Last Updated on September 19, 2021 by Admin 2

300-420 : Designing Cisco Enterprise Networks (ENSLD) : Part 06

  1. Which feature can you enable on a switch to prevent potential bridging loops caused by invalid configurations on PortFast-configured interfaces?

    • UDLD
    • Root Guard
    • BPDU Guard
    • Loop Guard

    Explanation:

    BPDU Guard prevents bridging loops caused by an invalid configuration on a PortFast-configured interface by shutting down the interface when it receives BPDUs.

    PortFast-configured interfaces should not receive BPDUs in a valid configuration because only end devices should be connected to the PortFast interfaces (only switches and bridges send BPDUs). However, if a switch were improperly connected to the PortFast-configured interface, it would begin to receive BPDUs from the switch at the other end of the link. The port would immediately go into the spanning-tree blocking state and the port would begin to send BPDUs, which could cause a bridging loop. BPDU Guard can prevent this situation by providing a secure response to BPDUs received on PortFast-configured interfaces. When enabled, BPDU Guard shuts down a PortFast-configured interface when it receives BPDUs. When BPDU Guard brings down an interface, the interface stays down until an administrator manually puts it back into service.

    The following command enables BPDU Guard on an interface:

    switch(config-if)# spanning-tree portfast bpduguard

    To further enhance the ability of Root Guard to prevent the introduction of rogue switches in the network, PortFast can be used as well to shut down the port when a switch is connected to it. When you globally enable BPDU guard, STP shuts down ports that receive BPDUs. This is called STP PortFast BPDU Guard.

    The following command enables STP PortFast BPDU Guard globally.

    switch(config)# spanning-tree portfast bpduguard default

    Unidirectional Link Detection (UDLD) improves the stability of Layer 2 networks by detecting and shutting down unidirectional links.

    Root Guard provides a mechanism for enforcing root-bridge placement in the network. When enabled on a Layer 2 access port, it forces the port to become a designated port. Root Guard prevents the port from becoming an STP root port.

    Loop Guard provides protection against Layer 2 forwarding loops in a physically redundant topology by moving a non-designated port that has not received BPDUs as expected into the STP loop-inconsistent blocking state, preventing the port from cycling through the normal STP listening, learning, and forwarding states. It cannot be used to force a Layer 2 access port to become a designated port. Loop guard can be implemented on a switch either globally or per interface with the following commands.

    Globally. the command would be:

    switch(config)# spanning-tree loopguard default

    Per interface, the commands would be:

    switch(config)# interface fastethernet0/1
    switch(config-if)# spanning-tree guard loop

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify spanning tree

  2. Which parameters in VTP advertisements are checked before being accepted and processed? (Choose three.)

    • VLAN ID
    • Password
    • VTP mode
    • Switch name
    • Revision number
    • Management domain name

    Explanation:

    The management domain name, password, and revision number are all checked before the VTP frame is processed.

    VTP advertisements are flooded throughout the management domain every five minutes or whenever there is a change. These advertisements are originated from a switch that is in server mode and are propagated by switches that are in either client or transparent mode. Before a client or another server accepts or incorporates the information sent in the advertisement, it checks the management domain name and password (if defined) against its own configuration. The revision number is then checked. If the revision number is higher than the last value stored in the receiving switch, the receiving switch will overwrite its VLAN database with the information in the advertisement.

    A VTP switch in transparent mode will receive and forward VTP advertisements. It will not use the contents of the advertisement to synchronize with its own VLAN database.

