Академический Документы
Профессиональный Документы
Культура Документы
Chapter 8
VLAN Operation
8.1) VLAN Operation Overview
A Virtual LAN (VLAN) is a broadcast domain created based on the functional, security, or other requirements, instead of the physical locations of the devices, on a switch or across switches. With VLANs, a switch can group different interfaces into different broadcast domains. Without VLANs, all interfaces of a switch are in the same broadcast domain; switches connected with each other are also in the same broadcast domain, unless there is a router in between. Different ports of a switch can be assigned to different VLANs. A VLAN can also span multiple switches.
VLANs can be configured using one of the following two methods: 8.1. A) Static VLAN
Assigning VLANs to switch ports based on the port numbers.
101
CCNA BY SALIM
It is easier to set up and manage.
VLAN Operation
102
CCNA BY SALIM
Each logical VLAN is like a separate physical bridge. VLANs can span across multiple switches. Trunks carry traffic for multiple VLANs. Trunks use special encapsulation to distinguish between different VLANs.
103
CCNA BY SALIM
Access link
A link that is part of only one VLAN. Therefore, a port connecting to an access link can be a member of only one VLAN.
Trunk link
A 100 Mbps or 1000 Mbps point-to-point link that connects switches or routers, and carries frames of different VLANs. Therefore, a port connecting to a trunk link can be a member of multiple VLANs. All VLANs are configured on a trunk link by default. VLAN Trunking, by making use of frame tagging, allows traffic from different VLANs to transmit through the same Ethernet link (trunk link) across switches. VLAN Trunking identifies the VLAN from which a frame is sent by tagging the frame with the source VLAN ID (12-bit long). This feature is known as frame tagging or frame identification. With frame tagging, a switch knows which ports it should forward a broadcast frame (forward out the ports which have the same VLAN ID as the source VLAN ID). It also knows which bridge table it should use for forwarding a unicast frame (since a separate bridge table is used for each VLAN).
104
CCNA BY SALIM
A frame tag is added when a frame is forwarded out to a trunk link, and is removed when the frame is forwarded out to an access link. Therefore, any device attached to an access link is unaware of its VLAN membership.
IEEE 802.1q
It is the IEEE standard trunking protocol. It inserts a 4-byte header to the middle of the original Ethernet header. The 802.1q header contains the 12-bit VLAN ID and some other information.
105
CCNA BY SALIM
(6 bytes)
Recalculation of the FCS is required after the insertion of the 802.1q header as the original header has been changed. It did not support a separate instance of spanning tree for each VLAN originally. However, Cisco switches can use PVST+ with 802.1q to support this feature. IEEE has also defined a new specification called 802.1S, which can be used with 802.1q to support multiple instances of spanning tree. It defines one VLAN as the native VLAN. It does not insert 802.1q header into the frames sent from the native VLAN over a trunk link. The default native LAN is VLAN 1. Since 802.1q is defined as a type of Ethernet frame, it does not require that every device on a link understands 802.1q. By defining a trunk port as a member of the native VLAN, any Ethernet device (even if it does not understand 802.1q) connected to the trunk port can read frames for the native VLAN. Both sides of a trunk link must agree on which VLAN is used as the native VLAN. Otherwise, the trunk will not operate properly.
802.1Q Trunking
106
CCNA BY SALIM
107
CCNA BY SALIM
802.1Q Frame
108
CCNA BY SALIM
ISL Tagging
109
CCNA BY SALIM
ISL Encapsulation
110
CCNA BY SALIM
domain Maintains VLAN configuration consistency throughout a common administrative Sends advertisements on trunk ports only
Client
Forwards advertisements Synchronizes Not saved in NVRAM Creates VLANs Modifies VLANs
Transparent
111
CCNA BY SALIM
Deletes VLANs Forwards advertisements Does synchronize Saved in NVRAM
not
VTP Operation
VTP advertisements are sent as multicast frames. VTP servers and clients are synchronized to the latest revision number. VTP advertisements are sent every 5 minutes or when there is a change.
