Important Info: These new valid Cisco 642-813 exam questions were updated in recent days by Flydumps,please visit our website to get the full version of new Cisco 642-813 exam dumps with free version of new VCE Player,you can pass the exam easily by training it!
QUESTION 57
Which statement is a characteristic of multi-VLAN access ports?
A. The port has to support STP PortFast.
B. The auxiliary VLAN is for data service and is identified by the PVID.
C. The port hardware is set as an 802.1Q trunk.
D. The voice service and data service use the same trust boundary.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 58
Which two statements are true about recommended practices that are to be used in a local VLAN solution design where layer 2 traffic is to be kept to a minimum? (Choose two.)
A. Routing should occur at the access layer if voice VLANs are utilized. Otherwise, routing should occur at the distribution layer.
B. Routing may be performed at all layers but is most commonly done at the core and distribution layers.
C. Routing should not be performed between VLANs located on separate switches.
D. VLANs should be local to a switch.
E. VLANs should be localized to a single switch unless voice VLANs are being utilized.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
Exam B QUESTION 1
Refer to the exhibit.
BPDUGuard is enabled on both ports of SwitchA. Initially, LinkA is connected and forwarding traffic. A new LinkB is then attached between SwitchA and HubA. Which two statements about the possible result of attaching the second link are true? (Choose two.)
A. The switch port attached to LinkB does not transition to up.
B. One or both of the two switch ports attached to the hub goes into the err-disabled state when a BPDU is received.
C. Both switch ports attached to the hub transitions to the blocking state.
D. A heavy traffic load could cause BPDU transmissions to be blocked and leave a switching loop.
E. The switch port attached to LinkA immediately transitions to the blocking state.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 2
What action should a network administrator take to enable VTP pruning on an entire management domain?
A. Enable VTP pruning on any client switch in the domain.
B. Enable VTP pruning on every switch in the domain.
C. Enable VTP pruning on any switch in the management domain.
D. Enable VTP pruning on a VTP server in the management domain.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 3
How does VTP pruning enhance network bandwidth?
A. by restricting unicast traffic across VTP domains
B. by reducing unnecessary flooding of traffic to inactive VLANs
C. by limiting the spreading of VLAN information
D. by disabling periodic VTP updates
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 4
In the hardware address 0000.0c07.ac0a, what does 07.ac represent?
A. vendor code
B. HSRP group number
C. HSRP router number
D. HSRP well-known physical MAC address
E. HSRP well-known virtual MAC address
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation: HSRP code (HSRP well-known virtual MAC address) The fact that the MAC address is for an HSRP virtual router is indicated in the next two bytes of the address. The HSRP code is always 07.ac. The HSRP protocol uses a virtual MAC address, which always contains the 07.ac numerical value. Reference: Building Cisco Multilayer Switched Networks (Cisco Press) page 268
QUESTION 5
Refer to the exhibit.
The network operations center has received a call stating that users in VLAN 107 are unable to access resources through router 1. What is the cause of this problem?
A. VLAN 107 does not exist on switch A.
B. VTP is pruning VLAN 107.
C. VLAN 107 is not configured on the trunk.
D. Spanning tree is not enabled on VLAN 107.
Correct Answer: B Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 6
Which protocol will enable a group of routers to form a single virtual router and will use the real IP address of a router as the gateway address?
A. Proxy ARP
B. HSRP
C. IRDP
D. VRRP
E. GLBP
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The Virtual Router Redundancy Protocol (VRRP) feature enables a group of routers to form a single virtual
router. The LAN clients can then be configured with the virtual router as their default gateway. The virtual
router, representing a group of routers, is also known as a VRRP group.
VRRP is defined in RFC 2338.
Reference: http://www.faqs.org/rfcs/rfc2338.html
QUESTION 7
On a multilayer Cisco Catalyst switch, which interface command is used to convert a Layer 3 interface to a Layer 2 interface?
A. switchport
B. no switchport
C. switchport mode access
D. switchport access vlan vlan-id
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
The switchport command puts the port in Layer 2 mode. Then, you can use other switchport command
keywords to configure trunking, access VLANs, and so on.
QUESTION 8
Refer to the exhibit.
What can be determined about the HSRP relationship from the displayed debug output?
A. The preempt feature is not enabled on the 172.16.11.111 router.
B. The nonpreempt feature is enabled on the 172.16.11.112 router.
C. Router 172.16.11.111 will be the active router because its HSRP priority is preferred over router
172.16.11.112.
D. Router 172.16.11.112 will be the active router because its HSRP priority is preferred over router
172.16.11.111.
E. The IP address 172.16.11.111 is the virtual HSRP router IP address.
F. The IP address 172.16.11.112 is the virtual HSRP router IP address.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of both routers include this command so that each router can be the standby router for the other router. The 1 indicates that this command applies to Hot Standby group 1. If you do not use the standby preempt command in the configuration for a router, that router cannot become the active router.
QUESTION 9
Refer to the exhibit.
All network links are FastEthernet. Although there is complete connectivity throughout the network, Front Line users report that they experience slower network performance when accessing the server farm than the Reception office experiences. Which two statements are true? (Choose two.)
A. Changing the bridge priority of S1 to 4096 would improve network performance.
B. Changing the bridge priority of S1 to 36864 would improve network performance.
C. Changing the bridge priority of S2 to 36864 would improve network performance.
D. Changing the bridge priority of S3 to 4096 would improve network performance.
E. Disabling the Spanning Tree Protocol would improve network performance.
F. Upgrading the link between S2 and S3 to Gigabit Ethernet would improve performance.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 10
What two things occur when an RSTP edge port receives a BPDU? (Choose two.)
A. The port immediately transitions to the forwarding state.
B. The switch generates a Topology Change Notification BPDU.
C. The port immediately transitions to the err-disable state.
D. The port becomes a normal STP switch port.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 11
What is the effect of configuring the following command on a switch?
Switch(config) # spanning-tree portfast bpdufilter default
A. If BPDUs are received by a port configured for PortFast, then PortFast is disabled and the BPDUs are processed normally.
B. If BPDUs are received by a port configured for PortFast, they are ignored and none are sent.
C. If BPDUs are received by a port configured for PortFast, the port transitions to the forwarding state.
D. The command enables BPDU filtering on all ports regardless of whether they are configured for BPDU filtering at the interface level.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 12
Refer to the exhibit.
Based on the debug output, which three statements about HSRP are true? (Choose three.)
A. The final active router is the router with IP address 172.16.11.111.
B. The router with IP address 172.16.11.111 has preempt configured.
C. The priority of the router with IP address 172.16.11.112 is preferred over the router with IP address
172.16.11.111.
D. The IP address 172.16.11.115 is the virtual HSRP IP address.
E. The router with IP address 172.16.11.112 has nonpreempt configured.
F. The router with IP address 172.16.11.112 is using default HSRP priority.
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 13
Refer to the exhibit.
Which two problems are the most likely cause of the exhibited output? (Choose two.)
A. spanning tree issues
B. HSRP misconfiguration
C. VRRP misconfiguration
D. physical layer issues
E. transport layer issues
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 14
Refer to the exhibit.
What does the command channel-group 1 mode desirable do?
A. enables LACP unconditionally
B. enables PAgP only if a PAgP device is detected
C. enables PAgP unconditionally
D. enables EtherChannel only
E. enables LACP only if an LACP device is detected
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 15
Refer to the exhibit.
Which two statements are true? (Choose two.)
