CCNA Discovery 4 - Module 8 Exam Answers V.4 #1-5

1. Which mechanism is used to create a floating static route?
• administrative distance
• cost
• hop count
• passive interface

2. IPSec operates at which layer of the OSI model?
• application
• network
• datalink
• transport

3. Which is true regarding Frame Relay LMI?
• There are three LMI types standardized by ANSI, ITU-T, and Cisco.
• Routers at each end of a Frame Relay virtual circuit must always use the same LMI type.
• The LMI type must be manually configured.
• The only function of LMI is to verify the connection between the router and the Frame Relay switch.

4. Which statement identifies the IP address design for subinterfaces that are configured for a Frame Relay network?
• Multipoint configurations require the IP address of each subinterface on each router to be in its own subnet.
• Multipoint configurations require IP addresses for each subinterface on each router to be a part of the same subnet.
• Point-to-point configurations require IP addresses for each subinterface on each router to be a part of the same subnet.
• Point-to-point configurations do not require IP addresses on each subinterface on each router.
• Multipoint configurations do not require IP addresses on each subinterface on each router.

5. Which three algorithms can be used to encrypt user data in an IPSec VPN framework? (Choose three.)
• 3DES
• AES
• Diffie-Hellman
• DES
• ESP
• SHA

CCNA Discovery 4 - Module 8 Exam Answers V.4 #1-5

1. Which mechanism is used to create a floating static route?
• administrative distance
• cost
• hop count
• passive interface

2. IPSec operates at which layer of the OSI model?
• application
• network
• datalink
• transport

3. Which is true regarding Frame Relay LMI?
• There are three LMI types standardized by ANSI, ITU-T, and Cisco.
• Routers at each end of a Frame Relay virtual circuit must always use the same LMI type.
• The LMI type must be manually configured.
• The only function of LMI is to verify the connection between the router and the Frame Relay switch.

4. Which statement identifies the IP address design for subinterfaces that are configured for a Frame Relay network?
• Multipoint configurations require the IP address of each subinterface on each router to be in its own subnet.
• Multipoint configurations require IP addresses for each subinterface on each router to be a part of the same subnet.
• Point-to-point configurations require IP addresses for each subinterface on each router to be a part of the same subnet.
• Point-to-point configurations do not require IP addresses on each subinterface on each router.
• Multipoint configurations do not require IP addresses on each subinterface on each router.

5. Which three algorithms can be used to encrypt user data in an IPSec VPN framework? (Choose three.)
• 3DES
• AES
• Diffie-Hellman
• DES
• ESP
• SHA

Frame Relay - Introduction

Introduction

Frame Relay is a high-performance WAN protocol that operates at the physical and data link layers of the OSI reference model. Frame Relay originally was designed for use across Integrated Services Digital Network (ISDN) interfaces. Today, it is used over a variety of other network interfaces as well. This chapter focuses on Frame Relay's specifications and applications in the context of WAN services.

Frame Relay is an example of a packet-switched technology. Packet-switched networks enable end stations to dynamically share the network medium and the available bandwidth. The following two techniques are used in packet-switching technology:

•Variable-length packets

•Statistical multiplexing

Variable-length packets are used for more efficient and flexible data transfers. These packets are switched between the various segments in the network until the destination is reached.

Statistical multiplexing techniques control network access in a packet-switched network. The advantage of this technique is that it accommodates more flexibility and more efficient use of bandwidth. Most of today's popular LANs, such as Ethernet and Token Ring, are packet-switched networks.

Frame Relay often is described as a streamlined version of X.25, offering fewer of the robust capabilities, such as windowing and retransmission of last data that are offered in X.25. This is because Frame Relay typically operates over WAN facilities that offer more reliable connection services and a higher degree of reliability than the facilities available during the late 1970s and early 1980s that served as the common platforms for X.25 WANs. As mentioned earlier, Frame Relay is strictly a Layer 2 protocol suite, whereas X.25 provides services at Layer 3 (the network layer) as well. This enables Frame Relay to offer higher performance and greater transmission efficiency than X.25, and makes Frame Relay suitable for current WAN applications, such as LAN interconnection.

