TestKing''''s Building Cisco Multilayer Switched Networks
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (854.33 KB, 128 trang )
642-811 (BCMSN®)
TestKing's Building Cisco® Multilayer Switched Networks
Version 6.0
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 2 -
Important Note
Please Read Carefully
Study Tips
This product will provide you questions and answers along with detailed explanations carefully compiled and
written by our experts. Try to understand the concepts behind the questions instead of cramming the questions.
Go through the entire document at least twice so that you make sure that you are not missing anything.
Further Material
For this test TestKing plans to provide:
* Study Guide. Concepts and labs.
* Interactive Test Engine Examinator. Check out an Examinator Demo at
Latest Version
We are constantly reviewing our products. New material is added and old material is revised. Free updates are
available for 90 days after the purchase. You should check your member zone at TestKing an update 3-4 days
before the scheduled exam date.
Here is the procedure to get the latest version:
1. Go to www.testking.com
2. Click on Member zone/Log in
3. The latest versions of all purchased products are downloadable from here. Just click the links.
For most updates, it is enough just to print the new questions at the end of the new version, not the whole
document.
Feedback
Feedback on specific questions should be send to You should state: Exam number and
version, question number, and login ID.
Our experts will answer your mail promptly.
Copyright
Each pdf file contains a unique serial number associated with your particular name and contact information for
security purposes. So if we find out that a particular pdf file is being distributed by you, TestKing reserves the
right to take legal action against you according to the International Copyright Laws.
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 3 -
Note:
Section A contains 69 questions.
Section B contains 180 questions.
The total number of questions is 249.
Each section starts with QUESTION NO :1. There are no missing questions.
Section A
QUESTION NO: 1
You are a technician at TestKing. Your newly appointed TestKing trainee wants you to describe the
concept ‘NetFlow traffic flow’ to her.
What would your reply be?
A. It is a sequence of packets between a particular source and destination.
B. It is a uni-directional sequence of packets between a particular source and destination.
C. It is a bi-directional sequence of packets between a particular source and destination.
D. It is a multi-directional sequence of packets between a particular source and destination.
Answer: A
Explanation:
A NetFlow export-enabled device is one that has been configured to operate with Cisco IOS NetFlow Services
software (see Appendix A) in a way that enables the device to export information about traffic flows between
communicating end nodes in a network.
For NetFlow data export, traffic flows in a network have the following attributes in common:
• Source and destination autonomous system (AS) numbers
• Source and destination IP addresses
• Source and destination application port numbers
• Input interfaces
• IP type of services (ToS)
• IP protocol
Reference:
/>0774.html
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 4 -
QUESTION NO: 2
You are a technician at TestKing. You inform your newly appointed TestKing trainee that Cisco’s
Architecture for Voice, Video and Integrated Data (AVVID) addresses a number of concerns when it
comes to network deployment. Your trainee now wants to know what represents intelligent network
services in Cisco’s AVVID?
What would your reply be? (Choose all that apply.)
A. Quality of Service (QoS)
B. Intelligent platforms
C. Mobility and scalability
D. Security
E. High availability
Answer: A, C, D, E
Explanation:
By creating a robust foundation of basic connectivity and protocol implementation, Cisco AVVID Network
Infrastructure addresses five primary concerns of network deployment:
• High availability
• Quality of service (QoS)
• Security
• Mobility and
• Scalability
Reference:
/>6a008009d678.html
QUESTION NO: 3
You are a technician at TestKing. You inform your newly appointed TestKing trainee that some Cisco
switches perform processing such as Access Control List (ACL) in hardware. Your trainee now wants to
know what action will take place if the hardware reaches its maximum storage capacity of ACLs
What would your reply be? (Choose all that apply.)
A. Packets are dropped.
B. Packet filtering will be accomplished.
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 5 -
C. Performance is increased.
D. Performance is decreased.
Answer: B D
Explanation:
Determining if the ACL Configuration Fits in Hardware
As previously stated, ACL processing in the Catalyst 3550 switch is mostly accomplished in hardware.
However, if the hardware reaches its capacity to store ACL configurations, the switch software attempts to fit a
simpler configuration into the hardware. This simpler configuration does not do all the filtering that has been
configured, but instead sends some or all packets to the CPU to be filtered by software. In this way, all
configured filtering will be accomplished, but performance is greatly decreased when the filtering is done
in software.