A. Interface gigabitethernet 0/1 has been configured as Layer 3 ports.
B. Interface gigabitethernet 0/1 does not appear in the show vlan output because switchport is enabled.
C. Interface gigabitethernet 0/1 does not appear in the show vlan output because it is configured as a trunk interface.
D. VLAN2 has been configured as the native VLAN for the 802.1q trunk on interface gigabitethernet 0/1.
E. Traffic on VLAN 1 that is sent out gigabitethernet 0/1 will have an 802.1q header applied.
F. Traffic on VLAN 2 that is sent out gigabitethernet 0/1 will have an 802.1q header applied.
Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 16
Which two statements about HSRP, VRRP, and GLBP are true? (Choose two.)
A. GLBP allows for router load balancing of traffic from a network segment without the different host IP configurations needed to achieve the same results with HSRP.
B. GLBP allows for router load balancing of traffic from a network segment by utilizing the creation of multiple standby groups.
C. GLBP and VRRP allow for MD5 authentication, whereas HSRP does not.
D. Unlike HSRP and VRRP, GLBP allows automatic selection and simultaneous use of multiple available gateways.
E. HSRP allows for multiple upstream active links being simultaneously used, whereas GLBP does not.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 17
Refer to the exhibit and the partial configuration of switch SW_A and SW_B.
STP is configured on all switches in the network. SW_B receives this error message on the console port:
00:06:34: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half duplex), with SW_A FastEthernet0/4 (half duplex), with TBA05071417(Cat6K-B) 0/4 (half duplex).
What is the possible outcome of the problem?
A. The root port on switch SW_A will automatically transition to full-duplex mode.
B. The root port on switch SW_B will fall back to full-duplex mode.
C. The interfaces between switches SW_A and SW_B will transition to a blocking state.
D. Interface Fa 0/6 on switch SW_B will transition to a forwarding state and create a bridging loop.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 18
Refer to the exhibit.
Which statement is true?
A. IP traffic matching access list ABC is forwarded through VLANs 5-10.
B. IP traffic matching VLAN list 5-10 is forwarded, and all other traffic is dropped.
C. All VLAN traffic matching VLAN list 5-10 is forwarded, and all traffic matching access list ABC is dropped.
D. All VLAN traffic in VLANs 5-10 that match access list ABC is forwarded, and all other traffic is dropped.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 19
Which two statements about HSRP are true? (Choose two.)
A. Load sharing with HSRP is achieved by creating multiple subinterfaces on the HSRP routers.
B. Load sharing with HSRP is achieved by creating HSRP groups on the HSRP routers.
C. Routers configured for HSRP must belong only to one group per HSRP interface.
D. Routers configured for HSRP can belong to multiple groups and multiple VLANs.
E. All routers configured for HSRP load balancing must be configured with the same priority.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 20
Which statement about 802.1x port-based authentication is true?
A. Hosts are required to have an 802.1x authentication client or utilize PPPoE.
B. Before transmitting data, an 802.1x host must determine the authorization state of the switch.
C. RADIUS is the only supported authentication server type.
D. If a host initiates the authentication process and does not receive a response, it assumes it is not authorized.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The IEEE 802.1x standard defines a port-based access control and authentication protocol that restricts unauthorized workstations from connecting to a LAN through publicly accessible switch ports. The authentication server authenticates each workstation that is connected to a switch port before making available any services offered by the switch or the LAN. Until the workstation is authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the workstation is connected. After authentication succeeds, normal traffic can pass through the port.
Authentication server: Performs the actual authentication of the client. The authentication server validates the identity of the client and notifies the switch whether or not the client is authorized to access the LAN and switch services. Because the switch acts as the proxy, the authentication service is transparent to the client. The RADIUS security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server. New Questions
QUESTION 21
Refer to the exhibit.
A. IEEE 802.1w and IEEE 802.1s are compatible. IEEE 802.1d is incompatible. Switches S1 and S3 can pass traffic between themselves. Neither can pass traffic to switch S2.
B. Switches S1, S2, and S3 can pass traffic between themselves.
C. Switches S1, S2, and S3 can pass traffic between themselves. However, if the topology is changed, switch S2 does not receive notification of the change.
D. IEEE 802.1d, IEEE 802.1w, and IEEE 802.1s are incompatible. All three switches must use the same standard or no traffic can pass between any of the switches.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 22
Refer to the exhibit.
What can be concluded about VLANs 200 and 202?
A. VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 200 carries traffic between community ports and to promiscuous ports.
B. VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 200 carries traffic from isolated ports to a promiscuous port.
C. VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 202 carries traffic between community ports and to promiscuous ports.
D. VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 202 carries traffic from isolated ports to a promiscuous port.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 23
Refer to the exhibit.
Both routers are configured for the GLBP. Which statement is true?
A. The default gateway addresses of both hosts should be set to the IP addresses of both routers.
B. The default gateway address of each host should be set to the virtual IP address.
C. The hosts learn the proper default gateway IP address from router A.
D. The hosts have different default gateway IP addresses and different MAC addresses for each router.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: GLBP performs a similar, but not identical, function for the user as the HSRP and VRRP. Both HSRP and VRRP protocols allow multiple routers to participate in a virtual router group configured with a virtual IP address. One member is elected to be the active router to forward packets sent to the virtual IP address for the group. The other routers in the group are redundant until the active router fails. With standard HSRP and VRRP, these standby routers pass no traffic in normal operation – which is wasteful. Therefore the concept cam about for using multiple virtual router groups, which are configured for the same set of routers. But to share the load, the hosts must be configured for different default gateways, which results in an extra administrative burden of going around and configuring every host and creating 2 or more groups of hosts that each use a different default gateway. GLBP is similar in that it provides load balancing over multiple routers (gateways) – but it can do this using only ONE virtual IP address!!! Underneath that one virtual IP address is multiple virtual MAC addresses, and this is how the load is balanced between the routers. Instead of the hassle of configuring all the hosts with a static Default Gateway, you can lket them use ARP’s to find their own. Multiple gateways in a “GLBP redundancy group” respond to client Address Resolution Protocol (ARP) requests in a shared and ordered fashion, each with their own unique virtual MAC addresses. As such, workstation traffic is divided across all possible gateways. Each host is configured with the same virtual IP address, and all routers in the virtual router group participate in forwarding packets Reference: http://www.infocellar.com/networks/Routers/HSRP-GLBP-VRRP.htm
QUESTION 24
A switch has been configured with PVLANs. With what type of PVLAN port should the default gateway be configured?
A. isolated
B. promiscuous
C. community
D. primary
E. trunk
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Promiscuous: The switch port connects to a router, firewall, or other common gateway device. This port
can communicate with anything else connected to the primary or any secondary VLAN. In other words, the
port is in promiscuous mode, in which the rules of private VLANs are ignored.
QUESTION 25
In the MAC address 0000.0c07.ac03, what does the “03” represent?
A. HSRP router number 3
B. Type of encapsulation
C. HSRP group number
D. VRRP group number
E. GLBP group number
Correct Answer: C Section: (none) Explanation Explanation/Reference:
Explanation: Each router keeps a unique MAC address for its interface. This MAC address is always associated with the unique IP address configured on the interface. For the virtual router address, HSRP defines a special MAC address of the form 0000.0c07.acxx, where xx represents the HSRP group number as a two-digit hex value. For example, HSRP Group 1 appears as 0000.0c07.ac01, HSRP Group 16 appears as 0000.0c07.ac10.
QUESTION 26
A network is deployed using recommended practices of the enterprise campus network model, including users with desktop computers connected via IP phones. Given that all components are QoS-capable, where are the two optimal locations for trust boundaries to be configured by the network administrator? (Choose two.)
