Cisco Actualtests 642-813 Exam Bundle · 2019-11-30 · VLANs and broadcast domains converge at the distribution layer, requiring routing, filtering, and security. The switches at

Cisco Actualtests 642-813 Exam Bundle

Number: 642-813Passing Score: 800Time Limit: 120 minFile Version: 22.4

http://www.gratisexam.com/

Cisco 642-813 Exam Bundle

Exam Name: Cisco implementing cisco switched networks

For Full Set of Questions please visit: http://www.actualtests.com/exam-642-813.htm

Actualtests

QUESTION 1Company uses layer 3 switches in the Core of their network. Which method of Layer 3 switching uses aforwarding information base (FIB)?

A. Topology-based switchingB. Demand-based switchingC. Route cachingD. Flow-based switchingE. None of the other alternatives apply

Correct Answer: ASection: (none)Explanation

Explanation/Reference:Explanation:The Layer 3 engine (essentially a router) maintains routing information, whether from static routes or dynamicrouting protocols. Basically, the routing table is reformatted into an ordered list with the most specific route first,for each IP destination subnet in the table. The new format is called a Forwarding Information Base (FIB) andcontains routing or forwarding information that the network prefix can reference.In other words, a route to 10.1.0.0/16 might be contained in the FIB, along with routes to 10.1.1.0/24 and10.1.1.128/25, if those exist. Notice that these examples are increasingly more specific subnets. In the FIB,these would be ordered with the most specific, or longest match, first, followed by less specific subnets. Whenthe switch receives a packet, it can easily examine the destination address and find the longest match entry inthe FIB. The FIB also contains the next- hop address for each entry. When a longest match entry is found in theFIB, the Layer 3 next-hop address is found, too.

QUESTION 2ActualTests.comYou need to design the VLAN scheme for the Company network. Which two statements are true about bestpractices in VLAN design? (Select two)

A. Routing should occur at the access layer ifvoice VLANs are utilized. Otherwise, routing should occur at thedistribution layer.

B. Routing should always be performed at the distribution layer.C. VLANs should be localized to a switch.D. VLANs should be localized to a single switch unlessvoice VLANs are being utilized.E. Routing should not be performed between VLANs located on separate switches.

Correct Answer: BCSection: (none)Explanation

Explanation/Reference:Explanation:In the distribution layer, uplinks from all access layer devices are aggregated, or come together. The distributionlayer switches must be capable of processing the total volume of traffic from all

"Pass Any Exam. Any Time." - www.actualtests.com 2www.CareerCert.info

Cisco 642-813: Practice Exam

the connected devices. These switches should have a port density of high-speed links to support the collectionof access layer switches.

VLANs and broadcast domains converge at the distribution layer, requiring routing, filtering, and security. Theswitches at this layer must be capable of performing multilayer switching with high throughput. Only certainCatalyst switch models can provide multilayer switching; be sure to understand which ones can do this.

A switched environment offers the technology to overcome flat network limitations. Switched networks can besubdivided into VLANs. By definition, a VLAN is a single broadcast domain. All devices connected to the VLANreceive broadcasts from other VLAN members. However, devices connected to a different VLAN will notreceive those same broadcasts. (Naturally, VLAN members also receive unicast packets directed toward themfrom other VLAN members.)

A VLAN consists of defined members communicating as a logical network segment. In contrast, a physicalsegment consists of devices that must be connected to a physical cable segment. A VLAN can have connectedmembers located anywhere in the campus network, as long as VLAN connectivity is provided between allmembers. Layer 2 switches are configured with a VLAN mapping and provide the logical connectivity betweenthe VLAN members.

QUESTION 3If you needed to transport traffic coming from multiple VLANs (connected between switches), and your CTOwas insistent on using an open standard, which protocol would you use?

A. 802.11BB. spanning-treeC. 802.1Q


D. ISLE. VTPF. Q.921

ActualTests.com

Correct Answer: CSection: (none)Explanation

Explanation/Reference:Explanation:The act involved in the above question is trunking. The two trunking protocols in the answer choices are:802.1Q and ISL. ISL is Cisco proprietary and IEEE 802.1Q is based on an open standard. When non-Ciscoswitches are used along with Cisco switches and trunking is required, it is best to use the 802.1Qencapsulation.Incorrect Answers:A: This standard is used in wireless networking and has nothing to do with VLAN switching.B: The Spanning Tree Protocol (STP) is used to prevent loops within a bridged network. Each VLAN runs aseparate instance of the STP and this is enabled by default.D: This is the alternative Cisco proprietary method of trunking.E: VLAN Trunking Protocol (VTP) is a Layer 2 messaging protocol that manages the addition,



deletion, and renaming of VLANs on a network-wide basis. It is not used to actually transport VLAN traffic.F: This is an ISDN signaling standard and is not related with VLAN switching.

QUESTION 4Under what circumstances should an administrator prefer local VLANs over end-to-end VLANs?

A. Eighty percent of traffic on the network is destined for Internet sites.B. There are common sets of traffic filtering requirements for workgroups located in multiple buildings.C. Eighty percent of a workgroup's traffic is to the workgroup's own local server.D. Users are grouped into VLANs independent of physical location.E. None of the other alternatives apply


Explanation/Reference:Explanation:This geographic location can be as large as an entire building or as small as a single switch inside a wiringcloset. In a geographic VLAN structure, it is typical to find 80 percent of the traffic remote to the user (serverfarms and so on) and 20 percent of the traffic local to the user (local server, printers, and so on).Reference: Building Cisco Multilayer Switched Networks (Cisco Press) page 93

QUESTION 5Which of the following statements is true about the 80/20 rule (Select all that apply)?

A. 20 percent of the traffic on a network segment should be localB. no more than 20 percent of the network traffic should be able to move across a backbone.C. no more than 80 percent of the network traffic should be able to move across a backbone.D. 80 percent of the traffic on a network segment should be local

Correct Answer: BDSection: (none)Explanation

Explanation/Reference:Explanation:The 80/20 rule in network design originated from the idea that most of the traffic should remain local to theLAN, since bandwidth is plentiful compared to WAN links, and a great deal of broadcast traffic that is evident atthe LAN is not passed over the backbone. Note: With the availability of inexpensive bandwidth and centralizeddata centers, this rule appears to have become obsolete. In fact, most networks have taken on the 20/80 rules,as opposed to the legacy 80/20 rule.


QUESTION 6The Company LAN is becoming saturated with broadcasts and multicast traffic. What could you do to help anetwork with many multicasts and broadcasts?

A. Creating smaller broadcast domains by implementing VLANs.

B. Separate nodes into different hubs.C. Creating larger broadcast domains by implementing VLANs.

ActualTests.comD. Separate nodes into different switches.E. All of the above.


Explanation/Reference:Explanation:Controlling broadcast propagation throughout the network is important to reduce the amount of overheadassociated with these frames. Routers, which operate at Layer 3 of the OSI model, provide broadcast domainsegmentation for each interface. Switches can also provide broadcast domain segmentation using virtual LANs(VLANs). A VLAN is a group of switch ports, within a single or multiple switches, that is defined by the switchhardware and/or software as a single broadcast domain. A VLANs goal is to group devices connected to aswitch into logical broadcast domains to control the effect that broadcasts have on other connected devices. AVLAN can be characterized as a logical network."Pass Any Exam. Any Time." - www.actualtests.com 7www.CareerCert.info


Reference: Building Cisco Multilayer Switched Networks (Cisco Press) page 8

Section 2: Create a VLAN based implementation plan (3 Questions)

QUESTION 7The Company LAN switches are being configured to support the use of Dynamic VLANs. What should beconsidered when implementing a dynamic VLAN solution? (Select two)

A. Each switch port is assigned to a specific VLAN.B. Dynamic VLANs require a VLAN Membership Policy Server.C. Devices are in the same VLAN regardless of which port they attach to.D. Dynamic VLAN assignments are made through the command line interface.


Explanation/Reference:Explanation:



With VLAN Membership Policy Server (VMPS), you can assign switch ports to VLANs dynamically, based onthe source Media Access Control (MAC) address of the device connected to the port. When you move a hostfrom a port on one switch in the network to a port on another switch in the network, the switch assigns the newport to the proper VLAN for that host dynamically.Note: There are two types of VLAN port configurations: static and dynamic.Incorrect Answers:A: In a static VLAN, the administrator assigns switch ports to the VLAN, and the association does not changeuntil the administrator changes the port assignment. However, this is not the case of dynamic VLANs.D: The Command Line Interface is not used for dynamic VLAN assignments.Reference: Cisco Online,

Configuring Dynamic Port VLAN Membership with VMPS

QUESTION 8In the three-layer hierarchical network design model; what's associated with the access layer? (Select two)

A. optimized transport structureB. high port densityC. boundary definitionD. data encryptionE. local VLANsF. route summaries

Correct Answer: BESection: (none)Explanation

Explanation/Reference:Explanation:The access layer is the outermost layer, and it is composed of the least sophisticated network ActualTests.comequipment. The most important function of the access layer is high port density, since these devices connectthe individual end users. The access layers are also where VLANs are implemented, since VLANs are assignedon a per-port basis.

Section 3: Create a VLAN based verification plan (5 Questions)

QUESTION 9The VLANs in switch R1 are being modified. Which of the following are updated in R1 every time a VLAN ismodified? (Select all that apply)


A. Configuration revision numberActualTests.com

B. Configuration revision flag fieldC. Configuration revision reset switchD. Configuration revision databaseE. None of the other alternatives apply.

Correct Answer: ADSection: (none)Explanation

Explanation/Reference:Explanation:For accountability reasons, every time a VLAN is modified the revision number changes, as does theinformation in the configuration revision database (as that is where the VLAN information is stored).Incorrect Answers:B: The configuration revision flag field, and the configuration revision reset switch don't exist in this context.

"Pass Any Exam. Any Time." - www.actualtests.com 10

www.CareerCert.info


C: The configuration revision flag field, and the configuration revision reset switch don't exist in this context.

QUESTION 10Given the above partial configuration, which two statements are true about VLAN traffic? (Choose two.)

A. VLANs 1-5 will use fa0/10 as a backup only.B. VLANs 6-10 will use fa0/10 as a backup only.C. VLANs 1-5 will be blocked if fa0/10 goes down.D. VLANs 1-10 are configured to load share between fa0/10 and fa0/12.

ActualTests.comE. VLANs 6-10 have a port priority of 128 on fa0/10.


Explanation/Reference:Explanation:Spanning-Tree Protocol (STP) is a Layer 2 protocol that utilizes a special-purpose algorithm to discoverphysical loops in a network and effect a logical loop-free topology. STP creates a loop- free tree structureconsisting of leaves and branches that span the entire Layer 2 network. The actual mechanics of how bridgescommunicate and how the STP algorithm works will be discussed at length in the following topics. Note that theterms bridge and switch are used interchangeably when discussing STP. In addition, unless otherwiseindicated, connections between switches are assumed to be trunks.

Load sharing can be accomplished using a couple of methods. The most common method of load



sharing is through root bridge placement on a per-VLAN basis. This will distribute traffic for separate VLANs

across separate paths to different root bridges. A separate method divides the bandwidth supplied by paralleltrunks connecting switches. To avoid loops, STP normally blocks all but one parallel link between switches.Using load sharing, traffic can be divided between the links according to which VLAN the traffic belongs.

Load sharing can be configured on trunk ports by using STP port priorities or STP path costs. For load sharingusing STP port priorities, both load-sharing links must be connected to the same switch. For load sharing usingSTP path costs, each load-sharing link can be connected to the same switch or to two different switches.

Load Sharing Using STP Port PrioritiesWhen two ports on the same switch form a loop, the STP port priority setting determines which port is enabledand which port is in a blocking state. The priorities on a parallel trunk port can be set so that the port carries allthe traffic for a given VLAN. The trunk port with the higher priority (lower values) for a VLAN is forwarding trafficfor that VLAN. The trunk port with the lower priority (higher values) for the same VLAN remains in a Blockingstate for that VLAN. One trunk port sends or receives all traffic for the VLAN.

QUESTION 11What is a characteristic of assigning a static VLAN membership?

A. VMPS server lookup is requiredB. Easy to configureC. Easy of adds, moves, and changesD. Based on MAC address of the connected device

Correct Answer: BSection: (none)Explanation

Explanation/Reference:ActualTests.comExplanation:Static port VLAN membership on the switch is assigned manually by the administrator on a port- by-port basis.Characteristics of static VLAN configurations include the following:1. Secure2. Easy to configure3. Straight forward to monitor4. Works well in networks where moves, adds , and changes are rare.Incorrect Answers:A: VMPS server lookups are a function of dynamic VLANs and are not used with statically assigned VLANs.C: Moves, adds, and changes, would require a network administrator to change the configuration



of the switch every time a change is required.D: This would describe a function of dynamic VLAN configurations, where the MAC address of the end userdetermines the VLAN that it belongs in, instead of the physical port.

QUESTION 12ActualTests.comTwo Company switches are connected via a trunk using VTP. Which VTP information does a Catalyst switchadvertise on its trunk ports when using VTP? (Select two)

A. STP root statusB. VTP modeC. Negotiation statusD. Management domain

E. Configuration revision number

Correct Answer: DESection: (none)Explanation

Explanation/Reference:Explanation:The role of the VLAN Trunking Protocol (VTP) is to maintain VLAN configuration consistency across the entirenetwork. VTP is a messaging protocol that uses Layer 2 trunk frames to manage "Pass Any Exam. Any Time." -www.actualtests.com 13www.CareerCert.info


the addition, deletion, and renaming of VLANs on a network-wide basis from a centralized switch that is in theVTP server mode. VTP is responsible for synchronizing VLAN information within a VTP domain. This reducesthe need to configure the same VLAN information on each switch. Using VTP, each Catalyst Family Switchadvertises the following on its trunk ports: Management domain Configuration revision number Known VLANsand their specific parameters

QUESTION 13You need to investigate a VTP problem between two Company switches. The lack of which two prevents VTPinformation from propagating between switches? (Select two)

A. A root VTP serverB. A trunk portC. VTP priorityD. VLAN 1E. None of the other alternatives apply


Explanation/Reference:Explanation:In Switch tow types of links are available, access and trunk. The interface is in access mode can carry theinformation of only one VLAN and trunk can carry the information of more than one VLAN. VTP carry theinformation of more than one vlan so Switch port should be in trunk mode. VLAN1 is the default VLAN on CiscoSwitch, by default all interface belongs to VLAN 1.

QUESTION 14R1 and R2 are switches that communicate via VTP. What is the default VTP advertisement ActualTests.comintervals in Catalyst switches that are in server or client mode?

A. 30 secondsB. 5 minutesC. 1 minuteD. 10 secondsE. 5 secondsF. None of the other alternatives apply


Explanation/Reference:Explanation:Periodic ( default is 5 minutes) VTP advertisements are sent out each trunk port with the multicast destinationMAC address 01-00-0C-CC-CC-CC. VTP advertisements contain the following configuration information: VLANIDs (ISL and 802.1Q) Emulated LAN names ( ATM LANE ) "Pass Any Exam. Any Time." - www.actualtests.com14www.CareerCert.info


802.10 SAID values (FDDI) VTP domain name VTP configuration revision number VLAN configuration,including the maximum transmission unit (MTU) size for each VLAN Frame format

QUESTION 15The Company switches have all been upgraded to use VTP version 2. What are two benefits provided in VTPVersion 2 that are not available in VTP Version 1? (Select two)

A. VTP version 2 supports Token Ring VLANsB. VTP version 2 allows VLAN consistency checksC. VTP version 2 allows active redundant links when used with spanning treeD. VTP version 2 reduces the amount of configuration necessaryE. VTP version 2 saves VLAN configuration memory

Correct Answer: ABSection: (none)Explanation

Explanation/Reference:"Pass Any Exam. Any Time." - www.actualtests.com 16www.CareerCert.info


Explanation:Understanding VTP Version 2If you use VTP in your network, you must decide whether to use VTP version1 or version2.Note:

If you are using VTP in a Token Ring environment, you must use version2. VTP version 2 supports thefollowing features not supported in version1:

Token Ring support-VTP version2 supports Token Ring LAN switching and VLANs (Token Ring Bridge RelayFunction [TrBRF] and Token Ring Concentrator Relay Function [TrCRF]).

Unrecognized Type-Length-Value (TLV) Support-A VTP server or client propagates configuration changes to itsother trunks, even for TLVs it is not able to parse. The unrecognized TLV is saved in NVRAM.

Version-Dependent Transparent Mode-In VTP version1, a VTP transparent network device inspects VTPmessages for the domain name and version, and forwards a message only if the version and domain namematch. Because only one domain is supported in the supervisor engine software, VTP version 2 forwards VTPmessages in transparent mode without checking the version.

Consistency Checks-In VTP version 2, VLAN consistency checks (such as VLAN names and values) areperformed only when you enter new information through the CLI or SNMP. Consistency checks are notperformed when new information is obtained from a VTP message, or when information is read from NVRAM.If the digest on a received VTP message is correct, its information is accepted without consistency checks.Reference:ActualTests.comhttp://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/configuration/guide/vtp.html#wp1020429

QUESTION 16The Company network administrator needs to enable VTP pruning within the Company network. What actionshould a network administrator take to enable VTP pruning on an entire management domain?

A. Enable VTP pruning on any switch in the management domainB. Enable VTP pruning on any client switch in the domainC. Enable VTP pruning on a VTP server in the management domain D. Enable VTP pruning on every switch in the domainE. None of the other alternatives apply


Explanation/Reference:Explanation:The default behavior of a switch is to propagate broadcast and unknown packets across the network. Thisbehavior results in a large amount of unnecessary traffic crossing the network. VTP pruning increasesbandwidth efficiency by reducing unnecessary flooding of traffic, such as broadcast, multicast, unknown, andflooded unicast packets. VTP pruning increases available bandwidth by restricting flooded traffic to those trunklinks that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled.Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP pruning takeseffect several seconds after it is enabled. By default, VLANs 2 through 1000 or 2 through 1001 are pruningeligible, depending upon the platform. VTP pruning does not prune traffic from VLANs that are pruningineligible. VLAN 1 is always pruning ineligible and VLAN 1 cannot be removed from a trunk. However, the"VLAN 1 disable on trunk" feature available on Catalyst 4000, 5000, and 6000 family switches enables thepruning of user traffic, but not protocol traffic such as CDP and VTP, for VLAN 1 from a trunk. Use the vtppruning command to make VLANs pruning eligible on a Cisco IOS-based switch.Switch( vlan)# vtp pruningOnce pruning is enabled, use the switchport trunk pruning command to make a specific VLAN pruningineligible.Switch( config)# interface fastethernet 0/3 Switch(config-if)# switchport trunk pruning vlan remove vlan 5

QUESTION 17The Company switches are configured to use VTP. What's true about the VLAN trunking protocol (VTP)?(Select two)

A. VTP messages will not be forwarded over nontrunk links.B. VTP domain names need to be identical. However, case doesn't matter.C. A VTP enabled device which receives multiple advertisements will ignore advertisements with higher

configuration revision numbers.D. A device in "transparent" VTP v.1 mode will not forward VTP messages.E. VTP pruning allows switches to prune VLANs that do not have any active ports associated with them.


Explanation/Reference:Explanation:VTP messages are only transmitted across trunk links.If the receiving switch is in transparent mode, the configuration is not changed. Switches in transparent modedo not participate in VTP. If you make VTP or VLAN configuration changes on a switch in transparent mode,the changes are not propagated to the other switches in the network.Incorrect Answers:B: The VTP domain name is case sensitive and it must be identical with the domain name configured on theVTP server.ActualTests.comC: This is incorrect because if a VTP client receives an advertisement with a higher revision number, it won'tignore it. In fact, the advertisement with a higher revision level takes precedence when the switch is configuredin client mode.E: VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as broadcast,multicast, unknown, and flooded unicast packets. VTP pruning increases available bandwidth by restrictingflooded traffic to those trunk links that the traffic must use to access the appropriate network devices. It doesnot prune the individual VLANs.

QUESTION 18Switch R1 and R2 both belong to the Company VTP domain. What's true about the switch operation in VTPdomains? (Select all that apply)

A. A switch can only reside in one management domainB. A switch is listening to VTP advertisements from their own domain onlyC. A switch is listening to VTP advertisements from multi domainsD. A switch can reside in one or more domainsE. VTP is no longer supported on Catalyst switches


Explanation/Reference:Explanation:A VTP domain is made up of one or more interconnected devices that share the same VTP domain name. Aswitch can be configured to be in only one VTP domain, and each VLAN has a name that is unique within amanagement domain.Typically, you use a VTP domain to ease administrative control of your network or to account for physicalboundaries within your network. However, you can set up as many or as few VTP domains as are appropriatefor your administrative needs. Consider that VTP is transmitted on all trunk connections, including ISL, IEEE802.1Q, 802.10, and LANE. Switches can only belong to one management domain with common VLANrequirements, and they only care about the neighbors in their own domains.Reference: CCNP Switching Exam Certification Guide: David Hucaby & Tim Boyles, Cisco Press 2001, ISBN 1-58720 000-7 page 114

QUESTION 19VTP switches use advertisements to exchange information with each other. Which of the followingadvertisement types are associated with VTP? (Select all that apply)

A. Domain advertisementsB. Advertisement requests from clientsC. Subset advertisementsD. Summary advertisements

Correct Answer: BCDSection: (none)Explanation

Explanation/Reference:Explanation:VTP advertisements include: Summary Advertisements - These go out every 5 minutes or ever time the VLANtopology changes, and lists of information about the management domain (VTP version, domain name,configuration revision number, timestamp, MD5 encryption hash code, & number of subset advertisementsincoming). When there is a configuration change, summary advertisements are complimented by or moresubset advertisements. Subset advertisements - These are sent out by VTP domain servers after aconfiguration change. They list the specifics of the change (VLAN creation / deletion / suspension / activation /name change / MTU change) and the VLAN parameters (VLAN status, VLAN type, MTU, VLAN name, VLANnumber, SAID value). Advertisement Requests from Clients - VTP clients request specific VLAN informationthat they're lacking (ie. Client switch is reset and loses its database, or VTP domain membership changes) sothey can be responded by summary and subset advertisements. Reference: CCNP Switching ExamCertification Guide: pages 116-117 David Hucaby & Tim Boyles, Cisco Press 2001, ISBN 1-58720 000-7

QUESTION 20ActualTests.comSwitch R1 is part of the Company VTP domain. What's true of VTP Pruning within this domain? (Select all thatapply)

A. It does not prune traffic from VLANs that are pruning-ineligibleB. VLAN 1 is always pruning-eligibleC. it will prune traffic from VLANs that are pruning-ineligibleD. VLAN 2 is always pruning-ineligibleE. None of the other alternatives apply.


Explanation/Reference:Explanation:By definition, pruning-ineligible VLANs can not be pruned. You can make specific VLANs pruning ineligible withthe clear vtp pruneeligible vlan_range command. By "Pass Any Exam. Any


default , VLANs 2-1000 are pruning-eligible. Since the default VLAN for any switch port in a Catalyst switch isVLAN 1, it is not eligible for pruning.Incorrect Answers:B: VLAN 1 is always pruning-ineligibleC: The opposite is true.D: By default, VLANs 2-1000 are eligible to be pruned.

QUESTION 21ActualTests.comSwitch R1 is configured with VTP. Which two VTP modes will make R1 capable of creating and deleting VLANson itself? (Select two)

A. ClientB. ServerC. TransparentD. Pass-throughE. No-negotiate

Correct Answer: BCSection: (none)

Explanation

Explanation/Reference:Explanation:VTP ModesYou can configure a switch to operate in any one of these VTP modes: Server-In VTP server "Pass Any Exam.Any Time." - www.actualtests.com 23www.CareerCert.info


mode, you can create, modify, and delete VLANs and specify other configuration parameters (such as VTPversion) for the entire VTP domain. VTP servers advertise their VLAN configuration to other switches in thesame VTP domain and synchronize their VLAN configuration with other switches based on advertisementsreceived over trunk links. VTP server is the default mode. Client-VTP clients behave the same way as VTPservers, but you cannot create, change, or delete VLANs on a VTP client. Transparent-VTP transparentswitches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration anddoes not synchronize its VLAN configuration based on received advertisements. However, in VTP version 2,transparent switches do forward VTP advertisements that they receive out their trunk interfaces.

If you configure the switch as VTP transparent, you can create and modify VLANs but the changes affect onlythe individual switch.Incorrect Answers:A: Clients can not modify, add, or delete any VLAN information.D: These options are not valid VTP modes.E: These options are not valid VTP modes.

QUESTION 22When the Catalyst switch R1 is enabled to use VTP, which information does it advertise on its trunk ports?(Select two)

A. VTP modeB. STP root statusC. Negotiation statusD. Management domainE. Configuration revision number


Explanation/Reference:ActualTests.comExplanation:The VTP protocol maintains VLAN configuration consistency throughout the network by distributing VLANinformation to the network. VLAN information is sent to network devices in advertisements that contain the VTPmanagement domain name, the current configuration revision number, the VLANs that the server knows about,and certain VLAN parameters. Any time you change a VLAN, VTP automatically sends an advertisement toupdate all other network devices.The following global configuration information is distributed in VTP advertisements:VLAN IDs (ISL and 802.1Q) Emulated LAN names (for ATM LANE ) 802.10 SAID values (FDDI) VTP domainname VTP configuration revision number VLAN configuration, including maximum transmission unit (MTU) sizefor each VLAN Frame format



Reference: Cisco, Configuring VTPhttp://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_1/config/vtp.htm

QUESTION 23Which three statements are true regarding the above diagram? (Choose three.)

A. DTP packets are sent from Switch B.B. The native VLAN for Switch B is vlan 1.C. A trunk link will be formed.D. DTP is not running on Switch A.E. Only VLANs 1-1001 will travel across the trunk link.

Correct Answer: ABCSection: (none)Explanation

Explanation/Reference:ActualTests.comExplanation:You can manually configure trunk links on Catalyst switches for either ISL or 802.1Q mode. In addition, Ciscohas implemented a proprietary, point-to-point protocol called Dynamic Trunking Protocol (DTP) that negotiatesa common trunking mode between two switches. The negotiation covers the encapsulation (ISL or 802.1Q) aswell as whether the link becomes a trunk at all. You can configure the trunk encapsulation with the switchporttrunk encapsulation command, as one of the following: isl - VLANs are tagged by encapsulating each frameusing the Cisco ISL protocol. dot1q -VLANs are tagged in each frame using the IEEE 802.1Q standard protocol.The only exception is the native VLAN, which is sent normally and not tagged at all. negotiate (the default)-Theencapsulation is negotiated to select either ISL or IEEE 802.1Q, whichever is supported by both ends of thetrunk. If both ends support both types, ISL is favored. (The Catalyst 2950 switch does not support ISLencapsulation.)In the switchport mode command, you can set the trunking mode to any of the following: trunk - "Pass AnyExam. Any Time." - www.actualtests.com 25www.CareerCert.info


This setting places the port in permanent trunking mode. The corresponding switch port at the other end of thetrunk should be similarly configured because negotiation is not allowed. You should also manually configure theencapsulation mode. dynamic desirable (the default)-The port actively attempts to convert the link into trunkingmode. If the far-end switch port is configured to trunk , dynamic desirable , or dynamic auto mode, trunking issuccessfully negotiated. dynamic auto -The port converts the link into trunking mode. If the far-end switch portis configured to trunk or dynamic desirable , trunking is negotiated. Because of the passive negotiationbehavior, the link never becomes a trunk if both ends of the link are left to the dynamic auto default.