Reference:
/>e701.html
QUESTION NO: 4
Which of the following captures the speed of switching and scalability of routing?
A. Layer 3 switching
B. Fast switching
C. Layer 2 routing
D. Process routing
Answer: A
Explanation:
Layer 3 switching is hardware-based routing. In particular, packet forwarding is handled by specialized
hardware ASICs. A layer 3 switch does everything to a packet that a traditional router does.
Reference: Building Cisco Multilayer Switched Networks (Ciscopress) page 18
QUESTION NO: 5
Drag and drop the type of flow mask used with Multiplayer Switching (MLS) in the options column to
the statement that defines its character in the target column.
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 6 -
Answer:
Destination-IP - Used when no access list are configured
Source- Destination –IP - Used when standard access list is configured
IP-Flow - Used when extended access list is configured
Explanation:
Flow Mask
• Destination-IP – This mode is used if no access list are configured on any of the MLS router interfaces.
• Source- Destination –IP - This mode is used if there is a standard access list on any of the MLS
interfaces.
• IP-Flow - This mode is used if there is an extended access list on any MLS interfaces.
Reference: Building Cisco Multilayer Switched Networks (Ciscopress) page 234-235
QUESTION NO: 6
Which of the following features of VLAN maps do not contain a match clause?
A. Implicit deny feature at end of list.
B. Implicit deny feature at start of list.
C. Implicit forward feature at end of list
D. Implicit forward feature at start of list.
Answer: A
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 7 -
Explanation:
Each VLAN access map can consist of one or more map sequences, each sequence with a match clause and an
action clause. The match clause specifies IP, IPX, or MAC ACLs for traffic filtering and the action clause
specifies the action to be taken when a match occurs. When a flow matches a permit ACL entry the associated
action is taken and the flow is not checked against the remaining sequences. When a flow matches a deny ACL
entry, it will be checked against the next ACL in the same sequence or the next sequence. If a flow does not
match any ACL entry and at least one ACL is configured for that packet type, the packet is denied.
Reference:
/>f4d4.html
QUESTION NO: 7
In which states is the Spanning Tree protocol (STP) affected by the forward delay parameter? (Choose
all that apply.)
A. Forwarding
B. Listening
C. Blocking
D. Disabled
E. Learning
Answer: B, E
Explanation:
Listen – The switch listens for a period of time called the fwd delay (forward delay)
Learn – The switch learns for a period of time called the fwd delay (forward delay)
Reference: Building Cisco Multilayer Switched Networks (Ciscopress) page 139
QUESTION NO: 8
When using the CGMP protocol, CGMP-enabled switches and routers exchange a certain type of
information. Which one of the following is exchanged?
A. Summarized IGMP information.
B. Multicast group to port assignments.
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 8 -
C. Multicast join and leave events.
D. CAM table changes.
Answer: C
Explanation:
CGMP is based on a client/server model. The router is considered a CGMP server, with the switch taking on the
client role. The basis of CGMP is that the IP multicast router sees all ICMP packets and therefore can inform
the switch when specific hosts join or leave multicast groups. The switch then uses this information to construct
a forwarding table.
Reference: Building Cisco Multilayer Switched Networks (Ciscopress) page 306
QUESTION NO: 9
Which three network features are necessary for high availability? (Choose all that apply.)
A. Spanning Tree Protocol (STP)
B. Delay reduction
C. Hot Standby Routing Protocol (HSRP)
D. Dynamic routing protocols
E. Quality of Service (QoS)
F. Jitter management
Answer: A C D
Explanation:
Because the importance of high availability networks is increasingly being recognized, many organizations are
beginning to make reliability/availability features a key selection criteria for network infrastructure products.
With this in mind, Cisco Systems engaged ZD Tag to observe and confirm the results of a series of tests
demonstrating the high availability features of Cisco Catalyst Layer 2/Layer 3 switches. In order to maximize
the relevance of the results, the demonstration was based on a model of a “real world” campus (in one of
Cisco’s Enterprise Solution Center labs in San Jose, California).
