CCNA 3 Exploration Chapter 1 Study Questions

1.1 Switched LAN Architecture

1) What are the three layers of the hierarchical network design model? Access, distribution and core. 2) What are the advantages of designing LANs using the hierarchical model? The hierarchical model separates out different functions of a network, giving a modular design. This should make the network easier to manage and troubleshoot. It should be easier to expand the network (scalability), and it should be easier to maximise performance. 3) What is the purpose of the access layer? It allows end devices to connect to the network and controls which devices may connect. 4) What sorts of devices are found at the access layer? End devices, such as PCs, printers, and IP phones. Network devices such as routers, switches, bridges, hubs, and wireless access points. 5) What is the purpose of the distribution layer? It controls the flow of network traffic. In particular, it controls traffic between different broadcast domains (subnetworks, VLANs). It aggregates traffic from the access layer that needs to be passed to the core layer for longer distance transmission. 6) What sorts of devices are found at the distribution layer? High-performance switches. They should have high availability and redundancy to ensure reliability 7) What is the purpose of the core layer? It is the high speed backbone of the network. Its main task is to forward large amounts of data quickly. 8) What is a collapsed core model and where might it be used? The distribution layer and the core layer are combined. It is used for smaller networks.

1|Page

9) What is a wiring closet? A room designed to hold network devices such as switches and routers. It is a central point where network cabling comes together. 10) Why is it not easy to see the logical hierarchical design of a network when looking at the network layout in a building? The devices operating at different layers may not be physically separated. For example, switches operating at different layers may be kept in the same cabinet. 11) Why is redundancy important in a network? It gives better availability and reliability. If one switch or link goes down then an alternative path can be used. 12) Which layers normally have redundancy built in? Core and distribution layers. 13) How can the hierarchical design help to give high performance? Traffic (and particularly long distance traffic) is forwarded through distribution layer and core layer switches that are designed to work at high speeds, and not through a series of lower-speed access layer switches. 14) How can switches at the different layers contribute to network security? Access layer switches can restrict the devices that are permitted to connect to their ports. Distribution layer devices can be configured with access control policies that restrict traffic according to IP addresses or application layer protocols. (The core layer is optimised for speed. Security measures are not appropriate at this layer because they slow things down.) 15) How does a hierarchical design help to make a network manageable? Switches at a given layer have similar functions and therefore are likely to have similar configurations. This makes it easier to check configurations and to configure new switches. 16) Should the same type of switch be used at each layer of the hierarchical design? No. The distribution and core layers need very fast switches. The access layer can use less expensive switches.

2|Page

17) What is network diameter in hierarchical network design? Network diameter is the number of devices that a packet has to cross before it reaches its destination. 18) What is network device latency? Network device latency is the time spent by a device as it processes a packet or frame. 19) What sort of processing does a switch have to do on each packet? The switch has to look in the frame header and find the destination MAC address. It then looks this address up in its MAC address table and finds the matching exit port. It then forwards the frame out of the port. 20) How can bandwidth aggregation be implemented? Switches can be linked by more than one physical link. These physical links can be combined into one logical link that makes use of the combined bandwidth. 21) Why is redundancy not normally provided at the access layer? It would be too expensive. The advantage of improved reliability would not justify the extra cost. 22) When designing a new network, at which layer would you start? At the access layer. Make sure that all end devices will be able to connect to the network. 23) What is a converged network? A network that carries voice, video and data. 24) What factors have slowed the move towards converged networks? Converged networks need special switching equipment that was originally affordable only by big companies. Converged networks need Quality of Service management to give voice and video traffic priority over data. Converged networks need people with expertise to set them up and manage them. Where firms have existing separate networks that work well, the firms may be reluctant to make a change.

3|Page

25) What are the benefits of a converged network? In a new build, there is only one set of cabling to install instead of two or three. There is only one network to manage instead of two or three. This may mean having one set of people to run the network instead of several sets of people, so the company may employ fewer staff. When changes are needed, there is only one network to change. New communications options are possible. A PC can be used to make phone calls or for videoconferencing by adding appropriate software and peripherals. There is no need for a separate IP phone or videoconferencing equipment. 26) Why was videoconferencing equipment originally kept on a separate network from data or phones, and what made it possible to combine videoconferencing with other networks? Videoconferencing requires large amounts of bandwidth and is sensitive to delays. It was kept separate to avoid conflict with data traffic. Developments in network design, using the hierarchical model and quality of service policies, have allowed videoconferencing to share a network with voice and data without significant reduction of quality.

1.2 Matching Switches to Specific LAN Functions 27) What is traffic flow analysis, and why might you want to do it?
Traffic flow analysis is the measurement of bandwidth usage. It can show what demands different sources of traffic are making on the network. You might do it to get the information you need to improve network performance, plan network changes, decide if you need to upgrade, and decide what type of new equipment is needed. 28) How can measurements be made in order to carry out a traffic flow analysis? It can be done manually by monitoring switch ports, but this is time consuming and not feasible for large networks. There are software analysis tools that take the measurements and perform the analysis, giving a visual display 29) How can a User Communities Analysis help with network design? Users are normally grouped by job function because they have similar requirements for bandwidth, applications, access to servers etc. The User Communities Analysis shows what demands the different groups of users make on the network. Some design implications are: The number of switch ports needed for each group of users, including possible growth. The location of servers that the users access. The bandwidth requirements of the users 4|Page

30) Which two types of traffic need to be considered when planning data storage facilities? Client-server traffic and server-server traffic. 31) How can server-server traffic be optimised? Servers and data stores should be kept physically close to each other and should be connected by high performance switches. Businesses often keep their servers and data stores in a secure data centre. 32) How might you deal with a bottleneck where there is insufficient bandwidth? Use link aggregation (multiple links between switches) or install higher performance switches. 33) Why is it important to produce a topology diagram as part of the network design process? It is difficult to produce a topology diagram later by examining the network itself, and the diagram is necessary for the efficient management of the network. It shows all the switches and how they are connected, including aggregated links and redundant links, and the ports used. It shows how servers, storage devices and end user devices such as workstations are connected. 34) How is the thickness of a switch (top to bottom) measured? In rack units (U). 35) What is the difference between a fixed configuration switch and a modular switch? A fixed configuration switch has a fixed number of ports and these cannot be changed. A modular switch has a chassis that can take line cards. The line cards contain the ports. A modular switch can therefore have different numbers or types of ports, depending on the choice of line cards. 36) What are stackable switches? Stackable switches are designed to be connected together and act as a single switch. The connection between the switches is through a special high speed port and not through the normal switch ports.