QUESTION 24The Company core switches use 802.1Q trunks to connect to each other. How does 802.1Q trunking keeptrack of multiple VLANs?

A. It tags the data frame with VLAN information and recalculates the CRC valueB. It encapsulates the data frame with a new header and frame check sequenceC. It modifies the port index of a data frame to indicate the VLAND. It adds a new header containing the VLAN ID to the data frameE. None of the other alternatives apply


Explanation/Reference:Explanation:The IEEE 802.1Q protocol can also carry VLAN associations over trunk links. However, this frame identificationmethod is standardized, allowing VLAN trunks to exist and operate between equipment from multiple vendors.In particular, the IEEE 802.1Q standard defines an architecture for VLAN use, services provided with VLANs,and protocols and algorithms used to provide VLAN services. Like Cisco ISL, IEEE 802.1Q can be used forVLAN identification with Ethernet trunks. Instead of encapsulating each frame with a VLAN ID header andtrailer, 802.1Q embeds its tagging information within the Layer 2 frame. This method is referred to as single-tagging or internal tagging . 802.1Q also introduces the concept of a native VLAN on a trunk. Frames belongingto this VLAN are not encapsulated with any tagging information. In the event that an end station is connected toan 802.1Q trunk link, the end station can receive and understand only the native VLAN frames. This provides asimple way to offer full trunk encapsulation to the devices that can understand it, while giving normal accessstations some inherent connectivity over the trunk.

QUESTION 25ActualTests.comRefer to the exhibit. On the basis of the output generated by the show commands, which two statements aretrue? (Choose two.)


ActualTests.com

A. Because it is configured as a trunk interface, interface gigabitethernet 0/1 does not appear in the show vlanoutput.

B. VLAN 1 will not be encapsulated with an 802.1q header.C. There are no native VLANs configured on the trunk.D. VLAN 2 will not be encapsulated with an 802.1q header.E. All interfaces on the switch have been configured as access ports.F. Because it has not been assigned to any VLAN, interface gigabitethernet 0/1 does not appear in the show

vlan output.





The IEEE 802.1Q protocol can also carry VLAN associations over trunk links. However, this frame identificationmethod is standardized, allowing VLAN trunks to exist and operate between equipment from multiple vendors.In particular, the IEEE 802.1Q standard defines an architecture for VLAN use, services provided with VLANs,and protocols and algorithms used to provide VLAN services. Like Cisco ISL, IEEE 802.1Q can be used forVLAN identification with Ethernet trunks. Instead of encapsulating each frame with a VLAN ID header andtrailer, 802.1Q embeds its tagging information within the Layer 2 frame. This method is referred to as single-tagging or internal tagging .802.1Q also introduces the concept of a native VLAN on a trunk. Frames belonging to this VLAN are notencapsulated with any tagging information. In the event that an end station is connected to an 802.1Q trunklink, the end station can receive and understand only the native VLAN frames. This provides a simple way tooffer full trunk encapsulation to the devices that can understand it, while giving normal access stations someinherent connectivity over the trunk. show vlan: This commands shows the vlan, ports belonging to VLANmeans that port on access mode. It doesn't show the port on trunk mode.

QUESTION 26You need to configure a new Company switch for trunking. Which switch command enables a trunking protocolthat appends a four byte CRC to the packet?

A. CompanySwitch(config-if)#switchport trunk encapsulation dot1qB. CompanySwitch(config-if)#switchport trunk encapsulation itefC. CompanySwitch(config-if)#switchport trunk encapsulation fddiD. CompanySwitch(config-if)#switchport trunk encapsulation islE. None of the other alternatives apply

Correct Answer: DSection: (none)Explanation



Explanation:The Inter-Switch Link (ISL) protocol is a Cisco proprietary method for preserving the source VLAN identificationof frames passing over a trunk link. ISL performs frame identification in Layer 2 by encapsulating each framebetween a header and trailer. Any Cisco switch or router device configured for ISL can process and understandthe ISL VLAN information. ISL is primarily used for Ethernet media, although Cisco has included provisions tocarry Token Ring, FDDI, and ATM frames over Ethernet ISL. (A Frame-Type field in the ISL header indicatesthe source frame type.) When a frame is destined out a trunk link to another switch or router, ISL adds a 26-byte header and a 4-byte trailer to the frame. The source VLAN is identified with a 10-bit VLAN ID field in theheader. The trailer contains a cyclic redundancy check (CRC) value to ensure the data integrity of the newencapsulated frame. Figure 6-3 shows how Ethernet frames are encapsulated and forwarded out a trunk link.Because tagging information is added at the beginning and end of each frame, ISL is sometimes referred to asdouble tagging .

QUESTION 27While using a packet analyzer, you notice four additional bytes being added to the packets in the Companynetwork. Which protocol inserts a four byte tag into the Ethernet frame and recalculates CRC value?

A. DTPB. VTPC. 802.1QD. ISLE. None of the other alternatives apply


Explanation/Reference:Explanation:ActualTests.comThe IEEE 802.1Q protocol can also carry VLAN associations over trunk links. However, this frame identificationmethod is standardized, allowing VLAN trunks to exist and operate between equipment from multiple vendors.In particular, the IEEE 802.1Q standard defines an architecture for VLAN use, services provided with VLANs,and protocols and algorithms used to provide VLAN services. Like Cisco ISL, IEEE 802.1Q can be used forVLAN identification with Ethernet trunks. Instead of encapsulating each frame with a VLAN ID header andtrailer, 802.1Q embeds its tagging information within the Layer 2 frame. This method is referred to as single-tagging or internal tagging . 802.1Q also introduces the concept of a native VLAN on a trunk. Frames belongingto this VLAN are not encapsulated with any tagging information. In the event that an end station is connected toan 802.1Q trunk link, the end station can receive and understand only the native VLAN frames. This provides asimple way to offer full trunk encapsulation to the devices that can understand it, while giving normal accessstations some inherent connectivity over the trunk.



QUESTION 28You need to configure a new Company switch to support DTP. Which DTP switchport mode parameter sets theswitch port to actively send and respond to DTP negotiation frames?

A. AccessB. No negotiateC. TrunkD. Dynamic desirableE. Dynamic autoF. None of the other alternatives apply


Explanation/Reference:Explanation:dynamic desirable (the default)-The port actively attempts to convert the link into trunking mode. If the far-endswitch port is configured to trunk , dynamic desirable , or dynamic auto mode, trunking is successfullynegotiated.

QUESTION 29A new Company switch was just configured using the "switchport trunk native vlan 7" command.What does this interface command accomplish?

A. Causes the interface to apply ISL framing for traffic on VLAN 7B. Configures the trunking interface to forward traffic from VLAN 7C. Configures the interface to be a trunking port and causes traffic on VLAN 7 to be 802.1q taggedD. Configures the trunking interface to send traffic from VLAN 7 untagged ActualTests.comE. None of the other alternatives apply

Correct Answer: D

Section: (none)Explanation

Explanation/Reference:Explanation:In 802.1Q trunking, all VLAN packets are tagged on the trunk link to indicate the VLAN to which they belong.Frames belonging to the Native VLAN are sent untagged on the trunk link. The Native VLAN contains ports notassigned to other VLANs that by default belong to VLAN 1. VLAN 1 is the Native VLAN by default, but VLANsother than VLAN 1 may be designated as the Native VLAN. However, the Native VLAN must be the same ontrunked switches in 802.1Q trunking. If a VLAN other than VLAN 1 is to be the Native VLAN, it needs to beidentified on the trunk ports. In the interface configuration mode of the trunk port(s), the IOS-based command todesignate the Native VLAN is switchport trunk native .Switch( config-if)# switchport trunk native vlan vlan-id "Pass Any Exam. Any Time." - www.actualtests.com 32www.CareerCert.info


QUESTION 30You need to connect two Company core switches via an ISL trunk. Which statement is true regarding theconfiguration of ISL trunks?

A. A Catalyst switch cannot have ISL and IEEE 802.1q trunks enabled.B. All Catalyst switches support ISL trunking.C. A Catalyst switch will report giants if one side is configured for ISL while the other side is not.D. ISL trunking requires that native VLANs match.E. None of the other alternatives apply


Explanation/Reference:Explanation:The Inter-Switch Link (ISL) protocol is a Cisco proprietary method for preserving the source VLAN identificationof frames passing over a trunk link. ISL performs frame identification in Layer 2 by encapsulating each framebetween a header and trailer. Any Cisco switch or router device configured for ISL can process and understandthe ISL VLAN information. ISL is primarily used for Ethernet media, although Cisco has included provisions tocarry Token Ring, FDDI, and ATM frames over Ethernet ISL. (A Frame-Type field in the ISL header indicatesthe source frame type.) When a frame is destined out a trunk link to another switch or router, ISL adds a 26-byte header and a 4-byte trailer to the frame. The source VLAN is identified with a 10-bit VLAN ID field in theheader. The trailer contains a cyclic redundancy check (CRC) value to ensure the data integrity of the newencapsulated frame. Figure 6-3 shows how Ethernet frames are encapsulated and forwarded out a trunk link.Because tagging information is added at the beginning and end of each frame, ISL is sometimes referred to asdouble tagging .

ActualTests.com

QUESTION 31Refer to the exhibit. VLAN 1 and VLAN 2 are configured on the trunked links between Switch A and Switch B.Port Fa 0/2 on Switch B is currently in a blocking state for both VLANs. What should be done to load balanceVLAN traffic between Switch A and Switch B?

A. Lower the port priority for VLAN 1 on port 0/1 for Switch A."Pass Any Exam. Any Time." - www.actualtests.com 33www.CareerCert.infoCisco 642-813: Practice Exam

B. Lower the port priority for VLAN 1 on port 0/2 for Switch A.C. Make the bridge ID of Switch B lower than the ID of Switch A.D. Enable HSRP on the access ports.


Explanation/Reference:Explanation:Load Sharing Using STP Port PrioritiesWhen two ports on the same switch form a loop, the STP port priority setting determines which port is enabledand which port is in a blocking state. The priorities on a parallel trunk port can be set so that the port carries allthe traffic for a given VLAN. The trunk port with the higher priority (lower values) for a VLAN is forwarding trafficfor that VLAN. The trunk port with the lower priority (higher values) for the same VLAN remains in a Blockingstate for that VLAN. One trunk port sends or receives all traffic for the VLAN.

QUESTION 32Which of the following technologies would an Internet Service Provider use to support overlapping customerVLAN ID's over transparent LAN services?

A. 802.1q tunnelingB. ATMC. SDHD. IP Over Optical NetworkingE. ISL


Explanation/Reference:Explanation:Understanding How 802.1Q Tunneling Works :ActualTests.comThe 802.1Q tunneling feature supports secure virtual private networks (VPNs). 802.1Q tunneling enablesservice providers to keep traffic from different customers segregated in the service provider infrastructure whilesignificantly reducing the number of VLANs required to support the VPNs. 802.1Q tunneling allows multiplecustomer VLANs to be carried by a single VLAN on the Catalyst 6000 family switch without losing their uniqueVLAN IDs. When you configure 802.1Q tunneling on the Catalyst 6000 family switch, traffic to be tunneledcomes into the switch from an 802.1Q trunk port on a neighboring device and enters the switch through a portconfigured to support 802.1Q tunneling (a tunnel port). When the tunnel port receives traffic from an 802.1Qtrunk port, it does not strip the 802.1Q tags from the frame header but, instead, leaves the 802.1Q tags intactand puts all the received 802.1Q traffic into the VLAN assigned to the tunnel port. The VLAN assigned to thetunnel port then carries the tunneled customer traffic to the other neighboring devices participating in the tunnelport VLAN. When the tunneled traffic is received by an 802.1Q trunk port on a neighboring device, the 802.1Qtag is



stripped and the traffic is removed from the tunnel.Reference:http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_guide_chapter09186a008007fa06.html

QUESTION 33If you were to configure an ISL Ethernet trunk between two Cisco switches, named R1 and R2, what would youhave to include at the end of the link for the trunk to operate correctly? (Select two)

A. An identical VTP mode.B. An identical speed/duplex.C. An identical trunk negotiation parameter.D. An identical trunk encapsulation parameter.


Explanation/Reference:Explanation:In order for a trunk to be operational, the speed and duplex settings must match at each end of the trunk, andboth switches must use the same trunking encapsulation (802.1Q or ISL).Incorrect Answers:A: It is common for switches to have trunk links operating, while the VTP modes differ. For example, a switchconfigured with VTP mode server can have a trunk connected to a switch with VTP mode client.C: This is incorrect, as there are a number of configurations that are supported where the trunk negotiationparameters differ between switches. For example, switch R1 could have the trunk configured for "on" whileswitch R2 could have the switch trunk configured for "desirable" and the trunk would be operational.ActualTests.com

QUESTION 34You are the network administrator at Company and switch R1 is configured as shown below:

Interface gigethernet 0/1

Switchport mode trunk

Switchport trunk encapsulation dot1q

Switchport trunk native vlan 5



If untagged frames are arriving on interface gigethernet 0/1 of R1, which of the following statement are correct?

A. Untagged frames are automatically assumed to be in VLAN 5.B. Untagged frames are defaulted to VLAN 1 traffic.C. Untagged frames are dropped because all packets are tagged when dot1q trunked.D. Untagged frames are determined on the other switchE. Untagged frames are not supported on 802.1Q trunks.

Correct Answer: ASection: (none)

Explanation

Explanation/Reference:Explanation:Each physical port has a parameter called PVID. Every 802.1Q port is assigned a PVID value that is of itsnative VLAN ID (default is VLAN 1). All untagged frames are assigned to the LAN specified in the PVIDparameter. When a tagged frame is received by a port, the tag is respected. If the frame is untagged, the valuecontained in the PVID is considered as a tag. All untagged frames will be assigned to the native VLAN. Thenative VLAN is 1 by default, but in this case the native VLAN is configured as VLAN 5 so choice A is correct.

QUESTION 35Which of the following trunking modes are unable to request their ports to convert their links into trunk links?(Select all that apply)

A. NegotiateB. DesignateC. No negotiateD. AutoE. ManualF. Off

Correct Answer: CDSection: (none)Explanation

Explanation/Reference:Explanation:Auto is a trunking mode but does not actively negotiate a trunk. It requires opposite side to be trunk ordesirable, and will only respond to requests from the other trunk link. No-negotiate will configure the link to beunable to dynamically become a trunk; since no requests will be sent it will not respond to requests from othertrunk links from a different switch.

QUESTION 36ISL is being configured on a Company switch. Which of the following choices are true regarding the ISLprotocol? (Select two)

A. It can be used between Cisco and non-Cisco switch devices.B. It calculates a new CRC field on top of the existing CRC field.C. It adds 4 bytes of protocol-specific information to the original Ethernet frame.D. It adds 30 bytes of protocol-specific information to the original Ethernet frame.

ActualTests.com


Explanation/Reference:Explanation:ISL adds a total of 30bytes to the Ethernet frame. A 26 byte header (10bytes identifies the VLAN ID) and a 4byte trailer (containing a separate CRC).Incorrect Answers:A: This is incorrect because ISL is Cisco proprietary and can only be used on Cisco devices. For configuring atrunk to a non-Cisco switch, 802.1Q encapsulation should be used.C: This is incorrect because it is contradictory to D. 30 byes are added with ISL, not 4 bytes. This choicedescribes what is used in 802.1Q frames, not ISL

QUESTION 37



You are the network administrator tasked with designing a switching solution for the Company network. Whichof the following statements describing trunk links are INCORRECT? (Select all that apply)

A. The trunk link belongs to a specific VLAN.B. Multiple trunk links are used to connect multiple end user devices.C. A trunk link only supports native VLAN.D. Trunk links use 802.10 to identify a VLAN.E. The native VLAN of the trunk link is the VLAN that the trunk uses for untagged packets.

Correct Answer: ABCDSection: (none)Explanation

Explanation/Reference:Explanation:A trunk is a point-to-point link that transmits and receives traffic between switches or between switches androuters. Trunks carry the traffic of multiple VLANs and can extend VLANs across an entire network. 100BaseTand Gigabit Ethernet trunks use Cisco ISL (the default protocol) or industry-standard IEEE 802.1Q to carrytraffic for multiple VLANs over a single link. Frames received from users in the administratively-defined VLANsare identified or tagged for transmission to other devices. Based on rules you define, a unique identifier (thetag) is inserted in each frame header before it is forwarded. The tag is examined and understood by eachdevice before any broadcasts or transmission to other switches, routers, or end stations. When the framereaches the last switch or router, the tag is removed before the frame is transmitted to the target end station.Incorrect Answers:E: This statement is true, as untagged frames are always used with the native VLAN. The native VLAN is VLAN1 by default in Cisco switches.Section 5: Configure loop prevention for the VLAN based solution(13 Questions)

QUESTION 38On switch R1 you issue the "udld enable" global command. What does this command accomplish?

A. Enables all fiber-optic LAN ports for Unidirectional LINK Detection (UDLD)B. Enables all copper media LAN ports Unidirectional Link Detection (UDLD)C. Overrides the default UDLS setting for all portsD. Globally enables all ports on the device for Unidirectional Link Detection (UDLS)E. None of the other alternatives apply


Explanation/Reference:Explanation:Enabling UDLD GloballyBeginning in privileged EXEC mode, follow these steps to enable UDLD globally on all fiber-optic interfaces onthe switch:To disable UDLD globally on fiber-optic interfaces, use the no udld enable global configuration command.Reference:ActualTests.comhttp://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_4_ea1/configur ation/guide/swudld.html

QUESTION 39

The Company network utilizes the Multiple-instance Spanning Tree protocol in its switched LAN. Which threestatements about the MST protocol (IEEE 802.1S) are true? (Select three)

A. To verify the MST configuration, the show pending command can be used in MST configuration mode.B. When RSTP and MSTP are configured; UplinkFast and BackboneFast must also be enabled.C. All switches in the same MST region must have the same VLAN-to-instance mapping, but different

configuration revision numbers."Pass Any Exam. Any Time." - www.actualtests.com 39www.CareerCert.infoCisco 642-813: Practice Exam

D. All switches in an MST region, except distribution layer switches, should have their priority lowered from thedefault value 32768.

E. An MST region is a group of MST switches that appear as a single virtual bridge to adjacent CST and MSTregions.

F. Enabling MST with the "spanning-tree modemst" global configuration command also enables RSTP.

Correct Answer: AEFSection: (none)Explanation

Explanation/Reference:Explanation:MST is built on the concept of mapping one or more VLANs to a single STP instance. Multiple instances of STPcan be used (hence the name MST), with each instance supporting a different group of VLANs.

Each could be tuned to result in a different topology, so that Instance 1 would forward on the left uplink, whileInstance 2 would forward on the right uplink. Therefore, VLAN A would be mapped to Instance 1 ,and VLAN Bto Instance 2.To implement MST in a network, you need to determine the following: The number of STP instances needed tosupport the desired topologies. Whether to map a set of VLANs to each instance.

QUESTION 40Which of the following specifications is a companion to the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP)algorithm, and warrants the use multiple spanning-trees?

A. IEEE 802.1s (MST)B. IEEE 802.1Q (CST)C. Cisco PVST+D. IEEE 802.1d (STP)E. None of the other alternatives apply


Explanation/Reference:Explanation:MST uses the modified RSTP version called the Multiple Spanning Tree Protocol (MSTP). MST extends theIEEE 802.1w rapid spanning tree (RST) algorithm to multiple spanning trees. This extension provides bothrapid convergence and load balancing in a VLAN environment. MST converges faster than PVST+. MST isbackward compatible with 802.1D STP, 802.1w (rapid spanning tree protocol [RSTP]), and the Cisco PVST+architecture. MST allows you to build multiple spanning trees over trunks. You can group and associate VLANsto spanning tree instances. Each instance can have a topology independent of other spanning tree instances.This new architecture provides multiple forwarding paths for data traffic and enables load balancing. Networkfault tolerance is improved because a failure in one instance (forwarding path) does not affect other instances(forwarding paths). In large networks, you can more easily administer the network and use redundant paths byActualTests.com

locating different VLAN and spanning tree instance assignments in different parts of the network. Aspanningtree instance can exist only on bridges that have compatible VLAN instance assignments. You mustconfigure a set of bridges with the same MST configuration information, which allows them to participate in aspecific set of spanning tree instances. Interconnected bridges that have the same MST configuration arereferred to as an MST region .Reference:http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007e71a.html#wp1082480

QUESTION 41Which three items are configured in MST configuration submode? (Select three)

A. Region nameB. Configuration revision numberC. VLAN instance mapD. IST STP BPDU hello timerE. CST instance mapF. PVST+ instance map


Explanation/Reference:ActualTests.comExplanation:spanning-tree mst configuration :Use the spanning-tree mst configuration command to enter the MST configuration submode. Use the no formof this command to return to the default MST configuration.Defaults:The default value for the MST configuration is the default value for all its parameters: No VLANs are mapped toany MST instance (all VLANs are mapped to the CIST instance). The region name is an empty string. Therevision number is 0.Usage Guidelines:The MST configuration consists of three main parameters: Instance VLAN mapping (see the instancecommand) Region name (see the name command) Configuration revision number (see the revision command)



QUESTION 42By default, all VLANs will belong to which MST instance when using Multiple STP?

A. MST00B. MST01C. the last MST instance configuredD. none


Explanation/Reference:Explanation:Recall that the whole idea behind MST is the capability to map multiple VLANs to a smaller number of STP

instances. Inside a region, the actual MST instances (MSTIs) exist alongside the IST. Cisco supports amaximum of 16 MSTIs in each region. IST always exists as MSTI number 0, leaving MSTI 1 through 15available for use. By default all VLANs are belonged to MST00 instance.

QUESTION 43While logged into a Company switch you issue the following command:

CompanySwitch(config-mst)# instance 10 vlan 11-12

What does this command accomplish?



A. It enables a PVST+ instance of 10 for vlan 11 and vlan 12B. It enables vlan 11 and vlan 12 to be part of the MST region 10C. It maps vlan 11 and vlan 12 to the MST instance of 10.D. It creates an Internal Spanning Tree (IST) instance of 10 for vlan 11 and vlan 12E. It create a Common Spanning Tree (CST) instance of 10 for vlan 11 and vlan 12F. It starts two instances of MST, one instance for vlan 11 and another instance for vlan 12.


Explanation/Reference:Explanation:MST extends the IEEE 802.1w rapid spanning tree (RST) algorithm to multiple spanning trees. This extensionprovides both rapid convergence and load balancing in a VLAN environment. MST converges faster than PerVLAN Spanning Tree Plus (PVST+) and is backward compatible with 802.1D STP, 802.1w (Rapid SpanningTree Protocol [ RSTP]), and the Cisco PVST+ architecture. MST allows you to build multiple spanning treesover trunks. You can group and associate VLANs to spanning tree instances. Each instance can have atopology independent of other spanning tree instances. This architecture provides multiple forwarding paths fordata traffic and enables load balancing. Network fault tolerance is improved because a failure in one instance(forwarding path) does not affect other instances.

Map the VLANs to an MST instance.If you do not specify the vlan keyword, you can use the no keyword to unmap all the VLANs that were mappedto an MST instance.If you specify the vlan keyword, you can use the no keyword to unmap a specified VLAN from an MST instance.Switch( config-mst)# instance instance_number vlan vlan_range Reference:http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a00800dde9e.html#36881

ActualTests.com

QUESTION 44Refer to the show spanning-tree mst configuration output shown in the exhibit. What should be changed in theconfiguration of the switch SW_2 in order for it to participate in the same MST region?



A. Switch SW_2 must be configured with an instance number of 2.B. Switch SW_2 must be configured with a different VLAN range.C. Switch SW_2 must be configured with the revision number of 1.D. Switch SW_2 must be configured with a different MST name.


Explanation/Reference:Explanation:MST is built on the concept of mapping one or more VLANs to a single STP instance. Multiple instances of STPcan be used (hence the name MST), with each instance supporting a different group of VLANs.

In most networks, a single MST region is sufficient, although you can configure more than one region . Withinthe region, all switches must run the instance of MST that is defined by the followingattributes :MST configuration name (32 characters)MST configuration revision number (0 to 65535)MST instance-to-VLAN mapping table (4096 entries)Example of configuration of MST

Switch( config)# spanning-tree mode mstSwitch( config)# spanning-tree mst configurationSwitch( config-mst)# name nameSwitch( config-mst)# revision versionThe configuration revision number gives you a means to track changes to the MST region configuration. Eachtime you make changes to the configuration, you should increase the number by one. Remember that theregion configuration ( including the revision number) must match on all switches in the region . Therefore, youalso need to update the revision numbers on the other ActualTests.comswitches to match.Switch( config-mst)# instance instance-id vlan vlan-list The instance-id (0 to 15) carries topology information forthe VLANs listed in vlan-list. The list can contain one or more VLANs separated by commas. You can also adda range of VLANs to the list by separating numbers with a hyphen . VLAN numbers can range from 1 to 4094.(Remember that by default , all VLANs are mapped to instance 0, the IST.) Switch( config-mst)# show pendingregion configuration:Switch( config-mst)# exit

So belong the routers in same MST region, MST attributes should be same, in Company2 router revisionnumber is not same so to make belong the Company2 router on same MST region,



revision number should be 1.

QUESTION 45Refer to the exhibit. Switch S2 contains the default configuration. Switches S1 and S3 both have had thecommand spanning-tree mode rapid-pvst issued on them. What will be the result?

ActualTests.com



A. IEEE 802.1D and IEEE 802.1w are incompatible. All three switches must use the same standard or notraffic will pass between any of the switches.

B. Switches S1, S2, and S3 will be able to pass traffic between themselves.C. Switches S1, S2, and S3 will be able to pass traffic between themselves. However, if there is a topology

change, Switch S2 will not receive notification of the change.D. Switches S1 and S3 will be able to exchange traffic but neither will be able to exchange traffic with Switch

S2


Explanation/Reference:Explanation:Cisco Catalyst switches support three types of STPs, which are PVST+, rapid-PVST+ and MST. PVST+ isbased on IEEE802.1D standard and includes Cisco proprietary extensions such as BackboneFast, UplinkFast,and PortFast. Rapid-PVST+ is based on IEEE 802.1w standard and has a faster convergence than 802.1D.RSTP (IEEE 802.1w) natively includes most of the Cisco proprietary enhancements to the 802.1D SpanningTree, such as BackboneFast and UplinkFast. Rapid-PVST+ uses the same BPDU format as the 802.1D and itis backward compatible. It is difficult to convert all the switches in the enterprise network at the same time torapid-PVST+. Because of the backward compatibility, you can convert phase by phase.

Section 6: Configure Access Ports for the VLAN based solution (3 Questions)

QUESTION 46LABActualTests.comRefer to the Exhibit.