This switched internetwork consisted of wiring closet, wiring center, and backbone switches and conformed to
Cisco’s modular three-tier (Access/Distribution/Core) design philosophy. The testing demonstrated the
following high availability and resilience features of Catalyst switches:
• per-VLAN Spanning Tree (PVST) using Cisco’s InterSwitch Link (ISL) and 802.1Q VLAN
Trunking
• Cisco Spanning Tree Enhancements, including UplinkFast and PortFast
• Cisco Hot Standby Router Protocol (HSRP) and HSRP Track
• Cisco IOS per-destination load balancing over equal cost OSPF paths
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 9 -
• Cisco IOS fast convergence for OSPF
Reference:
QUESTION NO: 10
You are a technician at TestKing. Your newly appointed TestKing trainee wants to know why Dynamic
Trunking Protocol (DTP) mode is ‘desirable’.
What would your reply be?
A. The interface is put into permanent trunking mode but prevented from generating DTP frames.
B. The interface actively attempts to convert the link to a trunk link.
C. The interface is put into a passive mode, waiting to convert the link to a trunk link.
D. The interface is put into permanent trunking mode and negotiates to convert the link into a trunk link.
Answer: B
Explanation:
Desirable – makes the port actively attempt to convert the link to a trunk link.
Reference: Building Cisco Multilayer Switched Networks (Ciscopress) page 105
QUESTION NO: 11
You are the network administrator at TestKing. You want to enable VTP pruning on the entire TestKing
management domain.
What action should you take?
A. Enable VTP pruning on any client switch in the management domain.
B. Enable VTP pruning on any switch in the management domain.
C. Enable VTP pruning on every switch in the management domain.
D. Enable VTP pruning on a VTP server in the management domain.
E. Disable VTP pruning on a VTP server in the management domain.
Answer: D
Explanation:
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 10 -
Enabling VTP pruning on a VTP server allows pruning for the entire management domain. VTP pruning takes
effect several seconds after you enable it. By default, VLANs 2 through 1000 are pruning-eligible.
Reference: Building Cisco Multilayer Switched Networks (Ciscopress) page 117
QUESTION NO: 12
In which of the following states can HSRP routers on a LAN be in? (Choose all that apply.)
A. Standby
B. Idle
C. Init
D. Backup
E. Established
F. Active
Answer: A, C, F
Explanation:
Using HSRP, a set of routers works in concert to present the illusion of a single virtual router to the hosts on the
LAN. This set is known as an HSRP group or a standby group. A single router elected from the group is
responsible for forwarding the packets that hosts send to the virtual router. This router is known as the Active
router. Another router is elected as the Standby router. In the event that the Active router fails, the Standby
assumes the packet-forwarding duties of the Active router. Although an arbitrary number of routers may run
HSRP, only the Active router forwards the packets sent to the virtual router.
Reference:
QUESTION NO: 13
With regard to Layer 2 broadcast traffic, which of the following statements is valid?
A. Layer 2 broadcast traffic is blocked by Layer 3 devices.
B. A new packet is sent each time the client requests it.
C. Each frame uses a special address for which only interested clients listen.
D. It is the most efficient way to send data to a small group of clients.
E. Each packet is refreshed when requested.
Answer: A
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 11 -
Explanation:
LAN broadcasts do not cross routers (Layer 3 devices).
Reference: Building Cisco Multilayer Switched Networks (Ciscopress) page 17
QUESTION NO: 14
You are the network administrator at TestKing. The TestKing network contains a Cisco switch with a
redundant power supply. The two power supplies are of the same wattage. How is the total power
available for use by the switch when both of the power supplies are operating normally? (Choose all that
apply.)
A. Total power of one supply.
B. Total combined power of both supplies.
C. Total power is the sum of one-half of total power of both supplies.
D. Total power required is shared nearly equally by both supplies.
Answer: C D
Explanation:
Specifying the redundant keyword enables redundancy. In a redundant configuration, the total power drawn
from both supplies is at no time greater than the capability of one supply. If one supply malfunctions, the other
supply can take over the entire system load. When you install and turn on two power supplies, each
concurrently provides approximately half of the required power to the system. Load sharing and redundancy are
enabled automatically; no software configuration is required.
