SWITCHING

Basics in Switching -> Vlan ->L3 Switching -> STP -> HSRP 1) What is unicast and how does it work? A) Unicast is a one-to-one transmission method. A single frame is sent from the source to a destination on a network. When this frame is received by the switch, the frame is sent on to the network, and the network passes the frame to its destination from the source to a specific destination on a network. 2) What is multicast and how does it work? A) Multicast is a one-to-many transmission method. A single frame is sent from the source to multiple destinations on a network using a multicast address. When this frame is received by the switch, the frame is sent on to the network and the network passes the frame to its intended destination group. 3) What is broadcast and how does it work? A) Broadcast is a one-to-all transmission method. A single frame is sent from the source to a destination on a network using a multicast address. When this frame is received by the switch, the frame is sent on to the network. The network passes the frame to all nodes in the destination network from the source to an unknown destination on a network using a broadcast address. When the switch receives this frame, the frame is sent on to all the networks, and the networks pass the frame on to all the nodes. If it reaches a router, the broadcast frame is dropped. 4) What is fragmentation? A) Fragmentation in a network is the breaking down of a data packet into smaller pieces to accommodate the maximum transmission unit (MTU) of the network. 5) What is MTU? What's the MTU for traditional Ethernet? A) MTU is the acronym for maximum transmission unit and is the largest frame size that can be transmitted over a network. Messages longer than the MTU must be divided into smaller frames. The network layer (Layer 3) protocol determines the MTU from the data link layer (Layer 2) protocol and fragments the messages into the appropriate frame size, making the frames available to the lower layer for transmission without further fragmentation. The MTU for Ethernet is 1518 bytes. 6) What is a MAC address? A) A MAC address is the physical address of a network device and is 48 bits (6 bytes) long. MAC addresses are also known as physical addresses or hardware addresses.

7) What is the difference between a runt and a giant, specific to traditional Ethernet? A) In Ethernet a runt is a frame that is less than 64 bytes in length, and a giant is a frame that is greater than 1518 bytes in length. Giants are frames that are greater than the MTU used, which might not always be 1518 bytes. 8) What is the difference between store-and-forward and cut-through switching? A) Cut-through switching examines just the frame header, determining the output switch port through which the frame will be forwarded. Store-and-forward examines the entire frame, header and data payload, for errors. If the frame is error free, it is forwarded out its destination switch port interface. If the frame has errors, the switch drops the frame from its buffers. This is also known as discarding the frame to the bit bucket. 9) What is the difference between Layer 2 switching and Layer 3 switching? A) Layer 2 switches make their forwarding decisions based on the Layer 2 (data link) address, such as the MAC address. Layer 3 switches make their forwarding decisions based on the Layer 3 (network) address. 10) What is the difference between Layer 3 switching and routing? A) The difference between Layer 3 switching and routing is that Layer 3 switches have hardware to pass data traffic as fast as Layer 2 switches. However, Layer 3 switches make decisions regarding how to transmit traffic at Layer 3 in the same way as a router. A Layer 3 switch cannot use WAN circuits or use routing protocols; a router is still required for these functions. V-LAN: 1. What is a VLAN? When is it used? Answer: A VLAN is a group of devices on the same broadcast domain, such as a logical subnet or segment. VLANs can span switch ports, switches within a switch block, or closets and buildings. VLANs group users and devices into common workgroups across geographical areas. VLANs help provide segmentation, security, and problem isolation. 2. When a VLAN is configured on a Catalyst switch port, in how much of the campus network will the VLAN number be unique and significant? Answer: The VLAN number will be significant in the local switch. If trunking is enabled, the VLAN number will be significant across the entire trunking domain. In other words, the VLAN will be transported to every switch that has a trunk link

supporting that VLAN. 3. Name two types of VLANs in terms of spanning areas of the campus network. Answer: Local VLAN End-to-end VLAN 4. What switch commands configure Fast Ethernet port 4/11 for VLAN 2? Answer: interface fastethernet 4/11 switchport mode access switchport access vlan 2 5. Generally, what must be configured (both switch and end-user device) for a port-based VLAN? Answer: The switch port 6. What is the default VLAN on all ports of a Catalyst switch? Answer: VLAN 1 7. What is a trunk link? Answer: A trunk link is a connection between two switches that transports traffic from multiple VLANs. Each frame is identified with its source VLAN during its trip across the trunk link. 8. What methods of Ethernet VLAN frame identification can be used on a Catalyst switch trunk? Answer: 802.1Q ISL 9. What is the difference between the two trunking methods? How many bytes are added to trunked frames for VLAN identification in each method? Answer: ISL uses encapsulation and adds a 26-byte header and a 4-byte trailer. 802.1Q adds a 4-byte tag field within existing frames, without encapsulation. 10. What is the purpose of the Dynamic Trunking Protocol (DTP)? Answer: DTP allows negotiation of a common trunking method between endpoints of a trunk link. 11. What commands are needed to configure a Catalyst switch trunk port

