virtual router, and Router RA is the backup virtual router. When Router RB fails, Router RA will become the master virtual router. When Router RB recovers, RouterRA will maintain the role of master.
D – Router P4S-RB is the master virtual router, and Router RA is the backup virtual router. When Router P4S-RB fails, Router
RA will become the master virtual router. When Router RB recovers, it will regain the master virtual router role.

Answer: B

Explanation:

Router RA is the master virtual router because of its higher priority (110). By default, the pre-empting function is enabled so Router RB will become the master virtual router when RA fails; and when RA recovers, it will take the master role again.

Question 7:

You are a network technician, do you know which three statements are correct about a default HSRP configuration? (Choose three)

A – The Standby track interface priority is 10.
B – The Standby priority is 100.
C – The Standby hold time is 10 seconds.
D – Two HSRP groups are configured.

Answer: A B C

Question 8:

You work as a network technician at Technical Corporation. Your boss is interested in GLBP. Study the network topology exhibit carefully. Which three statements accurately describe this GLBP topology? (Choose three)

A – If RA becomes unavailable, RB will forward packets sent to the virtual MAC address of RA.
B – RA is responsible for answering ARP requests sent to the virtual IP address.
C – If another router were added to this GLBP group, there would be two backup AVGs.
D – RA alternately responds to ARP requests with different virtual MAC addresses.

Answer: A B D

Explanation:

If RA fails, the GLBP protocol informs RB to replace the AVG that is down. The new AVG (in this case RB) will forward the packet sent to the 0008.b400.0101 virtual mac address, so the client sees no disruption of service nor does it need to resolve a new MAC address for the default gateway. -> A is correct.

RA, which is the AVG, replies to the ARP requests from clients with different virtual MAC addresses, thus achieving load balancing -> B is correct.

RA is elected as the AVG and RB is elected as the standby virtual gateway. If another router is added to this GLBP group, it will become a backup AVG -> there is only one backup AVG -> C is not correct.

“RA alternately responds to ARP requests with different virtual MAC addresses” this is the way GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Which MAC address it returns depends on which load-balancing algorithm it is configured to use -> D is correct.

Question 1:

Which two Lightweight Access Point Protocol (LWAPP) statements are true? (Choose two)

A. Layer 3 LWAPP is a UDP / IP frame that requires a Cisco Aironet AP to obtain an IP address using DHCP.
B. Data traffic is encapsulated in UDP packets with a source port of 1024 and a destination port of 12223.
C. Data traffic is encapsulated in TCP packets with a source port of 1024 and destination port of 12223.
D. Control traffic is encapsulated in UDP packets with a source port of 1024 and a destination port of 12223.

Answer: A D

Question 2:

Which statement about the Lightweight Access Point Protocol (LWAPP) is true?

A – LWAPP encrypts control traffic between the AP and the controller.
B – LWAPP encrypts user traffic with a x.509 certificate using AES-CCMP.
C – LWAPP encrypts both control traffic and user data.
D – When set to Layer 3, LWAPP uses a proprietary protocol to communicate with the Cisco Aironet APs.

Answer: A

Question 3:

LWAPP is meant to be a network protocol for access points that also provides for centralized management. Which issue or set of issues does the Lightweight Access Point Protocol (LWAPP) address?

A. provides security by blocking communication between access points and wireless clients.
B. reduction of processing in wireless controllers.
C. distributed approach to authentication, encryption, and policy enforcement.
D. access point discovery, information exchange, and configuration.

Answer: D

Question 4:

If you are a network technician, which two WLAN client utility statements do you think are true? (Choose two)

A. In a Windows XP environment, a client adapter can only be configured and managed with the Microsoft Wireless Configuration Manager.
B. The Microsoft Wireless Configuration Manager can be configured to display the Aironet System Tray Utility (ASTU) icon in the Windows system tray.
C. The Cisco Aironet Desktop Utility (ADU) and the Microsoft Wireless Configuration Manager can both be enabled at the same time to setup WLAN client cards.
D. The Aironet Desktop Utility (ADU) can be used to enable or disable the adapter radio and to configure LEAP authentication with dynamic WEP.

Answer: B D

Question 5:

In order to enhance worker productivity, a Cisco wireless network has been implemented at all locations. Which three WLAN statements are true? (Choose three)

A. A WLAN client that is operating in half-duplex mode will delay all clients in that WLAN.
B. Ad hoc mode allows mobile clients to connect directly without an intermediate AP.
C. A lightweight AP receives control and configuration from a WLAN controller to which it is associated.
D. WLANs are designed to share the medium and can easily handle an increased demand of channel contention.

Answer: A B C

Question 6:

Currently in draft status at the IETF, LWAPP outlines a standard protocol to be used by switches or routers to control a group of IEEE 802.11 wireless LAN access points and make their deployment much simpler than is possible today. Which statement about the Lightweight Access Point Protocol (LWAPP) protocol is true?

