- Shuffle
Toggle OnToggle Off
- Alphabetize
Toggle OnToggle Off
- Front First
Toggle OnToggle Off
- Both Sides
Toggle OnToggle Off
Front
How to study your flashcards.
Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key
Up/Down arrow keys: Flip the card between the front and back.down keyup key
H key: Show hint (3rd side).h key
PLAY BUTTON
PLAY BUTTON
75 Cards in this Set
- Front
- Back
|
Why is it the default that users don’t need to supply passwords to reach enable or user mode?
|
because anyone with physical access can reset the password in 5 minutes using Cisco’s password recovery procedures
|
|
To reach enable mode from a vty (Telnet or SSH), the switch must be configured with three items:
|
1. An IP address
2. Login security on the vty lines 3. An enable password |
|
By default, Telnet users are rejected if there is no ______ on the switch or router.
|
vty password
|
|
Where is the hostname command entered?
|
Global command
|
|
How do you configure a console password?
|
config t
line console 0 password xxxxxxx login exit |
|
How do you configure a telnet password?
|
config t
line vty 0 15 password xxxxx login exit |
|
What are the two ways to configure the enable password? Which is preferable? Why?
|
config t
enable password xxxx OR enable secret xxxxxx enable secret is preferable, because the enable password makes the pw visible in show commands. |
|
What does Telnet stand for?
|
Telephone Network
|
|
When making passwords, what does the "login" command do?
|
tells the switch to ask for a text password, but no username.
|
|
What does ctrl+z do?
|
Takes you back to enable mode
|
|
Telnet sends all data, including passwords entered by the user, as _____.
|
clear text
|
|
SSH encrypts all data sent between the _____ and the _____.
|
SSH client, SSH server
|
|
MEMORIZE how to setup SSH! You MUST know this process.
|
MEMORIZE how to setup SSH! You MUST know this process.
|
|
When setting up SSH on a switch, the switch must be configured to use one of two user authentication modes:
|
one method with the credentials stored on the switch, and the other configured on an external server called an Authentication, Authorization, and Accounting (AAA) server).
|
|
Is the enable secret password being encrypted?
|
The enable secret password is not being encrypted. Instead, IOS applies a mathematical function to the password, called a Message Digest 5 (MD5) hash, storing the results of the formula in the configuration file. Enable secret is much more secure than using the service password encryption command.
|
|
Where do you setup the three types of banners?
|
Global configuration, "banner" command
|
|
What is the MOTD banner?
|
(MOTD) Message of the Day - Shown before login prompt. For temporary messages that might change. Ex. - "Router1 down for maintenance at midnight"
|
|
What is the login banner?
|
Shown before the login prompt, but after the MOTD banner. For permanent messages such as "Unauthorized Access Prohibited"
|
|
What is the EXEC banner?
|
Shown after the login prompt. Used to supply information that should be hidden from unauthorized users.
|
|
What is a beginning delimiter character?
|
The first nonblank character after the banner type
|
|
What are the three types of banners?
|
MOTD, Login and EXEC banners
|
|
How does the CLI knows that a banner has been configured?
|
As soon as the user enters the same delimiter character again.
1. For ex. “banner motd this is a test” – the banner will turn out to “his is a” because “t” is the first nonblank character after the command, which means it ends with “t” as well. |
|
How do you list the commands currently held in the history buffer?
|
Show History
|
|
What command allows a user to set, for just this one connection, the size of his history buffer? In what mode is this accomplished?
|
terminal history size x
EXEC mode |
|
How do you set the number of commands saved in the history buffer for Console and Telnet connections?
|
In the Console line 0 or vty line x modes, type "history size x"
|
|
Talk about the "logging synchronous" command. Where is it configured?
|
Used to make the console display syslog messages at a more convenient time, such as at the end of a command (preventing interruption). Configure from the Console subcommands.
|
|
By default, the switch or router automatically disconnects users after __ minutes of inactivity, for both console and remote users.
|
5 minutes
|
|
How do you tell a switch/router to have a different inactivity timer? Where is this accomplished?
|
From the Console mode. Type:
exec-timeout <minutes> <seconds> Where exec-timeout 0 0 means it never times out. |
|
In order for a switch to send traffic to a destination that is not locally connected, the ____ must be configured on the switch.
|
default-gateway
|
|
What are the default settings for a Cisco switch that you just bought?
|
Cisco switches ship from the factory with all interfaces enabled (default config of no shutdown) and with auto negotiation enabled for ports that run at multiple speeds and duplex settings (a default config of duplex auto and speed auto).
|
|
To allow Telnet, SSH, SNMP, or to use Cisco Device Manager (CDM), the switch needs an _______.
|
IP address
|
|
What don't switches need to be able to forward frames?
|
An IP address
|
|
Switches can be statically configured or dynamically assigned IP configuration using ____.
|
DHCP
|
|
The following four steps list the commands used to configure a single IP address on a switch, so you don't have to configure each interface:
|
1. Use the "interface vlan 1" global configuration command.
2. Assign an IP address and mask using the ip address <ip address> <subnet mask> interface subcommand. 3. "no shutdown" interface subcommand. 4. Add the "ip default gateway <ip address>" GLOBAL COMMAND to configure the default gateway. |
|
For the switch to act as a DHCP client to discover its IP configuration, use these two steps:
|
Use the ip address dhcp command, instead of the ip address <ip> <mask>
on VLAN 1 interface. 2. Do not configure ip default gateway global command |
|
You cannot view the IP configuration when using DHCP by using the show run command; you have to use the _______ command.
|
show dhcp lease
|
|
For the sake of efficiency, you can configure a command on a range of interfaces at the same time using the _______ command
|
interface range (Fa0/11 – 20)
|
|
What's the description subcommand?
|
Configures the description of an interface.
