Appendix B

Answers to Review Questions

Chapter 1: Understanding Basic Networking

1. B, D.

Physical star and physical extended-star are the most popular physical LAN networks today.

2. B.

FDDI and Token Ring are no longer used, but they used a physical ring topology.

3. D.

Only a mesh physical topology has point-to-point connections to every device, so it has more connections, and is not a popular LAN technology.

4. B.

In a star topology, each workstation connects to a hub, switch, or similar central device, but not to other workstations. The benefit is that when connectivity to the central device is lost, the rest of the network lives on.

5. A.

In Chapter 3, we’ll cover Ethernet and the standards, but you need to know that the original Ethernet used a classical CSMA/CD as its physical and logical topology.

6. B.

A logical grouping of hosts is called a LAN, and they are typically grouped by connecting them to a switch.

7. C.

Security is easy to relax in a peer-to-peer environment. Because of the trouble it takes to standardize authentication, a piecemeal approach involving users’ personal preferences develops. There are no dedicated servers in a peer-to-peer network, and such a network can be created with as few as two computers.

8. A.

When a central office, such as a headquarters, needs to communicate directly with its branch offices, but the branches do not require direct communication with one another, the point-to-multipoint model is applicable. The other scenarios tend to indicate the use of a point-to-point link between sites.

9. D.

LANs generally have a geographic scope of a single building or smaller. They can range from simple (two hosts) to complex (with thousands of hosts).

10. B.

The only disadvantage mentioned is the fact that there is a single point of failure in the network. However, this topology makes troubleshooting easier; if the entire network fails, you know where to look first. The central device also ensures that the loss of a single port and the addition of a new device to an available port do not disrupt the network for other stations attached to such a device.

11. D.

A typical WAN connects two or more remote LANs together using someone else’s network (your ISP’s) and a router. Local host and router see these networks as remote networks and not as local networks or local resources.

12. C.

Hybrid topology means just that—a combination of two or more types of physical or logical network topologies working together within the same network.

13. D.

In a star topology, if a cable fails, it brings down only particular machine or network segment it’s connected to and makes it easier to troubleshoot.

14. D.

In client/server networks, requests for resources go to a main server that responds by handling security and directing the client to the resource it wants instead of the request going directly to the machine with the desired resource (as in peer-to-peer).

15. A.

The best answer to this question is an Ethernet switch, which uses a star physical topology with a logical bus technology.

16. D.

Routers break up broadcast domains and are used to connect different networks together.

17. D.

In the mesh topology, there is a path from every machine to every other one in the network. A mesh topology is used mainly because of the robust fault tolerance it offers—if one connection goes on the blink, computers and other network devices can simply switch to one of the many redundant connections that are up and running.

18. A.

As its name implies, in a point-to-point topology you have a direct connection between two routers, giving you one communication path. The routers in a point-to-point topology can either be linked by a serial cable, making it a physical network, or be far away and only connected by a circuit within a Frame Relay network, making it a logical network.

19. B.

A hybrid topology is a combination of two or more types of physical or logical network topologies working together within the same network.

20. A, B, C, D.

Each topology has its own set of pros and cons regarding implementation, so in addition to asking the right questions, cost, ease of installation, maintenance, and fault tolerance are all important factors to be considered.

Chapter 2: Internetworking

1. D.

A receiving host can control the transmitter by using flow control (TCP uses windowing by default). By decreasing the window size, the receiving host can slow down the transmitting host so the receiving host does not overflow its buffers.

2. A.

The only reliable protocol in the IP stack is TCP, which is found at the Transport layer, layer 4.

3. C, D.

Not that you really want to enlarge a single collision domain, but a hub (multiport repeater) will provide this for you.

4. D.

The Transport layer receives large data streams from the upper layers and breaks them up into smaller pieces called segments.

5. A, C, E, G.

Routers provide packet switching, packet filtering, internetwork communication, and path selection. Although routers do create or terminate collision domains, this is not the main purpose of a router, so option B is not a correct answer to this question.

6. B.

Routers operate at layer 3. LAN switches operate at layer 2. Ethernet hubs operate at layer 1. Word processing applications communicate to the Application layer interface but do not operate at layer 7, so the answer would be none.

7. D.

The Transport layer is responsible for segmenting data and then reassembling the data on the receiving host.

8. A, D.

The main advantage of a layered model is that it can allow application developers to change aspects of a program in just one layer of the layer model’s specifications. Advantages of using the OSI layered model include, but are not limited to, the following: It divides the network communication process into smaller and simpler components, thus aiding component development and design and troubleshooting; it allows multiple-vendor development through standardization of network components; it encourages industry standardization by defining what functions occur at each layer of the model; it allows various types of network hardware and software to communicate; and it prevents changes in one layer from affecting other layers, so it does not hamper development.

9. B, C.

Bridges and switches break up collision domains, which Cisco calls microsegmentation. This will add more bandwidth for users.

10. B.

Adding switches for connectivity to the network would reduce LAN congestion rather than cause LAN congestion.

11. C.

If a switch has three computers connected to it, with no VLANs present, one broadcast and three collision domains are created.

12. B, D.

Layer 3, the Network layer, uses routers and IP addresses to do packet forwarding, and layer 1, the Physical layer, provides transmission of bits over a wire.

