image

Solution of Assignment Synopsis & Project Dissertation Report


PRODUCT DETAILS

Online-Typing-and-Filling

Title Name Amity Solved Assignment MSC IT 4th Sem for LAN Switching and Wireless
University AMITY
Service Type Assignment
Course Msc-IT
Semister Semester-IV Cource: Msc-IT
Short Name or Subject Code LAN Switching & Wireless
Commerce line item Type Semester-IV Cource: Msc-IT
Product Assignment of Msc-IT Semester-IV (AMITY)

Solved Assignment


  Questions :-

                                                                                                 LAN Switching & Wireless

Assignment A

1.Describe the Hierarchical Network Model? Describe the benefits of the Hierarchical Network Model.

2. Explain the key features of switches that are used in hierarchical networks?

3. What are the benefits of VLAN? Explain different types of VLAN.

4. A point-to-point connection with different vendor routers using HDLC as the Encapsulation type cannot establish a connection. When you change the encapsulation type on both routers to PPP, the connection is established. Why did the routers establish a connection with PPP and not with HDLC?.

5. What are the downsides to password recovery?

Assignment B

Q 1  (a) Describe the benefits and purpose of VTP

(b) Explain the purpose and operation of ACLs? Explain the filtering process?

Q 2 Describe and compare the Ethernet concepts and techniques used by LAN switches.

Q3. (a) The router IOS images should be stored on a TFTP server on the network. A network TFTP server can be used to restore lost or corrupted IOS images to network devices. In your own words, answer the following questions about IOS image management. What information is required when using the copy command to upload or download a system image file?

b) What happens to a router when the IOS is deleted from flash?

Case study

Q 4         Refer to Figure 1 for all the questions in this command exercise.

Q.I Allow only Host A from the 172.16.1.0/27 subnet access to the E-Mail server. Use the last usable number in the extended list range. Host A should not have access to any of the other servers. Write all the commands

Q.II Allow only Host B access to the Internet, and deny everyone else. Use an extended named ACL to accomplish this task, and name the ACL Internet. Write all the commands

Q.III No one from the 172.16.1.0/27 subnet is allowed access to the File Server, but all other traffic should be permitted. Use an extended named ACL to accomplish this task, and name the ACL No Access. Write all the commands

Q.IV Allow only hosts on the R3 LAN to communicate with hosts on the R1 LAN. They are allowed access to the Internet, but deny them access to the servers on the R2 LAN. Use the first usable number in the extended IP range to accomplish this task. Write all the commands.

Assignment C

  1. Which layer of the hierarchical network design model is refered to as the high-speed backbone of the internetwork, where high availability and redundancy are critical?

Options

  1. access layer
  2. core layer
  3. data-link layer
  4. distribution layer

2. Which feature supports higher throughput in switched networks by combining multiple switch ports?

 Options

  1. convergence
  2. redundant links
  3. link aggregation
  4. network diamete

3. Which hierarchical design model layer controls the flow of network traffic using policies and delineates broadcast domains by performing routing functions between virtual LANs (VLANs)? 

Options​

  1. application
  2. access
  3. distribution
  4. network
  5. core 

4.What is the likely impact of moving a conventional company architecture to a completely converged network? 

 Options

  1. Local analog phone service can be completely outsourced to cost-effective providers.
  2. The Ethernet VLAN structure is less complex.
  3. A shared infrastructure is created resulting in a single network to manage.
  4. QoS issues are greatly reduced.
  5. There is less bandwidth competition between voice and video streams. 

5. Configuring communication between devices on different VLANs requires the use of which layer of the OSI model?

 Options

  1. Layer 1
  2. Layer 3
  3. Layer 4
  4. Layer 5 

 6. Which layer of the OSI model does an access layer LAN switch use to make a forwarding decision?

  1. Layer 1
  2. Layer 2
  3. Layer 3
  4. Layer 4 

7. Which hierarchical design characteristic would be recommended at both the core and distribution layers to protect the network in the case of a route failure?

 Options

  1. PoE
  2. redundancy
  3. aggregation
  4. access lists

8. At which hierarchical layer are switches normally not required to process all ports at wire speed?

 Options

  1. core layer
  2. distribution layer
  3. access layer
  4. entry layer

9.For organizations that are implementing a voice over IP solution, what functionality should be enabled at all three layers of the hierarchical network?

 Options

  1. Power over Ethernet
  2. quality of service
  3. switch port security
  4. inter-VLAN routing

10. Link aggregations should be implemented at which layer of the hierarchical network?

 Options

  1. core only
  2. distribution and core
  3. access and distribution
  4. access, distribution, and core

11.What statement best describes a modular switch?

 Options

  1. a slim-line chassis
  2. allows interconnection of switches on redundant backplane
  3. defined physical characteristics
  4. flexible characteristics

12.Which layer of the hierarchical design model provides a means of connecting devices to the network and controlling which devices are allowed to communicate on the network?

 Options

  1. application
  2. access
  3. distribution
  4. network

13. What purpose does authentication serve in a WLAN?

  1. converts clear text data before transmission
  2. indicates which channel the data should flow on
  3. determines that the correct host is utilizing the network
  4. allows the host to choose which channel to use

14. If a network administrator enters these commands on a switch, what will be the result?

Switch1(config-line)# line console 0

Switch1(config-line)# password cisco

Switch1(config-line)# login

 Options

  1. to secure the console port with the password “cisco”
  2. to deny access to the console port by specifying 0 lines are available
  3. to gain access to line configuration mode by supplying the required password
  4. to configure the privilege exec password that will be used for remote access

15. Which command line interface (CLI) mode allows users to configure switch parameters, such as the hostname and password?

  1. user EXEC mode
  2. privileged EXEC mode
  3. global configuration mode
  4. interface configuration mode

16 What happens when the transport input ssh command is entered on the switch vty lines?

 Options

  1. The SSH client on the switch is enabled.
  2. Communication between the switch and remote users is encrypted.
  3. A username/password combination is no longer needed to establish a secure remote connection to the switch.
  4. The switch requires remote connections via proprietary client software.

17 A network administrator uses the CLI to enter a command that requires several parameters. The switch responds with “% Incomplete command”. The administrator cannot remember the missing parameters. What can the administrator do to get the parameter information?

 Options

  1. append ? to the last parameter
  2. append a space and then ? to the last parameter
  3. use Ctrl-P to show a parameter list
  4. use the Tab key to show which options are available

18 When a switch receives a frame and the source MAC address is not found in the switching table, what action will be taken by the switch to process the incoming frame?

