1. You are assigning VLANs to the ports of switch R1. What VLAN number value is an assigned to the default VLAN?
A VLAN 1003
B. VLAN 1
C. VLAN ON
D. VLAN A
E. VLAN 0
Answer: B
2. What is a characteristic of a static VLAN membership assignment?
A. VMPS server lookup is required
B. Easy to configure
C. Ease of adds, moves, and changes
D. Based on MAC address of the connected device
Answer: B
Explanation
There are two types of VLAN membership assignment:
– Static VLAN: switch ports are assigned to specific VLANs manually
– Dynamic VLAN: switch automatically assigns the port to a VLAN using information from the user device like MAC address, IP address etc. When a device is connected to a switch port, the switch must, in effect, query a database to establish VLAN membership.
Static VLAN assignment provides a simple way to assign VLAN to a port while Dynamic VLANs allow a great deal of flexibility and mobility for end users but require more administrative overhead.
3. What is a characteristic of multi-VLAN access ports?
A. The port has to support STP PortFast.
B. The auxiliary VLAN is for data service and is identified by the PVID.
C. The port hardware is set as an 802.1Q trunk.
D. Both the voice service and data service use the same trust boundary.
Answer: C
Explanation
The multi-VLAN port feature on the Catalyst 2900 XL/3500 XL switches allows for configuring a single port in two or more VLANs. This feature allows users from different VLANs to access a server or router without implementing InterVLAN routing capability. A multi-VLAN port performs normal switching functions in all its assigned VLANs. VLAN traffic on the multi-VLAN port is not encapsulated as it is in trunking -> The port is set as an 802.1Q trunk -> C is correct.
Note: The limitations of implementing multi-VLAN port features are listed below.
1) You cannot configure a multi-VLAN port when a trunk is configured on the switch. You must connect the multi-VLAN port only to a router or server. The switch automatically transitions to VTP transparent mode when the multi-VLAN port feature is enabled, making the VTP disabled.
2) The multi-VLAN port feature is supported only on the Catalyst 2900 XL/3500 XL series switches. This feature is not supported on the Catalyst 4000/5000/6000 series or any other Cisco Catalyst switches.
The following example shows how to configure a port for multi-VLAN mode:
Switch(config-if)# switchport mode multi
The following example shows how to assign a multi-VLAN port already in multi mode to a range of VLANs:
Switch(config-if)# switchport multi vlan 5-10
4. The Company LAN switches are being configured to support the use of Dynamic VLANs. Which of the following are true of dynamic VLAN membership? (Choose two)
A. VLAN membership of a user always remains the same even when he/she is moved to another location.
B. VLAN membership of a user always changes when he/she is moved to another location.
C. Membership can be static or dynamic.
D. Membership can be static only.
Answer: A C
5. Which of the following technologies would an Internet Service Provider use to support overlapping customer VLAN ID’s over transparent LAN services?
A. 802.1q tunneling
B. ATM
C. SDH
D. IP Over Optical Networking
E. ISL
Answer: A
6. Static VLANs are being used on the Company network. What is true about static VLANs?
A. Devices use DHCP to request their VLAN.
B. Attached devices are unaware of any VLANs.
C. Devices are assigned to VLANs based on their MAC addresses,
D. Devices are in the same VLAN regardless of which port they attach to.
Answer: B
Explanation
Port is assigned to specific VLAN manually. Frames are not tagged. Attached devices are unaware of any VLANs in the network.
7. The Company LAN switches are being configured to support the use of Dynamic VLANs. What should be considered when implementing a dynamic VLAN solution? (Choose two)
A. Each switch port is assigned to a specific VLAN.
B. Dynamic VLANs require a VLAN Membership Policy Server.
C. Devices are in the same VLAN regardless of which port they attach to.
D. Dynamic VLAN assignments are made through the command line interface.
Answer: B C
Explanation
When a port is configured as “dynamic,” it receives VLAN information based on the MAC-address that is on the port. The VLAN is not statically assigned to the port; it is dynamically acquired from the VMPS (Virtual Membership Policy Server) based on the MAC-address on the port.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25ew/configuration/guide/vmps.html
8. The Company LAN is becoming saturated with broadcasts and multicast traffic. What could you do to help a network with many multicasts and broadcasts?
A. Creating smaller broadcast domains by implementing VLANs.
B. Separate nodes into different hubs.
C. Creating larger broadcast domains by implementing VLANs.
D. Separate nodes into different switches.
E. All of the above.
Answer: A
Explanation
VLANs are used to divide network into logical areas. VLANs can also be considered as broadcast domains. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router.
9. You have just created a new VLAN on your network. What is one step that you should include in your VLAN based implementation and verification plan?
A. Verify that different native VLANs exist between two switches for security purposes,
B. Verify that the VLAN was added on all switches with the use of the show vlan command.
C. Verify that the switch is configured to allow for trunking on the switch ports,
D. Verify that each switch port has the correct IP address space assigned to it for the new VLAN.
Answer: B
Explanation
Different native VLANs will cause error messages about the mismatch, and the potential exists that traffic will not pass correctly between the two native VLANs (although a trunk can be brought up with different native VLANs on each end) -> A is not correct.