A. The information of the question


Explanation/Reference:

Explanation:You will configure FastEthernet ports 0/12 through 0/24 for users who belong to VLAN 20. Also, all VLAN andVTP configurations are to be completed in global configuration mode as VLAN database mode is beingdeprecated by Cisco. You are required to accomplish the following tasks:

1. Ensure the switch does not participate in VTP but forwards VTP advertisements received on trunk ports.2. Ensure all non-trunking interfaces (Fa0/1 to Fa0/24) transition immediately to the forwarding state ofSpanning-Tree.ActualTests.com3. Ensure all FastEthernet interfaces are in a permanent non-trunking mode.4. Place FastEthernet interfaces 0/12 through 0/24 in VLAN 20 Correct Answers:switch# conf tswitch( config)#vtp mode transparentswitch( config)#interface range fa0/1 - 24switch( config-if-range)#switchport mode accessswitch( config-if-range)#spanning-tree portfast

switch( config)#interface range fa0/12 - 24switch( config-if-range)#switchport access vlan 20switch( config-if-range)#endswitch # copy run start



VTP:The role of the VLAN Trunking Protocol (VTP) is to maintain VLAN configuration consistency across the entirenetwork. VTP is a messaging protocol that uses Layer 2 trunk frames to manage the addition, deletion, andrenaming of VLANs on a network-wide basis from a centralized switch that is in the VTP server mode. VTP isresponsible for synchronizing VLAN information within a VTP domain. This reduces the need to configure thesame VLAN information on each switch. VTP minimizes the possible configuration inconsistencies that arisewhen changes are made. These inconsistencies can result in security violations, because VLANs cancrossconnect when duplicate names are used. They also could become internally disconnected when they aremapped from one LAN type to another, for example, Ethernet to ATM LANE ELANs or FDDI 802.10 VLANs.VTP provides a mapping scheme that enables seamless trunking within a network employing mixed-mediatechnologies.VTP provides the following benefits: VLAN configuration consistency across the network Mapping scheme thatallows a VLAN to be trunked over mixed media Accurate tracking and monitoring of VLANs Dynamic reportingof added VLANs across the network Plug-and-play configuration when adding new VLANsThere are three different VTP modes:1. Server:By default, a Catalyst switch is in the VTP server mode and in the "no management domain" state until theswitch receives an advertisement for a domain over a trunk link or a VLAN management domain is configured.A switch that has been put in VTP server mode and had a domain name specified can create, modify, anddelete VLANs. VTP servers can also specify other configuration parameters such as VTP version and VTPpruning for the entire VTP domain. VTP information is stored in NVRAM.VTP servers advertise their VLAN configuration to other switches in the same VTP domain, and synchronizethe VLAN configuration with other switches based on advertisements received over trunk links. When a changeis made to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTPdomain. VTP advertisements are transmitted out all trunk ActualTests.comconnections, including ISL, IEEE 802.1Q, IEEE 802.10, and ATM LANE trunks.2. Client:The VTP client maintains a full list of all VLANs within the VTP domain, but it does not store the information inNVRAM. VTP clients behave the same way as VTP servers, but it is not possible to create, change, or deleteVLANs on a VTP client. Any changes made must be received from a VTP server advertisement.3. TransparentVTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLANconfiguration, and does not synchronize its VLAN configuration based on received advertisements. However, in

VTP Version 2, transparent switches do forward VTP advertisements that the switches receive out their trunkports. VLANs can be configured on a switch in the VTP transparent mode, but the information is local to theswitch (VLAN information is not propagated to other switches) and is stored in NVRAM.



To change the VTP mode:Switch( Config)# vtp mode <Mode>OrSwitch#vlan databaseSwitch#vtp <mode>

PortFastA prime reason for enabling PortFast is in cases where a PC boots in a period less than the 30 seconds it takesa switch to put a port into forwarding mode from disconnected state. Some NICs do not enable a link until theMAC layer software driver is actually loaded. Most operating systems try to use the network almost immediatelyafter loading the driver, as in the case of DHCP. This can create a problem because the 30 seconds of STPdelay from listening to Forwarding states begins right when the IOS begins trying to access the network. In thecase of DHCP, the PC will not obtain a valid IP address from the DHCP server. This problem is common withPC Card (PCMCIA) NICs used in laptop computers. Additionally, there is a race between operating systemsand CPU manufacturers. CPU manufacturers keep making the chips faster, while at the same time, operatingsystems keep slowing down, but the chips are speeding up at a greater rate than the operating systems areslowing down. As a result, PCs are booting faster than ever. In fact, modern machines are often finishedbooting and need to use the network before the STP 30- second delay is over.Use the spanning-tree portfast global configuration command to globally enable the PortFast feature on all non-trunking ports.

QUESTION 47You need make configuration changes to an existing layer 3 switch in the Company network. On a multilayerCatalyst switch, which interface command is used to convert a Layer 3 interface to a Layer 2 interface?

A. switchport access vlan vlan-idB. switchport

"Pass Any Exam. Any Time." - www.actualtests.com 51www.CareerCert.infoCisco 642-813: Practice Exam

C. switchport mode accessD. no switchportE. None of the other alternatives apply


Explanation/Reference:Explanation:The switchport command puts the port in Layer 2 mode. Then, you can use other switchport commandkeywords to configure trunking, access VLANs, and so on.

Section 7: V erify the VLAN based solution was implemented properly using show and debug commands (9Questions)

QUESTION 48CORRECT TEXT

What command could you enter to display the trunking status of a module/port in the switch? (Type in the

answer below):

A.B.C.D.

Correct Answer: Section: (none)Explanation

Explanation/Reference:Answer: show trunk

QUESTION 49The Company administrator has issue the "show vlan id 5" command. What will this command display? (Selecttwo)

A. Ports in VLAN 5B. UtilizationC. VLAN information on port 0/5

ActualTests.comD. FiltersE. MTU and type

Correct Answer: AESection: (none)Explanation

Explanation/Reference:Explanation:#show vlan id 5 : Shows all ports belonging to VLAN 5 and MTU of ports and type.

QUESTION 50You're a network administer and you issue the command (show port 3/1) on an Ethernet port. To your surpriseyou notice a non-zero entry in the 'Giants' column. What could be the cause of this?



A. IEEE 802.1QB. IEEE 802.10C. Misconfigured NICD. User configurationE. All of the above


Explanation/Reference:Explanation:The 802.1Q standard can create an interesting scenario on the network. Recalling that the maximum size foran Ethernet frame as specified by IEEE 802.3 is 1518 bytes, this means that if a maximum-sized Ethernet

frame gets tagged, the frame size will be 1522 bytes, a number that violates the IEEE 802.3 standard. Toresolve this issue, the 802.3 committee created a subgroup called 802.3ac to extend the maximum Ethernetsize to 1522 bytes. Note: The show port command is used to display port status and counters. Giants denotethe number of received giant frames (frames that exceed the maximum IEEE 802.3 frame size) on the port.Reference: Trunking between Catalyst 4000, 5000, and 6000 Family Switches Using 802.1q Encapsulationhttp://www.cisco.com/warp/public/473/27.html

QUESTION 51Refer to the show interface Gi0/1 switchport command output shown in the exhibit. Which two statements aretrue about this interface? (Choose two.)

ActualTests.com



A. This interface is a member of a voice VLAN.B. This interface is configured for access mode.

C. This interface is a dot1q trunk passing all configured VLANs.D. This interface is a member of VLAN7.E. This interface is a member of VLAN1.

ActualTests.com


Explanation/Reference:Explanation:In Exhibit, Operation mode is in static access and Access mode VLAN is 7 so it means this port is operating onaccess mode as a member of VLAN 7.

QUESTION 52Refer to the exhibit. Switch P1S1 is not applying VLAN updates from switch P2S1. What are three reasons whythis is not occurring? (Choose three.)



A. Switch P2S1 is in server mode.B. Switch P1S1 is in transparent mode.

C. The MD5 digests do not match.D. The passwords do not match.E. The VTP domains are different.F. VTP trap generation is disabled on both switches.

Correct Answer: BDESection: (none)Explanation

Explanation/Reference:ActualTests.comExplanation:Determine the VTP mode of operation of the switch and include the mode when setting the VTP domain nameinformation on the switch. If you leave the switch in server mode, be sure to verify that the configuration revisionnumber is set to 0 before adding the switch to the VTP domain. It is generally recommended that you haveseveral servers in the domain, with all other switches set to client mode for purposes of controlling VTPinformation. It is also highly recommended that you use secure mode in your VTP domain. Assigning apassword to the domain will accomplish this. This will prevent unauthorized switches from participating in theVTP domain. From the privileged mode or VLAN configuration mode, use the vtp password passwordcommand.



QUESTION 53Refer to the exhibit. On the basis of the output generated by the show commands, which two statements aretrue? (Choose two.)



ActualTests.com

A. Because it is configured as a trunk interface, interface gigabitethernet 0/1 does not appear in the show vlanoutput.

B. VLAN 1 will not be encapsulated with an 802.1q header.C. There are no native VLANs configured on the trunk.D. VLAN 2 will not be encapsulated with an 802.1q header.E. All interfaces on the switch have been configured as access ports.F. Because it has not been assigned to any VLAN, interface gigabitethernet 0/1 does not appear in the show

vlan output.





The IEEE 802.1Q protocol can also carry VLAN associations over trunk links. However, this frame identificationmethod is standardized, allowing VLAN trunks to exist and operate between equipment from multiple vendors.In particular, the IEEE 802.1Q standard defines an architecture for VLAN use, services provided with VLANs,and protocols and algorithms used to provide VLAN services. Like Cisco ISL, IEEE 802.1Q can be used forVLAN identification with Ethernet trunks. Instead of encapsulating each frame with a VLAN ID header andtrailer, 802.1Q embeds its tagging information within the Layer 2 frame. This method is referred to as single-tagging or internal tagging .802.1Q also introduces the concept of a native VLAN on a trunk. Frames belonging to this VLAN are notencapsulated with any tagging information. In the event that an end station is connected to an 802.1Q trunklink, the end station can receive and understand only the native VLAN frames. This provides a simple way tooffer full trunk encapsulation to the devices that can understand it, while giving normal access stations someinherent connectivity over the trunk. show vlan: This commands shows the vlan, ports belonging to VLANmeans that port on access mode. It doesn't show the port on trunk mode.

QUESTION 54Refer to the exhibit and the show interfaces fastethernet0/1 switchport outputs. Users in VLAN 5 on switchSW_A complain that they do not have connectivity to the users in VLAN 5 on switch SW_B. What should bedone to fix the problem?

ActualTests.com

A. Configure the same number of VLANs on both switches."Pass Any Exam. Any Time." - www.actualtests.com 59www.CareerCert.infoCisco 642-813: Practice Exam

B. Create switch virtual interfaces (SVI) on both switches to route the traffic.C. Define VLAN 5 in the allowed list for the trunk port on SW_A.D. Disable pruning for all VLANs in both switches.E. Define VLAN 5 in the allowed list for the trunk port on SW_B


Explanation/Reference:Explanation:switchport trunk allowed vlan , defines which VLANs can be trunked over the link . By default, a switchtransports all active VLANs (1 to 4094) over a trunk link. There might be times when the trunk link should notcarry all VLANs. For example, broadcasts are forwarded to every switch port on a VLAN-including the trunk linkbecause it, too, is a member of the VLAN. If the VLAN does not extend past the far end of the trunk link,propagating broadcasts across the trunk makes no sense.

Section 8: Document results of VLAN implementation and verification (0 Questions)

QUESTION 55You work as a network technician at Company.com. Your boss, Mrs. Tess King, is interested in switchspoofing. She asks you how an attacker would collect information with VLAN hoping through switch spoofing.You should tell her that the attacking station...

A. ...uses VTP to collect VLAN information that is sent out and then tags itself with the domain information inorder to capture the data.

B. ...will generate frames with two 802.1Q headers to cause the switch to forward the frames to a VLAN thatwould be inaccessible to the attacker through legitimate means.

C. ...uses DTP to negotiate trunking with a switch port and captures all traffic that is allowed on the trunk.D. ...tags itself with all usable VLANs to capture data that is passed through the switch, regardless of the VLAN

to which the data belongs.E. None of the other alternatives apply

ActualTests.com


Explanation/Reference:Explanation:DTP should be disabled for all user ports on a switch. If the port is left with DTP auto-configured (default onmany switches), an attacker can connect and arbitrarily cause the port to start trunking and therefore pass allVLAN information.Reference:http://www.cisco.com/en/US/solutions/ns340/ns517/ns224/ns376/net_design_guidance0900aecd8 00ebd1e.pdf

QUESTION 56The Company security administrator wants to prevent DHCP spoofing. Which statement is true about DHCPspoofing operation?

A. DHCP spoofing and SPAN cannot be used on the same port of a switch.B. To prevent a DHCP spoofing, the DHCP server must create a static ARP entry that cannot be updated by a

dynamic ARP packet.C. To prevent a DHCP spoofing, the switch must have DHCP server services disabled and a static entry

pointing towards the DHCP server.D. DHCP spoofing can be prevented by placing all unused ports in an unused VLAN.E. None of the other alternatives apply.


Explanation/Reference:ActualTests.comExplanation:

About DHCP Spoofing:Suppose that an attacker could bring up a rogue DHCP server on a machine in the same subnet as that sameclient PC. Now when the client broadcasts its DHCP request, the rogue server could send a carefully craftedDHCP reply with its own IP address substituted as the default gateway.

When the client receives the reply, it begins using the spoofed gateway address. Packets destined foraddresses outside the local subnet then go to the attacker's machine first. The attacker can forward thepackets to the correct destination, but in the meantime, it can examine every packet that it intercepts. In effect,this becomes a type of man-in-the-middle attack; the attacker is wedged into the path and the client doesn'trealize it.

About ARP:



Hosts normally use the Address Resolution Protocol (ARP) to resolve an unknown MAC address when the IPaddress is known. If a MAC address is needed so that a packet can be forwarded at Layer 2, a host broadcastsan ARP request that contains the IP address of the target in question. If any other host is using that IP address,it responds with an ARP reply containing its MAC address.

To prevent a DHCP spoofing, the DHCP server must create a static ARP entry that cannot be updated by adynamic ARP packet

Section 3: Create a verification plan for the Security solution (4 Questions)

QUESTION 57Refer to the exhibit. What will happen to traffic within VLAN 14 with a source address of 172.16.10.5?

ActualTests.com

A. The traffic will be forwarded to the router processor for further processing.B. The traffic will be dropped.C. The traffic will be forwarded to the TCAM for further processing.D. The traffic will be forwarded without further processing.


Explanation/Reference:Explanation:VLAN maps, also known as VLAN ACLs or VACLs, can filter all traffic traversing a switch. VLAN maps can beconfigured on the switch to filter all packets that are routed into or out of a VLAN, or are bridged within a VLAN.VLAN maps are used strictly for security packet filtering. Unlike router



ACLs, VLAN maps are not defined by direction (input or output).

To create a VLAN map and apply it to one or more VLANs, perform these steps: Create the standard orextended IP ACLs or named MAC extended ACLs to be applied to the VLAN. This access-list will select thetraffic that will be either forwarded or dropped by the access-map. Only traffic matching the 'permit' condition inan access-list will be passed to the access-map for further processing. Enter the vlan access-map access-map-name [ sequence ] global configuration command to create a VLAN ACL map entry. Each access-map canhave multiple entries. The order of these entries is determined by the sequence . If no sequence number isentered, access- map entries are added with sequence numbers in increments of 10. In access mapconfiguration mode, optionally enter an action forward or action drop . The default is to forward traffic. Alsoenter the match command to specify an IP packet or a non-IP packet (with only a known MAC address), and tomatch the packet against one or more ACLs (standard or extended). Use the vlan filter access-map-name vlan-list vlan-list global configuration command to apply a VLAN map to one or more VLANs. A single access-mapcan be used on multiple VLANs.

QUESTION 58Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. Forsecurity reasons, the servers should not communicate with each other, although they are located on the samesubnet. The servers do need, however, to communicate ActualTests.comwith a database server located in the inside network. What configuration will isolate the servers from eachother?



A. The switch ports 3/1 and 3/2 will be defined as secondary VLAN community ports. The ports connecting tothe two firewalls will be defined as primary VLAN promiscuous ports.

B. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLANpromiscuous ports.

C. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLANcommunity ports.

D. The switch ports 3/1 and 3/2 will be defined as secondary VLAN isolated ports. The ports connecting to thetwo firewalls will be defined as primary VLAN promiscuous ports.


Explanation/Reference:Explanation:Service providers often have devices from multiple clients, in addition to their own servers, on a singleDemilitarized Zone (DMZ) segment or VLAN. As security issues proliferate, it becomes necessary to providetraffic isolation between devices, even though they may exist on the same Layer 3 segment and VLAN. Catalyst6500/4500 switches implement PVLANs to keep some switch ports shared and some switch ports isolated,although all ports exist on the same VLAN. The 2950 and 3550 support "protected ports," which arefunctionality similar to PVLANs on a per- switch basis.A port in a PVLAN can be one of three types:Isolated: An isolated port has complete Layer 2 separation from other ports within the same PVLAN, except forthe promiscuous port. PVLANs block all traffic to isolated ports, except the traffic from promiscuous ports.Traffic received from an isolated port is forwarded to only promiscuous ports.Promiscuous: A promiscuous port can communicate with all ports within the PVLAN, including the communityand isolated ports. The default gateway for the segment would likely be hosted on a promiscuous port, giventhat all devices in the PVLAN will need to communicate with that port. Community: Community portscommunicate among themselves and with their promiscuous ports. These interfaces are isolated at Layer 2from all other interfaces in other communities, or in isolated ports within their PVLAN.ActualTests.com

QUESTION 59VLAN maps have been configured on switch R1. Which of the following actions are taken in a VLAN map thatdoes not contain a match clause?

A. Implicit deny feature at end of list.B. Implicit deny feature at start of list.C. Implicit forward feature at end of listD. Implicit forward feature at start of list.




Explanation:Each VLAN access map can consist of one or more map sequences, each sequence with a match clause andan action clause. The match clause specifies IP, IPX, or MAC ACLs for traffic filtering and the action clausespecifies the action to be taken when a match occurs. When a flow matches a permit ACL entry the associatedaction is taken and the flow is not checked against the remaining sequences. When a flow matches a deny ACLentry, it will be checked against the next ACL in the same sequence or the next sequence. If a flow does not

match any ACL entry and at least one ACL is configured for that packet type, the packet is denied.Reference:http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_guide_chapter09186a008007f4d4.html

Section 4: Configure port security features (6 Questions)

QUESTION 60Refer to the exhibit. Which interface or interfaces on switch SW_A can have the port security feature enabled?

ActualTests.com

A. Ports 0/1 and 0/2B. The trunk port 0/22 and the EtherChannel ports


C. Ports 0/1, 0/2 and 0/3D. Ports 0/1, 0/2, 0/3, the trunk port 0/22 and the EtherChannel portsE. Port 0/1F. Ports 0/1, 0/2, 0/3 and the trunk port 0/22


Explanation/Reference:Explanation:Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a specific set ornumber of MAC addresses. Those addresses can be learned dynamically or configured statically. The port willthen provide access to frames from only those addresses. If, however, the number of addresses is limited tofour but no specific MAC addresses are configured, the port will allow any four MAC addresses to be learneddynamically, and port access will be limited to those four dynamically learned addresses. A port security featurecalled "sticky learning," available on some switch platforms, combines the features of dynamically learned andstatically configured addresses. When this feature is configured on an interface, the interface convertsdynamically learned addresses to "sticky secure" addresses. This adds them to the running configuration as ifthey were configured using the switchport port-security mac-address command.

QUESTION 61You need to configure port security on switch R1. Which two statements are true about this ActualTests.comtechnology? (Select two)

A. Port security can be configured for ports supporting VoIP.B. With port security configured, four MAC addresses are allowed by default.C. The network administrator must manually enter the MAC address for each device in order for the switch to

allow connectivity.D. With port security configured, only one MAC addresses is allowed by default.E. Port security cannot be configured for ports supporting VoIP.


Explanation/Reference:Explanation:You can use the port security feature to restrict input to an interface by limiting and identifying MAC addressesof the workstations that are allowed to access the port. When you assign secure



MAC addresses to a secure port, the port does not forward packets with source addresses outside the group ofdefined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MACaddress, the workstation attached to that port is assured the full bandwidth of the port.

This feature is indeed supported on voice VLAN ports. If you enable port security on a port configured with avoice VLAN and if there is a PC connected to the CiscoIPPhone, Cisco tells us to set the maximum allowedsecure addresses on the port to at least 3.

The table below shows the default number of allowed MAC addresses is one.Reference: Configuring Port Securityhttp://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/port_sec.html#wpxref25516

QUESTION 62Refer to the exhibit. Port security has been configured on the switch port Fa0/5. What would happen if anotherdevice is connected to the port after the maximum number of devices has been reached, even if one or more ofthe original MAC addresses are inactive?



A. The port will permit the new MAC address because one or more of the original MAC addresses are inactive.B. The port will permit the new MAC address because one or more of the original MAC addresses will age out.C. Because the new MAC address is not configured on the port, the port will not permit the new MAC address.D. Although one or more of the original MAC addresses are inactive, the port will not permit the new MAC

address.


Explanation/Reference:Explanation:In this example the switch is configured for Port Security with the maximum number of allowed devices set to11. When configuring port security, note the following syntax information about port security violation modes:

ActualTests.comprotect -Drops packets with unknown source addresses until you remove a sufficient number of secure MACaddresses to drop below the maximum value.

restrict -Drops packets with unknown source addresses until you remove a sufficient number of secure MACaddresses to drop below the maximum value and causes the SecurityViolation counter to increment.

shutdown -Puts the interface into the error-disabled state immediately and sends an SNMP trap notification.Normally, since the security violation has been set to protect, the switch indeed allow a new device to be addedafter an original MAC address is inactive. However, the key to this question is the "aging time 0" commandwhich has also been configured. This command disables aging, so the



original MAC addresses would remain even when they were removed. Therefore the switch will not permit aynew MAC addresses.Reference:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/port_sec.html#wp1036736

Section 5: Configure general switch security features (9 Questions)

QUESTION 63An attacker is launching a DoS attack on the Company network using a hacking tool designed to exhaust the IPaddress space available from the DHCP servers for a period of time. Which procedure would best defendagainst this type of attack?



A. Configure only trusted interfaces with root guard.B. Implement private VLANs (PVLANs) to carry only user traffic.C. Implement private VLANs (PVLANs) to carry only DHCP traffic.D. Configure only untrusted interfaces with root guard.E. Configure DHCP spoofing on all ports that connect untrusted clients.F. Configure DHCP snooping only on ports that connect trusted DHCP servers.G. None of the other alternatives apply

Correct Answer: FSection: (none)Explanation

Explanation/Reference:Explanation:Cisco Catalyst switches can use the DHCP snooping feature to help mitigate this type of attack. When DHCPsnooping is enabled, switch ports are categorized as trusted or untrusted. Legitimate DHCP servers can befound on trusted ports, whereas all other hosts sit behind untrusted ports.

By default, all switch ports are assumed to be untrusted so that DHCP replies are not expected or permitted.Only trusted ports are allowed to send DHCP replies. Therefore, you should identify only the ports whereknown, trusted DHCP servers are located. You can do this with the following interface configuration command:

Switch( config-if)#ip dhcp snooping trust

QUESTION 64Refer to the exhibit. How will interface FastEthernnet0/1 respond when an 802.1x-enabled client connects tothe port?

ActualTests.com

A. The switch will uniquely authorize the client by using the client MAC address.B. The switch will cause the port to remain in the unauthorized state, ignoring all attempts by the client to

authenticate.

C. The switch port will disable 802.1x port-based authentication and cause the port to transition to theauthorized state without any further authentication exchange.

D. The switch port will enable 802.1x port-based authentication and begin relaying authentication messagesbetween the client and the authentication server."Pass Any Exam. Any Time." - www.actualtests.com 77www.CareerCert.infoCisco 642-813: Practice Exam


Explanation/Reference:Explanation:The IEEE 802.1x standard defines a port-based access control and authentication protocol that restrictsunauthorized workstations from connecting to a LAN through publicly accessible switch ports. Theauthentication server authenticates each workstation that is connected to a switch port before making availableany services offered by the switch or the LAN. Until the workstation is authenticated, 802.1x access controlallows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which theworkstation is connected. After authentication succeeds, normal traffic can pass through the port.You control the port authorization state by using the dot1x port-control interface configuration command andthese keywords:force-authorized : Disables 802.1x port-based authentication and causes the port to transition to the authorizedstate without any authentication exchange required. The port transmits and receives normal traffic without802.1x-based authentication of the client. This is the default setting.force-unauthorized : Causes the port to remain in the unauthorized state, ignoring all attempts by the client toauthenticate. The switch cannot provide authentication services to the client through the interface.auto : Enables 802.1x port-based authentication and causes the port to begin in the unauthorized state,allowing only EAPOL frames to be sent and received through the port. The authentication process begins whenthe link state of the port transitions from down to up (authenticator initiation) or when an EAPOL-start frame isreceived (supplicant initiation). The switch requests the identity of the client and begins relaying authenticationmessages between the client and the authentication server. The switch uniquely identifies each clientattempting to access the network by using the client MAC address.Example:

ActualTests.com



QUESTION 65Company has implemented 802.1X authentication as a security enhancement. Which statement is true about802.1x port-based authentication?

A. TACACS+ is the only supported authentication server type.B. If a host initiates the authentication process and does not receive a response, it assumes it is not

authorized.C. RADIUS is the only supported authentication server type.D. Before transmitting data, an 802.1x host must determine the authorization state of the switch.E. Hosts are required to havea 802.1x authentication client or utilize PPPoE.F. None of the other alternatives apply.

ActualTests.com


Explanation/Reference:Explanation:The IEEE 802.1x standard defines a port-based access control and authentication protocol that restrictsunauthorized workstations from connecting to a LAN through publicly accessible switch ports. Theauthentication server authenticates each workstation that is connected to a switch port before making availableany services offered by the switch or the LAN. Until the workstation is authenticated, 802.1x access controlallows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which theworkstation is connected. After authentication succeeds, normal traffic can pass through the port.Authentication server: Performs the actual authentication of the client. The authentication server validates theidentity of the client and notifies the switch whether or not the client is authorized to access the LAN and switchservices. Because the switch acts as the proxy, the authentication



service is transparent to the client. The RADIUS security system with Extensible Authentication Protocol (EAP)extensions is the only supported authentication server.

QUESTION 66The DAI feature has been implemented in the Company switched LAN. Which three statements are true aboutthe dynamic ARP inspection (DAI) feature? (Select three)

A. DAI can be performed on ingress ports only.B. DAI can be performed on both ingress and egress ports.C. DAI is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports.D. DAI should be enabled on the root switch for particular VLANs only in order to secure the ARP caches of

hosts in the domain.E. DAI should be configured on all access switch ports as untrusted and on all switch ports connected to other

switches as trusted.F. DAI is supported on access and trunk ports only.