  1. The switch will request that the sending node resend the frame.
  2. The switch will issue an ARP request to confirm that the source exists.
  3. The switch will map the source MAC address to the port on which it was received.
  4. The switch ends an acknowledgement frame to the source MAC of this incoming frame

19. Which statement is true about the command banner login “Authorized personnel Only” issued on a switch?

  1. The command is entered in privileged EXEC mode.
  2. The command will cause the message Authorized personnel Only to display before a user logs in.
  3. The command will generate the error message Ambiguous command: “banner motd” ”to be displayed.
  4. The command will cause the message End with the character “%” to be displayed after thecommand is entered into the switch.

20.When a collision occurs in a network using CSMA/CD, how do hosts with data to transmit respond after the backoff period has expired?

 Options

  1. The hosts return to a listen-before-transmit mode.
  2. The hosts creating the collision have priority to send data.
  3. The hosts creating the collision retransmit the last 16 frames.
  4. The hosts extend their delay period to allow for rapid transmission.

21.Where is the startup configuration stored?

Options

  1. DRAM
  2. NVRAM
  3. ROM
  4. startup-config.text

22 Which statement is true when VTP is configured on a switched network that incorporates VLANs?

 Options

  1. VTP is only compatible with the 802.1Q standard.
  2. VTP adds to the complexity of managing a switched network.
  3. VTP allows a switch to be configured to belong to more than one VTP domain.
  4. VTP dynamically communicates VLAN changes to all switches in the same VTP domain.

23. A network administrator is replacing a failed switch with a switch that was previously on the network. What precautionary step should the administrator take on the replacement switch to avoid incorrect VLAN information from propagating through the network?

 Options

  1. Enable VTP pruning.
  2. Change the VTP domain name.
  3. Change the VTP mode to client.
  4. Change all the interfaces on the switch to access ports. 

24 What does a client mode switch in a VTP management domain do when it receives a summary advertisement with a revision number higher than its current revision number?

  1. It suspends forwarding until a subset advertisement update arrives.
  2. It issues an advertisement request for new VLAN information.
  3. It increments the revision number and forwards it to other switches.
  4. It deletes the VLANs not included in the summary advertisement.
  5. It issues summary advertisements to advise other switches of status changes. 

25.What causes a VTP configured switch to issue a summary advertisement?

  1. A five-minute update timer has elapsed.
  2. A port on the switch has been shutdown.
  3. The switch is changed to the transparent mode.
  4. A new host has been attached to a switch in the management domain.

26. How are VTP messages sent between switches in a domain?

 Options

  1. Layer 2 broadcast
  2. Layer 2 multicast
  3. Layer 2 unicast
  4. Layer 3 broadcast
  5. Layer 3 multicast
  6. Layer 3 unicast

27.What statement describes the default propagation of VLANs on a trunked link?

 Options

  1. only the native VLAN
  2. VLANs 1 to 1005
  3. only VLAN 1
  4. all VLANs
  5. no VLANs

28. Switch port fa0/1 was manually configured as a trunk, but now it will be used to connect a host to the network. How should the network administrator reconfigure switch port Fa0/1?

  1. Disable DTP.
  2. Delete any VLANs currently being trunked through port Fa0/1.
  3. Administratively shut down and re-enable the interface to return it to default.
  4. Enter the switchport mode access command in interface configuration mode.

29 What is a valid consideration for planning VLAN traffic across multiple switches?

 Options

  1. Configuring inters witch connections as trunks will cause all hosts on any VLAN to receive broadcasts from the other VLANs.
  2. A trunk connection is affected by broadcast storms on any particular VLAN that is carried by that trunk.
  3. Restricting trunk connections between switches to a single VLAN will improve efficiency of port usage.
  4. Carrying all required VLANs on a single access port will ensure proper traffic separation.

30.What statement about the 802.1q trunking protocol is true?

  1. 802.1q is Cisco proprietary.
  2. 802.1q frames are mapped to VLANs by MAC address.
  3. 802.1q does NOT require the FCS of the original frame to be recalculated.
  4. 802.1q will not perform operations on frames that are forwarded out access ports.

31. Which access method does a wireless access point use to allow for multiple user connectivity and distributed access? 

  1. CSMA/CD
  2. token passing
  3. CSMA/CA
  4. polling 

32. A network administrator is removing several VLANs from a switch. When the administrator enters the no vlan 1 command, an error is received. Why did this command generate an error?

  1. VLAN 1 can never be deleted.
  2. VLAN 1 can only be deleted by deleting the vlan.dat file.
  3. VLAN 1 can not be deleted until all ports have been removed from it.
  4. VLAN 1 can not be deleted until another VLAN has been assigned its responsibilities.

33. What happens to the member ports of a VLAN when the VLAN is deleted?

 Options

  1. The ports cannot communicate with other ports.
  2. The ports default back to the management VLAN.
  3. The ports automatically become a part of VLAN1.
  4. The ports remain a part of that VLAN until the switch is rebooted. They then become members of the management VLAN.

34.What switch port modes will allow a switch to successfully form a trunking link if the neighboring switch port is in “dynamic desirable” mode?

 Options

  1. dynamic desirable mode
  2. on or dynamic desirable mode
  3. on, auto, or dynamic desirable mode
  4. on, auto, dynamic desirable, or no negotiate mode

35. What must the network administrator do to remove Fast Ethernet port fa0/1 from VLAN 2 and assign it to VLAN 3?

 Options

  1. Enter the no vlan 2 and the vlan 3 commands in global configuration mode.
  2. Enter the switchport access vlan 3 command in interface configuration mode.
  3. Enter the switchport trunk native vlan 3 commands in interface configuration mode.
  4. Enter the no shutdown in interface configuration mode to return it to the default configuration and then configure the port for VLAN 3.  

36 Which statement or set of paired statements correctly compares STP with RSTP?

  1. STP and RSTP have the same BPDU format and flag field information.
  2. STP specifies backup ports. RSTP has only root ports, alternate ports, and designated ports.
  3. STP port states are independent of port roles. RSTP ties together the port state and port role.
  4. STP waits for the network to converge before placing ports into forwarding state. RSTP places designated ports into forwarding state immediately.

37 How can a network administrator influence which STP switches become the root bridge?

 Options

  1. Configure all the interfaces on the switch as the static root ports.
  2. Change the BPDU to a lower value than that of the other switches in the network.
  3. Assign a lower IP address to the switch than that of the other switches in the network.
  4. Set the switch priority to a smaller value than that of the other switches in the network.

38. In which STP state does a port record MAC addresses but not forward user data?

  1. blocking
  2. learning
  3. disabling
  4. listening
  5. forwarding

39. When PVST+ was developed; the Bridge ID was modified to include which information?

  1. bridge priority
  2. MAC address
  3. protocol
  4. VLAN ID

40. What is the first step in the process of convergence in a spanning treetopology?

  1. election of the root bridge
  2. blocking of the non-designated ports
  3. selection of the designated trunk port
  4. determination of the designated port for each segment
  Answers :-

                                                                                         LAN Switching & Wireless

 

Assignment A

Q1.      Describe the Hierarchical Network Model? Describe the benefits of the Hierarchical Network Model.

