Config Router

You are here: Home / Cisco / CCNA FAQ: Layer 2 Switching

CCNA FAQ: Layer 2 Switching

by

CCNA FAQ: Layer 2 Switching

Q1. Which of the following statements is not true with regard to layer 2 switching?
A. Layer 2 switches and bridges are faster than routers because they don’t take up time looking at the Data Link layer header information.
B. Layer 2 switches and bridges look at the frame’s hardware addresses before deciding to either forward, flood, or drop the frame.
C. Switches create private, dedicated collision domains and provide independent bandwidth on each port.
D. Switches use application-specific integrated circuits (ASICs) to build and maintain their MAC filter tables.

Answer: A. Layer 2 switches and bridges are faster than routers because they don’t take up time looking at the Network Layer header information. They do make use of the Data Link layer information.

Q2. Type the command that generated the last entry in the MAC address table shown.
Type the command only, without the prompt.
ccna-faq-layer-2-switching15A.jpg2

Answer: mac address-table static aaaa.bbbb.cccc vlan 1 int fa0/7 You can set a static MAC address in the MAC address table and when done it will appear as a static entry in the table.

Q3. In the diagram shown, what will the switch do if a frame with a destination MAC
address of 000a.f467.63b1 is received on Fa0/4? (Choose all that apply.)
ccna-faq-layer-2-switching15A.jpg2.jpg3
A. Drop the frame.
B. Send the frame out of Fa0/3.
C. Send the frame out of Fa0/4.
D. Send the frame out of Fa0/5.
E. Send the frame out of Fa0/6.

Answer: B, D, E. Since the MAC address is not present in the table, it will send the frame out of all ports in the same VLAN with the exception of the port on which it was received.

Q4. Write the command that generated the following output.
ccna-faq-layer-2-switching.jpg4

Answer: show mac address-table This command displays the forward fiter table, also called a content addressable memory (CAM) table.

Q5. In the work area draw the functions of a switch from the list on the left to the right.
Address learning
Packet forwarding
Layer three security
Forward/filter decisions
Loop avoidance
Target 1
Target 2
Target 3

Answer: ccna-faq-layer-2-switching

Q6. What statement(s) is/are true about the output shown below? (Choose all that apply.)
ccna-faq-layer-2-switching.jpg6
A. The port light for F0/3 will be amber in color.
B. The F0/3 port is forwarding frames.
C. This problem will resolve itself in a few minutes.
D. This port requires the shutdown command to function.

Answer: A, D. In the above output, you can see that the port is in Secure-shutdown mode and the light for the port would be amber. To enable the port again you’d need to do the

Q7. Write the command that would limit the number of MAC addresses allowed on a port to 2. Write only the command and not the prompt.

Answer: switchport port-security maximum 2 The maximum setting of 2 means only two MAC addresses can be used on that port; if the user tries to add another host on that segment, the switch port will take the action specifid. In the port-security violation command.

Q8. Which of the following commands in the configuration, is a prerequisite for the other
commands to function?
S3#config t
S(config)#int fa0/3
S3(config-if#switchport port-security
S3(config-if#switchport port-security maximum 3
S3(config-if#switchport port-security violation restrict
S3(config-if#Switchport mode-security aging time 10
A. switchport mode-security aging time 10
B. switchport port-security
C. switchport port-security maximum 3
D. switchport port-security violation restrict

Answer: B. The switchport port-security command enables port security, which is a prerequisite for the other commands to function.

Q9. Which if the following is not an issue addressed by STP?
A. Broadcast storms
B. Gateway redundancy
C. A device receiving multiple copies of the same frame
D. Constant updating of the MAC filter table

Answer: B. Gateway redundancy is not an issue addressed by STP.

Q10. What issue that arises when redundancy exists between switches is shown in the figure?
ccna-faq-layer-2-switching.jpg9
A. Broadcast storm
B. Routing loop
C. Port violation
D. Loss of gateway

Answer: A. If no loop avoidance schemes are put in place, the switches will flod broadcasts endlessly throughout the internetwork. This is sometimes referred to as a broadcast storm.

Q11. Which two of the following switch port violation modes will alert you via SNMP that a violation has occurred on a port?
A. Restrict
B. Protect
C. Shutdown
D. Err-disable

Answer: B, C. Shutdown and protect mode will alert you via SNMP that a violation has occurred on a port.