Switching - Problems that Occur in Redundant Switched Topologies

Issues in Switching

Although switches are said to be ?intelligent? they are not without their problems:

Broadcast Storms

When a unicast packets with an unknown destination MAC gets flooded to all ports AND two switches are connected with two links (for redundancy), for example:

This can cause frames to loop around, because each switch will flood the packet back out the opposite port back to where it came from.

This is not good because Ethernet frames do not contain a TTL (Time To Live) field, the frames would therefore build up and go round and round forever. As the looping frames build up the performance of the switch will decrease and eventually result in a crash, typical behavior will be as follows:

The switch will work but will degrade in performance until it eventually gets too much and the switch crashes, it will then reboot and performance will be OK for a while until it starts to degrade and crash again.

• Because of these same loops as discussed above multiple copies of the same frame may be delivered to a destination.

• The MAC address table could get confused when multiple copies of the same frame are received on different ports. Frame forwarding could get impaired and CPU resources tied up in constantly updating the CAM table.

Switching - Introducing Spanning Tree Protocol (STP)

A loop avoidance mechanism called STP has been developed to alleviate the 3 issues above.

There are two varieties of Spanning Tree Protcol, STP (802.1d) and RSTP ('Rapid' 802.1w) both work in a similar way.

A Spanning Tree Algorithm examines the switched network, and, through a series of decisions (discussed below) places each port in the loop into either Forwarding or Blocking state, therefore breaking the loop.

Types of port in STP:

1. Designated Port (DP) Closest to Root i.e. All Ports on the Root Switch.
2. Route Port (RP) One Per Switch.
3. Blocking Port.

The process the switches go through to decide which port they place in blocking or forwarding state is governed by the position of a 'Root Switch' (also known as 'Root Bridge'):

• To decide which switch is the root switch, each switch begins by claiming to be the Root Switch they all send out an STP messages called BPDU's (Bridge Protocol Data Unit). A fight-off happens to determine the final root based on a unique BID (Bridge Identifier) contained within the BPDU, the BID is made up of two components; a priority value and the switch MAC address. By default each switch begins off with a priority of 32,768. The switch with the lowest BID wins the honor of being the Root Bridge.
• All ports on the root switch are placed into forwarding state. These ports are known as 'Designated Ports' (DP). You can NOT have a Root Port or Blocking Port on the root switch.

• All the remaining non-root switches determine which port is closest to the root switch and places the port with the least cost (based on hops and/or bandwidth) into forwarding state. These are known as 'Root Ports' (RP).
• There can only ever be one RP per segment, and so if there are more than one paths with the same cost the decision is made based on the BID of the neighboring switches, the port connecting to the switch with the lowest BID becomes a RP.
• All ports are placed in blocking state and the loops stopped.

Once the switches have all assigned ports then the switched network is said to be "Converged".

As discussed above the BID is made up of:

• A Priority Value
• MAC Address

The Priority Value of the BID can be manually changed by an administrator, this is useful of you want to force a switch in the middle of a network to be a Root Switch.

note: If a newer switch is plugged into a working network of a different manufacturer it may disrupt the network if manual BID priorities are not set. A Cisco Switch (MAC Vendor ID 00000C) will win over a 3COM switch (MAC Vendor ID 001AFC) because Cisco equipment has a lower MAC address.

STP is switched on in all Cisco switches by default, if you have no loops for example:

You could switch STP off on all the switches, but this is not advisable, as all it would take is someone to plug a cable in the wrong port to cause a loop.

note: If two links between two switches, the decision of which port to block can no longer be based on the BID because they would be the same for both links, the selection is therefore made on the lowest port number.