A. host
B. IP phone
C. access layer switch
D. distribution layer switch
E. core layer switch
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 27
What is needed to verify that a newly implemented security solution is performing as expected?
A. a detailed physical and logical topology
B. a cost analysis of the implemented solution
C. detailed logs from the AAA and SNMP servers
D. results from audit testing of the implemented solution
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 28
When configuring port security on a Cisco Catalyst switch port, what is the default action taken by the switch if a violation occurs?
A. protect (drop packets with unknown source addresses)
B. restrict (increment SecurityViolation counter)
C. shut down (access or trunk port)
D. transition (the access port to a trunking port)
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 29
hostname Switch1 interface Vlan10 ip address 172.16.10.32 255.255.255.0 no ip redirects standby 1 ip 172.16.10.110
standby 1 timers 1 5 standby 1 priority 130 hostname Switch2 interface Vlan10
ip address 172.16.10.33 255.255.255.0 .
no ip redirects standby 1 ip 172.16.10.110 standby 1 timers 1 5 standby 1 priority 120 Refer to the above. HSRP was implemented and configured on two switches while scheduled network
maintenance was performed.
After the two switches have finished rebooting, you notice via show commands that Switch2 is the HSRP
active router. Which two items are the most likely cause of Switch1 not becoming the active router?
(Choose two.)
A. Booting has been delayed.
B. The standby group number does not match the VLAN number.
C. IP addressing is incorrect.
D. Preemption is disabled.
E. Standby timers are incorrect.
F. IP redirect is disabled.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 30
Private VLANs can be configured as which three port types? (Choose three.)
A. isolated
B. protected
C. private
D. associated
E. promiscuous
F. community
Correct Answer: AEF Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 31
Refer to the exhibit.
Which statement about the private VLAN configuration is true?
A. Only VLAN 503 will be the community PVLAN, because multiple community PVLANs are not allowed.
B. Users of VLANs 501 and 503 will be able to communicate.
C. VLAN 502 is a secondary VLAN.
D. VLAN 502 will be a standalone VLAN, because it is not associated with any other VLANs.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 32
When configuring a routed port on a Cisco multilayer switch, which configuration task is needed to enable that port to function as a routed port?
A. Enable the switch to participate in routing updates from external devices with the router command in global configuration mode.
B. Enter the no switchport command to disable Layer 2 functionality at the interface level.
C. Each port participating in routing of Layer 3 packets must have an IP routing protocol assigned on a per-interface level.
D. Routing is enabled by default on a multilayer switch, so the port can become a Layer 3 routing interface by assigning the appropriate IP address and subnet information.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 33
You have configured a Cisco Catalyst switch to perform Layer 3 routing via an SVI and you have assigned that interface to VLAN 20. To check the status of the SVI, you issue the show interfaces vlan 20 command at the CLI prompt. You see from the output display that the interface is in an up/up state. What must be true in an SVI configuration to bring the VLAN and line protocol up?
A. The port must be physically connected to another Layer 3 device.
B. At least one port in VLAN 20 must be active.
C. The Layer 3 routing protocol must be operational and receiving routing updates from neighboring peer devices.
D. Because this is a virtual interface, the operational status is always in an “up/up” state.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 34
Refer to the exhibit, which is from a Cisco Catalyst 3560 Series Switch.
Which statement about the Layer 3 routing functionality of the interface is true?
A. The interface is configured correctly for Layer 3 routing capabilities.
B. The interface needs an additional configuration entry to enable IP routing protocols.
C. Since the interface is connected to a host device, the spanning-tree portfast command must be added to the interface.
D. An SVI interface is needed to enable IP routing for network 192.20.135.0.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 35
What is the result of entering the command port-channel load-balance src-dst-ip on an EtherChannel link?
A. Packets are distributed across the ports in the channel based on the source and destination MAC addresses.
B. Packets are distributed across the ports in the channel based on the source and destination IP addresses.
C. Packets are balanced across the ports in the channel based first on the source MAC address, then on the destination MAC address, then on the IP address.
D. Packets are distributed across the access ports in the channel based first on the source IP address and then on the destination IP addresses.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 36
Which Cisco IOS command globally enables port-based authentication on a switch?
A. aaa port-auth enable
B. radius port-control enable
C. dot1x system-auth-control
D. switchport aaa-control enable
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 37
Which two steps are necessary to configure inter-VLAN routing between multilayer switches? (Choose two.)
A. Configure a dynamic routing protocol.
B. Configure SVI interfaces with IP addresses and subnet masks.
C. Configure access ports with network addresses.
D. Configure switch ports with the autostate exclude command.
E. Document the MAC addresses of the switch ports.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 38
Which statement correctly describes enabling BPDU guard on an access port that is also enabled for PortFast?
A. Upon startup, the port transmits 10 BPDUs. If the port receives a BPDU, PortFast and BPDU guard are disabled on that port and it assumes normal STP operation.
B. The access port ignores any received BPDU.
C. If the port receives a BPDU, it is placed into the error-disable state.
D. BPDU guard is configured only globally and the BPDU filter is required for port-level configuration.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 39
Which statement about the Port Aggregation Protocol is true?
A. Configuration changes made on the port-channel interface apply to all physical ports assigned to the port-channel interface.
B. Configuration changes made on a physical port that is a member of a port-channel interface apply to the port-channel interface.
C. Configuration changes are not permitted with Port Aggregation Protocol. Instead, the standardized Link Aggregation Control Protocol should be used if configuration changes are required.
D. The physical port must first be disassociated from the port-channel interface before any configuration changes can be made.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 40
In which three HSRP states do routers send hello messages? (Choose three.)
A. standby
B. learn
C. listen
D. speak
E. active
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 41
Which statement about 802.1Q trunking is true?
A. Both switches must be in the same VTP domain.
B. The encapsulation type on both ends of the trunk does not have to match.
C. The native VLAN on both ends of the trunk must be VLAN 1.
D. In 802.1Q trunking, all VLAN packets are tagged on the trunk link, except the native VLAN.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 42
Refer to the exhibit.
Which three statements are true? (Choose three.)
A. A trunk link will be formed.
B. Only VLANs 1-1001 will travel across the trunk link.
C. The native VLAN for switch B is VLAN 1.
D. DTP is not running on switch A.
E. DTP packets are sent from switch B.
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
Explanation:
You can manually configure trunk links on Catalyst switches for either ISL or 802.1Q mode. In addition,
Cisco has implemented a proprietary, point-to-point protocol called Dynamic Trunking Protocol (DTP) that
negotiates a common trunking mode between two switches. The negotiation covers the encapsulation (ISL
or 802.1Q) as well as whether the link becomes a trunk at all. You can configure the trunk encapsulation
with the switchport trunk encapsulation command, as one of the following:
· isl–VLANs are tagged by encapsulating each frame using the Cisco ISL protocol. · dot1q–VLANs are
tagged in each frame using the IEEE 802.1Q standard protocol. The only exception is the native VLAN,
which is sent normally and not tagged at all. · negotiate (the default)–The encapsulation is negotiated to
select either ISL or IEEE 802.1Q, whichever is supported by both ends of the trunk. If both ends support
both types, ISL is favored. (The Catalyst 2950 switch does not support ISL encapsulation.) In the
switchport mode command, you can set the trunking mode to any of the following:
· trunk–This setting places the port in permanent trunking mode. The corresponding switch port at the
other end of the trunk should be similarly configured because negotiation is not allowed. You should also
manually configure the encapsulation mode. · dynamic desirable (the default)–The port actively attempts to
convert the link into trunking mode. If the far-end switch port is configured to trunk, dynamic desirable, or
dynamic auto mode, trunking is successfully negotiated.
