Tag - switches

Why we use Trunk Port
How many VLAN Create on Router
CCNA Switching Dumps
CCNA Switching Question
Interview Question of CCNA Part 2

Why we use Trunk Port

Question : We can connect two switches via Ethernet cable why we use trunk port between switches ?


Trunk links are required to pass VLAN information between switches. A port on a Cisco switch is either an access port or a trunk port. Access ports belong to a single VLAN and do not provide any identifying marks on the frames that are passed between switches. Access ports also carry traffic that comes from only the VLAN assigned to the port. A trunk port is by default a member of all the VLANs that exist on the switch and carry traffic for all those VLANs between the switches. To distinguish between the traffic flows, a trunk port must mark the frames with special tags as they pass between the switches. Trunking is a function that must be enabled on both sides of a link. If two switches are connected together, for example, both switch ports must be configured for trunking, and they must both be configured with the same tagging mechanism (ISL or 802.1Q).


How many VLAN Create on Router

Ans : Vlan create on Switches not router :p

All the following information is taken from the data sheets for these devices, on the Cisco website.

  • The Cisco Catalyst 3550 switches support up to 1,005 VLANs.
  • The Cisco Cataylst 3750 switches support up to 1,005 VLANs per stack.

Both support up to 4000 VLAN IDs, but only 1,005 VLANs configured on these (some VLAN IDs will come from other switches). Unless you are a service provider, you will never configure anything like these numbers.

Please also note that the 3550 is now end-of-life, you should look at the 3560 switches instead.



CCNA Switching Dumps

Question 1

Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch.

2950Switch(config-if)#switchport port-security
2950Switch(config-if)#switchport port-security mac-address sticky
2950Switch(config-if)#switchport port-security maximum 1

The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two)












A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
B. Only host A will be allowed to transmit frames on fa0/1.
C. This frame will be discarded when it is received by 2950Switch.
D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.
E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.
F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.

Answer: B D


Please read the explanation at http://www.9tut.net/icnd2/icnd2-operations

Question 2

Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU?

A. BackboneFast
B. UplinkFast
C. Root Guard
D. BPDU Guard
E. BPDU Filter


Answer: D


We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports.

With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop -> D is correct.

Question 3

Why will a switch never learn a broadcast address?

A. Broadcast frames are never sent to switches.
B. Broadcast addresses use an incorrect format for the switching table.
C. A broadcast address will never be the source address of a frame.
D. Broadcasts only use network layer addressing.
E. A broadcast frame is never forwarded by a switch.


Answer: C

Question 4

Which three statements accurately describe layer 2 Ethernet switches? (choose three)

A. Microsegmentation decreases the number of collisions on the network.
B. If a switch receives a frame for an unknown destination.it uses ARP to resolve the address.
C. Spanning Tree Protocol allows switches to automatically share vlan information.
D. In a property functioning network with redundant switched paths, each switched segment will contain one root bridge with all its ports in the forwarding state. All other switches in that broadcast domain will have only one root port.
E. Establishing vlans increases the number of broadcast domains.
F. Switches that are configured with vlans make forwarding decisions based on both layer 2 and layer 3 address information.


Answer: A D E

Question 5

Switch ports operating in which two roles will forward traffic according to the IEEE 802.1w standard? (Choose two)

A. alternate
B. backup
C. designated
D. disabled
E. root


Answer: C E


IEEE 802.1w is the standard of Rapid Spanning Tree Protocol (RSTP). There are 5 port roles in this standard: Root port, Designated port, Alternative port, Backup port and Disabled port. In these 5 port roles, only Root port and Designated port can forward traffic.

Question 6

Select the action that results from executing these commands:

Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky

A. A dynamically learned MAC address is saved in the startup-configuration file.
B. A dynamically learned MAC address is saved in the running-configuration file.
C. A dynamically learned MAC address is saved in the VLAN database.
D. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.
E. Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.


Answer: B


The full syntax of the second command is:

switchport port-security mac-address sticky [MAC]

If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration -> B is correct.