13. A, C, D.

The common types of flow control are buffering, windowing, and congestion avoidance.

14. D.

If a hub has three computers connected to it, one broadcast and one collision domain are created.

15. C.

Flow control allows the receiving device to control the transmitter so the receiving device’s buffer does not overflow.

16. C, D, E.

Layer 4 (Transport) data is referred to as Segments, layer 2 is Frames, and layer 1 is bits.

17. A.

Reference models prevent rather than allow changes on one layer to affect operations on other layers as well, so the model doesn’t hamper development.

18. B.

Routers operate no higher than layer 3 of the OSI model.

19. C.

When an HTTP document must be retrieved from a location other than the local machine, the Application layer must be accessed first.

20. D.

The Session layer of the OSI model offers three different modes of communication: simplex, half duplex, and full duplex.

Chapter 3: Ethernet Technologies

1. A, D.

An Ethernet frame has source and destination MAC addresses, an Ether-Type field to identify the Network layer protocol, the data, and the FCS field that holds the answer to the CRC.

2. A, D.

Half-duplex Ethernet works in a shared medium or collision domain. Half duplex provides a lower effective throughput than full duplex.

3. D.

Fiber-optic cable provides a more secure, long-distance cable that is not susceptible to EMI interference at high speeds.

4. C.

The old Source and Destination Service Access Point fields in a SNAP frame defined the Network layer protocol that the packet uses.

5. B.

To connect two switches together, you would use an RJ45 UTP crossover cable.

6. B, E.

Once transmitting stations on an Ethernet segment hear a collision, they send an extended jam signal to ensure that all stations recognize the collision. After the jamming is complete, each sender waits a predetermined amount of time, plus a random time. After both timers expire, they are free to transmit, but they must make sure the media is clear before transmitting and that they all have equal priority.

7. D.

To connect to a router or switch console port, you would use an RJ45 UTP rolled cable.

8. B.

You must be able to take a binary number and convert it into both decimal and hexadecimal. To convert to decimal, just add up the 1s using their values. The values that are turned on with the binary number of 10110111 are 128 + 32 + 16 + 4 + 2 + 1 = 183. To get the hexadecimal equivalent, you need to break the eight binary digits into nibbles (4 bits), 1011 and 0111. By adding up these values, you get 11 and 7. In hexadecimal, 11 is B, so the answer is 0xB7.

9. B.

Ethernet networking uses Carrier Sense Multiple Access with Collision Detection (CSMA/CD), a protocol that helps devices share the bandwidth evenly without having two devices transmit at the same time on the network medium.

10. A.

After the expiration of the backoff algorithm, all hosts have equal priority.

11. D.

I always say the 2 in the 10Base2 name means “almost 200 meters” because the specification runs only to 185 meters, although way back in the mid 1980s there were many networks that went further distances. I’m giving away my age here, which also shows you how old this specification is.

12. C.

There are no collisions in full-duplex mode.

13. D.

A MAC, or hardware, address is a 48-bit (6-byte) address written in a hexadecimal format.

14. A.

The first 24 bits, or 3 bytes, of a MAC address is called the organizationally unique identifier (OUI).

15. B.

The Data Link layer of the OSI model is responsible for combining bits into bytes and bytes into frames.

16. C.

The term for the unwanted signal interference from adjacent pairs in the cable is crosstalk.

17. C.

Starting with our leftmost bit, which has a 1024 value, we then have bits valued at 128, 62, 32, 8, 4, 2, 1, which makes the binary number 1011101111.

18. B.

To answer this, we must first put the IP address into binary. 172.13.99.225 is 10101100.00001101.01100011.11100001. This now needs to be made into nibbles of four bits each: 1010 1100.0000 1101.0110 0011.1110 0001. Each nibble can then represent a hexadecimal number from 0 to 15 (F). 1010 is A, 1100 is C, 0000 is 0, 1101 is D, 0110 is 6, 0011 is 3, 1110 is E, and 0001 is 1.

19. C.

Hexadecimal values 0x718 in binary is 11100011000. The 0x just means the following characters are in hexadecimal, not binary. In decimal that would be 1318 because the valid bits on are 8, 16, 256, 512, and 1024, which adds up to 1318.

20. D.

Explanation: The Ether-Type field found in an Ethernet_II frame defines the Network layer protocol, which is the same function as the SAP fields in an 802.3 Ethernet SNAP frame.

Chapter 4: TCP/IP DoD Model

1. C.

If a DHCP conflict is detected, either by the server sending a ping and getting a response or by a host using a gratuitous ARP (arp’ing for its own IP address and seeing if a host responds), then the server will hold that address and not use it again until it is fixed by an administrator.

2. A, D.

Both TCP and UDP provide session multiplexing, but only TCP is connection oriented, so UDP is considered best effort packet delivery.

3. C.

Dynamic Host Configuration Protocol (DHCP) is used to provide IP information to hosts on your network. DHCP can provide a lot of information, but the most common is IP address, subnet mask, default gateway, and DNS information.

4. B.

Address Resolution Protocol (ARP) is used to find the hardware address from a known IP address.

5. A, C, D.

This seems like a hard question at first because it doesn’t make sense. The listed answers are from the OSI model and the question asked about the TCP/IP protocol stack (DoD model). However, let’s just look for what is wrong. First, the Session layer is not in the TCP/IP model; neither are the Data Link and Physical layers. This leaves us with the Transport layer (Host-to-Host in the DoD model), Internet layer (Network layer in the OSI), and Application layer (Application/Process in the DoD).