5|Page

37) What is the port density of a switch? The number of available access ports. If 80 outlets need to be connected to a switch, why is a single large modular switch likely to be a better choice than four fixed configuration switches with 24 ports each? The four switches each need their own power supply, and they use ports to connect to each other. They may need several ports for each link if aggregation is needed. The single large switch needs a single power supply. No ports are needed for internal links, and the switchs internal backplane provides a higher speed connection than links between switches. 38) What is wire speed, and what is forwarding rate? Wire speed is the data rate that a switch port can attain. A port may be designed to operate at 100 Mb/s Fast Ethernet or 1000 Mb/s Gigabit Ethernet. The forwarding rate is the amount of data that the switch can process per second. If the forwarding rate is less than the total wire speed of all the ports then it is not possible for all the ports to operate simultaneously at their wire speed. 39) What is Etherchannel? A system that uses link aggregation to provide high bandwidth between switches. Up to 8 ports can be bound together so that they act as a single link. 40) What is PoE and what are its advantage and disadvantage? Power over Ethernet is a feature that lets a switch provide a power supply to a device such as an IP phone or a wireless access point. The power is supplied over the Ethernet cable. The advantage is that the devices do not need a separate power supply, so it may be possible to position them more flexibly. The disadvantage is that the feature makes the switch much more expensive. 41) At which OSI layer to typical traditional switches operate? Layer 2. 42) What is a multilayer switch? A switch that operates at layer 3 as well as at layer 2. For example, it can forward packets based on IP addressing, not just on MAC addressing.

6|Page

43) What features are required for access layer switches? Port security, VLANs, Fast Ethernet/Gigabit Ethernet, PoE, and link aggregation. Quality of Service is needed for converged networks.

44) What features are required for distribution layer switches? High forwarding rate to allow all ports to operate to their full bandwidth High bandwidth links (possibly 10Gbps) and link aggregation Redundancy to ensure reliability and availability Multiple, hot-swappable power supplies Quality of service to maintain priority for video and voice traffic Inter-VLAN routing (layer 3 function) Access control lists for security (layer 3 function) 45) What features are required for core layer switches? Very high forwarding rates as this is the high speed backbone of the network. High bandwidth ports, preferably 10Gbps. Support for link aggregation. Redundancy to give reliability and availability. Redundant power supplies. Efficient cooling. Hot-swappable hardware components to avoid downtime for maintenance. Support for quality of service. (Particularly important where there are links to lower bandwidth WANs.) Layer 3 features. 46) Which Cisco Catalyst switch does not provide a command line interface? Catalyst Express 500

47) Which Catalyst switch is suitable for access level use in small organisations, provides up to 48 ports, but does not provide PoE? Catalyst 2960 48) What does the Catalyst 3560E switch provide that the 3560 switch does not? 10 Gbps connectivity. 49) Which catalyst switch has forwarding rates up to 720 Gbps? Catalyst 6500

7|Page

50) Which type of catalyst switch can be stacked so that up to 9 switches can operate as a single logical switch? Catalyst 3750 51) What is special about the Catalyst 4900 series switches? They are designed for use in data centres for linking servers and data stores.

8|Page

CCNA3 Exploration Chapter 2. Study questions. Answers

2.1
How does CSMA/CD work? A device that needs to transmit must listen for traffic on the shared medium. If there is traffic then it waits. If there is no traffic then it sends. The device continues to listen while sending. If another device also sends then the signals will meet and there is a collision. The device detects a collision if it receives signals while it is transmitting. On detecting a collision, the transmitting devices send out a jamming signal to warn all devices on the network that there is a collision. All devices stop transmissions and run the backoff algorithm that gives them a random time to wait before attempting to transmit again. Any device may be the first to transmit after the backoff period. The devices that were transmitting at the time of the collision do not have any priority.

What are unicast, broadcast and multicast transmissions? A unicast transmission is addressed to one host. The majority of transmissions are unicast. A broadcast transmission is addressed to all hosts on the network, e.g. ARP request, RIPv1 updates. A multicast transmission is addressed to a specific group of devices. RIPv2 updates are multicast and processed only by routers running RIPv2. Videoconferencing between a group of hosts would use multicast messages. In an Ethernet frame, which field comes immediately after the start frame delimiter, and how long is this field? The Destination MAC Address field, which is 6 bytes long. What is the purpose of the Length/Type field? If the value in the Length/Type field is less than 0x0600 then it gives the length of the frames data field. If the value is 0x0600 or more then it is a code to identify the type of protocol running at OSI layer 3. How long is the data field, and why is a pad sometimes needed? The data field can be anything from 46 to 1500 bytes. A data field of 46 bytes would give a total frame length of 64 bytes, and this is the smallest frame allowed in order for collisions to be detected in time for the CSMA/CD process to work properly. If the amount of data is less than 46 bytes then a pad is added to make the length up to 46 bytes.

9|Page

What is the purpose of the field in the frame trailer? The trailer contains the Frame Check Sequence Field. The sending device carries out a cyclic redundancy check calculation based on the contents of the frame, and stores the result in this field. The receiving device carried out the same calculation and compares the result with the contents of the field. If they are different then the frame has been corrupted in transmission and should be discarded. How long is a MAC address and how is it written? 48 bits. It is written as 12 hexadecimal digits in one of three formats: 00-05-9A-3C-78-00, 00:05:9A:3C:78:00, or 0005.9A3C.7800. How does the NIC of a receiving PC use the destination MAC address? If the destination MAC address is the address of the Ethernet port of the NIC, or is a broadcast address or a multicast address being used by the device, then the frame is passed up to the network layer for further processing. If not, then the frame is discarded. What is the Organizational Unique Identifier? The first 24 bits of a MAC address. It identifies the manufacturer of the NIC or device. Where must half duplex transmission be used on an Ethernet network? Where there is a shared medium, for example where devices are connected by a hub. Ports set to use full duplex have their collision detection capabilities disabled, so full duplex must not be used on a shared medium. What are the conditions for collision-free operation on an Ethernet network? Fully switched and full duplex so that each end device has a dedicated link in each direction to the switch. What is the advantage of having a switch port set to auto, rather than full or half, and what is a potential problem? A switch port set to auto will attempt to negotiate with the device at the other end of the link on whether the link should operate using full or half duplex. If the other device is also able to autonegotiate then they will choose the best option that they can both manage, which should be full duplex. There is no need for manual configuration. There could be a problem if the other device is not able to autonegotiate, but is set to use full duplex. When autonegotiation fails, the switch will default to half duplex and there will be a mismatch leading to errors. 10 | P a g e

What is the advantage of having the auto-MDIX feature enabled on a switch port? You can use either a straight-through or a crossover cable. The switch will detect which is in use and compensate accordingly. What is the purpose of a switch MAC address table? It contains a list of switch ports with the MAC address of the device connected to each port. When a frame arrives, the switch reads the destination MAC address and forwards the frame out of the correct port. How does a switch build its MAC address table? It reads the source MAC address in each incoming frame and matches it to the entry port. It adds the information to its table. (Or refreshes the information if it is already there.) What does a switch do if a frame arrives and the destination MAC address is not in its MAC address table? It floods the frame out of all ports except the incoming port. What does a switch do with a broadcast frame? It floods the frame out of all ports except the incoming port. You replace a hub with a layer 2 switch. How does this affect collision domains? It replaces a large collision domain with many small collision domains. (This should reduce the number of collisions and improve performance.) You replace a hub with a layer 2 switch. How does this affect broadcast domains? It has no effect on broadcast domains. Why can switch based latency be a problem if cheap switches are used on a busy network? Entry level switches (the cheaper models) may not have enough internal processing power to cope with all their ports operating simultaneously at their maximum bandwidth. This can cause delays. More expensive models of switch should have enough internal throughput to work at wire speed so that switch based latency is not an issue.

