Chapter 5: Switch Configuration Quiz

Questions and Answers

What is the first step to take when a port enters an error disabled state due to a security violation?

Investigate the security threat

Clear the MAC address table

Re-enable the port immediately

Shut down the port (correct)

Which command sequence is required to re-enable a port after a security violation?

shutdown, no shutdown (correct)

no shutdown, shutdown

disable, enable

enable, disable

Which verification method should be used to check the status of port security on a switch?

show port-security (correct)

show ip interfaces

show interfaces status

show mac-address

Which mode will a switch port enter when a security violation occurs, and the policy is set to shutdown?

Error Disabled Mode (B)

In configuring access mode settings, which command should be applied to ensure a port is operating in access mode?

Switchport access vlan [vlan-id] (D)

What is the main advantage of using SSH over Telnet for switch configuration?

SSH provides an encrypted management connection. (D)

Which command should be used to check if a switch has the necessary IOS version for SSH configuration?

show version (C)

Which term refers to the feature that restricts network access by limiting the MAC addresses that can connect to specific switch ports?

Port Security (A)

In the context of port security, what does the term 'sticky MAC address' refer to?

A learned MAC address that is retained across reboots. (B)

What is one common violation mode for port security that places the port in an unauthorized state?

Shutdown (C)

Which of the following configurations should be performed to set a switch port to access mode?

switchport mode access (B)

What is a primary consideration when configuring port security on a switch?

Defining the number of secure MAC addresses allowed. (C)

Which of the following statements accurately describes a dynamic MAC address?

It is learned and can change based on network activity. (C)

What happens to sticky secure MAC addresses if sticky learning is disabled?

They become dynamic secure addresses and are removed from the running-config. (A)

Which command is used to configure sticky secure MAC addresses on a switch port?

switchport port-security mac-address sticky (B)

Which violation mode allows for traffic from unknown MAC addresses to be dropped without issuing a notification?

Protect (D)

What is the default violation mode for port security on a switch interface?

Shutdown (C)

Which command must be executed on a switch interface before enabling port security features?

switchport port-security (C)

How does a switch handle dynamic secure MAC addresses after a restart?

They are removed from the configuration. (D)

In the restrict mode, what happens when a MAC address is found to be unknown?

Data is dropped and a notification is issued. (C)

Which mode must the port be in before configuring port-security features?

Access mode (C)

Flashcards

Port Security

A security feature on network switches to limit the number of allowed devices on a port.

Error Disabled Port

A network port that has been disabled due to security violation, requiring manual re-enablement.

Security Violation

An event that triggers port shutdown for security reasons.

Port Status Check

Inspecting the port settings and current status to determine if security is in place.

Switch Port Security

Network port security feature on switches controlling who can connect.

Static Secure MAC Addresses

Manually configured MAC addresses for port security.

Dynamic Secure MAC Addresses

MAC addresses learned dynamically but removed during switch restarts.

Sticky Secure MAC Addresses

Dynamically learned MAC addresses added to the running configuration (potentially saved).

Port Security: Protect Mode

Drops packets from unknown source MAC addresses without notification.

Port Security: Restrict Mode

Drops packets from unknown source MAC addresses with a security notification.

Port Security: Shutdown Mode

Disables the interface, turning off the port LED.

Port Security Configuration Pre-step

Set the port to access mode before enabling port security.

Enable Port Security

Using the switchport port-security command on the interface.

What is SSH?

A secure protocol that encrypts network traffic, making it safer than Telnet for remote access.

Why is SSH More Secure?

It encrypts both the username and password, and the data transmitted, unlike Telnet which transmits this information in plain text.

What is Telnet?

A protocol used for remote access to network devices, but it's insecure because it transmits data in plain text.

How to Enable SSH on a Switch?

The switch must have an IOS version with cryptographic capabilities (ending in 'k9'). Check the IOS version using the 'show version' command.

What does 'show version' command do?

Displays information about the switch's IOS version, including its features and capabilities.

What is Cryptographic Capability?

Ability of a device to encrypt and decrypt data, essential for secure communication like SSH.

When to Use SSH?

For remote access to network devices when security is paramount, especially for sensitive data.

Why is SSH More Popular?

It provides a much safer and more secure connection compared to Telnet, protecting sensitive information from being intercepted.

Study Notes

Chapter 5: Switch Configuration

• This chapter covers switch configuration and security, focusing on CCNA Routing and Switching Essentials v6.0
• Basic Switch Configuration
  • Configure basic switch settings to match network needs
  • Configure initial settings on a Cisco switch
  • Configure switch ports to match network needs
• Basic Device Configuration
  • Configure a switch using security best practices for small to medium-sized businesses
  • Configure the management virtual interface on a switch
  • Configure the Port Security feature to restrict network access
• Switch Security
  • Secure Shell (SSH) is an alternative to Telnet for secure remote access
  • SSH encrypts data transmission (username/password and data) for enhanced security
  • A switch must have a compatible IOS version (IOS version with a "k9" at the end is required for SSH support)
  • Use the show version command to check the IOS version
• Secure Remote Access
  • Verify SSH support
  • Configure the IP domain name
  • Generate RSA key pairs
  • Configure user authentication
  • Configure vty lines
  • Enable SSH version 2
• Verifying SSH
  • Connect to the switch using PuTTY SSH Client
  • Configure PuTTY for SSH connections (switch IP address, port 22, username, password)
  • Verify SSH status and settings using the show ip ssh and show ssh commands
• Packet Tracer - Configuring SSH
  • Topology
  • Addressing Table (Devices, Interfaces, IP Addresses, Subnet Masks)
• MAC Address Flooding
  • Attackers flood a CAM table with bogus MAC addresses to overwhelm the switch
  • This causes the switch to act like a hub (broadcasting frames to all ports)
  • This strategy impacts performance and security
• Switch Port Security: Operation
  • Port security limits the number of valid MAC addresses permitted on a port
  • Allows only known devices
  • Additional attempts from unknown MAC addresses are denied via a security violation
  • Security violations can be configured in different ways: Static, Dynamic, and Sticky.
  • Static = manually configure MAC addresses
  • Dynamic = learns MAC and removes it upon re-start
  • Sticky = dynamically learns and adds to the running configuration (can be saved after the initial configuration).
• Port Security: Violation Modes
  • Protect: Unknown source MAC addresses are dropped, no notification
  • Restrict: Unknown source MAC addresses are dropped, a notification is displayed.
  • Shutdown: (default mode) Interface is disabled and the port light turns off.
• Switch Port Security: Configuring
  • Place the port in access mode
  • Use the switchport port-security interface configuration command to enable port security on an interface
  • Configure Dynamic Port Security
  • Configure Sticky Port Security
• Switch Port Security: Verifying
  • Verify maximum number of MAC addresses permitted via the show port-security interface command
  • Analyze how many MACs were learned dynamically (using sticky)
• Ports in Error Disabled State
  • Switch console displays messages when a port security violation occurs, causing the link status to change to down
• Troubleshooting Switch Port Security
  • Follow the given scenarios to troubleshoot switch port security issues
• Configuring Switch Security Features
  • Topology
  • Addressing Table (Devices, Interfaces, IP Addresses, Subnet Masks)
  • Objectives - Setting up the Topology, Initializing Devices, SSH Access, and security Features
• Chapter Summary

Description

Test your knowledge on switch configuration and security as outlined in Chapter 5 of CCNA Routing and Switching Essentials v6.0. This quiz covers basic switch settings, device configuration, and security practices including SSH implementation for secure remote access. Enhance your understanding of network configuration and security measures required for effective network management.