· dynamic auto–The port converts the link into trunking mode. If the far-end switch port is configured to
trunk or dynamic desirable, trunking is negotiated. Because of the passive negotiation behavior, the link
never becomes a trunk if both ends of the link are left to the dynamic auto default.
QUESTION 43
Refer to the exhibit.
Host A and Host B are connected to the Cisco Catalyst 3550 switch and have been assigned to their respective VLANs. The rest of the 3550 configuration is the default configuration. Host A is able to ping its default gateway, 10.10.10.1, but is unable to ping Host B. Given the output in the exhibit, which statement is true?
A. HSRP must be configured on SW1.
B. A separate router is needed to support inter-VLAN routing.
C. Interface VLAN 10 must be configured on the SW1 switch.
D. The global configuration command ip routing must be configured on the SW1 switch.
E. VLANs 10 and 15 must be created in the VLAN database mode.
F. VTP must be configured to support inter-VLAN routing.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: To transport packets between VLANs, you must use a Layer 3 device. Traditionally, this has been a router’s function. The router must have a physical or logical connection to each VLAN so that it can forward packets between them. This is known as interVLAN routing. Multilayer switches can perform both Layer 2 switching and interVLAN routing, as appropriate. Layer 2 switching occurs between interfaces that are assigned to Layer 2 VLANs or Layer 2 trunks. Layer 3 switching can occur between any type of interface, as long as the interface can have a Layer 3 address assigned to it. Switch(config)#ip routing command enables the routing on Layer 3 Swtich
QUESTION 44
Refer to the exhibit.
What happens when one more user is connected to interface FastEthernet 5/1?
A. All secure addresses age out and are removed from the secure address list. The security violation counter increments.
B. The first address learned on the port is removed from the secure address list and is replaced with the new address.
C. The interface is placed into the error-disabled state immediately, and an SNMP trap notification is sent.
D. The packets with the new source addresses are dropped until a sufficient number of secure MAC addresses are removed from the secure address list.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a specific set or number of MAC addresses. Those addresses can be learned dynamically or configured statically. The port will then provide access to frames from only those addresses. If, however, the number of addresses is limited to four but no specific MAC addresses are configured, the port will allow any four MAC addresses to be learned dynamically, and port access will be limited to those four dynamically learned addresses. Port Security Implementation: When Switch port security rules violate different action can be applied:
1.
Protect: Frames from the nonallowed address are dropped, but there is no log of the violation.
2.
Restrict: Frames from the nonallowed address are dropped, a log message is created, and a Simple Network Management Protocol (SNMP) trap is sent.
3.
Shutdown: If any frames are seen from a nonallowed address, the interface is errdisabled, a log entry is made, an SNMP trap is sent, and manual intervention or errdisable recovery must be used to make the interface usable.
QUESTION 45
Refer to the exhibit.
What happens to traffic within VLAN 14 with a source address of 172.16.10.5?
A. The traffic is forwarded to the TCAM for further processing.
B. The traffic is forwarded to the router processor for further processing.
C. The traffic is dropped.
D. The traffic is forwarded without further processing.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: VLAN maps, also known as VLAN ACLs or VACLs, can filter all traffic traversing a switch. VLAN maps can be configured on the switch to filter all packets that are routed into or out of a VLAN, or are bridged within a VLAN. VLAN maps are used strictly for security packet filtering. Unlike router ACLs, VLAN maps are not defined by direction (input or output).
To create a VLAN map and apply it to one or more VLANs, perform these steps: · Create the standard or extended IP ACLs or named MAC extended ACLs to be applied to the VLAN. This access-list will select the traffic that will be either forwarded or dropped by the access- map. Only traffic matching the `permit’ condition in an access-list will be passed to the access-map for further processing. · Enter the vlan access-map access-map-name [sequence] global configuration command to create a VLAN ACL map entry. Each access-map can have multiple entries. The order of these entries is determined by the sequence. If no sequence number is entered, access-map entries are added with sequence numbers in increments of 10. · In access map configuration mode, optionally enter an action forward or action drop. The default is to forward traffic. Also enter the match command to specify an IP packet or a non-IP packet (with only a known MAC address), and to match the packet against one or more ACLs (standard or extended). · Use the vlan filter access-map-name vlan-list vlan-list global configuration command to apply a VLAN map to one or more VLANs. A single access-map can be used on multiple VLANs.
QUESTION 46
Which protocol allows for the automatic selection and simultaneous use of multiple available gateways as well as automatic failover between those gateways?
A. IRDP
B. HSRP
C. GLBP D. VRRP
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: To provide a virtual router, multiple switches (routers) are assigned to a common GLBP group. Rather than having just one active router performing forwarding for the virtual router address, all routers in the group can participate and offer load balancing by forwarding a portion of the overall traffic. The advantage is that none of the clients have to be pointed toward a specific gateway address–they can all have the same default gateway set to the virtual router IP address. The load balancing is provided completely through the use of virtual router MAC addresses in ARP replies returned to the clients. As a client sends an ARP request looking for the virtual router address, GLBP sends back an ARP reply with the virtual MAC address of a selected router in the group. The result is that all clients use the same gateway address but have differing MAC addresses for it.
QUESTION 47
When you create a network implementation for a VLAN solution, what is one procedure that you should include in your plan?
A. Perform an incremental implementation of components.
B. Implement the entire solution and then test end-to-end to make sure that it is performing as designed.
C. Implement trunking of all VLANs to ensure that traffic is crossing the network as needed before performing any pruning of VLANs.
D. Test the solution on the production network in off hours.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 48
You have just created a new VLAN on your network. What is one step that you should include in your VLAN-based implementation and verification plan?
A. Verify that different native VLANs exist between two switches for security purposes.
B. Verify that the VLAN was added on all switches with the use of the show vlan command.
C. Verify that the switch is configured to allow for trunking on the switch ports.
D. Verify that each switch port has the correct IP address space assigned to it for the new VLAN.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 49
Which two statements describe a routed switch port on a multilayer switch? (Choose two.)
A. Layer 2 switching and Layer 3 routing are mutually supported.
B. The port is not associated with any VLAN.
C. The routed switch port supports VLAN subinterfaces.
D. The routed switch port is used when a switch has only one port per VLAN or subnet.
E. The routed switch port ensures that STP remains in the forwarding state.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 50
Which two statements correctly describe VTP? (Choose two.)
A. Transparent mode always has a configuration revision number of 0.
B. Transparent mode cannot modify a VLAN database.
C. Client mode cannot forward received VTP advertisements.
D. Client mode synchronizes its VLAN database from VTP advertisements.
E. Server mode can synchronize across VTP domains.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 51
Which two DTP modes permit trunking between directly connected switches? (Choose two.)
A. dynamic desirable (VTP domain A) to dynamic desirable (VTP domain A)
B. dynamic desirable (VTP domain A) to dynamic desirable (VTP domain B)
C. dynamic auto (VTP domain A) to dynamic auto (VTP domain A)
D. dynamic auto (VTP domain A) to dynamic auto (VTP domain B)
E. dynamic auto (VTP domain A) to nonegotiate (VTP domain A)
F. nonegotiate (VTP domain A) to nonegotiate (VTP domain B)
Correct Answer: AF Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 52
Which two RSTP port roles include the port as part of the active topology? (Choose two.)
A. root
B. designated
C. alternate
D. backup
E. forwarding
F. learning
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 53
Which two statements correctly describe characteristics of the PortFast feature? (Choose two.)