Ans:    A hierarchical network model breaks the complex problem of network design into smaller, more manageable problems. Each level, or tier in the hierarchy addresses a different set of problems. This helps the designer optimize network hardware and software to perform specific roles. For example, devices at the lowest tier are optimized to accept traffic into a network and pass that traffic to the higher layers. Cisco offers a three-tiered hierarchy as the preferred approach to network design.

In the three-layer network design model, network devices and links are grouped according to three layers:

  • Core
  • Distribution
  • Access

The three-layer model is a conceptual framework. It is an abstract picture of a network similar to the concept of the Open System Interconnection (OSI) reference model.

Layered models are useful because they facilitate modularity. Devices at each layer have similar and well-defined functions. This allows administrators to easily add, replace, and remove individual pieces of the network. This kind of flexibility and adaptability makes a hierarchical network design highly scalable.

At the same time, layered models can be difficult to comprehend because the exact composition of each layer varies from network to network. Each layer of the three-tiered design model may include the following:

  • A router
  • A switch
  • A link
  • A combination of these

Some networks may combine the function of two layers into a single device or omit a layer entirely.

The following sections discuss each of the three layers in detail.

The Core Layer
The core layer provides an optimized and reliable transport structure by forwarding traffic at very high speeds. In other words, the core layer switches packets as fast as possible. Devices at the core layer should not be burdened with any processes that stand in the way of switching packets at top speed. This includes the following:

  • Access-list checking
  • Data encryption
  • Address translation

The Distribution Layer


The distribution layer is located between the access and core layers and helps differentiate the core from the rest of the network. The purpose of this layer is to provide boundary definition using access lists and other filters to limit what gets into the core. Therefore, this layer defines policy for the network. A policy is an approach to handling certain kinds of traffic, including the following:

  • Routing updates
  • Route summaries
  • VLAN traffic
  • Address aggregation

Use these policies to secure networks and to preserve resources by preventing unnecessary traffic.

If a network has two or more routing protocols, such as Routing Information Protocol (RIP) and Interior Gateway Routing Protocol (IGRP), information between the different routing domains is shared, or redistributed, at the distribution layer.

The Access Layer


The access layer supplies traffic to the network and performs network entry control. End users access network resources by way of the access layer. Acting as the front door to a network, the access layer employs access lists designed to prevent unauthorized users from gaining entry. The access layer can also give remote sites access to the network by way of a wide-area technology, such as Frame Relay, ISDN, or leased lines.

Benefits

There are many benefits associated with hierarchical network designs.

Scalability

Hierarchical networks scale very well. The modularity of the design allows you to replicate design elements as the network grows. Because each instance of the module is consistent, expansion is easy to plan and implement. For example, if your design model consists of two distribution layer switches for every 10 access layer switches, you can continue to add access layer switches until you have 10 access layer switches cross-connected to the two distribution layer switches before you need to add additional distribution layer switches to the network topology. Also, as you add more distribution layer switches to accommodate the load from the access layer switches, you can add additional core layer switches to handle the additional load on the core.

Redundancy

As a network grows, availability becomes more important. You can dramatically increase availability through easy redundant implementations with hierarchical networks. Access layer switches are connected to two different distribution layer switches to ensure path redundancy. If one of the distribution layer switches fails, the access layer switch can switch to the other distribution layer switch. Additionally, distribution layer switches are connected to two or more core layer switches to ensure path availability if a core switch fails. The only layer where redundancy is limited is at the access layer. Typically, end node devices, such as PCs, printers, and IP phones, do not have the ability to connect to multiple access layer switches for redundancy. If an access layer switch fails, just the devices connected to that one switch would be affected by the outage. The rest of the network would continue to function unaffected.

Performance

Communication performance is enhanced by avoiding the transmission of data through low-performing, intermediary switches. Data is sent through aggregated switch port links from the access layer to the distribution layer at near wire speed in most cases. The distribution layer then uses its high performance switching capabilities to forward the traffic up to the core, where it is routed to its final destination. Because the core and distribution layers perform their operations at very high speeds, there is less contention for network bandwidth. As a result, properly designed hierarchical networks can achieve near wire speed between all devices.

Security

Security is improved and easier to manage. Access layer switches can be configured with various port security options that provide control over which devices are allowed to connect to the network. You also have the flexibility to use more advanced security policies at the distribution layer. You may apply access control policies that define which communication protocols are deployed on your network and where they are permitted to go. For example, if you want to limit the use of HTTP to a specific user community connected at the access layer, you could apply a policy that blocks HTTP traffic at the distribution layer. Restricting traffic based on higher layer protocols, such as IP and HTTP, requires that your switches are able to process policies at that layer. Some access layer switches support Layer 3 functionality, but it is usually the job of the distribution layer switches to process Layer 3 data, because they can process it much more efficiently.

Manageability

Manage ability is relatively simple on a hierarchical network. Each layer of the hierarchical design performs specific functions that are consistent throughout that layer. Therefore, if you need to change the functionality of an access layer switch, you could repeat that change across all access layer switches in the network because they presumably perform the same functions at their layer. Deployment of new switches is also simplified because switch configurations can be copied between devices with very few modifications. Consistency between the switches at each layer allows for rapid recovery and simplified troubleshooting. In some special situations, there could be configuration inconsistencies between devices, so you should ensure that configurations are well documented so that you can compare them before deployment.

Maintainability

Because hierarchical networks are modular in nature and scale very easily, they are easy to maintain. With other network topology designs, manageability becomes increasingly complicated as the network grows. Also, in some network design models, there is a finite limit to how large the network can grow before it becomes too complicated and expensive to maintain. In the hierarchical design model, switch functions are defined at each layer, making the selection of the correct switch easier. Adding switches to one layer does not necessarily mean there will not be a bottleneck or other limitation at another layer. For a full mesh network topology to achieve maximum performance, all switches need to be high-performance switches, because each switch needs to be capable of performing all the functions on the network. In the hierarchical model, switch functions are different at each layer. You can save money by using less expensive access layer switches at the lowest layer, and spend more on the distribution and core layer switches to achieve high performance on the network.

 

 

 

Q2.       Explain the key features of switches that are used in hierarchical networks?

              This assignment solved by www.solvezone.in visit for better price and service

Ans:     The key features of switches that are used in hierarchical networks are as follows:      

Fixed Configuration Switched

Fixed configuration switches are just as you might expect, fixed in their configuration. What that means is that you cannot add features or options to the switch beyond those that originally came with the switch. The particular model you purchase determines the features and options available. For example, if you purchase a 24-port gigabit fixed switch, you cannot add additional ports when you need them. Typically, different configuration choices vary in how many and what types of ports are included. 