Correct Answer: ACESection: (none)Explanation

Explanation/Reference:Explanation:To prevent ARP spoofing or "poisoning," a switch must ensure that only valid ARP requests and responses arerelayed. DAI prevents these attacks by intercepting and validating all ARP requests and responses. Eachintercepted ARP reply is verified for valid MAC-address-to-IP-address bindings before it is forwarded to a PC toupdate the ARP cache. ARP replies coming from invalid devices are dropped.DAI determines the validity of an ARP packet based on a valid MAC-address-to-IP-address bindings databasebuilt by DHCP snooping. In addition, to handle hosts that use statically configured IP addresses, DAI can alsovalidate ARP packets against user-configured ARP ACLs. To ensure that only valid ARP requests andresponses are relayed, DAI takes these actions:ActualTests.com* Forwards ARP packets received on a trusted interface without any checks* Intercepts all ARP packets on untrusted ports* Verifies that each intercepted packet has a valid IP-to-MAC address binding before forwarding packets thatcan update the local ARP cache* Drops, logs, or drops and logs ARP packets with invalid IP-to-MAC address bindings

QUESTION 67As the network technician at Company, you need to configure DHCP snooping on a new switch.Which three steps are required? (Select 3)

A. Configure the switch to insert and remove DHCP relay information (option-82 field) in forwarded DHCPrequest messages.

B. Configure DHCP snooping globally.C. Configure the switch as a DHCP server.D. Configure DHCP snooping on an interface.E. Configure all interfaces as DHCP snooping trusted interfaces.F. Configure DHCP snooping on a VLAN or range of VLANs.

Correct Answer: BDFSection: (none)Explanation


Explanation:When you configure DHCP snooping on your switch, you are enabling the switch to differentiate untrustedinterfaces from trusted interfaces. You must enable DHCP snooping globally before you can use DHCPsnooping on a VLAN. You can enable DHCP snooping independently from other DHCP features.To enable DHCP snooping, follow this procedure:

ActualTests.com



You can configure DHCP snooping for a single VLAN or a range of VLANs.

Reference:www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12ew/configuration/guide/dhcp.html#w p1073367

QUESTION 68"Pass Any Exam. Any Time." - www.actualtests.com 84

www.CareerCert.info


What is true about access control on bridged and routed VLAN traffic? (Select three)

A. Router ACLs can be applied to the input and output directions of a VLAN interface.B. Bridged ACLs can be applied to the input and output directions of a VLAN interface.C. Only router ACLs can be applied to a VLAN interface.D. VLAN maps and router ACLs can be used in combination.E. VLAN maps can be applied to a VLAN interface

Correct Answer: ABDSection: (none)Explanation

Explanation/Reference:Explanation:Router ACLs are applied on interfaces as either inbound or outbound. To filter both bridged and routed traffic,VLAN maps can be used by themselves or in conjunction with router ACLs.VLAN ACLs, also called VLAN maps, which filter both bridged and routed packets. VLAN maps can be used tofilter packets exchanged between devices in the same VLAN.

QUESTION 69Refer to the exhibit. The show port-security interface fa0/1 command was issued on switch SW1. Given theoutput that was generated, which two security statement are true? (Choose two.)

A. Interface FastEthernet 0/1 was configured with the switchport port-security aging command.B. Interface FastEthernet 0/1 was configured with the switchport port-security protect command.C. Interface FastEthernet 0/1 was configured with the switchport port-security violation restrict command.D. When the number of secure IP addresses reaches 10, the interface will immediately shut down.E. When the number of secure MAC addresses reaches 10, the interface will immediately shut down and an

SNMP trap notification will be sent.ActualTests.com

Correct Answer: BE

Section: (none)Explanation

Explanation/Reference:Explanation:Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a specific set ornumber of MAC addresses. Those addresses can be learned dynamically or configured statically. The port willthen provide access to frames from only those addresses. If, however, the number of addresses is limited tofour but no specific MAC addresses are configured, the port will allow any four MAC addresses to be learneddynamically, and port access will be limited to those four dynamically learned addresses.Port Security Implementation:



When Switch port security rules violate different action can be applied:1. Protect: Frames from the nonallowed address are dropped, but there is no log of the violation.2. Restrict: Frames from the nonallowed address are dropped, a log message is created, and a Simple NetworkManagement Protocol (SNMP) trap is sent.3. Shutdown: If any frames are seen from a nonallowed address, the interface is errdisabled, a log entry ismade, an SNMP trap is sent, and manual intervention or errdisable recovery must be used to make theinterface usable.

The port will not be shutdown, because it is in protect mode -- not shutdown.

QUESTION 70Refer to the exhibit. What will happen to traffic within VLAN 14 with a source address of 172.16.10.5?

A. The traffic will be forwarded to the router processor for further processing.B. The traffic will be dropped.C. The traffic will be forwarded to the TCAM for further processing.D. The traffic will be forwarded without further processing.


Explanation/Reference:Explanation:VLAN maps, also known as VLAN ACLs or VACLs, can filter all traffic traversing a switch. VLAN maps can beconfigured on the switch to filter all packets that are routed into or out of a VLAN, or are bridged within a VLAN.VLAN maps are used strictly for security packet filtering. Unlike router ActualTests.comACLs, VLAN maps are not defined by direction (input or output).

To create a VLAN map and apply it to one or more VLANs, perform these steps: Create the standard orextended IP ACLs or named MAC extended ACLs to be applied to the VLAN. This access-list will select thetraffic that will be either forwarded or dropped by the access-map. Only traffic matching the 'permit' condition inan access-list will be passed to the access-map for further processing. Enter the vlan access-map access-map-name [ sequence ] global configuration command to create a VLAN ACL map entry. Each access-map canhave multiple entries. The order of these entries is determined by the sequence . If no sequence number isentered, access- map entries are added with sequence numbers in increments of 10. In access mapconfiguration mode, optionally enter an action forward or action drop . The default is to forward traffic. Alsoenter the match command to specify an IP packet or a non-IP packet (with only a known MAC address), and tomatch the packet against one or more ACLs (standard or extended). Use the vlan filter



access-map-name vlan-list vlan-list global configuration command to apply a VLAN map to one or moreVLANs. A single access-map can be used on multiple VLANs.

QUESTION 71Refer to the exhibit. What type of attack is being defended against?

A. snooping attackB. rogue device attackC. STP attackD. VLAN attackE. spoofing attackF. MAC flooding attack

Correct Answer: ESection: (none)Explanation

Explanation/Reference:ActualTests.comExplanation:When DHCP snooping is configured, you can display its status with the following command:

Switch#show ip dhcp snooping [binding]

You can use the binding keyword to display all the known DHCP bindings that have been overheard. The switchmaintains these in its own database.

A switch can use the DHCP snooping bindings to prevent IP and MAC address spoofing attacks. MAC spoofingattacks consist of malicious clients generating traffic by using MAC addresses that do not belong to them. IPspoofing attacks are exactly like MAC spoofing attacks, except that the client uses an IP address that isn't his.

Reference: LAN Switch Security: What Hackers Know About Your Switches, by Eric Vyncke -



CCIE No. 2659; Christopher Paggen - CCIE No. 2659, Cisco Press, Chapter 5.

Section 8: Document results of Security implementation and verification (0 Questions)

QUESTION 72

Company has implemented numerous multilayer switches that utilize FIB tables. Which statement is true aboutthe Forward Information Base (FIB) table?

A. The FIB is derived from the IP routing table and is optimized for maximum lookup throughput.B. The FIB table is derived from the Address Resolution Protocol table, and it contains Layer 2 rewrite (MAC)

information for the next hop.C. When the FIB table is full, a wildcard entry redirects traffic to the Layer 3 engine.D. The FIB lookup is based on the Layer 2 destination MAC address.E. None of the other alternatives apply


Explanation/Reference:Explanation:The Layer 3 engine (essentially a router) maintains routing information, whether from static routes or dynamicrouting protocols. Basically, the routing table is reformatted into an ordered list with the most specific route first,for each IP destination subnet in the table. The new format is called a Forwarding Information Base (FIB) andcontains routing or forwarding information that the network prefix can reference.

In other words, a route to 10.1.0.0/16 might be contained in the FIB, along with routes to 10.1.1.0/24 and10.1.1.128/25, if those exist. Notice that these examples are increasingly more ActualTests.comspecific subnets. In the FIB, these would be ordered with the most specific, or longest match, first, followed byless specific subnets. When the switch receives a packet, it can easily examine the destination address andfind the longest match entry in the FIB. The FIB also contains the next-hop address for each entry. When alongest match entry is found in the FIB, the Layer 3 next-hop address is found, too.

QUESTION 73The Company network needs to pass traffic between VLANs. Which device should be used to accomplish this?

A. Hub"Pass Any Exam. Any Time." - www.actualtests.com 91www.CareerCert.infoCisco 642-813: Practice Exam

B. SwitchC. RouterD. BridgeE. None of the other alternatives apply


Explanation/Reference:Explanation:A VLAN is a virtual LAN contained within a switch, so for it to pass information into a different VLAN within thesame switch it has to leave that switch and re-enter via a router. VLANs contain local traffic only, so in order toreach users in another VLAN the traffic must go through a router or a layer 3 routing processor.

Section 2: Create an implementation plan for the Switch based Layer 3 solution (0 Questions)

QUESTION 74Inter-VLAN routing has been implemented in the Company network. In VLAN routing, what are some of thedisadvantages of designing a router-on-stick configuration? (Select three)

A. InterVLAN routing cannot be filtered by the router.

B. The router becomes a single point of failure for the network.C. Routers will not route STP BPDUs.D. There is a possibility of inadequate bandwidth for each VLAN.E. Additional overhead on the router can occur.F. NetFlow Switching is required for InterVLAN accounting.

ActualTests.com

Correct Answer: BDESection: (none)Explanation

Explanation/Reference:Explanation:A router connected to a switch via a single trunk link is better known as router-on-stick or even a one armedrouter. Since there's only one router, if that router were to go down there'd be no backup. Since there's only onerouter, that router would have to handle all the bandwidth of every VLAN so there's a chance it could beoverloaded, as with the overhead problems of being responsible for too much.Because traffic routed between the VLANs traverse a single physical port, there is the potential to not providefor enough bandwidth for a VLAN at any given time. Inter-VLAN routing also does indeed require additionalconfiguration, management, and overhead.Incorrect Answers:



A: This is not true since routers can indeed filter traffic that is routed between the VLAN subinterfaces.C: This is not an advantage. Since BPDU's are local to the VLAN, there is generally no need to route this trafficbetween the VLANs.F: This does not apply as a disadvantage to inter-VLAN routing.

QUESTION 75You are configuring a Cisco multilayer switch for the Company network. Which command would you use toconfigure a port to act as a routed interface?

A. ip routingB. switchport mode trunkC. no switchportD. switchport trunk native vlan 1E. None of the other alternatives apply


Explanation/Reference:Explanation:Physical switch ports can also operate as Layer 3 interfaces, where a Layer 3 network address is assigned androuting can occur. Figure 13-2 shows an example of this. By default, all switch ports on the Catalyst 6500(native IOS) platforms operate in the Layer 3 mode. For Layer 3 functionality, you must explicitly configureswitch ports with the following command sequence:Switch( config)# interface type mod/numSwitch( config-if)# no switchportSwitch( config-if)# ip address ip-address mask [secondary] The no switchport command takes the port out ofLayer 2 operation. You can then assign a network address to the port, as you would to a router interface.

QUESTION 76Refer to the exhibit. PCs in VLAN 2 are not able to communicate with PCs in VLAN 3. What couldActualTests.combe the cause?



A. IP routing is not enabled.B. VTP is not configured correctly on the interfaces.C. The command mls rp management-interface is missing.D. The command mls rp ip must be disabled to enable the routing.


Explanation/Reference:Explanation:To transport packets between VLANs, you must use a Layer 3 device. Traditionally, this has been a router'sfunction. The router must have a physical or logical connection to each VLAN so that it can forward packetsbetween them. This is known as interVLAN routing . Multilayer switches can perform both Layer 2 switching andinterVLAN routing, as appropriate. Layer 2 switching occurs between interfaces that are assigned to Layer 2VLANs or Layer 2 ActualTests.com trunks. Layer 3 switching can occur between any type of interface, as longas the interface can have a Layer 3 address assigned to it.

The first step in troubleshooting Inter-VLAN routing is to ensure that routing is actually enabled using the showip route command. If no entries are seen in the routing table then IP routing needs to be enabled with thecommand:Switch( config)# ip routing

Section 5: Configure Layer 3 Security (5 Questions)



QUESTION 77The Company security administrator is concerned with VLAN hopping based attacks. Which two statementsabout these attacks are true? (Select two)

A. Attacks are prevented by utilizing the port-security feature.B. An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q

encapsulation.C. Configuring an interface with the switchport mode dynamic command will prevent VLAN hopping.D. An end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q

encapsulation.E. Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.

Correct Answer: BESection: (none)Explanation

Explanation/Reference:Explanation:One of the areas of concern with Layer 2 security is the variety of mechanisms by which packets that are sentfrom one VLAN may be intercepted or redirected to another VLAN, which is called VLAN hopping . VLANhopping attacks are designed to allow attackers to bypass a Layer 3 device when communicating from oneVLAN to another. The attack works by taking advantage of an incorrectly configured trunk port.It is important to note that this type of attack does not work on a single switch because the frame will never beforwarded to the destination. But in a multiswitch environment, a trunk link could be exploited to transmit thepacket. There are two different types of VLAN hopping attacks: Switch spoofing- The network attackerconfigures a system to spoof itself as a switch by emulating either ISL or 802.1q, and DTP signaling. Thismakes the attacker appear to be a switch with a trunk port and therefore a member of all VLANs. Doubletagging- Another variation of the VLAN hopping attack involves tagging the transmitted frames with two 802.1qheaders. Most switches today ActualTests.comperform only one level of decapsulation. So when the first switch sees the double-tagged frame, it strips the firsttag off the frame and then forwards with the inner 802.1q tag to all switch ports in the attacker's VLAN as wellas to all trunk ports. The second switch forwards the packet based on the VLAN ID in the second 802.1qheader. This type of attack works even if the trunk ports are set to off.Mitigating VLAN hopping attacks requires the following configuration modifications: Always use dedicated VLANIDs for all trunk ports. Disable all unused ports and place them in an unused VLAN. Set all user ports tonontrunking mode by disabling DTP. Use the switchport mode access command in the interface configurationmode. For backbone switch-to-switch connections, explicitly configure trunking. Do not use the user nativeVLAN as the trunk port native VLAN. Do not use VLAN 1 as the switch management VLAN.Reference: http://www.ciscopress.com/articles/article.asp?p=474239&seqNum=2



QUESTION 78A hacker on the Company network is attempting to hop onto a different VLAN. Which two ActualTests.comstatements about VLAN hopping are true? (Choose two)

A. An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1qencapsulation.

B. Configuring an interface with the "switchport mode dynamic" command will prevent VLAN hopping.C. Attacks are prevented by utilizing the port-security feature.D. Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.E. An end station attempts to redirect VLAN traffic by broadcasting multiple ARP requests.





When securing VLAN trunks, also consider the potential for an exploit called VLAN hopping. Here, an attackerpositioned on one access VLAN can craft and send frames with spoofed 802.1Q tags so that the packetpayloads ultimately appear on a totally different VLAN, all without the use of a router.

For this exploit to work, the following conditions must exist in the network configuration:? The attacker is connected to an access switch port.? The same switch must have an 802.1Q trunk.? The trunk must have the attacker's access VLAN as its native VLAN. To prevent from VLAN hopping turn offDynamic Trunking Protocol on all unused ports and specify the port be in access mode to limit the user to asingle VLAN.

QUESTION 79Refer to the exhibit. Dynamic ARP inspection (DAI) is enabled on switch SW_A only. Both Host_A and Host_Bacquire their IP addresses from the DHCP server connected to switch SW_A. What would the outcome be ifHost_B initiated an ARP spoof attack toward Host_A ?

ActualTests.com



A. The spoof packets will be inspected at the ingress port of switch SW_A and will be permitted.B. The spoof packets will not be inspected at the ingress port of switch SW_A and will be permitted.C. The spoof packets will not be inspected at the ingress port of switch SW_A and will be dropped.D. The spoof packets will be inspected at the ingress port of switch SW_A and will be dropped.



When configuring DAI, follow these guidelines and restrictions:

DAI is an ingress security feature; it does not perform any egress checking.

DAI is not effective for hosts connected to routers that do not support DAI or that do not have this featureenabled. Because man-in-the-middle attacks are limited to a single Layer 2 broadcast domain, separate thedomain with DAI checks from the one with no checking. This action secures the ARP caches of hosts in thedomain enabled for DAI.

DAI depends on the entries in the DHCP snooping binding database to verify IP-to-MAC address bindings inincoming ARP requests and ARP responses. Make sure to enable DHCP snooping to permit ARP packets thathave dynamically assigned IP addresses.

When DHCP snooping is disabled or in non-DHCP environments, use ARP ACLs to permit or to deny packets.

DAI is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports. In our example,since Company2 does not have DAI enabled (bullet point 2 above) packets will ActualTests.com not beinspected and they will be permitted.Reference:http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/dynarp.html

Section 6: Verify the Switch based Layer 3 solution was implemented properly using show and debugcommands (2 Questions)

QUESTION 80Refer to the exhibit. Host A and Host B are connected to the Catalyst 3550 switch and have been assigned totheir respective VLANs. The rest of the 3550 configuration is the default configuration.



Host A is able to ping its default gateway, 10.10.10.1, but is unable to ping Host B. Given the output displayed inthe exhibit, which statement is true?

A. A separate router is required to support interVLAN routing.B. VTP must be configured to support interVLAN routing.C. VLANs 10 and 15 must be created in the VLAN database mode.D. The global config command ip routing must be configured on the SW1 switch.E. HSRP must be configured on SW1.F. Interface VLAN 10 must be configured on the SW1 switch.

ActualTests.com


Explanation/Reference:Explanation:To transport packets between VLANs, you must use a Layer 3 device. Traditionally, this has been a router'sfunction. The router must have a physical or logical connection to each VLAN so that it can forward packetsbetween them. This is known as interVLAN routing . Multilayer switches can perform both Layer 2 switching andinterVLAN routing, as appropriate. Layer 2 switching occurs between interfaces that are assigned to Layer 2VLANs or Layer 2 trunks. Layer 3 switching can occur between any type of interface, as long as the interfacecan have a Layer 3 address assigned to it.Switch( config)# ip routing command enables the routing on Layer 3 Swtich



QUESTION 81Refer to the exhibit. VLAN2, VLAN3, and VLAN10 are configured on the switch D-SW1. Host computers are onVLAN 2 (10.1.2.0), servers are on VLAN 3 (10.1.3.0), and the management VLAN is on VLAN10 (10.1.10.0).Hosts are able to ping each other but are unable to reach the servers. On the basis of the exhibited output,which configuration solution could rectify the problem?

A. Assign an IP address of 10.1.3.1/24 to VLAN3.B. Configure default gateways to IP address 10.1.10.1 on each host.C. Enable IP routing on the switch D-SW1.D. Configure a default route that points toward network 200.1.1.0/24.E. Configure default gateways to IP address 10.1.2.1 on each host.F. Configure default gateways to IP address 200.1.1.2 on each host.


Explanation/Reference:ActualTests.comExplanation:Although a routed port is configured for connectivity with an external router, Inter-VLAN routing would mostlikely be achieved through the use of a virtual interface.Example:To route between VLANs 10 and 20 which have been configured on the multilayer switch use the followingconfiguration:RouteSwitch( config)# interface vlan 10 RouteSwitch(config-if)# ip address 10.0.10.1 255.255.255.0RouteSwitch(config)# interface vlan 20 RouteSwitch(config-if)# ip address 10.0.20.1 255.255.255.0

Section 7: Document results of Switch based Layer 3 implementation and verification (2



Questions)

QUESTION 82Based on the network diagram and routing table output in the exhibit, which of these statements is true?

A. InterVLAN routing will not occur since no routing protocol has been configured.ActualTests.com

B. InterVLAN routing has been configured properly, and the workstations have connectivity to each other.C. Although interVLAN routing is not enabled, both workstations will have connectivity to each other.D. Although interVLAN routing is enabled, the workstations will not have connectivity to each other.


Explanation/Reference:Explanation:A Layer 2 network can also exist as a VLAN inside one or more switches. VLANs are essentially isolated fromeach other so that packets in one VLAN cannot cross into another VLAN. To transport packets betweenVLANs, you must use a Layer 3 device. Traditionally, this has been a router's function. The router must have aphysical or logical connection to each VLAN so that it


www.CareerCert.info


can forward packets between them. This is known as interVLAN routing . InterVLAN routing can be performedby an external router that connects to each of the VLANs on a switch. Separate physical connections can beused, or the router can access each of the VLANs through a single trunk link.The Switch Port which is connected with Router should be trunk link, You need to configure like:Switch( config)# interface fa 0/1 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunkencapsulation dot1qIn Router you need to configure like:Router( config)# interface fa 0/0 Router(config-if)# description VLAN 1 Router(config-if)# ip address192.168.10.1 255.255.255.0Router( config)# interface fa 0/0.10 Router(config-subif)# description Management VLAN 10 Router(config-subif)# encapsulation dot1q 10 Router(config-subif)# ip address 192.168.91.1 255.255.255.0Router( config)# interface fa 0/0.20 Router(config-subif)# description Engineering VLAN 20 Router(config-subif)# encapsulation dot1q 20 Router(config-subif)# ip address 192.168.20.1 255.255.255.0

QUESTION 83Refer to the exhibit. Both host stations are part of the same subnet but are in different VLANs. On the basis ofthe information presented in the exhibit, which statement is true about an attempt to ping from host to host?

ActualTests.com

A. The two different hosts will need to be in the same VLAN in order for the ping command to be successful.B. A Layer 3 device is needed for the ping command to be successful.C. The ping command will be successful without any further configuration changes.D. A trunk port will need to be configured on the link between Sw_A and Sw_B for the ping command to be

successful."Pass Any Exam. Any Time." - www.actualtests.com 104www.CareerCert.infoCisco 642-813: Practice Exam

Correct Answer: CSection: (none)

Explanation

Explanation/Reference:Explanation:Normally, to transport packets between VLANs, you must use a Layer 3 device. However, in this case the"switchport mode access" command has been used for these ports so the VLAN information will be sent alonguntagged. Devices that are in different VLANs can ping each other as long as they are in the same subnetwhen the VLAN information is untagged.

QUESTION 84Exhibit:



You work as a network technician at Company.com. Please study the exhibit carefully. In this Companywireless network, the LAP (lightweight access point) attempts to register to a WLC (Wireless LAN Controller).What kind of message is transmitted?

A. The lightweight access point will send Layer 2 and Layer 3 Lightweight Access Point (LWAPP) modediscovery request messages at the same time.

B. The lightweight access point will send Layer 3 Lightweight Access Point (LWAPP) mode discovery requestmessages only.

C. The lightweight access point will send Layer 2 Lightweight Access Point (LWAPP) mode discovery requestmessages. If the attempt fails, the LAP will try Layer 3 LWAPP WLC discovery.

D. The lightweight access point will send Layer 2 Lightweight Access Point (LWAPP) mode discovery requestmessages only.


Explanation/Reference:Explanation:This procedure for a LAP to register with a WLC is: The LAP issues a DHCP request to a DHCP server in orderto get an IP address, unless an assignment was made previously with a static IP ActualTests.comaddress. If Layer 2 LWAPP mode is supported on the LAP, the LAP broadcasts an LWAPP discovery messagein a Layer 2 LWAPP frame. Any WLC that is connected to the network and that is configured for Layer 2LWAPP mode responds with a Layer 2 discovery response. If the LAP does not support Layer 2 mode, or if theWLC or the LAP fails to receive an LWAPP discovery response to the Layer 2 LWAPP discovery messagebroadcast, the LAP proceeds to step 3. If step 1 fails, or if the LAP or the WLC does not support Layer 2LWAPP mode, the LAP attempts a Layer 3 LWAPP WLC discovery. If step 3 fails, the LAP resets and returns

to step 1.Reference:http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml

QUESTION 85"Pass Any Exam. Any Time." - www.actualtests.com 106www.CareerCert.info


Refer to the exhibit. The signal transmitted from the AP is reflected off a wall resulting in multipath interferenceat the client end. Which statement is true?

A. The transmitted signal from the AP arrives at the client at slightly different times resulting in phase shifting.B. If signal 2 is close to 360 degrees out of phase with signal 1, the result is essentially zerosignal or a dead

spot in the WLAN.C. Multipath interference is less of an issue when using a DSSS technology because multipath is frequency

selective.D. If signal 1 is in phase with signal 2, the result is essentially zerosignal or a dead spot in the WLAN.E. Multipath interference is solved by using dual antennas.


Explanation/Reference:Explanation:In order to understand diversity using dual antenna's , you must understand multipath distortion. When a radiofrequency (RF) signal is transmitted towards the receiver, the general behavior of the RF signal is to grow wideras it is transmitted further. On its way, the RF signal encounters objects that reflect, refract, diffract or interferewith the signal. When an RF signal is reflected off an object, multiple wavefronts are created. As a result ofthese new duplicate wavefronts, there ActualTests.comare multiple wavefronts that reach the receiver.Diversity is the use of two antennas for each radio, to increase the odds that you receive a better signal oneither of the antennas. The antennas used to provide a diversity solution can be in the same physical housingor must be two separate but equal antennas in the same location. Diversity provides relief to a wireless networkin a multipath scenario. Diversity antennas are physically separated from the radio and each other, to ensurethat one encounters less multipath propagation effects than the other. Dual antennas typically ensure that if oneantenna is in an RF null then the other is not, which provides better performance in multipath environments.You can move the antenna to get it out of the null point and provide a way to receive the signal correctly.Reference:http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008019f646.shtml



QUESTION 86On the Company wireless LAN, A client is searching for an access point (AP). What is the correct processorder that this Company client and access point goes through in order to create a connection?

A. association request/response, probe request/response, authentication request/responseB. association request/response, authentication request/response, probe request/responseC. probe request/response, authentication request/response, association request/responseD. probe request/response, association request/response, authentication request/responseE. None of the other alternatives apply


Explanation/Reference:Explanation:From the Cisco FAQ on Cisco Aironet Wireless Security:What steps does Open Authentication involve for a client to associate with the AP? The client sends a proberequest to the APs. The APs send back probe responses. The client evaluates the AP responses and selectsthe best AP. The client sends an authentication request to the AP. The AP confirms authentication andregisters the client. The client then sends an association request to the AP. The AP confirms the associationand registers the client.Reference:http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e8297.sht ml

QUESTION 87Refer to the exhibit. Which two Lightweight Access Point statements are true? (Choose two.) ActualTests.com

A. An AP that has been upgraded from an autonomous AP to lightweight AP will only function in conjunctionwith a Cisco Wireless LAN controller."Pass Any Exam. Any Time." - www.actualtests.com 108www.CareerCert.infoCisco 642-813: Practice Exam

B. LWAPP increases the amount of processing within the APs, enabling them to support filtering and policyenforcement features.

