Home > Switch Questions 2

Switch Questions 2

November 21st, 2019 Go to comments

Question 1

Question 2

Explanation

MAC addresses are aged out of the MAC table after 300 seconds by default, not 600 seconds -> B is not correct.

The address table lists the destination MAC address, the associated VLAN ID, and port number associated with the address and the type (static or dynamic) -> C is correct.

When unicast MAC address filtering is enabled, the switch drops packets with specific source or destination MAC addresses. This feature is disabled by default and only supports unicast static addresses -> D is not correct.

Question 3

Explanation

By default, a switch floods packets with unknown destination MAC addresses to all ports. If unknown unicast and multicast traffic is forwarded to a switch port, there might be security issues. To prevent forwarding such traffic, you can configure a port to block unknown unicast or multicast packets.

Use the command “switchport block unicast” to block unknown unicast forwarding to the port.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/uniflood.html

Note: Block unknown unicast flooding is good to block traffic to the “silent” hosts in the network. As soon as the “silent” hosts send traffic on the network, the switch learns the MAC address of these hosts and these hosts can start receiving frames normally.

Question 4

Explanation

By default, MAC address learning is enabled on all interfaces and VLANs on the router. You can control MAC address learning on an interface or VLAN to manage the available MAC address table space by controlling which interfaces or VLANs can learn MAC addresses.

Reference: https://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_011101.html

Question 5

Question 6

Explanation

When unicast MAC address filtering is enabled, the switch drops packets with specific source or destination MAC addresses. This feature is disabled by default and only supports unicast static addresses.

Question 7

Question 8

Explanation

In this question all “broadcast”, “unicast” and “muticast” storm seem to be correct but we choose “unicast” according to this paragraph:

“A traffic storm occurs when huge amount of broadcast, multicast, or unknown unicast packets flood the LAN, creating excessive traffic and degrading network performance”. Therefore “unicast” is the best answer here.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/asr_901/Configuration/Guide/b_asr901-scg/b_asr901-scg_chapter_0101001.pdf

Question 9

Explanation

When unicast MAC address filtering is enabled, the switch drops packets with specific source or destination MAC addresses.

This example shows how to enable unicast MAC address filtering and to configure the switch to drop packets that have a source or destination address of c2f3.220a.12f4. When a packet is received in VLAN 4 with this MAC address as its source or destination, the packet is dropped:
Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 drop

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_58_se/configuration/guide/2960scg/swadmin.html

Comments
  1. Q5
    January 28th, 2020

    Question 5 – B is correct

    An aging timer triggers removal of addresses from the table when they remain inactive for the default time of 300 secs. The aging timer can be configured on a global basis but not per VLAN.

    https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_5_1/layer_2_switching/configuration/guide/n1000v_l2/n1000v_l2_2mac.html

  2. MC
    January 29th, 2020

    D. They can be configured on multiple interfaces in the same VLAN.
    It seems you can configure it but switch forward frames only to the first interface.
    Tested on Gns3.
    So i’d check A&C

  3. Q5 is wrong
    February 9th, 2020

    Source:
    https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000sw/4_2_1_s_v_1_5_1/layer_2_switching/configuration/guide/n1000v_l2/n1000v_l2_2mac.html

    Quote:
    “static MAC addresses override any dynamically learned MAC addresses on those interfaces.”

  4. Suntzu
    February 21st, 2020

    Vlan Mac Address Type Ports
    —- ———– ——– —–
    500 1111.1111.1111 STATIC Gi2/2

    Total Mac Addresses for this criterion: 1

    Switch(config)#do sho mac address-table ag
    Switch(config)#do sho mac address-table aging-time ?
    routed-mac rm aging
    vlan vlan keyword
    | Output modifiers

    Switch(config)#do sho mac address-table aging-time vlan 500
    Global Aging Time: 300
    Vlan Aging Time
    —- ———-
    500 300

    Switch(config)#do sho mac address-table aging-time
    Global Aging Time: 300
    Vlan Aging Time
    —- ———-
    Switch(config)#

    From GNS3 with image IOSvL2.15 – I did not set the aging time. It was auto-set default to 300 seconds.

  5. Suntzu
    February 21st, 2020

    Vlan Mac Address Type Ports
    —- ———– ——– —–
    500 1111.1111.1111 STATIC Gi2/2 Gi2/3
    Total Mac Addresses for this criterion: 1

    mac address-table static 1111.1111.1111 vlan 500 interface GigabitEthernet2/3 GigabitEthernet2/2

    Same MAC and two different interfaces in SAME vlan

    From my GNS3 tests, B C and D are correct.

    If A said “You do not configure an aging time” then A would be correct.
    I think it is saying that You don’t have to configure a default aging time “They are configured without an again time” is correct – you don’t type in an aging time but they are defaulted to 300 seconds

  1. No trackbacks yet.