VTP Pruning
Increases available bandwidth by reducing unnecessary flooded traffic Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN
112
CCNA BY SALIM
Practicals P.1) Switch Inter VLAN(Virtual Local Area Network) Configuration LAB 3550 Switch 3560 Switch
Chapter 9
CCNA BY SALIM
IPSec is an industry-wide standard suite of protocols and algorithms that allows for secure data transmission over an IP-based network that functions at the layer 3 network layer of the OSI model. IPSec cant be used to encrypt non-IP traffic. This means that if you run into a situation where you have to encrypt non-IP traffic, youll need to create a GRE tunnel for it and then use IPSec to encrypt that tunnel
IP Sec Transforms
An IPSec transform specifies a single security protocol with its corresponding security algorithm; without these transforms, IPSec wouldnt be able to give us its glory. Its very important to understand the security protocols and the supporting encryption and hashing algorithms that IPSec relies upon.
Working mechanism :
The sender generates a one-way hash; then the receiver generates the same one-way hash. If the packet has changed in any way, it wont be authenticated and will be dropped. So basically, IPSec relies upon AH to guarantee authenticity. AH checks the entire packet, but it doesnt offer any encryption services.
114
CCNA BY SALIM
Confidentiality is provided through the use of symmetric encryption algorithms like DES or 3DES. Confidentiality can be selected separately from all other services, but the confidentiality selected must be the same on all endpoints of your VPN. Data origin authentication and connectionless integrity : Data origin authentication and connectionless integrity are joint services offered as an option in conjunction with the likewise optional confidentiality. Anti-replay service : You can only use the anti-replay service if data origin authentication is selected. Antireplay election is based upon the receiver, meaning the service is effective only if the receiver checks the sequence number. In case you were wondering, a replay attack is when a hacker nicks a copy of an authenticated packet and later transmits it to the intended destination. When the duplicate, authenticated IP packet gets to the destination, it can disrupt services and other ugly stuff. The Sequence Number field is designed to foil this type of attack. Traffic flow : For traffic flow confidentiality to work, you have to have tunnel mode selected. And its most effective if its implemented at a security gateway where tons of traffic amasses a situation that can mask the true source-destination patterns of bad guys trying to breach your networks security.
Chapter 10
115
CCNA BY SALIM
20.0.0.1 S0/0
1700A
Sw itch
F0/0 10.0.0.1
Internet
10.0.0.4
116
CCNA BY SALIM
Router(config)#config-register 0X2101 Router(config)#exit Router#reload Few second to reload Router(config)#interface F0/0 Router(config-if)#ip address 10.0.0.1 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#^Z Router#ping 10.0.0.3 Router#copy tftp: flash: Host: 10.0.0.3 Source file name: xxxxxxxxxx Same name to transfer: xxxxxxxxxx erase :yes
117
CCNA BY SALIM
Router(config-line)#password 123 Router(config-line)#login Password recovery steps Switch off our Router then on Press Control+Break Rommon 1 >confreg 0X2142 (to by pass the NVRAM) Rommon 2 >reset Would u like to default configuration ? No Router#show running configuration Router#show startup configuration To see a Password Router#show ver Router#config t Router(config)#config-register 0X2102 Router(config)#exit Router#reload No
F0/0 10.0.0.1
Internet
10.0.0.3
10.0.0.4
CCNA BY SALIM
20.0.0.2 S0/0
1700B
Internet
F0/0 30.0.0.1
10.0.0.4
119
CCNA BY SALIM
20.0.0.2 S0/0
1700B
Internet
F0/0 30.0.0.1
10.13) IPv6 with GRE (Generic Routing Encapsulation) Tunnel Configuration LAB 10.14) IPV6 Routing Configuration
CISCO DEFINATIONS