Gigabit 3/1 to transport only VLANs 100, 200 through 205, and 300 using IEEE 802.1Q? (Assume that trunking is enabled and active on the port already. Also assume that the interface gigabit 3/1 command already has been entered.) Answer: switchport trunk allowed vlan 100, 200-205, 300 12. Two neighboring switch trunk ports are set to the auto mode with ISL trunking encapsulation mode. What will the resulting trunk mode become? Answer: Trunking will not be established. Both switches are in the passive auto state and are waiting to be asked to start the trunking mode. The link will remain an access link on both switches. 13. Complete the following command to configure the switch port to use DTP to actively ask the other end to become a trunk: switchport mode ____ ? Answer: switchport mode dynamic desirable 14. Which command can set the native VLAN of a trunk port to VLAN 100 after the interface has been selected? Answer: switchport trunk native vlan 100 15. What command can configure a trunk port to stop sending and receiving DTP packets completely? Answer: switchport nonegotiate 16. What command can be used on a Catalyst switch to verify exactly what VLANs will be transported over trunk link gigabitethernet 4/4? Answer: show interface gigabitethernet 4/4 switchport or show interface gigabitethernet 4/4 switchport trunk 17. Suppose that a switch port is configured with the following commands. A PC with a nontrunking NIC card then is connected to that port. What, if any, traffic will the PC successfully send and receive? Interface fastethernet 0/12 switchport trunk encapsulation dot1q switchport trunk native vlan 10

switchport trunk allowed vlan 1-1005 switchport mode trunk Answer: The PC expects only a single network connection, using a single VLAN. In other words, the PC can't participate in any form of trunking. Only untagged or unencapsulated frames will be understood. Recall that an 802.1Q trunk's native VLAN is the only VLAN that has untagged frames. Therefore, the PC will be capable of exchanging frames only on VLAN 10, the native VLAN. Layer 3 Switching: 1. What might you need to implement interVLAN routing? ** One or more Layer 3 interfaces One or more SVIs Static routes A dynamic routing protocol 2. Can interVLAN routing be performed over a single trunk link? ** Yes. Packets can be forwarded between the VLANs carried over the trunk. 3. To configure an SVI, what commands are needed? ** First, make sure the VLAN is defined on the switch. interface vlan vlan-id ip address ip-address mask no shutdown 4. What command can verify the VLAN assignments on a Layer 2 port? ** show interface type mod/num switchport or show interface status 5. A switch has the following interface configurations in its running configuration: interface fastethernet 0/1 switchport access vlan 5 ! interface vlan 5 ip address 192.168.10.1 255.255.255.0

no shutdown what is necessary for packets to get from the FastEthernet interface to the VLAN 5 SVI? Answer: Nothing. Both are assigned to VLAN 5, so normal Layer 2 transparent bridging will take care of all forwarding between the two. 6. What is the source of FIB information? ** The routing table, as computed by the Layer 3 engine portion of a switch. 7. How often is the FIB updated? ** As needed. It is downloaded or updated dynamically by the Layer 3 engine whenever the routing topology changes or an ARP entry changes. 8. What is meant by the term "CEF punt"? ** A packet can't be forwarded or switched by CEF directly because it needs further processing. The packet is "punted" to the Layer 3 engine, effectively bypassing CEF for a more involved resolution. 9. What happens to the FIB when distributed CEF (dCEF) is used? ** It is simply replicated to each of the independent CEF engines. The FIB itself remains intact so that each engine receives a duplicate copy. 10. What happens during a "CEF glean" process? ** The MAC address (ARP reply) for a next-hop FIB entry is not yet known. The Layer 3 engine must generate an ARP request and wait for a reply before CEF forwarding can continue to that destination. 11. What does a multilayer switch do to the IP TTL value just before a packet is forwarded? ** The TTL is decremented by one, as if a router had forwarded the packet. 12. What is fallback bridging? ** On switch platforms that cannot multilayer-switch (route) all routable protocols, those protocols can be bridged transparently between VLANs instead. 13. Is it possible for an SVI to go down? If so, for what reasons? ** Yes. The SVI can be shut down administratively with the shutdown command, as

