Term
|
Definition
A device that needs to transmit must listen for traffic on the shared medium. If there is traffic then it waits. If there is no traffic then it sends. The device continues to listen while sending. If another device also sends then the signals will meet and there is a collision. The device detects a collision if it receives signals while it is transmitting. On detecting a collision, the transmitting devices send out a jamming signal to warn all devices on the network that there is a collision. All devices stop transmissions and run the backoff algorithm that gives them a random time to wait before attempting to transmit again. Any device may be the first to transmit after the backoff period. The devices that were transmitting at the time of the collision do not have any priority |
|
|
Term
What are unicast, broadcast and multicast transmissions? |
|
Definition
A unicast transmission is addressed to one host. The majority of transmissions are unicast. A broadcast transmission is addressed to all hosts on the network, e.g. ARP request, RIPv1 updates. A multicast transmission is addressed to a specific group of devices. RIPv2 updates are multicast and processed only by routers running RIPv2. Videoconferencing between a group of hosts would use multicast messages. |
|
|
Term
In an Ethernet frame, which field comes immediately after the start frame delimiter, and how long is this field? |
|
Definition
The Destination MAC Address field, which is 6 bytes long. |
|
|
Term
What is the purpose of the Length/Type field? |
|
Definition
If the value in the Length/Type field is less than 0x0600 then it gives the length of the frame’s data field. If the value is 0x0600 or more then it is a code to identify the type of protocol running at OSI layer 3. |
|
|
Term
How long is the data field, and why is a pad sometimes needed? |
|
Definition
The data field can be anything from 46 to 1500 bytes. A data field of 46 bytes would give a total frame length of 64 bytes, and this is the smallest frame allowed in order for collisions to be detected in time for the CSMA/CD process to work properly. If the amount of data is less than 46 bytes then a pad is added to make the length up to 46 bytes. |
|
|
Term
What is the purpose of the field in the frame trailer? |
|
Definition
The trailer contains the Frame Check Sequence Field. The sending device carries out a cyclic redundancy check calculation based on the contents of the frame, and stores the result in this field. The receiving device carried out the same calculation and compares the result with the contents of the field. If they are different then the frame has been corrupted in transmission and should be discarded. |
|
|
Term
How long is a MAC address and how is it written? |
|
Definition
48 bits. It is written as 12 hexadecimal digits in one of three formats: 00-05-9A-3C-78-00, 00:05:9A:3C:78:00, or 0005.9A3C.7800. |
|
|
Term
How does the NIC of a receiving PC use the destination MAC address? |
|
Definition
If the destination MAC address is the address of the Ethernet port of the NIC, or is a broadcast address or a multicast address being used by the device, then the frame is passed up to the network layer for further processing. If not, then the frame is discarded. |
|
|
Term
What is the Organizational Unique Identifier? |
|
Definition
The first 24 bits of a MAC address. It identifies the manufacturer of the NIC or device. |
|
|
Term
Where must half duplex transmission be used on an Ethernet network? |
|
Definition
Where there is a shared medium, for example where devices are connected by a hub. Ports set to use full duplex have their collision detection capabilities disabled, so full duplex must not be used on a shared medium. |
|
|
Term
What are the conditions for collision-free operation on an Ethernet network? |
|
Definition
Fully switched and full duplex so that each end device has a dedicated link in each direction to the switch. |
|
|
Term
What is the advantage of having a switch port set to auto, rather than full or half, and what is a potential problem? |
|
Definition
A switch port set to auto will attempt to negotiate with the device at the other end of the link on whether the link should operate using full or half duplex. If the other device is also able to autonegotiate then they will choose the best option that they can both manage, which should be full duplex. There is no need for manual configuration. There could be a problem if the other device is not able to autonegotiate, but is set to use full duplex. When autonegotiation fails, the switch will default to half duplex and there will be a mismatch leading to errors. |
|
|
Term
What is the advantage of having the auto-MDIX feature enabled on a switch port? |
|
Definition
You can use either a straight-through or a crossover cable. The switch will detect which is in use and compensate accordingly. |