C. WLAN controllers provide a single point of management.

D. Lightweight APs require local configurations using local management.E. Real time events such as authentication, security management, and mobility are handled by the lightweight

AP.F. Autonomous APs receive control and configuration information from a WLAN controller.

Correct Answer: ACSection: (none)Explanation

Explanation/Reference:Explanation:In the Cisco Centralized Wireless LAN Architecture, access points operate in lightweight mode. The accesspoints associate to a Cisco wireless LAN controller. The controller manages the configuration, firmware, andcontrol transactions such as 802.1x authentications. In addition, all wireless data traffic is tunneled through thecontroller. The Lightweight Access Point Protocol (LWAPP) is an IETF draft protocol that defines the controlmessaging for setup and path authentication and run-time operations. LWAPP also defines the tunnelingmechanism for data traffic.A lightweight access point discovers a controller using LWAPP discovery mechanisms and then sends it anLWAPP join request. The controller sends the access point an LWAPP join response allowing the access pointto join the controller. When the access point is joined to the controller, it downloads its software if the revisionson the access point and controller do not match. Subsequently, the access point is completely under the controlof the controller. No lightweight access point can operate independently from a WLC, including those upgradedfrom an autonomous AP. Each lightweight access point must discover a WLC, issue an LWAPP join request,and if successful, receive a join response to become joined to a controller.Reference:http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnot e.html

ActualTests.com

QUESTION 88As the Company wireless administrator, you required to be knowledgeable about the wireless LANcomponents. Which two statements about these components are true? (Select two)

A. In the autonomous access point solution, control is provided by the WLAN controller.B. In the lightweight access point solution, WLAN management is provided by the WLAN Control System

(WCS).C. In the autonomous access point solution, control is provided by the WDS (Wireless Domain Services).D. Cisco Aironet autonomous access points cannot be supported by the Cisco Unified Wireless Network.E. Ii the lightweight access point solution, WLAN management is provided by the WLAN Solution Engine

(WLSE).ActualTests.com

F. Cisco Aironet lightweight access points cannot be supported by the Cisco Unified Wireless Network.


Explanation/Reference:Explanation:Part 1 Answer:There is a trend in the WLAN space toward centralized intelligence and control. In this new architecture,aWLAN controller system is used to create and enforce policies across many different lightweight accesspoints.



As more vendors migrate to a hierarchical design, and as larger networks are built using lightweight accesspoints, there is a need for a standardized protocol that governs how lightweight access points communicatewith WLAN systems. This is the role of the Internet Engineering Task Force's (IETF's) latest draft specification,Lightweight Access Point Protocol (LWAPP). With LWAPP, large multivendor wireless networks can bedeployed with maximum capabilities and increased flexibility.

Part 2 Answer:Q. Is Cisco SWAN WDS required for RF management when the Cisco SWAN autonomous access pointsolution is used?A. Yes. A WDS device is required for the Cisco SWAN autonomous access-point solution. For deploymentsthat use access-point-based WDS, at least one Cisco SWAN WDS access point per subnet is required for RFmanagement of that subnet. For deployments that use the switch-based WDS on the Cisco Catalyst 6500Series WLSM, up to 300 access points per device across subnets can be supported by a single Cisco Catalyst6500 Series WLSM.References:www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps6306/prod_white_paper0900aecd802c18ee_ns337_Networking_Solutions_White_Paper.htmlActualTests.comwww.cisco.com/en/US/prod/collateral/netmgtsw/ps6380/ps6563/ps3915/prod_qas0900aecd80278 d08.html

QUESTION 89You need to determine the correct wireless LAN topology for use in the Company network. Which threestatements are true about the various WLAN topologies? (Select three)

A. In ad hoc mode, the Independent Basic Service Set (IBSS) is a framework in which mobile clients connectdirectly without an intermediate access point.

B. In Infrastructure mode, the Basic Service Set (BSS) is a framework in which mobile clients use a singleaccess point for connecting to each other or to wired network resources."Pass Any Exam. Any Time." - www.actualtests.com 111www.CareerCert.infoCisco 642-813: Practice Exam

C. In Infrastructure mode, the Extended Services Set (ESS) is a framework in which two or more Basic ServiceSets are connected by a common distribution system (DS).

D. In Infrastructure mode, the Independent Basic Service Setet (IBSS) is a framework in which mobile clientsconnect directly without an intermediate access point.

E. In ad hoc mode, the Basic Service Set (BSS) is a framework in which mobile clients use a single AP forconnecting to each other or to wired network resources.

F. In ad hoc mode, the Extended Services Set (ESS) is a framework in which two or more Basic Service Setsare connected by a common distribution system (DS)


Explanation/Reference:Explanation:A BSS that stands alone and is not connected to a base is called an Independent Basic Service Set (IBSS) or isreferred to as an Ad-Hoc Network. An ad-hoc network is a network where stations communicate only peer topeer. There is no base and no one gives permission to talk. Mostly these networks are spontaneous and can beset up rapidly. Ad-Hoc or IBSS networks are characteristically limited both temporally and spatially.

ActualTests.comFig 1: "Adhoc Mode"When BSS's are interconnected the network becomes one with infrastructure. 802.11 infrastructure has severalelements. Two or more BSS's are interconnected using a Distribution System or DS. This concept of DSincreases network coverage. Each BSS becomes a component of an extended, larger network. Entry to the DSis accomplished with the use of Access Points (AP). An access point is a station, thus addressable. So, datamoves between the BSS and the DS with the help of these access points.Creating large and complex networks using BSS's and DS's leads us to the next level of hierarchy, theExtended Service Set or ESS. The beauty of the ESS is the entire network looks like an independent basicservice set to the Logical Link Control layer (LLC). This means that stations within the ESS can communicate oreven move between BSS?s transparently to the LLC.



Fig 2: Infrastructure ModeReference: http://www.tutorial-reports.com/wireless/wlanwifi/wifi_architecture.php

QUESTION 90Refer to the exhibit.

What are three requirements for configuring Cisco Aironet access points (APs) in a WLAN network which willallow for all wireless clients to work without service interruption while roaming from access point to accesspoint? (Choose three.)

ActualTests.com

A. All access points should be configured with a unique IP subnet range.B. All access points should be configured with the same guest mode SSID.C. All access points should be configured with identical VLANs.D. All access points should be configured within the same IP subnet.E. All access points should be configured with identical SSIDs.F. All access points should be configured only with the native VLAN.

Correct Answer: CDESection: (none)Explanation




This question shows an example of layer 2 roaming. A L2 roam occurs when a WLAN client moves from oneaccess point to another within the same subnet. If the client moves to a new access point on a different IPsubnet, L3 roaming occurs after the L2 roam has completed. Roaming is always a client station decision. Theclient station is responsible for detecting, evaluating, and roaming to an alternative access point. Figure 3Sequence of Events for L2 Roam illustrates a L2 roam.Figure: Sequence of Events for L2 Roam

The arrows in the figure indicate the following events:1.

A client moves from access point A coverage area into access point B coverage area ( with both access pointsin the same subnet ). As the client moves out of the range of access point A, a roaming event (for example,maximum retries) is triggered.2.

The client scans all IEEE 802.11 channels for alternative access points. In this case, the client discovers

access point B and reauthenticates and reassociates to it. After associating to the new access point B, if it isconfigured for 802.1X, the client begins IEEE 802.1X authentication.3.ActualTests.com

Access point B sends a null media access control (MAC) multicast, on the client's virtual local area network(VLAN), using the source address of the client. This updates the content addressable memory ( CAM ) tables ofthe upstream switch and directs further LAN traffic for the client to access point B and not access point A.4.

Using its own source address, access point B sends a MAC multicast, on the native VLAN , telling access pointA that access point B now has the client associated to it. Access point A receives this multicast and removesthe client MAC address from its association table. When a roaming event occurs, the client station scans each802.11 channel. 2 On each channel the client station sends a probe, and waits for a probe responses orbeacons from access points on that channel. The probe responses and beacons received from access pointsare discarded unless they have matching Service Set Identifier (SSID) and encryption settings.



Reference:http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801c 5223.html

QUESTION 91Which two features or capabilities are valid options for both an Autonomous WLAN solution and a LightweightWLAN solution? (Select two)

A. PoE capabilityB. Use of Cisco Secure Access Control Server (ACS) for securityC. Cisco IOS software for configurationD. Cisco Wireless Control System (WCS) for managementE. Use of a Cisco Wireless Location Appliance location for tracking


Explanation/Reference:Explanation:Cisco Aironet access points provide secure, manageable, high-performance, and reliable connectivity withexceptional range and performance. Lightweight access points operate in conjunction with Cisco wireless LANcontrollers and the Wireless Control System (WCS). Standalone (autonomous) access points are managed byCiscoWorks Wireless LAN Solution Engine (WLSE) or CiscoWorks WLSE ExpressCisco Aironet Access PointsWhen originally deployed, the Cisco Aironet 350 Series Access Point was selected as the standard accesspoint for both autonomous and lightweight solutions. The Cisco Aironet 350 Series was the most advanced,fully featured wireless access point available. It supported the 802.11b protocol standard (the most advanced atthat time), which provides data rates of up to 11 Mbps. The Cisco Aironet 350 Series also supported inlinePower over Ethernet (PoE), which ActualTests.comgreatly simplifies installation and reduces costs by eliminating the need for separate, dedicated power cabling tothe main supply.Cisco Secure Access Control Server ( ACS)The Cisco Secure ACS is used as the standard AAA server for the global WLAN and for other recentlyintroduced services such as 802.1x-based port authentication for wired Ethernet ports in public areas and

Network Access Control (NAC), part of the Cisco Self-Defending Network security strategy. Pairs of CiscoSecure ACSs were deployed at strategic locations worldwide. The value of using a globally distributed AAAarchitecture instead of a single AAA server was highlighted by the WLAN deployment. Because of the greaterload that a WLAN creates for AAA, due to authentications and reauthentications (as the client device roamsfrom AP to AP), it was important to ensure that all users did not have to rely upon a single, centralized server.This would have introduced unacceptable delays for users in geographically remote areas. As such, at 13different locations around the world, Cisco placed two ACS servers, in a load-balanced



configuration, that served as AAA servers for that local geographical region. The ACS servers are fullyintegrated with the Cisco Active Directory domain structure, enabling a single sign-on (SSO) capability.Effectively, AD user credentials are used not only for access to their laptops and wired network but also toprovide transparent authentication to the wireless network. SSO has greatly reduced the client impact for usersand has helped ensure a common, user-friendly experience across platforms and transport media. Users needonly remember their normal ID and password for access to their laptop, the wired network, and the wirelessnetwork, and they only have to enter their credentials once each session regardless of the transport mediumthey are using.Reference: http://www.wireless-center.net/Business-Wireless/Technology-Considerations.html

QUESTION 92Company is deploying a Cisco autonomous WLAN solution in their network. Which three components areincluded in this solution? (Select three)

A. Wireless Domain Services (WDS)B. Access Control Server (ACS)C. Lightweight Access Point Protocol (LWAPP)D. Wireless LAN solution Engine (WLSE)E. Wireless Services Module (WISM)F. Wireless Control System (WCS)


Explanation/Reference:Explanation:CiscoWorks WLSE is a complete solution for managing Cisco Aironet autonomous WLAN networks. As themanagement component of the Cisco Autonomous WLAN Solution, CiscoWorks WLSE providescomprehensive air/radio frequency (RF) and device-management capabilities in ActualTests.comways that simplify deployment, reduce operational complexity, and provide administrators visibility into theWLAN.CiscoWorks WLSE provides an easy-to-use deployment wizard to specify the configuration criteria up front.This allows administrators to automate deployment and simultaneously maintain control in rapidly expandingenvironments. The deployment wizard also simplifies and automates the setup of the Wireless DomainServices (WDS) that plays an important role in the Cisco Autonomous WLAN Solution for seamless mobilityand RF aggregation services. WLSE also enables centralized user administration by integrating with CiscoSecure ACS . Users can be defined and mapped to a user role centrally on Cisco Secure ACS.Reference:http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6380/ps6563/ps3915/ps6839/product_data_sheet0900aecd80410b92.html



QUESTION 93You work as a network technician at Company.com. Your boss, Ms. Tess King, is interested in the Aironetenterprise solutions. What should you tell her regarding this? (Select two)

A. The Cisco Aironet AP handles real-time portions of the LWAPP protocol, and the WLAN controller handlesthose items which are not time sensitive.

B. A Cisco Aironet AP handles the transmission of beacon frames and also handles responses to probe-request frames from clients.

C. Virtual MAC architecture allows the splitting of the 802.11 protocol between the Cisco Aironet AP and a LANswitch.

D. A Cisco Aironet solution includes intelligent Cisco Aironet access point (APs) and Cisco Catalyst switches.E. In the Cisco Aironet solution, each AP is locally configured by the use of either a web interface or the

command line interface.


Explanation/Reference:Explanation:Part 1: When LWAPP was first introduced to the WLAN industry in 2002, it revolutionized the way WLANdeployments were managed with the concept of a "split MAC" the ability to separate the real-time aspects of the802.11 protocol from most of its management aspects (Figure 3). In particular, real-time frame exchange andcertain real-time portions of MAC management are accomplished within the access point, while authentication,security management, and mobility are handled by WLAN controllers.

Part 2: When the wireless station is searching for an access point via its built-in scanning function, it is in State1, unauthenticated and unassociated. The station finds an access point either via ActualTests.comlistening for an access point's beacon management frame or through knowing the access point's uniquenetwork name, otherwise named Service Set IDentifiers (SSID). Access points send out beacon managementframes periodically to allow a station waiting to connect to find those access points within transmission range. Astation wishing to connect to a particular access point with known SSID sends out a probe requestmanagement frame to locate the desired access point.



References:http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps6306/prod_white_paper0900aecd802c18ee.html

http://www.swiss.ai.mit.edu/6095/student-papers/spring02-papers/paranoia.htm

QUESTION 94In the Company wireless LAN, what is the function of the Service Set Identifier (SSID)?

A. The SSID must match on both the Company client and the Company access point and provides MACAddress Authentication to authenticate the client to the access point.

B. The SSID should be configured on the Company client site only and provides data-privacy functions andauthentication to the access point.

C. The SSID must match on both the Company client and the Company access point and provides encryptionkeys for authentication to the access point.

D. The SSID must match on both the Company client and the Company access point. The SSID is advertisedin plain-text in the access point beacon messages.

E. None of the other alternatives apply


Explanation/Reference:Explanation:The SSID is the name of the wireless cell. It is used to logically separate Wireless LANs. It must match exactlybetween the client and the access point. The SSID is advertised in plain-text in the access point beaconmessages (Figure 8). Although beacon messages are transparent to users, an eavesdropper can easilydetermine the SSID with the use of an 802.11 wireless LAN packetanalyzer, like Sniffer Pro. Some access-point vendors, including Cisco, offer the option to disable SSID broadcasts in the beacon messages. The SSIDcan still be determined by sniffing the probe response frames from an access point. The SSID is not designed,nor intended for use, ActualTests.comas a security mechanism. In addition, disabling SSID broadcasts might have adverse effects on Wi-Fiinteroperability for mixed-client deployments. Therefore, Cisco does not recommend using the SSID as a modeof security.Reference: A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suitehttp://www.teksell.com/whitepapers/cisco_wireless.pdf

QUESTION 95Refer to the exhibit. Which statement is true about the repeater access point that is deployed in this wirelessnetwork?



A. The repeater access point should use a different SSID than the SSID configured on the parent access point.B. The repeater access point reduces the throughput in half because it receives and then re- transmits each

packet on the same channel.C. The repeater access point requires a 10 percent channel overlap with channel of the root access point.D. The repeater access point should use a different WEP encryption method than the WEP encryption that is

enabled on the parent access point.


Explanation/Reference:Explanation:Understanding Repeater Access PointsA repeater access point is not connected to the wired LAN; it is placed within radio range of an access pointconnected to the wired LAN to extend the range of your infrastructure or to overcome an obstacle that blocksradio communication. You can configure either the 2.4-GHz radio or the 5- GHz radio as a repeater. In accesspoints with two radios, only one radio can be a repeater; the other radio must be configured as a root radio.The repeater forwards traffic between wireless users and the wired LAN by sending packets toActualTests.comeither another repeater or to an access point connected to the wired LAN. The data is sent through the routethat provides the best performance for the client. When you configure an access point as a repeater, theaccess point's Ethernet port does not forward traffic. You can set up a chain of several repeater access points,but throughput for client devices at the end of the repeater chain will be quite low. Because each repeater mustreceive and then retransmit each packet on the same channel, throughput is cut in half for each repeater youadd to the chain.Reference:http://www.cisco.com/en/US/docs/wireless/access_point/12.4_3g_JA/configuration/guide/s43hot.ht ml



QUESTION 96Refer to the exhibit. Which protocol establishes an optimal path to the root in a wireless mesh network?

A. Adaptive Wireless Path (AWP)B. WLAN Quality of Service (WQoS)C. Lightweight Access Point Protocol (LWAPP)D. 802.1Q WLAN trunking protocolE. Layer 2 Roaming (IAPP)

ActualTests.com


Explanation/Reference:Explanation:Mesh networks are scalable outdoor networks that continuously communicate with each other to determine linkpaths. If a link is degraded, the AP will determine whether a better path exists and will route traffic through amore optimal node.Intelligent wireless routing is provided by the patent-pending Adaptive Wireless Path (AWP) protocol. Thisenables each AP to identify its neighbors and intelligently choose the optimal path to the wired network bycalculating the cost of each path in terms of signal strength and the number of hops required to get to acontroller.Reference: Authorized Self-Study Guide Building Cisco Multilayer Switched Networks (BCMSN), Chapter 18http://safari.oreilly.com/1587052733/ch18lev1sec5



QUESTION 97Under which three conditions does a client initiate roaming between wireless cells in the Company WLAN?(Select three)

A. The access point has broadcast too many SSIDs.B. The wireless client has missed too many beacons from the access point.C. The maximum data retry count, initiated by the wireless client, is exceeded.D. The wireless client has reduced the data rate.E. The access point has requested client reauthentication.F. The wireless client has missed too many IAPP (Inter Access Point Protocol) updates.


Explanation/Reference:Explanation:Roaming is always initiated by the client, and is not defined by IEEE standards. For Cisco clients, roaming iscaused by one of the following events.

Maximum data retry count is exceeded

Missed too many beacons

Datarate shift

Initial startupActualTests.com

Periodic client interval (if configured)

Reference:http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801c5223.html#wp39098

QUESTION 98Which three statements are true about implementing wireless LANs in the Company network using Ciscodevices? (Select three)



A. Antenna power is a relative value reference to dBi.B. LWAPP allows encrypted communications between lightweight access points and WLAN controllers.C. Characteristics of antennas are directionality, gain, and polarization.D. Power over Ethernet (PoE) is only available when a WLAN controller is integrated into the network.E. The WLAN solution Engine (WLSE) is used to control lightweight access points.F. One of the advantages of the lightweight WLAN solution is that the devices act indepently.


Explanation/Reference:Explanation:DBi is a unit measuring the gain of an antenna. The reference level or dBi is the strength of the signal thatwould be transmitted by a non-directional isotropic antenna i.e.radiates equally in all directions. This antennaexists as a mathematical concept used only as a known reference to measure antenna gain per dBi. Inelectronics, the term "gain" is often repeated but misunderstood. Gain implies increase e.g 20 dBi but withoutrespect to where the increase originated.

LWAPP is a draft Internet Engineering Task Force (IETF) standard, authored by Cisco Systems, thatstandardizes the communications protocol between lightweight access points and WLAN systems such ascontrollers, switches, and routers. Its goals are to:Reduce the amount of processing within access points, freeing up their computing resources to focusexclusively on wireless access instead offiltering and policy enforcement Enable centralized traffic handling,authentication, encryption , and policy enforcement for an entire WLAN systemProvide a generic encapsulation and transport mechanism for multivendor access point interoperability, usingeither a Layer 2 infrastructure oranIP-routed network When a Cisco LWAPP-enabled access point boots up, itimmediately looks for a wireless LAN controller within the network. After it finds a wireless LAN controller, theLWAPP-enabled access point sends out encrypted "neighbor" messages.ActualTests.comAn antenna gives the wireless system three fundamental properties: gain, direction and polarization. Gain is ameasure of increase in power. Gain is the amount of increase in energy that an antenna adds to a radiofrequency (RF) signal. Direction is the shape of the transmission pattern. Polarization is the physical orientationof the element on the antenna that actually emits the RF energy. An omnidirectional antenna, for example, isusually a vertical polarized antenna.

References:http://wireless-network.wireless-computer-networking.com/dBi.htm http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00807f34d3.shtml



QUESTION 99Study the exhibit shown below carefully. A Cisco Aironet Wireless LAN Client Adapter has been installed andconfigured through the ADU on the PC. The Aironet System Tray Utility (ASTU) has been enabled during theinstallation and the icon appears in the system tray area in the lower right of the desktop as shown:

What is the significance of this icon?

A. It indicates that the client adapter is not associated to an access point or another client.B. It indicates that the radio of the client adapter is disabled.C. It indicates that the client adapter is associated to an access point or another client, but the user is not EAP

authenticated.D. It indicates that the client adapter is associated to an access point or another client, that the user is

authenticated if the client adapter is configured for EAP authentication, and that the signal strength is poor.E. It indicates that the client adapter is associated to an access point or another client, that the user is

authenticated if the client adapter is configured for EAP authentication, and that the signal strength is fair.F. It indicates that the client adapter is associated to an access point or another client, that the user is

authenticated if the client adapter is configured for EAP authentication, and that the signal strength isexcellent or good.


Explanation/Reference:Explanation:ActualTests.comhe appearance of the ASTU icon indicates the connection status of your client adapter. ASTU reads the clientadapter status and updates the icon every 1 to 5 seconds, depending on the value entered for the RefreshInterval on the Display Settings window.



QUESTION 100You work as a network technician at Company.com. Your boss, Mrs. Tess King, is interested in the CiscoCompatible Extensions program. What are three features of this program?

A. AccountingB. Analog and digital voiceC. MobilityD. SecurityE. Routing and switchingF. VLAN and QoS

Correct Answer: CDFSection: (none)Explanation

Explanation/Reference:Explanation:The Cisco Compatible Extensions program ensures the widespread availability of client devices that areinteroperable with a Cisco WLAN infrastructure and take advantage of Cisco innovations for enhanced security,

mobility, quality of service, and network management. Cisco Compatible client devices are sold and supportedby their manufacturers, not Cisco.Versions and FeaturesThere are four versions of the Cisco Compatible specification; each version builds upon its predecessors. Witha few exceptions, every feature that must be supported in one version also must be supported in eachsubsequent version.Features of Cisco Compatible V1 include: Compliance with IEEE 802.11 and Wi-Fi Support for the 802.1Xauthentication type: Cisco LEAP Ability to interoperate with an access point that supports multiple Service SetIdentifiers (SSIDs) tied to multiple VLANs, providing benefits such as flexible security schemes in a mixed clientenvironmentFeatures of Cisco Compatible V2 include: Compliance with Wi-Fi Protected Access (WPA), including supportfor WPA Temporal Key Integrity Protocol (TKIP) encryption Support for the ActualTests.com802.1X authentication type: Protected EAP (PEAP) with EAP-GTC Fast, secure roaming through support of the802.1X key management protocol: Cisco Centralized Key Management (CCKM) Radio frequency (RF)scanning, with scanned data sent to the access point and ultimately to CiscoWorks Wireless LAN SolutionEngine (WLSE) for analysis and performance of RF management functions such as intrusion detection,assisted site survey, and detection of interference sourcesFeatures of Cisco Compatible V3 include: Compliance with WPA 2, including support for Advanced EncryptionStandard (AES) encryption Support for the 802.1X authentication type: EAP- FAST Support for Wi-FiMultimedia (WMM), a subset of the IEEE 802.11e quality of service (QoS) standard defined by the Wi-FiAllianceFeatures of Cisco Compatible V4 include: Support of Cisco Network Admission Control Call admission control -addressing voice over IP (VoIP) stability, roaming, and other QoSrelated issues Support for a power-savingmechanism, U-APSD, in QoS environments VoIP metrics for



reporting to optimize WLAN VoIP performance Enhanced roaming Ability to function as an 802.11 location tagReference: http://www.cisco.com/web/partners/pr46/pr147/partners_pgm_brochure.html

QUESTION 101You work as a network technician at Company.com. Your boss, Mrs. Tess King, is interested in LWAPP(Lightweight Access Point Protocol). What should you tell her regarding this technology? (Select 2)

A. LWAPP is a proprietary protocol, and because of its very high overhead it is not widely adopted.B. Control traffic is encapsulated in UDP packets with a source port of 1024 and a destination port of 12223.C. Layer 3 LWAPP is a UDP/IP Frame that requires a Cisco Aironet AP to obtain an IP address using DHCP.D. Data traffic is encapsulated in UDP packets with a source port of 1024 and a destination port of 12223.E. Control traffic is encapsulated in TCP packets with a source port of 1024 and a destination port of 12223.F. Data traffic is encapsulated in TCP packets with a source port of 1024 and a destination port of 12223.


Explanation/Reference:Explanation:For Layer 3, LWAPP uses packets in a UDP/IP frame. LWAPP control traffic uses source port 1024 or greaterand destination port 12223, and LWAPP data traffic uses source port 1024 or greater and destination port12222. The Cisco wireless LAN controller and access point can be connected to the same VLAN/subnet or to adifferent VLAN/subnet.ActualTests.comIn Layer 3 operation, the access point and the controller can be on the same or different subnets. Layer 3operation is scalable and is recommended by Cisco. A Layer 3 access point on a different subnet than thecontroller requires a DHCP server on the access point subnet and a route to the controller. The route to the

controller must have destination UDP ports 12222 and 12223 open for LWAPP communications. The route tothe primary, secondary, and tertiary controllers must allow IP packet fragments.References:http://www.cisco.com/en/US/docs/wireless/technology/7920/design/guide/7920DG.html http://www.cisco.com/en/US/docs/wireless/access_point/1000/installation/guide/1000h_c3.html



You work as a network technician at Company.com. Your boss, Ms. Tess King, is interested LWAPP(Lightweight Access Point Protocol). In particular she wants to know which type of activities this protocoldefines. What should you tell her? Select two.

A. Layer 3 addressing and distributionB. SNMP monitoring servicesC. Access point certification and software controlD. Packet encapsulation, fragmentation, and formattingE. Compression and Layer 3 address mappingF. User behaviors


Explanation/Reference:Explanation:The LWAPP specification works to address these issues by defining the following types of activities:Access point device discovery, information exchange, and configuration Access point certification and softwarecontrolPacket encapsulation, fragmentation, and formattingCommunications control and management between access point and wireless system device Reference:http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps6306/prod_white_paper0900aecd802c18ee_ns337_Networking_Solutions_White_Paper.html


What type of message will be used by the lightweight access point (LAP) in an attempt to locate the wirelessLAN controller (WLC)?

ActualTests.com

A. The LAP will send out a DNS request. In return, the DNS server will provide the WLC domain name.B. The LAP will send out a Layer 3 LWAPP discovery request to the WLC on the wireless network.