Modular Switches

Modular switches offer more flexibility in their configuration. Modular switches come with different sized chassis that allow for the installation of different numbers of modular line cards. The line cards contain the ports. The line card fits into the switch chassis like expansion cards fit into a PC. The larger the chassis, the more modules it can support. As you can see in Figure 1-18, you can choose from many chassis sizes. If you bought a modular switch with a 24-port line card, you could easily add an additional 24-port line card to bring the total number of ports up to 48. 

Stackable Switches 

Stackable switches can be interconnected using a special backplane cable that provides high bandwidth throughput between the switches. Cisco introduced Stack Wise technology in one of its switch product lines. Stack Wise allows you to interconnect up to nine switches using fully redundant backplane connections. The stacked switches effectively operate as a single larger switch. Stackable switches are desirable where fault tolerance and bandwidth availability are critical and a modular switch is too costly to implement. Using cross-connected connections, the network can recover quickly if a single switch fails. Stackable switches use a special port for interconnections and do not use line ports for inter-switch connections. The speeds are also typically faster than using line ports for connection switches. 

Switch Performance

When selecting a switch for the access, distribution, or core layers, consider the capability of the switch to support the port density, forwarding rates, and bandwidth aggregation requirements of your network.

 

 Port Density

Port density is the number of ports available on a single switch. Fixed configuration switches typically support up to 48 ports on a single device, with options for up to four additional ports for small form-factor pluggable (SFP) devices. High port densities allow for better use of space and power when both are in limited supply. If you have two switches that each contains 24 ports, you would be able to support up to 46 devices because you lose at least one port per switch to connect each switch to the rest of the network. In addition, two power outlets are required. On the other hand, if you have a single 48-port switch, 47 devices can be supported, with only one port used to connect the switch to the rest of the network, and only one power outlet needed to accommodate the single switch.

Modular switches can support very high port densities through the addition of multiple switch port line cards, as shown in Figure 1-19. For example, the Catalyst 6500 switch can support in excess of 1000 switch ports on a single device.

 

Large enterprise networks that support many thousands of network devices require high density, modular switches to make the best use of space and power. Without using a high density modular switch, the network would need many fixed configuration switches to accommodate the number of devices that need network access. This approach can consume many power outlets and a lot of closet space.

 

Forwarding Rates

As illustrated in Figure 1-20, forwarding rates define the processing capabilities of a switch by rating how much data the switch can process per second. Switch product lines are classified by forwarding rates. Entry-layer switches have lower forwarding rates than enterprise layer switches. Forwarding rates are important to consider when selecting a switch. If the switch forwarding rate is too low, it cannot accommodate full wire-speed communication across all its switch ports. Wire speed is the data rate that each port on the switch is capable of attaining—either 100 Mbps Fast Ethernet or 1000 Mbps Gigabit Ethernet. For example, a 48-port gigabit switch operating at full wire speed generates 48 Gbps of traffic. If the switch supports a forwarding rate of only 32 Gbps, it cannot run at full wire speed across all ports simultaneously. Fortunately, access layer switches typically do not need to operate at full wire speed because they are physically limited by their uplinks to the distribution layer. This allows you to use less expensive, lower-performing switches at the access layer, and use the more expensive, higher-performing switches at the distribution and core layers, where the forwarding rate makes a bigger difference.

 

Link Aggregation

As part of bandwidth aggregation, you should determine if there are enough ports on a switch to aggregate to support the required bandwidth. For example, consider a Gigabit Ethernet port, which carries up to 1 Gbps of traffic. If you have a 24-port switch, with all ports capable of running at gigabit speeds, you could generate up to 24 Gbps of network traffic. If the switch is connected to the rest of the network by a single network cable, it can forward only 1 Gbps of the data to the rest of the network. Due to the contention for bandwidth, the data would forward more slowly. That results in 1/24th wire speed available to each of the 24 devices connected to the switch. Wire speed describes the theoretical maximum data transmission rate of a connection.

Link aggregation helps to reduce these bottlenecks of traffic by allowing up to eight switch ports to be bound together for data communications, providing up to 16 Gbps of data throughput when Gigabit Ethernet ports are used. With the addition of multiple 10 Gigabit Ethernet uplinks on some enterprise-layer switches, 160 Gbps throughput rates can be achieved. Cisco uses the term Ether Channel when describing aggregated switch ports. Keep in mind that Ether Channel reduces the number of available ports to connect network devices.

 

Power over Ethernet and Layer 3 Functionality

Two other characteristics you want to consider when selecting a switch are Power over Ethernet (PoE) and Layer 3 functionality. Power over Ethernet Power over Ethernet (PoE) allows the switch to deliver power to a device over the existing Ethernet cabling.

PoE ports on a switch, IP phone, access point, and wireless LAN controller look the same as any switch port. Check the model of the networking device to determine whether the port supports PoE.

PoE allows you more flexibility when installing wireless access points and IP phones because you can install them anywhere you can run an Ethernet cable. You do not need to consider how to run ordinary power to the device. You should select a switch that supports PoE only if you are actually going to take advantage of the feature because it adds considerable cost to the switch.

 

Layer 3 Functionality

Typically, switches operate at Layer 2 of the OSI reference model, where they deal primarily with the MAC addresses of devices connected to switch ports. Layer 3 switches offer advanced functionality that will be discussed in greater detail in the later chapters of this book. Layer 3 switches are also known as multilayer switches.

 

 

Q3.What are the benefits of VLAN? Explain different types of VLAN.

Ans: -   VLAN Benefits

As we have seen, there are several benefits to using VLANs. To summarize, VLAN benefits include:

  • Increased performance
  • Improved manageability
  • Simplification of software configurations
  • Increased security options

Increased performance

Switched networks by nature will increase performance over shared devices in use today by reducing collisions. Grouping users into logical networks will also increase performance by limiting broadcast traffic to users performing similar functions within workgroups. Additionally, less traffic will need to be routed, and the latency added to routers will be reduced.

Improved manageability

VLANs provide an easy, flexible, less costly way to modify logical groups in changing environments. VLANs make large networks more manageable by allowing centralized configuration of devices located in assorted locations.

Simplification of software configurations

VLANs will allow LAN administrators to "fine tune" their networks by grouping users. Software configurations can be made the same across machines with the consolidation of a department´s resources into a single subnet. IP addresses and subnet masks will be more consistent across the entire VLAN. These services can be more effectively deployed when they can span buildings within a VLAN.