    To set the VTP mode of a switch execute the following command at the global prompt. All switches are set to server mode by default; therefore, the command is only necessary to set a switch to client or transparent mode. The command syntax is:

    switch(config)# vtp mode {transparent | client}

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify trunking

  3. What information is displayed by the command switch# show ip interface brief?

    • a summary of the IP addresses and subnet mask on the interface
    • a summary of the IP addresses on the interface and the interface’s status
    • the IP packet statistics for the interfaces
    • the IP addresses for the interface and the routing protocol advertising the network

    Explanation:

    The command show ip interface brief displays a summary of the IP address on the interface and the interface’s status. The status means whether the interface is up. This command is useful when you are connected to a router or switch with which you are not familiar, because it allows you to obtain the state of all interfaces or switch ports. Sample output is shown below:

    300-420 Part 06 Q03 045
    300-420 Part 06 Q03 045

    This command does not display subnet mask information. Use other commands, such as show ip interface or show run interface, to verify the subnet mask.

    IP statistics about the interface are displayed with the command show ip interface. Adding the brief keyword tells the switch to leave out everything but the state of the interface and its IP address.

    To view the routing protocol advertising an interfaces network, you would use the command show ip protocol.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify VLANs

  4. At which OSI layer does STP operate?

    • Physical
    • Network
    • Transport
    • Data Link

    Explanation:

    Spanning Tree Protocol (STP) operates at the Data Link layer (Layer 2) of the OSI model.

    Switches and bridges running the spanning-tree algorithm communicate by exchanging multicast messages called bridge protocol data units (BPDUs) at regular intervals. BPDUs are used to build and maintain the spanning tree, ensuring a stable loop-free topology.

    BPDU exchange facilitates the following:

    • Election of a root switch (only one per spanning tree)
    • Election of a designated switch for each switched segment
    • Removal of loops by placing redundant switch ports in a backup (non-forwarding) state

    STP is implemented on bridges and switches in order to prevent loops in the network. STP should be used in situations where redundant links are used.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify spanning tree

  5. Which IOS command configures a switch for VTP client mode?

    • vtp mode client
    • no vtp v2-mode
    • no vtp mode
    • vtp terminal

    Explanation:

    To configure a switch to operate as a VLAN Trunk Protocol (VTP) client, simply enter the vtp mode client command at the global configuration prompt:

    switch(config)# vtp mode client

    When a switch is in VTP client mode, you cannot change its VLAN configuration. The switch will receive VTP updates from a VTP server in the VTP domain and then modify its configuration accordingly.

    For added security, you can specify the VTP domain to which the client belongs and a password used to connect to the domain when configuring a switch for VTP client mode. The password is the same for all devices in the VTP domain. The commands to configure a VTP password are as follows:

    switch(config)# vtp domain domain-name
    switch(config)# vtp password password

    The no vtp v2-mode command reverts the VTP version to version 1 (the default version). Use the vtp v2-mode command to set the VTP mode to version 2.

    The no vtp mode command reverts the VTP mode back to its default state, which is server mode. To set the VTP mode of a VTP client back to server mode, you can use either the no vtp mode command or the vtp server command.

    vtp terminal is not a valid command.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify trunking

  6. Which IOS commands do you enter in interface configuration mode to configure a switch port to actively negotiate to be an ISL trunk port if possible? (Choose two.)

    • switchport trunk isl
    • switchport mode dynamic auto
    • switchport trunk allowed vlan
    • switchport mode dynamic desirable
    • switchport trunk encapsulation isl

    Explanation:

    Entering the IOS commands switchport mode dynamic desirable and switchport trunk encapsulation isl in interface configuration mode will allow a switch port to actively negotiate to be an ISL trunk port if possible.

    Use the following steps to configure a port as an ISL trunk:

    1. Enter the interface configuration.
    switch(config)# interface interface-id
    
    2. Configure the port to use ISL encapsulation.
    switch(config-if)# switchport trunk encapsulation isl
    
    3. Configure the port as a trunk port.
    switch(config-if)# switchport mode dynamic desirable

    Note: Trunking modes can be configured as trunk, dynamic auto, dynamic desirable, nonegotiate, and access.

    This allows DTP to actively negotiate to be a trunk if the other side is set to trunk, desirable , or auto. If one side is set to auto and the other side is also set to auto, no negotiations will occur.