ADSP AEP - AppleTalk Data Stream Protocol - AppleTalk Echo Protocol
120
CCNA BY SALIM
AFP AFP APPN ARB ARIS ARLL ARP ASP ATM BGP BOOTP BPDU CIDR CIR CPE DARPA DEMARC DHCP DHCP DSAP EIT/TIA - AppleTalk Filling Protocol - AppleTalk Filling Protocol - Advanced Peer-to-Peer Net-working - Area Border router. - Aggregate Route-Based Switching. - Advanced Run-Length Limited - Address Resolution Protocol - AppleTalk Session Protocol - Asynchronous Transfer Mode - Border Gateway Protocol - Bootable Protocol - Bridge Protocol Data Unit - Classes Inter-Domain Routing - Committed Information Rate - Customer Permises Equipment - Defense Advanced Research Projects Agency - Demarcation - Dynamic Host Configuration Protocol - Dynamic Host Configuration Protocol - Destination Service Access Point - Electronics Industry Association /
Telecommunications Industry Association EGP EBGP EIGRP FCS FDM - Exterior Gateway Protocol - External Border Gateway Protocol - Enhanced Interior Gateway Routing Protocol - Frame Check Sequence - Fequency- Division Multiplexing
121
CCNA BY SALIM
FTP GPS HDLC HTTP - File Transfer Protocol - Global Positioning Services - High-level Data Link Control - Hypertext Transfer Protocol
HTTPS - Hypertext Transfer Protocol Secure ICMP ICS IGMP IGRP - Internet Control Message Protocol - Internet Connection Sharing - Internet Group Management Protocol - Interior Gateway Routing Protocol
IMAP4 - Internet Message Access Protocol, Version 4 INARP - Inverse ARP IOS ISDN IP LCP LDAP LMI LPD LPR - Internetwork Operating System - Integrated Services Digital Network - Internet Protocol - Link Control Protocol - Lightweight Directory Access Protocol - Local Management Interface - Line Printer Daemon - Line Printer Remote
MMDS - Multipoint Microwave Distribution System NBP NCP NDS NNTP NTP NVRAM OSPF - Name Binding Protocol - NetWare Core Protocol - NetWare Directory Service - Network News Transfer Protocol - Network Time Protocol - Nonvolatile RAM - Open Shortest Path First
122
CCNA BY SALIM
OUI PAP POP PPP PPPoA PPPoE PPTP PVC Proxy ARP RAID RARP RAS RDP RIP RTMP SAP SCP SFTP SLIP SMB STP SMTP SNAP SNMP SSAP SSH STP - Organizationally Unique Identifier - Printer Access Protocol - Point Of Presence (Post Office Protocol) - Point-to-Point Protocol - Point-to-Point Protocol over ATM - Point-to-Point Protocol Ethernet - Point-to-Point Tunneling Protocol - Permanent Virtual Circuit - Proxy Address Resolution Protocol - Redundant Array of Inexpensive (Independent) Disks - Reverse Address Resolution Protocol - Windows Remote Access Service - Remote Desktop Protocol - Routing Information Protocol - Routing Table Maintenance Protocol - Service Advertising Protocol - Secure Copy Protocol - Secure File Transfer Protocol - Serial Line Internet Protocol - Server Message Block - Spanning Tree Protocol - Simple Mail Transfer Protocol - Sub-Network Access Protocol - Simple Network Management Protocol - Source Service Access Point - Secure Shell - Spanning Tree Protocol
123
CCNA BY SALIM
SVC TDM TDM TELNET TFTP UDP - Switched Virtual Circuit - Time Division Multiplexed - Time-Division Multiplexing - Terminal Emulation - Trivial File Transfer Protocol - User Datagram Protocol
VLANs- Virtual LANs VLSM WLAN ZIP IETF VPN NAS LNS PPP ISAKMP PPTP L2TP L2TPv3 MPLS L2F - Variable Length Subnet Masking - Wireless LAN - Zone Information Protocol - Internet Engineering Task Force - Virtual private networks - Network Access server - L2TP Network Server - Point-to-Point Protocol - Internet Security Association and Key Management Protocol - point-to-point tunneling protocol - Layer 2 Tunnelling Protocol - Layer 2 Tunnelling Protocol version 3 - Multi-protocol label switching - Layer 2 Forwarding
VPDN
PPTP
124
CCNA BY SALIM
Vlan is a logical grouping or segmenting a network connected to administratively defined ports on a switch, they provide Broadcast control, Security and Flexibility.