Increased security options

VLANs have the ability to provide additional security not available in a shared network environment. A switched network delivers packets only to the intended recipients and packets only to other members of the VLAN. This allows the network administrator to segment users requiring access to sensitive information into separate VLANs from the rest of the general users regardless of physical location.

There are different types of VLANs. The type of network traffic they carry defines a particular type of VLAN and others derive their names due to the type or a specific function the VLAN performs. The following describes common VLAN:

Default VLAN

At the initial boot up of the switch, All switch ports become a member of the default VLAN, which makes them all part of the same broadcast domain. This allows any network device connected to any of the switch port to communicate with other devices on other switch ports.

On Cisco switches the default VLAN is VLAN 1. VLAN 1 has all the features of any VLAN, except that you cannot rename or delete it.

Data VLAN

A data VLAN that can also be referred to as user VLAN. This is configured to carry only user-generated traffic. The importance of separating user data from other type of VLAN is proper switch management and control.

Native VLAN

A native VLAN is assigned to an 802.1Q trunk port. An 802.1Q trunk port supports traffic coming from many VLANs as well as traffic that do not come from a VLAN port places untagged traffic (traffic that does not come from a VLAN) on the native VLAN. In summary, the native VLAN observes and identifies traffic coming from each end of a trunk link.

 

 

Q4.A point-to-point connection with different vendor routers using HDLC as the Encapsulation type cannot establish a connection. When you change the encapsulation type on both routers to PPP, the connection is established. Why did the routers establish a connection with PPP and not with HDLC?.

Ans: -   PPP (Point-to-Point Protocol) is a protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server. For example, your Internet server provider may provide you with a PPP connection so that the provider´s server can respond to your requests, pass them on to the Internet, and forward your requested Internet responses back to you. PPP uses the Internet protocol (IP) (and is designed to handle others). It is sometimes considered a member of the TCP/IP suite of protocols. Relative to the Open Systems Interconnection (OSI) reference model, PPP provides layer 2 (data-link layer) service. Essentially, it packages your computer´s TCP/IP packets and forwards them to the server where they can actually be put on the Internet.

 

HDLC (High-level Data Link Control) is a group of protocols or rules for transmitting data between network points (sometimes called nodes). In HDLC, data is organized into a unit (called a frame) and sent across a network to a destination that verifies its successful arrival. The HDLC protocol also manages the flow or pacing at which data is sent. HDLC is one of the most commonly-used protocols in what is layer 2 of the industry communication reference model called Open Systems Interconnection (OSI). (Layer 1 is the detailed physical level that involves actually generating and receiving the electronic signals. Layer 3 is the higher level that has knowledge about the network, including access to router tables that indicate where to forward or send data. On sending, programming in layer 3 creates a frame that usually contains source and destination network addresses. HDLC (layer 2) encapsulates the layer 3 frame, adding data link control information to a new, larger frame.

 

 

 

Q5.What are the downsides to password recovery?

Ans: - A downside might be as follows:

A fix for this can be to use a randomly generated pin or hash to act as a onetime password. It will still be going over unencrypted email, but it will only be valid until the user confirms the account and chooses his own password. If someone has access to your email client you´re hooped anyway.

There is nothing stopping an extra security conscious user from deleting the email and changing their password right away. What it does is to give a convenience to users that want to treat your service as a trial. Picking unique user names and password is too far down the developing a relationship path for me personally.

-Against knowledgeable techies, sure, you´re hosed either way. I´m talking about more casual security threats: a mischievous child, a bad breakup, a sneaky Best Buy bench tech. It´s the difference between leaving your front door unlocked, versus leaving it wide open.

 

 

Assignment B

Q 1 (a) Describe the benefits and purpose of VTP

Ans: -     Benefits of VLAN Trunking Protocol (VTP)

VLAN Trunking Protocol or VTP refers to a messaging protocol responsible for managing the renaming, deletion and addition of VLANs (Virtual Local Area Networks). Cisco’s VLAN Trunking Protocol lowers administration in switched networks. The following are major benefits of VLAN Trunking Protocol.

  1. Better network management
    VTP lowers the possible inconsistencies in configuration that normally come about once modifications are made in a network. Such inconsistencies may lead to security violations since VLANs have the capability of cross connecting when matching names are utilized. Furthermore, they could possibly become disconnected internally when mapped from a certain LAN kind to the next. However, VLAN Trunking Protocol offers a good mapping scheme for seamless trunking in a network that uses mixed media.
  2. Maintains consistency
    The VLAN Trunking Protocol offers the benefit of maintaining configuration consistency throughout the whole network. This is credited to the fact that VTP utilizes trunk frames for managing any changes made to the VLANs in that particular network. This is attained through the use of a central switch found in the server mode. In fact, VTP synchronizes all the VLAN information in any VTP domain, thereby lowering the need of configuring similar VLAN data on every switch.
  3. Manages Cisco switches
    Another vital advantage of VLAN Trunking Protocol is that it provides an effective method of managing Cisco switches like one group for configuration purposes. This means that if the VTP has been enabled on a Cisco switch, creating a VLAN on a single switch then makes the VLAN accessible to all the switches in that VTP domain. The switch can only be a part of one VTP domain at a single time.
    The key drawback of using VLAN Trunking Protocol is that looping can occur. Looping is normally very annoying as it creates duplicate emails and it may even crash the whole network.

 

Purpose

The purpose of VTP is to provide a way to manage Cisco switches as a single group for VLAN configuration purposes. For example, if VTP is enabled on Cisco switches, the creation of a new VLAN on one switch makes that VLAN available to all switches within the same VTP management domain. A switch can be part of only one VTP management domain at a time, and is part of no VTP management domain by default.

Without VTP, the creation of a new VLAN would require you to define that new VLAN individually on all necessary switches, a process that is subject to error and that is time-consuming to say the least. Instead, with VTP, you define the VLAN once and have VTP spread the information to all other switches in the same domain automatically

 

The primary benefit of VTP is that in large environments it facilitates adding and deleting VLANs, as well as making changes to VLAN configurations. Without VTP you would have to add a VLAN manually to each switch; with VTP you can add a VLAN to one switch and let the switches propagate the changes throughout the VTP management domain, and all before lunch!

When a VTP management domain name is defined on each switch, the switches exchange VTP information automatically and require no further configuration or day-to-day management.

 

 

(b) Explain the purpose and operation of ACLs? Explain the filtering process?

Ans:- Access Control List (ACL) are filters that enable you to control which routing updates or packets are permitted or denied in or out of a network. They are specifically used by network administrators to filter traffic and to provide extra security for their networks. This can be applied on routers (Cisco).

ACLs provide a powerful way to control traffic into and out of your network; this control can be as simple as permitting or denying network hosts or addresses.  You can configure ACLs for all routed network protocols.