Ex. - To router 3 |
|
Interfaces can be configured to use the ____ and _____ interface subcommands to configure those settings statically, or an interface can use auto negotiation (default).
|
duplex, speed
|
|
The network engineer can use ______ to restrict interfaces so that only expected devices can use it.
|
port security
|
|
What are three types of port security for when an inappropriate device attempts to send frames to the switch interface?
|
The switch can issue informational messages
Discard the frames from the device Discard frames from all devices by effectively shutting down the interface. |
|
What are the general steps to enabling port security?
|
To enable port security, you need to make the port an access port, then enable port security and configure the actual MAC address of the devices allowed to use the port
|
|
What are the detailed steps to enabling port security?
|
Five steps are too long for flashcards.
LEARN THIS ONE BY REPETITION IN THE CLI!!! |
|
What does making the port an access port mean?
|
It means that an access port is not doing any VLAN trunking.
|
|
When port security is configured on an interface, the switch examines the _______ of all frames received on the port.
|
source MAC address
|
|
What is a secure shutdown state?
|
means that the interface has been disabled due to port security
|
|
What are two notifications a switch can do when a violation occurs on one of the ports?
|
Send a message to the console and SNMP trap message to the network management station
|
|
An interface in the err-disabled state requires what?
|
that someone manually shutdown the interface and then use the no shutdown command to recover the interface.
|
|
The default port security violation mode is ____. The interface status will be _____.
|
shutdown, err-disabled
|
|
What happends during a port-security violation in Protect mode?
|
Just discards offending traffic
|
|
What happends during a port-security violation in Restrict mode?
|
Discards offending traffic and sends logs and SNMP messages
|
|
What happends during a port-security violation in Shutdown mode?
|
Discards offending traffic, sends logs and SNMP messages AND disables the interface, discarding all traffic.
|
|
Cisco switch interfaces are considered to be either ____ interfaces or ___ interfaces.
|
access or trunk
|
|
By definition, access interfaces send and receive frames only in a single VLAN, called the ______.
|
access VLAN
|
|
______ interfaces send and receive traffic in multiple VLANs
|
Trunking
|
|
What is the protocol that switches use to communicate among themselves about VLAN configuration?
|
VLAN Trunking Protocol
|
|
Are VLAN names case sensitive?
|
YES
|
|
Two steps to configuring a new VLAN:
|
1. From configuration mode, use the vlan <vlan-id> global configuration command to create the VLAN and move the user into VLAN configuration mode.
2. (Optional) use the name <vlan name> VLAN subcommand to list a name for the VLAN. If not configured, the VLAN name is VLANZZZZZ, whre ZZZZ is the four digit decimal VLAN ID. |
|
Three steps to configure a VLAN for each access interface:
|
1. Move to interface config mode for each desired interface.
2. Use the switchport access vlan <vlan id> interface subcommand to specify the VLAN number associated with the interface. 3. (Optional) To disable trunking so that the switch will not dynamically design to use trunking on the interface, and it will remain an access interface, use the "switchport mode access" interface subcommand. |
|
Every interface defaults to negotiate to use VLAN features called ______ and ______.
|
VLAN Trunking and VLAN Trunking Protocol (VTP)
|
|
What are three recommendation for unused interfaces?
|
1. Administratively disable the interface using the shutdown interface subcommand.
2. Prevent VLAN trunking and VTP by making the port a nontrunking port interface using the switchport mode access interface subcommand. 3. Assign the port to an unused VLAN using the switchport access vlan <number> interface subcommand. |
|
What is VTP?
|
VLAN Trunking Protocol (VTP)
|
|
To show the mac address table on a switch type:
|
"show mac-address-table" on user exec mode.
|
|
How do broadcasts affect switches? What's the solution?
|
Broadcast are a killer on switches. Broadcast storms are when there are too many broadcast on a switch. To combat this segment your network into a smaller one or place ports on VLANs (Virtual local area network).
|
|
To put ports on VLANs type the following command:
|
"switchport vlan <vlan name>" on interface config mode.
|
|
Hosts that are on VLANS are treated as a separate network and CANNOT COMMUNICATE WITH OTHER HOST. You must use a ____ to do so.
|
router
|
|
"S1(config-if)#switchport port-security violation <option>" will specify what?
|
What to do when a non-secure mac address is detected.
|
|
There are three ways (options) to handle an non-secure mac address:
|
1) Shutdown- The frame will be dropped and will be reported to the log. The port will also be shut down.
2) Protect- The frame will be dropped and reported to the log. 3) Restrict- The frame will be dropped. |
|
"S1(config-if)#switchport port-security mac-address sticky" command lets the switch:
|
retain the first mac address that is received.
|
|
"S1>show port-security interface <int>" shows you:
|
port security of a particular interface.
|
|
Note: If you type _______ and it shows you an "err-disable" message the LED of the port will go off and you have to manually bring it back up with the "no shutdown" command on interface config mode.
|
show port-security interface <int>
|
|
"S1(config-if)#switchport port-security maximum <#>" allows you to
|
allows you to set the maximum number of mac address can be accepted.
|
|
*** In-order to remote log-in into a switch you must define a default gateway on the switch with the ___________ command. ***
|
"S1(config)#ip default-gateway <ip>"
|
|
** On a switch interface VLAN 1 is considered the _______ interface **
|
management interface
|
|
** If you see an amber light on a switch that means that ______ *
|
the P.O.S.T failed
|