125
CCNA BY SALIM
6, What is RAID?
A method used to standardize and categorize fault-tolerant disk systems. RAID levels provide various mixes of performance, reliability, and cost. Some servers provide three of the RAID levels: Level 0 (striping), Level 1 (mirroring), and Level 5 (striping & parity).
126
CCNA BY SALIM
A device connected to multiple physical TCP/IP networks capable of routing or delivering IP packets between them. 127
CCNA BY SALIM Router Its a layer 3 device that connects 2 different networks and routes packets of data from one network to another. It breaks up Broadcast domain as well as Collision Domain.
128
CCNA BY SALIM
22,What is Cladding?
A layer of a glass surrounding the center fiber of glass inside a fiber-optic cable.
23,What is Attenuation?
In communication weakening or loss of signal energy, typically caused by distance.
25,What is ICMP?
ICMP Internet Control Message Protocol It is a Network Layer Internet protocol, which can report errors and status information. We can use the ping command to send ICMP echo request messages and record the receipt of ICMP echo reply messages. With these messages, we can detect network or host communication failures and troubleshoot common TCP/IP connectivity problems.
27,What is the difference between TFTP and FTP application layer protocols?
TFTP Trivial File Transfer Protocol A stripped down version of FTP, easy to use and fast. TFTP has no Directory browsing, o Authentication and insecure it can only send and receive files. FTP File Transfer Protocol The TCP/IP protocol used for transmitting files between network nodes. FTP allows access to both Directories and files, manipulating directories, typing file contents and copying files between hosts.
129
CCNA BY SALIM
29,What MAU?
MAU Multistation Access Unit
CCNA BY SALIM
A group of Networks under mutual administration that share the same routing methodology. Autonomous Systems are subdivided by Areas and must be assigned an individual 16-bit number by the IANA.
40,What is Kerberos?
An authentication mechanism used to verify user or host identity. Kerberos uses encryption to prevent intruders from discovering passwords and gaining unauthorized access to files.
Its a Classless Routing Protocol meaning when updates are sent they send both IP address and Subnet mask.
Administrative Distance is 110. Metric used is Cost i.e. Cost= 108 --------------Bandwidth OSPF uses algorithm to build Routing Table called Dijisktra. Sends only Incremental and Triggered updates. Route updates sent within the routers will be secured with the help of MD5 encrypted password. Routing updates are sent as Multicast addresses i.e. 224.0.0.5 SPF (all OSPF routers) 224.0.0.6 Designated router and Backup Designated router OSPF maintains 3 types of Routing table i.e. Routing Table (Dijisktra), Topology Table (SPF) and Neighborship Table. In OSPF Routers can be connected in two methods i.e. Point-to-Point Link Point to Multipoint Link
131
CCNA BY SALIM
In OSPF a single large Autonomous system is break into small areas. There should be atleast one area by name Area 0. Its called as Backbone Area. The Router that connects more than one Area is called as Area Border Routers. The Router that connects to other Autonomous system is called as Autonomous System Boundary Router. Router ID If the priority is set 1 to all the routers then there is a tie in priority, in this case it will check if there is any loopback address is given to any router if not the router with highest value of IP address will be elected as Router ID. This router will be then called as Designated Router and the router with less value of IP address after Designated Router will be called as Backup Designated Router. If a Router has all interfaces existing in single area than that router is called as Internal Router. Whenever a router send routing updates to DR and BDR it uses Destination address as 224.0.0.6 and when DR send updates to all the routers it uses Destination address as 224.0.0.5.