with any other interface. Also, if the VLAN associated with the SVI is not defined or active; the SVI will appear to be down. Spanning Tree Protocol: 1. What three link types have been defined for Rapid Spanning-Tree Protocol? (Choose three.) shared edge-type point-to-point 2. What Rapid Spanning Tree Protocol (RSTP) role is assigned to the forwarding port elected for every switched Ethernet LAN segment? Designated 3. How can a network administrator influence which STP switch become the root bridge? Set the switch priority to a smaller value than that of the other switches in the network. 4. Refer to the exhibit. What can be determined from the output shown? The priority was statically configured to identify the root. 5. Which three statements are accurate regarding RSTP and STP? (Choose three.) Both RSTP and STP use the portfast command to allow ports to immediately transition to forwarding state. Configuration commands to establish primary and secondary root bridges are identical for STP and RSTP. Because of the format of the BPDU packet, RSTP is backward compatible with STP. 6. What is the first step in the process of convergence in a spanning tree topology? Election of the root bridge 7. Which two statements are true about the default operation of STP in a Layer 2 switched environment that has redundant connections between switches? (Choose two.) Decisions on which port to block when two ports have equal cost depend on the

port priority and identity. Non-root switches each have only one root port. 8. What two elements will exist in a converged network with one spanning tree? (Choose two.) One root bridge per network one root port per non-root bridge 9. Which statement or set of paired statements correctly compares STP with RSTP? STP waits for the network to converge before placing ports into forwarding state. RSTP places alternate ports into forwarding state immediately. 10. Refer to the exhibit. Server sends an ARP request for the MAC address of its default gateway. If STP is not enabled, what will be the result of this ARP request? Switch A and Switch B will continuously flood the message onto the network. 11. In which two ways is the information that is contained in BPDUs used by switches? (Choose two.) To identify the shortest path to the root bridge to determine which ports will forward frames as part of the spanning tree 12. Which two statements describe the BIDs used in a spanning tree topology? (Choose two.) They consist of a bridge priority and MAC address. They are used by the switches in a spanning tree topology to elect the root bridge. 13. Which two actions does an RSTP edge port take if it receives a BPDU? (Choose two.) Immediately loses its edge status becomes a normal spanning-tree port 14. Which two items are true regarding the spanning-tree portfast command? (Choose two.) PortFast is Cisco proprietary. If an access port is configured with PortFast, it immediately transitions from a blocking to a forwarding state. 15. Refer to the exhibit. The spanning-tree port priority of each interface is at the default setting. The network administrator enters the spanning-tree

vlan 1 root primary command on S4. What is the effect of the command? Gi0/2 on S3 transitions to a root port. 16. What two features of the Spanning-Tree Protocol contribute to the time it takes for a switched network to converge after a topology change occurs? (Choose two.) the max-age timer the forward delay 17. In which STP state does a port record MAC addresses but not forward user data? Learning 18. When PVST+ was developed, the Bridge ID was modified to include which information? VLAN ID 19. Refer to the exhibit. All switches in the network have empty MAC tables. STP has been disabled on the switches in the network. How will a broadcast frame that is sent by host PC1 be handled on the network? Switch SW1 will forward the broadcast out all switch ports, except the originating port. This will generate an endless loop in the network. 20. Which two criteria does a switch use to select the root bridge? (Choose two.) Bridge priority base MAC address

HSRP: Q. Will the standby router take over if the active router LAN interface state is "interface up line protocol down"? A. Yes, the standby router takes over once the hold time expires. By default, this is equivalent to three hello packets from the active router having been missed. The actual convergence time depends on the HSRP timers configured for the group and possibly on routing protocol convergence. The HSRP hello time timer defaults to three and the hold time timer defaults to ten.