6. A, B.

The OSI Data Link (layer 2) and the OSI Physical layer (layer 1) are combined into the Network Access layer of the Internet Protocol suite.

7. A, B.

A client that sends out a DHCP Discover message in order to receive an IP address sends out a broadcast at both layer 2 and layer 3. The layer 2 broadcast is all Fs in hex, or FF:FF:FF:FF:FF:FF. The layer 3 broadcast is 255.255.255.255, which means any networks and all hosts. DHCP is connectionless, which means it uses User Datagram Protocol (UDP) at the Transport layer, also called the Host-to-Host layer.

8. B.

Although Telnet does use TCP and IP (TCP/IP), the question specifically asks about layer 4, and IP works at layer 3. Telnet uses TCP at layer 4.

9. D.

To stop possible address conflicts, a DHCP client will use gratuitous ARP (broadcast an ARP request for its own IP address) to see if another host responds.

10. B, D, E.

SMTP, FTP, and HTTP use TCP.

11. A, C, F.

DHCP, SNMP, and TFTP use UDP. SMTP, FTP, and HTTP use TCP.

12. C, D, E.

Telnet, File Transfer Protocol (FTP), and Trivial FTP (TFTP) are all Application layer protocols. IP is a Network layer protocol. Transmission Control Protocol (TCP) is a Transport layer protocol.

13. C.

First, you should know easily that only TCP and UDP work at the Transport layer, so now you have a 50/50 shot. However, since the header has sequencing, acknowledgment, and window numbers, the answer can only be TCP.

14. A.

Both FTP and Telnet use TCP at the Transport layer; however, they both are Application layer protocols, so the Application layer is the best answer for this question.

15. C.

The four layers of the DoD model are Application/Process, Host-to-Host, Internet, and Network Access. The Internet layer is equivalent to the Network layer of the OSI model.

16. C, D.

The real answer is 5, 6, and 7, but we only get to choose two on this question and Cisco’s answer in their curriculum is the Session layer and the Presentation layer. This is the best answer.

17. B.

The four layers of the TCP/IP stack (also called the DoD model) are Application/Process, Host-to-Host, Internet, and Network Access. The Host-to-Host layer is equivalent to the Transport layer of the OSI model.

18. B, C.

ICMP is used for diagnostics and destination unreachable messages. ICMP is encapsulated within IP datagrams, and because it is used for diagnostics, it will provide hosts with information about network problems.

19. C.

All LAN protocols, and WAN protocols, work at the Data Link layer (layer 2).

20. D.

DNS uses TCP for zone exchanges between servers and UDP when a client is trying to resolve a hostname to an IP address.

Chapter 5: IP Addressing

1. A.

RFC 1918 specifies that only 1 network is reserved in the Class A range (10.0.0.0/8), 16 with Class B (172.16.0.0/28), and 256 with Class C (192.168.0.0/24).

2. B, C.

RFC 1918 specifies that 1 network in Class A, 16 networks in Class B, and 256 in Class C are reserved and cannot be routed on the global Internet.

3. B.

RFC 1918 specifies that only 1 network is reserved in the Class A range (10.0.0.0/8), 16 with Class B (172.16.0.0/28), and 256 with Class C (192.168.0.0/24).

4. C.

Broadcasts have been eliminated, and the need for NAT and DHCP is not needed in IPv6.

5. C.

RFC 1918 specifies that only 1 network is reserved in the Class A range (10.0.0.0/8), 16 with Class B (172.16.0.0/28), and 256 with Class C (192.168.0.0/24).

6. C.

A Class C network address has only 8 bits for defining hosts: 28 – 2 = 254.

7. A.

Private addresses from RFC 1918 cannot be placed on an interface going to the public Internet. You must use NAT.

8. B, C.

RFC 1918 describes the private addresses used in IPv6 and RFC 4193 describes the Unique Local Addresses (ULA’s) used in IPv6, which is equivalent to private address. Neither RFC 1918 or 4193 addresses are routable on the Internet.

9. D.

An anycast address identifies a single unicast address on multiple interfaces, on multiple hosts. Hosts actually use the same unicast address for load-sharing possibilities. Anycast is referred to as “one-to-nearest.”

10. A.

Link-local addresses are the APIPA of the IPv6 world and start with FE80.

11. A, D, F.

RFC 1918 specifies that only one network is reserved in the Class A range (10.0.0.0/8), 16 with Class B (172.16.0.0/20), and 256 with Class C (192.168.0.0/24).

12. C.

To implement RFC 1918 on your private network, you need to implement Network Address Translation (NAT) on the border router.

13. A, B, D.

With IPv6, we no longer need NAT or DHCP, and we no longer use broadcasts. There are plenty of addresses.

14. C, E.

Class A private address range is 10.0.0.0 through 10.255.255.255. Class B private address range is 172.16.0.0 through 172.31.255.255, and Class C private address range is 192.168.0.0 through 192.168.255.255.

15. C.

The range of a Class B network address is 128–191. This makes our binary range 10xxxxxx.

16. C.

IPv6 uses 128 bits, and it is displayed in colon-delimited hexadecimal in eight, 16-bit fields.