Reference:
/>e6f6.html
QUESTION NO: 15
You are a technician at TestKing. You inform your newly appointed TestKing trainee that IP routing
redundancy is susceptible to first-hop router failure. Your trainee now wants to know which protocols
have been developed to protect against first-hop router failure.
What would your reply be? (Choose all that apply.)
A. HSRP
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 12 -
B. VRRP
C. ICMP
D. GLBP
E. MSTP
F. IRDP
Answer: A B D F
D:
GLBP is not used for redundancy.
Not E:
MSTP (multiple spanning tree protocol) is not used for redundancy
QUESTION NO: 16
Which of the following routing protocols are dense-mode multicast routing protocols? (Choose all that
apply.)
A. PIM-SM
B. PIM-DM
C. MOSPF
D. OSPF
E. DVMRP
Answer: B C E
Explanation:
Dense mode routing protocols include the following:
• Distance Vector Multicast Routing Protocol (DVMRP)
• Multicast Open Shortest Path First (MOSPF)
• Protocol-Independent Multicast Dense Mode (PIM DM)
Reference: Building Cisco Multilayer Switched Networks (Ciscopress) page 313
QUESTION NO: 17
You are a technician at TestKing. You inform your newly appointed TestKing trainee that all devices at
all the layers in a hierarchical model should have basic security measures implemented. Your trainee now
wants to know what these basic security measures are.
What would your reply be? (Choose all that apply.)
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 13 -
A. Physical security.
B. Privilege levels.
C. Security surveillance.
D. Password protection.
E. Managed remote access.
F. Inventory audit.
Answer: A B D E
Explanation:
The policy to control access to network devices should be one of the first components of the access policy. All
devices at every layer of the campus network should have a plan to provide for the following:
• Physical security
• Passwords
• Privilege levels to allow limited access to a network device
• Limiting virtual terminal or telnet access
Reference: Building Cisco Multilayer Switched Networks (Ciscopress) page 368
QUESTION NO: 18
Which one of the following describes hardware-based PDU header rewriting and forwarding based on
specific information regarding one or more OSI layers?
A. Multiplayer switching
B. Cisco express routing
C. Multilayer switching
D. Multilayer routing
E. Router express forwarding
Answer: C
Explanation:
Multilayer Switching Switch Engine (MLS-SE) – The switching entity that handles the function of moving and
rewriting packets.
Reference: Building Cisco Multilayer Switched Networks (Ciscopress) page 219
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 14 -
QUESTION NO: 19
According to the IEEE 802.1s standard, what is the purpose of MST?
A. It is the spanning-tree implementation used by non-Cisco 892.1Q switches.
B. It runs a separate instance of STP for each VLAN.
C. It allows a VLAN bridge to use multiple spanning trees to prevent Layer 2 loops.
D. It creates a single loop-tree structure that spans the entire Layer 2 network.
Answer: C
Explanation:
IEEE 802.1s MST Overview
Releases 12.1(11b)EX and later releases support MST. MST in this release is based on the draft version of the
IEEE standard. 802.1s for MST is an amendment to 802.1Q. MST extends the IEEE 802.1w rapid spanning tree
(RST) algorithm to multiple spanning trees. This extension provides both rapid convergence and load balancing
in a VLAN environment. MST converges faster than PVST+. MST is backward compatible with 802.1D STP,
802.1w (rapid spanning tree protocol [RSTP]), and the Cisco PVST+ architecture.
MST allows you to build multiple spanning trees over trunks. You can group and associate VLANs to spanning
tree instances. Each instance can have a topology independent of other spanning tree instances. This new
architecture provides multiple forwarding paths for data traffic and enables load balancing. Network fault
tolerance is improved because a failure in one instance (forwarding path) does not affect other instances
(forwarding paths).
In large networks, you can more easily administer the network and use redundant paths by locating different
VLAN and spanning tree instance assignments in different parts of the network. A spanning tree instance can
exist only on bridges that have compatible VLAN instance assignments. You must configure a set of bridges
with the same MST configuration information, which allows them to participate in a specific set of spanning
tree instances. Interconnected bridges that have the same MST configuration are referred to as an MST region.
Reference:
/>e71a.html#1050594
QUESTION NO: 20
Which one of the following processes plays a major role in the creation of the CEF adjacency table?