    The switchport allowed vlan command is also valid for configuring dot1q trunks, but is not required. By default, all VLANs are allowed on the trunk.

    The other commands use incorrect syntax.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify trunking

  7. Which IOS command sets the native VLAN to VLAN3?

    • switchport mode trunk 3
    • switchport native vlan 3
    • switchport trunk native vlan 3
    • switchport trunk allowed vlan 3
    • switchport default native vlan 3

    Explanation:

    The IOS command switchport trunk native vlan 3 sets the native VLAN to VLAN3.

    Use the following command to configure the native VLAN on an 802.1Q trunk:

    switch(config-if)# switchport trunk native vlan vlan_id

    The 802.1Q native VLAN is the VLAN from which or to which Layer 2 frames are transmitted untagged on the 802.1Q trunk port. The default native VLAN on an 802.1Q is VLAN 1. The native VLAN IDs should be set to the same value for both sides of an 802.1Q trunk.

    The command switchport trunk allowed vlan 3 is used to assign VLANs whose frames are allowed to be passed over the trunk.

    The other options are incorrect due to invalid syntax.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify trunking

  8. What command is used to enable CEF on a Cisco switch?

    • ip cef
    • ip cef distributed
    • ip route-cache cef
    • ip cef enable

    Explanation:

    The command to enable Cisco Express Forwarding (CEF) on a Cisco switch is ip cef. This enables CEF support on the entire switch. All interfaces that are configured to use CEF will be able to. The no form of this command will disable CEF support, including support on interfaces that have CEF configured on them.

    Cisco Express Forwarding allows a Layer 3 switch to determine the next-hop destination MAC address of the first frame in a transmission made of many frames, and then utilizes the much faster switching process for all the remaining frames. This requires that routing be enabled on the switch, since the route to the initial frame must be determined.

    The output of the show ip interface vlan id command can be used to determine whether IP routing is enabled. Partial output of the show ip interface vlan id command for two switches is shown below. The first (Switch A) has IP routing enabled and the second (Switch B) does NOT have IP routing enabled. The second switch is missing the section about CEF, since CEF cannot be enabled unless IP routing is enabled.

    300-420 Part 06 Q08 046
    300-420 Part 06 Q08 046

    The command ip cef distributed is used to enable distributed CEF (dCEF), not the CEF mentioned in the scenario.

    The command ip route-cache cef is a valid command to enable CEF on an individual interface, but the command is only valid in interface configuration mode.

    The command ip cef enable is an invalid command due to incorrect syntax.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify switch administration

  9. What feature allows the administrator to put phones into a separate logical network from the data network while keeping both in the same physical network?

    • auxiliary VLANs
    • queuing
    • 802.1Q
    • marking

    Explanation:

    Auxiliary VLANs allows the data and voice traffic to use the same physical topology but remain logically separate. The information the phones need regarding this voice VLAN is provided by the switch. Auxiliary VLANs allows IP phones to be automatically placed into a separate VLAN from data traffic.

    Queuing is the process of placing traffic in appropriate queues depending on the class of traffic.

    Marking is the process of setting the CoS, IP precedence, or DSCP of a packet to a specific value that will provide appropriate QoS throughout the network.

    802.1Q is a trunking protocol used to allow traffic from multiple VLANs to pass through a single link and still be logically separate.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify VLANs

  10. Which port will the spanning-tree algorithm select as a bridge’s root port?

    • The first port on the root bridge to receive an STP packet
    • The port through which the root bridge can be reached with the lowest-cost path
    • The port through which the root bridge can be reached with the lowest-value interface identifier
    • The port through which the root bridge can be reached with the highest-value interface identifier

    Explanation:

    Root ports are ports that are in the forwarding state and provide connectivity to the root bridge. The port through which the root bridge can be reached with the lowest-cost path is the root port. All the ports on the root bridge (the bridge with the lowest bridge ID) are in the forwarding state and are referred to as designated ports.