Adjacency Built If both router interfaces belongs to same Area, same Password then Hallo and Dead Intervals should be set same. Neighborship Built If both routers are adjacent to each other then Neighborship is built in Routers. When one routerRA sends updates i.e. Link State Advertisements to other routerRB it will send that update to Topology Database of routerRB and will run an algorithm SPF on routerRB to create a new Topology Table. After that Dijisktra Algorithm is run to find the best path and that entry will be put in Routing Table.
132
CCNA BY SALIM
The router when sends Hallo packets to other router a Neighborship Table is set on that Router.
133
CCNA BY SALIM
49,BOOTP helps a diskless workstation boot. How does it get a message to the network looking for its ip address?
A protocol used primarily on TCP/IP networks to configure diskless workstations. BOOTP sends a UDP message with a subnetwork broadcast address and waits for a reply from a server that gives it the IP address.
51,How do Data Link layer addresses and Network addresses differ? Give a description of each.
Besides the names suggesting that addresses reside at different layers, other differences do exist. Data Link layer addresses are assigned by the manufacturer and identify the actual hardware device. A Network layer address is a logical address assigned by the network administrator to identify a device running a Network layer protocol, such as IP.
52,What are the differences or similarities, if any, between repeaters, hubs, and concentrators?
First, they are all Physical layer devices. Repeaters regenerate and amplify the signal traveling on the wire to extend the normal distance limitation of the signal. A repeater can connect two network segments. A hub and a concentrator are the same thing, with hub being the more common term used today. Hubs are repeaters with 824 ports. When one machine attached to the hub sends anything over the network, all the devices attached to the hub receive that signal.
134
CCNA BY SALIM
56,What would be the best network segmentation device if you wanted to connect two dissimilar networks, such as Ethernet and Token-Ring?
A,A bridge or a switch B,A concentrator or a hub C,A router D,A gateway Answer A is incorrect because bridges and switches cant perform protocol translation. Answer B is incorrect because neither a concentrator nor a hub can segment a network. Answer C is correct because routers can provide translation between dissimilar protocols, among other things. Answer D is incorrect because a gateway functions as a translator, not a segmentation device.
57,Why is overhead or latency associated with routers? (Choose all that apply.)
A,Routers must work at layer 3, which is inherently slower. B,Routers must examine the frame header before passing it. C,Routers must hold a frame for a given period of time for security purposes. D,Routers must translate the signal, but then the signal can cut through directly. Answer A is correct because resolving those addresses is more time consuming. Answer B is correct because the router must examine and consider the frame header detail before passing it, which slows processing. Answers C and D are incorrect because they are simply not accurate. 58,Which of the following represents Physical layer devices? A,Repeaters, bridges, and concentrators B,Repeaters, hubs, and concentrators C,Repeaters, routers, and bridges
135
CCNA BY SALIM
D,Repeaters, routers, and switches Answer B is correct because repeaters, hubs, and concentrators comprise the only combination that resides at the Physical layer. Answers A, C, and D are combinations of devices that reside at different layers. 59,How do routers make routing decisions? A,They build tables and make their decisions based on those tables. B,They perform lookups and make their decisions dynamically with discovery. C,They use hello packets to discover routes on the fly. D,They query NetBIOS cache for the appropriate paths. Answer A is correct because routing decisions are made based on the contents of routing tables. Answer B is incorrect because routers are incapable of making decisions without tables already in place. Answer C is incorrect because hello packets are used to calculate routes when new routers are added to a network. Answer D is incorrect because it is simply inaccurate. 60,Choose the devices that are used for Data Link layer segmentation. A,Concentrators and switches B,Routers and bridges C,Bridges and switches D,Bridges and hubs Answer A is incorrect because concentrators reside at the Physical layer and switches at the Data Link layer. Answer B is incorrect because routers are level 3 devices and bridges are level 2 devices. Answer C is correct because bridges and switches reside at the Data Link layer. Answer D is incorrect because bridges reside at the Data Link layer and hubs at the Physical layer. 61,What is an advantage of having a VLAN (Virtual LAN)? A,Traffic control between VLANs is processor intensive. B,Broadcasts of multicast traffic are contained within one VLAN. C,Theyre more flexible because they enable device assignment only on a port-by-port basis. D,With VLANs, users are not inherently isolated by group. Answer A is incorrect because there is nothing more or less processor intensive about VLANs. Answer B is incorrect because there is no such thing as a broadcast of multicast traffic; the words broadcast and multicast are mutually exclusive. Answer C is correct because VLANs extend the flexibility of LANs by enabling the port-by-port isolation of users and assignment to distinct VLANs if desired. Answer D is incorrect because VLANs by their definition segment workgroups. 62,Which two characteristics describe Store and Forward switching?