C. The LAP will send out a DHCP request. In return, the DHCP server will provide the IP addresses for theLAP and the WLC.

D. The LAP will send out a Layer 2 LWAPP discovery request to the WLC on the wireless network.



Here is an example. Assume that, in the subnet 172.16.1.0/16, you have an LAP that is already registered withthe WLC, and OTAP is enabled on the WLC. When the new LAP in the 192.168.1.0/24 subnet comes up, theLAP looks for a DHCP server and gets an IP address (if no assignment was made previously with a static IPaddress). The LAP then sends out a discovery request to the local subnet. Because in this scenario there is noWLC in the local subnet, the LAP tries to use OTAP in order to discover WLCs. The LAP listens to neighbormessages that are sent over the air by the LAPs (in the 172.16.1.0/16 subnet) that are already registered andlooks for WLC IP addresses. From the list of WLC IP addresses that the new LAPs learn from the neighbormessages, the new LAPs send out a Layer 3 LWAPP discovery request to the WLCs . The WLCsActualTests.comthat receive this discovery request respond with a Layer 3 LWAPP discovery response.Reference:http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml#t opic2

QUESTION 104What are three functions of the Cisco wireless LAN controller, which is being used in the Company CentralizedWLAN solution network? (Select three)

A. AuthenticationB. MobilityC. Security managementD. Transmission of beacon framesE. Real-time portions of MAC managementF. Real-time aspects of the 802.11 prtocol managementG. SNMP collection


Explanation/Reference:Explanation:Cisco Wireless LAN Controllers work in conjunction with Cisco Lightweight Access Points and the CiscoWireless Control System (WCS) to provide systemwide wireless LAN (WLAN) functions. As components of theCisco Unified Wireless Network, Cisco Wireless LAN Controllers present network administrators with thevisibility and control necessary to effectively and securely manage business-class WLANs and mobility

services, such as enhanced security, voice, guest access, and location services.

ActualTests.com

Features and Benefits of Cisco Wireless LAN Controllers



Reference:http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps6366/prod_brochure0900aecd805aa860.html

QUESTION 105DRAG DROP

You work as a network administrator at Company.com. Your boss, Miss Tess King, is asking youActualTests.comabout lightweight access points WLAN controller associations. What is the proper sequence a lightweightaccess point associates with a WLAN controller?



A.B.C.D.


Explanation/Reference:ActualTests.com



Explanation:

ActualTests.com



Note:The lightweight AP searches for the WLAN Controller via an LWAPP Discovery Request in layer 2 mode notCDP.The lightweight AP chooses the AP Manager with the LEAST (not Most) number of associated access points...

QUESTION 106Which set of statements describes the correct order and process of a Company wireless user client associatingwith a wireless access point in the Company network?

A. 1. Access point sends probe request .2. Client sends probe response.3. Client initiates association.4.Access point accepts association.5. Client adds access point MAC address to ActualTests.comassociation table.

B. 1. Client sends probe request.2. Access point sends probe response.3. Client initiates association.4.Access point accepts association.5. Access point adds client MAC address to association table.

C. 1. Client sends probe request.2. Access point sends probe response.3. Access point initiates association.4.Client accepts association.5. Access point adds client MAC address to association table.

D. 1. Access point sends probe request .2. Client sends probe response.3. Client initiates association.4.Access point accepts association.5. Access point adds client MAC address to association table.

E. 1. Client sends probe request.2. Access point sends probe response.3. Client initiates association.4.Access point accepts association.5. Client adds access point MAC address to association table."Pass Any Exam. Any Time." - www.actualtests.com 140www.CareerCert.infoCisco 642-813: Practice Exam

F. None of the other alternatives apply.


Explanation/Reference:Explanation:Wireless Client Association:In the client association process, access points send out beacons announcing one or more SSIDs, data rates,and other information. The client sends out a probe and scans all the channels and listens for beacons andresponses to the probes from the access points. The client associates to the access point that has thestrongest signal. If the signal becomes low, the client repeats the scan to associate with another access point(this process is called roaming). During association, the SSID, MAC address, and security settings are sentfrom the client to the access point and checked by the access point. The figure below illustrates the clientassociation process.

A wireless client's association to a selected access point is actually the second step in a two-step process.First, authentication and then association must occur before an 802.11 client can pass traffic through theaccess point to another host on the network. Client authentication in this initial ActualTests.comprocess is not the same as network authentication (entering username and password to get access to thenetwork). Client authentication is simply the first step (followed by association) between the wireless client andaccess point, and it establishes communication. The 802.11 standard specifies only two different methods ofauthentication: open authentication and shared key authentication. Open authentication is simply the exchangeof four "hello" type packets with no client or access point verification, to allow ease of connectivity. Shared keyauthentication uses a statically defined WEP key, known between the client and access point, for verification.This same key might or might not be used to encrypt the actual data passing between a wireless client and anaccess point based on user configuration.Reference: http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=3



QUESTION 107Which statement about the Lightweight Access Point Protocol (LWAPP) is true?

A. LWAPP encrypts both control traffic and user data.B. LWAPP encrypts user traffic with an x.509 certificate using AES-CCMP.C. When set to Layer 3, LWAPP uses a proprietary protocol to communicate with the Cisco Aironet APs.D. LWAPP encrypts control traffic between the AP and the controller.E. None of the other alternatives apply.

Correct Answer: DSection: (none)

Explanation

Explanation/Reference:Explanation:The LAP and WLC pair use the lightweight access point protocol (LWAPP) as the tunneling mechanism.

? LWAPP control messages-Exchanges that are used to configure the LAP and manage its operation. Thecontrol messages are authenticated and encrypted so that the LAP is securely controlled by only the WLC.? LWAPP data-Packets to and from wireless clients associated with the LAP. The data is encapsulated withinLWAPP, but is not encrypted or otherwise secured between the LAP and WLC.

Data traffic between Access Point( AP) and Controller is encapsulated with LWAPP.

QUESTION 108You need to troubleshoot some problems in the Company VOIP network associated with jitter.What is the cause of jitter?

A. Packet dropsB. Transmitting too many small packetsC. Variable queue delaysD. CompressionE. None of the other alternatives apply


Explanation/Reference:Explanation:Delay variation or jitter is the difference in the delay times of consecutive packets. A jitter buffer is often used tosmooth out arrival times, but there are instantaneous and total limits on buffering ability. Any type of bufferingused to reduce jitter directly increases total network delay. In general, traffic requiring low latency also requiresa minimum variation in latency. As a design rule, voice networks cannot cope with more than 30 ms of jitter.Jitter in excess of 30 ms will result in degraded audio performance. Excessive jitter in a streaming videoenvironment will result in jerky motion, loss of video quality or loss of video.ActualTests.com

QUESTION 109Refer to the exhibit. Which statement is true about the voice traffic coming to the switch access port that isconnected to the IP phone?



A. A PC connected to a switch port via an IP phone must support a trunking encapsulation.B. The traffic on the voice VLAN must be tagged with 802.1p encapsulation in order to coexist on the same

LAN segment with a PC.

C. A PC connected to a switch port via an IP phone is unaware of the presence of the phone.D. To improve the quality of the voice traffic, no other devices should be attached to the IP phone.E. The voice VLAN must be configured as a native VLAN on the switch.


Explanation/Reference:Explanation:The new voice VLAN is called an auxiliary VLAN in the Catalyst software command-line interface (CLI). In thetraditional switched world, data devices reside in a data VLAN. The new auxiliary VLAN is used to representother types of devices collectively. Today those devices are IP phones (hence the notion of a voice VLAN), but,in the future, other types of non-data devices will also be part of the auxiliary VLAN. Just as data devices comeup and reside in the native VLAN (default VLAN), IP phones come up and reside in the auxiliary VLAN, if onehas been configured on the switch.When the IP phone powers up, it communicates with the switch using CDP. The switch then provides thephone with its configured VLAN ID (voice subnet), also known as the voice VLAN ID or VVID. Meanwhile, datadevices continue to reside in the native VLAN (or default VLAN) of the switch. A data device VLAN (datasubnet) is referred to as a port VLAN ID or PVID.

QUESTION 110VOIP has been implemented at the main office of the Company network. Which two statements are true aboutvoice packets in a LAN? (Select two)

A. Voice carrier stream utilizes Real-Time Transport Protocol (RTP) to carry the audio/media portion of theVoIP communication.ActualTests.com

B. Voice traffic data flow involves large volumes of large packets.C. Because a packet loss involves a small amount of data, voice traffic is less affected by packet losses than

traditional data traffic is.D. Voice packets are encapsulated in TCP segments to allow for proper sequencing during delivery.E. Voice packets are very sensitive to delay and jitter.


Explanation/Reference:Explanation:Two major factors affect voice quality: lost packets and delayed packets. Packet loss causes voice clipping andskips. Packet delay can cause either voice quality degradation, due to the end-to-end voice latency, or packetloss, if the delay is variable. If the end-to-end voice latency becomes too long (250 Msec, for example), theconversation begins to sound like two parties talking on a CB



radio. If the delay is variable, there is a risk of jitter buffer overruns at the receiving end.

QUESTION 111Which three QoS mechanisms can be configured to improve VoIP quality on a converged network? Selectthree.

A. The use of a queuing method that will give VoIP traffic strict priority over other traffic

B. The use of RTP header compression for the VoIP traffic.C. The proper classification and marking of the traffic as close to the source as possibleD. The use of 802.1QinQ trunking for VoIP trafficE. The use of WRED for the VoIP traffic



Explanation/Reference:Explanation:In order to optimize the quality of VOIP calls, QoS should be implemented to ensure that VOIP traffic isprioritized over other traffic types.By providing a strict queue for VOIP traffic, you will ensure that voice calls take precedence over the othertraffic types.In order to properly provide for QoS across the network, the voice traffic should be marked to give priority asclose to the source as possible. This will ensure that the traffic is prioritized end to end.Finally, WRED (Weighted Random Early Detection) could be configured to prevent congestion . WRED can beused to selectively drop less important traffic types, instead of dropping the voice packets when links becomebusy.Incorrect Answers:B: Compression can be used to lower the bandwidth required to transmit VOIP calls, butit will not help withimproving the voice quality. In general, compression of any kindlowers the quality of VOIP.D: The trunking method used will have no bearing on the VOIP quality.

QUESTION 112You need to determine which type of call signaling you want to use in your new VOIP network. What are threeexamples of call control signaling that could be used? (Select three)

A. RTPB. SIPC. G.729D. H.323E. G.711F. MGCP


Explanation/Reference:Explanation:Call Control Signaling:Packets belonging to one of several protocols-those used to set up, maintain, tear down, or redirect a call,depending upon call endpoints. Examples are H.323, Media Gateway Control Protocol (MGCP), and SIP(Session Initiation Protocol) Incorrect Answers:A: The is the protocol used to carry voice packet streams; it is not a signaling protocol.C: These are codec standards used to compress a VOIP call.E: These are codec standards used to compress a VOIP call.

ActualTests.com

QUESTION 113Which three are characteristics of voice traffic in the Company VOIP campus network? (Select three)

A. TCP retransmitsB. UDP priorityC. BurstyD. Delay sensitiveE. GreedyF. Drop sensitive




Explanation:Voice packets are typically small (60 to 120 bytes), they cannot tolerate delay or drops. The result of delays anddrops is often unacceptable voice quality. Because drops cannot be tolerated, User Datagram Protocol (UDP)is used to package voice packets. TCP retransmit capabilities have no value, as by the time a TCP packet isretransmitted for VOIP, it will already be too late for the receiving device to use this packet.

QUESTION 114Company is migrating to VOIP. Which statement is true about utilizing a data network for Voice over IP traffic?

A. Voice traffic will require some form of QoS mechanisms in most networks.B. Because voice traffic volume cannot be calculated, network bandwidth requirements must be determined

from an existing installation.C. Adding bandwidth to the data network is the primary solution to provide for the needs of voice traffic.D. Network congestion must be totally eliminated to provide proper voice traffic performance.E. Voice traffic will require some form of QoS implementation only in congested networks.


Explanation/Reference:Explanation:For VoIP to be a realistic replacement for standard public switched telephone network (PSTN) telephonyservices, customers need to receive the same quality of voice transmission they receive with basic telephoneservices-meaning consistently high-quality voice transmissions. Like other real-time applications, VoIP isextremely bandwidth- and delay-sensitive . For VoIP transmissions to be intelligible to the receiver, voicepackets should not be dropped, excessively delayed, or suffer varying delay (otherwise known as jitter).ActualTests.comVoIP can guarantee high-quality voice transmission only if the voice packets, for both the signaling and audiochannel, are given priority over other kinds of network traffic. For VoIP to be deployed so that users receive anacceptable level of voice quality, VoIP traffic must be guaranteed certain compensating bandwidth, latency, andjitter requirements. QoS ensures that VoIP voice packets receive the preferential treatment they require. Ingeneral, QoS provides better (and more predictable) network service by providing the following features:

Supporting dedicated bandwidth

Improving loss characteristics



Avoiding and managing network congestion

Shaping network traffic

Setting traffic priorities across the network

Reference:http://www.cisco.com/en/US/docs/ios/solutions_docs/qos_solutions/QoSVoIP/QoSVoIP.html

QUESTION 115Refer to the exhibit. Which statement is true about a voice VLAN?

A. Physically the voice network and the data network are separate.B. The voice traffic will normally be on a different IP subnet than will the data traffic.C. End user intervention is necessary to place the phone into the proper VLAN.D. The same security policy should be implemented for both voice and data traffic.E. The data VLAN must be configured as the native VLAN.


Explanation/Reference:Explanation:The new voice VLAN is called an auxiliary VLAN in the Catalyst software command-line interface (CLI). In thetraditional switched world, data devices reside in a data VLAN. The new auxiliary VLAN is used to representother types of devices collectively. Today those devices are IP phones (hence the notion of a voice VLAN), but,in the future, other types of non-data devices will also be part of the auxiliary VLAN. Just as data devices comeup and reside in the native VLAN (default VLAN), IP phones come up and reside in the auxiliary VLAN, if onehas been configured on the ActualTests.comswitch.When the IP phone powers up, it communicates with the switch using CDP. The switch then provides thephone with its configured VLAN ID (voice subnet), also known as the voice VLAN ID or VVID. Meanwhile, datadevices continue to reside in the native VLAN (or default VLAN) of the switch. A data device VLAN (datasubnet) is referred to as a port VLAN ID or PVID.

QUESTION 116You need to configure a new Company Catalyst 3560 switch for a VOIP-enabled office. Which three statementsare true about the voice VLAN feature on this switch? (Select three) ActualTests.com

A. The default CoS value for incoming traffic is set up to 0.

B. The CoS value is trusted for 802.1p or 802.1q tagged traffic.C. PortFast is automatically disabled when a voice VLAN is configured.D. The voice VLAN feature is disabled by default.E. The IP phone accepts the priority of all tagged and untagged traffic and sets the CoS value to 4.F. When the voice VLAN feature is enabled, all untagged traffic is sent according to the default CoS priority of

the port

Correct Answer: ADFSection: (none)Explanation

Explanation/Reference:Explanation:Default Voice VLAN Configuration The voice VLAN feature is disabled by default. When the voice VLAN featureis enabled, all untagged traffic is sent according to the default CoS priority of the port. The default CoS value is0 for incoming traffic. The CoS value is not trusted for 802.1P or "Pass Any Exam. Any Time." -www.actualtests.com 154www.CareerCert.info


802.1Q tagged traffic. The IP Phone overrides the priority of all incoming traffic (tagged and untagged) and setsthe CoS value to 0.Note:

In software releases earlier than Cisco IOS Release 12.1(13 )EA1 , the CoS value is trusted for all 802.1P or802.1Q tagged traffic, and the IP Phone does not override the priority of the incoming traffic.Reference:http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_19_ea1/config uration/guide/swvoip.html

QUESTION 117The voice VLAN feature has been enabled on a new Company Catalyst switch port. What is the effect of this?

A. The CoS is trusted for 802.1P or 802.1Q tagged traffic.B. PortFast is disabled on the port.C. Port Security is automatically enabled on a voice VLAN port.D. Untagged traffic is sent according to the default CoS priority of the port.E. None of the other alternatives apply


Explanation/Reference:Explanation:ActualTests.comDefault Voice VLAN Configuration:The voice VLAN feature is disabled by default.When the voice VLAN feature is enabled, all untagged traffic is sent according to the default CoS priority of theport. The CoS value is not trusted for 802.1P or 802.1Q tagged traffic.Reference:http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_12c_ea1/confi guration/guide/swvoip.html

QUESTION 118Refer to the exhibit. Based upon the information that is given, how will voice traffic from the phone and data

traffic from the PC be handled by SW_1?



A. The switch port will perform marking for the ingress voice and data traffic by using the defaultCoS value atthe switch port.

B. The switch port will trust theCoS value of the ingress voice and data traffic that comes into the switch port.C. The switch port will trust theCoS value of the ingress voice traffic. Data traffic will be marked at the switch

port with the default CoS value.D. The switch port will trust theCoS value of the ingress data traffic. Voice traffic will be marked at the switch

port with the default CoS value.


Explanation/Reference:Explanation:In a typical network, you connect a Cisco IP Phone to a switch port. Traffic sent from the telephone to theswitch is typically marked with a tag that uses the 802.1Q header. The header contains the VLAN informationand the CoS 3-bit field, which determines the priority of the packet. For most Cisco IP Phone configurations, thetraffic sent from the telephone to the switch is trusted to ensure that voice traffic is properly prioritized overother types of traffic in the network. By using the mls qos trust cos interface configuration command, you canconfigure the switch port to which the telephone is connected to trust the CoS labels of all traffic received onthat port.ActualTests.comAfter you enter the mls qos trust cos command, the DSCP values are changed according to the default values,which are listed below:

Reference:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2940/software/release/12.1_19_ea1/config uration/guide/swqos.html


On the basis of the configuration that is provided, how will the traffic coming from the PC be handled?



A. The switch access port is configured to trust the priority of the data that is received from the PC.B. The IP phone access port is configured to override the priority of the data that is received from the PC.C. The IP phone access port is configured to trust the priority of the data that is received from the PC.D. The switch access port is configured to override the priority of the data that is received from the PC.


Explanation/Reference:Explanation:Configuring the IP Phone to Trust the CoS Priority of Incoming Data Frames You can connect a PC or otherdata device to a Cisco7960 IP Phone port. The PC can generate packets with an assigned CoS value. You canconfigure the switch to trust the priority of frames arriving on the IP phone port from connected devices.Beginning in privileged EXEC mode, follow these steps to trust the CoS priority received from the non-voiceport on the Cisco7960 IP Phone:

ActualTests.com

Reference:http://www.cisco.com/en/US/docs/switches/lan/catalyst2940/software/release/12.1_19_ea1/config uration/guide/swvoip.html

QUESTION 120Refer to the exhibit. On basis of the configuration that is provided, where will the trust boundary be establishedin this network?



A. at the PCB. at the access switchC. at the IP phoneD. at the distribution switch


Explanation/Reference:Explanation:The example shown is a properly configured switch where the trust boundary is being set at the access port onthe switch itself. The "switchport voice vlan vlan-id dot1q" command enables voice VLAN on switch port andassociated VLAN.The "mls qos trust cos" command enables QoS (Quality of Services ) based on COS (Class of service).The "switchport priority cos <priority>" value sets the priority values to frame coming from PC to switch port.

QUESTION 121Refer to the exhibit. Which two statements are true about the required switch configurations to support a voiceVLAN? (Choose two.)

A. CDP must be disabled on the switch port to prevent interference between CDP messages and voice traffic.B. Port security cannot be configured on a port that is configured for a voice vlan.C. Static secure MAC addresses should be configured on voice vlan ports to prevent access by devices other

than IP phones.D. CDP must be enabled on the switch port to allow configuration information to be passed to the IP phone.E. Portfast must be enabled on the switch port.

ActualTests.comF. 802.1x authentication cannot be configured on a port configured for a voice vlan.


Explanation/Reference:Explanation:CDP (Cisco Discovery Protocol) must be enabled on switch port connected to IP Phone to recognize the IPPhone by switch and enable Port Fast to bring switch port directly from blocking to forwarding state. The PortFast feature is automatically enabled when voice VLAN is configured. When you disable voice VLAN, the PortFast feature is not automatically disabled.

QUESTION 122Refer to the exhibit. A workstation PC is connected to the Cisco IP phone access port. Based on theconfiguration in the exhibit, how will the traffic be managed?



A. The IP phone access port will override the priority of the frames received from the PC.B. The switch port Fa0/4 will trust the priority for the frames received from the PC.C. The IP phone access port will trust the priority of the frames received from the PC.D. The switch port Fa0/4 will override the priority of the frames received from the PC.


Explanation/Reference:Explanation:When a Cisco IP Phone is connected to a switch port, think of the phone as another switch (which it is). If youinstall the phone as a part of your network, you can probably trust the QoS information relayed by the phone.However, remember that the phone also has two sources of data: The VoIP packets native to the phone - Thephone can control precisely what QoS information is included in the voice packets because it produces thosepackets.* The user PC data switch port -Packets from the PC data port are generated elsewhere, so the QoSinformation can not necessarily be trusted to be correct or fair.ActualTests.comA switch instructs an attached IP Phone through CDP messages as to how it should extend QoS trust to its ownuser data switch port. To configure the trust extension, use the following interface configuration command:

Switch( config-if)# switchport priority extend {cos value | trust}

Normally, the QoS information from a PC connected to an IP Phone should not be trusted. This is because thePC's applications might try to spoof CoS or Differentiated Services Code Point (DSCP) settings to gainpremium network service. In this case, use the cos keyword so that the CoS bits are overwritten to value by theIP Phone as packets are forwarded to the switch. If CoS values from the PC cannot be trusted, they should beoverwritten to a value of 0. In some cases, the PC might be running trusted applications that are allowed torequest specific QoS or levels of service. Here, the IP Phone can extend complete QoS trust to the PC,allowing



the CoS bits to be forwarded through the phone unmodified. This is done with the trust keyword.

QUESTION 123You need to configure a new Cisco router to be installed in the Company VOIP network. Which three interfacecommands will configure the switch port to support a connected Cisco phone and to trust the CoS valuesreceived on the port if CDP discovers that a Cisco phone is attached? (Select three)

A. switchport voice vlan vlan-idB. mls qos trust device cisco-phoneC. switchport priority extend cos_valueD. mls qos trust cosE. mls qos trust override cos


Explanation/Reference:Explanation:1. To configure the IP Phone uplink, just configure the switch port where it connects. The switch instructs the

phone to follow the mode that is selected. In addition, the switch port does not need any special trunkingconfiguration commands if a trunk is wanted. If an 802.1Q trunk is needed, a special-case trunk is negotiatedby Dynamic Trunking Protocol (DTP) and CDP. Use the following interface configuration command to select thevoice VLAN mode that will be used:Switch( config-if)# switchport voice vlan { vlan-id | dot1p | untagged | none}2. mls qos trust [ cos ] : Configure the port trust state. By default, the port is not trusted. All traffic is sentthrough one egress queue. Use the cos keyword to classify ingress packets with the packet CoS values. Theegress queue assigned to the packet is based on the packet CoS value3. mls qos trust device cisco-phone : Configure the Cisco IP Phone as a trusted device on the ActualTests.cominterface.

QUESTION 124Refer to the exhibit. What statement is true about the configuration on switch CAT1?



ActualTests.com

A. The configuration establishes policed DSCP on ports Fa0/11 and Fa0/12 with values ranging from 8 to 56.B. The configuration overrides 802.1p priorities on packets entering ports Fa0/11 and Fa0/12 with a value of

48."Pass Any Exam. Any Time." - www.actualtests.com 165www.CareerCert.infoCisco 642-813: Practice Exam

C. Untagged Port VLAN ID (PVID) frames will carry voice traffic on VLAN 40.D. Two IP phones with the MAC addresses of 0008.8595.d1a7 and 0007.8595.d2b7 are connected to CAT1

ports Fa0/11 and Fa0/12, respectively.E. Security violation shutdown mode has been activated for ports Fa0/11 and Fa0/12.F. The configuration overrides the Quality of Service value in packets entering ports Fa0/11 and Fa0/12 with a

value of 45.


Explanation/Reference:Explanation:Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a specific set ornumber of MAC addresses. Those addresses can be learned dynamically or configured statically. The port willthen provide access to frames from only those addresses. If, however, the number of addresses is limited tofour but no specific MAC addresses are configured, the port will allow any four MAC addresses to be learneddynamically, and port access will be limited to those four dynamically learned addresses.Port Security Implementation:

ActualTests.com

QUESTION 125Refer to the exhibit. Which statement is true when voice traffic is forwarded on the same VLAN used by thedata traffic?

A. The voice traffic cannot be forwarded to the distribution layer.B. The voice traffic cannot use 802.1p priority tagging.C. Port security cannot be enabled on the switch that is attached to the IP phone.

ActualTests.comD. Quality of service cannot be applied for the voice traffic.


Explanation/Reference:Explanation:You can configure a port connected to the Cisco IP Phone to send CDP packets to the phone to configure theway in which the phone sends voice traffic. The phone can carry voice traffic in 802.1Q frames for a specifiedvoice VLAN with a Layer 2 CoS value. It can use 802.1P priority tagging to give voice traffic a higher priority andforward all voice traffic through the native (access) VLAN. The IP phone can also send untagged voice traffic or

use its own configuration to send voice traffic in the access VLAN. In all configurations, the voice traffic carriesa Layer 3 IP precedence value (the default is 5).If the Cisco IP Phone and a device attached to the Cisco IP Phone are in the same VLAN, they must be in thesame IP subnet. These conditions indicate that they are in the same VLAN:



-

They both use 802.1p or untagged frames.-

The Cisco IP Phone uses 802.1p frames and the device uses untagged frames.-

The Cisco IP Phone uses untagged frames and the device uses 802.1p frames.-

The Cisco IP Phone uses 802.1Q frames and the voice VLAN is the same as the access VLAN.Reference:http://www.cisco.com/en/US/products/hw/switches/ps5206/products_configuration_guide_chapter09186a00801a64ea.html

QUESTION 126Refer to the exhibit. A trunk link is connected between switch A_SW and switch D_SW. Based on theconfiguration shown in the exhibit, how would the traffic coming from the switch A_SW be managed?

ActualTests.com



A. The trunk port Fa0/1 on switch A_SW will trust allCoS values on the frames coming from the IP phone.B. The trunk port Fa0/1 on switch A_SW will trust allCoS values on the frames received on the IP phone.C. The trunk port Fa0/1 on switch D_SW will trust allCoS values on the frames coming from port Fa0/1 on

A_SW.D. The trunk port Fa0/1 on switch D_SW will trust allCoS values on the frames received on the A_SW switch

port Fa0/4.E. The trunk port Fa0/1 on switch D_SW will trust allCoS values on the frames received on the IP phone port.



QUESTION 127VOIP is being implemented on the Company network. In a properly designed network, what is the maximumamount of time a voice package should spend crossing a network?