    Bridges and switches use the Spanning-Tree Protocol (STP) to prevent network loops. Without a loop-avoidance service on the network, Layer 2 devices, in certain situations, will endlessly flood broadcasts. An STP-enabled device recognizes a loop in the topology and blocks one or more redundant paths, preventing the loop. STP allows the switches to continually explore the network so that the loss or addition of a switch or bridge is also quickly discovered. STP is enabled by default on Catalyst switches.

    For example, if two switches have an active connection between them that is forwarding traffic and a second link is connected between the same two switches, one of the two switch ports will go into a blocking state when BPDUs are received on the link. This helps to ensure that a loop does not form using the redundant connections. In some situations, heavy traffic may prevent the reception of BPDUs when the second link is put in place, and in that case, a loop may still form.

    The root port is not selected based on the first port to receive an STP packet on the root bridge. Neither is it based on the lowest or highest interface identifier values.

    Note: In some situations, there may be two ports with equal cost to the root bridge. When this occurs, the port with the lowest port number becomes the root port.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify spanning tree

  11. Consider the following output from the show interfaces trunk command:

    300-420 Part 06 Q11 047
    300-420 Part 06 Q11 047

    Which two of the following statements can be confirmed regarding the trunking configuration on the switch? (Choose two.)

    • VLAN 44 is allowed on the trunk.
    • VLAN 46 is not allowed on the trunk.
    • VLAN 45 is configured for the VTP domain.
    • VLAN 41 is not configured for the VTP domain.
    • VLAN 43 is pruned or is not in the spanning-tree forwarding state.
    • VLAN 41 is not pruned.

    Explanation:

    Virtual local area network (VLAN) 41 is not configured for the VLAN Trunking Protocol (VTP) domain, and VLAN 43 is pruned or is not in the spanning-tree forwarding state. The show interfaces trunk command can be used to determine which VLANs are allowed, which VLANs are configured for the VTP domain, and which VLANs are in the spanning-tree forwarding state and are not pruned.

    The VLANs listed under the Vlans allowed on trunk section are allowed on the trunk. Therefore, VLANs 1 through 43 and 45 through 4094 are allowed on the trunk. VLAN 44 is not allowed on the trunk; VLAN 46 is allowed on the trunk.

    The VLANs listed under the Vlans allowed and active in management domain section are allowed on the trunk and configured for the VTP domain. In this scenario, this section includes VLANs 1 through 17, VLAN 40, VLAN 43, and VLANs 101 through 172. Because VLANs 41 and 45 are allowed on the trunk, but are not listed under the Vlans allowed and active in management domain section, VLANs 41 and 45 must not be configured for the VTP domain. VLANs 18 through 43, VLANs 45 through 100, and VLANs 173 through 4094 are not configured for the VTP domain.

    VLANs 1 through 12, VLAN 16, VLAN 40, and VLANs 101 through 172 are listed under the Vlans in spanning tree forwarding state and not pruned section. Because VLAN 43 is allowed and is in the spanning-tree forwarding state, but is not listed under the Vlans in spanning tree forwarding state and not pruned section, VLAN 43 must be pruned or must not be in the spanning-tree forwarding state. This is also true of VLANs 13 through 15 and VLAN 17. As stated previously, VLAN 41 is allowed on the trunk but is not configured for the VTP domain. Therefore, it cannot be confirmed whether VLAN 41 has or has not been pruned manually. If VLAN 41 were in the spanning-tree forwarding state, but were not listed under the Vlans in spanning tree forwarding state and not pruned section, then it could be confirmed that VLAN 41 were being pruned.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify trunking

  12. What protocol allows for centralized management of multiple wireless access points?

    • WPA
    • WEP
    • ad hoc
    • LWAPP

    Explanation:

    Lightweight access point protocol (LWAPP) is a protocol used to allow centralized management of access points (APs). The management components are removed from the APs and centralized into a wireless LAN controller. This controller can coordinate WLAN access, managing the load on the APs and user movement between APs. A lightweight AP receives control and configuration from the WLAN controller.

