Cisco

350-001
CCIE Routing and Switching Written Qualification
Exam v4.0
Product Version: Demo
URL link:
http://www.dumpsacademy.com/cisco/350-001-dumps.html

Version: 14.0
Question 1
Which statement is true about loop guard?
A. Loop guard only operates on interfaces that are considered point-to-point by the spanning tree.
B. Loop guard only operates on root ports.
C. Loop guard only operates on designated ports.
D. Loop guard only operates on edge ports.

Aoswern A
Explanatonn
Understanding How Loop Guard Works
Unidirectonal link failures may cause a root port or alternate port to become designated as root if
BPDUs are absent. Some sofware failures may introduce temporary loops in the network. Loop guard
checks if a root port or an alternate root port receives BPDUs. If the port is receiving BPDUs, loop guard
puts the port into an inconsistent state untl it starts receiving BPDUs again. Loop guard isolates the
failure and lets spanning tree converge to a stable topology without the failed link or bridge.
You can enable loop guard per port with the set spantree guard loop command.
Note When you are in MST mode, you can set all the ports on a switch with the set spantree globaldefaults loop-guard command.
When you enable loop guard, it is automatcally applied to all of the actve instances or VLANs to which
that port belongs. When you disable loop guard, it is disabled for the specifed ports. Disabling loop
guard moves all loop-inconsistent ports to the listening state.
If you enable loop guard on a channel and the frst link becomes unidirectonal, loop guard blocks the
entre channel untl the afected port is removed from the channel. Figure 8-6 shows loop guard in a
triangle switch confguraton.
Figure 8-6 Triangle Switch Confguraton with Loop Guard

Figure 8-6 illustrates the following confguratonn

Switches A and B are distributon switches.
Switch C is an access switch.
Loop guard is enabled on ports 3/1 and 3/2 on Switches A, B, and C.
Use loop guard only in topologies where there are blocked ports. Topologies that have no blocked ports,
which are loop free, do not need to enable this feature. Enabling loop guard on a root switch has no
efect but provides protecton when a root switch becomes a nonroot switch.
Follow these guidelines when using loop guardn
Do not enable loop guard on PortFast-enabled or dynamic VLAN ports.
Do not enable PortFast on loop guard-enabled ports.
Do not enable loop guard if root guard is enabled.
Do not enable loop guard on ports that are connected to a shared link.
Noten We recommend that you enable loop guard on root ports and alternate root ports on access
switches.
Loop guard interacts with other features as followsn
Loop guard does not afect the functonality of UplinkFast or BackboneFast.
Root guard forces a port to always be designated as the root port. Loop guard is efectve only if the port
is a root port or an alternate port. Do not enable loop guard and root guard on a port at the same tme.
PortFast transitons a port into a forwarding state immediately when a link is established. Because a
PortFast-enabled port will not be a root port or alternate port, loop guard and PortFast cannot be
confgured on the same port. Assigning dynamic VLAN membership for the port requires that the port is
PortFast enabled. Do not confgure a loop guard-enabled port with dynamic VLAN membership.
If your network has a type-inconsistent port or a PVID-inconsistent port, all BPDUs are dropped untl the
misconfguraton is corrected. The port transitons out of the inconsistent state afer the message age
expires. Loop guard ignores the message age expiraton on type-inconsistent ports and PVID-inconsistent
ports. If the port is already blocked by loop guard, misconfgured BPDUs that are received on the port
make loop guard recover, but the port is moved into the type-inconsistent state or PVID-inconsistent
state.
In high-availability switch confguratons, if a port is put into the blocked state by loop guard, it remains
blocked even afer a switchover to the redundant supervisor engine. The newly actvated supervisor
engine recovers the port only afer receiving a BPDU on that port.
Loop guard uses the ports known to spanning tree. Loop guard can take advantage of logical ports
provided by the Port Aggregaton Protocol (PAgP). However, to form a channel, all the physical ports
grouped in the channel must have compatble confguratons. PAgP enforces uniform confguratons of

root guard or loop guard on all the physical ports to form a channel.
These caveats apply to loop guardn
Spanning tree always chooses the frst operatonal port in the channel to send the BPDUs. If that link
becomes unidirectonal, loop guard blocks the channel, even if other links in the channel are functoning
properly.
If a set of ports that are already blocked by loop guard are grouped together to form a channel,
spanning tree loses all the state informaton for those ports and the new channel port may obtain the
forwarding state with a designated role.
If a channel is blocked by loop guard and the channel breaks, spanning tree loses all the state
informaton.
The individual physical ports may obtain the forwarding state with the designated role, even if one or
more of the links that formed the channel are unidirectonal.
You can enable UniDirectonal Link Detecton (UDLD) to help isolate the link failure. A loop may occur
untl
UDLD detects the failure, but loop guard will not be able to detect it.
Loop guard has no efect on a disabled spanning tree instance or a VLAN.
Referencen
htpn//www.cisco.com/en/US/docs/switches/lan/catalystt444/8.2glx/confguraton/guide/stpsenha.
html#wp14t8163

Question 2
Which command is used to enable EtherChannel hashing for Layer 3 IP and Layer t port-based CEF?
A. mpls ip cef
B. port-channel ip cef
C. mpls ip port-channel cef
D. port-channel load balance
E. mpls ip load-balance
F. ip cef EtherChannel channel-id XOR Lt
G. ip cef connecton exchange

Aoswern D
Explanatonn
Port-channel load balance is normally used for enable etherchannel hashing for Layer 3 IP and Layer t
port based CEF.