A. Address Resolution Protocol (ARP)
B. NetFlow switching
C. PDU header rewrite
D. Hello packet exchange
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 15 -
Answer: A
Explanation:
The next step in processing a packet in a Layer 3 device is to determine the Payer 2 information needed to
switch the packet to the next hop. This Layer 2 information is generally contained in the ARP cache table. Cisco
Express Forwarding creates a adjacency table to prepend the layer 2 information.
Reference: Building Cisco Multilayer Switched Networks (Ciscopress) page 412
QUESTION NO: 21
Which of the statements below is a characteristic of a Switch Port Analyzer (SPAN) session?
A. Affects switching traffic on source ports.
B. Associates multiple source interfaces with a single destination interface.
C. Eliminates multiple copies of packets.
D. Associates a source interface with multiple destination interfaces.
Answer: A
Explanation:
SPAN Session
A SPAN session is an association of a destination port with a set of source ports; you configure SPAN sessions
using parameters that specify the type of network traffic to monitor. SPAN sessions allow you to monitor traffic
on one or more ports, or one or more VLANs, and send either ingress traffic, egress traffic, or both to one or
more destination ports. You can configure two separate SPAN sessions with separate or overlapping sets of
SPAN source ports or VLANs. Both switched and routed ports can be configured as SPAN sources.
SPAN sessions do not interfere with the normal operation of the switch. You can enable or disable SPAN
sessions with command-line interface (CLI) or SNMP commands.
Reference:
/>f4c4.html
QUESTION NO: 22
Drag-and-drop the technology term in the options column to the matching term in the target Area. Not
all options are used.
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 16 -
Answer:
LANE - ATM
ISL - Encapsulation frames
802.1Q - embedded VLAN tag
802.10 - Fiber links, FDDI
VLAN
VMPS
Explanation:
• LANE - LAN Emulation – An IEEE standard method for transporting VLANs over Asynchronous
Transfer Mode (ATM) networks.
• ISL – A Cisco Proprietary encapsulation protocol for interconnection multiple switches.
• 802.1Q – An IEEE standard method for identifying VLANs by inserting a VLAN indetifier into the
frame header. This process is called frame tagging.
• 802.10 – A Cisco Proprietary method of transporting VLAN information inside the standard 802.10
frame (Fiber Distributed Data Interface [FDDI]).
Reference: Building Cisco Multilayer Switched Networks (Ciscopress) page 99
QUESTION NO: 23
With regard to Virtual Router Redundancy Protocol (VRRP), which of the following statements best
describes VRRP?
A. A VRRP group has one active and one more standby virtual routers.
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 17 -
B. A VRRP group has one master and one more backup virtual routers.
C. A VRRP group has one active and one more standby virtual routers.
D. A VRRP group has one master and one redundant virtual router.
Answer: B
Explanation:
The Virtual Router Redundancy Protocol (VRRP) feature can solve the static configuration problem. VRRP
enables a group of routers to form a single virtual router. The LAN clients can then be configured with the
virtual router as their default gateway. The virtual router, representing a group of routers, is also known as a
VRRP group.
In a topology where multiple virtual routers are configured on a router interface, the interface can act as a
master for one virtual router and as a backup for one or more virtual routers.
Reference:
QUESTION NO: 24
Which port state is defined by IEEE 802.1w RSTP?
A. Listening, Learning, Forwarding, Blocking, Disabled
B. Learning, Forwarding, Discarding
C. Listening, Forwarding, Active, Blocking
D. Learning, Active, Block
Answer: B
Explanation:
There are only three port states left in RSTP, corresponding to the three possible operational states. The 802.1d
states disabled, blocking, and listening have been merged into a unique 802.1w discarding state.
Reference:
/>
QUESTION NO: 25
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 18 -
You are a technician at TestKing. You tell your assistant to enable a trunking protocol on a switch in the
TestKing network. The protocol must append a four byte CRC to the packet. Which command should
your assistant issue?