During the STP selection process ports can be in one of the following statuses:

• Disabled
• Blocked
• Listening *
• Learning *
• Forwarding

* Ports in Listening & Learning state can take upto 30 seconds, during which no traffic will pass through the port. This may disrupt services such as DHCP and Network Neighborhood. Switching on 'portfast' by using the "spanning-tree portfast" command will skip the Listening and Learning stage. Do not set portfast on inter switch ports or branch ports, however you could set portfast on a leaf port (ports connected to hosts).

Switching - Configuring a Catalyst Switch

Port Security

You can use the port security feature of Cisco switches to restrict limited MAC addresses to be able to use a port. This is useful for security purposes. To configure port security use the ?switchport port-security? interface command where you can enter a specific MAC address or set it to learn the first MAC address and only allow access from that MAC.

Switch Port Modes

	Trunk	Access	Dynamic Desirable	Dynamic Auto
Trunk	Trunk	N/A	Trunk	Trunk
Access	N/A	Access	Access	Auto
Dynamic Desirable	Trunk	Access	Trunk	Trunk
Dynamic Auto	Trunk	Access	Trunk	Auto

note: Full Duplex = No Collisions, used when Point to Point e.g Switch to Switch or Switch to Router.

Switching - Switched Networks with Virtual LAN?s

VLAN's (Virtual Local Area Networks) are a way to structure a network logically; put simply a VLAN is a collection of nodes which are grouped together in a single broadcast domain (address range) that is based on something other than physical location. If a host in a particular VLAN sends a message to a switch it will only forward the message to hosts within the same VLAN.

Another way to think of VLAN's is to think that when you split a switch into 2 VLAN's and assign half the ports to VLAN 1 and the other half to VLAN 2, this is the same as if it was two totally separate unlinked switches.

• A switches internal TCP/IP software resides in VLAN 1
• By default all ports belong to VLAN 1
• Different VLAN's would also be different broadcast domains

VLAN Trunking

If you have two switches with VLAN's configured on both you could link the VLANs on individually but this means you need lots of cables and take up lots of switch ports:

or You could use 1 cable and one port on each switch to be a 'Trunk' which carries information from multiple VLAN's:

There are 3 Trunking protocols:

1. Cisco ISL (Inter Switch Link)
2. 802.1q (aka dot1q)
3. 802.1p (newer prioritized ? for voice, not widespread)

There is not much difference between the way ISL and dot1q work.

• ISL tags traffic in VLAN's by encapsulating the Ethernet frames with a 26-byte Header and 4 Byte CRC footer, the 26-byte header contains a 15-bit VLAN ID, only the lower 10-bits are used for 1,024 VLANs.
• dot1q tags traffic by inserting a tag in the middle of the Ethernet frame in between the Source and Length fields. The dot1q VLAN ID is 12-bits and can have 4,096 VLAN's.

VLAN's ? VTP (VLAN Trunking Protocol)

Where you have multiple switches linked with trunks it is important you ensure VLAN consistency across all the switches. You need to make sure each VLAN exists on each switch.

In the diagram above the two computers will not be able to talk because the VLAN does not exist on the middle switch.

Cisco have come up with VTP (VLAN Trunking Protocol) which automatically distributes VLAN's across switches

* VTP does not assign ports *

* VTP only works down trunk ports (ISL or 802.1q)

There are 3 modes to VTP

- Server ? Add any VLAN on any switch, forwards VTP messages

- Transparent ? Act as though cant hear VTP messages, cant send VTP messages

- Client ? Read Only, Forwards VTP messages

VTP servers create, modify and delete VLAN's and other configuration parameters fot the entire VTP domain; this information, in turn, is propagated to the VTP clients in the same domain.

VTP Clients can not creat, change or delete VLAN's. They can only receive them from a server.

VTP Transparent can create, delete and modify its own VLAN's only and does not transmit them or receive transmissions.

VLAN's ? Communicating Between VLAN's

To communicate between VLAN's you need a router:

You can buy a Layer 3 switch, which has a router built into it.