Chapter 5: Switch Configuration Quiz

Questions and Answers

What is the first step to take when a port enters an error disabled state due to a security violation?

Investigate the security threat

Clear the MAC address table

Re-enable the port immediately

Shut down the port (correct)

Which command sequence is required to re-enable a port after a security violation?

shutdown, no shutdown (correct)

no shutdown, shutdown

disable, enable

enable, disable

Which verification method should be used to check the status of port security on a switch?

show port-security (correct)

show ip interfaces

show interfaces status

show mac-address

Which mode will a switch port enter when a security violation occurs, and the policy is set to shutdown?

Error Disabled Mode

In configuring access mode settings, which command should be applied to ensure a port is operating in access mode?

Switchport access vlan [vlan-id]

What is the main advantage of using SSH over Telnet for switch configuration?

SSH provides an encrypted management connection.

Which command should be used to check if a switch has the necessary IOS version for SSH configuration?

show version

Which term refers to the feature that restricts network access by limiting the MAC addresses that can connect to specific switch ports?

Port Security

In the context of port security, what does the term 'sticky MAC address' refer to?

A learned MAC address that is retained across reboots.

What is one common violation mode for port security that places the port in an unauthorized state?

Shutdown

Which of the following configurations should be performed to set a switch port to access mode?

switchport mode access

What is a primary consideration when configuring port security on a switch?

Defining the number of secure MAC addresses allowed.

Which of the following statements accurately describes a dynamic MAC address?

It is learned and can change based on network activity.

What happens to sticky secure MAC addresses if sticky learning is disabled?

They become dynamic secure addresses and are removed from the running-config.

Which command is used to configure sticky secure MAC addresses on a switch port?

switchport port-security mac-address sticky

Which violation mode allows for traffic from unknown MAC addresses to be dropped without issuing a notification?

Protect

What is the default violation mode for port security on a switch interface?

Shutdown

Which command must be executed on a switch interface before enabling port security features?

switchport port-security

How does a switch handle dynamic secure MAC addresses after a restart?

They are removed from the configuration.

In the restrict mode, what happens when a MAC address is found to be unknown?

Data is dropped and a notification is issued.

Which mode must the port be in before configuring port-security features?

Access mode

Study Notes

Chapter 5: Switch Configuration

• This chapter covers switch configuration and security, focusing on CCNA Routing and Switching Essentials v6.0
• Basic Switch Configuration
  • Configure basic switch settings to match network needs
  • Configure initial settings on a Cisco switch
  • Configure switch ports to match network needs
• Basic Device Configuration
  • Configure a switch using security best practices for small to medium-sized businesses
  • Configure the management virtual interface on a switch
  • Configure the Port Security feature to restrict network access
• Switch Security
  • Secure Shell (SSH) is an alternative to Telnet for secure remote access
  • SSH encrypts data transmission (username/password and data) for enhanced security
  • A switch must have a compatible IOS version (IOS version with a "k9" at the end is required for SSH support)
  • Use the show version command to check the IOS version
• Secure Remote Access
  • Verify SSH support
  • Configure the IP domain name
  • Generate RSA key pairs
  • Configure user authentication
  • Configure vty lines
  • Enable SSH version 2
• Verifying SSH
  • Connect to the switch using PuTTY SSH Client
  • Configure PuTTY for SSH connections (switch IP address, port 22, username, password)
  • Verify SSH status and settings using the show ip ssh and show ssh commands
• Packet Tracer - Configuring SSH
  • Topology
  • Addressing Table (Devices, Interfaces, IP Addresses, Subnet Masks)
• MAC Address Flooding
  • Attackers flood a CAM table with bogus MAC addresses to overwhelm the switch
  • This causes the switch to act like a hub (broadcasting frames to all ports)
  • This strategy impacts performance and security
• Switch Port Security: Operation
  • Port security limits the number of valid MAC addresses permitted on a port
  • Allows only known devices
  • Additional attempts from unknown MAC addresses are denied via a security violation
  • Security violations can be configured in different ways: Static, Dynamic, and Sticky.
  • Static = manually configure MAC addresses
  • Dynamic = learns MAC and removes it upon re-start
  • Sticky = dynamically learns and adds to the running configuration (can be saved after the initial configuration).
• Port Security: Violation Modes
  • Protect: Unknown source MAC addresses are dropped, no notification
  • Restrict: Unknown source MAC addresses are dropped, a notification is displayed.
  • Shutdown: (default mode) Interface is disabled and the port light turns off.
• Switch Port Security: Configuring
  • Place the port in access mode
  • Use the switchport port-security interface configuration command to enable port security on an interface
  • Configure Dynamic Port Security
  • Configure Sticky Port Security
• Switch Port Security: Verifying
  • Verify maximum number of MAC addresses permitted via the show port-security interface command
  • Analyze how many MACs were learned dynamically (using sticky)
• Ports in Error Disabled State
  • Switch console displays messages when a port security violation occurs, causing the link status to change to down
• Troubleshooting Switch Port Security
  • Follow the given scenarios to troubleshoot switch port security issues
• Configuring Switch Security Features
  • Topology
  • Addressing Table (Devices, Interfaces, IP Addresses, Subnet Masks)
  • Objectives - Setting up the Topology, Initializing Devices, SSH Access, and security Features
• Chapter Summary

Description

Test your knowledge on switch configuration and security as outlined in Chapter 5 of CCNA Routing and Switching Essentials v6.0. This quiz covers basic switch settings, device configuration, and security practices including SSH implementation for secure remote access. Enhance your understanding of network configuration and security measures required for effective network management.