|
|
Term
What is the purpose of a switch MAC address table? |
|
Definition
It contains a list of switch ports with the MAC address of the device connected to each port. When a frame arrives, the switch reads the destination MAC address and forwards the frame out of the correct port. |
|
|
Term
How does a switch build its MAC address table? |
|
Definition
It reads the source MAC address in each incoming frame and matches it to the entry port. It adds the information to its table. (Or refreshes the information if it is already there.) |
|
|
Term
What does a switch do if a frame arrives and the destination MAC address is not in its MAC address table? |
|
Definition
It floods the frame out of all ports except the incoming port. |
|
|
Term
What does a switch do with a broadcast frame? |
|
Definition
It floods the frame out of all ports except the incoming port. |
|
|
Term
You replace a hub with a layer 2 switch. How does this affect collision domains? |
|
Definition
It replaces a large collision domain with many small collision domains. (This should reduce the number of collisions and improve performance.) |
|
|
Term
You replace a hub with a layer 2 switch. How does this affect broadcast domains? |
|
Definition
It has no effect on broadcast domains. |
|
|
Term
Why can switch based latency be a problem if cheap switches are used on a busy network? |
|
Definition
Entry level switches (the cheaper models) may not have enough internal processing power to cope with all their ports operating simultaneously at their maximum bandwidth. This can cause delays. More expensive models of switch should have enough internal throughput to work at “wire speed” so that switch based latency is not an issue. |
|
|
Term
Why do routers typically add more latency than switches? |
|
Definition
Routers work with layer 3 data, which is more deeply encapsulated and takes longer to extract from a frame, and they carry out more complicated processing on the data. |
|
|
Term
Why does a router split a network into separate broadcast domains? |
|
Definition
Because a router does not forward broadcasts by default |
|
|
Term
Which forwarding method is used on current models of Cisco switch? |
|
Definition
Store and forward is used on current switch models. |
|
|
Term
What are the two varieties of cut-through switching, and how do they work? |
|
Definition
Fast forward reads an incoming frame only as far as the end of the destination MAC address and then immediately starts to transmit on the outgoing port while the remainder of the frame is still being received. It does not carry out any kind of checking of the frame. Fragment free reads the first 64 bytes of the frame before starting to forward it. This ensures that the frame is at least 64 bytes long and therefore not a collision fragment. There is no other checking. |
|
|
Term
How does store and forward switching work? |
|
Definition
The switch stores the whole of an incoming frame into a buffer, reads the whole frame and carries out a cyclic redundancy check. Damaged frames are discarded. The frame is then forwarded through the appropriate port. |
|
|
Term
What is the main advantage of cut-through switching? |
|
Definition
Low and predictable latency. |
|
|
Term
What are the advantages of store and forward switching? |
|
Definition
All frames are checked so that corrupted frames are not forwarded to take up bandwidth and processing time on other devices. It is possible to carry out quality of service (QoS) processing to give priority to voice and video traffic, so this form of switching is necessary on converged networks. It is possible to read a frame entering at one bandwidth and transmit it at a different bandwidth |
|
|
Term
What is the difference between a symmetric switch and an asymmetric switch? |
|
Definition
A symmetric switch has all ports working at the same bandwidth. An asymmetric switch is capable of operating with ports working at different bandwidths. Most modern switches are asymmetric. |
|
|
Term
How is shared memory buffering better than port-based memory buffering? |
|
Definition
Port-based memory buffering has a separate buffer of fixed capacity for each incoming port. Shared memory buffering puts all incoming frames into the same buffer so that the memory can be allocated dynamically as required. This can allow larger frames to be processed. Port-based memory buffering keeps frames entering by each port in a separate queue. If the frame at the front of the queue needs an exit port that is busy, then the frames behind it have to wait even if their exit ports are available. In shared memory buffering, each frame can leave as soon as its exit port is available. Where ports are operating at different bandwidths, shared memory buffering is particularly important. |
