Switch Port LED States

Questions and Answers

What happens if the BOOT environment variable is not set?

The switch loads the last executable file in the flash file system.

The switch boots from the ROM monitor.

The switch performs a top-to-bottom search through the flash file system. (correct)

The switch performs a bottom-to-top search through the flash file system.

What is the purpose of the boot loader in managing the switch?

To configure the switch interfaces.

To manage the switch if the IOS cannot be loaded. (correct)

To update the flash file system.

To load the IOS software.

How can the boot loader be accessed through a console connection?

By connecting a console cable and configuring terminal emulation software. (correct)

By unplugging the switch power cord and then reconnecting it.

By using the boot system command.

By pressing the Mode button while the switch is booting.

What is the function of the Mode button on Cisco Catalyst switches?

To access the boot loader.

What is the purpose of the System LED on Cisco Catalyst switches?

To indicate the switch is booting.

What is the default behavior of the port status LED indicators on Cisco Catalyst switches?

They reflect port activity.

What is the purpose of the boot system command?

To set the BOOT environment variable.

What happens when the Mode button is pressed and held down while the System LED is still flashing green?

The switch accesses the boot loader.

What does an amber LED indicate on a port?

The port is blocked to ensure no loop exists in the forwarding domain

What is indicated by a blinking amber LED on a port?

The port is blocked to prevent a possible loop in the forwarding domain

What does a green Port Duplex LED indicate?

The port is in full-duplex mode

What does an off Port Speed LED indicate?

The port is operating at 10 Mb/s

What does a blinking green Port Speed LED indicate?

The port is operating at 1000 Mb/s

What does an off Mode LED indicate for PoE?

The PoE mode is not selected and none of the ports have been denied power

What does a blinking amber Mode LED indicate for PoE?

At least one of the ports has been denied power, or has a PoE fault

What does a green Mode LED indicate for PoE?

The PoE mode is selected and the port LEDs will display colors with different meanings

What is a common solution to address vulnerabilities in the Telnet service?

Including security patches in newer Cisco IOS revisions

What is the purpose of developing a written security policy for an organization?

To provide a framework for security best practices

What is a benefit of using network security tools?

To assess the strength of security measures

What is the purpose of performing backup operations on a regular basis?

To ensure data recovery in case of a failure

What is a type of attack that can be launched against a network using network security tools?

MAC flooding

What is the purpose of using HTTPS instead of HTTP?

To ensure secure communication

What is a function of network security tools?

To perform security auditing and penetration testing

What can be used to determine which switch ports are vulnerable to MAC flooding?

Network security tools

What does the System LED on a Cisco Catalyst 2960 switch indicate?

Whether the system is receiving power and functioning properly

What does a blinking green System LED on a Cisco Catalyst 2960 switch indicate?

There is no option for a blinking green System LED

What does an amber RPS LED on a Cisco Catalyst 2960 switch indicate?

The RPS is in standby mode or in a fault condition

What does a green Port Status LED on a Cisco Catalyst 2960 switch indicate?

A link is present

What does a blinking amber RPS LED on a Cisco Catalyst 2960 switch indicate?

The internal power supply in the switch has failed, and the RPS is providing power

What is the default mode of the Port Status LED on a Cisco Catalyst 2960 switch?

Port status mode

What does an alternating green-amber Port Status LED on a Cisco Catalyst 2960 switch indicate?

There is a link fault

What does a green RPS LED on a Cisco Catalyst 2960 switch indicate?

The RPS is connected and ready to provide backup power

What is the primary goal of a penetration test?

To identify vulnerabilities in a network

What is the ideal setup for a penetration test?

An offline test bed network

What is the primary benefit of disabling unused ports?

Improved network security

What is the purpose of DHCP Snooping?

To specify which switch ports can respond to DHCP requests

What is the primary function of Port Security?

To allow only valid MAC addresses on a port

How can secure MAC addresses be configured in Port Security?

Through static, dynamic, or sticky secure MAC addresses

What happens when an unknown MAC address attempts to connect to a port with Port Security enabled?

A security violation is generated

What is the primary advantage of using an offline test bed network for penetration testing?

It reduces the risk of damaging the actual production network

Study Notes

Basic Switch Configuration

• If the BOOT environment variable is not set, the switch performs a top-to-bottom search through the flash file system and loads the first executable file.
• The IOS software initializes the interfaces using Cisco IOS commands found in the configuration file and startup configuration, which is stored in NVRAM.
• The boot system command can be used to set the BOOT environment variable.

Recovering from a System Crash

• The boot loader can be used to manage the switch if the IOS cannot be loaded.
• The boot loader can be accessed through a console connection by connecting a console cable from the PC to the switch console port and configuring terminal emulation software.
• To access the boot loader, unplug the switch power cord, reconnect the power cord, and within 15 seconds press and hold down the Mode button while the System LED is still flashing green.
• The boot loader switch: prompt appears in the terminal emulation software on the PC.

Switch LED Indicators

• Each port on Cisco Catalyst switches has a status LED indicator light.
• The System LED shows whether the system is receiving power and is functioning properly.
• The RPS (Redundant Power Supply) LED shows the RPS status.
• Port status LED indicates the port status mode, and can indicate a link, activity, or a fault.
• Port duplex LED indicates the port duplex mode, and can indicate half-duplex or full-duplex mode.
• Port speed LED indicates the port speed mode, and can indicate 10 Mb/s, 100 Mb/s, or 1000 Mb/s.
• Power over Ethernet (PoE) LED indicates the PoE mode.

Security Best Practices

• 10 security best practices include developing a written security policy, shutting down unused services and ports, using strong passwords, controlling physical access to devices, using HTTPS instead of HTTP, performing backup operations regularly, educating employees about social engineering attacks, encrypting and password-protecting sensitive data, implementing firewalls, and keeping software up-to-date.

Network Security Tools

• Network security tools allow administrators to test the strength of security measures and launch attacks against the network to analyze results and adjust security policies.
• Security auditing and penetration testing are two basic functions of network security tools.

Network Security Tools: Audits

• Network security tools can be used to audit the network and assess what type of information an attacker would be able to gather.
• Penetration testing is a simulated attack that helps determine how vulnerable the network is to a real attack.
• Weaknesses within the configuration of networking devices can be identified based on penetration test results.
• Changes can be made to make the devices more resilient to attacks.

Switch Port Security

• Disabling unused ports is a simple, yet efficient security guideline.
• DHCP Snooping specifies which switch ports can respond to DHCP requests.
• Port security limits the number of valid MAC addresses allowed on a port, and can be configured using static, dynamic, or sticky secure MAC addresses.

Description

This quiz is about the different states of a switch port's LED, including amber and blinking amber, and what they indicate about the port's status and forwarding domain.