The most important reason to configure ACLs is to provide security for your network. However, ACLs can also be configured to control network traffic based on the TCP port being used.

Operations

  • Order of statements is important: put the most restrictive statements at the top of the list and the least restrictive at the bottom.
  • ACL statements are processed top-down until a match is found, and then no more statements in the list are processed.
  • If no match is found in the ACL, the packet is dropped (implicit deny).
  • Each ACL needs either a unique number or a unique name.
  • The router cannot filter traffic that it, itself, originates.
  • You can have only one IP ACL applied to an interface in each direction (inbound and outbound)—you can´t have two or more inbound or outbound ACLs applied to the same interface. (Actually, you can have one ACL for each protocol, like IP and IPX, applied to an interface in each direction.)
  • Applying an empty ACL to an interface permits all traffic by default: in order for an ACL to have an implicit deny statement, you need at least one actual permit or deny statement.
  • Remember the numbers you can use for IP ACLs.Standard ACLs can use numbers ranging 1–99 and 1300–1999, and extended ACLs can use 100–199 and 2000–2699.
  • Wildcard mask is not a subnet mask. Like an IP address or a subnet mask, a wildcard mask is composed of 32 bits when doing the conversion; subtract each byte in the subnet mask from 255.

There are two special types of wildcard masks:

0.0.0.0 and 255.255.255.255

A 0.0.0.0 wildcard mask is called a host mask

255.255.255.255. If you enter this, the router will cover the address and mask to the keyword any.

Filtering Process

A router acts as a packet filter when it forwards or denies packets according to filtering rules. As a Layer 3 device, a packet-filtering router uses rules to determine whether to permit or deny traffic based on source and destination IP addresses, source port and destination port, and the protocol of the packet. These rules are defined using access control lists or ACLs.

 To simplify how ACL or a router uses packet filtering work, imagine  a guard stationed at a locked door. The guard´s instruction is to allow only people whose names appear on a quest list to pass through the door. The guard is filtering people based on the condition of having their names on the authorized list.

When a packet arrives at the router, the router extracts certain information from the packet header and makes decisions according to the filter rules as to whether the packet can pass through or be dropped. Packet filtering process works at the Network layer of the Open Systems Interconnection (OSI) model, or the Internet layer of TCP/IP.

 

 

Q 2 Describe and compare the Ethernet concepts and techniques used by LAN switches.

Ans: - A switch is a device that connects LAN segments using a table of MAC addresses to determine the segment on which a frame needs to be transmitted. Both switches and bridges operate at Layer 2 of the OSI model.

Switches are sometimes called multiport bridges or switching hubs. Switches make decisions based on MAC addresses and therefore, are Layer 2 devices. In contrast, hubs regenerate the Layer 1 signals out of all ports without making any decisions. Since a switch has the capacity to make path selection decisions, the LAN becomes much more efficient. Usually, in an Ethernet network the workstations are connected directly to the switch. Switches learn which hosts are connected to a port by reading the source MAC address in frames. The switch opens a virtual circuit between the source and destination nodes only. This confines communication to those two ports without affecting traffic on other ports. In contrast, a hub forwards data out all of its ports so that all hosts see the data and must process it, even if that data is not intended for it.   High-performance LANs are usually fully switched:

  • A switch concentrates connectivity, making data transmission more efficient. Frames are switched from incoming ports to outgoing ports. Each port or interface can provide the full bandwidth of the connection to the host.
  • On a typical Ethernet hub, all ports connect to a common backplane or physical connection within the hub, and all devices attached to the hub share the bandwidth of the network. If two stations establish a session that uses a significant level of bandwidth, the network performance of all other stations attached to the hub is degraded.
  • To reduce degradation, the switch treats each interface as an individual segment. When stations on different interfaces need to communicate, the switch forwards frames at wire speed from one interface to the other, to ensure that each session receives full bandwidth.

To efficiently switch frames between interfaces, the switch maintains an address table. When a frame enters the switch, it associates the MAC address of the sending station with the interface on which it was received.

The main features of Ethernet switches are:

  • Isolate traffic among segments
  • Achieve greater amount of bandwidth per user by creating smaller collision domains

The first feature, isolate traffic among segments, provides for greater security for hosts on the network. Each segment uses the CSMA/CD access method to maintain data traffic flow among the users on that segment. Such segmentation allows multiple users to send information at the same time on the different segments without slowing down the network.

By using the segments in the network fewer users and/or devices are sharing the same bandwidth when communicating with one another. Each segment has its own collision domain. Ethernet switches filter the traffic by redirecting the datagrams to the correct port or ports, which are based on Layer 2 MAC addresses.

The second feature is called micro segmentation. Micro segmentation allows the creation of dedicated network segments with one host per segment. Each hosts receives access to the full bandwidth and does not have to compete for available bandwidth with other hosts. Popular servers can then be placed on individual 100-Mbps links. Often in networks of today, a Fast Ethernet switch will act as the backbone of the LAN, with Ethernet hubs, Ethernet switches, or Fast Ethernet hubs providing the desktop connections in workgroups. As demanding new applications such as desktop multimedia or video conferencing become more popular, certain individual desktop computers will have dedicated 100-Mbps links to the network.

 

 

Q3. (a) The router IOS images should be stored on a TFTP server on the network. A network TFTP server can be used to restore lost or corrupted IOS images to network devices. In your own words, answer the following questions about IOS image management. What information is required when using the copy command to upload or download a system image file?

Ans:- Upgrade or Download Router IOS image to Flash Memory

Step 1

To transfer an IOS from PC to ROUTER, the following conditions must meet

* IOS image the router to have is in working condition since corrupted IOS image won´t do any good

* IOS image the router to have meets the router DRAM and flash memory size. Keep in mind that maximize router DRAM and flash memory size before IOS image upgrade is always a good idea to make sure the router can fit the IOS image file and can run any IOS image version. Check out the following FAQ to find memory specification
»Cisco Forum FAQ »Cisco equipment memory chip specification

* When the router is still running the older IOS image version, backup the older IOS image to TFTP or FTP server (the next steps explain this further). This backup should perform before any IOS image upgrade. In case of unsuccessful IOS image upgrade (due to too-small DRAM size, corrupted IOS image, etc.) it is always a good to know that you are able to reverse the change by putting back the older IOS image (the one that you backup earlier) to the router

Step 2

In order to transfer an IOS image typically you need to run a TFTP program on your computer. Your computer will then become TFTP server during the IOS image transfer. A simple FREE one can be found here
»Cisco Forum FAQ »How to prepare TFTP server

Note that when the router is running newer IOS image, IOS image transfer using FTP server is also supported. Using TFTP server instead of using FTP server is more common however for image transfer. The rest of this FAQ shows the use of TFTP transfer however.