    LWAPP defines the following activities:

    • Packet encapsulation, fragmentation, and formatting
    • Access point certification and software control
    • Access point discovery, information exchange, and configuration

    The processing of 802.11 data and the handling of management protocols and access point capabilities is distributed between the lightweight access point and the WLAN controller. For example, the AP handles the transmission of beacon frames and responses to probe request frames and the controller handles authentication. The WLC enhances:

    • Mobility
    • Authentication
    • Security management

    When lightweight APs are used, the data path from one wireless station to another includes the AP and its controller.

    Wi-Fi protected access (WPA) is an encryption and authentication protocol for wireless access. It supports 802.1x authentication and EAP on a wireless client. The AP would function as the authenticator.

    WEP is a wireless encryption protocol that uses static keys and no authentication.

    Ad hoc is a WLAN mode used for peer-to-peer connectivity. Ad hoc allows wireless-enabled computers to communicate with each other without having an AP involved.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify other LAN switching technologies

  13. Consider the following commands executed on a Layer 3 switch named switchA:

    300-420 Part 06 Q13 048
    300-420 Part 06 Q13 048

    Which of the following physical interfaces do NOT affect the uplink state of VLAN 10? (Choose two.)

    • Fa0/1
    • Fa0/2
    • Fa0/3
    • Fa0/4

    Explanation:

    The Fa0/2 and Fa0/3 physical interfaces of switchA do not affect the uplink state of VLAN 10. This is because the switchport autostate exclude command is used on the Fa0/2 and Fa0/3 interfaces. This command causes the exclusion of an interface from the determination of the uplink state of the VLAN (SVI interface) to which the interface belongs.

    An SVI or switch virtual interface is a logical interface that allows you to enable inter-VLAN routing on Layer 3 switches. SVIs are configured as VLAN interfaces and have at least one physical interface assigned to the VLANs. An SVI is up and running when all of the following conditions are met:

    • It is configured on the switch and is enabled in the VLAN database
    • It is not in the administratively down state
    • It has at least one Layer 2 (access or trunk) interface in the up state

    When an SVI services multiple interfaces (the switch ports in the VLAN to which the SVI connects) and all of them go down, the SVI also goes down by default. When any of the interfaces comes up, the SVI also comes up. By default, all interfaces assigned to the SVI are involved in determining its uplink state. However, if you do not want a particular interface to participate in this determination, use the switchport autostate exclude command on that interface.

    You can use the switchport autostate exclude command on any Layer 2 access or trunk interface. This command applies to all VLANs to which the interface belongs. If the excluded interface of an SVI is in the up state and all the other interfaces of the SVI are in the down state, the SVI remains in the down state. The state of the SVI does not change to up.

    The Fa0/1 and Fa0/4 interfaces of switchA affect the uplink state of VLAN 10 because all the interfaces assigned to an SVI contribute towards the uplink state determination of the SVI by default.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify VLANs

  14. Inter-VLAN routing has been operating successfully for several months. Users who connect to a newly installed switch report that they are unable to communicate with the rest of the company’s networks. You decide to ensure that the switch is properly connected to the VTP domain before taking any other troubleshooting steps.What command would be best used to verify this?

    • switch# show vlan
    • switch# show ip route
    • switch# show interfaces trunk
    • switch# show vtp status
    • switch #show interface

    Explanation:

    The command show vtp status would be the best command to verify the switch’s connection to the company’s VTP domain. This command displays the version of VTP, the VTP domain the switch is a member of, the VTP mode of the switch, and other configuration settings relating to VTP.