|
|
Term
How does a layer 3 switch differ from a layer 2 switch? |
|
Definition
The traditional Ethernet switch is a layer 2 switch, which processes layer 2 MAC addresses in order to determine how to forward frames. A layer 3 switch can do this, but it can also process layer 3 IP addresses and use them to make switching decisions. This enables layer 3 switches to carry out some routing operations that would traditionally be carried out by a router. |
|
|
Term
What factors would you take into account when choosing between a layer 3 switch and a router? |
|
Definition
The need for speed – the switch is faster. The need for WAN connections – router is normally better. The need for advanced layer 3 services – need a router. |
|
|
Term
Switch>enable What are you doing if you give this command? What prompt will you see next? |
|
Definition
Changing from user exec mode to privileged exec mode. Switch# |
|
|
Term
Which commands would you give in order to enter interface configuration mode for interface Fa0/1, starting with the following prompt? Switch> |
|
Definition
Switch>enable Switch#configure terminal Switch(config)#interface fa0/1 Switch(config-if)# |
|
|
Term
What happens when you power up a switch? |
|
Definition
Boot loader software loaded from NVRAM. CPU initialisation and POST. Flash initialised. Operating system found and loaded. Configuration file loaded. Prompt displayed. |
|
|
Term
How do you know whether a switch has passed or failed the POST? |
|
Definition
The SYST LED will blink green if the POST was successfully completed, but turn amber if it was not. POST messages are also displayed if you have a console connection active as you start the switch. |
|
|
Term
Does a switch need an IP address? |
|
Definition
A switch will operate without an IP address. If you want to access the switch remotely by Telnet or using the web based interface or if you want to be able to ping it for test purposes then you need to give it an IP address. |
|
|
Term
Which switch interface(s) should be configured with an IP address, and do you need a different IP address for each interface? |
|
Definition
Unlike a router, a switch is configured with just one IP address. This address is not configured on any of the physical interfaces. Instead it is configured on a virtual interface: a VLAN interface. At least one of the physical interfaces needs to be assigned to the VLAN that has the IP address. |
|
|
Term
By default, which VLAN is used for switch management, and is it considered good practice to keep to this default? |
|
Definition
By default, VLAN 1 is used. This can lead to security problems so it is advisable to use a different VLAN for management purposes. (In the example, VLAN 99 is used, but this does not have to be the case.) |
|
|
Term
Starting from privileged exec mode on switch SW1, how would you configure the ip address 192.168.1.2/24 on VLAN 99 and associate the physical FastEthernet 0/24 interface with this VLAN? Go on to configure the default gateway 192.168.1.1 and save the configuration. |
|
Definition
SW1#configure terminal SW1(config)#interface vlan 99 SW1(config-if)#ip address 192.168.1.2 255.255.255.0 SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)#interface fa 0/24 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 99 SW1(config-if)#exit SW1(config)#ip default-gateway 192.168.1.1 SW1(config)#exit SW1#copy run start |
|
|
Term
What is the effect of the commands duplex auto and speed auto given in interface configuration mode on a switch? |
|
Definition
That switch port will attempt to autonegotiate the duplex setting and the bandwidth with the attached device. (This is the default condition on most switches, so you should not need to give these commands if you want autonegotiation.) |
|
|
Term
What is the advantage of including the command ip http server in the switch configuration? |
|
Definition
It allows you to use the web based GUI interface for configuring the switch if you access the switch remotely. |
|
|
Term
How does a dynamic address get into the switch MAC address table? |
|
Definition
The switch learns it by inspecting the source MAC address of an incoming frame. |
|
|
Term
What is the advantage of using static addresses? |
|
Definition
It provides security. Only the device with the specified MAC address can connect to the switch port. Also, static addresses are not aged out and removed from the table. |
|
|
Term
What command would you give to map the MAC address 000c.7671.7d90 to interface fa 0/6 on VLAN 3? |
|
Definition
mac-address-table static 000c.7671.7d90 vlan 3 interface fa 0/6 |
|
|
Term
Which command would display the saved configuration? |
|
Definition
|
|
Term
Which command would display the configuration currently in RAM? |
|
Definition
|
|
Term
Which command would give information about the hardware and the operating system? |