Step 3

It is recommended that the PC (the TFTP server) is on the same subnet as your router. Easiest way is to assign a static IP to your machine [x.x.x.100 255.255.255.0]. If there is a switch between the PC (the TFTP server) and the router, then also make sure both PC and router are within the same VLAN or the same broadcast domain.

When your network is using hub instead of switch, then there might be some collision that severely degrade the TFTP traffic flow; hence screwing up the download or upload process. In this case, it is highly suggested to use either a switch or simply back-to-back connection using crossover cable between the router and the PC.

Step 4

Next go to the privilege exec prompt and type

r1#copy tftp flash

The command will ask you of four things.

1. The IP address of your server. Enter whatever PC IP address is.

2. The name of the IOS source file. Enter the exact name of the IOS file you are trying to install (including the sub-directory name and path if the file is not in the root or current directory). If you enter incorrect name or if the file is not in the right directory, the transfer will fail.

3. It may ask you for the destination filename as well. This indicates where you like the new IOS file stored and whether you like to keep the same IOS filename. Typically you choose to keep the same IOS filename and store the IOS file in current router´s flash directory. Should you decide to store the file in different directory, you need to specify the exact directory path and name. You also need to specify the new IOS filename should you decide to have different filename.

4. It will also ask you if you wish you to erase your flash before copy.


Read This Before Proceeding:

This erase means that you will erase the entire contents of memory flash by formatting the flash. Keep in mind that you cannot recover any of those contents (including the current IOS image) once the flash is erased or formatted.

You may want to erase the flash when at least one of following meets.

* Memory flash size is too small to hold both the current and the new IOS images
* You need to use the entire flash memory space that is currently partitioned to fit the new IOS image (note: to remove the partition, There was partition in the flash that was just been removed, and you need to start fresh by reformat the flash
* There was bad sector in the flash that you want to remove by reformat the flash
* The flash memory is brand new and/or has never been used/formatted

When none of the above fits your situation, then you might not need to format the flash. Holding both current and new IOS images in the same flash is recommended whenever possible. By having both images, it would be easier to flip back to the old image when there is boot problem with the new image since by default, the router boots up using the first valid IOS image the router can find.

If you must erase the flash, then make sure that you already backup all flash contents to server; especially the current IOS image.



When everything works and you say yes when you are asked to erase the flash, then the display will look something like this.

r1#copy tftp flash
Address or name of remote host []? 10.50.50.100
Source filename []? c2600-i-mz.121-14.bin
Destination filename [c2600-i-mz.121-14.bin]?y
Accessing tftp://10.50.50.100/c2600-i-mz.121-14.bin...
Erase flash: before copying? [confirm]y
Erasing the flash filesystem will remove all files! Continue? [confirm]y
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ... erased
Erase of flash: complete
Loading c2600-i-mz.121-14.bin from 10.10.10.2 (via Ethernet0/0):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 4501480/9001984 bytes]
 
Verifying checksum... OK (0xAC8A)
4501480 bytes copied in 56.88 secs (80383 bytes/sec)


Step 5

After the IOS transfers you will need to reboot the router to active the new IOS image. The router then may ask if you want to save the router configuration. Depending on whether you changed your IP address to a new scheme or just used the same address you may or may not want to save your config.

Backup Router IOS image to TFTP Server

In order to backup an IOS from ROUTER to PC, use the similar steps. However on Step 4, you need to enter a different command. This is where you want to make sure the TFTP server can send and receive.

r1#copy flash tftp

The rest of steps are applicable still.

Troubleshooting

With anything, sometimes things don´t work as expected. In a case of the copy command does not work, one of following could be the culprit.

* Incorrect IOS image file name to use
* Incorrect TFTP software installation
* Incorrect TFTP software setting
* IOS image file is stored in different directory or folder of the TFTP server
* Cable or routing issue between router and TFTP server
* If the router and the TFTP server is not connected directly (i.e. there is a patch panel, switch or router in between), verify the intermediate device/connection
* Incorrect IP address or subnet mask of either router or TFTP server
* Buggy TFTP software

Assuming no firewall or nothing blocks ICMP echo, you could try to ping both ways from router to TFTP server and from TFTP server to router. If you could ping both ways, then at least routing between router and TFTP server is good. Should it be the case; then the problem could not be either cable or routing (not TCP/IP Layer-1, 2, or 3 issues), hence you should consider something higher up in the TCP/IP Layer such as file- or directory- related issue.

There is also a possibility of a firewall issue that disallow TFTP traffic flow. First thing to confirm is to make sure you know where the active firewall is. This firewall can be a dedicated appliance (such as Cisco ASA firewall) or simply some software firewall installed on your TFTP server. If your TFTP server is some Windows machine, make sure all Windows Firewall is turned off. Note that some antivirus software may also block TFTP traffic, hence turning off the software at least temporarily is suggested.

If for some reason you cannot deactivate the firewall, then make sure the firewall allow TFTP traffic flow between the router and the TFTP server. When there is NAT/PAT in place on the firewall, make sure you use proper IP address that the firewall understand.

 

 

(b) What happens to a router when the IOS is deleted from flash?

Ans: - As network administrator, at some point you may encounter issue where a Cisco router won´t boot up normally. When you console in to the router, you do not see IOS prompt at all; instead it is either looping or there is this ROMMON prompt. This FAQ has been brought to help those that are unfamiliar around Cisco image troubleshooting process.

Although this FAQ has been written mostly for Cisco routers, the concept applies to other Cisco devices such as switches and firewalls. This FAQ assumes some knowledge from readers such as running basic IOS commands, setting up TFTP servers, some IP network understanding, and physical/hardware troubleshooting.

Following are typical cases in regards of router inability to boot up normally.

Case #1
Deleted/Corrupted/Wrong Type/No IOS image and Router goes to ROMMON mode

When you notice your router won´t boot normally and goes to ROMMON mode (showing the rommon prompt), then basically the router can´t find a valid IOS image to boot from. The cause could be either one of the following

* Valid IOS image file has gone missing, deleted, or corrupted (common case)
* Router has been configured to boot from media that does not exist (less common case)
* Router tries to boot up IOS image that is too big to fit into its DRAM (not that typical case)
* Router crashes suddenly out of the blue (rare case)
* Router has been configured not to boot up normally at all (one-in-the-million case)

Note that entering ROMMON mode immediately is considered simple situation to remedy. Actually it is a good sign when the router enters ROMMON mode since it is sign of stable router configuration and simple procedure to revive. The next case shows worse situation.