17. D.

The class A address 127.0.0.0 is reserved for diagnostics. Typically people use 127.0.0.1 to test their local IP stack, but the address can be used by applications as well to communicate within the system.

18. C.

By finding the host bits of an IP address and turning them all off, you’ll find your network address; by turning them all on, you’ll find your broadcast address.

19. D.

By finding the host bits of an IP address and turning them all off, you’ll find your network address; by turning them all on, you’ll find your broadcast address.

20. B.

You cannot assign an address from RFC 1918 to an interface of a router connecting to the global Internet.

Chapter 6: Easy Subnetting

1. D.

A /27 (255.255.255.224) is 3 bits on and 5 bits off. This provides 8 subnets, each with 30 hosts. Does it matter if this mask is used with a Class A, B, or C network address? Not at all. The number of host bits would never change.

2. D.

A 240 mask is 4 subnet bits and provides 16 subnets, each with 14 hosts. We need more subnets, so let’s add subnet bits. One more subnet bit would be a 248 mask. This provides 5 subnet bits (32 subnets) with 3 host bits (6 hosts per subnet). This is the best answer.

3. C.

This is a pretty simple question. A /28 is 255.255.255.240, which means that our block size is 16 in the fourth octet. 0, 16, 32, 48, 64, 80, etc. The host is in the 64 subnet.

4. F.

A CIDR address of /19 is 255.255.224.0. This is a Class B address, so that is only 3 subnet bits, but it provides 13 host bits, or 8 subnets, each with 8,190 hosts.

5. B, D.

The mask 255.255.254.0 (/23) used with a Class A address means that there are 15 subnet bits and 9 host bits. The block size in the third octet is 2 (256 – 254). So this makes the subnets in the interesting octet 0, 2, 4, 6, etc., all the way to 254. The host 10.16.3.65 is in the 2.0 subnet. The next subnet is 4.0, so the broadcast address for the 2.0 subnet is 3.255. The valid host addresses are 2.1 through 3.254.

6. D.

A /30, regardless of the class of address, has a 252 in the fourth octet. This means we have a block size of 4 and our subnets are 0, 4, 8, 12, 16, etc. Address 14 is obviously in the 12 subnet.

7. D.

A point-to-point link uses only two hosts. A /30, or 255.255.255.252, mask provides two hosts per subnet.

8. C.

A /21 is 255.255.248.0, which means we have a block size of 8 in the third octet, so we just count by 8 until we reach 66. The subnet in this question is 64.0. The next subnet is 72.0, so the broadcast address of the 64 subnet is 71.255.

9. A.

A /29 (255.255.255.248), regardless of the class of address, has only 3 host bits. Six hosts is the maximum number of hosts on this LAN, including the router interface.

10. C.

A /29 is 255.255.255.248, which is a block size of 8 in the fourth octet. The subnets are 0, 8, 16, 24, 32, 40, etc. 192.168.19.24 is the 24 subnet, and since 32 is the next subnet, the broadcast address for the 24 subnet is 31. 192.168.19.26 is the only correct answer.

11. A.

A /29 (255.255.255.248) has a block size of 8 in the fourth octet. This means the subnets are 0, 8, 16, 24, etc. 10 is in the 8 subnet. The next subnet is 16, so 15 is the broadcast address.

12. B.

You need 5 subnets, each with at least 16 hosts. The mask 255.255.255.240 provides 16 subnets with 14 hosts—this will not work. The mask 255.255.255.224 provides 8 subnets, each with 30 hosts. This is the best answer.

13. C.

First, you cannot answer this question if you can’t subnet. The 192.168.10.62 with a mask of 255.255.255.192 is a block size of 64 in the fourth octet. The host 192.168.10.62 is in the zero subnet, and the error occurred because ip subnet-zero is not enabled on the router.

14. A.

A /25 mask is 255.255.255.128. Used with a Class B network, the third and fourth octets are used for subnetting with a total of 9 subnet bits, 8 bits in the third octet and 1 bit in the fourth octet. Since there is only 1 bit in the fourth octet, the bit is either off or on—which is a value of 0 or 128. The host in the question is in the 0 subnet, which has a broadcast address of 127 since 112.128 is the next subnet.

15. A.

A /28 is a 255.255.255.240 mask. Let’s count to the ninth subnet (we need to find the broadcast address of the eighth subnet, so we need to count to the ninth subnet). Starting at 16 (remember, the question stated that we will not use subnet zero, so we start at 16, not 0), 16, 32, 48, 64, 80, 96, 112, 128, 144. The eighth subnet is 128 and the next subnet is 144, so our broadcast address of the 128 subnet is 143. This makes the host range 129–142. 142 is the last valid host.

16. C.

A /28 is a 255.255.255.240 mask. The first subnet is 16 (remember that the question stated not to use subnet zero) and the next subnet is 32, so our broadcast address is 31. This makes our host range 17–30. 30 is the last valid host.

17. E.

A Class C subnet mask of 255.255.255.224 is 3 bits on and 5 bits off (11100000) and provides eight subnets, each with 30 hosts. However, if the command ip subnet-zero is not used, then only six subnets would be available for use.

18. E.

A Class B network ID with a /22 mask is 255.255.252.0, with a block size of 4 in the third octet. The network address in the question is in subnet 172.16.16.0 with a broadcast address of 172.16.19.255. Only option E has the correct subnet mask listed, and 172.16.18.255 is a valid host.

19. D, E.

The router’s IP address on the E0 interface is 172.16.2.1/23, which is 255.255.254.0. This makes the third octet a block size of 2. The router’s interface is in the 2.0 subnet, and the broadcast address is 3.255 because the next subnet is 4.0. The valid host range is 2.1 through 3.254. The router is using the first valid host address in the range.

20. C.

To test the local stack on your host, ping the loopback interface of 127.0.0.1.

Chapter 7: Introduction to Nexus

1. D.

The last version of the MDS SAN-OS was version 3.2. As of version 4.1, both MDS and Nexus devices run NX-OS.

2. A, D, E.

Spanning Tree Protocol (STP), UniDirectional Link Detection (UDLD), and Cisco Discovery Protocol (CDP) are layer 2 technologies.

3. B, C, F.

Protocol Independent Multicast (PIM), Hot Standby Routing Protocol (HSRP), and Open Shortest Path First (OSPF) are layer 3 technologies.

4. D.

UniDirectional Link Detection (UDLD) is a Data Link layer protocol used to monitor the physical configuration of the cables and detect when communication is occurring in only one-direction links.

5. A.

An SVI is a layer 3 interface that represents a VLAN and can have an IP address and other layer 3 properties. The SVI is created with the interface VLAN command.

6. B.

Virtual device contexts can logically separate a switch into two administrative domains. In this case, one VDC would be assigned all of the Ethernet ports and the other VDC would be assigned all of the storage ports.

7. A, B.

Small form-factor pluggable modules give you flexibility in selecting what type of cable that you want to use. TwinAx is a copper cable with SFPs embedded in the end and is cost effective.

8. D.

L1 and L2 are not implemented on the Nexus 5010.

9. C.

Ethernet interfaces are always referenced as “Ethernet” on a Nexus device regardless of the speed at which they are operating.

10. B.

Virtual device contexts can logically separate a switch into two administrative domains. In this case, one VDC would be assigned all of the Ethernet ports and the other VDC would be assigned all of the storage ports.

11. A.

Virtual Routing and Forwarding and virtual device contexts could both accomplish this task, but VRF would be less disruptive.

12. D.

Not all features are enabled by default. The RIP feature needs to be enabled before any command will work.

13. D.

Unified ports can support either Fibre Channel or Ethernet, but not both at the same time.

14. B.

The console port on an NX-OS device is almost identical to one on a Cisco IOS device. It is a serial port, which is typically used for initial configuration.

15. A.

Persistent Storage Service (PSS) allows services to periodically save their state by making a checkpoint.

Chapter 8: Configuring Nexus

1. A.

There are two commands that start with co, configure and copy:

switch# co?
  configure  Enter configuration mode
  copy       Copy from one file to another
switch# con
Enter configuration commands, one per line.  End with CNTL/Z.
nexus(config)#

So the shortest command you can type is con.

2. B.

The END command or Ctrl-Z will exit any configuration mode and place you back into user-exec mode.

3. A, F.

The two-step process to reset a device is to erase the configuration and the reboot the device. To accomplish this, we do the following:

switch# write erase boot
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n)  [n] y
switch# reload
WARNING: This command will reboot the system
Do you want to continue? (y/n) [n] y

4. C.

The feature command turns on a feature and enables the commands for that feature. The command will not be visible until enabled.

5. C.

The switchport command enables the configuration of layer 2 properties like VLAN, trunking, and access mode.

nexus(config-if)# switchport ?
  <CR>
  access       Set access mode characteristics of the interface
  autostate    Include or exclude this port from vlan link up calculation
  block        Block specified outbound traffic for all VLANs
  description  Enter description of maximum 80 characters
  host         Set port host
  mode         Enter the port mode
  monitor      Monitor session related traffic
  monitor      Configures an interface as span-destination
  priority     CoS Priority parameter
  trunk        Configure trunking parameters on an interface
  voice        Set voice mode characterestics of the interface

6. B.

The switchport command is used to switch between a port being used for layer 2 and layer 3.

core(config-if)# ip add 1.1.1.1 255.255.255.0
                      ^
% Invalid command at '^' marker.
core(config-if)# no switchport
core(config-if)# ip add 1.1.1.1 255.255.255.0
core(config-if)#

7. A, B.

Network-Admin (sometimes just called Admin) and Network-Operator are the two most commonly used roles.

nexus(config)# user John role ?
  network-admin     System configured role
  network-operator  System configured role
  priv-0            Privilege role
  priv-1            Privilege role
  priv-10           Privilege role
  priv-11           Privilege role
  priv-12           Privilege role
  priv-13           Privilege role
  priv-14           Privilege role
  priv-15           Privilege role
  priv-2            Privilege role
  priv-3            Privilege role
  priv-4            Privilege role
  priv-5            Privilege role
  priv-6            Privilege role
  priv-7            Privilege role
  priv-8            Privilege role
  priv-9            Privilege role
  vdc-admin         System configured role
  vdc-operator      System configured role

8. D.

The Tab key enables auto-completion on Nexus and other Cisco devices.

9. A.

An SVI is a layer 3 interface that represents a VLAN and can have an IP address and other layer 3 properties. The SVI interface is created with the interface vlan command.

10. C.

The switchport option is added to the end of the show interface command to display all of the layer 2 details about a port.

nexus(config)# show int e1/1 switchport
Name: Ethernet1/1
  Switchport: Enabled
  Switchport Monitor: Not enabled
  Operational Mode: trunk
  Access Mode VLAN: 1 (default)
  Trunking Native Mode VLAN: 1 (default)
  Trunking VLANs Enabled: 1,10

11. E.

One of my favorite features of NX-OS is not having to type in subnet masks, and creating a default route is no exception. There is nothing new with static or default routing with NX-OS except we can use the slash notation for the mask (/). Only answer E has the correct syntax.

12. E.

The running configuration (active configuration file) is store, in RAM. In the event of a power failure or reload, any changes made to the running configuration that have not been saved to the startup configuration are lost.

13. D.

The erase startup-config command erases the contents of NVRAM and will put you in setup mode if the router is restarted.

14. B.

On the third line, the admin-down indicates that the interface is shut down. The command no shutdown would enable the interface.

15. D.

NX-OS uses locally created usernames and passwords by default; there is no user mode and privileged mode as in the IOS.

16. C.

The interface VLAN 30 creates a switched virtual interface only if the feature has been previously enabled.

17. D.

You can view the interface statistics from user mode, but the command is show interface Ethernet 1/1.

18. B.

The % ambiguous command error means that there is more than one possible show command that starts with r. Use a question mark to find the correct command.

19. B, D.

The commands show interfaces and show ip interface will show you the layer 1 and 2 status and the IP addresses of your router’s interfaces.

20. A.

If you see that an Ethernet interface and Link not connected, then you have a Physical layer problem.

Chapter 9: IP Routing

1. C, F.

The switches are not used as either a default gateway or other destination. Switches have nothing to do with routing. It is very important to remember that the destination MAC address will always be the router’s interface. The destination address of a frame, from HostA, will be the MAC address of the Fa0/0 interface of RouterA. The destination address of a packet will be the IP address of the network interface card (NIC) of the HTTPS server. The destination port number in the segment header will have a value of 443 (HTTPS).

2. A, D.

RouterC will use ICMP to inform HostA that HostB cannot be reached. It will perform this by sending a destination unreachable ICMP message type.

3. C.

Frames are discarded as they reach a router, so MAC addresses change at every hop—no exception! The packet is removed from the frame, and the packet is packet-switched.

4. C.

Frames are discarded as they reach a router. The packet is removed from the frame, and the packet is packet-switched.

5. D.

Frames are discarded as they reach a router, so MAC addresses change at every hop—no exception! The packet is removed from the frame, and the packet is packet-switched.

6. C, D.

IP will encapsulate an ICMP packet with an ICMP echo request, echo reply pair, but first will use ARP to resolve the IP destination address to a hardware address.

7. A, C.

To be able to route packets, a router must know, at a minimum, the destination address, the location of neighboring routers through which it can reach remote networks, possible routes to all remote networks, the best route to each remote network, and how to maintain and verify routing information.

8. D.

IP uses the ARP protocol to find the destination hardware address of the host on the local LAN. If the destination is a remote host, IP will ARP for the default gateway hardware address.

9. C.

Internet Control Message Protocol (ICMP) is used by IP to send error messages through the internetwork.

10. A, C.

To be able to route packets, a router must know, at a minimum, the destination address, the location of neighboring routers through which it can reach remote networks, possible routes to all remote networks, the best route to each remote network, and how to maintain and verify routing information.

Chapter 10: Routing Protocols

1. B.

Only the EIGRP routes will be placed in the routing table because EIGRP has the lowest administrative distance (AD), and AD is always used before metrics.

2. D.

Cisco considers EIGRP an advance distance-vector routing protocol because it has more distance-vector qualities than link state.

3. A, C.

Each routing protocol on Nexus can have many processes running, so it is mandatory that when you configure a routing protocol, you configure the instance ID.

4. C.

The maximum hop count a route update packet can traverse before considering the route invalid is 15, for both RIPv1 and RIPv2.

5. B, E.

Classful routing means that all hosts in the internetwork use the same mask and that only default masks are in use. Classless routing means that you can use Variable Length Subnet Masks (VLSMs) and can also support discontiguous networking.

6. B, C.

The distance-vector routing protocol sends its complete routing table out all active interfaces at periodic time intervals. Link-state routing protocols send updates containing the state of its own links to all routers in the internetwork.

7. B.

RIP has an administrative distance (AD) of 120, while EIGRP has an administrative distance of 90, so the router will discard any route with an AD higher than 90 to that same network.

8. A.

RIPv1 and RIPv2 use only the lowest hop count to determine the best path to a remote network.

9. C.

Static routes have an administrative distance of 1 by default. Unless you change this, a static route will always be used over any other dynamically-learned route. EIGRP has an administrative distance of 90, RIP is 120.

10. B.

When a routing update is received by a router, the router first checks the administrative distance (AD) and always chooses the route with the lowest AD. However, if two routes are received and they both have the same AD and differing metrics, then the router will choose the one route with the lowest metrics or, in RIP’s case, hop count.

11. C.

RIPv2 is pretty much just like RIPv1. It has the same administrative distance and timers and is configured similarly.

12. C, D, E.

RIPv1 and IGRP are true distance-vector routing protocols and can’t do much, really—except build and maintain routing tables and use a lot of bandwidth! RIPv2, EIGRP, and OSPF build and maintain routing tables, but they also provide classless routing, which allows for VLSM, summarization, and discontiguous networking.

13. C, D, E.

Loopback interfaces are created on a router, and the highest IP address on a loopback (logical) interface becomes the RID of the router but has nothing to do with areas and is optional, so option A is wrong. The numbers you can create an area with are from 0 to 4,294,967,295—option B is wrong. The backbone area is called area 0, so option C is correct. All areas must connect to area 0, so option E is correct. If you have only one area, it must be called area 0, so option F is incorrect. This leaves option D, which must be correct; it doesn’t make much sense, but it is the best answer.

14. D.

In this question, I’m calling EIGRP just plain old distance vector. EIGRP is an advanced distance-vector routing protocol, sometimes called a hybrid routing protocol because it uses the characteristics of both distance-vector and link-state routing protocols.

15. A, B, C.

OSPF is created in a hierarchical design, not a flat design like RIP. This decreases routing overhead, speeds up convergence, and confines network instability to a single area of the network.

16. C.

The administrative distance (AD) is a very important parameter in a routing protocol. The lower the AD, the more trusted the route. If you have IGRP and OSPF running, by default IGRP routes would be placed in the routing table because IGRP has a lower AD of 100. OSPF has an AD of 110. RIPv1 and RIPv2 both have an AD of 120, and EIGRP is the lowest, at 90.

17. C.

RIP and RIPv2 are examples of distance-vector routing protocols.

18. B.

RIP uses periodic timers, which means it sends updates on predetermined times, which is 30 seconds by default.

19. E.

EIGRP sends incremental updates, not periodic like RIP, meaning that updates are only sent when a change occurs.

20. A.

The administrative distance (AD) is a very important parameter in a routing protocol. The lower the AD, the more trusted the route. If you have IGRP and OSPF running, by default IGRP routes would be placed in the routing table because IGRP has a lower AD of 100. OSPF has an AD of 110. RIPv1 and RIPv2 both have an AD of 120, and EIGRP is the lowest, at 90.

Chapter 11: Layer 2 Switching Technologies

1. D.

VLAN Trunk Protocol (VTP) is used to propagate and synchronize VLAN information across a trunked link.

2. B, E, F.

A router connected to a switch that provides inter-VLAN communication is configured using subinterfaces. The switch port connected to the router must be using either ISL or 802.1Q trunking protocol, and the hosts are all connected as access ports, which is the default on all switch ports.

3. B.

To enable inter-VLAN routing on a Nexus switch you need to start the feature interface-vlan, which allows the creation of SVIs.

4. D.

By creating and implementing VLANs in your switched network, you can break up broadcast domains at layer 2. For hosts on different VLANs to communicate, you must have a router or layer 3 switch.

5. C, D.

You can create local VLANs in both VTP server mode and transparent mode. Clients can receive a VLAN database only from a server.

6. A.

By default, all VLANs are allowed on the trunk link and you must remove by hand each VLAN that you don’t want traversing the trunked link.

7. C.

Virtual LANs break up broadcast domains in layer 2 switched internetworks.

8. C.

Only in server and transparent mode can you change VLAN information on a switch.

9. D.

The show interface interface switchport command shows the native VLAN for that interface, but so does the show interface trunk command. You need to know both commands!

10. E.

All Cisco switches are not VTP servers by default. I have Nexus switches that default to transparent. You must set the VTP domain name on all switches to be the same domain name or they will not share the VTP database.

11. B.

Virtual Trunk Protocol (VTP) is used to pass a VLAN database to any or all switches in the switched network. The three VTP modes are server, client, and transparent.

12. C.

Switched virtual interfaces are created by the administrator for each VLAN to provide IVR.

13. C.

802.1Q was created to allow trunked links between disparate switches.

14. D.

This question is a little vague, but the best answer is that the VLAN membership for the port is not configured.

15. A, C.

To troubleshoot VTP, you first need to verify that the domain names match and that they are case sensitive as well. You should also check that the server has a higher revision number than the client or the client won’t update the database. Also, if the passwords are set and do not match, the client will reject the update. Type show vtp status and check the MD5 checksum and make sure the values are the same, or type show vtp password to verify the match.

16. C.

Although one of the switches can be set to client, that would not stop them from sharing VLAN information through VTP. However, they will not share VLAN information through VTP if the domain names are not set the same.

17. C, E.

The command show vlan will provide you all your VLANs; you’d just have to count all the VLANs configured from 1006 to 4094. You can more easily type the command show vlan summary to get your information.

18. B, D.

You must have the same VTP domain name on all switches in order to share VLAN information between the switches. At least one of the switches must be a VTP server; the other switches should be set to VTP client mode.

19. E.

It is not easy to see the problem at first look. However, check out the MD5 digest. The MD5 digest does not match between switches, which means the VTP passwords do not match!

20. C.

To find this problem on your local switch, you’d have to verify with the command show interface trunk or show interface e3/28 switchport in order to see the VLANs allowed across the trunk link.

Chapter 12: Redundant Switched Technologies

1. B.

The Spanning Tree Protocol is used to stop switching loops in a layer 2 switched network with redundant paths.

2. A.

Notice the port-channel 1 is up, admin state is up. This is a working port-channel.

3. C.

Convergence occurs when all ports on bridges and switches have transitioned to either the forwarding or blocking state. No data is forwarded until convergence is complete. Before data can be forwarded again, all devices must be updated.

4. C.

The Spanning Tree Protocol (STP) was designed to stop layer 2 loops. All Cisco switches have the STP on by default.

5. A, B, F.

RSTP helps with convergence issues that plague traditional STP. Rapid PVST+ is based on the 802.1w standard in the same way that PVST+ is based on 802.1d. The operation of Rapid PVST+ is simply a separate instance of 802.1w for each VLAN.

6. D.

If the Spanning Tree Protocol is not running on your switches and you connect them together with redundant links, you will have broadcast storms and multiple frame copies.

7. D.

If you have a server or other devices connected into your switch that you’re totally sure won’t create a switching loop if STP is disabled, you can use something called port type edge on these ports. Using it means the port won’t spend the usual time to come up while STP is converging.

8. C.

If spanning tree is disabled on a switch and you have redundant links to another switch, broadcast storms will occur, among other possible problems.

9. A, D.

It is important that you can find your root bridge, and the show spanning-tree command will help you do this. To quickly find out which VLANs your switch is the root bridge for, use the show spanning-tree summary command.

10. B.

To bundle your interfaces together, use the channel-group number command at interface level. From global configuration mode, you need to create the bundle interface with the interface port-channel command.

Chapter 13: Security

1. B.

You can name your ACLs with a number, no problem, so that isn’t the problem with any of the options. First, remember that Nexus allows only extended named lists, and the command to name the list starts with ip. Then you need to add the protocol and then at a minimum the source and destination addresses. Only option B provides the minimum correct commands and syntax needed to create an ACL on NX-OS.

2. C.

The range of 192.168.160.0 to 192.168.191.255 is a block size of 32. The network address is 192.168.160.0 and the mask would be 255.255.224.0, which for an access list must be a wildcard format of 0.0.31.255. The 31 is used for a block size of 32. The wildcard is always one less than the block size.

3. C.

Using a named access list just replaces the number used when applying the list to the router’s interface. ip access-group Blocksales in is correct.

4. B, D.

The wildcard 0.0.0.0 tells the router to match all four octets. This wildcard format alone can be replaced with the host command.

5. A.

The first thing to check is the protocol. If you are filtering by upper-layer protocol, then you must be using either UDP or TCP; this eliminates the fourth option. The second, third, and last options have the wrong syntax.

6. B, D.

In solving this business requirement, we first need to create a deny statement to any destination using HTTP with destination port 8080. The source is network 172.16.1.0/21. The second line is permit all other traffic. See Hands-on Lab 13.1 for more detailed information regarding the answer to this question.

7. C.

The show access-lists command will allow you to view the entire contents of all access lists, but it will not show you the interfaces to which the access lists are applied.

8. C.

Telnet uses TCP, so the protocol TCP is valid. Now you just need to look for the source and destination address. Only the third option has the correct sequence of parameters. Option B may work, but the question specifically states “only” to network 192.168.10.0, and the wildcard in option B makes it too broad.

9. D.

Extended IP access lists filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. The third option does not have this, so it would deny access but not allow everything else.

10. D.

First, you must know that a /20 is 255.255.240.0, which is a block size of 16 in the third octet. Counting by 16s, this makes our subnet 48 in the third octet, and the wildcard for the third octet would be 15 since the wildcard is always one less than the block size.

11. C.

To apply an access list inbound named 101, the proper command is ip access-group 101 in.

12. A.

First, you must know that a /19 is 255.255.224.0, which is a block size of 32 in the third octet. Counting by 32, this makes our subnet 192 in the third octet, and the wildcard for the third octet would be 31 since the wildcard is always one less than the block size.

13. B.

First, you must know that a /21 is 255.255.248.0, which is a block size of 8 in the third octet. Counting by eight, this makes our subnet 144 in the third octet, and the wildcard for the third octet would be 7 since the wildcard is always one less than the block size.

14. A, D.

In solving this business requirement, we first need to create a deny statement from any source to destination host 10.10.1.110 using HTTP with destination port 80. The second line is permit all other traffic.

15. D.

When trying to find the best answer to an access list question, always check the access list number and then the protocol. When you filter to the port of an upper-layer protocol, you must use either tcp or udp in the ACL protocol field. If it says ip in the protocol field, you cannot filter on the port number of an upper-layer protocol. SMTP uses TCP.

16. D.

If you add an access list to an interface and you do not have at least one permit statement, then you will effectively shut down the interface because of the implicit deny any any at the end of every list.

17. A.

In solving this business requirement, we first need to create a deny statement from any source to destination host 10.10.1.110 equal to FTP or port 21. The second line is permit all other traffic. Option B is wrong because it doesn’t start with the IP command.

18. C.

A Cisco router has rules regarding the placement of access lists on a router interface. You can place one access list per direction for each layer 3 protocol configured on an interface.

19. A, C, E.

IOS-based routers allow standard numbered, extended numbered, and named-based ACLs.

20. C.

The NX-OS allows you to create only extended named ACLs.