A. The processing of 802.11 data and management protocols and access point capabilities is distributed between a lightweight access point and a centralized WLAN controller.
B. LWAPP authenticates all access points in the subnet and establishes a secure communication channel with each of them.
C. LWAPP advertises its WDS capability and participates in electing the best WDS device for the wireless LAN.
D. LWAPP aggregates radio management forward information and sends it to a wireless LAN solution engine.

Answer: A

Question 7:

Which set of statements describes the correct order and process of a wireless client associating with a wireless access point?

A.
1. Client sends probe request.
2. Access point sends probe response.
3. Client initiates association.
4. Access point accepts association.
5. Access point adds client MAC address to association table.

B.
1. Client sends probe request.
2. Access point sends probe response.
3. Access point initiates association.
4. Client accepts association.
5. Access point adds client MAC address to association table.

C.
1. Access point sends probe request .
2. Client sends probe response.
3. Client initiates association.
4. Access point accepts association.
5. Client adds access point MAC address to association table.

D.
1. Client sends probe request.
2. Access point sends probe response.
3. Client initiates association.
4. Access point accepts association.
5. Client adds access point MAC address to association table.

Answer: A

Question 8:

You are a network technician, study the exhibit carefully. What should be taken into consideration when using the Cisco Aironet Desktop Utility (ADU) to configure the static WEP keys on the wireless client adapter?

A – Before the client adapter WEP key is generated, all wireless infrastructure devices (such as access points, servers, etc.) must be properly configured for LEAP authentication.
B – The client adapter WEP key should be generated by the AP and forwarded to the client adapter before the client adapter can establish communication with the wireless network.
C – In infrastructure mode the client adapter WEP key must match the WEP key used by the access point. In ad hoc mode all client WEP keys within the wireless network must match each other.
D – The client adapter WEP key should be generated by the authentication server and forwarded to the client adapter before the client adapter can establish communication with the wireless network.

Answer: C

Question 9:

You work as a network technician ,please study the exhibit carefully. When it attempts to register to a wireless LAN controller (WLC), what type of message is transmitted by the lightweight access point (LAP)?

A – The LAP will send both Layer 2 and Layer 3 Lightweight Access Point Protocol (LWAPP) mode discovery request messages at the same time.
B – The LAP will send Layer 2 Lightweight Access Point Protocol (LWAPP) mode discovery request messages only.
C – The LAP will send Layer 3 Lightweight Access Point Protocol (LWAPP) mode discovery request messages only.
D – The LAP will send Layer 2 Lightweight Access Point Protocol (LWAPP) mode discovery request messages. If the attempt fails, the LAP will try Layer 3 LWAPP WLC discovery.

Answer: D

Question 10:

Please study the exhibit carefully. Which one is true about the configuration of access point MAC addresses on the wireless client?

A – If the wireless client is out of range of the specified access point or points it will not associate with other access points.
B – Each access point MAC address that is specified must have a separate SSID configured on the GENERAL configuration tab.
C – Each access point MAC address that is specified must have the same SSID configured on the GENERAL configuration tab.
D – If the wireless client is out of range of the specified access point or points it can associate with other access points.

Answer: D

1. Please tell me how many questions in the real SWITCH exam, and how much time to answer them?

There are 50 questions, including 3 lab-sims. You have 90 minutes to answer them but if your native language is not English, Cisco allows you a 30-minute exam time extension.

2. How much does the SWITCH 642-813 cost? And how many points I need to pass the exam?

This exam costs $200. You need at least 790/1000 points to pass this exam.

3. I passed the SWITCH exam, will I get a certificate for it?

No, Cisco does not ship SWITCH Exam certificate, it only ships you a certificate after completing the full CCNP track of 3 exams (ROUTE, SWITCH & TSHOOT).

4. Which sims will I see in the SWITCH exam?

The popular sims now are LACP with STP Sim, MLS and EIGRP Sim, AAAdot1x Lab Sim and please notice that the IP addresses, switch names may be different (it is also true for Drag and Drop questions)

5. How many points will I get for one sim?

Maybe you will get about 80 to 100 points for each sim, just like the CCNA exam.

6. In the real exam, I clicked “Next” after choosing the answer, can I go back for reviewing?

No, you can’t go back so you can’t re-check your answers after clicking the “Next” button.

7. I understand I will get CCNP certificate after completing 3 exams ROUTE, SWITCH and TSHOOT but can I take them in any order I like?

Yes, you can take these 3 exams in any order you like but the most popular “roadmap” is ROUTE then SWITCH and TSHOOT.

8. What are your recommended materials for SWITCH 642-813?

There are many options you can choose, but below are materials used and recommended by many candidates:

Books:

• CCNP SWITCH 642-813 Official Certification Guide
• CCNP SWITCH Portable Command Guide
• SWITCH 642-813 Student Guide (Volume 1 & 2)
• SWITCH 642-813 Quick Reference

Video Training:

• CCNP SWITCH 642-813 CBT Nuggets
• SWITCH 642-813 Cisco Video Mentor

Please don’t post links to copyrighted work here!