Answer C is reasonable but it should be done after configuring trunking, not creating a new VLAN -> C is not correct.
A layer 2 switch only needs one IP address for management purpose -> D is not correct.
Answer B is the best choice to verify if our new VLAN was created, and which ports are associated with it.
10. You have configured a Cisco Catalyst switch to perform Layer 3 routing via an SVI and have assigned that interface to VLAN 20. To check the status of the SVI, you issue the show interfaces vlan 20 command at the CLI prompt. You see from the output display that the interface is in an “up/up” state. What must be true in an SVI configuration to bring the VLAN and line protocol up?
A. The port must be physically connected to another Layer 3 device.
B. At least one port in VLAN 20 must be active.
C. The Layer 3 routing protocol must be operational and receiving routing updates from neighboring peer devices.
D. Because this is a virtual interface, the operational status will always be in an “up/up” state.
Answer: B
Explanation
To be “up/up,” a router VLAN interface must fulfill the following general conditions:
– The VLAN exists and is “active” on the VLAN database of the switch (sh vlan brief)
– The VLAN interface (SVI) must exists on the router and must be “up”.
– Minimum one port (Layer 2 port – access or trunk) must be up in this VLAN.
Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/37sg/configuration/guides/l3_int.html)
11. Refer to the exhibit. Based upon the output of show vlan on switch CAT2, what can we conclude about interfaces Fa0/13 and Fa0/14?
A. That interfaces Fa0/13 and Fa0/14 are in VLAN 1
B. That interfaces Fa0/13 and Fa0/14 are down
C. That interfaces Fa0/13 and Fa0/14 are trunk interfaces
D. That interfaces Fa0/13 and Fa0/14 have a domain mismatch with another switch
E. That interfaces Fa0/13 and Fa0/14 have a duplex mismatch with another switch
Answer: C
Explanation
Show vlan command shows ports assigned to VLANs. Trunk ports are not assigned to specific VLAN, are parts of mutiple VLANs so will never visible in output of this command. You can check trunk ports by using show interfaces trunk.
12. What two pieces of information will the show vlan id 5 command display? (Choose two)
A. Ports in VLAN 5
B. Utilization
C. VLAN information on port 0/5
D. Filters
E. MTU and type
Answer: A E
13. What are some virtues of implementing end-to-end VLANs? (Choose two)
A. End-to-end VLANs are easy to manage.
B. Users are grouped into VLANs independent of a physical location.
C. Each VLAN has a common set of security and resource requirements for all members.
D. Resources are restricted to a single location.
Answer: B C
Explanation
There are two kinds of VLANs:
Local VLANs:
– design is scalable
– users belong to the same broadcast domain when they are at the same location
– redundant path can be built easily
– Rule 20/80: only 20 percent of traffic is local, whereas 80 percent is destined to a remote re-source across the core layer
End-to-end VLANS:
– geographically dispersed users appear on the same segment
– same policy can be aplied to the same group of users regardless of their phusical location.
– all switches need to know all VLANs
– broadcast messages flood all switches
– Rule 80/20 rule: 80 percent of user traffic stays within the local workgroup, whereas 20 percent is destinated for a remote resource in the campus network
14. Which two statements are true about a switched virtual interface (SVI)? (Choose two)
A. An SVI is created by entering the no switchport command in interface configuration mode.
B. An SVI is normally created for the default VLAN (VLAN1) to permit remote switch administration.
C. An SVI provides a default gateway for a VLAN.
D. Multiple SVIs can be associated with a VLAN.
E. SVI is another name for a routed port.
Answer: B C
Explanation
Catalyst L2 fixed configuration switches that run Cisco IOS Software have only one configurable IP management interface, which by default is interface VLAN 1. Pure layer 2 switches can have only one interface VLAN up at the time. This is called the management VLAN (in IOS) or the sc0 interface (in CatOS). The main purpose of this interface is management (telnet, SNMP, etc). If the switch is a Layer 3 switch, you can configure multiple VLANs and route between them. An L3 switch can handle multiple IPs, so there is no specific management VLAN on the switch.
(Reference: http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008010e9ca.shtml)
15. You have just created a new VLAN on your network. What is one step that you should include in your VLAN based implementation and verification plan?
A. Verify that trunked links are configured to allow the VLAN traffic.
B. Verify that the switch is configured to allow for trunking on the switch ports.
C. Verify that each switch port has the correct IP address space assigned to it for the new VLAN.
D. Verify that different native VLANs exist between two switches for security purposes.
Answer: A
Explanation
A VLAN-based implementation and verification plan should include:
* Verification that trunked links are configured to allow the newly created VLANs.
* Verification that the SVI has already been created and that it shows up on all required switches using the show vlan command.