A. 90 millisecondsB. 120 millisecondsC. 150 millisecondsD. 240 milliseconds


Explanation/Reference:Explanation:Delay is the time it takes for VoIP packets to travel between two endpoints and you should design networks tominimize this delay. However, because of the speed of network links and the processing power of intermediatedevices, some delay is expected. The human ear normally accepts up to about 150 milliseconds (ms) of delaywithout noticing problems (the ITU standard recommends no more than 150 ms of one-way delay).Reference:http://www.cisco.com/en/US/products/sw/iosswrel/ps5014/products_feature_guide09186a0080088 0e7.html

QUESTION 128VOIP is being implemented in the Company network and you need to assess the need for QoS. Which of thefollowing network problems would indicate a need to implement QoS features? (Select three)

A. Mis-routed packetsB. Excess jitter

C. Delay of critical trafficD. Packet loss due to congestionE. Data link layer broadcast stormsF. FTP connections unsuccessful

ActualTests.com


Explanation/Reference:Explanation:Loss, jitter, and delay are the three reasons for implementing QoS features on modern networks. Loss is whena packet disappears on a network. Jitter is a timing mismatch between two way traffic, and delay is when apacket takes too long to get somewhere.Incorrect Answers:A: This would indicate a routing problem, or packets being "black-holed." QoS would not help in this situation.E: Broadcast storms indicate a problem on a LAN segment, such as a babbling host, too many hosts, asegment that is too large, a bad application, etc. QoS would not help in this situation.F: If only FTP sessions were having issues, then the FTP application or FTP server should be corrected.Normally, FTP sessions are not delay sensitive due to the re-transmission nature of



TCP and do not require QoS.

QUESTION 129Refer to the exhibit. A trunk link is connected between switch A_SW and switch D_SW. Based on theconfiguration shown in the exhibit, how would the traffic coming from the switch A_SW be managed?

ActualTests.com

A. The trunk port Fa0/1 on switch A_SW will trust allCoS values on the frames coming from the IP phone.B. The trunk port Fa0/1 on switch A_SW will trust allCoS values on the frames received on the IP phone.C. The trunk port Fa0/1 on switch D_SW will trust allCoS values on the frames coming from port Fa0/1 on

A_SW.D. The trunk port Fa0/1 on switch D_SW will trust allCoS values on the frames received on the A_SW switch

port Fa0/4.E. The trunk port Fa0/1 on switch D_SW will trust allCoS values on the frames received on the IP phone port.



Explanation/Reference:Explanation:To enable to QOS, you should enter the msl qos command in global configuration mode. When inboundpackets are accepted into a switch, the switch can be selective about which (if any)

of each packet's QoS information will be trusted. If the packets originate from a trusted source, theQoS information can be safely trusted, too. Usually, it is a best practice to configure switches at the edge of atrusted QoS domain to verify or overwrite any QoS information that comes into the domain . This way, any otherswitch or router within the domain can blindly trust QoS information that is seen.You can configure QoS trust in two ways: Per-interface As part of a QoS policy on specific types of trafficThe per-interface trust is described in the next section. Policy trust is described as part of the section,"Defining a QoS Policy."Trust QoS on an InterfaceOn each interface where consistent QoS trust is to be defined, use the following interface configurationcommand:Switch( config-if)# mls qos trust {cos | dscp | ip-precedence} Applying QoS Trust 407Here, one of the following values can be trusted and used internally as the switch makes forwardingdecisions : The inbound CoS , which is taken from trunking tags DSCP, which is taken from the inbound IPpacket headers IP Precedence, which is also taken from the inbound IP packet headers

ActualTests.com

QUESTION 130Refer to the exhibit. Which switch interface configuration command would automatically configure quality ofservice (QoS) for voice over IP (VoIP) within a QoS domain?

A. switchport priority extend trust"Pass Any Exam. Any Time." - www.actualtests.com 174

www.CareerCert.infoCisco 642-813: Practice Exam

B. mls qos trustC. switchport priority extend cos 7D. auto qos voip cisco-phone


Explanation/Reference:Explanation:You can use the auto-QoS feature to simplify the deployment of existing QoS features. Auto-QoS makesassumptions about the network design, and as a result, the switch can prioritize different traffic flows andappropriately use the ingress and egress queues instead of using the default QoS behavior. (The default is thatQoS is disabled. The switch then offers best-effort service to each packet, regardless of the packet contents orsize, and sends it from a single queue.) When you enable auto-QoS, it automatically classifies traffic based onthe traffic type and ingress packet label. The switch uses the resulting classification to choose the appropriateegress queue. When you enable auto-QoS by using the auto "qos voip cisco-phone", the "auto qos voip cisco-softphone", or the "auto qos voip trust" interface configuration command, the switch automatically generates aQoS configuration based on the traffic type and ingress packet label and applies the appropriate commandsautomatically.Reference:http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_40_se/configur ation/guide/swqos.html#wp1231112

QUESTION 131Refer to the exhibit. What is the effect on the trust boundary of configuring the command mls qos trust cos onthe switch port that is connected to the IP phone?

ActualTests.com

A. Effectively the trust boundary has been moved to the IP phone.B. RTP will be used to negotiate aCoS value based upon bandwidth utilization on the link.C. The switch is rewriting packets it receives from the IP phone and determining theCoS value.D. The switch will no longer tag incoming voice packets and will trust the distribution layer switch to set

theCoS.E. The host is now establishing theCoS value and has effectively become the trust boundary.




Explanation:Configuring Trusted Boundary:In a typical network, you connect a Cisco IP Phone to a switch port. Traffic sent from the telephone to theswitch is typically marked with a tag that uses the 802.1Q header. The header contains the VLAN informationand the CoS 3-bit field, which determines the priority of the packet. For most Cisco IP Phone configurations, thetraffic sent from the telephone to the switch is trusted to ensure that voice traffic is properly prioritized overother types of traffic in the network. By using the "mls qos trust cos" interface configuration command, you canconfigure the switch port to which the telephone is connected to trust the CoS labels of all traffic received onthat port.Reference:http://www.cisco.com/en/US/docs/switches/lan/catalyst2940/software/release/12.1_19_ea1/config uration/guide/swqos.html

QUESTION 132The Cisco AutoQoS feature is being used throughout the Company VOIP network. Which three statementsabout this feature are true? (Select three)

A. The "mls qos" global configuration command must be entered before configuring AutoQoS.B. CEF must be enabled.C. The "no auto qos voip" command is used to disable Cisco AutoQos and revoke all configurations generated

by Cisco AutoQos.D. CDP must be enabled.E. SNMP must be enabled.


Explanation/Reference:ActualTests.comExplanation:All of these answers can be found from the Cisco Auto QOS FAQ document found in the reference link.Portions of this document state:Q. Does CEF need to be enabled for Cisco AutoQoS on routers? A. Yes. Cisco AutoQoS uses Network BasedApplication Recognition (nBAR) to identify various applications and traffic types; CEF is a prerequisite forNBAR. Q. What are the minimum requirements for enabling Cisco AutoQoS on routers and switches? A.Minimum requirements to enable Cisco AutoQoS for VoIP traffic on supported platforms for WAN interfaces:-Configure an IP address on the interface or a sub-interface. -Configure "bandwidth" under any participatinginterfaces or sub-interfaces. For ATM PVC, configure "vbr-nrt" under the PVC.Minimum requirements to enable Cisco AutoQoS for VoIP traffic on supported LAN interfaces for



switch platforms:-CDP must be enabledQ. How do I disable Cisco AutoQoS? What configurations are deleted from router CLI when Cisco AutoQoS isdisabled?A. Issue a "no auto qos voip" command under the interface or VC to disable Cisco AutoQoS. All configurationsgenerated by Cisco AutoQoS that have not been modified by the user will be deleted when it is disabled on aparticular interface.Reference:http://www.cisco.com/en/US/technologies/tk543/tk879/technologies_qas0900aecd8020a589.html


Which three statements are true about the voice VLAN configuration of the Catalyst switch? (Choose three.)

A. The packet priority received from a device that is connected to the phone will be unmodified.B. The packet priority received from a device that is connected to the phone will be overridden.C. Incoming CoS values in packets from the connected phone will be left unmodified.D. Packets without aCoS value that is set by the phone will be set to a value of 5.E. Incoming CoS values in packets from the connected phone will be reset to a value of 5.F. Packets without aCoS value that is set by the phone will be set to the default CoS value.

ActualTests.com

Correct Answer: ACFSection: (none)Explanation

Explanation/Reference:Explanation:Traffic sent from the telephone to the switch is typically marked with a tag that uses the 802.1Q header. Theheader contains the VLAN information and the CoS 3-bit field, which determines the priority of the packet. Formost Cisco IP Phone configurations, the traffic sent from the telephone to the switch is trusted to ensure thatvoice traffic is properly prioritized over other types of traffic in the network. By using the mls qos trust cosinterface configuration command, you can configure the switch port to which the telephone is connected to trustthe CoS labels of all traffic received on that port.You can connect a PC or other data device to a Cisco7960 IP Phone port. The PC can generate packets withan assigned CoS value. You can configure the switch to trust the priority of frames arriving on the IP phone portfrom connected devices. The "switchport priority extend trust"



command is used to set the IP phone access port to trust the priority received from the PC or the attacheddevice.Reference:http://www.cisco.com/en/US/docs/switches/lan/catalyst2940/software/release/12.1_19_ea1/config uration/guide/swvoip.html

QUESTION 134Refer to the exhibit. Which statement is true about the configuration that is shown?



A. Untagged ingress traffic will be dropped.B. Ingress traffic from the host will be tagged with theCoS value of 5.C. Tagged and untagged ingress traffic will be carried on VLAN 1.D. Untagged ingress traffic will be marked with the default CoS value of the port.


Explanation/Reference:Explanation:The "Switchport voice vlan vlan-id dot1q" command enables voice VLAN on switch port and associated VLAN.The "mls qos trust cos" command enables QoS (Quality of Services ) based on COS (Class of service)The "switchport priority cos <priority>" value sets the priority values to frame coming from PC to switch port.Since this has not been explicitly configured, the default CoS value of the port will be used.

ActualTests.com

QUESTION 135You have configured voice VLANs on Catalyst switch R1. Which two statements are true about the operation ofvoice VLANs on this device? (Select two)

A. When the voice VLAN feature is enabled, all untagged traffic is sent according to the default CoS priority ofthe port.

B. Enabling voice VLANs enables the switch to create multiple queues for traffic that is entering a port.C. When voice VLANs are configured on a trunk link, UplinkFast must also be enabled.D. Voice VLANs are configured to enable the switch to forward frames marked with the proper CoS values

over separate physical links."Pass Any Exam. Any Time." - www.actualtests.com 179www.CareerCert.infoCisco 642-813: Practice Exam

E. Enabling voice VLANs enables the switch to forward frames with a specific 802.1P marking.



QUESTION 136Refer to the exhibit. What is the effect when the switchport priority extend cos 3 command is configured on theswitch port interface connected to the IP phone?



A. The IP phone is enabled to override with aCoS value of 3 the existing CoS marking of the PC attached tothe IP phone.

B. The switch will no longer tag incoming voice packets and will extend the trust boundary to the distributionlayer switch.

C. RTP will be used to negotiate aCoS value based upon bandwidth utilization on the link.D. Effectively, the trust boundary has been moved to the PC attached to the IP phone.E. The computer is now establishing theCoS value and has effectively become the trust boundary.


Explanation/Reference:Explanation:The "switchport priority extend cos <priority>" is used to set the IP phone access port to override the priorityreceived from the PC or the attached device. The CoS value is a number from 0 to 7. Seven is the highestpriority. The default is 0. In this case, it has been set to mark all traffic with a class of service value of 3.Reference:http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_14_ea1/config uration/guide/swvoip.html

ActualTests.comSection 3: Implement video support solution (3 Questions)

QUESTION 137Which of the characteristics below is associated with the (QoS) Integrated Services Model?

A. QoS classified at layer 3 using IP precedence or DSCP.B. Guaranteed rate service.C. Implemented using FIFO queues.D. All traffic has an equal chance of being dropped.


Explanation/Reference:Explanation:Cisco IOS QoS includes the following features that provide controlled load service, which is a kind of integratedservice:Resource Reservation Protocol (RSVP) can be used by applications to signal their QoS requirements to the

router.ActualTests.comIntelligent queuing mechanisms can be used with RSVP to provide the following kinds of services:

requirements. For example, a Voice over IP (VoIP) application can reserve 32 Mbps end to end using this kindof service. Cisco IOS QoS uses weighted fair queuing (WFQ) with RSVP to provide this kind of service.

during times of congestion. For example, adaptive real-time applications such as playback of a recordedconference can use this kind of service. Cisco IOS QoS uses RSVP with Weighted Random Early Detection(WRED) to provide this kind of service.Reference:http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter0



9186a008007ff07.html#1000946

QUESTION 138You have just purchased a new Cisco 3560 switch running the enhanced IOS and need configure it to beinstalled in a high availability network. On a 3560 EMI switch, which three types of interfaces can be used toconfigure HSRP? (Select three)

A. SVI interfaceB. Access portC. EtherChannel port channelD. Loopback interfaceE. Routed portF. BVI interface


Explanation/Reference:Explanation:HSRP is a Cisco-proprietary protocol developed to allow several routers (or multilayer switches) to appear as asingle gateway IP address. RFC 2281 describes this protocol in more detail. Basically, each of the routers thatprovides redundancy for a given gateway address is assigned to a common HSRP group. One router is electedas the primary, or active, HSRP router; another is elected as the standby HSRP router; and all the othersremain in the listen HSRP state. The routers exchange HSRP hello messages at regular intervals so they canremain aware of each other's existence and that of the active router.An HSRP group can be assigned an arbitrary group number, from 0 to 255. If you configure HSRP groups onseveral VLAN interfaces, it can be handy to make the group number the same as the VLAN number. However,most Catalyst switches support only up to 16 unique HSRP group numbers. If you have more than 16 VLANs,you will quickly run out of group numbers. An alternative is to make the group number the same (that is, 1) forevery VLAN interface. This is ActualTests.comperfectly valid because the HSRP groups are only locally significant on an interface. In other words, HSRPGroup 1 on interface VLAN 10 is unique and independent from HSRP Group 1 on interface VLAN 11. HSRPcan be configured on SVI, Etherchannel and Routed port.

QUESTION 139You need to configure two Company routers for high availability. Which protocol enables a group of routers toform a single virtual router and use the real IP address of a router as the gateway address?

A. HSRP

B. IRDP"Pass Any Exam. Any Time." - www.actualtests.com 184www.CareerCert.infoCisco 642-813: Practice Exam

C. Proxy ARPD. GLBPE. VRRPF. None of the other alternatives apply


Explanation/Reference:Explanation:The correct answer is VRRP whereby either a virtual or physical address can be chosen as the gatewayaddress. If the physcial address of R2 is the gateway address, then R2 will become the gateway. If R2 goesdown, R3 (or R4 etc) will become the gateway and will assume the IP address which, to it, will be a virtual oneas none of its interfaces are configured with that address. In this scenario. R2, R3 and R4 form one virtualrouter whereby R1's physical addres is used as the gateway address. HSRP does not use physical addressesfor the gateway at all.

Incorrect answer:IRDP is not correct as it does not form a single virtual router. With IRDP, two possible gateways advertisethemselves to the downstream router as potential gateways, one will be configured with a higher preference(lower IRDP preference number) than the other and so its physical interface will be elected as the gatewayaddress. If this router becomes unavailable, the other router's physical address will become the gatewayaddress. No virtual routers or addresses are created. For example, suppose R1 was configured for IRDPdiscovery and was connected to a segment with routers R2 and R3. If R2 was configured with irdp preference20 and R3 was configured as irdp preference 30, R1 would select R2 as its gateway. If R2 was unavailable, R3would be selected. In this instance, R2 and R3 do not communicate with each other and do not form any kind ofvirtal router.

QUESTION 140ActualTests.comYou want to implement a high availability network using two Cisco routers. You also want to ensure that the statof the WAN interfaces can be tracked in doing so. Which router redundancy protocol cannot be configured forinterface tracking?

A. GLBPB. HSRPC. RPRD. VRRPE. SLBF. RPR+G. None of the other alternatives apply




Explanation:The Virtual Router Redundancy Protocol (VRRP) is a standards-based alternative to HSRP, defined in IETFstandard RFC 2338. VRRP is so similar to HSRP that you need to learn only slightly different terminology and acouple of slight functional differences. VRRP provides one redundant gateway address from a group of routers.The active router is called the master router , while all others are in the backup state . The master router is theone with the highest router priority in the VRRP group. VRRP group numbers range from 0 to 255; routerpriorities range from 1 to 254 (254 is the highest; 100 is the default). The virtual router MAC address is of theform 0000.5e00.01 xx , where xx is a two-digit hex VRRP group number. VRRP advertisements are sent at 1-second intervals. Backup routers can optionally learn the advertisement interval from the master router. Bydefault, all VRRP routers are configured to preempt the current master router, if their priorities are greater.VRRP has no mechanism for tracking interfaces to allow more capable routers to take over the master role.

QUESTION 141HSRP has been configured between two Company devices. Which of the following describe reasons fordeploying HSRP? (Select all that apply)

A. HSRP provides redundancy and fault toleranceB. HSRP allows one router to automatically assume the function of the second router if the second router failsC. HSRP allows one router to automatically assume the function of the second router if the second router

startsD. HSRP provides redundancy and load balancing


Explanation/Reference:Explanation:ActualTests.comOne way to achieve near-100 percent network uptime is to use HSRP, which provides network redundancy forIP networks, ensuring that user traffic immediately and transparently recovers from first hop failures in networkedge devices or access circuits. By sharing an IP address and a MAC (Layer 2) address, two or more routerscan act as a single "virtual" router. The members of the virtual router group continually exchange statusmessages. This way, one router can assume the routing responsibility of another, should it go out ofcommission for either planned or unplanned reasons. Hosts continue to forward IP packets to a consistent IPand MAC address, and the changeover of devices doing the routing is transparent. Through the use of multipleHSRP standby groups, traffic can be load balanced between the HSRP routers. For example, users on oneVLAN could use one router as the primary HSRP router, and users on another VLAN can use the other HSRProuter as the primary.



Section 2: Create a High Availability implementation plan (21 Questions)

QUESTION 142Routers R1 and R2 use HSRP so that one router will back up the other should there be a failure. Which twostatements are true about the Hot Standby Router Protocol (HSRP)? (Select two)

A. Load sharing with HSRP is achieved by creating multiple subinterfaces on the HSRP routers.B. Routers configured for HSRP can belong to multiple groups and multiple VLANs.C. Load sharing with HSRP is achieved by creating HSRP groups on the HSRP routers.D. All routers configured for HSRP load balancing must be configured with the same priority.E. Routers configured for HSRP must belong to only one group per HSRP interface.

ActualTests.com


Explanation/Reference:Explanation:HSRP is a Cisco-proprietary protocol developed to allow several routers (or multilayer switches) to appear as asingle gateway address. RFC 2281 describes this protocol in more detail. Basically, each of the routers thatprovides redundancy for a given gateway address is assigned to a common HSRP group. One router is electedas the primary, or active, HSRP router, another is elected as the standby HSRP router, and all the othersremain in the listen HSRP state. The routers exchange HSRP hello messages at regular intervals, so they canremain aware of each other's existence, as well as that of the active router.

An HSRP group can be assigned an arbitrary group number, from 0 to 255. If you configure HSRP groups onseveral VLAN interfaces, it can be handy to make the group number the same as the



VLAN number. However, most Catalyst switches support only up to 16 unique HSRP group numbers. If youhave more than 16 VLANs, you will quickly run out of group numbers. An alternative is to make the groupnumber the same (that is, 1) for every VLAN interface. This is perfectly valid because the HSRP groups areonly locally significant on an interface. HSRP Group 1 on interface VLAN 10 is unique from HSRP Group 1 oninterface VLAN 11.

QUESTION 143You need to decide on the best router redundancy protocol to use in the Company network. Which twostatements are true about HSRP, VRRP, and GLBP? (Select two)

A. GLBP and VRRP allow for MD5 authentication, whereas HSRP does not.B. HSRP allows for multiple upstream active links being simultaneously used, whereas GLBP does not.C. GLBP allows for router load balancing of traffic from a network segment without the different host IP

configurations required to achieve the same results with HSRP.D. Unlike HSRP and VRRP, GLBP allows automatic selection and simultaneous use of multiple available

gateways.E. GLBP allows for router load balancing of traffic from a network segment by utilizing the creation of multiple

standby groups.


Explanation/Reference:Explanation:1. GLBPTo provide a virtual router, multiple switches (routers) are assigned to a common GLBP group. Rather thanhaving just one active router performing forwarding for the virtual router address, all routers in the group canparticipate and offer load balancing by forwarding a portion of the overall traffic.ActualTests.com2. VRRPThe Virtual Router Redundancy Protocol (VRRP) is a standards-based alternative to HSRP, defined in IETFstandard RFC 2338. VRRP is so similar to HSRP that you need to learn only slightly different terminology and acouple of slight functional differences. VRRP provides one redundant gateway address from a group of routers.The active router is called the master router , while all others are in the backup state . The master router is theone with the highest router priority in the VRRP group. VRRP group numbers range from 0 to 255; router

priorities range from 1 to 254 (254 is the highest; 100 is the default). The virtual router MAC address is of theform 0000.5e00.01 xx , where xx is a two-digit hex VRRP group number. VRRP advertisements are sent at 1-second intervals. Backup routers can optionally learn the advertisement interval from the master router. Bydefault, all VRRP routers are configured to preempt the current master router, if their priorities are greater.VRRP has no mechanism for tracking interfaces to allow more capable routers to take over the master role.



3. HSRPHSRP is a Cisco-proprietary protocol developed to allow several routers (or multilayer switches) to appear as asingle gateway address. RFC 2281 describes this protocol in more detail. Basically, each of the routers thatprovides redundancy for a given gateway address is assigned to a common HSRP group. One router is electedas the primary, or active, HSRP router, another is elected as the standby HSRP router, and all the othersremain in the listen HSRP state. The routers exchange HSRP hello messages at regular intervals, so they canremain aware of each other's existence, as well as that of the active router.

QUESTION 144R1 and R2 exchange HSRP between each other in the Company network. In which three HSRP states dorouters send hello messages? (Select three)



A. LearnB. SpeakC. StandbyD. ListenE. ActiveF. Remove

Correct Answer: BCESection: (none)Explanation

Explanation/Reference:Explanation:When HSRP is configured on an interface, the router progresses through a series of states before becomingactive. This forces a router to listen for others in a group and see where it fits into the pecking order. The HSRPstate sequence is Disabled, Init, Listen, Speak, Standby, and, finally, Active.Only the standby (second highest priority) router monitors the hello messages from the active router. By default,hellos are sent every 3 seconds. If hellos are missed for the duration of the holdtime timer (default 10 seconds,or 3 times the hello timer), the active router is presumed down. The standby router is then clear to assume theactive role. If other routers are sitting in the Listen state, the next-highest priority router is allowed to becomethe new standby router.

QUESTION 145To protect against first-hop router failure, four protocols were developed to ensure IP routing redundancy.Which of the following are they? (Select four)

A. HSRPB. IRDPC. ICMP

D. VRRPE. MSTPF. GLBP

Correct Answer: ABDFSection: (none)Explanation

Explanation/Reference:Explanation:A: HSRP is the Hot Standby Routing Protocol, which is the Cisco proprietary method for automatic failover andprovides for redundant default gateways for hosts.B: Some newer IP hosts use the ICMP Router Discovery Protocol (IRDP) (RFC 1256) to find a new router whena route becomes unavailable. A host that runs IRDP listens for hello multicast messages from its configuredrouter and uses an alternate router when it no longer receives those hello messages.D: VRRP is the Virtual Router Redundancy Protocol, which is similar in many ways to HSRP. One keydifference is that VRRP is standards based, where HSRP is Cisco developed.F: Gateway Load Balancing Protocol (GLBP) protects data traffic from a failed router or circuit, like Hot StandbyRouter Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP), while allowing packet load sharingbetween a group of redundant routers.ActualTests.com

QUESTION 146Which one of the statements below correctly describes the Virtual Router Redundancy Protocol (VRRP), whichis being used in the Company network to provide redundancy?

A. A VRRP group has one active and one or more standby virtual routers.B. A VRRP group has one master and one or more backup virtual routers.C. A VRRP group has one master and one redundant virtual router.D. None of the other alternatives apply


Explanation/Reference:Explanation:The Virtual Router Redundancy Protocol (VRRP) feature can solve the static configuration problem. VRRPenables a group of routers to form a single virtual router . The LAN clients can ActualTests.comthen be configured with the virtual router as their default gateway. The virtual router, representing a group ofrouters, is also known as a VRRP group.In a topology where multiple virtual routers are configured on a router interface, the interface can act as amaster for one virtual router and as a backup for one or more virtual routers.Reference:http://www.cisco.com/en/US/products/sw/iosswrel/ps1612/products_feature_guide09186a0080080 a60.html

QUESTION 147DRAG DROPActualTests.comMatch the HSRP states on the left with the correct definition on the right.



A.B.C.D.



ActualTests.com

Explanation:



HSRP defines six states in which an HSRP-enabled router can exist: Initial - This is the state from which therouters begin the HSRP process. This state indicates that HSRP is not running. It is entered via a configurationchange or when an interface first comes up. Learn - The router has not determined the virtual IP address, andhas not yet seen an authenticated hello message from the active router. In this state the router is still waiting tohear from the active router. Listen - The router knows the virtual IP address, but is neither the active router northe standby router. It listens for hello messages from those routers. Routers other than the active and standbyrouter remain in the listen state. Speak - The router sends periodic hello messages and is actively participatingin the election of the active or standby router. A router cannot enter Speak state unless it has the virtual IPaddress. Standby - The router is a candidate to become the next active router and sends periodic hellomessages. Excluding transient conditions, there must be at most one router in the group in Standby state.Active - The router is currently forwarding packets that are sent to the ActualTests.comgroup virtual MAC address. The router sends periodic hello messages. Excluding transient conditions, theremust be at most one router in Active state in the HSRP group.

QUESTION 148In the hardware address 0000.0c07.ac0av, what does 07.ac represent?

A. HSRP well-known physical MAC addressB. Vendor codeC. HSRP router numberD. HSRP group numberE. HSRP well-known virtual MAC address



Explanation/Reference:Explanation:HSRP code (HSRP well-known virtual MAC address) - The fact that the MAC address is for an HSRP virtualrouter is indicated in the next two bytes of the address. The HSRP code is always 07.ac. The HSRP protocoluses a virtual MAC address, which always contains the 07.ac numerical value.Reference: Building Cisco Multilayer Switched Networks (Cisco Press) page 268

QUESTION 149The Company network needs to enhance the reliability of the network. Which of the following protocols providesnetwork redundancy for IP networks, ensuring that user traffic immediately and transparently recovers fromfirst-hop failures in network edge devices or access circuits, as defined by RFC 2281?