11 | P a g e

Why do routers typically add more latency than switches? Routers work with layer 3 data, which is more deeply encapsulated and takes longer to extract from a frame, and they carry out more complicated processing on the data. Why does a router split a network into separate broadcast domains? Because a router does not forward broadcasts by default. Which forwarding method is used on current models of Cisco switch? Store and forward is used on current switch models. What are the two varieties of cut-through switching, and how do they work? Fast forward reads an incoming frame only as far as the end of the destination MAC address and then immediately starts to transmit on the outgoing port while the remainder of the frame is still being received. It does not carry out any kind of checking of the frame. Fragment free reads the first 64 bytes of the frame before starting to forward it. This ensures that the frame is at least 64 bytes long and therefore not a collision fragment. There is no other checking. How does store and forward switching work? The switch stores the whole of an incoming frame into a buffer, reads the whole frame and carries out a cyclic redundancy check. Damaged frames are discarded. The frame is then forwarded through the appropriate port. What is the main advantage of cut-through switching? Low and predictable latency. What are the advantages of store and forward switching? All frames are checked so that corrupted frames are not forwarded to take up bandwidth and processing time on other devices. It is possible to carry out quality of service (QoS) processing to give priority to voice and video traffic, so this form of switching is necessary on converged networks. It is possible to read a frame entering at one bandwidth and transmit it at a different bandwidth. What is the difference between a symmetric switch and an asymmetric switch?

12 | P a g e

A symmetric switch has all ports working at the same bandwidth. An asymmetric switch is capable of operating with ports working at different bandwidths. Most modern switches are asymmetric. How is shared memory buffering better than port-based memory buffering? Port-based memory buffering has a separate buffer of fixed capacity for each incoming port. Shared memory buffering puts all incoming frames into the same buffer so that the memory can be allocated dynamically as required. This can allow larger frames to be processed. Port-based memory buffering keeps frames entering by each port in a separate queue. If the frame at the front of the queue needs an exit port that is busy, then the frames behind it have to wait even if their exit ports are available. In shared memory buffering, each frame can leave as soon as its exit port is available. Where ports are operating at different bandwidths, shared memory buffering is particularly important. How does a layer 3 switch differ from a layer 2 switch? The traditional Ethernet switch is a layer 2 switch, which processes layer 2 MAC addresses in order to determine how to forward frames. A layer 3 switch can do this, but it can also process layer 3 IP addresses and use them to make switching decisions. This enables layer 3 switches to carry out some routing operations that would traditionally be carried out by a router. What factors would you take into account when choosing between a layer 3 switch and a router? The need for speed the switch is faster. The need for WAN connections router is normally better. The need for advanced layer 3 services need a router. Switch>enable What are you doing if you give this command? What prompt will you see next? Changing from user exec mode to privileged exec mode. Switch# Which commands would you give in order to enter interface configuration mode for interface Fa0/1, starting with the following prompt? Switch> Switch>enable Switch#configure terminal Switch(config)#interface fa0/1 Switch(config-if)# 13 | P a g e

What is Cisco Network Assistant? Cisco Network Assistant is an application that can be downloaded from Cisco if you have a valid CCO account. It lets you manage single switches or groups of switches by using a graphical user interface rather than the command line interface. What is Cisco Device Manager? Cisco Device Manager is software that lets you configure and manage a switch using a web browser from anywhere in the network. This software is provided with the switch. What are the two ways of using ? to obtain help when using the command line interface? Start entering a command word and type ? without a space in front of it. You should see a list of possible ways of completing the word. Type ? with a space in front of it. You should be given a list of words that can be entered next. What is the command history buffer, and how can you show its contents? It stores the last 10 commands that were entered. (By default. You can change the number.) Each mode has its own buffer. show history is the command to list the contents. You need to give it at the right prompt, depending on which modes commands you want to list. What happens when you power up a switch? Boot loader software loaded from NVRAM. CPU initialisation and POST. Flash initialised. Operating system found and loaded. Configuration file loaded. Prompt displayed. How do you know whether a switch has passed or failed the POST? The SYST LED will blink green if the POST was successfully completed, but turn amber if it was not. POST messages are also displayed if you have a console connection active as you start the switch. Does a switch need an IP address?

14 | P a g e

A switch will operate without an IP address. If you want to access the switch remotely by Telnet or using the web based interface or if you want to be able to ping it for test purposes then you need to give it an IP address.

Which switch interface(s) should be configured with an IP address, and do you need a different IP address for each interface? Unlike a router, a switch is configured with just one IP address. This address is not configured on any of the physical interfaces. Instead it is configured on a virtual interface: a VLAN interface. At least one of the physical interfaces needs to be assigned to the VLAN that has the IP address. By default, which VLAN is used for switch management, and is it considered good practice to keep to this default? By default, VLAN 1 is used. This can lead to security problems so it is advisable to use a different VLAN for management purposes. (In the example, VLAN 99 is used, but this does not have to be the case.) Starting from privileged exec mode on switch SW1, how would you configure the ip address 192.168.1.2/24 on VLAN 99 and associate the physical FastEthernet 0/24 interface with this VLAN? Go on to configure the default gateway 192.168.1.1 and save the configuration. SW1#configure terminal SW1(config)#interface vlan 99 SW1(config-if)#ip address 192.168.1.2 255.255.255.0 SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)#interface fa 0/24 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 99 SW1(config-if)#exit SW1(config)#ip default-gateway 192.168.1.1 SW1(config)#exit SW1#copy run start What is the effect of the commands duplex auto and speed auto given in interface configuration mode on a switch? That switch port will attempt to autonegotiate the duplex setting and the bandwidth with the attached device. (This is the default condition on most switches, so you should not need to give these commands if you want autonegotiation.)

15 | P a g e

What is the advantage of including the command ip http server in the switch configuration? It allows you to use the web based GUI interface for configuring the switch if you access the switch remotely. How does a dynamic address get into the switch MAC address table? The switch learns it by inspecting the source MAC address of an incoming frame. What is the advantage of using static addresses? It provides security. Only the device with the specified MAC address can connect to the switch port. Also, static addresses are not aged out and removed from the table. What command would you give to map the MAC address 000c.7671.7d90 to interface fa 0/6 on VLAN 3? mac-address-table static 000c.7671.7d90 vlan 3 interface fa 0/6 Which command would display the saved configuration? Show startup-config Which command would display the configuration currently in RAM? Show running-config Which command would give information about the hardware and the operating system? Show version Which command would display the table of MAC addresses and associated ports? Show mac-address-table Which command would tell you if ports are operational, and give their duplex and speed settings? Show interfaces You can save a switch configuration by entering copy run start but what is the full formal version of this command? What assumptions are made when you use the short version? Copy system:running-config flash:startup-config 16 | P a g e

