Here you will find answers to ICND 2 – Operation Questions
Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch.
2950Switch(config-if)#switchport port-security mac-address sticky
2950Switch(config-if)#switchport port-security maximum 1
The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two)
A – The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
B – Only host A will be allowed to transmit frames on fa0/1.
C – This frame will be discarded when it is received by 2950Switch.
D – All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.
E – Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.
F – Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.
Answer: B D
The first command 2950Switch(config-if)#switchport port-security is to enable the port-security in a switch port.
In the second command 2950Switch(config-if)#switchport port-security mac-address sticky, we need to know the full syntax of this command is switchport port-security mac-address sticky [MAC]. The STICKY keyword is used to make the MAC address appear in the running configuration and you can save it for later use. If you do not specify any MAC addresses after the STICKY keyword, the switch will dynamically learn the attached MAC Address and place it into your running-configuration. In this case, the switch will dynamically learn the MAC address 0000.00aa.aaaa of host A and add this MAC address to the running configuration.
In the last command 2950Switch(config-if)#switchport port-security maximum 1 you limited the number of secure MAC addresses to one and dynamically assigned it (because no MAC address is mentioned, the switch will get the MAC address of the attached MAC address to interface fa0/1), the workstation attached to that port is assured the full bandwidth of the port.Therefore only host A will be allowed to transmit frames on fa0/1 -> B is correct.
After you have set the maximum number of secure MAC addresses for interface fa0/1, the secure addresses are included in the “Secure MAC Address” table (this table is similar to the Mac Address Table but you can only view it with the show port-security address command). So in this question, although you don’t see the MAC address of host A listed in the MAC Address Table but frames with a destination of 0000.00aa.aaaa will be forwarded out of fa0/1 interface -> D is correct.
A network administrator must configure 200 switch ports to accept traffic from only the currently attached host devices. What would be the most efficient way to configure MAC-level security on all these ports?
A – Visually verify the MAC addresses and then telnet to the switches to enter the switchport-port security mac-address command.
B – Have end users e-mail their MAC addresses. Telnet to the switch to enter the switchport-port security mac-address command.
C – Use the switchport port-security MAC address sticky command on all the switch ports that have end devices connected to them.
D – Use show mac-address-table to determine the addresses that are associated with each port and then enter the commands on each switch for MAC address port-security.
(Please read the explanation of question 1 to understand the use of the “switchport port-security MAC address sticky”)
A and C can be used, but instead of writing all the MAC addresses of the devices associated with each port, we can ask the switch to learn all the MAC addresses of the associated devices automatically by the “switchport port-security mac-address sticky” command which will save much work for the administrator.
Refer to the exhibit. What can he concluded from the output of the debug command?
A – The output represents normal OSPF operation.
B – The interfaces of two OSPF routers connected to the Border router are in the same subnet.
C – The OSPF router connected to interface Serial0/1 has NOT formed a neighbor relationship with the Border router.
D – A router is connected to interface Serial0/3 of the Border router. The OSPF router ID of the connected router is the IP address of the connected interface.
Refer to the exhibit. What does STATUS=ACTIVE refer to in the output of the show frame-relay pvc command?
A – The PVC is experiencing congestion.
B – The Frame Relay switch is correctly programmed with the DLCI and is operational.
C – The router is actively broadcasting to establish a link to the Frame Relay switch.
D – The router is connected to the local Frame Relay switch, but not to the far end device.
Refer to the graphic. Users on the Holyoke router are unable to access the intranet server attached to interface E0 of the Chicopee router. Inspection of the routing table of the Holyoke router shows that an entry for the Chicopee E0 network is missing. Which command will configure the Holyoke router with a path to the intranet server network?
A – Holyoke(config)# ip host Chicopee 188.8.131.52
B – Holyoke(config)# ip host Chicopee 184.108.40.206 255.255.255.0
C – Holyoke(config)# ip network 220.127.116.11
D – Holyoke(config)# ip network 18.104.22.168 255.255.255.0
E – Holyoke(config)# ip route 22.214.171.124 255.255.255.0 126.96.36.199
F – Holyoke(config)# ip route 188.8.131.52 255.255.255.0 184.108.40.206
Users have been complaining that their Frame Relay connection to the corporate site is very slow. The network administrator suspects that the link is overloaded. Based on the partial output of the Router#show frame relay pvc command shown in the graphic, which output value indicates to the local router that traffic sent to the corporate site is experiencing congestion?
A.DLCI = 100
B.last time PVC status changed 00:25:40
C.in BECN packets 192
D.in FECN packets 147
E.in DE packets 0
If one of the intermediate Frame Relay switches encounters congestion, it will set the BECN (Backward Error Congestion Notification) bit on packets being returned to the sending device and the FECN (Forward Error Congestion Notification) bit on the packets being sent to the receiving device.
A FECN tells the receiving device that the path is congested so that the upper layer protocols should expect some delay. The BECN tells the transmitting device that the Frame Relay network is congested and that it should “back off” to allow better throughput.
The DE (Discard Eligibility) bit is used to identify less important traffic that can be dropped during periods of congestion. DCE devices will discard frames with the DE bit set before discarding those that do not.
Refer to the exhibit. Which of these statements correctly describes the state of the switch once the boot process has been completed?
A. As FastEthernet0/12 will be the last to come up, it will be blocked by STP.
B. Remote access management of this switch will not be possible without configuration change.
C. More VLANs will need to be created for this switch.
D.The switch will need a different IOS code in order to support VLANs and STP.
We don’t know the network topology so A is not correct.
A switch can operate without VLANs -> C is not correct.
This switch IOS supports VLAN because we can see VLAN 1 in the exhibit -> D is not correct.
In this case, VLAN 1 has been shutdown so we can’t remote access to this switch -> B is correct.