Question 3
Which two optons are contained in a VTP subset advertsement? (Choose two.)
A. followers feld
B. MD5 digest
C. VLAN informaton
D. sequence number

Aoswern C, D
Explanatonn
Subset Advertsements
When you add, delete, or change a VLAN in a Catalyst, the server Catalyst where the changes are made
increments the confguraton revision and issues a summary advertsement. One or several subset
advertsements follow the summary advertsement. A subset advertsement contains a list of VLAN
informaton.
If there are several VLANs, more than one subset advertsement can be required in order to advertse all
the VLANs.
Subset Advertsement Packet Format

This formated example shows that each VLAN informaton feld contains informaton for a diferent
VLAN. It is ordered so that lowered-valued ISL VLAN IDs occur frstn

Most of the felds in this packet are easy to understand. These are two clarifcatonsn
Code The format for this is 4x42 for subset advertsement.
Sequence number This is the sequence of the packet in the stream of packets that follow a summary
advertsement. The sequence starts with 1.
Advertsement Requests

A switch needs a VTP advertsement request in these situatonsn

The switch has been reset.
The VTP domain name has been changed.
The switch has received a VTP summary advertsement with a higher confguraton revision than its own.
Upon receipt of an advertsement request, a VTP device sends a summary advertsement. One or more
subset advertsements follow the summary advertsement. This is an examplen

CodeThe format for this is 4x43 for an advertsement request.

Start-ValueThis is used in cases in which there are several subset advertsements. If the frst (n) subset
advertsement has been received and the subsequent one (n+1) has not been received, the Catalyst only
requests advertsements from the (n+1)th one.
Reference
htpn//www.cisco.com/en/US/tech/tk388/tk688/technologiesstechsnote48186a448448tc52.shtml

Question 4
Which two statements are true about trafc shaping? (Choose two.)
A. Out-of-profle packets are queued.
B. It causes TCP retransmits.
C. Marking/remarking is not supported.
D. It does not respond to BECN and ForeSight Messages.
E. It uses a single/two-bucket mechanism for metering.

Aoswern A, C
Explanatonn
Referencen
htpsn//www.google.com/url?saattrcta=tqatesrcastsourceawebtcda1tveda4CCwwF=AAturlahtpt3
At2Ft2Fstafweb.itsligo.iet2Fstaft2FpFynnt2FTelecomst25243t2FSlidest2FONTt2524Modt2524
tt2524Lessont25247.pptteiaLoDIUfTTGtO3hAewztHwCAtusgaAFw=CNGY2tUkAfy8tKIHlzEm8gfoI=v6f
gtsig2attUIzkZ12wnO2888dEDyugtbvmabv.t8283464,d.ZGt (slide 6)

Question 5
Which three optons are features of VTP version 3? (Choose three.)

A. VTPv3 supports 8K VLANs.

B. VTPv3 supports private VLAN mapping.
C. VTPv3 allows for domain discovery.
D. VTPv3 uses a primary server concept to avoid confguraton revision issues.
E. VTPv3 is not compatble with VTPv1 or VTPv2.
F. VTPv3 has a hidden password opton.