Q12. _______________ is the loop avoidance mechanism used by switches.

Answer: Spanning tree protocol (STP) STP is a switching loop avoidance scheme use by switches.

Q13. Write the command that must be present on any switch that you need to manage from a different subnet.

Answer: ip default-gateway If you want to manage your switches from outside your LAN, you need to set a default gateway on the switches, just as you would with a host.

Q14. On which interface have you configured an IP address for a switch?
A. int fa0/0
B. int vty 0 15
C. int vlan 1
D. int s/0/0

Answer: C. The IP address is confiured under a logical interface, called a management domain or VLAN 1.

Q15. Which Cisco IOS command is used to verify the port security configuration of a switch port?
A. show interfaces port-security
B. show port-security interface
C. show ip interface
D. show interfaces switchport

Answer:ccna-faq-layer-2-switching15A

Q16. Write the command that will save a dynamically learned MAC address in the runningconfiguration of a Cisco switch?

Answer: switchport port-security mac-address sticky Issuing the switchport port-security mac-address sticky command will allow a switch to save a dynamically learned MAC address in the running-confiuration of the switch, which prevents the administrator from having to document or confiure specifi MAC addresses.

Q17. Which of the following methods will ensure that only one specific host can connect to port F0/3 on a switch? (Choose two. Each correct answer is a separate solution.)
A. Configure port security on F0/3 to accept traffic other than that of the MAC address of the host.
B. Configure the MAC address of the host as a static entry associated with port F0/3.
C. Configure an inbound access control list on port F0/3 limiting traffic to the IP address of the host.
D. Configure port security on F0/3 to accept traffic only from the MAC address of the host.

Answer: B, D. To limit connections to a specifi host, you should confiure the MAC address of the host as a static entry associated with the port, although be aware that this host can still connect to any other port, but no other port can connect to f0/3, in this example. Another solution would be to confiure port security to accept traffi only from the MAC address of the host. By default, an unlimited number of MAC addresses can be learned on a single switch port, whether it is confiured as an access port or a trunk port. Switch ports can be secured by defiing one or more specifi MAC addresses that should be allowed to connect and by defiing violation policies (such as disabling the port) to be enacted if additional hosts try to gain a connection.

Q18. What will be the effect of executing the following command on port F0/1? switch(config-if)# switchport port-security mac-address 00C0.35F0.8301
A. The command configures an inbound access control list on port F0/1, limiting traffic to the IP address of the host.
B. The command expressly prohibits the MAC address of 00c0.35F0.8301 as an allowed host on the switch port.
C. The command encrypts all traffic on the port from the MAC address of 00c0.35F0.8301.
D. The command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port.

Answer: D. The command statically defies the MAC address of 00c0.35F0.8301 as an allowed host on the switch port. By default, an unlimited number of MAC addresses can be learned on a single switch port, whether it is confiured as an access port or a trunk port. Switch ports can be secured by defiing one or more specifi MAC addresses that should be allowed to connect and violation policies (such as disabling the port) if additional hosts try to gain a connection.

Q19. The conference room has a switch port available for use by the presenter during classes, and each presenter uses the same PC attached to the port. You would like to prevent other PCs from using that port. You have completely removed the former configuration in order to start anew. Which of the following steps is not required to prevent any other PCs from using that port?
A. Enable port security.
B. Assign the MAC address of the PC to the port.
C. Make the port an access port.
D. Make the port a trunk port.

Answer: D. You would not make the port a trunk. In this example, this switchport is a member of one VLAN. However, you can confiure port security on a trunk port, but again, not valid for this question.

Q20. Write the command required to disable the port if a security violation occurs. Write only the command and not the prompt.

Answer: switchport port-security violation shutdown This command is used to set the reaction of the switch to a port violation of shutdown.

[mks_button size=”medium” title=”CCNA Frequently Asked Questions” style=”squared” url=”https://www.configrouter.com/cisco-certified-network-associate-faq/” target=”_blank” bg_color=”#000000″ txt_color=”#FFFFFF” icon=”” icon_type=”” nofollow=”0″] [mks_button size=”medium” title=”CCNA Exam Questions with Explanation” style=”squared” url=”https://www.configrouter.com/ccna-online-training/” target=”_blank” bg_color=”#000000″ txt_color=”#FFFFFF” icon=”” icon_type=”” nofollow=”0″]