Q. Can I configure more than one standby group with the same group number? A. Yes. However, Cisco does not recommend it on lowerend platforms such as the 4x00 series and earlier. If the same group number is assigned to multiple standby groups, it creates a nonunique MAC address. This is seen as the MAC address of the router, and it is filtered out if more than one router in a LAN becomes active. This behavior can change in future releases of Cisco IOS. Note: 4x00 series and earlier do not have the hardware required to support more than one MAC address at a time on Ethernet interfaces. However, the Cisco 2600 and Cisco 3600 do support multiple MAC addresses on all Ethernet and Fast Ethernet interfaces. Q. When an active router tracks serial 0 and the serial line goes down, how does the standby router know to become active? A. When the state of a tracked interface changes to down, the active router decrements its priority. The standby router reads this value from the hello packet priority field, and becomes active if this value is lower than its own priority and the standby preempt is configured. You can configure by how much the router must decrement the priority. By default, it decrements its priority by ten. Q. If there is no priority configured for a standby group, what determines which router is active? A. The priority field is used to elect the active router and the standby router for the specific group. In the case of an equal priority, the router with the highest IP address for the respective group is elected as active. Furthermore, if there are more than two routers in the group, the second highest IP address determines the standby router and the other router/routers are in the listen state. Note: If no priority is configured, it uses the default of 100. Q. What are the limiting factors that determine how many standby groups can be assigned to a router? A. Ethernet: 256 per router. FDDI: 256 per router. Token Ring: 3 per router (uses reserved functional address). Note: 4x00 series and earlier do not have the hardware required to support more than one MAC address at a time on Ethernet interfaces. However, the Cisco 2600 and Cisco 3600 do support multiple MAC addresses on all Ethernet and Fast Ethernet interfaces. Q. Which HSRP router requires that I configure preempt? A. An HSRPenabled router with preempt configured attempts to assume control as the active router when its Hot Standby priority is higher than the current active router. The standby preempt command is needed in situations when you want an occurring state change of a tracked interface to cause a standby router to take over from the active router. For example, an active router tracks another interface and decrements its priority when that interface goes down. The standby router priority is now higher and it sees the state change in the hello packet priority field. If preempt is not configured, it cannot take over and failover does not occur.

Q. Based on the documentation, it looks like I can use HSRP to achieve loadbalancing across two serial links. Is this true? A. Yes, refer to Load Sharing with HSRP for more information. Q. Does HSRP support DDR, and if so, how will it know to dial? A. No, HSRP does not support DialonDemand Routing (DDR) directly. However, you can configure it to track a serial interface and swap from the active to the standby router in case of a WAN link failure. The command used to track the state of an interface is standby track . Q. I use HSRP and all hosts use the active router to forward traffic to the rest of my network. I have noticed that the return traffic comes back through the standby router. Will these cause problems with HSRP or my applications? A. No, normally this is transparent to all hosts and/or servers on the LAN and can be desirable if a router experiences high traffic. In order to change this, configure a more desirable cost for the link you want the distant router/routers to use. Q. How does DECnet traffic fit into the HSRP scenario? A. DECnet and XNS are compatible with HSRP and multiple HSRP (MHSRP) over Ethernet, FDDI, and Token Ring on the Cisco 7000 and Cisco 7500 routers only. Refer to Using HSRP for FaultTolerant IP Routing for more information. Q. Can a Cisco 2500 and Cisco 7500 router on the same LAN segment use HSRP, or do I have to replace one of the routers so the platforms are identical? A. You can mix the platforms with HSRP, but you are not able to support multiple HSRP (MHSRP) due to the hardware limitations of the lowerend platform. Q. If I use a switch, what do I see on the CAM tables for the HSRP? A. The contentaddressable memory (CAM) tables provide a map for the HSRP MAC address to the port on which the active router is located. In this way, you can determine what the switch perceives the HSRP status to be. Q. What is the standby usebia command and how does it work? A. By default, HSRP uses the preassigned HSRP virtual MAC address on Ethernet and FDDI, or the functional address on Token Ring. In order to configure HSRP to use the burntin address of the interface as its virtual MAC address, instead of the default, use the standby usebia command. For example, on Token Ring, if Source Route Bridging is in use, a Routing Information Field (RIF) is stored with the virtual MAC address in the RIF cache of the host. The RIF indicates the path and final ring used to reach the MAC address. As routers transition to the active state, they send gratuitous Address Resolution Protocols (ARPs) in order to update the ARP table of the host. However, this does not affect the RIF cache of the hosts that are on the bridged ring. This situation can lead to packets being bridged to the ring for the previous active router. In order to avoid this situation, use the standby usebia command. The router now uses its burntin MAC address as the virtual MAC address.

