CCNA3 Exploration Chapter 2. Study questions. Answers 2.1 How does CSMA/CD work? A device that needs to transmit must listen for traffic on the shared medium. If there is traffic then it waits. If there is no traffic then it sends. The device continues to listen while sending. If another device also sends then the signals will meet and there is a collision. The device detects a collision if it receives signals while it is transmitting. On detecting a collision, the transmitting devices send out a jamming signal to warn all devices on the network that there is a collision. All devices stop transmissions and run the backoff algorithm that gives them a random time to wait before attempting to transmit again. Any device may be the first to transmit after the backoff period. The devices that were transmitting at the time of the collision do not have any priority. What are unicast, broadcast and multicast transmissions? A unicast transmission is addressed to one host. The majority of transmissions are unicast. A broadcast transmission is addressed to all hosts on the network, e.g. ARP request, RIPv1 updates. A multicast transmission is addressed to a specific group of devices. RIPv2 updates are multicast and processed only by routers running RIPv2. Videoconferencing between a group of hosts would use multicast messages. In an Ethernet frame, which field comes immediately after the start frame delimiter, and how long is this field? The Destination MAC Address field, which is 6 bytes long. What is the purpose of the Length/Type field? If the value in the Length/Type field is less than 0x0600 then it gives the length of the frame’s data field. If the value is 0x0600 or more then it is a code to identify the type of protocol running at OSI layer 3. How long is the data field, and why is a pad sometimes needed? The data field can be anything from 46 to 1500 bytes. A data field of 46 bytes would give a total frame length of 64 bytes, and this is the smallest frame allowed in order for collisions to be detected in time for the CSMA/CD process to work properly. If the amount of data is less than 46 bytes then a pad is added to make the length up to 46 bytes. SW 3/8/2016 533580526 1 What is the purpose of the field in the frame trailer? The trailer contains the Frame Check Sequence Field. The sending device carries out a cyclic redundancy check calculation based on the contents of the frame, and stores the result in this field. The receiving device carried out the same calculation and compares the result with the contents of the field. If they are different then the frame has been corrupted in transmission and should be discarded. How long is a MAC address and how is it written? 48 bits. It is written as 12 hexadecimal digits in one of three formats: 00-05-9A-3C-78-00, 00:05:9A:3C:78:00, or 0005.9A3C.7800. How does the NIC of a receiving PC use the destination MAC address? If the destination MAC address is the address of the Ethernet port of the NIC, or is a broadcast address or a multicast address being used by the device, then the frame is passed up to the network layer for further processing. If not, then the frame is discarded. What is the Organizational Unique Identifier? The first 24 bits of a MAC address. It identifies the manufacturer of the NIC or device. Where must half duplex transmission be used on an Ethernet network? Where there is a shared medium, for example where devices are connected by a hub. Ports set to use full duplex have their collision detection capabilities disabled, so full duplex must not be used on a shared medium. What are the conditions for collision-free operation on an Ethernet network? Fully switched and full duplex so that each end device has a dedicated link in each direction to the switch. What is the advantage of having a switch port set to auto, rather than full or half, and what is a potential problem? A switch port set to auto will attempt to negotiate with the device at the other end of the link on whether the link should operate using full or half duplex. If the other device is also able to autonegotiate then they will choose the best option that they can both manage, which should be full duplex. There is no need for manual configuration. There could be a problem if the other device is not able to autonegotiate, but is set to use full duplex. When autonegotiation fails, the switch will default to half duplex and there will be a mismatch leading to errors. SW 3/8/2016 533580526 2 What is the advantage of having the auto-MDIX feature enabled on a switch port? You can use either a straight-through or a crossover cable. The switch will detect which is in use and compensate accordingly. What is the purpose of a switch MAC address table? It contains a list of switch ports with the MAC address of the device connected to each port. When a frame arrives, the switch reads the destination MAC address and forwards the frame out of the correct port. How does a switch build its MAC address table? It reads the source MAC address in each incoming frame and matches it to the entry port. It adds the information to its table. (Or refreshes the information if it is already there.) What does a switch do if a frame arrives and the destination MAC address is not in its MAC address table? It floods the frame out of all ports except the incoming port. What does a switch do with a broadcast frame? It floods the frame out of all ports except the incoming port. You replace a hub with a layer 2 switch. How does this