Question 7

What is valid reason for a switch to deny port access to new devices when port security is enabled?

A. The denied MAC addresses have already been learned or configured on another secure interface in the same VLAN.
B. The denied MAC address are statically configured on the port.
C. The minimum MAC threshold has been reached.
D. The absolute aging times for the denied MAC addresses have expired.


Answer: A


A security violation occurs in either of these situations:

* When the maximum number of secure MAC addresses is reached on a secure port and the source MAC address of the ingress traffic is different from any of the identified secure MAC addresses, port security applies the configured violation mode.

* If traffic with a secure MAC address that is configured or learned on one secure port attempts to access another secure port in the same VLAN, applies the configured violation mode.

From the second statement we can figure out A is the correct answer. But for your information we will discuss other answers as well.

Answer B is not correct because we can’t configured which MAC address will be denied. We can only configure which MAC is allowed.

We can only configure the maximum MAC threshold, not the minimum threshold -> C is not correct.

The aging times are only configured for allowed MAC addresses, not for denied MAC -> D is correct.

For your information about aging time:

When the aging type is configured with the absolute keyword, all the dynamically learned secure addresses age out when the aging time expires

This is how to configure the secure MAC address aging type on the port:

Router(config-if)# switchport port-security aging type absolute

and configure the aging time (aging time = 120 minutes)

Router(config-if)# switchport port-security aging time 120

When this command is used, all the dynamically learned secure addresses age out when the aging time expires

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html)


CCNA Switching Question

Question 1

Which of the following are true regarding bridges and switches? (Choose two)

A. Bridges are faster than switches because they have fewer ports.
B. A switch is a multiport bridge.
C. Bridges and switches learn MAC addresses by examining the source MAC address of each frame received.
D. A bridge will forward a broadcast but a switch will not.
E. Bridges and switches increase the size of a collision domain.


Answer: B C

Question 2

Which two commands correctly verily whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two)

A. SW1# show switchport port-security interface FastEthernet 0/12
B. SW1# show switchport port-secure interface FastEthernet 0/12
C. SW1# show port-security interface FastEthernet 0/12
D. SW1# show running-config


Answer: C D

Question 3

Assuming the default switch configuration which vlan range can be added modified and removed on a Cisco switch?

A. 2 through 1001
B. 1 through 1001
C. 1 through 1002
D. 2 through 1005


Answer: A

Question 4

Which set of commands is recommended to prevent the use of a hub in the access layer?

switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security maximum 1

switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security mac-address 1

switch(config-if)#switchport mode access
switch(config-if)#switchport port-security maximum 1

switch(config-if)#switchport mode access
switch(config-if)#switchport port-security mac-address 1


Answer: C


Port security is only used on access port (which connects to hosts) so we need to set that port to “access” mode, then we need to specify the maximum number of hosts which are allowed to connect to this port -> C is correct.

Note: If we want to allow a fixed MAC address to connect, use the “switchport port-security mac-address <MAC address>” command.

Question 5

A Catalyst 2950 needs to be reconfigured. What steps will ensure that the old configuration is erased? (Choose three)

A. Erase flash.
B. Restart the switch.
C. Delete the VLAN database.
D. Erase the running configuration.
E. Erase the startup configuration.
F. Modify the configuration register.


Answer: B C E

Question 6

The network administrator has discovered that the power supply has failed on a switch in the company LAN and that the switch has stopped functioning. It has been replaced with a Cisco Catalyst 2950 series switch. What must be done to ensure that this new switch becomes the root bridge on the network?

A. Lower the bridge priority number.
B. Change the MAC address of the switch.
C. Increase the VTP revision number for the domain.
D. Lower the root path cost on the switch ports.
E. Assign the switch an IP address with the lowest value.