The short version assumes that the running configuration is in RAM (system) and that you want to save the configuration to flash NVRAM memory. How would you make a copy of your saved configuration to a file called backupJan08 in flash memory? Copy startup-config flash:backupJan08 (Or shorten to Copy start flash:backupJan08 ) You want to go back to the saved configuration. Why is it better to reload the switch rather than using the command copy start run? Copy start run will read the saved configuration into RAM, but it will not remove the commands already in RAM, it will just add to the existing running configuration. This may not be what you want. Which command would you use to make a copy of the running configuration to a file called SW1config on a PC with IP address 192.168.13.6 that is running TFTP server software? copy system:running-config tftp://192.168.13.6/SW1config (copy run tftp://192.168.13.6/SW1config) If you just enter copy run tftp then the system will prompt you for the IP address and the file name. You have used the command erase start to remove a saved startup configuration. Which command has the same effect? erase nvram: How would you remove a file called backupJan08 from flash memory? delete flash:backupJan08 (Be very careful when deleting files from flash. The IOS is held there with other vital files.) How would you configure switch SW1 so that console access and telnet access are protected by a password? Start in privileged exec mode and return there. Assume that the switch has 16 vty lines. Use cisco as the password in every case as you would in the lab (though of course you would not use this password on a real network). SW1#configure terminal SW1(config)#line con 0 SW1(config-line)#password cisco SW1(config-line)#login SW1(config-line)#line vty 0 15 17 | P a g e

SW1(config-line)# password cisco SW1(config-line)# login SW1(config-line)#end Which password is encrypted by default? Enable secret, which protects access to privileged exec mode. How can the login passwords, which are not normally encrypted, be given weak encryption? service password-encryption You want to establish a console connection with a 2960 switch, but you have forgotten the login password. You want to keep the existing saved switch configuration. What do you do? Set up a Hyperterminal connection in the usual way. Power the switch off. Power the switch on, and press the Mode button within 15 seconds while the SYS LED is still flashing green. Hold the mode button down until the LED goes amber then solid green. Give the following commands: flash_init load_helper dir flash (to show the files in flash memory) Check that the configuration file is there. It should be called config.text. Rename the configuration file so that the switch cannot find and load it. The suggestion is to call it config.text.old, though you could call it anything you like. rename flash:config.text flash:config.text.old Give the command to boot the switch so that it loads its operating system. It will also try and fail to find a saved configuration to load. boot There is no configuration in force and therefore no passwords. You have access to the switch. Do not enter the setup dialogue. You see the user exec prompt. Go to privileged exec mode. You are now safely in past any passwords, so you can restore the configuration. Give the configuration file its original name back. rename flash:config.text.old flash:config.text Copy the configuration into RAM flash:config.text system:running-config and confirm this when prompted. Set new passwords as required and save the new configuration.

If you configure both a login banner and a motd banner, which will display first? 18 | P a g e

The motd banner. Why should SSH be preferred to Telnet for remote access whenever possible? SSH messages are encrypted but Telnet messages are not. What is happening here? SW1(config)#ip domain-name ourdomain.com SW1(config)#crypto key generate rsa SW1(config)#ip ssh version 2 SW1(config)#line vty 0 15 SW1(config-line)#transport input SSH The switch is being configured to use SSH instead of Telnet on the vty lines. Which command would allow either SSH or Telnet to be used? SW1(config-line)#transport input all What is a MAC flooding attack? This attack depends on the facts that a switch MAC address table is limited in size, and that a switch will flood frames whose destination MAC address is unknown. The attacker makes a connection to the switch and sends the switch a large number of frames with fake source MAC addresses by using a network attack tool. This fills the table up. The switch then floods all incoming frames (fail-open mode). The attacker therefore receives all frames addressed to any host on the network. What is a DHCP spoofing attack? The attacker introduces a rogue DHCP server that is on the network segment under attack and therefore likely to be closer than the genuine DHCP server. When a host requests an IP address, the rogue DHCP server replies first and gives the host an IP address and a default gateway which directs traffic to the attackers device. Traffic from the host that should go to a remote network will go to the attacker instead. What is DHCP snooping? It is a security feature on a Cisco catalyst switch. It allows certain ports to be configured as trusted. Only devices connected to these ports are allowed to provide DHCP information to clients. All devices can still request IP addresses. It can also limit the rate at which DHCP requests can be sent. Why is CDP a security risk?

19 | P a g e

An attacker using Wireshark (or similar) could inspect the contents of CDP packets and find out about devices. The attacker could also fake CDP packets to give false information to neighbour devices. CDP should therefore be disabled unless it is required. What are the three types of secure MAC address that can be configured on a switch port? Static, dynamic and sticky. By default, what is the security violation mode of a switch port? Shutdown. Which type of port security is being configured here? SW1(config)#int fa 0/12 SW1(config-if)#switchport mode access SW1(config-if)#switchport port-security Dynamic How would you configure switch port 0/13 to learn and accept the first four MAC addresses that connect to it, as secure sticky addresses, but then reject any other MAC addresses? Start at the prompt SW1(config)# SW1(config)#int fa 0/13 SW1(config-if)#switchport mode access SW1(config-if)#switchport port-security SW1(config-if)# switchport port-security maximum 4 SW1(config-if)# switchport port-security mac-address sticky SW1(config-if)#end Your switch has 24 ports but you are only using 14 ports at present. What should you do to enhance security? Disable all the unused ports using the shutdown command.

20 | P a g e

CCNA3 Exploration Chapter 3. Study questions. Answers

3.1
Why is it generally a good idea to split up a large network into smaller networks? Splits up broadcast domains, which cuts down traffic and should improve performance. Allows different groups of users to have different facilities and security regimes. What is the advantage of implementing subnets as VLANs rather than using routers to separate subnets? VLANs can be implemented using switches, which are cheaper and operate more quickly that routers. (Though a layer 3 device such as a router is still needed to route traffic between VLANs.) A VLAN can be implemented across several switches in different locations, so that a group of users with the same requirements does not have to be all together in the same place. How many VLANs can there be on a Catalyst 2600 series switch? 255 Which VLANs exist by default on a Catalyst 2600 switch, and which of these are intended for Ethernet networks? VLAN 1 is for Ethernet. VLANs 1002 to 1005 also exist, but are for use on Token Ring or FDDI networks. If you create a normal range VLAN, where will the information about it be stored? In a file called vlan.dat which is in flash memory. (Not in the running or startup configuration.) A new Catalyst switch has not yet been configured. Are the Ethernet ports associated with any VLAN? If so, which one? By default, all Ethernet ports are in VLAN 1. Should you configure the switch IP address on VLAN 1? You could, but it is better for security reasons to create another VLAN to be the management VLAN and assign the IP address to it. This management VLAN will be used only for managing the switch via Telnet, SSH or the web based interface.

21 | P a g e

What name is given to the type of VLAN that carries normal user traffic such as files, downloads and e-mails? Data VLAN or User VLAN. Which type of VLAN needs special configuration so that its traffic has priority over other traffic? Voice VLAN. What are the two methods of assigning an end device to a VLAN, and which method is more common? (Assume that voice traffic is not required.) Port based or static VLANs are configured on switch ports and a device connecting to a port belongs to the VLAN configured on that port. Dynamic VLANs assign devices to VLANs using the MAC addresses of the devices, and these VLAN to MAC address matches need to be stored on a server. Static VLANs are more common. A PC attached to a switch sends out a broadcast ARP request. Which devices will receive the ARP request? Devices on the same VLAN as the PC. Which devices allow inter-VLAN communication? Routers or layer 3 switches. What is a VLAN trunk? A link that carries traffic for more than one VLAN. It is a point to point link between two switches or between a switch and a router. What is frame tagging? It is a method of adding information to a frame to show which VLAN the frame belongs to. It is used only on VLAN trunk links. Which protocol is now most commonly used for frame tagging, and which other protocol may still be in use? IEEE 802.1Q is now the common protocol. Inter Switch Link (ISL) is a Cisco proprietary protocol that is no longer supported by newer Cisco switches, but may still be in use.