136
CCNA BY SALIM
A,The entire frame is copied into the buffer. B,The frame is forwarded based on the first six bytes. C,It provides higher throughput. D,It provides error checking. Answers A and D are correct because Store and Forward switching copies the entire frame into the buffer before forwarding, which also provides for error checking. Answers B and C are incorrect because they describe Cut-Through. 63,Which two characteristics describe Cut-Through switching? A,The entire frame is copied into the buffer. B,The frame is forwarded based on the first six bytes. C,It provides higher throughput. D,It provides error checking. Answers B and C are correct because Cut-Through switching provides forwarding based on what is contained in the first six bytes of the frame, which provides higher throughput. Answers A and D are incorrect because they describe Store and Forward switching. 64,Name the Cisco proprietary protocol that allows VLANs to be managed within domains. VTP (VLAN Trunking Protocol) allows multiple VLANs to be managed within a single VTP domain. 65,Name the three VTP modes in which a switch can operate. VTP switches operate in one of three modes: server, client, or transparent. 66,Name the Cisco proprietary protocol used on Fast Ethernet VLAN trunk links. ISL (Inter-Switch Link) protocol is used to encapsulate VLAN traffic over Fast Ethernet trunk links. 67,At what layer of the OSI model do VLANs operate? VLANs operate at layer 2 of the OSI model. 68,To allow Inter-VLAN communication, what does your router require? You need a router that has some kind of viable trunking connection, such as Fast Ethernet (ISL), and must be configured with subinterfaces. 69,Choose one method of decreasing broadcasts across a switched network. A,Set up an Intra-LAN. B,Set up a workgroup banded by a server cluster. C,Set up a VLAN to isolate traffic. D,Set up a firewall to isolate traffic.
137
CCNA BY SALIM
Answers A and B are incorrect because they are simply false. Answer C is correct because each VLAN becomes its own broadcast domain. Answer D is incorrect because a firewall is meant to shelter internal networks from intrusion from the outside. 70,Choose two benefits of VLAN implementation. A,VLANs incorporate only one router per routed subnet. B,VLANs control broadcasts. C,VLANs amplify broadcasts. D,VLANs ease security restrictions. E,VLANs provide increased network security. Answer A is incorrect because routers are not at all necessary for a VLAN to operate. Answers B and E are correct because VLAN implementation controls broadcasts and provides isolation, therefore security. Answers C and D are simply incorrect. 71,What is the purpose of a trunking protocol? A,To connect the backbone of a primary VLAN to the backbone of a secondary VLAN B,For one switch fabric to be integrated with another switch fabric C,For a VLAN on one switch to be linked to a VLAN on another switch D,To enable multiple trunking protocols to communicate Answers A is incorrect because it uses wrong terminology. Answer B is incorrect because switch fabric is a hardware-related component of a switch and belongs to one switch only. Answer C is correct because trunking protocols allow management of VLANs with similar or dissimilar trunking protocols. Answer D is incorrect because a trunking protocol does not enable multiple trunking protocols to communicate. 72,Choose the encapsulation protocol used on Fast Ethernet links. A,Cisco Switch Link B,Dedicated Switch Link C,Inter-Switch Link D,VLAN Switch Link Answer C is correct because Inter-Switch Link protocol is the encapsulation protocol used on Fast Ethernet links. Answers A, B, and D is incorrect because no such links exist. 73,At which layer of the OSI model does ISL function? A,Data Link layer B,Network layer C,Physical layer D,LLC Data Link sublayer
138
CCNA BY SALIM