Answer: A

Question 7

Which two of these are characteristics of the 802.1Q protocol? (Choose two)

A. It is a layer 2 messaging protocol which maintains vlan configurations across network.
B. It includes an 8-bit field which specifies the priority of a frame.
C. It is used exclusively for tagging vlan frames and dose not address network reconvergence following switched network topology changes.
D. It modifies the 802.3 frame header and thus requires that the FCS be recomputed.
E. It is a trunking protocol capable of earring untagged frames.


Answer: D E


IEEE 802.1Q is the networking standard that supports Virtual LANs (VLANs) on an Ethernet network. It is a protocol that allows VLANs to communicate with one another using a router. 802.1Q trunks support tagged and untagged frames.

If a switch receives untagged frames on a trunk port, it believes that frame is a part of the native VLAN. Also, frames from a native VLAN are not tagged when exiting the switch via a trunk port.

The 802.1q frame format is same as 802.3. The only change is the addition of 4 bytes fields. That additional header includes a field with which to identify the VLAN number. Because inserting this header changes the frame, 802.1Q encapsulation forces a recalculation of the original FCS field in the Ethernet trailer.

Note: Frame Check Sequence (FCS) is a four-octet field used to verify that the frame was received without loss or error. FCS is based on the contents of the entire frame.

Question 8

What are two advantages of Layer 2 Ethernet switches over hubs? (Choose two)

A. decreasing the number of collision domains
B. filtering frames based on MAC addresses
C. allowing simultaneous frame transmissions
D. increasing the size of broadcast domains
E. increasing the maximum length of UTP cabling between devices


Answer: B C


Hub is considered a layer 1 device. When a packet arrives at one port, it is copied to the other ports without checking the content of that packet.

Switch operates at layer 2. When a packet arrives at one port, it checks in its database (based on MAC address) to see which port it should forward that packet out -> B is correct.

Remember that hubs can only communicate in half duplex mode, which means that a computer can only send data when it is not receiving. Switches can run in full duplex mode, which allows data to be sent and received at the same time. Switches effectively double the speed of the network when compared to hubs -> C is correct.

Switch increases the number of collision domains (which is better) -> A is not correct.

Switch does not have any effect on the size of broadcast domains. When using switch, the size of broadcast domains remain the same -> D is not correct.

Both hub and switch increase the maximum length of UTP cabling between devices so it is not an advantage of switch over hub -> E is not correct.

Question 9

Which command will show the MAC addresses of stations connected to switch ports?

A. show mac-address
B. show arp
C. show table
D. show switchport


Answer: B


There is no “show mac-address” command. But notice the “show mac-address-table” and “show mac address-table” do exist.

If option A is “show mac-address-table” then both A & B are correct!

Interview Question of CCNA Part 2

11- What is the difference between bus topology and HUB?

Hub is Centralized device ( series ) .Bus topology is Decentralized device (in parallel)

12- Is hub intelligent device?
No; because it not use header

12- Which protocol switch use for filling its MAC-Table ?
ARP – Address Resolution Protocol

13- What is CAM ?
Content Address Memory. its another name of MAC address table.

14- Which type for communication switch do?
In case of any new event switch do broadcast, after that always do Unicast.

15- If line down and protocol also down; in this case which layer move problem?
Physical Layer – Layer 1

16 – If line up, but protocol down which layer should be troubleshot?
Data link problem – Layer 2

17-On which base switches take decisions?
Mac Address

18- How ARP brings MAC address for switch?
Through Broadcast

19- How many collision domains are in switch?
Equal number of ports

20- How many broadcast domains are in Switch ?

CCNA Interview Question Part 1

CCNA Interview Question Part 2

CCNA Interview Question Part 3

CCNA Interview Question Part 4

CCNA Interview Question Part 5

CCNA Interview Question Part 6

CCNA Interview Question Part 7

CCNA Interview Question Part 8

CCNA Interview Question Part 9

CCNA Interview Question Part 10

CCNA Interview Question Part 11

CCNA Interview Question Part 12

CCNA Interview Question Part 13

CCNA Interview Question Part 14

Copyright © 2024. Created by IT Learning. Powered by DumpsForAll | Terms of Use | Privacy Policy