Note: Using the standby usebia command has these disadvantages: When a router becomes active the virtual IP address is moved to a different MACaddress. The newly active router sends a gratuitous ARP response, but not all hostimplementations handle the gratuitous ARP correctly. Proxy ARP breaks when usebia is configured. A standby router cannot cover for thelost proxy ARP database of the failed router. Q. Can I run NAT and HSRP together? A. You can configure network address translation (NAT) and HSRP on the same router. However, a router that runs NAT holds state information for traffic that is translated through it. If this is the active HSRP router and the HSRP standby takes over, the state information is lost. Note: Stateful NAT (SNAT) can make use of HSRP to fail over. Refer to NAT Stateful Failover of Network Address Translation for more information. Static NAT Mapping Support with HSRP for High Availability is another feature which makes NAT and HSRP interact. If static NAT is configured with the same IP on each router, the routers advertise each other with the MAC addresses, and the routers display the %IP4DUPADDR: Duplicate address [ip address] on [interface], sourced by [macaddress] error message. Refer to NATStatic Mapping Support with HSRP for High Availability for more information. Q. What are the IP source address and destination address of HSRP hello packets? A. The destination address of HSRP hello packets is the all routers multicast address (224.0.0.2). The source address is the primary IP address of the router assigned to the interface. Q. Are HSRP messages TCP or UDP? A. UDP, since HSRP runs on UDP port 1985. Q. HSRP does not work when an Access Control List (ACL) is applied.How can I permit HSRP through an ACL? A. HSRP hello packets are sent to multicast address 224.0.0.2 with UDP port 1985. Whenever an ACL is applied to an HSRP interface, ensure that packets destined to 224.0.0.2 on UDP port 1985 are permitted. Q. How does TACACS/RADIUS accounting work with HA routers with HSRP? A. If routers are configured in HA mode (that run HSRP inbetween them), then the active and standby routers act as one logical unit and share the same IP and MAC address. Only the active router generates the accounting record with a particular virtual IP address and updates the TACACS/RADIUS server. If the standby generates the accounting record with the same address, there is duplicate data in the backend RADIUS/TACACS server. Therefore, in order to avoid duplication of data, the standby router does not generate accounting records. Q. Are HSRP and VLAN translation supported together in a Cisco Catalyst 6500 series switch?

A. VLAN translation and HSRP can be configured together in a Cisco Catalyst 6500 series switch, subject to the restrictions put in place by VLAN translation. Refer to VLAN Translation Guidelines and Restrictions for more information. Q. Is it possible to use HSRP to track the tunnel interface? A. It is not possible to use the HSRP configuration to track the GRE tunnel interface. However, the tunnel interface never goes down and the track never triggers failover. Q. How do I perform a forced failover of an HSRP active router without a shutdown on an interface? A. The only way to make a failover without an interface shut down is to manually change the priority in the HSRP configuration. Q. Is it possible to run HSRP on an interface configured for 802.1qtrunking? A. Yes it is possible to run HSRP on the interfaces configured for 802.1q. Make sure to verify that both sides of the trunk are configured to use the same native VLAN and verify that VLANs are not pruned and in the STP state for routerconnected ports. Q. Is it possible to run HSRP between two routers on two different interfaces? A. Yes, it is possible to run HSRP on two interfaces on two different routers. In order to have HSRP on two interfaces on two different routers, two HSRP groups are needed. Q. Is it possible to run HSRP and OSPF together on the backbone router? A. HSRP and OSPF are two different protocols. The OSPF that runs on the router advertises the two physical interfaces and not the virtual IP address. When this router becomes active, it broadcasts a gratuitous ARP packet with the HSRP virtual MAC address to the affected LAN segment. If the segment uses an Ethernet switch, this allows the switch to change the location of the virtual MAC address so that packets go to the new router instead of the one that is no longer active. End devices do not actually need this gratuitous ARP if the routers use the default HSRP MAC address. Q. Which IP address must be seen when a reply is received for traceroute? A. When a reply for traceroute is received from a hop that runs HSRP, the reply must contain the active physical IP address and not the virtual ip address. If there is an asymmetric routing in the network due to which standby router IP address is seen in the reply for the traceroute. Q. What is the difference between GLBP and HSRP? A. GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Members of the GLBP group select one of them to become the active virtual gateway for the group. With HSRP in a single router (gateway), one interface is used as the active interface and the other interface is in standby. The active interface is used for all the traffic

and the standby interface just waits for the active interface to fail without any traffic.