A. Switch(config-if)#switchport trunk encapsulation fddi
B. Switch(config-if)#switchport trunk encapsulation dot1q
C. Switch(config-if)#switchport trunk encapsulation itef
D. Switch(config-if)#switchport trunk encapsulation isl
Answer: D
Explanation:
ISL is made up of three major components: a header, the original Ethernet frame, and a frame check sequence
(FCS) at the end. With ISL, an Ethernet frame is encapsulated with a header that transports VLAN IDs between
switches and routers. The 26-byte header containing a 10-bit VLAN ID is added to each frame. In addition, a 4-
byte tail is added to the frame to perform a cyclic redundancy check (CRC). This CRC is in addition to any
frame checking that the Ethernet frame performs.
Reference: Building Cisco Multilayer Switched Networks (Ciscopress) page 99
QUESTION NO: 26
You are a technician at TestKing. Your newly appointed TestKing trainee wants to know what the
technology is called that manages multicast traffic at Layer 2 by means of configuring Layer 2 LAN
interfaces dynamically to forward multicast only to those interfaces that want to receive it?
A. IGMP
B. IGMP snooping
C. DVMRP
D. PIM-DM
E. OSPF
Answer: B
Explanation:
Understanding IGMP Snooping
In subnets where you have configured either IGMP (see "Configuring IP Multicast Layer 3 Switching") or the
IGMP querier (see the "Enabling the IGMP Querier" section), IGMP snooping manages multicast traffic at
Layer 2 by configuring Layer 2 LAN interfaces dynamically to forward multicast traffic only to those interfaces
that want to receive it.
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 19 -
Reference:
/>4ff2.html
QUESTION NO: 27
Which of the following statements regarding the Metro 802.1-in-Q model is true? (Choose all that apply.)
A. Customer traffic retains original VLAN tags.
B. Customer VLAN traffic is isolated from the service provide network’s VLAN traffic.
C. It can connect disparate customer networks (Frame Relay, Ethernet, ATM, etc).
D. Quality of service can be easily implemented using the Customer’s ToS and CoS.
E. It provides efficient Layer 3 access.
F. It has limited scalability in a service provider WAN.
Answer: C E F
Explanation:
VLANs Based on Q-in-Q
The issue of Layer 2 Ethernet transparency has resulted in the evolution of the 802.1Q standard to a new
control-plane model, sometimes referred to as Q-in-Q. The concept of Q-in-Q is quite simple: In order to enable
the metro Ethernet access service provider to provide a service that is completely transparent to the Layer 2
VLAN configuration of the end user, when the service provider's edge device receives an Ethernet frame from
the end user, a second-level 802.1Q tag is placed in the Ethernet frame immediately preceding the 802.1Q tag
that has been inserted by the end user's network. The service-provider network then uses this "outer" 802.1Q tag
as the control-plane information as the end user's Ethernet frame transits the service-provider network, and then
removes this "outer" tag as the end-user Ethernet frame exits the service-provider network. Although several
Ethernet switch vendors offer their own versions of the Q-in-Q control plane, none of these versions is
interoperable with other vendors' versions, so the Q-in-Q model remains a strictly proprietary control-plane
architecture. It should be noted that in almost every respect other than transparency, the control-plane
architecture of Q-in-Q is essentially the same as the 802.1Q VLAN control plane.
• Cost-effectiveness—See the previous comments from the 802.1Q VLAN control-plane discussion.
• Service level—The service-level characteristics of the Q-in-Q control-plane architecture are similar to those of
802.1Q. As with 802.1Q, the larger the network that uses the Q-in-Q control plane, the more difficult it
becomes to guarantee any kind of service-level guarantee. Another relevant concern is whether the Layer 2
Ethernet class-of-service (CoS) bits normally associated with 802.1P standardized Ethernet switches are or
are not supported in each vendor's proprietary implementation of Q-in-Q. At the point of access, it will be
necessary for the service-provider access device to apply a preprovisioned CoS value to the second-level Q-
tag.
• Point-to-point versus multipoint—See the previous comments from the 802.1Q VLAN control-plane
discussion.
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 20 -
• Transparency—As previously explained, the primary reason for the Q-in-Q control-plane architecture is to
support complete Layer 2 Ethernet transparency to the end users' Ethernet network. Q-in-Q is specifically
designed with the intent of supporting transparency for end users' VLAN configurations. At this point, the Q-
in-Q features supported by most vendors do not support the ability to assign each end-user Ethernet frame to a
different Q-in-Q domain, depending on the value of the 802.1Q tag associated with that frame. Future
implementations of Q-in-Q may support such functionality, but it will require a more complex provisioning
capability by the service provider in order to support such functionality.