affect collision domains? It replaces a large collision domain with many small collision domains. (This should reduce the number of collisions and improve performance.) You replace a hub with a layer 2 switch. How does this affect broadcast domains? It has no effect on broadcast domains. Why can switch based latency be a problem if cheap switches are used on a busy network? Entry level switches (the cheaper models) may not have enough internal processing power to cope with all their ports operating simultaneously at their maximum bandwidth. This can cause delays. More expensive models of switch should have enough internal throughput to work at “wire speed” so that switch based latency is not an issue. SW 3/8/2016 533580526 3 Why do routers typically add more latency than switches? Routers work with layer 3 data, which is more deeply encapsulated and takes longer to extract from a frame, and they carry out more complicated processing on the data. Why does a router split a network into separate broadcast domains? Because a router does not forward broadcasts by default. Which forwarding method is used on current models of Cisco switch? Store and forward is used on current switch models. What are the two varieties of cut-through switching, and how do they work? Fast forward reads an incoming frame only as far as the end of the destination MAC address and then immediately starts to transmit on the outgoing port while the remainder of the frame is still being received. It does not carry out any kind of checking of the frame. Fragment free reads the first 64 bytes of the frame before starting to forward it. This ensures that the frame is at least 64 bytes long and therefore not a collision fragment. There is no other checking. How does store and forward switching work? The switch stores the whole of an incoming frame into a buffer, reads the whole frame and carries out a cyclic redundancy check. Damaged frames are discarded. The frame is then forwarded through the appropriate port. What is the main advantage of cut-through switching? Low and predictable latency. What are the advantages of store and forward switching? All frames are checked so that corrupted frames are not forwarded to take up bandwidth and processing time on other devices. It is possible to carry out quality of service (QoS) processing to give priority to voice and video traffic, so this form of switching is necessary on converged networks. It is possible to read a frame entering at one bandwidth and transmit it at a different bandwidth. What is the difference between a symmetric switch and an asymmetric switch? A symmetric switch has all ports working at the same bandwidth. An asymmetric switch is capable of operating with ports working at different bandwidths. Most modern switches are asymmetric. SW 3/8/2016 533580526 4 How is shared memory buffering better than port-based memory buffering? Port-based memory buffering has a separate buffer of fixed capacity for each incoming port. Shared memory buffering puts all incoming frames into the same buffer so that the memory can be allocated dynamically as required. This can allow larger frames to be processed. Port-based memory buffering keeps frames entering by each port in a separate queue. If the frame at the front of the queue needs an exit port that is busy, then the frames behind it have to wait even if their exit ports are available. In shared memory buffering, each frame can leave as soon as its exit port is available. Where ports are operating at different bandwidths, shared memory buffering is particularly important. How does a layer 3 switch differ from a layer 2 switch? The traditional Ethernet switch is a layer 2 switch, which processes layer 2 MAC addresses in order to determine how to forward frames. A layer 3 switch can do this, but it can also process layer 3 IP addresses and use them to make switching decisions. This enables layer 3 switches to carry out some routing operations that would traditionally be carried out by a router. What factors would you take into account when choosing between a layer 3 switch and a router? The need for speed – the switch is faster. The need for WAN connections – router is normally better. The need for advanced layer 3 services – need a router. Switch>enable What are you doing if you give this command? What prompt will you see next? Changing from user exec mode to privileged exec mode. Switch# Which commands would you give in order to enter interface configuration mode for interface Fa0/1, starting with the following prompt? Switch> Switch>enable Switch#configure terminal Switch(config)#interface fa0/1 Switch(config-if)# SW 3/8/2016 533580526 5 What is Cisco Network Assistant? Cisco Network Assistant is an application that can be downloaded from Cisco if you have a valid CCO account. It lets you manage single switches or groups of switches by using a graphical user interface rather than the command line interface. What is Cisco Device Manager? Cisco Device Manager is software that lets you configure and manage a switch using a web browser from anywhere in the network. This software is provided with the switch. What are the two ways of using ? to obtain help when using the command line interface? Start entering a command word and type ? without a space in front of it. You should see a list of possible ways of completing the word. Type ? with a space in front of it. You should be given a list of words that can be entered next. What is the command history buffer, and