    The command show vlan will display the VLANs that exist and the ports that are members of the VLANs, but will not identify whether switch is a member of the VTP domain. If the VLANs that are displayed with this command are the same as those in the VTP domain, it does not necessarily mean the switch is a member of the domain. This data needs to be verified with the show vtp status command.

    The command show ip route is used to verify the routing table, but it does not provide any VTP information. This command is used to verify routes to other networks discovered or configured on the switch. It will display the routing protocol used to discover each route, and the next hop used to forward traffic to the destination network.

    The command show interfaces trunk is used to verify which VLANs are being forwarded to another device, but does not indicate whether the switch is a member of the VTP domain.

    The command show interfaces would not allow you to verify the switch’s connection to the company’s VTP domain. This command would allow you to determine the following features of the switch:

    • Port state
    • Port speed
    • Input errors
    • Collisions

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify trunking

  15. The company has just completed an implementation that uses Cisco Express Forwarding (CEF) as a Layer 3 IP switching technology for optimized network performance and scalability. The following is the network infrastructure of the company. (Click the Exhibit(s) button.)You are creating the verification plan for this implementation. This includes verifying the routes known to the routers.Which component of the CEF switching technology contains routes to the 10.1.0.0/24 network along with the routes to the 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 networks?

    • FIB
    • Adjacency table
    • Routing table
    • Topology table

    Explanation:

    The forwarding information base (FIB) lookup table contains routes to 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24. CEF switching technology is an example of a topology-based switching mechanism that uses the FIB. The FIB contains the routing or forwarding information that the network prefix can reference. Thus, the FIB is the component that CEF based switching uses to store a route to 10.1.0.0/24 along with the routes to 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24. In the FIB, these specific entries would be ordered with the longest match followed by less specific subnets. When the switch receives a packet, it can easily examine the destination address and find the longest match entry in the FIB.

    The adjacency table does not contain routes to 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24. The adjacency table is used by CEF to prepend Layer 2 addressing information. The adjacency table maintains Layer 2 next-hop addresses for all FIB entries. It stores the information for the nodes that are adjacent. Nodes in the network are said to be adjacent if they can reach each other with a single hop across a link layer.

    The routing table does not contain routes to 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24. The router stores routing information, but CEF does not use the routing table for the purpose of making IP destination prefix-based switching decisions.

    The topology table does not contain routes to 10.1.1.0/24, 10.1.2.0/24, or 10.1.3.0/24. The topology table is not a component of CEF switching technology. It is a component of EIGRP and stores the details of all the destinations along with the list of neighbors that advertise the destination. For each of these entries, the metrics of the neighbor advertising the destination are also stored.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify switch administration

  16. During which STP state can ports add information to their address tables, but not send any data?

    • Learning
    • Listening
    • Blocked
    • Forwarding

    Explanation:

    In the learning state, a switch port can add learned information into its address table, but cannot forward data.

    Spanning tree transitions each port through several states whenever there is a change in the network topology to prevent switching loops. Each state is briefly defined as follows:

    • Blocking: In the blocking state, a port does not forward frames, learn information, or send out information. A forwarding port is placed in the blocked state when the port senses an absence of BPDUs, which are sent out in the interval defined by the hello time (two seconds by default). If the blocked port does not detect a BPDU for the length of time defined in the max-age setting (20 seconds by default), the port will transition into the listening state.
    • Listening: In the listening state, a port receives traffic, but does not send information. This is the first transitional state after the blocking state. No user data is forwarded at this time, but the switch is very busy. It is during this stage that the switch participates in the election of the root bridge, the root ports on the non-root bridges, and the designated ports on each segment. Ports that remain as designated or root ports will transition to the learning state after the time defined in the forward delay (15 seconds by default) has elapsed.
    • Learning: In the learning state, a switch port can add the MAC addresses that it has learned into its address table but cannot forward user data. The switch port will remain in this state until the amount of time defined in the forward-delay setting has elapsed (15 seconds by default), at which time it will transition into the forwarding state.
    • Forwarding: In the forwarding state, a port is actively forwarding packets. It will remain in the forwarding state until it does not detect a BPDU within the defined hello time, at which time the port is placed in the blocking state and the process starts again.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify spanning tree

  17. Which IOS command enables the VTP feature that eliminates unnecessary trunk traffic being flooded to switches that do not have memberships in particular VLANs?