• Scalability—Q-in-Q has significant limitations on its scalability that are essentially identical to the limitations
on scalability for the 802.1Q VLAN control plane, as previously discussed.
• Interoperability—If anything, a metro service based on a Q-in-Q control plane is less interoperable than that
of the 802.1Q control plane, which, as described above, has limited interoperability. The primary reason for
the poor interoperability for a Q-in-Q network is the fact that it is an entirely proprietary, vendor-specific,
control plane. As with 802.1Q, efforts are under way to develop a hybrid control plane between Q-in-Q and
EoMPLS (see the following section).
Layer 3 Control Plane Supporting Layer 2 Services
Although many service providers are migrating to Layer 3-based core networks to take advantage of the
scalability of the Layer 3 control plane (as provided by either IP- or MPLS-based network technologies), they
will continue to support a significant base of users who want only Layer 2 services. For that reason, the metro
Ethernet access services must be able to support Layer 2 service definitions and technologies. Figure 2 provides
a sample network topology of this type of control-plane architecture.
This section reviews the control-plane architectures that are being considered for the deployment of Layer 2
metro Ethernet access services based on Layer 3 control-plane architectures.
Reference:
/>a11a2.shtml
QUESTION NO: 28
Which of the password types illustrated below requires encryption with the service password-encryption
command that will prevent transmission in clear text? (Choose all that apply.)
A. Enable password
B. User password
C. Secret password
D. Privilege password
E. Line password
Answer: B D E
Explanation:
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 21 -
• To set a local password to control access to various privilege levels, use the enable password command in
global configuration mode. Use the no form of this command to remove the password requirement.
• To set the privilege level for a command, use the privilege level (global) command in configuration mode.
Use the no form of this command to revert to default privileges for a given command.
• To set the default privilege level for a line, use the privilege level (line) command in line configuration mode.
Use the no form of this command to restore the default user privilege level to the line.
Reference:
/>880b0.html#xtocid116918
QUESTION NO: 29
IEEE 802.1Q is specified as the encapsulation method for a trunked port on a Cisco IOS switch by which
of the following commands? (Select the appropriate option)
A. Switch(config-if)#switchport trunk encapsulation dot1q
B. Switch(config-if)#switchport encapsulation dot1q
C. Switch(config-if)#switchport trunk encapsulation isl
D. Switch(config)#switchport 0/1 trunk encapsulation isl
Answer: A
Explanation:
Ethernet Trunk Encapsulation Types:
• switchport trunk encapsulation isl - Specifies ISL encapsulation on the trunk link.
• switchport trunk encapsulation dot1q - Specifies 802.1Q encapsulation on the trunk link.
• switchport trunk encapsulation negotiate - Specifies that the interface negotiate with the neighboring
interface to become an ISL (preferred) or 802.1Q trunk, depending on the configuration and capabilities
of the neighboring interface.
The trunking mode, the trunk encapsulation type, and the hardware capabilities of the two connected interfaces
determine whether a link becomes an ISL or 802.1Q trunk.
Reference:
/>f659.html
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 22 -
QUESTION NO: 30
TestKing.com has just purchased a new Catalyst 2950 layer switch for their parts department. The
switch needs to have the passwords to secure access to the device's privileged EXEC mode, the five VTY
sessions and to the console. All passwords will need to be encrypted so that they are unable to be read
when viewing the configuration. The switch also requires that only the management VLAN (VLAN1)
have access to the switch via Telnet. The management VLAN1 has already been configured.
Management VLAN IP address: 192.168.54.12/24
The passwords to be set are listed below.
Console: testking
Privilege EXEC: test33
VTY sessions: king66
To configure the switch click on the host icon that is connected to a switch by a serial console cable.