A. STPB. IRDPC. ICMPD. HSRPE. None of the other alternatives apply


Explanation/Reference:Explanation:HSRP is defined in RFC 2281. The Hot Standby Router Protocol, HSRP, provides a mechanism which isdesigned to support non-disruptive failover of IP traffic in certain circumstances. In particular, the protocolprotects against the failure of the first hop router when the source host cannot learn the IP address of the firsthop router dynamically. The protocol is designed for use ActualTests.comover multi-access, multicast or broadcast capable LANs (e.g., Ethernet). HSRP is not intended as areplacement for existing dynamic router discovery mechanisms and those protocols should be used insteadwhenever possible. A large class of legacy host implementations that do not support dynamic discovery arecapable of configuring a default router. HSRP provides failover services to those hosts.Reference: http://www.faqs.org/rfcs/rfc2281.html

QUESTION 150What protocol specified by RFC 1256 will allow an enabled IP host a new router when a router becomesunavailable?

A. IRDPB. SNMPC. HSRPD. VRRP


Explanation/Reference:Explanation:Some newer IP hosts use ICMP Router Discovery Protocol (IRDP) (RFC 1256) to find a new router when aroute becomes unavailable. A host that runs IRDP listens for hello multicast ActualTests.commessages from its configured router and uses an alternate router when it no longer receives those hellomessages. The default timer values of IRDP mean that it's not suitable for detection of failure of the first hop.

The default advertisement rate is once every 7 to 10 minutes, and the default lifetime is 30 minutes.

QUESTION 151Which first-hop redundancy solution listed would supply Company clients with MAC address 0000.0C07.AC0Afor group 10 in response to an ARP request for a default gateway?

A. IRDPB. Proxy ARPC. GLBPD. HSRPE. VRRPF. IP Redirects

ActualTests.com


Explanation/Reference:Explanation:HSRP is a Cisco-proprietary protocol developed to allow several routers (or multilayer switches) to appear as asingle gateway IP address. RFC 2281 describes this protocol in more detail. Each router keeps a unique MACaddress for its interface. This MAC address is always associated with the unique IP address configured on theinterface. For the virtual router address, HSRP defines a special MAC address of the form 0000.0c07.acxx,where xx represents the HSRP group number as a two-digit hex value. For example, HSRP Group 1 appearsas 0000.0c07.ac01, HSRP Group 16 appears as 0000.0c07.ac10, and so on.

QUESTION 152You have configured router R1 with HSRP, using the standard defaults. Which three statements are true of adefault HSRP configuration? (Select three)

A. The Standby hello time is 2 seconds.B. Two HSRP groups are configured.C. The Standby track interface priority is 10.D. The Standby hold time is 10 secondsE. The Standby priority is 100.F. The Standby delay is 3 seconds.


Correct Answer: CDESection: (none)Explanation

Explanation/Reference:Explanation:HSRP uses a priority scheme to determine which HSRP-configured router is to be the default active router. Toconfigure a router as the active router, you assign it a priority that is higher than the priority of all the otherHSRP-configured routers. The default priority is 100, so if you configure just one router to have a higher priority,that router will be the default active router. For both HSRP and MHSRP, you can use the tracking feature toadjust the Hot Standby priority of a router based on whether certain of the router's interfaces are available.When a tracked interface becomes unavailable, the HSRP priority of the router is decreased. The defaultdecrement value is 10.The standby timers interface configuration command sets the interval in seconds between hello messages(called the hello time ) to five seconds and sets the duration in seconds that a router waits before it declares the

active router to be down (called the hold time ) to eight seconds. (The defaults are three and 10 seconds,respectively.) If you decide to modify the default values, you must configure each router to use the same hellotime and hold time. Reference: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs009.htm#wp3475

QUESTION 153Refer to the exhibit. The Gateway Load Balancing Protocol has been configured on routers R1 and R2, andhosts A and B have been configured as shown. Which statement can be derived from the exhibit?

A. The hostA default gateway has been configured as 10.88.1.10/24.B. The GLBP weighted load balancing mode has been configured.C. The GLBP round-robin, load-balancing mode has been configured.D. The GLBP host-dependent, load-balancing mode has been configured.E. The hostA default gateway has been configured as 10.88.1.1/24.F. The hostA default gateway has been configured as 10.88.1.4/24.


Explanation/Reference:Explanation:To provide a virtual router, multiple switches (routers) are assigned to a common GLBP group.ActualTests.comRather than having just one active router performing forwarding for the virtual router address, all routers in thegroup can participate and offer load balancing by forwarding a portion of the overall traffic.The advantage is that none of the clients have to be pointed toward a specific gateway address- they can allhave the same default gateway set to the virtual router IP address. The load balancing is provided completelythrough the use of virtual router MAC addresses in ARP replies returned to the clients. As a client sends anARP request looking for the virtual router address, GLBP sends back an ARP reply with the virtual MACaddress of a selected router in the group. The result is that all clients use the same gateway address but havediffering MAC addresses for it.

QUESTION 154You want to allow Router R1 to immediately become the active router if its priority is highest than the activerouter fails. What command would you use if you wanted to configure this?

A. en standby preemptB. standby preempt enable


C. standby preemptD. hot standby preempt


Explanation/Reference:Explanation:The HSRP preemption feature enables the router with highest priority to immediately become the Active router.Priority is determined first by the priority value that you configure, and then by the IP address. In each case ahigher value is of greater priority. When a higher priority router preempts a lower priority router, it sends a coupmessage. When a lower priority active router receives a coup message or hello message from a higher priorityactive router, it changes to the speak state and sends a resign message. To configure preemption, use the"standby standby-number preempt" command.

QUESTION 155Which command will need to be added to External_A to ensure that it will take over if serial 0/0 on External_Bfails?

ActualTests.com

A. standby 1 priority 130B. standby 1 preemptC. standby 1 track fastethernet 0/0

D. standby 1 track 10.10.10.1




Explanation:You can configure a router to preempt or immediately take over the active role if its priority is the highest at anytime. Use the following interface configuration command to allow preemption:Switch( config-if)# standby group preempt [delay seconds] By default, the router can preempt anotherimmediately, without delay. You can use the delay keyword to force it to wait for seconds before becomingactive. This is usually done if there are routing protocols that need time to converge.

QUESTION 156On a 3550 EMI switch, which three types of interfaces can be used to configure HSRP? (Select three)

A. Loopback interfaceB. SVI interfaceC. Routed portD. Access portE. EtherChannel port channelF. BVI interface

Correct Answer: BCESection: (none)Explanation

Explanation/Reference:Explanation:This Hot Standby Router Protocol (HSRP) provides routing redundancy for routing IP traffic without beingdependent on the availability of any single router. To use this feature, you must have the enhanced multilayersoftware image installed on your switch. All Catalyst 3550 Gigabit Ethernet switches ship with the enhancedmultilayer software image (EMI) installed. Catalyst 3550 Fast Ethernet switches can be shipped with either thestandard multilayer software image (SMI) or EMI pre-installed. You can order the Enhanced Multilayer SoftwareImage Upgrade kit to upgrade ActualTests.comCatalyst 3550 Fast Ethernet switches from the SMI to the EMI. Only routed interfaces that provide access tohosts can be configured for HSRP. These interfaces include: routed Ethernet, routed fast Ethernet, routedGigabit Ethernet, SVI, and EtherChannel.Reference:http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00800c9fec.html

QUESTION 157Refer to the exhibit. Which Virtual Router Redundancy Protocol (VRRP) statement is true about the roles of themaster virtual router and the backup virtual router?



A. Router A is the master virtual router, and Router B is the backup virtual router. When Router A fails, RouterB will become the master virtual router. When Router A recovers, Router B will maintain the role of mastervirtual router.

B. Router B is the master virtual router, and Router A is the backup virtual router. When Router B fails, RouterA will become the master virtual router. When Router B recovers, it will regain the master virtual router role.

C. Router A is the master virtual router, and Router B is the backup virtual router. When Router A fails, RouterB will become the master virtual router. When Router A recovers, it will regain the master virtual router role.

D. Router B is the master virtual router, and Router A is the backup virtual router. When Router BActualTests.comfails, Router A will become the master virtual router. When Router B recovers, Router A will maintain therole of master virtual router.


Explanation/Reference:Explanation:An important aspect of the VRRP redundancy scheme is VRRP router priority. Priority determines the role thateach VRRP router plays and what happens if the master virtual router fails. If a VRRP router owns the IPaddress of the virtual router and the IP address of the physical interface, this router functions as a mastervirtual router. Priority also determines if a VRRP router functions as a backup virtual router and determines theorder of ascendancy to becoming a master virtual router if the master virtual router fails. You can configure thepriority of each backup virtual router with a value of 1 through 254, using the vrrp priority command.


www.CareerCert.info


For example, if Router A, the master virtual router in a LAN topology, fails, an election process takes place todetermine if backup virtual Routers B or C should take over. If Routers B and C are configured with thepriorities of 101 and 100, respectively, Router B is elected to become master virtual router because it has thehigher priority. If Routers B and C are both configured with the priority of 100, the backup virtual router with thehigher IP address is elected to become the master virtual router.By default, a preemptive scheme is enabled whereby a higher-priority backup virtual router that becomesavailable takes over for the backup virtual router that was elected to become master virtual router. You candisable this preemptive scheme using the no vrrp preempt command. If preemption is disabled, the backupvirtual router that is elected to become master virtual router remains the master until the original master virtualrouter recovers and becomes master again.Reference:http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.5/addr_serv/configuration/guide/ic35vrrp.htm l

QUESTION 158Refer to the exhibit. What is the configuration an example of?

ActualTests.com

A. GLBP weightingB. default AVF and AVG configurationC. GLBP MD5 authenticationD. GLBP text authenticationE. GLBP timer manipulation


Explanation/Reference:Explanation:Configuring GLBP Weighting: ExampleIn the following example, Router A, shown in Figure 1, is configured to track the IP routing state of the POSinterface 5/0 and 6/0, an initial GLBP weighting with upper and lower thresholds is set, and a weightingdecrement value of 10 is set. If POS interface 5/0 and 6/0 goes down, the



weighting value of the router is reduced.

track 1 interface POS 5/0 ip routingtrack 2 interface POS 6/0 ip routinginterface fastethernet 0/0glbp 10 weighting 110 lower 95 upper 105glbp 10 weighting track 1 decrement 10glbp 10 weighting track 2 decrement 10glbp 10 forwarder preempt delay minimum 60Reference:http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_glbp_ps6922_TSD_Products_Configuration_Guide_Chapter.html#wp1055542

QUESTION 159Refer to the exhibit. What is the result of setting GLBP weighting at 105 with lower threshold 90 and upperthreshold 100?

ActualTests.com

A. Only if both tracked objects are up will this router will be available as an AVF for group 1.B. Only if the state of both tracked objects goes down will this router release its status as an AVF for group 1.C. If both tracked objects go down and then one comes up, but the other remains down, this router will be

available as an AVF for group 1."Pass Any Exam. Any Time." - www.actualtests.com 214www.CareerCert.infoCisco 642-813: Practice Exam

D. This configuration is incorrect and will not have any effect on GLBP operation.E. If the state of one tracked object goes down then this router will release its status as an AVF for group 1.


Explanation/Reference:Explanation:To define the weighting thresholds for the interface with the following interface configuration command:

Switch( config-if)# glbp group weighting maximum [lower lower] [upper upper]

You must configure GLBP to know which objects to track so that the weighting can be adjusted with thefollowing interface configuration command:

Switch( config-if)# glbp group weighting track object-number [decrement value]

When the tracked object fails, the weighting is decremented by value (1 to 254, default 10).

Section 5: Implement switch supervisor redundancy (3 Questions)

QUESTION 160ActualTests.comCompany has a Catalyst 6500 and you need to configure redundancy between the supervisor modules. Withroute processor redundancy (RPR+), the redundant supervisor engine is fully initialized and configured, whichshortens the switchover time if the active supervisor engine fails. Which three statements are true about theRPR + operations when the redundant supervisor engine switched over the failed primary supervisor engine?(Choose three)

A. Static IP routes are maintained across a switchover because they are configured from entries in theconfiguration file.

B. Information about dynamic routing states, maintained on the active supervisor engine, is synchronized tothe redundant supervisor engine and is transferred during the switchover.

C. Information about dynamic routing states, maintained on the active supervisor engine, is not synchronizedto the redundant supervisor engine and is lost on switchover."Pass Any Exam. Any Time." - www.actualtests.com 215www.CareerCert.infoCisco 642-813: Practice Exam

D. The Forwarding Information Base (FIB) tables are cleared on a switchover. As a result, routed traffic isinterrupted until route tables reconverge.

E. Static IP routes are cleared across a switchover and recreated from entries in the configuration file on theredundant supervisor engine.

F. The Forwarding Information Base (FIB) tables are maintained during the switchover. As a result, routedtraffic continues without any interruption when the failover occurs.

Correct Answer: ACDSection: (none)Explanation

Explanation/Reference:Explanation:The following guidelines and restrictions apply to RPR+:

RPR+ redundancy does not support configuration entered in VLAN database mode. Use global configurationmode with RPR+ redundancy.

Configuration changes made through SNMP are not synchronized to the redundant supervisor engine. Enter a "copy running-config startup-config " command to synchronize the configuration on the redundant supervisorengine.

Supervisor engine redundancy does not provide supervisor engine mirroring or supervisor engine loadbalancing. Only one supervisor engine is active. Network services are disrupted until the redundant supervisorengine takes over and the switch recovers.

With RPR+, both supervisor engines must run the same version of Cisco IOS software. If the supervisorengines are not running the same version of Cisco IOS software, the redundant supervisor engine comesonline in RPR mode.

ActualTests.com

The Forwarding Information Base (FIB) tables are cleared on a switchover. As a result, routed traffic isinterrupted until route tables reconverge.

Static IP routes are maintained across a switchover because they are configured from entries in theconfiguration file.

Information about dynamic states maintained on the active supervisor engine is not synchronized to theredundant supervisor engine and is lost on switchover.Reference:http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/r edund.html




Which two statements are true about the output from the show standby vlan 50 command? (Choose two.)



A. multipoint control unit (MCU) Catalyst_A.

B. Hosts using the default gateway address of 192.168.1.1 will have their traffic sent to 192.168.1.11 evenafter Catalyst_A becomes available again.

C. Hosts using the default gateway address of 192.168.1.2 will have their traffic sent to Catalyst_A.D. Catalyst_A is load sharing traffic in VLAN 50.


Explanation/Reference:Explanation:HSRP uses a priority scheme to determine which HSRP-configured router is to be the default active router. Toconfigure a router as the active router, you assign it a priority that is higher than the priority of all the otherHSRP-configured routers. The default priority is 100, so if you configure just one router to have a higher priority,that router will be the default active router. HSRP works by the exchange of multicast messages that advertisepriority among HSRP- ActualTests.comconfigured routers. When the active router fails to send a hello message within a configurable period of time,the standby router with the highest priority becomes the active router. The transition of packet- forwardingfunctions between routers is completely transparent to all hosts on the network.HSRP-configured routers exchange three types of multicast messages:

Hello - The hello message conveys to other HSRP routers the router's HSRP priority and state information. Bydefault, an HSRP router sends hello messages every three seconds.

Coup - When a standby router assumes the function of the active router, it sends a coup message.



Resign - A router that is the active router sends this message when it is about to shut down or when a routerthat has a higher priority sends a hello message. At any time, HSRP-configured routers are in one of thefollowing states:

Active - The router is performing packet-transfer functions.

Standby - The router is prepared to assume packet-transfer functions if the active router fails.

Speaking and listening - The router is sending and receiving hello messages.

Listening - The router is receiving hello messages.

The standby preempt interface configuration command allows the router to become the active router when itspriority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of bothrouters include this command so that each router can be the standby router for the other router. The 1 indicatesthat this command applies to Hot Standby group 1. If you do not use the standby preempt command in theconfiguration for a router, that router cannot become the active router.

QUESTION 162

Refer to the exhibit. Based upon the debug output that is shown, which three statements about HSRP are true?(Choose three.)

ActualTests.com

A. The router with IP address 172.16.11.111 haspreempt configured.B. The final active router is the router with IP address 172.16.11.111.C. The router with IP address 172.16.11.112 has nonpreempt configured.D. The priority of the router with IP address 172.16.11.112 is preferred over the router with IP address

172.16.11.111.E. The router with IP address 172.16.11.112 is using default HSRP priority.


F. The IP address 172.16.11.115 is the virtual HSRP IP address.

Correct Answer: ABFSection: (none)Explanation

Explanation/Reference:Explanation:Each router in an HSRP group has its own unique IP address assigned to an interface. This address is used forall routing protocol and management traffic initiated by or destined to the router. In addition, each router has acommon gateway IP address, the virtual router address, that is kept alive by HSRP. This address is alsoreferred to as the HSRP address or the standby address . Clients can point to that virtual router address astheir default gateway, knowing that a router always keeps that address active. Keep in mind that the actualinterface address and the virtual (standby) address must be configured to be in the same IP subnet. You canassign the HSRP address with the following interface command:

Switch( config-if)# standby group ip ip-address [secondary]

When HSRP is used on an interface that has secondary IP addresses, you can add the secondary keyword sothat HSRP can provide a redundant secondary gateway address.

You can configure a router to preempt or immediately take over the active role if its priority is the highest at anytime. Use the following interface configuration command to allow preemption:Switch( config-if)# standby group preempt [delay seconds] By default, the router can preempt anotherimmediately, without delay. You can use the delay keyword to force it to wait for seconds before becomingactive. This is usually done if there are routing protocols that need time to converge.

QUESTION 163Examine the router output above. Which two items are correct? (Choose two.)

ActualTests.com

A. The local IP address of Router A is 10.1.0.6.B. The local IP address of Router A is 10.1.0.20.C. If Ethernet 0/2 goesdown, the standby router will take over.D. When Ethernet 0/3 of RouterA comes back up, the priority will become 105.E. Router A will assume the active state if its priority is the highest.




Explanation:Since preemption has been configured, we know that when any router comes back up, it will become the activerouter as long as it has a higher priority value. In this example, the current priority shows it to be 95. If theinterface were to come up, it would now be 95 + 10 (which is the default value) so the total value would thenbecome 105. If fast0/2 were to come up as well, it would then be 105 + 15 (special override as seen in thecommand) = 120.Reference:http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_12c_ea1/confi guration/guide/swhsrp.html

QUESTION 164Which three of the following network features are methods used to achieve high availability? (Select all thatapply.)

A. Spanning Tree Protocol (STP)B. Delay reductionC. Hot Standby Routing Protocol (HSRP)D. Dynamic routing protocolsE. Quality of Service (QoS)

F. Jitter management

Correct Answer: ACDSection: (none)Explanation

Explanation/Reference:Explanation:Because the importance of high availability networks is increasingly being recognized, many organizations arebeginning to make reliability/availability features a key selection criteria for network infrastructure products. Withthis in mind, Cisco Systems engaged ZD Tag to observe and confirm the results of a series of testsdemonstrating the high availability features of Cisco Catalyst Layer 2/Layer 3 switches. In order to maximize therelevance of the results, the demonstration was based on a model of a "real world" campus (in one of Cisco'sEnterprise Solution Center labs in San Jose , California ).This switched internetwork consisted of wiring closet, wiring center, and backbone switches and conformed toCisco's modular three-tier (Access/Distribution/Core) design philosophy. The testing demonstrated the followinghigh availability and resilience features of Catalyst switches: per-VLAN Spanning Tree (PVST) using Cisco'sInterSwitch Link (ISL) and 802.1Q VLAN Trunking Cisco ActualTests.comSpanning Tree Enhancements, including UplinkFast and PortFast Cisco Hot Standby Router Protocol (HSRP)and HSRP Track Cisco IOS per-destination load balancing over equal cost OSPF paths Cisco IOS fastconvergence for OSPFReference: http://www.cisco.com/warp/public/779/largeent/learn/technologies/campuslan.pdf

QUESTION 165ActualTests.comRefer to the exhibit. Host A has sent an ARP message to the default gateway IP address 10.10.10.1. Whichstatement is true?



A. DSw2 will reply with the IP address of the next AVF.B. DSw1 will reply with the MAC address of the next AVF.C. Because of the invalid timers that are configured, DSw1 will not reply.D. DSw1 will reply with the IP address of the next AVF.E. Because of the invalid timers that are configured, DSw2 will not reply.F. DSw2 will reply with the MAC address of the next AVF.

Correct Answer: FSection: (none)Explanation

Explanation/Reference:Explanation:The Gateway Load Balancing Protocol (GLBP) is a Cisco-proprietary protocol designed to overcome thelimitations of existing redundant router protocols. Some of the concepts are the same as with HSRP/VRRP, butthe terminology is different and the behavior is much more dynamic and robust.The trick behind this load balancing lies in the GLBP group. One router is elected the active virtualActualTests.comgateway (AVG). This router has the highest priority value, or the highest IP address in the group, if there is nohighest priority. The AVG answers all ARP requests for the virtual router address. Which MAC address itreturns depends on which load-balancing algorithm it is configured to use. In any event, the virtual MACaddress supported by one of the routers in the group is returned. According to exhibit, Router Company2 is theActive Virtual Gateway (AVG) router because it has highest IP address even having equal priority. When routerCompany1 sends the ARP message to 10.10.10.1 Router Company2 will reply to Company1 as a Active VirtualRouter.

QUESTION 166Refer to the exhibit. Based on the debug standby output in the exhibit, which HSRP statement is true?



A. DSW111 is the active router because it is the only HRSP-enabled router on that segment.B. DSW111 is the active router because the standby timer has been incorrectly configured.C. DSW111 is the active router because it has a lower priority on that VLAN.D. DSW111 is the active router because it has a lower IP address than the tying priority router on that VLAN.E. DSW111 is the active router and is advertising the virtual IP address 10.10.10.111 on VLAN 11.


Explanation/Reference:Explanation:Answer A is correct because there is no response from the HSRP neighbor. As we can see from the exhibit, theneighbor discovery timer has expired and the standby router is unknown.

Section 7: Document results of High Availability implementation and verification (7 Questions)

ActualTests.com

QUESTION 167Refer to the exhibit and the partial configuration on routers R1 and R2. Hot Standby Routing Protocol (HSRP) isconfigured on the network to provide network redundancy for the IP traffic. The network administrator noticedthat R2 does not become active when the R1 serial0 interface goes down. What should be changed in theconfiguration to fix the problem?


www.CareerCert.info


A. The Serial0 interface on router R2 should be configured with a decrement value of 20.B. The Serial0 interface on router R1 should be configured with a decrement value of 20.C. R2 should be configured with a standby priority of 100.D. R2 should be configured with a HSRP virtual address.


Explanation/Reference:Explanation:You can configure a router to preempt or immediately take over the active role if its priority is the highest at anytime. Use the following interface configuration command to allow preemption:Switch( config-if)# standby group preempt [delay seconds] By default, the router can preempt anotherimmediately, without delay. You can use the delay keyword to force it to wait for seconds before becomingactive. This is usually done if there are routing protocols that need time to converge.

ActualTests.com

QUESTION 168Routers R1 and R2 are configured for HSRP as shown below:

Router R1:interface ethernet 0ip address 20.6.2.1 255.255.255.0standby 35 ip 20.6.2.21standby 35 priority 100interface ethernet 1ip address 20.6.1.1.2 255.255.255.0standby 34 ip 20.6.1.21

Router R2:interface ethernet 0ip address 20.6.2.2 255.255.255.0standby 35 ip 20.6.2.21interface ethernet 1ip address 20.6.1.1.1 255.255.255.0standby 34 ip 20.6.1.21standby 34 priority 100

You have configured the routers R1 & R2 with HSRP. While debugging router R2 you notice very frequentHSRP group state transitions. What is the most likely cause of this?

A. physical layer issuesB. no spanning tree loops

ActualTests.comC. use of non-default HSRP timersD. failure to set the command standby 35 preempt


Explanation/Reference:Explanation:R2 is not able to from the standby state to reach the active state. This could be caused by missing HSRP hellomessages. There are several possible causes for HSRP packets to get lost between the peers. The mostcommon problems are Physical Layer Problems or excessive network traffic caused by Spanning-Tree Issues.Note:Hot Standby Routing Protocol (HSRP) is a Cisco proprietary protocol used for allowing redundant connections.It can keep core connectivity if the primary routing process fails. HSRP defines six states in which an HSRProuter may run: initial, learn, listen, speak, standby,



and active.Incorrect Answers:B: Spanning tree loops does not affect this problem.C: Not a likely cause. Besides, in the example here the default values were indeed used.


Which three statements accurately describe this GLBP topology? (Choose three.)

A. Router A is responsible for answering ARP requests sent to the virtual IP address.B. If Router A becomes unavailable, Router B will forward packets sent to the virtual MAC address of Router

A.C. Router A alternately responds to ARP requests with different virtual MAC addresses.

ActualTests.comD. Router B will transition from blocking state to forwarding state when it becomes the AVG.E. If another router were added to this GLBP group, there would be two backup AVGs.F. Router B is in GLBP listen state.


Explanation/Reference:Explanation:With GLBP the following is true:With GLB, there is 1 AVG and 1 standby VG. In this case Company1 is the AVG and Company2 is the standby.Company2 would act as a VRF and would already be forwarding and routing packets. Any additional routerswould be in a listen state. As the role of the Active VG and load balancing, Company1 responds to ARPrequests with different virtual MAC addresses.In this scenario, Company2 is the Standby VFfor the VMAC 0008.b400.0101 and would become



the Active VF if Company1 were down.As the role of the Active VG, the primary responsibility is to answer ARP requests to the virtual IP address.As an AVF router Company2 is already forwarding/routing packets

QUESTION 170

ActualTests.com

Refer to the exhibit.Which of the following should you do to configure the IP phone to override the priority of the data packets itreceives from the host? (Select the best answer.)

A. Issue the mls qos trust cos command on the switch port connected to the IP phone.B. Issue the switchport priority extend cos command on the switch port connected to the IP phone.C. Issue the switchport priority extend cos command on the IP phone.D. Issue the mls qos trust cos command on the IP phone.




QUESTION 171

You want to configure a switched internetwork with multiple VLANs as shown above. Which of the followingcommands should you issue on SwitchA for the port connected to SwitchB? (Select the best answer.)

A. switchport mode trunk

B. switchport access vlan 5C. switchport mode access vlan 5D. switchport trunk native vlan 5


Explanation/Reference:ActualTests.com

QUESTION 172Which of the following will generate an RSTP topology change notification? (Select the best answer.)

A. an edge port that transitions to the forwarding stateB. a non-edge port that transitions to the blocking stateC. a non-edge port that transitions to the forwarding stateD. an edge port that transitions to the blocking stateE. any port that transitions to the blocking stateF. any port that transitions to the forwarding state






Which of the following is not information provided from an IP phone to a Catalyst switch using CDP? (Select thebest answer.)

A. device PoE requirementsB. device IP addressC. device voice VLAN IDD. device platform



QUESTION 174Which of the following should you enable to prevent a switch from forwarding packets with source addressesthat are outside an administratively defined group? (Select the best answer.)

A. DAIActualTests.com

B. STPC. PVLAND. port security


Explanation/Reference:"Pass Any Exam. Any Time." - www.actualtests.com 242


Documents

Cisco Actualtests 642-813 Exam Bundle · 2019-11-30 · VLANs and broadcast domains converge at the distribution layer, requiring routing, filtering, and security. The switches at