how can you show its contents? It stores the last 10 commands that were entered. (By default. You can change the number.) Each mode has its own buffer. show history is the command to list the contents. You need to give it at the right prompt, depending on which mode’s commands you want to list. What happens when you power up a switch? Boot loader software loaded from NVRAM. CPU initialisation and POST. Flash initialised. Operating system found and loaded. Configuration file loaded. Prompt displayed. How do you know whether a switch has passed or failed the POST? The SYST LED will blink green if the POST was successfully completed, but turn amber if it was not. POST messages are also displayed if you have a console connection active as you start the switch. Does a switch need an IP address? A switch will operate without an IP address. If you want to access the switch remotely by Telnet or using the web based interface or if you want to be able to ping it for test purposes then you need to give it an IP address. SW 3/8/2016 533580526 6 Which switch interface(s) should be configured with an IP address, and do you need a different IP address for each interface? Unlike a router, a switch is configured with just one IP address. This address is not configured on any of the physical interfaces. Instead it is configured on a virtual interface: a VLAN interface. At least one of the physical interfaces needs to be assigned to the VLAN that has the IP address. By default, which VLAN is used for switch management, and is it considered good practice to keep to this default? By default, VLAN 1 is used. This can lead to security problems so it is advisable to use a different VLAN for management purposes. (In the example, VLAN 99 is used, but this does not have to be the case.) Starting from privileged exec mode on switch SW1, how would you configure the ip address 192.168.1.2/24 on VLAN 99 and associate the physical FastEthernet 0/24 interface with this VLAN? Go on to configure the default gateway 192.168.1.1 and save the configuration. SW1#configure terminal SW1(config)#interface vlan 99 SW1(config-if)#ip address 192.168.1.2 255.255.255.0 SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)#interface fa 0/24 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 99 SW1(config-if)#exit SW1(config)#ip default-gateway 192.168.1.1 SW1(config)#exit SW1#copy run start What is the effect of the commands duplex auto and speed auto given in interface configuration mode on a switch? That switch port will attempt to autonegotiate the duplex setting and the bandwidth with the attached device. (This is the default condition on most switches, so you should not need to give these commands if you want autonegotiation.) What is the advantage of including the command ip http server in the switch configuration? It allows you to use the web based GUI interface for configuring the switch if you access the switch remotely. SW 3/8/2016 533580526 7 How does a dynamic address get into the switch MAC address table? The switch learns it by inspecting the source MAC address of an incoming frame. What is the advantage of using static addresses? It provides security. Only the device with the specified MAC address can connect to the switch port. Also, static addresses are not aged out and removed from the table. What command would you give to map the MAC address 000c.7671.7d90 to interface fa 0/6 on VLAN 3? mac-address-table static 000c.7671.7d90 vlan 3 interface fa 0/6 Which command would display the saved configuration? Show startup-config Which command would display the configuration currently in RAM? Show running-config Which command would give information about the hardware and the operating system? Show version Which command would display the table of MAC addresses and associated ports? Show mac-address-table Which command would tell you if ports are operational, and give their duplex and speed settings? Show interfaces You can save a switch configuration by entering copy run start but what is the full formal version of this command? What assumptions are made when you use the short version? Copy system:running-config flash:startup-config The short version assumes that the running configuration is in RAM (system) and that you want to save the configuration to flash NVRAM memory. SW 3/8/2016 533580526 8 How would you make a copy of your saved configuration to a file called backupJan08 in flash memory? Copy startup-config flash:backupJan08 (Or shorten to Copy start flash:backupJan08 ) You want to go back to the saved configuration. Why is it better to reload the switch rather than using the command copy start run? Copy start run will read the saved configuration into RAM, but it will not remove the commands already in RAM, it will just add to the existing running configuration. This may not be what you want. Which command would you use to make a copy of the running configuration to a file called SW1config on a PC with IP address 192.168.13.6 that is running TFTP server software? copy system:running-config tftp://192.168.13.6/SW1config (copy run tftp://192.168.13.6/SW1config) If you just enter copy run tftp then the system will prompt you for the IP address and the file name. You have used the command erase start to remove a saved startup configuration. Which command has the same effect? erase nvram: How would you remove a file called backupJan08 from flash memory? delete flash:backupJan08 (Be very careful when deleting files from flash. The IOS is held