Answer A is correct because ISL functions at the Data Link layer of the OSI model. Answers B and C are incorrect because ISL does not function at those layers of the OSI model. Answer D is incorrect because the specific sublayer does not have any distinction in this context. 74,Which method is used by VTP to convey VLAN configuration information within its management domain? A,Through directed broadcasts B,Through LSAs local service advertisements C,Through multicast advertisements D,Through port flooding Answer C is correct because multicast advertisement convey configuration information to all connected switches in the same management domain. Answers A, B, and D is incorrect because they do not convey information within management domains. 75,In ATM LANE, what factor determines the type of trunking protocol used? A,The link type B,The encapsulation mode C,The density of VLANs D,The ATM LANE Module type Answer A is correct because the link type determines the type of trunking protocol used. Answers B and C are incorrect because they are simply false. Answer D is incorrect because the ATM LANE Module is a hardware card and does not affect trunking protocols. 76,What is VTP designed to do? A,It enables an administrator to manage VLANs across multiple trunk links. B,It enables an administrator to manage VLANs across dissimilar trunking protocols. C,It enables an administrator to merge the management duties of more than two trunk links together. D,It is used to synchronize VTP advertisements across multiple trunk links. Answer A is incorrect because trunk links do not address the aspect of communication. Answer B is correct because VTP is designed to enable an administrator to manage VLANs running dissimilar trunking protocols. Answer C is incorrect because a trunk link does not necessary entail management duties on its own. Answer D is incorrect because it is simply false. 77,What is a limitation of Intra-VLAN traffic? A,Communication is limited to VLANs directly connected to a router. B,Communication is limited to VLANs off the same switch backplane. C,Communication is limited to devices within the same VLAN.
139
CCNA BY SALIM
D,Communication is limited to devices between VLANs. Answer A is incorrect because VLANs are connected for Inter-VLAN communication. Answer B is incorrect because the backplane is where traffic is actually switched, and it is a hardware component. Answer C is correct because that is the very definition of Intra-VLAN traffic. Answer D is incorrect because VLANs cannot talk to each other without a router. 78,VTP (Virtual Trunking Protocol) exists at which layer and for what purpose? A,Layer 2, to maintain VLAN configuration consistency B,Layer 2, to maintain trunking protocol synchronization C,Layer 2, to maintain domain synchronization D,Layer 3, to maintain access lists Answer A is correct because VTP operates at layer 2 and maintains VLAN configuration consistency. Although the OSI layer is correct, answers B and C are incorrect because the second portion of the answers is incorrect. Answer D is incorrect because VTP and switching do not operate at layer 3 and access lists are maintained on routers. 78,What two basic steps are necessary to create access list filters? The first step is to build the list at global configuration mode using the access-list command followed by an access list number signifying the type. The second step is to apply the list to an interface by using the [protocol type] access-group command followed by the access list number and parameters. 79,Identify the appropriate access list range values used to create access lists. A,IP standard access list = 199 B,IP extended access list = 100199 C,IPX standard access list = 800899 D,IPX extended access list = 900999 E,IPX SAP filter = 10001099 80,What is the purpose of a wildcard mask? To enable an administrator to apply an access list rule to a group of hosts or subnets by masking off bits within an IP address, making the bit positions within the mask variable. 81,Name the access list keywords. any = 0.0.0.0 255.255.255.255 host = specific IP address of an end host (192.16.10.2 0.0.0.0)
140
CCNA BY SALIM