22 | P a g e

What is the purpose of the EtherType field in a frame, which is set to the hexadecimal value of 0x8100? It signals to the device receiving the frame that this is a tagged IEEE 802.1Q frame containing VLAN information. If the frame were untagged then the device would find the length/type field in this position. What does a switch port on a trunk link do if it receives a frame without a tag? Forwards it on to the native VLAN. By default this is VLAN 1, but usually a different native VLAN is configured on a trunk link. Why can native VLANs and VLAN trunks give problems when Cisco devices and nonCisco devices are mixed on a network? Cisco devices do not tag frames from the native VLAN when forwarding them on a trunk link, but some non-Cisco devices do tag them. By default, Cisco switches drop tagged frames destined for the native VLAN, so frames from non-Cisco devices may be dropped. How can you configure the fastethernet interface fa0/1 of switch SW1 to be a trunk port? SW1(config)#int fa0/1 SW1(config-if)#switchport mode trunk How can you configure the fastethernet interface fa0/2 of switch SW1 to be a port that handles traffic from one VLAN only? SW1(config)#int fa0/2 SW1(config-if)#switchport mode access What is the purpose of Dynamic Trunking Protocol? It allows linked switches to negotiate on whether or not the link between them is a trunk link. Two switches are connected. If both ends of the link are ports in dynamic auto mode, will the link be a trunk or not? No, it will be an access link. Two switches are connected. If both ends of the link are ports in dynamic desirable mode, will the link be a trunk or not? Yes, it will be a trunk link. 23 | P a g e

What is the currently approved method of creating a VLAN, number 6, called Finance, on switch SW1? SW1(config)#vlan 6 SW1(config-vlan)#name Finance SW1(config-vlan)#end Which other mode could be used for creating a VLAN? Database configuration mode. (You dont go into global configuration mode. Starting from privileged exec, you go straight into VLAN database mode. No longer recommended.) Which command will let you see a list of all existing VLANs and the ports that are associated with each one? Show vlan brief (or show vlan) What information does the command show vlan summary give you? It tells you how many VLANs there are on the switch. No VLAN numbers, names or detail. Which command would show you whether or not VLAN 4 is up? Show int vlan 4 What is the effect of the commands: SW1(config)#int fa0/12 SW1(config-if)#no switchport access vlan SW1(config-if)#end Interface fa 0/12 will be removed from its existing VLAN and returned to the default VLAN. (VLAN 1 unless this has been changed.) What is the effect of the commands: SW1(config)#no vlan 7 SW1(config)#exit VLAN 7 is deleted. If any ports are assigned to VLAN 7 then they will become inactive. They need to be assigned to another VLAN before they can be used again. What is the effect of the command: SW1(config)#delete flash:vlan.dat

24 | P a g e

The VLAN database in flash memory is deleted. When the switch is reloaded, all configured VLAN information will have disappeared (you hope!).

You configure interface Fa0/1 as follows: SW1(config-if)#switchport mode trunk Which is the native VLAN, and which VLANs can this interface handle? VLAN 1 is the native VLAN. The trunk can handle traffic belonging to all VLANs. Which additional commands would you give to make VLAN 90 the native VLAN and to permit traffic belonging to VLANs 3, 4 and 5 only? SW1(config-if)#switchport trunk native vlan 90 SW1(config-if)#switchport trunk allowed vlan add 3,4,5 Which command would show you how interface Fa0/1 has been configured for trunking? SW1# show interfaces fa0/1 switchport You give the commands: SW1(config)#int fa0/1 SW1(config-if)#no switchport trunk allowed vlan SW1(config-if)#end Which VLAN traffic can now pass over the trunk link? Traffic for all VLANs. (Default condition is restored.) How can you stop interface Fa0/1 from being a trunk link? SW1(config)#int fa0/1 SW1(config-if)#switchport mode access SW1(config-if)#end A trunk link is not working correctly. What should you check? Have the ports at both ends of the link been configured with the same native VLAN? Are the ports at both ends of the link working as trunk links or is there a problem with their modes? (E.g. one of them configured as an access port or both of them in dynamic auto mode.) Are all the required VLANs allowed on the trunk at both ends? Do all the devices on a VLAN have addresses on the same subnet? (Easy to get this wrong.) 25 | P a g e

CCNA3 Exploration Chapter 4. Study questions. Answers

4.1
What is the purpose of VTP? To make the management of VLANs easier by allowing switches to learn about VLANs from each other. What sort of link between switches is needed to transmit VTP advertisements? A trunk link. What are the three VTP modes that a switch could take? Server, client and transparent. What name is given to a group of switches that share VLAN information using VTP? A VTP domain. Which VTP modes allow switches to save VLAN information in the vlan database? Server mode switches store VLAN information for their domain. Transparent mode switches store information about their own VLANs. Which VTP versions can be used on a Catalyst 2960 switch, and which is the default version? Versions 1 and 2 can be used. Version 1 is the default. There is a version 3 that can be used on some switches, but no on the Catalyst 2960. How is a VTP domain identified? By its domain name. Which command is commonly used to display information about VTP? Show vtp status How is a VTP message encapsulated? It is encapsulated inside an Ethernet frame that is tagged using 802.1Q or ISL.

26 | P a g e

What destination MAC address is used for VTP messages? The multicast address 01-00-0C-CC-CC-CC What does a server switch do to the configuration revision number when a new VLAN is added? Increases it by 1. What is the purpose of including the configuration revision number in a VTP advertisement? It shows the receiving switch whether the advertisement contains more up to date information than the information that it already has. Which type of VTP advertisement contains information about VLANs? The subset advertisement. How often does a switch send out summary advertisements? Every 5 minutes, or when the VLAN configuration is changed. A client switch is reset. How does it obtain VLAN information? It does not have any vlan database of its own, so it needs to obtain VLAN information from a server switch in its domain. It sends out a VTP request advertisement and receives information in a subset advertisement from the server. A client switch receives a summary advertisement with a lower configuration revision number than its own. What does it do? It will forward the summary advertisement to any other switches, but do nothing else about it. There is no newer VLAN information available. A client switch receives a summary advertisement with a higher configuration revision number than its own. What does it do? It sends out a VTP request advertisement and receives information in a subset advertisement from the server. A transparent switch receives a summary advertisement. What does it do? It will forward the summary advertisement to other switches but ignore its contents.