A. STP is disabled on the port.
B. PortFast can also be configured on trunk ports.
C. PortFast is needed to enable port-based BPDU guard.
D. PortFast is used for STP and RSTP host ports.
E. PortFast is used for STP-only host ports.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 54
Which statement correctly describes the Cisco implementation of RSTP?
A. PortFast, UplinkFast, and BackboneFast specific configurations are ignored in Rapid PVST mode.
B. RSTP is enabled globally and uses existing STP configuration.
C. Root and alternative ports transition immediately to the forwarding state.
D. Convergence is improved by using subsecond timers for the blocking, listening, learning, and forwarding port states.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 55
What is the effect of applying the switchport trunk encapsulation dot1q command to a port on a Cisco Catalyst switch?
A. By default, native VLAN packets going out this port are tagged.
B. Without an encapsulation command, 802.1Q is the default encapsulation if DTP fails to negotiate a trunking protocol.
C. The interface supports the reception of tagged and untagged traffic.
D. If the device connected to this port is not 802.1Q-enabled, it is unable to handle 802.1Q packets.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 56
You are the administrator of a switch and currently all host-connected ports are configured with the portfast command. You have received a new directive from your manager that states that, in the future, any host-connected port that receives a BPDU should automatically disable PortFast and begin transmitting BPDUs. Which command will support this new requirement?
A. Switch(config)#spanning-tree portfast bpduguard default
B. Switch(config-if)#spanning-tree bpduguard enable
C. Switch(config-if)#spanning-tree bpdufilter enable
D. Switch(config)#spanning-tree portfast bpdufilter default
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 57
A port in a redundant topology is currently in the blocking state and is not receiving BPDUs. To ensure that this port does not erroneously transition to the forwarding state, which command should be configured?
A. Switch(config)#spanning-tree loopguard default
B. Switch(config-if)#spanning-tree bdpufilter
C. Switch(config)#udld aggressive
D. Switch(config-if)#spanning-tree bpduguard
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 58
Which command can be issued without interfering with the operation of loop guard?
A. Switch(config-if)#spanning-tree guard root
B. Switch(config-if)#spanning-tree portfast
C. Switch(config-if)#switchport mode trunk
D. Switch(config-if)#switchport mode access
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Exam C QUESTION 1
DRAG DROP
This is a drag and drop question which is about the correct sequence of steps that a wireless client takes during the process of association with an access point (AP). Drag the items to the proper locations.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 2
DRAG DROP
You work as a network administrator at Company.com. Your boss is asking you about lightweight access points WLAN controller associations. What is the proper sequence a lightweight access point associates with a WLAN controller?
A.
B.
C.
D.
Correct Answer: Section: (none)
Explanation
Explanation:
Note:
The lightweight AP searches for the WLAN Controller via an LWAPP Discovery Request in layer 2 mode
not CDP.
The lightweight AP chooses the AP Manager with the LEAST (not Most) number of associated access
points…
QUESTION 3
DRAG DROP
Match the HSRP states on the left with the correct definition on the right.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
HSRP defines six states in which an HSRP-enabled router can exist:
QUESTION 4
DRAG DROP Drop
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
1) Trunk: Set the switch port to trunk mode and negotiate to become a trunk. 2) Nonegotiate: Specify that the DTP packets are not sent out of this interface. 3) Access: Set a switch port to permanent nontrunking mode.4) Dynamic Auto: Set the switch port to respond, but not actively send DTP frames. 5) Dynamic Desirable: Make the interface actively attempt to convert the link to a trunk link. (This means the interface is ready to autonegotiate trunking encapsulation and form a trunk link (using DTP) with a neighbor port in desirable, auto, or on mode.)
Dynamic Trunking Protocol (DTP) is the Cisco-proprietary that actively attempts to negotiate a trunk link between two switches. Below is the switchport modes (or DTP modes) for easy reference: Mode Function Dynamic Auto Creates the trunk based on the DTP request from the neighboring switch. Dynamic Desirable Communicates to the neighboring switch via DTP that the interface would like to become a trunk if the neighboring switch interface is able to become a trunk. Trunk Automatically enables trunking regardless of the state of the neighboring switch and regardless of any DTP requests sent from the neighboring switch. Access Trunking is not allowed on this port regardless of the state of the neighboring switch interface and regardless of any DTP requests sent from the neighboring switch. Nonegotiate Prevents the interface from generating DTP frames. This command can be used only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link.
QUESTION 5
DRAG DROP Drop
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 6
DRAG DROP
Place the syslog message types in the left to the corresponding area on the right, based on priority from highest to lowest.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 7
DRAG DROP Place the associated SNMP features and functions on the left with the corresponding SNMP version levels on the right.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 8
DRAG DROP
Place the local and end to end VLAN functions on the left into the associated boxes on the right.
A.
B.
C.
D.
Correct Answer: Section: (none)
Explanation
Explanation:
QUESTION 9
DRAG DROP
Place the local and distributed VLAN functions on the left into the associated boxes on the right.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 10
DRAG DROP
Place the local and end to end VLAN functions on the left into the associated boxes on the right.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 11
DRAG DROP
Choose the associated VTP VLAN design options on the left into the corresponding fields on the right. Not all option choices will be used.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 12
DRAG DROP
Place the associated traffic types on the left into the correct order, based on priority (highest to lowest priority COS value)
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 13
DRAG DROP
Place the associated redundancy options and features on the left into the correct topics (network, system, and management levels).
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 14
DRAG DROP
Drag the steps on the left that should be part of a VLAN-based verification plan to the spaces on the right. Not all choices will be used.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 15
DRAG DROP
Categorize the high availability network resource or feature with the management level on the right. All choices should be used.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
NETWORK LEVEL RSTP, NSF SYSTEM LEVEL Dual power supply, SSO MANAGEMENT LEVEL NTP , IP SLA
QUESTION 16
DRAG DROP
You have been tasked with planning a Vlan solution that will connect a server in one building to several hosts in another building. The solution should be built using the local Vlan model and layer 3 switching at the distribution layer. Identify the questions related to this Vlan solution that would ask the network administrator before you start the planning by dragging them into the target zone on the right. Not all questions will be used.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
1.
Is there inter-switch connectivity?
2.
What version of VTP is being used?
3.
What VLANs are available on each switch?
4.
What switch ports are available in each building?
5.
What IP addresses are available on each subnet?
QUESTION 17
DRAG DROP
Match the Attributes on the left with the types of VLAN designs on the right.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation: Local VLANs
End-to-End VLANs
QUESTION 18
DRAG DROP A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation: Verify that there is inter-switch connectivity Verify that creation of the virtual interface Verify that the proper ports are assigned to the VLAN Verify that VTP is pruning the proper access ports
QUESTION 19
DRAG DROP A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation: Reference to design documents Rollback Guidelines Detailed implementation plan Time required to perform the implementation
QUESTION 20
DRAG DROP
You have been tasked with planning a VLAN rolution that with connect a server in one building to several hosts in another building. The solution should be built using the local VLAN model and Layer 3 switching at distribution layer. Drat the questions that you would ask the network administrator before you start the planning from the left to the right. Not all questions will be used.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation: Is there interswitch connectivity What version of VTP is being used What VLANs are available on each switch What switch ports are available in each building
QUESTION 21
CORRECT TEXT Refer to the Exhibit.
The information of the question
You will configure FastEthernet ports 0/12 through 0/24 for users who belong to VLAN 20. Also, all VLAN and VTP configurations are to be completed in global configuration mode as VLAN database mode is being deprecated by Cisco. You are required to accomplish the following tasks:
1.
Ensure the switch does not participate in VTP but forwards VTP advertisements received on trunk ports.
2.