82,How does the direction in which an access list is applied affect datagram processing? Access lists applied to an interface in an inbound direction determine whether a datagram received on an interface will be forwarded or blocked. Access lists applied to an interface in an outbound direction determine whether a datagram already received will be forwarded out that interface. 83,What is the access list number range used to identify an IP standard access list? A,0100 B,1100 C,199 D,110 E,101199 Answer C is correct because the correct value range to identify an IP standard access list is 199. Answers A, B, D, and E are incorrect because they are not ranges used to identify an IP standard access list. 84,Write the command that would apply access list 100 to interface E0 in an outbound direction. (Assume you are already at interface configuration mode of the Ethernet interface.) A,IP access-group 100 out B,IP access-list 100 out C,IP access-group 100 in D,IP access-group E0 out Answer A is correct because IP access-group 100 out is the command that would apply access list 100 to interface E0 in an outbound direction. Answers B, C, and D are simply incorrect. 85,Which of the following commands creates a standard IP extended access list that enables ping echo requests to be sent from any host on network 166.10.0.0 to network 155.10.0.0? A,Access-list 12 permit IP 166.10.0.0.0.0.255.255 host 155.10.0.0 B,Access-list 120 permit ICMP 166.10.0.0 0.0.255.155 155.10.0.0 0.0.0.255 eq echo C,Access-list 120 permit 166.10.0.0.0.0.255.255 host 155.10.0.0 D,Access-list 120 permit ICMP 166.10.0.0 0.0.255.255 155.10.0.0 0.0.255.255 eq echo Answer A is incorrect because the access list number is not an extended list number. Also, the protocol type is IP not ICMP, and the destination is specifying the host keyword but using a subnet value instead, which is invalid. Answer B is incorrect because it uses an incorrect inverse
141
CCNA BY SALIM
mask for the destination network. Answer C is incorrect because it does not specify the protocol after the permit statement and also is using the host keyword with the destination network. Answer D is correct because it uses a valid access list number and syntax to forward ICMP echo requests. 86,Write the command to view all access lists created on your router regardless of protocol. A,show access-lists B,show ip access-lists C,show ipx interfaces D,show ipx servers 87,Answer A is correct because show access-lists enables you to view all access lists created on your router regardless of protocol. Answers B, C, and D are incorrect because these commands do not enable you to perform that specific function. Which of the following best describes the function of the following access list line?
142
CCNA BY SALIM
89,Which command can you use to display a list of access list filters configured on your router for IP only? A,show IP access-lists B,show access-lists C,show IPX interfaces D,show IPX servers Answer A is correct because show IP access-lists enables you to display a list of access list filters configured on your router for IP only. Answers B, C, and D are incorrect because these commands do not enable that specific function. 90,Write the command to bind IPX extended access list 901 to interface serial 0 on an inbound direction. A,IPX access-group 901 in B,IPX access-group 901 S0 out C,IPX access-group 910 in D,IPX access-group 901 out Answer A is correct because IPX access-group 901 in is the command that will bind the IPX extended access list 901 to interface serial 0 on an inbound direction. Answers B, C, and D are incorrect because they are simply false. 91,Which two of the following commands will enable Telnet traffic from all hosts on network 166.10.0.0 to be forwarded to the Telnet server 137.2.10.1? A,Access-list 110 permit TCP 166.10.0.0 0.0.255.255 host 137.2.10.1 eq Telnet B,Access-list 99 permit TCP 166.10.0.0 0.0.255.255 137.2.10.1 0.0.0.0. eq 23 C,Access-list 110 permit TCP 166.10.0.0 0.0.255.255 137.2.10.1 0.0.0.0 eq 23 D,Access-list 110 permit IP 166.10.0.0 0.0.255.255 137.2.10.1 0.0.0.0. eq 23 Answers A and C are correct. The only difference between the two is that Answer A uses the host keyword and the Telnet keyword instead of a port number. Answer B is incorrect because the access list number is 99, which is used for standard lists. Answer D is incorrect because it uses IP instead of TCP after the permit statement.
143