27 | P a g e

Which modes of switch will allow you to create new VLANs? Server switches (for the domain) and Transparent switches (for local use only). Is it possible to have more than one server switch on a domain? Yes. It is a good idea to have more than one server. If there was only one server and it failed, then the VLAN information would be lost. Is a transparent switch able to obtain VLAN information when it reboots? If the switch has any VLANs configured then they will be saved in the switchs own VLAN database, and they will be retrieved. The switch stays in transparent mode (assuming that the configuration has been saved.) Does any VLAN configuration have to be carried out on a client switch? Switchports need to be assigned to VLANs. This is not done centrally, but is done on each switch. What is the effect of giving the vtp pruning command on a server switch? VTP pruning is enabled for the whole domain. VLAN flood traffic will be sent only where it is needed in the direction of devices on that VLAN. What happens to the vtp configuration revision number of a switch if you change its vtp domain name? It is reset to the default value of 0. Why might you want to change the domain name of a switch temporarily before adding it to an existing VTP domain? If the new switch has a configuration revision number of 0 then there is no danger of the new switch altering the VLAN information in the VTP domain and updating it with the wrong information. Which should you do first on a server, configure the VTP domain name or create the VLANs? Configure the domain name first because this will remove existing VLANs. Which command will make a switch into a VTP client? vtp mode client

28 | P a g e

If VTP is not working correctly, what should you check? VTP Version. It needs to be the same on all switches in the domain. Domain name. Is it exactly the same on all switches? VTP Password if any. Is it exactly the same on all switches? Check that there is at least one server. Better to have at least two. If you recently added a new switch, had its revision number been set to 0? Is it possible to have a VTP domain where all the switches are in server mode? Yes. CCNA3 Exploration Chapter 5. Study questions. Answers

5.1
Why is it an advantage to have redundancy in a switched Ethernet network? The additional devices and links provide alternative paths for data if some paths become unavailable because of equipment failure. This increases the reliability and availability of the network. What is the purpose of Spanning Tree Protocol? To prevent loops in a level 2 switched network where there is redundancy. What mechanism is available in the packet header to prevent endless routing loops, but is not available in the frame header to do the same for switching loops. Time to live field. If frames are caught in a loop, how can you break the loop? You need to break the loop physically by removing a connection or powering off a switch. What is a broadcast storm? A large number of broadcasts looping endlessly in a network, taking all the bandwidth so that normal traffic cannot be sent. What are the consequences of having a switching loop? Broadcast storms, duplicate unicast frames arriving, discrepancies in switch MAC address tables.

29 | P a g e

How can a physical loop occur? It may be created on purpose to give redundancy, or it may be created by accident if there is a confusion with cables. How does Spanning Tree Protocol manage physical loops to allow redundancy without allowing frames to travel in loops? It shuts down certain ports so that no loops are active. If a link fails and the blocked port is needed, then Spanning Tree Protocol will recalculate and unblock ports as required. What is the name of the type of frame that STP sends in order to carry out its function? Bridge Protocol Data Unit (BPDU) What is the Root Bridge in a switched network? The switch that is used as a starting point for the STP calculations. It is chosen by an election. What is a BID and what does it consist of? A bridge identifier. It identifies a switch for STP purposes. It consists of a priority number, the switchs base MAC address, and it may also include an extended system ID. How is the BID used in the choice of a root bridge? The switch with the lowest BID becomes the root bridge. The switches exchange BID information in their BPDUs. What is a root port? Every switch except the root bridge has one root port. It is the port closest to the root bridge the one with the lowest cost route to the root bridge. Root ports are allowed to forward frames. What is a designated port? A port that is allowed to forward frames, but is not a root port. What happens to a non-designated port? It is closed down by STP. It enters the blocking state. How often, by default, does a switch send out BPDUs? 30 | P a g e

Every 2 seconds. When a switch first starts up, which BID does it put in its BPDU as the root ID? Its own BID. It is saying that it is the root bridge. What would make a switch change the root ID that it puts in its BPDUs? If it receives a BPDU that has a lower value as the root ID then it uses this lower value. It is saying that it is not the root bridge, another switch is the root bridge.

If there are several switches between a certain port and the root bridge, how is the cost to the root bridge worked out? It is the sum of the costs of all the links on the route. The cost for a link depends on the bandwidth of the link. What is the revised IEEE value for the cost of a Fast Ethernet link? 19 How can you configure a switch so that it wins the election for root bridge? Change its priority so that it has the lowest priority value of any switch on the network. Why was the extended system ID added to the BID? It allows STP to support VLANs by running a separate process for each VLAN. The extended system ID contains the VLAN number. How is the root bridge chosen if all the switches have the default priority? The switch with the lowest base MAC address is chosen. If the default priority of a switch is 32768, why may the priority be shown as 32769? The VLAN number is added on. What does the command spanning-tree vlan 1 root primary do? It sets the switch priority to 24576, or to 4096 less than the lowest priority detected on the network whichever of these is lower. The effect is to make this the switch with the lowest priority so that it becomes root bridge.

31 | P a g e

Why do priority values go up in increments of 4096? Originally they went up in increments of 1 from 1 to 65536, using 16 bits. When the extended system ID was introduced, it took 12 of the original 16 bits. Only 4 bits remained. In order to keep the same maximum value, the priority needs to go up in steps of 4096 (212) You could try it out and see. Why might you use the command spanning-tree vlan 1 root secondary? It sets the switch priority to 24576. Assuming that you have used spanning-tree vlan 1 root primary on your chosen root bridge, and that all the other switches are left with the default priority, this switch will win the election if the root bridge fails. It therefore lets you choose a backup root bridge. What is a disabled port? A port that has been administratively shut down. It does not participate in STP. If a switch has two ports with the same cost route to the root bridge, which of these ports will become the root port? Each port has a port priority that can be configured, and the one with the lower priority becomes root port. If both have the same priority then the one with the lower port ID becomes root port. (E.g. Fa0/1 would win over Fa0/2.) If port Fa0/6 has the default port priority, how would its priority be written? 128.6 Why do all active ports on the root bridge become designated ports? Each segment has a designated port, and this is the port closer to the root bridge. If one of the ports on a segment is on the root bridge then it has to be the closer port, so it is designated. What are the five port states in the original STP? Blocking, listening, learning, forwarding, disabled. Which of these states are temporary and are not seen once the network has converged? Listening and learning. What is a port doing while it is in the Learning state?

32 | P a g e

Learning MAC addresses and building up its switching table. What are the purposes of the Hello, Forward delay and Maximum age timers? The Hello timer, default 2 seconds, controls the interval at which BPDUs are sent out. The Forward delay timer, default 15 seconds, controls the time the switch spends in the listening and learning states. The Maximum age timer, default 20 seconds, controls the time BPDU information is kept. After 20 seconds with no BPDU received, the switch will assume that the link is down and STP calculations will have to be run again. Can the timers be changed? They can, but it is not recommended. They are optimized for a network diameter of 7. If it is really necessary then the network diameter can be changed and the timers will automatically change with it, Even this is not recommended in normal conditions. What is PortFast? It is a Cisco proprietary method of speeding up STP convergence. Access ports that are connected to end devices, such as workstations, can never be involved in loops. It makes sense to bring them to the forwarding state immediately without spending time in listening and learning. A port configured with PortFast will do this. It is important not to configure a port as PortFast if it is connected to another switch, What are the three steps in STP convergence? 1. Elect a root bridge 2. Elect root ports 3. Elect designated and non-designated ports Why does STP use timers to keep switches in the blocking, listening and learning states for given lengths of time? It allows the network time to converge before user data frames are forwarded. This is based on a network diameter of 7 switches. Once a network has converged, BPDUs are normally sent outwards from the root bridge but not back towards it. How do switches inform the root bridge if a link goes down? They send a topology change notification (TCN) frame, which is a special BPDU. Why did Cisco introduce PVST and PVST+ as variations of STP? They provide support for VLANs, so that each VLAN can have its own instance of STP. Ports may be blocking for some VLANs but not for others. PVST used only ISL for trunking, but PVST+ supports both ISL and IEEE802.1Q. 33 | P a g e