Ensure all non-trunking interfaces (Fa0/1 to Fa0/24) transition immediately to the forwarding state of Spanning-Tree.
3.
Ensure all FastEthernet interfaces are in a permanent non-trunking mode.
4.
Place FastEthernet interfaces 0/12 through 0/24 in VLAN 20
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: switch#conf t switch(config)#vtp mode transparent switch(config)#interface range fa0/1 – 24 switch(config-if-range)#switchport mode access switch(config-if-range)#spanning-tree portfast switch(config)#interface range fa0/12 – 24 switch(config-if-range)#switchport access vlan 20 switch(config-if-range)#end switch# copy run start VTP: The role of the VLAN Trunking Protocol (VTP) is to maintain VLAN configuration consistency across the entire network. VTP is a messaging protocol that uses Layer 2 trunk frames to manage the addition, deletion, and renaming of VLANs on a network-wide basis from a centralized switch that is in the VTP server mode. VTP is responsible for synchronizing VLAN information within a VTP domain. This reduces the need to configure the same VLAN information on each switch. VTP minimizes the possible configuration inconsistencies that arise when changes are made. These inconsistencies can result in security violations, because VLANs can crossconnect when duplicate names are used. They also could become internally disconnected when they are mapped from one LAN type to another, for example, Ethernet to ATM LANE ELANs or FDDI 802.10 VLANs. VTP provides a mapping scheme that enables seamless trunking within a network employing mixed-media technologies. VTP provides the following benefits: VLAN configuration consistency across the network Mapping scheme that allows a VLAN to be trunked over mixed media Accurate tracking and monitoring of VLANs Dynamic reporting of added VLANs across the network Plug-and-play configuration when adding new VLANs There are three different VTP modes:
1.
Server:
By default, a Catalyst switch is in the VTP server mode and in the “no management domain” state until the
switch receives an advertisement for a domain over a trunk link or a VLAN management domain is
configured. A switch that has been put in VTP server mode and had a domain name specified can create,
modify, and delete VLANs. VTP servers can also specify other configuration parameters such as VTP
version and VTP pruning for the entire VTP domain. VTP information is stored in NVRAM.
VTP servers advertise their VLAN configuration to other switches in the same VTP domain, and
synchronize the VLAN configuration with other switches based on advertisements received over trunk
links. When a change is made to the VLAN configuration on a VTP server, the change is propagated to all
switches in the VTP domain. VTP advertisements are transmitted out all trunk connections, including ISL,
IEEE 802.1Q, IEEE 802.10, and ATM LANE trunks.
2.
Client:
The VTP client maintains a full list of all VLANs within the VTP domain, but it does not store the information
in NVRAM. VTP clients behave the same way as VTP servers, but it is not possible to create, change, or
delete VLANs on a VTP client. Any changes made must be received from a VTP server advertisement.
3.
Transparent
VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN
configuration, and does not synchronize its VLAN configuration based on received advertisements.
However, in VTP Version 2, transparent switches do forward VTP advertisements that the switches receive
out their trunk ports. VLANs can be configured on a switch in the VTP transparent mode, but the
information is local to the switch (VLAN information is not propagated to other switches) and is stored in
NVRAM.
To change the VTP mode:
Switch(Config)# vtp mode <Mode>
Or
Switch#vlan database
Switch#vtp <mode>
PortFast
A prime reason for enabling PortFast is in cases where a PC boots in a period less than the 30 seconds it
takes a switch to put a port into forwarding mode from disconnected state. Some NICs do not enable a link until the MAC layer software driver is actually loaded. Most operating systems try to use the network almost immediately after loading the driver, as in the case of DHCP. This can create a problem because the 30 seconds of STP delay from listening to Forwarding states begins right when the IOS begins trying to access the network. In the case of DHCP, the PC will not obtain a valid IP address from the DHCP server. This problem is common with PC Card (PCMCIA) NICs used in laptop computers. Additionally, there is a race between operating systems and CPU manufacturers. CPU manufacturers keep making the chips faster, while at the same time, operating systems keep slowing down, but the chips are speeding up at a greater rate than the operating systems are slowing down. As a result, PCs are booting faster than ever. In fact, modern machines are often finished booting and need to use the network before the STP 30- second delay is over. Use the spanning-tree portfast global configuration command to globally enable the PortFast feature on all non-trunking ports.
QUESTION 22
CORRECT TEXT
Case 1
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Here are the steps. Explanation:
QUESTION 23
HOTSPOT
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 24
CORRECT TEXT AAAdot1x Lab Acme is a small shipping company that has an existing enterprise network comprised of 2 switches;DSW1
and ASW2. The topology diagram indicates their layer 2 mapping. VLAN 40 is a new VLAN that will be used to
provide the shipping personnel access to the server. For security reasons, it is necessary to restrict access to VLAN 20 in the following manner:
-Users connecting to ASW1’s port must be authenticate before they are given access to the network. -Authentication is to be done via a Radius server:
–
Radius server host: 172.120.39.46
–
Radius key: rad123
-Authentication should be implemented as close to the host device possible.
-Devices on VLAN 20 are restricted to in the address range of 172.120.40.0/24.
–
Packets from devices in the address range of 172.120.40.0/24 should be passed on VLAN 20.
–
Packets from devices in any other address range should be dropped on VLAN 20.
-Filtering should be implemented as close to the server farm as possible.
The Radius server and application servers will be installed at a future date. You have been tasked with implementing the above access control as a pre-condition to installing the servers. You must use the available
IOS switch features.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: The configuration: Step1: Console to ASW1 from PC console 1 ASW1(config)#aaa new-model ASW1(config)#radius-server host 172.120.39.46 key rad123 ASW1(config)#aaa authentication dot1x default group radius ASW1(config)#dot1x system-auth-control ASW1(config)#inter fastEthernet 0/1 ASW1(config-if)#switchport mode access ASW1(config-if)#dot1x port-control auto ASW1(config-if)#exit ASW1#copy run start Step2: Console to DSW1 from PC console 2 DSW1(config)#ip access-list standard 10 DSW1(config-ext-nacl)#permit 172.120.40.0 0.0.0.255 DSW1(config-ext-nacl)#exit DSW1(config)#vlan access-map PASS 10 DSW1(config-access-map)#match ip address 10 DSW1(config-access-map)#action forward DSW1(config-access-map)#exit DSW1(config)#vlan access-map PASS 20 DSW1(config-access-map)#action drop DSW1(config-access-map)#exit DSW1(config)#vlan filter PASS vlan-list 20 DSW1#copy run start
QUESTION 25
CORRECT TEXT
Acme is small export company that has an existing enterprise network comprised of 5 switches;
CORE,DSW1,
DSW2,ASW1 and ASW2. The topology diagram indicates their desired pre-VLAN spanning tree mapping.
Previous configuration attempts have resulted in the following issues:
-CORE should be the root bridge for VLAN 20; however, DSW1 is currently the root bridge for VLAN 20.
–
Traffic for VLAN 30 should be forwarding over the gig 1/0/6 trunk port between DSW1 and DSW2. However VLAN 30 is currently using gig 1/0/5.
–
Traffic for VLAN 40 should be forwarding over the gig 1/0/5 trunk port between DSW1 and DSW2.
However VLAN 40 is currently using gig 1/0/6.