16. You have just created a new VLAN on your network for inter-VLAN routing. What is one step that you should include in your VLAN-based implementation and verification plan?
A. Verify that different native VLANs exist between two switches for security purposes.
B. Verify that the switch is configured to allow for trunking on the switch ports.
C. Verify that each switch port has the proper IP address space assigned to it for the new VLAN.
D. Verify that the VLAN virtual interface has been correctly created and enabled.
Answer: D
17. Under what circumstances should an administrator prefer local VLANs over end-to-end VLANs?
A. Eighty percent of traffic on the network is destined for Internet sites.
B. There are common sets of traffic filtering requirements for workgroups located in multiple buildings.
C. Eighty percent of a workgroup’s traffic is to the workgroup’s own local server.
D. Users are grouped into VLANs independent of physical location.
Answer: A
Explanation
Please check Q13.
18. Which of the following statements is true about the 80/20 rule (Choose two)?
A. 20 percent of the traffic on a network segment should be local.
B. no more than 20 percent of the network traffic should be able to move across a backbone.
C. no more than 80 percent of the network traffic should be able to move across a backbone.
D. 80 percent of the traffic on a network segment should be local.
Answer: B D
Explanation
The 80/20 rule states that 80 percent of user traffic stays within the local workgroup, whereas 20 percent is destinated for a remote resource in the campus network
19. Which two statements are true about best practices in VLAN design? (Choose two.)
A. Routing should occur at the access layer if voice VLANs are utilized. Otherwise, routing should occur at the distribution layer.
B. Routing may be performed at all layers but is most commonly done at the core and distribution layers.
C. Routing should not be performed between VLANs located on separate switches.
D. VLANs should be local to a switch.
E. VLANs should be localized to a single switch unless voice VLANs are being utilized.
Answer: B D
Explanation
First let’s review main characteristics of three layers in a campus network:
Access layer:
– Low cost per switch port
-High port density
-Scalable uplinks to higher layers
-User access functions such as VLAN membership, traffic and protocol filtering, and quality of service (QoS)
-Resiliency through multiple uplinks
Distribution Layer:
-Aggregation of multiple access-layer devices
-High Layer 3 throughput for packet handling
-Security and policy-based connectivity functions through access lists or packet filters
-QoS features
-Scalable and resilient high-speed links to the core and access layers
Core layer:
-Very high throughput at Layer 3
-No costly or unnecessary packet manipulations (access lists, packet filtering)
-Redundancy and resilience for high availability
-Advanced QoS functions
B: We can see at Distribution and Core layers, Layer 3 throughput (routing) is very high
D: Nowadays, end-to-end VLANs are not recommended in an enterprise network, unless there is a good reason. In an end-to-end VLAN, broadcast traffic is carried over from one end of the network to the other, creating the possibility for a broadcast storm or Layer 2 bridging
loop to spread across the whole extent of a VLAN. This can exhaust the bandwidth of distribution and core-layer links, as well as switch CPU resources. Now the storm or loop has disrupted users on the end-to-end VLAN, in addition to users on other VLANs that might
be crossing the core.
When such a problem occurs, troubleshooting becomes more difficult. In other words, the risks of end-to-end VLANs outweigh the convenience and benefits.
From that we can infer VLAN traffic should be local to the switch
(Reference: CCNP SWITCH 642-813 Official Certification Guide)
20. In the three-layer hierarchical network design model; what’s associated with the access layer? (Choose two)
A. optimized transport structure
B. high port density
C. boundary definition
D. data encryption
E. local VLANs
F. route summaries
Answer: B E
21. Refer to the exhibit. The user who is connected to interface FastEthernet 0/1 is on VLAN 10 and cannot access network resources. On the basis of the information in the exhibit, which command sequence would correct the problem?
A. SW1(config)# vlan 10
SW1(config-vlan)# no shut
B. SW1(config)# interface fastethernet 0/1
SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 10
C. SW1(config)# interface fastethernet 0/1
SW1(config-if)# switchport mode access
D. SW1(config)# vlan 10
SW1(config-vlan)# state active
E. SW1(config)# interface fastethernet 0/1
SW1(config-if)# no shut
Answer: E
Explanation:
Operational mode of this port is down.
22. When you issue a command show port 3/1 on an Ethernet port, you observe the ‘Giants’ column has a non-zero entry. What could cause of this?
A. IEEE 802.1Q
B. IEEE 802.10
C. Misconfigured NIC
D. User configuration
E. All of the above
Answer: A
Explanation:
Giant/jumbo frames are frames larger than the standard Ethernet frame size of 1518 bytes, which includes the Layer 2 header and Frame Check Sequence (FCS).
frames created by 802.1Q are often known as baby giants:
total frame size= 1500 + 4 (Number of Header Bytes)+ 18 = 1522
23. On a multilayer Catalyst switch, which interface command is used to convert a Layer 3 interface to a Layer 2 interface?
A. switchport access vlan vlan-id
B. switchport
C. switchport mode access
D. no switchport
Answer: B
Cisco blog 