    • vtp mode client
    • no vtp mode
    • vtp v1-mode
    • vtp pruning

    Explanation:

    To enable pruning on a switch operating in VLAN Trunk Protocol (VTP) server mode, enter the vtp pruning command at the global configuration prompt.

    switch(config)# vtp pruning

    VTP pruning enhances network bandwidth usage by restricting unnecessary flooded traffic on trunk links. If a trunk link does not have devices in the VLAN attached, flooded traffic on that VLAN is blocked. VTP pruning can reduce broadcasts, multicasts, unknown traffic, and flooded unicast packets.

    Enabling VTP pruning on a switch in VTP server mode enables pruning for the entire domain.

    Multicast and unicast traffic are not blocked for the VLANs that are not being pruned.

    There are three modes in VTP: server, client, and transparent. The main differentiator among the three modes is whether a switch can create, modify, or delete VLANs. A Catalyst switch can create, modify, and delete VLANs in server or transparent mode, but not in client mode. However, VLANs created on a switch in transparent mode apply only to that switch, and information about these VLANs is not propagated throughout the VTP domain.

    The VTP server mode sends or forwards VTP advertisements, synchronizes VLAN configuration information with other switches, and saves the VLAN in NVRAM.

    The VTP transparent mode forwards VTP advertisements and saves the VLAN configuration in NVRAM. It does not synchronize VLAN configuration information. A switch in transparent mode can create, delete, and modify VLANs, but changes are not transmitted to other switches in the domain. They only affect the local switch.

    The VTP client mode sends or forwards VTP advertisements and synchronizes VLAN configuration information with other switches. It does not save VLAN information in NVRAM. In client mode, VTP clients only can receive VLAN information from VTP servers.

    The command vtp mode client sets the switch to client mode. It does not eliminate unnecessary trunk traffic.

    The no vtp mode command reverts the VTP mode back to its default state, which is server mode. To set the VTP mode of a VTP client back to server mode, you can use either the no vtp mode command or the vtp server command.

    The vtp v1-mode command reverts the VTP version to version 1 (the default version). Use the vtp v2-mode command to set the VTP mode to version 2.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify trunking

  18. During a CEF packet rewrite, which of the following changes are NOT made to the packet?

    • The source MAC address is changed to the MAC address of the outbound Layer 3 switch interface.
    • The destination MAC address is changed to the MAC address of the next-hop router’s MAC address.
    • Layer 3 TTL is decremented by one.
    • Layer 2 TTL is decremented by one.

    Explanation:

    There is no Layer 2 TTL in the packet, so the Layer 2 time to live (TTL) cannot be decremented by one. All other options are correct. The following changes will be made when the Cisco Express Forwarding (CEF) packet rewrite process occurs:

    • The source MAC address is changed to the MAC address of the outbound Layer 3 switch interface.
    • The destination MAC address is changed to the MAC address of the next hop routers MAC address
    • The Layer 3 IP TTL is decremented by one
    • The Layer 3 IP checksum is recalculated
    • The Layer 2 frame checksum is recalculated

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify switch administration

  19. Consider the following output of the show spanning-tree command for the SW1 switch:

    300-420 Part 06 Q19 049
    300-420 Part 06 Q19 049

    You need to change the spanning-tree configuration such that the following is true:

    SW1 is the root bridge for VLAN0001

    SW1 is not the root bridge for VLAN0101

    Fa0/2 port of SW1 should be in the forwarding state for VLAN0202 trafficWhich of the following commands should be executed on SW1 to achieve the desired results? (Choose all that apply.)

