If you want to disable STP on a port connected to a server, which command would you use?
Options
A. disable spanning-tree
B. spanning-tree off
C. spanning-tree security
D. spanning-tree portfast
Correct Answer
spanning-tree portfast
Explanation
If you have a server or other devices connected into your switch that you're totally sure won't create a switching loop if STP is disabled, you can use something called
portfast on these ports. Using it means the port won't spend the usual 50 seconds to come up while STP is converging.
Spanning Tree Protocol problems
Search Results
1. Your switch has a port status LED that is alternating between green and amber. What could this indicate?
When you connect to a switch port, at first the link lights are orange/amber, and then they turn green, indicating normal operation. If the link light is blinking, you have a problem.
2. What is the purpose of Spanning Tree Protocol in a switched LAN?
Options
A. To provide a mechanism for network monitoring in switched environments
B. To prevent routing loops in networks with redundant paths
C. To prevent switching loops in networks with redundant switched paths
D. To manage the VLAN database across multiple switches
Correct Answer: All switch and bridge ports are in either the forwarding or blocking state.
Explanation:
Convergence occurs when all ports on bridges and switches have transitioned to either the forwarding or blocking states. No data is forwarded until convergence is complete. Before data can be forwarded again, all devices must be updated.
4. You want to run the new 802.1w on your switches. Which of the following would enable this protocol?
802.1w is the also called Rapid Spanning Tree Protocol. It is not enabled by default on Cisco switches, but it is a better STP to run since it has all the fixes that the Cisco extensions provide with 802.1d.
5. You need to allow one host to be permitted to attach dynamically to each switch interface. Which two commands must you configure on your catalyst switch to meet this policy?
Switch(config-if)# ip access-group 10
Switch(config-if)# switchport port-security maximum 1
The
switchport port-security is an important command, and it's super easy with the CNA; however, from the CLI, you can set the maximum number of MAC addresses allowed into the port, and then set the penalty if this maximum has been passed.
6. What does a switch do when a frame is received on an interface and the destination hardware address is unknown or not in the filter table?
Options
A. Forwards the switch to the first available link
B. Drops the frame
C. Floods the network with the frame looking for the device
D. Sends back a message to the originating station asking for a name resolution
Correct Answer: Floods the network with the frame looking for the device
Explanation:
Switches flood all frames that have an unknown destination address. If a device answers the frame, the switch will update the MAC address table to reflect the location of the device.
7. If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?
Options
A. access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp access-list 111 permit ip any 0.0.0.0 255.255.255.255
B. access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any
Correct Answer: access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp access-list 198 permit ip any 0.0.0.0 255.255.255.255
Explanation:
Extended IP access lists use numbers 100-199 and 2000-2699 and filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. (I used 0.0.0.0 255.255.255.255, which is the same as the any option.) The third option does not have this, so it would deny access but not allow everything else.
8. Which router command allows you to view the entire contents of all access lists?
The
show access-lists command will allow you to view the entire contents of all access lists, but it will not show you the interfaces to which the access lists are applied.
9. Which of the following is true regarding access lists applied to an interface?
Options
A. You can place as many access lists as you want on any interface until you run out of memory.
B. You can apply only one access list on any interface.
C. One access list may be configured, per direction, for each layer 3 protocol configured on an interface.
D. You can apply two access lists to any interface.
Correct Answer: One access list may be configured, per direction, for each layer 3 protocol configured on an interface.
Explanation:
A Cisco router has rules regarding the placement of access lists on a router interface. You can place one access list per direction for each layer 3 protocol configured on an interface.
10. Which command would you use to apply an access list to a router interface?