Case #2
Router Crashes and/or Boot Loops

When you have installed the wrong IOS (or one that is too big to fit into the router memory), the router may crash or boot to the ROMMON (ROM Monitor) prompt. In some cases, the router crashes after being up for years and left untouched. Once the router crashes, it may not enter ROMMON mode, keeps trying to boot up normally to no avail, and keeps looping.

To revive a Cisco router that is unable to boot up normally, first the router has to be in stable condition which the router must enter ROMMON mode as first step. When the router seems unable to enter ROMMON mode by itself, you have to power cycle the router and issue the break sequence within few seconds the router restarts.

In issuing break sequence, you need to consider the following. The break sequence to enter ROMMON mode varies, depending on your Terminal Emulator software you are using and Operating System your PC is running. Check out the following link to find out proper break sequence.

 

 

 

Case study

Q 4         Refer to Figure 1 for all the questions in this command exercise

Figure 1 Network Topology for Questions I Through IV

 

Q.I Allow only Host A from the 172.16.1.0/27 subnet access to the E-Mail server. Use the last usable number in the extended list range. Host A should not have access to any of the other servers. Write all the commands

Ans:-  hostname(config)# access-list OUTSIDE extended permit tcp host 209.165.201.4 host 209.165.200.225 eq wwwhostname(config)# access-list OUTSIDE extended permit tcp host 209.165.201.6 host 209.165.200.225 eq wwwhostname(config)# access-list OUTSIDE extended permit tcp host 209.165.201.8 host 209.165.200.225 eq wwwhostname(config)# access-group OUTSIDE out interface outside

 

 

Q.II Allow only Host B access to the Internet, and deny everyone else. Use an extended named ACL to accomplish this task, and name the ACL Internet. Write all the commands

Ans:- hostname(config)# access-list ANY extended permit ip any anyhostname(config)# access-list OUT extended permit ip host 209.168.200.3 anyhostname(config)# access-list OUT extended permit ip host 209.168.200.4 anyhostname(config)# access-group ANY in interface insidehostname(config)# access-group ANY in interface hrhostname(config)# access-group OUT out interface outside

The following command allows some EtherTypes through the ASA, but it denies all others:

hostname(config)# access-list ETHER ethertype permit 0x1234hostname(config)# access-list ETHER ethertype permit mpls-unicasthostname(config)# access-group ETHER in interface insidehostname(config)# access-group ETHER in interface outside

The following command denies traffic with EtherType 0x1256 but allows all others on both interfaces:

hostname(config)# access-list nonIP ethertype deny 1256hostname(config)# access-list nonIP ethertype permit anyhostname(config)# access-group ETHER in interface insidehostname(config)# access-group ETHER in interface outside

 

 

Q.III No one from the 172.16.1.0/27 subnet is allowed access to the File Server, but all other traffic should be permitted. Use an extended named ACL to accomplish this task, and name the ACL No Access. Write all the commands

Ans:- Router01>enableRouter01#configure terminalEnter configuration commands, one per line.  End with CNTL/Z.Router01(config)#access-list 105 deny tcp host 172.16.1.0 host 172.20.0.5 eq 80Router01(config)#access-list 105 permit ip any anyRouter01(config)#exitRouter01#

 

 

Q.IV Allow only hosts on the R3 LAN to communicate with hosts on the R1 LAN. They are allowed access to the Internet, but deny them access to the servers on the R2 LAN. Use the first usable number in the extended IP range to accomplish this task. Write all the commands.

Ans:-

Router01#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router03(config)#interface fa0/0

Router03(config-if)#ip access-group 105 in

Router03(config-if)#exit

Router03(config)#exit

Router03#

 

 

 

Assignment C

 

  1. Which layer of the hierarchical network design model is refered to as the high-speed backbone of the internetwork, where high availability and redundancy are critical?

 Options

  1. access layer
  2. core layer
  3. data-link layer
  4. distribution layer

Ans:- core layer

 

 

  1. Which feature supports higher throughput in switched networks by combining multiple switch ports?

  Options

  1. convergence
  2. redundant links
  3. link aggregation
  4. network diameter

Ans:- link aggregation

 

 

  1. Which hierarchical design model layer controls the flow of network traffic using policies and delineates broadcast domains by performing routing functions between virtual LANs (VLANs)?
    1. application
  2. access
  3. distribution
  4. network
  5. core

Ans:- distribution

 

 

  1. What is the likely impact of moving a conventional company architecture to a completely converged network?

  Options

  1. Local analog phone service can be completely outsourced to cost-effective providers.
  2. The Ethernet VLAN structure is less complex.
  3. A shared infrastructure is created resulting in a single network to manage.
  4. QoS issues are greatly reduced.
  5. There is less bandwidth competition between voice and video streams.

Ans:- A shared infrastructure is created resulting in a single network to manage.

 

 

  1. Configuring communication between devices on different VLANs requires the use of which layer of the OSI model?

  Options

  1. Layer 1
  2. Layer 3
  3. Layer 4
  4. Layer 5

Ans:- Layer 3

 

  1. Which layer of the OSI model does an access layer LAN switch use to make a forwarding decision?

  Options

  1. Layer 1
  2. Layer 2
  3. Layer 3
  4. Layer 4

Ans:- Layer 2

 

 

  1. Which hierarchical design characteristic would be recommended at both the core and distribution layers to protect the network in the case of a route failure?

  Options

  1. PoE
  2. redundancy
  3. aggregation
  4. access lists

Ans:- redundancy

 

 

  1. At which hierarchical layer are switches normally not required to process all ports at wire speed?

  Options

  1. core layer
  2. distribution layer
  3. access layer
  4. entry layer

Ans:- access layer

 

 

  1. For organizations that are implementing a voice over IP solution, what functionality should be enabled at all three layers of the hierarchical network?

  Options

  1. Power over Ethernet
  2. quality of service
  3. switch port security
  4. inter-VLAN routing

Ans:- quality of service

 

 

10 Link aggregations should be implemented at which layer of the hierarchical network?

  Options

  1. core only
  2. distribution and core
  3. access and distribution
  4. access, distribution, and core

Ans:- access and distribution

 

 

  1. What statement best describes a modular switch?

  Options

  1. a slim-line chassis
  2. allows interconnection of switches on redundant backplane
  3. defined physical characteristics
  4. flexible characteristics

Ans:- flex

Review

Average user rating

4.8 / 5

Rating breakdown

5
80% Complete (danger)
1
4
80% Complete (danger)
1
3
80% Complete (danger)
0
2
80% Complete (danger)
0
1
80% Complete (danger)
0

January 29, 2015
This was nice in buy
Assignment from solve zone is probably one of the first preference of students.

October 09, 2016
This was nice in buy
I recommend a website that was really helpful throughout your session.

March 19, 2017
Some day ago
This was nice in buy
This was good in buy . I found all the answer correct and meaningful and had scored good marks
Back to top