You have been tasked with isolating the cause the these issuer and implementing the appropriate solutions. You task is complicated by the fact that you only have full access to DSW1, with isolating the cause of these issues and implementing the appropriate solutions, Your task is complicated by the fact that you only have full access to DSW1, with the enable secret password cisco. Only limited show command access is provided on CORE, and DSW2 using the enable 2 level with a password of acme. No configuration changes will be possible on these routers. No access is provided to ASW1 or ASW2.
hostname DSW1 ! enable secret 5 $1$wN16$j5RnayatKfxaKxhX30TVo0 ! no aaa new-model switch 1 provision ws-c3750g-24t ip subnet-zero ! ! ! ! ! ! no file verify auto ! spanning-tree mode pvst spanning-tree extend systen-id spanning-tree “vlan 20 priority 28672 spanning-tree vlan 30 priority 24576 ! vlan internal allocation policy ascending ! ! interface GigabitEthernet1/0/1 description trunk line to ASW1 switchport trunk encapsulation dotlq switchport mode trunk
switchport nonegotiate speed 100 duplex full ! interface GigabitEthernet1/0/2 shutdown ! interface GigabitEthernet1/0/3 shutdown ! interface GigabitEthernet1/0/4 shutdown ! interface GigabitEthernet1/0/5 description trunk line to DSW 2 switchport trunk encapsulation dotlq switcbport mode trunk switchport nonegotiate speed 100 duplex full ! interface GigabitEthernet1/0/6 description trunk line to DSW 2 switchport trunk encapsulation dotlq switchport mode trunk switchport nonegotiate
speed 100 duplex full ! interface GigabitEthemet1/0/7 shutdown ! interface GigabitEthemet1/0/8 shutdown ! Interface GigabitEthernetl/0/9 description trunk line to CORE switchport trunk encapsulation dotlq switchport mode trunk ! end DSW1# Show sp DSW1# Show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0016. 4658. f300 Cost 19 Port 9 (GigabitEthernet/0/9) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0016. 46fa. 9b00
Hello Time 2 sec Max Age 20 sec Forward Delay I5 sec Aging Time 300 Interface Role Sts Cost Prio..Nbr Type
Gil/0/1 Desg FWD 19 128.1 P2p Gil/0/5 Altn BLK 19 128.5 P2p Gil/0/6 Altn BLK 19 128.6 P2p Gil/0/9 Root FWD 19 128.9 P2p VLAN0020 Spanning three enabled protocol ieee Root ID Priority 28692 Address 0016. 46fa. 9b00 This bridge is the root Bridge ID Priority 28692 (priority 28672 sys-id-ext 20) Address 0016. 46fa. 9b00 Hello Time 2 sec Max Age 20 sec Forward Delay I5 sec Aging Time 300 Interface Role Sts Cost Prio..Nbr Type
Gil/0/5 Altn BLK 19 128.5 P2p Gil/0/6 Altn BLK 19 128.6 P2p Gil/0/9 Root FWD 19 128.9 P2p
VLAN0020 Spanning three enabled protocol ieee Root ID Priority 28692 Address 0016. 46fa. 9b00 This bridge is the root Bridge ID Priority 28692 (priority 28672 sys-id-ext 20) Address 0016. 46fa. 9b00 Hello Time 2 sec Max Age 20 sec Forward Delay I5 sec Aging Time 300 Interface Role Sts Cost Prio..Nbr Type
Gil/0/1 Desg FWD 19 128.1 P2p Gil/0/5 Desg BLK 19 128.5 P2p Gil/0/6 Desg BLK 19 128.6 P2p Gil/0/9 Desg FWD 19 128.9 P2p VLAN0030 Spanning three enabled protocol ieee Root ID Priority 24606 This bridge is the root Bridge ID Priority 28692 (priority 28672 sys-id-ext 20) Address 0016. 46fa. 9b00 Hello Time 2 sec Max Age 20 sec Forward Delay I5 sec Aging Time 300
Interface Role Sts Cost Prio..Nbr Type
Gil/0/1 Desg FWD 19 128.1 P2p Gil/0/5 Desg BLK 19 128.5 P2p Gil/0/6 Desg BLK 19 128.6 P2p Gil/0/9 Desg FWD 19 128.9 P2p VLAN0040 Spanning three enabled protocol ieee Root ID Priority 24616 Address 0016. 46fa. 6a00 Cost 19
Port 9 (GigabitEthernet/0/9)
Hello Time 2 sec Max Age 20 sec Forward Delay I5 sec
Bridge ID Priority 32808 (priority 32768 sys-id-ext 40)
Address 0016. 46fa. 9b00
Hello Time 2 sec Max Age 20 sec Forward Delay I5 sec
Aging Time 300
Interface Role Sts Cost Prio..Nbr Type
Gil/0/1 Desg FWD 19 128.1 P2p
Gil/0/5 Altn BLK 19 128.5 P2p
Gil/0/6 Root FWD 19 128.6 P2p
Gil/0/9 Altn BLK 19 128.9 P2p
DSW1#
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: DSW1#conf t DSW1(config)#spanning-tree vlan 20 priority 61440 DSW1(config)#int g1/0/5 DSW1(config-if)#spanning-tree vlan 40 cost 1 DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#int g1/0/6 DSW1(config-if)#spanning-tree vlan 30 port-priority 64 DSW1(config-if)#no shut DSW1(config-if)#end DSW1#copy run start Verification: DSW1# show spanning-tree vlan 20 DSW1# show spanning-tree vlan 40 DSW2# show spanning-tree vlan 30
QUESTION 26
CORRECT TEXT
Configure the Multilayer Switch so that PCs from VLAN 2 and VLAN 3 can communicate with the Server.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: mls>enable mls# configure terminal mls(config)# int gi0/1 mls(config-if)#no switchport -> not sure about this command line, but you should use this command if the simulator does not let you assign IP address on Gi0/1 interface. mls(config-if)# ip address 10.10.10.2 255.255.255.0 mls(config-if)# no shutdown mls(config-if)# exit mls(config)# int vlan 2 mls(config-if)# ip address 190.200.250.33 255.255.255.224 mls(config-if)# no shutdown mls(config-if)# int vlan 3 mls(config-if)# ip address 190.200.250.65 255.255.255.224 mls(config-if)# no shutdown mls(config-if)#exit mls(config)#interface gig 0/10 mls(config)#switchport mode access mls(config)#switchport access vlan 2 mls(config)#no shutdown mls(config)#exit mls(config)#interface gig 0/11 mls(config)#switchport mode access mls(config)#switchport access vlan 3 mls(config)#no shutdown mls(config)# ip routing (Notice: MLS will not work without this command) mls(config)# router eigrp 650 mls(config-router)# network 10.10.10.0 0.0.0.255 mls(config-router)# network 190.200.250.32 0.0.0.31 mls(config-router)# network 190.200.250.64 0.0.0.31 NOTE : THE ROUTER IS CORRECTLY CONFIGURED, so you will not miss within it in the exam , also don’t modify/delete any port just do the above configuration. in order to complete the lab , you should expect the ping to SERVER to succeed from the MLS , and from the PCs as well. If the above configuration does not work, you should configure EIGRP with “no auto-summary” command: no auto-summary
QUESTION 27
CORRECT TEXT
Each of these vlans has one host each on its ports SVI on vlan 1 – ip 192.168.1.11 Switch B -Ports 3, 4 connected to ports 3 and 4 on Switch A Port 15 connected to Port on Router.
Tasks to do:
1.
Use non proprietary mode of aggregation with Switch B being the initiator
— Use LACP with B being in Active mode
2.
Use non proprietary trunking and no negotiation
— Use switchport mode trunk and switchport trunk encapsulation dot1q
3.
Restrict only to the VLANs needed
— Use either VTP pruning or allowed VLAN list. The preferred method is using allowed VLAN list
4.
SVI on VLAN 1 with some ip and subnet given
5.