Why was RSTP introduced? Rapid STP was introduced to avoid having to wait up to 50 seconds for the network to converge. What three port types are defined by RSTP? Discarding, Learning and Forwarding. What happens if you have some switches running STP and some running RSTP? They are compatible and will work correctly together. How does the BPDU for RSTP compare with the BPDU for STP? They have the same format same fields of the same length. RSTP has the version field set to 2. A switch running STP waits for 20 seconds (10 missed BPDUs) before assuming that the link is down. How long does a switch running RSTP wait? 3 missed BPDUs or 6 seconds by default. What is an edge port in RSTP? A port that is not intended to be connected to another switching device. It will only be connected to an end device such as a workstation. What is the advantage of having a port configured as an edge port? It will change to the forwarding state at once when it is enabled, and will not spend time in intermediate states. Which Cisco proprietary enhancement to STP is similar to the edge port in RSTP? PortFast What happens if an RSTP edge port receives a BPDU? Is its behaviour the same as that of a PortFast port used with STP? If an RSTP edge port receives a BPDU, this means that it has been connected to a switch. It immediately stops being an edge port. It reverts to normal and takes part in spanning tree activities. A PortFast port does not do this by default, though there is a feature that can allow it to do so.

34 | P a g e

On a Cisco switch, what is the command that configures a port as an RSTP edge port, and why was this command chosen? spanning-tree portfast This command was chosen to make the transition from STP to RSTP easier because the command is unchanged from the old PortFast configuring command. How can non-edge ports be classified? It depends on the type of link. They can be point-to-point or shared. The type can be found automatically or it can be configured. Which type of port makes most use of this classification? Designated ports.

RSTP has a discarding port state that is not found in STP. Which STP port states correspond to the discarding port state? Blocking, listening and disabled. In STP, root ports and designated ports are able to forward frames. RSTP has these port roles, but it introduces roles for ports that are not forwarding. What are these roles and what is their purpose? Alternate ports are discarding (closed down) but can take over from designated ports quickly when necessary. Backup ports are discarding, but can take over from root ports quickly when necessary. How can RSTP converge more quickly than STP, and without the use of timers? It works on one link at a time, closing it down briefly and determining the port roles, using a proposal and agreement process. Then it moves on to the next link. What is Rapid PVST+ ? It is Ciscos implementation of RSTP. It supports the use of VLANs. Do all the switches in a network have to be running Rapid PVST+ ? Not necessarily. At least one switch on each loop in a VLAN must be running it, otherwise there will be a broadcast storm. If a switch is running PVST+ by default, how can it be configured to run Rapid PVST+ ?

35 | P a g e

S1(config)#spanning-tree mode rapid-pvst What is the best choice of a root bridge? A powerful switch in the middle of the network with a direct connection to the servers and routers. This keeps the average distance traveled by frames as small as possible. What is the advantage of using some layer 3 switches in a network? They break up broadcast domains (as routers do), so there can be redundant links without forming switching loops that cause broadcast storms. They keep the advantage of forwarding very quickly (unlike routers). You have designed a network without switching loops. Should you disable STP? No. There is too much risk that a loop could be created by accident and cause a broadcast storm. It is better to leave STP running as it does not make too much demand on processing or bandwidth. Why is it essential for the network administrator to know the topology of the network, including all redundant links, which switch is the root bridge, and which ports are closed down by STP? If there is a problem, this information is required for troubleshooting.

CCNA3 Exploration Chapter 6. Study questions. Answers

6.1
How are VLANs and subnets related? Each VLAN is associated with a different subnet, so each VLAN has its own group of IP addresses. How do hosts on one VLAN communicate with hosts on another VLAN? The packets have to be routed from one VLAN (subnet) to another by using a router (or a multilayer switch). In traditional inter-VLAN routing, how is the switch linked to the router? There is a separate link, switch port and router port for each VLAN. The switch ports connected to the router are in access mode, not trunk mode. What is router on a stick inter-VLAN routing? 36 | P a g e

There is one trunked link connecting the router to the switch, so that all the VLANs use the same physical router port. Can all routers make a trunked link to a switch? Not all. It depends on the router IOS. Each VLAN is a separate subnet, so each VLAN will need a different IP address on the router. How can all the VLANs share one interface? Several subinterfaces, one for each VLAN, are configured on one physical interface, and each subinterface is given a different IP address. Suppose that a PC is on VLAN 2. What default gateway should be configured on the PC? The address of the router interface connected to that VLAN, if traditional inter-VLAN routing is used, or the address of the router subinterface assigned to that VLAN if router on a stick is used. What is the VLAN number if a router subinterface is configured as follows? R1(config)#int f0/0.2 R1(config-subif)#encapsulation dot1q 20 R1(config-subif)#ip address 172.17.2.1 255.255.255.0 R1(config-subif)#end The VLAN number is 20

Do you need to use the no shutdown command when configuring a router subinterface? No. The no shutdown command goes on the physical interface, not on the subinterface. What are the advantages and disadvantages of using router on a stick rather tha n traditional inter-VLAN routing? Using a single trunk link allows more VLANs to be added without the need for extra physical interfaces. It is cheaper to use a single trunk link, because routers with many interfaces are expensive. The physical cabling is simpler. Subinterfaces share the interface bandwidth and this might create a bottleneck. Not all routers are able to have subinterfaces configured for VLANs. The configuration for a trunk link is a bit more complicated than configuring separate interfaces.

37 | P a g e

6.2.1
Do you need to configure a routing protocol on a router that is used for inter-VLAN routing? No. If all the VLANs are directly connected then it will not need a routing protocol to route between them. Directly connected networks go into the routing table automatically. A routing protocol will only be needed if more than one router is involved. When inter-VLAN routing is used, how are the switchports that link to the router configured? If traditional inter-VLAN routing is used, with a separate link for each VLAN, then the switch port is in access mode and assigned to the appropriate VLAN. If router on a stick is used, then the switch port is configured for trunking. Which show command produces this type of output?

show interface fa0/4 switchport

CCNA3 Exploration Chapter 7. Study questions. Answers

7.1
What are the advantages of wireless networks over cabled networks? People can stay in contact with their work while they are travelling. People can move within a building without cables having to be moved. A business can move into a new building that does not have network cabling, and it is not necessary to run cables to each workstation, which saves on cost, though some cabling will still be needed. Over what range of distance would Bluetooth technology be used? Short range, for example between a peripheral device and a PC. Over what range of distance would the 802.11 standard be used?