|
Definition
|
|
Term
Which command would display the table of MAC addresses and associated ports? |
|
Definition
|
|
Term
Which command would tell you if ports are operational, and give their duplex and speed settings? |
|
Definition
|
|
Term
You can save a switch configuration by entering copy run start but what is the full formal version of this command? What assumptions are made when you use the short version? |
|
Definition
Copy system:running-config flash:startup-config The short version assumes that the running configuration is in RAM (system) and that you want to save the configuration to flash NVRAM memory. |
|
|
Term
How would you make a copy of your saved configuration to a file called backupJan08 in flash memory? |
|
Definition
Copy startup-config flash:backupJan08 (Or shorten to Copy start flash:backupJan08 ) |
|
|
Term
You want to go back to the saved configuration. Why is it better to reload the switch rather than using the command copy start run? |
|
Definition
Copy start run will read the saved configuration into RAM, but it will not remove the commands already in RAM, it will just add to the existing running configuration. This may not be what you want. |
|
|
Term
You have used the command erase start to remove a saved startup configuration. Which command has the same effect? |
|
Definition
|
|
Term
How would you remove a file called backupJan08 from flash memory? |
|
Definition
delete flash:backupJan08 (Be very careful when deleting files from flash. The IOS is held there with other vital files.) |
|
|
Term
Which password is encrypted by default? |
|
Definition
Enable secret, which protects access to privileged exec mode. |
|
|
Term
How can the login passwords, which are not normally encrypted, be given weak encryption? |
|
Definition
service password-encryption |
|
|
Term
Why should SSH be preferred to Telnet for remote access whenever possible? |
|
Definition
SSH messages are encrypted but Telnet messages are not. |
|
|
Term
Which command would allow either SSH or Telnet to be used? |
|
Definition
SW1(config-line)#transport input all |
|
|
Term
What is a MAC flooding attack? |
|
Definition
This attack depends on the facts that a switch MAC address table is limited in size, and that a switch will flood frames whose destination MAC address is unknown. The attacker makes a connection to the switch and sends the switch a large number of frames with fake source MAC addresses by using a network attack tool. This fills the table up. The switch then floods all incoming frames (fail-open mode). The attacker therefore receives all frames addressed to any host on the network. |
|
|
Term
What is a DHCP spoofing attack? |
|
Definition
The attacker introduces a rogue DHCP server that is on the network segment under attack and therefore likely to be closer than the genuine DHCP server. When a host requests an IP address, the rogue DHCP server replies first and gives the host an IP address and a default gateway which directs traffic to the attacker’s device. Traffic from the host that should go to a remote network will go to the attacker instead. |
|
|
Term
|
Definition
It is a security feature on a Cisco catalyst switch. It allows certain ports to be configured as trusted. Only devices connected to these ports are allowed to provide DHCP information to clients. All devices can still request IP addresses. It can also limit the rate at which DHCP requests can be sent. |
|
|
Term
Why is CDP a security risk? |
|
Definition
An attacker using Wireshark (or similar) could inspect the contents of CDP packets and find out about devices. The attacker could also fake CDP packets to give false information to neighbour devices. CDP should therefore be disabled unless it is required. |
|
|
Term
What are the three types of secure MAC address that can be configured on a switch port? |
|
Definition
Static, dynamic and sticky. |
|
|
Term
By default, what is the security violation mode of a switch port? |
|
Definition
|
|
Term
Which type of port security is being configured here? SW1(config)#int fa 0/12 SW1(config-if)#switchport mode access SW1(config-if)#switchport port-security |
|
Definition
|
|
Term
How would you configure switch port 0/13 to learn and accept the first four MAC addresses that connect to it, as secure sticky addresses, but then reject any other MAC addresses? Start at the prompt SW1(config)# |
|
Definition
SW1(config)#int fa 0/13 SW1(config-if)#switchport mode access SW1(config-if)#switchport port-security SW1(config-if)# switchport port-security maximum 4 SW1(config-if)# switchport port-security mac-address sticky SW1(config-if)#end |
|
|
Term
Your switch has 24 ports but you are only using 14 ports at present. What should you do to enhance security? |
|
Definition
Disable all the unused ports using the shutdown command. |
|
|