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 23 -
Answer:
Switch(config)#enable password test33
(setting an unencrypted privilege password)
Switch(config)#lline console 0
(going into line console configuration mode)
Switch(config-line)#login
(enabling login)
Switch(config-line)#password testking
(setting console password)
Switch(config-line)#line vty 0 4
(going into telnet line configuration for 5 lines)
Switch(config-line)#login
(enabling login)
Switch(config-line)#password king66
(setting telnet password)
Switch(config-line)#exit
(exiting line configuration mode)
Switch(config)#service password-encryption
(encrypting all passwords so far set)
Switch(config)access-list 1 permit 192.168.54.0 0.0.0.255
(Creating access list to permit
users in the management vlan. Remember the implicit deny
at the end of every access list will deny any other traffic
since the above permit statement allows only the
management vlan.
Switch(config)#line vty 0 4
(going into telnet line configuration mode to enable the
access list we have created with the command "access-
class")
Switch(config-line)#access-class 1 in
(enabling the access list as an inbound access list)
Switch(config-line)#^Z
(exiting line config mode)
Switch#copy run start
(saving your configuration)
QUESTION NO: 31
You are the network administrator at TestKing. You apply the following VLAN access map
configuration on a switch in the TestKing network:
Router(config)#vlan access-map thor 10
Router(config-access-map)#match ip address net_10
Router(config-access-map)#action forward
Router(config)#vlan filter thor vlan-list 12-15
What will the effect of this configuration be?
A. All VLAN 12 through 16 IP traffic matching net_10 is forwarded and all other IP packets are dropped.
B. IP traffic matching net_10 is dropped an all other IP packets are forwarded to VLANs 12 through 16.
C. IP traffic matching vlan-list 12-16 is forwarded on all other IP packets are dropped.
D. All VLAN 12 through 16 IP traffic is forwarded, other VLAN IP traffic matching net_10 is dropped.
Answer: A
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 24 -
Explanation:
•
vlan access-map thor 10 Defines the VLAN access map. Optionally, you can specify the VLAN access map
sequence number.
•
match ip address net_10 Configures the match clause in a VLAN access map sequence.
•
action forward Configures the action clause in a VLAN access map sequence.
•
vlan filter thor vlan-list 12-15 Applies the VLAN access map to the specified VLANs.
VLAN access maps
can be applied to VLANs.
•
Each VLAN access map can consist of one or more map sequences, each sequence with a match clause and an
action clause. The match clause specifies IP, IPX, or MAC ACLs for traffic filtering and the action clause
specifies the action to be taken when a match occurs. When a flow matches a permit ACL entry, the associated
action is taken and the flow is not checked against the remaining sequences. When a flow matches a deny ACL
entry, it will be checked against the next ACL in the same sequence or the next sequence. If a flow does not
match any ACL entry and at least one ACL is configured for that packet type, the packet is denied.
To use access-control for both bridged and routed traffic, you can use VACLs alone or a combination of
VACLs and ACLs. You can define ACLs on the VLAN interfaces to use access-control for both the input and
output routed traffic. You can define a VACL to use access-control for the bridged traffic.
Reference:
/>13d.html
QUESTION NO: 32
Which commands would you issue to check whether routing is enabled in troubleshooting InterVLAN
routing on a Cisco IOS-based switch?
A. Switch(config)#ip routing
B. Switch#show ip routing
C. Switch(config)#routing
D. Switch#show routing
Answer: B
Explanation:
Use the show ip route command in EXEC mode to display the current state of the routing table.
Reference: page
/>
642 - 811
Leading the way in IT testing and certification tools, www.testking.com
- 25 -
QUESTION NO: 33
You are the network administrator at TestKing. You need to configure Hot Standby Routing Protocol
(HSRP). Which tasks will allow you to successfully configure HSRP? (Choose all that apply.)
A. Enable HSRP
B. Define the IP address.
C. Define the standby route.
D. Enable the standby mode.
E. Define the encapsulation type.
Answer: B C D
Explanation:
Configuring HSRP
• Configuring an interface to participate in an HSRP standby group
• Assigning HSRP standby priority
• Configuring HSRP standby pre-empt
• Configuring HSRP over trunk links
• Configuring hello message timers
• HSRP interface tracking
• Displaying the status of HSRP
Reference: Building Cisco Multilayer Switched Networks (Ciscopress) page 272
QUESTION NO: 34
Which one of the methods below, in Layer 3 switching, uses a forwarding information base (FIB)?
A. Route caching
B. Demand-based switching
C. Flow-based switching
D. Topology-based switching
Answer: A
Explanation:
