Chapter 8 - Securing Layer 2 Technologies Flashcards Preview

Cisco CCNA Security (640-554) > Chapter 8 - Securing Layer 2 Technologies > Flashcards

Flashcards in Chapter 8 - Securing Layer 2 Technologies Deck (15)
Loading flashcards...
1
Q

How long does it take for a default configuration on a Cisco switch to check for loops?

A

30 seconds total.

15 seconds will be spent listening - no traffic forwarding, only waiting for BPDU’s.

15 more seconds will be spent learning, putting mac’s in the CAM table, but still waiting for a BPDU to avoid loops before forwarding packet traffic.

2
Q

What is the IEEE standard for “Tradional” Spanning Tree Protcol (STP)

A

802.1D

3
Q

What is the IEEE standard for Rapid Spanning Tree Protocol (RSTP)

A

802.1W

4
Q

What command will show you which ports are configured as trunks on a switch

A

show interfaces trunk

5
Q

What command will show you which ports are root ports, which are blocking, or forwarding, in addition to the bridge priority?

A

show spanning-tree

show spanning-tree vlan 100 (for per-vlan STP)

6
Q

How to you enable portfast on all interfaces of a switch globally?

A

(config)# spanning-tree portfast default

7
Q

What command is used to assign a native VLAN to a switch port?

A

(config-if)# switchport trunk native vlan 100

(100 is the number of the VLAN, it can be anything)

I assume you can use the if range command to set all ports on a switch to a certain native VLAN

8
Q

What is BPDU Guard used for?

A

When enabled on a switch port, BPDU guard will disable a switchport automatically when it sees a BPDU packet inbound.

A user on an access port should never be sending BPDU packets.This would only occur if a switch was introduced on this port.

9
Q

What command turns on BPDU Guard on a switchport?

A

(config-if)# spanning-tree bpduguard enable

  • A port that has been disabled because of a violation shows a status of err-disabled
  • To re-enable a port that has been shutdown due to a violation, use shudown and no shutdown
10
Q

How do you let a switch manage bringing a BPDU guarded port back up on its own?

A

(config) # errdisable recovery cause bpduguard
(config) # err disable recovery interval 30
* This will bring the port back online after 30 seconds if no more BPDU’s are received on the port in violation

11
Q

What does the CAM in CAM table stand for?

A

Content Addressable Memory

12
Q

How do you completely disable auto trunking on a switchport?

A

To disable dynamic trunking completely (DTP = dynamic trunking protocol) you can issue the switchport nonnegotiate command.

13
Q

What is PVLAN Edge used for?

A

Private VLAN Edge is enforced using the **switchport proteted” **command.

It prevents 2 devices that are on the same switch, in the same VLAN and same subnet, from talking to each other.

A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port.

Switch(config)# interface range fa0/5-6
Switch(config-range)# switchport protected
Switch(config-range)# switchport mode access
Switch(config-range)# switchport access vlan 20

Even though these 2 ports are in the same VLAN, devices connected to these 2 ports won’t be able to communicate with each other.

14
Q

What is the default bridge priority on a Cisco switch?

A

32768

Remember, if all switches are using the default priority of 32768, then the switch with the lowest MAC address becomes the root bridge.

15
Q

What is IP Source guard used for?

A

IP source guard provides source IP address filtering on a Layer 2 (switch) port to prevent a malicious host from impersonating a legitimate host by assuming the legitimate host’s IP address.

More info:

Uses a combination of dynamic DHCP snooping and static IP source binding to match IP addresses to hosts on untrusted layer 2 access ports.