Configure switch A so that nodes other side of Router C are accessible — on switch A the default gateway has to be configured.
6.
Make switch B the root
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: on Switch A verify with show run if you need to create vlans 21-23 int range fa0/9 – 10 switchport mode access switchport access vlan 21 spanning-tree portfast no shut int range fa0/13 – 14 switchport mode access switchport access vlan 22 spanning-tree portfast no shut int range fa0/16 – 16 switchport mode access switchport access vlan 23 spanning-tree portfast no shut int range fa0/3 – 4 channel-protocol lacp channel group 1 mode passive no shut int port-channel 1 switchport mode trunk switchport trunk encapsulation dot1q spanning-tree allowed vlans 1,21-23 no shut int vlan 1 ip address 192.168.1.11 255.255.255.0 no shut SW B conf t interface range fastethernet 0/9-10 switchport mode access switchport accress vlan 21 spanning-tree portfast no shut interface rang fastethernet 0/13-14 switchport mode access switchport accress vlan 22 spanning-tree portfast no shut interface rang fastethernet 0/15-16 switchport mode access switchport accress vlan 23 spanning-tree portfast no shut interface range fastethernet 0/3-4 switchport trunk encapsulation dot1q switchport trunk native vlan 99 switchport trunk allowed vlan 1,21-23,99 switchport mode trunk channel-protocol lacp channel-group 1 mode passsive no shut // port-channel 1 automatically created and nothing needs to be configured under it ip default-gateway
10.10.10.1 // VLAN 1 already configured nothing more to be done on it SWA vlan 21 vlan 22 vlan 23 interface range fastethernet 0/3-4 switchport trunk native vlan 99 switchport trunk allowed vlan 1,21-23,99 switchport mode trunk channel-protocol lacp channel-group 1 mode active no shut spanning-tree vlan 1,21-23,99 root primary
QUESTION 28
CORRECT TEXT
Scenario:
You work for SWITCH.com. They have just added a new switch (SwitchB) to the existing network as shown in the topology diagram.
RouterA is currently configured correctly and is providing the routing function for devices on SwitchA and SwitchB. SwitchA is currently configured correctly, but will need to be modified to support the addition of SwitchB. SwitchB has a minimal configuration. You have been tasked with competing the needed configuring of SwitchA and SwitchB. SwitchA and SwitchB use Cisco as the enable password.
Configuration Requirements for SwitchA
The VTP and STP configuration modes on SwitchA should not be modified.
· SwitchA needs to be the root switch for vlans 11, 12, 13, 21, 22 and 23. All other vlans should be left are their default values.
Configuration Requirements for SwitchB
· Vlan 21
o Name: Marketing
o will support two servers attached to fa0/9 and fa0/10 · Vlan 22
o Name: Sales
o will support two servers attached to fa0/13 and fa0/14 · Vlan 23
o Name: Engineering
o will support two servers attached to fa0/15 and fa0/16
· Access ports that connect to server should transition immediately to forwarding state upon detecting the
connection of a device.
· SwitchB VTP mode needs to be the same as SwitchA.
· SwitchB must operate in the same spanning tree mode as SwitchA
· No routing is to be configured on SwitchB
· Only the SVI vlan 1 is to be configured and it is to use address 192.168.1.11/24
Inter-switch Connectivity Configuration Requirements
· For operational and security reasons trunking should be unconditional and Vlans 1, 21, 22 and 23 should
tagged when traversing the trunk link.
· The two trunks between SwitchA and SwitchB need to be configured in a mode that allows for the
maximum use of their bandwidth for all vlans. This mode should be done with a non- proprietary protocol,
with SwitchA controlling activation.
· Propagation of unnecessary broadcasts should be limited using manual pruning on this trunk link.
_______.________._________
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Here are steps: hostname SWITCH_B ! ! vlan 21 name Marketing vlan 22 name Sales vlan 23 name Engineering ! ! interface FastEthernet0/3 switchport trunk allowed vlan 1,21-23 channel-protocol lacp channel-group 1 mode passive switchport mode trunk ! interface FastEthernet0/4 switchport trunk allowed vlan 1,21-23 channel-protocol lacp channel-group 1 mode passive switchport mode trunk ! interface FastEthernet0/9 switchport access vlan 21 switchport mode access spanning-tree portfast ! interface FastEthernet0/10 switchport access vlan 21 switchport mode access spanning-tree portfast ! interface FastEthernet0/13 switchport access vlan 22 switchport mode access spanning-tree portfast ! ! interface FastEthernet0/14 switchport access vlan 22 switchport mode access spanning-tree portfast ! interface FastEthernet0/15 switchport access vlan 23 switchport mode access spanning-tree portfast ! interface FastEthernet0/16 switchport access vlan 23 switchport mode access spanning-tree portfast ! ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface Port-channel 1 switchport mode trunk switchport trunk encapsulation dot1q spanning-tree allowed vlans 1,21-23 ! interface Vlan1 ip address 192.168.1.11 255.255.255.0 ! end SWITCH_B(config)# hostname SWITCH_A ! panning-tree vlan 11 root primary spanning-tree vlan 12 root primary spanning-tree vlan 13 root primary spanning-tree vlan 21 root primary spanning-tree vlan 22 root primary spanning-tree vlan 23 root primary ! interface FastEthernet0/3 switchport trunk allowed vlan 1,21-23 channel-protocol lacp channel-group 1 mode active switchport mode trunk ! interface FastEthernet0/4 switchport trunk allowed vlan 1,21-23 channel-protocol lacp channel-group 1 mode active switchport mode trunk ! interface FastEthernet0/21 switchport access vlan 21 switchport mode access ! interface FastEthernet0/22 switchport access vlan 22 switchport mode access ! interface FastEthernet0/23 switchport access vlan 23 switchport mode access ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface Port-channel 1 ! interface Vlan1 no ip address shutdown ! ip default-gateway 192.168.1.1 ! ! end
QUESTION 29
CORRECT TEXT
You have been tasked with configuring multilayer SwitchC, which has a partial configuration and has been attached to RouterC as shown in the topology diagram.
You need to configure SwitchC so that Hosts H1 arid H2 can successful ping the server S1. Also SwitchC
needs to be able to ping server SI.
Due to administrative restrictions and requirements you should not add/delete vlans or create trunk links
Company policies forbid the use of static or default routing All routes must be learned via EIGRP 65010
routing protocol.
You do not have access to RouteC, RouterC is correctly configured. No trunking has been configured on
RouterC.
Routed interfaces should use the lowest host on a subnet when possible. The following subnets are
available to implement this solution:
· 172.16.1.0/24
· 192.168.3.32/27
· 192.168.3.64/27
Hosts H1 and H2 are configured with the correct IP address and default gateway.
SwitchC uses Cisco as the enable password.
Routing must only be enabled for the specific subnets shown in the diagram.
Note: Due to administrative restrictions and requirements you should not add or delete VLANs, changes
VLAN port assignments or create trunks. Company policies forbid the use of static or default routing. All routes must be learning via the EIGRP routing protocol.
HOST 1
HOST 2
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Here are Step by Step Configuration:
Explanation:
On switch C:
ip routing
router eigrp 65010
network 172.16.1.0 0.0.0.255
network 192.168.3.32 0.0.0.31
network 192.168.3.64 0.0.0.31
no auto-summ
In addition to ensuring that you are presented with only the best and the most updated Cisco 642-813 study materials, we also want you to be able to access them simply, whenever you need. Flydumps.com offers all our Cisco 642-813 exam training material in Engine and PDF formats, which is a very common format found in all computers. Regardless of whichever computer you have.