there with other vital files.) How would you configure switch SW1 so that console access and telnet access are protected by a password? Start in privileged exec mode and return there. Assume that the switch has 16 vty lines. Use cisco as the password in every case as you would in the lab (though of course you would not use this password on a “real” network). SW1#configure terminal SW1(config)#line con 0 SW1(config-line)#password cisco SW1(config-line)#login SW1(config-line)#line vty 0 15 SW1(config-line)# password cisco SW1(config-line)# login SW1(config-line)#end SW 3/8/2016 533580526 9 Which password is encrypted by default? Enable secret, which protects access to privileged exec mode. How can the login passwords, which are not normally encrypted, be given weak encryption? service password-encryption You want to establish a console connection with a 2960 switch, but you have forgotten the login password. You want to keep the existing saved switch configuration. What do you do? Set up a Hyperterminal connection in the usual way. Power the switch off. Power the switch on, and press the Mode button within 15 seconds while the SYS LED is still flashing green. Hold the mode button down until the LED goes amber then solid green. Give the following commands: flash_init load_helper dir flash (to show the files in flash memory) Check that the configuration file is there. It should be called config.text. Rename the configuration file so that the switch cannot find and load it. The suggestion is to call it config.text.old, though you could call it anything you like. rename flash:config.text flash:config.text.old Give the command to boot the switch so that it loads its operating system. It will also try and fail to find a saved configuration to load. boot There is no configuration in force and therefore no passwords. You have access to the switch. Do not enter the setup dialogue. You see the user exec prompt. Go to privileged exec mode. You are now safely in past any passwords, so you can restore the configuration. Give the configuration file its original name back. rename flash:config.text.old flash:config.text Copy the configuration into RAM flash:config.text system:running-config and confirm this when prompted. Set new passwords as required and save the new configuration. If you configure both a login banner and a motd banner, which will display first? The motd banner. SW 3/8/2016 533580526 10 Why should SSH be preferred to Telnet for remote access whenever possible? SSH messages are encrypted but Telnet messages are not. What is happening here? SW1(config)#ip domain-name ourdomain.com SW1(config)#crypto key generate rsa SW1(config)#ip ssh version 2 SW1(config)#line vty 0 15 SW1(config-line)#transport input SSH The switch is being configured to use SSH instead of Telnet on the vty lines. Which command would allow either SSH or Telnet to be used? SW1(config-line)#transport input all What is a MAC flooding attack? This attack depends on the facts that a switch MAC address table is limited in size, and that a switch will flood frames whose destination MAC address is unknown. The attacker makes a connection to the switch and sends the switch a large number of frames with fake source MAC addresses by using a network attack tool. This fills the table up. The switch then floods all incoming frames (fail-open mode). The attacker therefore receives all frames addressed to any host on the network. What is a DHCP spoofing attack? The attacker introduces a rogue DHCP server that is on the network segment under attack and therefore likely to be closer than the genuine DHCP server. When a host requests an IP address, the rogue DHCP server replies first and gives the host an IP address and a default gateway which directs traffic to the attacker’s device. Traffic from the host that should go to a remote network will go to the attacker instead. What is DHCP snooping? It is a security feature on a Cisco catalyst switch. It allows certain ports to be configured as trusted. Only devices connected to these ports are allowed to provide DHCP information to clients. All devices can still request IP addresses. It can also limit the rate at which DHCP requests can be sent. Why is CDP a security risk? An attacker using Wireshark (or similar) could inspect the contents of CDP packets and find out about devices. The attacker could also fake CDP packets to give false information to neighbour devices. CDP should therefore be disabled unless it is required. SW 3/8/2016 533580526 11 What are the three types of secure MAC address that can be configured on a switch port? Static, dynamic and sticky. By default, what is the security violation mode of a switch port? Shutdown. Which type of port security is being configured here? SW1(config)#int fa 0/12 SW1(config-if)#switchport mode access SW1(config-if)#switchport port-security Dynamic How would you configure switch port 0/13 to learn and accept the first four MAC addresses that connect to it, as secure sticky addresses, but then reject any other MAC addresses? Start at the prompt SW1(config)# SW1(config)#int fa 0/13 SW1(config-if)#switchport mode access SW1(config-if)#switchport port-security SW1(config-if)# switchport port-security maximum 4 SW1(config-if)# switchport port-security mac-address sticky SW1(config-if)#end Your switch has 24 ports but you are only using 14 ports at present. What should you do to enhance security? Disable all the unused ports using the shutdown command. SW 3/8/2016 533580526 12