    • spanning-tree vlan 1 priority 23189 in global configuration mode
    • spanning-tree vlan 1 priority 32768 in global configuration mode
    • spanning-tree vlan 101 priority 32768 in global configuration mode
    • spanning-tree vlan 202 cost 2 in interface configuration mode of Fa0/2
    • spanning-tree vlan 202 cost 252 in interface configuration mode of Fa0/2

    Explanation:

    The following commands should be executed to achieve the desired results:

    spanning-tree vlan 1 priority 23189 in global configuration mode
    spanning-tree vlan 101 priority 32768 in global configuration mode
    spanning-tree vlan 202 cost 2 in interface configuration mode on Fa0/2

    The spanning-tree vlan 1 priority 23189 command changes the bridge priority of SW1 to 23189 for the native VLAN (VLAN0001). According to the show spanning-tree output in the scenario, the root bridge for VLAN0001 has a priority of 23195. Therefore, if SW1 has to become the root bridge for VLAN0001, then SW1 should have the least bridge priority for that VLAN. Setting the bridge priority of SW1 to 23189, which is less than 23195, serves the purpose.

    The spanning-tree vlan 101 priority 32768 command changes the bridge priority of SW1 to 32768 for VLAN0101. The maximum priority that can be assigned to a switch is 32768, which implies that the switch cannot be a root bridge for the VLAN provided its MAC address is higher than the other switches. This will ensure that SW1 will NOT be the root bridge for VLAN 101

    The spanning-tree vlan 202 cost 2 command sets the port cost to 2 for VLAN0202. The port cost is used by STP to determine a loop-free path. The port with the least cost is selected and placed in Forwarding state. Therefore, as a result of this command, the Fa0/2 port will be in the Forwarding state to pass the VLAN0202 traffic, rather than Fa0/1.

    Executing the spanning-tree vlan 1 priority 32768 command in the global configuration mode does not achieve the desired results. This command sets the bridge priority of SW1 to the highest possible value for VLAN0001. As 32768 is greater than 23190, the new bridge priority of SW1 does not affect the root bridge for VLAN0001 and SW1 remains a non-root bridge.

    The spanning-tree vlan 202 cost 252 command in the interface configuration mode of Fa0/2 does not achieve the desired results. This command changes the port cost of Fa0/2 for VLAN0202 to 252, which is the maximum cost value. STP selects the port with the least cost as the best loop-free path. Therefore, setting the cost to 252 for Fa0/2 will not put Fa0/2 in the Forwarding state.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify spanning tree

  20. What is the easiest way to force a specific switch to become the spanning-tree root bridge for a VLAN?

    • Raise the spanning-tree priority value on the switch.
    • Lower the spanning-tree priority value on the switch.
    • Raise the port-cost value of an interface on the switch.
    • Lower the port-cost value of an interface on the switch.

    Explanation:

    The spanning-tree root bridge is the bridge with the lowest bridge ID. The bridge ID is a value calculated from the bridge priority and the bridge MAC address. Therefore, lowering the bridge-priority value lowers the bridge ID, which can force the switch to become the root bridge.

    The easiest way to force a specific switch to become the spanning-tree root bridge for a VLAN is to lower its priority using the spanning-tree vlan vlan_id priority priority command. For example, the following command will configure the switch as the root bridge for VLAN 10:

    switch(config)# spanning-tree vlan 10 priority 4096

    The priority value of 4096 is used by convention. It could be set to any value as long as it is lower than any other switch in the VLAN. The priority value 4096 is typically used when forcing the placement of the root bridge, and 8192 is used to force placement of the secondary root bridge. These values work because the default priority value for switches is 32768.

    Lowering the port cost of an interface is an effective way to force spanning tree to put the interface into a forwarding state. However, it does not affect the placement of the root bridge.

    Objective:
    Layer 2 Technologies
    Sub-Objective:
    Configure and verify spanning tree