38 | P a g e

Medium, in LANs (on one site) and MANs (on sites within the same town/city). At which OSI layers is the difference between cabled and wireless networks important? Layers 1 and 2 (physical and data link). What potential problems of a wireless LAN are not significant on a cabled LAN? Interference, and the ability of anyone to receive a transmission if they have a receiver within range. Wireless is also subject to regulation which may vary from country to country, Does the 802.11 standard use CSMA/CD? No. It uses collision avoidance rather than collision detection and recovery. How could a wireless-enabled laptop make a connection to a wired Ethernet network? It can connect through a wireless access point (AP) that is attached to the network by a cable. What were the advantages and disadvantages of using the 802.11b standard rather than the 802.11a standard? 802.11b was cheaper, it was less easily obstructed by walls etc, and it could have a longer range. On the other hand, it was slower, maximum rate 11 Mbps as opposed to 54 Mbps. It used the 2.4 GHz band rather then the 5 GHz band, which led to more interference as many appliances use the 2.4 GHz band. How does the current 802.11g standard compare with 802.11a and 802.11b? It uses the 2.4 GHz band like 802.11b. It is compatible with either of the earlier standards because it can use DSSS modulation like 802.11b with speeds up to 11 Mbps, or it can use OFDM modulation like 802.11a with speeds up to 54 Mbps. It has a similar range to the earlier standards. How is the planned 802.11n standard expected to provide higher data rates? It will use MIMO (multiple input/multiple output) technology. A high rate data stream will be split into two or more lower data rate streams. These streams will be sent at the same time using multiple antennae. Why is WiFi certification important? The IEEE standards cover modulation methods but not manufacture. Manufacturers could interpret the standards differently so that devices would not be compatible. The 39 | P a g e

WiFi alliance is an association of vendors. They certify that vendors are keeping to industry norms and standards so that their devices should work with devices from other vendors. How can a desktop PC be enabled to connect to a wireless access point? It can have a wireless NIC installed as an expansion card, or it can have a removable USB device. How can RTS/CTS help with the hidden node problem? Wireless is a shared medium and therefore subject to collisions. Stations sense transmissions and wait until the medium is clear before sending. The hidden node problem occurs when stations are unable to sense each other and so may transmit at the same time. RTS/CTS is a system where stations request the use of the medium, and the access point allocates time to them. Other stations have to wait before sending their own requests. What three roles are commonly combined in a wireless router? Router, Ethernet switch and wireless access point What is the purpose of the shared service set identifier (SSID)? It identifies the wireless network. The 2.4 GHz band is split into 13 channels for Europe. How far apart are the central points of these channels, and how wide are the channels? The channels have a centre frequency separation of 5 MHz. Each channel occupies 22 MHz of bandwidth so that they overlap. How can you ensure that adjacent access points use channels that do not overlap? Choose channels that are 5 channels apart, e.g. channels 1 and 6. What is an ad-hoc topology? Wireless enabled devices do not have an access point. They connect directly to each other and negotiate the wireless parameters with each other. An ad hoc network is also known as an independent basic service set (IBSS). What is a basic service area (BSA)? The area covered by a basic service set (BSS).

40 | P a g e

What is an Extended service set topology? A topology with more than one access point. When planning a wireless LAN, you will need to draw coverage circles on a floor plan, but what other factors should you take into account when locating access points? Place the access point above obstructions and not near to metal obstructions. Place the access point vertically and high up, perhaps near the ceiling. Place access points in locations where users will be making use of them. 7.2 What are the three major categories of security threat to a wireless LAN? War drivers who look for an unsecured network that will provide Internet access. Hackers (Crackers) who enter systems to steal data or cause harm. They can often get past weak security. Employees may install rogue access points without permission and without implementing the necessary security. What is the problem of having wireless devices with default settings ready to be used? The default settings are known. If the defaults are not changed then anyone can break into the system. A NIC on a shared medium will receive all transmissions but discard those that are not addressed to it. What would a man in the middle attacker do to make a wireless laptop accept transmissions addressed to another client? Use special software to adapt the NIC of the laptop so that it accepts all transmissions. The NIC then acts like an access point. How can denial of service attacks be carried out on a wireless network? Use common devices to create interference. (cordless phone, microwave, baby monitor) Flood the network with clear-to-send (CTS) messages. Clients then send simultaneously and cause a constant stream of collisions. Send a series of disassociate commands so that clients repeatedly disconnect then try to reassociate. What authentication was included with the original 802.11 standard and why was this unsatisfactory? Open authentication provided no security at all. The client requested authentication and the access point provided it without making any checks. WEP authentication was 41 | P a g e

designed to provide some privacy by using shared key encryption. This method was too weak because the encryption algorithm could be cracked. Also, the 32 bit keys had to be entered by hand and this led to errors. What authentication standard should be used now? 802.11i should be used. The Wi-Fi Alliance WPA2 standard is an implementation of 802.11i. What is 802.1x ? A standard specifying authentication protocols such as EAP (extensible authentication protocol.) Interim security measures included MAC filtering and turning off SSID broadcasts. Why are these not considered to be adequate security measures/ It is easy for attackers to get round MAC address filtering by using software to modify MAC addresses attached to adapters. SSIDs can be discovered by using a packet sniffer to monitor traffic. What is an AAA server and what protocol does it run? An Authentication, Authorization, and Accounting server. It stores authentication information. It runs a RADIUS protocol. (Remote Authentication Dial In User Service) What two enterprise-level encryption mechanisms specified by 802.11i are certified by the WiFi Alliance, and which of them is preferred? Temporal Key Integrity Protocol (TKIP) is the method certified as WPA and Advanced Encryption Standard (AES)is certified as WPA2. AES is preferred. TKIP can be used on legacy equipment. While configuring a wireless access point, you see a reference to PSK2. Which encryption method does this refer to? If neither TKIP nor AES is mentioned then WPA2 is used (AES). If PSK2 with TKIP is specified then WPA is used. How can you add depth to your security system on a wireless network? You should configure WLAN security, preferably WPA2. Then add extra safeguards that are not sufficient in themselves: Disable SSID broadcasts from access points. (SSID cloaking). Set up a manual table of allowed client MAC addresses on the access point. (MAC address filtering) 42 | P a g e

Try to restrict access to the network to within or near a building if possible, by giving access points near the outer walls a lower power setting than access points in the middle of the building. 7.3 What should you do before starting to install a wireless access point? Check the wired portion of the network, including Internet access and DHCP operation. What should you do before configuring security on a wireless access point? Check that at least one wireless host is able to make contact with the access point without security, that it can obtain an IP address and that it can ping the local router. What type of interface do wireless access points commonly offer for configuration? Web based interface. When configuring the access point, which mode should you choose if you have both wireless-G and wireless-N devices? Mixed. What should you remember when choosing the SSID? It is case sensitive. It can have up to 32 characters. All the devices in the wireless network must use the same SSID. It should be changed from the default for security. What radio band should you choose if your have only Wireless-G and Wireless-B clients? Standard - 20MHz Channel.

What radio band should you choose if your have only Wireless-N clients? Wide - 40MHz Channel. What radio band should you choose if your have Wireless-G, Wireless-B and WirelessN clients? Keep the default Auto. Which is the preferred security option? PSK2 (Same as WPA2 or IEEE 802.11i). 43 | P a g e

Why are other, less good, security modes offered? Older client devices may not have the best security option available. All devices must use the same security option. Which is the stronger encryption algorithm TKIP or AES? AES. What parameters might you need to set on the wireless host? The SSID, the authentication method, the encryption method and the network key. Which OSI layer is the recommended starting point for troubleshooting? Layer 1, the physical layer. If a client is having problems connecting to a wireless network, which device should be investigated first? The client itself.

44 | P a g e