Aoswern B, D, F
Explanatonn
Key Benefts of VTP Version 3
Much work has gone into improving the usability of VTP version 3 in three ma=or areasn
The new version of VTP ofers beter administratve control over which device is allowed to update other
devices' view of the VLAN topology. The chance of unintended and disruptve changes is signifcantly
reduced, and availability is increased. The reduced risk of unintended changes will ease the change
process and help speed deployment.
Functonality for the VLAN environment has been signifcantly expanded. Two enhancements are most
benefcial for today's networksn
In additon to supportng the earlier ISL VLAN range from 1 to 1441, the new version supports the
whole IEEE 842.1w VLAN range up to t485.
In additon to supportng the concept of normal VLANs, VTP version 3 can transfer informaton
regarding Private VLAN (PVLAN) structures.
The third area of ma=or improvement is support for databases other than VLAN (for example, MST).
Brief Background on VTP Version 1 and VTP Version 2
VTP version 1 was developed when only 1k VLANs where available for confguraton. A tght internal
coupling of the VLAN implementaton, the VLAN pruning feature, and the VTP functon itself ofered an
efcient means of implementaton. It has proved in the feld to reliably support Ethernet, Token Ring,
and FDDI networks via VTP.
The use of consistent VLAN naming was a requirement for successful use of VMPS (Vlan Membership
Policy Server). VTP ensures the consistency of VLAN names across the VTP domain. Most VMPS
implementatons are likely to be migrated to a newer, more Fexible and feature-rich method.
To add support for Token Ring, VTP version 1 was enhanced and called VTP version 2. Certain other
minor changes and enhancements were also added at this tme.
The functonal base in VTP version 3 is lef unchanged from VTP version 2, so backward compatbility is
built in. It is possible, on a per link basis, to automatcally discover and support VTP version 2 devices.
VTP version 3 adds a number of enhancements to VTP version 1 and VTP version 2n
Support for a structured and secure VLAN environment (Private VLAN, or PVLAN)
Support for up to tk VLANs
Feature enhancement beyond support for a single database or VTP instance
Protecton from unintended database overrides during inserton of new switches
Opton of clear text or hidden password protecton
Confguraton opton on a per port base instead of only a global scheme
Optmized resource handling and more efcient transfer of informaton
These new requirements made a new code foundaton necessary. The design goal was to make VTP
version 3 a versatle vehicle. This was not only for the task of transferring a VLAN DB but also for
transferring other databases-for example, the MST database.
Reference

htpn//www.cisco.com/en/US/prod/collateral/switches/ps5718/ps748/solutonsguidesc78s548414.html

Question 6
Which three optons are considered in the spanning-tree decision process? (Choose three.)
A. lowest root bridge ID
B. lowest path cost to root bridge
C. lowest sender bridge ID
D. highest port ID
E. highest root bridge ID
F. highest path cost to root bridge

Aoswern A, B, C
Explanatonn
Confguraton bridge protocol data units (BPDUs) are sent between switches for each port. Switches use s
four step process to save a copy of the best BPDU seen on every port. When a port receives a beter
BPDU, it stops sending them. If the BPDUs stop arriving for 24 seconds (default), it begins sending them
again.
Step 1 Lowest Root Bridge ID (BID)
Step 2 Lowest Path Cost to Root Bridge
Step 3 Lowest Sender BID
Step t Lowest Port ID
Reference
Cisco General Networking Theory wuick Reference Sheets

Question 7
In 842.1s, how is the VLAN to instance mapping represented in the BPDU?
A. The VLAN to instance mapping is a normal 16-byte feld in the MST BPDU.
B. The VLAN to instance mapping is a normal 12-byte feld in the MST BPDU.
C. The VLAN to instance mapping is a 16-byte MD5 signature feld in the MST BPDU.
D. The VLAN to instance mapping is a 12-byte MD5 signature feld in the MST BPDU.

Aoswern C
Explanatonn
MST Confguraton and MST Region
Each switch running MST in the network has a single MST confguraton that consists of these three
atributesn
1. An alphanumeric confguraton name (32 bytes)
2. A confguraton revision number (two bytes)
3. A t486-element table that associates each of the potental t486 VLANs supported on the chassis to a
given instance.

In order to be part of a common MST region, a group of switches must share the same confguraton
atributes.
It is up to the network administrator to properly propagate the confguraton throughout the region.
Currently, this step is only possible by the means of the command line interface (CLI) or through Simple
Network
Management Protocol (SNMP). Other methods can be envisioned, as the IEEE specifcaton does not
explicitly menton how to accomplish that step.
Noten If for any reason two switches difer on one or more confguraton atribute, the switches are part
of diferent regions. For more informaton refer to the Region Boundary secton of this document.
Region Boundary
In order to ensure consistent VLAN-to-instance mapping, it is necessary for the protocol to be able to
exactly identfy the boundaries of the regions. For that purpose, the characteristcs of the region are
included in the BPDUs. The exact VLANs-to-instance mapping is not propagated in the BPDU, because
the switches only need to know whether they are in the same region as a neighbor. Therefore, only a
digest of the VLANs-toinstance mapping table is sent, along with the revision number and the name.
Once a switch receives a BPDU, the switch extracts the digest (a numerical value derived from the VLANto-instance mapping table through a mathematcal functon) and compares this digest with its own
computed digest. If the digests difer, the port on which the BPDU was received is at the boundary of a
region.
In generic terms, a port is at the boundary of a region if the designated bridge on its segment is in a
diferent region or if it receives legacy 842.1d BPDUs. In this diagram, the port on B1 is at the boundary
of region A, whereas the ports on B2 and B3 are internal to region Bn

MST Instances
According to the IEEE 842.1s specifcaton, an MST bridge must be able to handle at least these two
instancesn
One Internal Spanning Tree (IST)
One or more Multple Spanning Tree Instance(s) (MSTIs)
The terminology contnues to evolve, as 842.1s is actually in a pre-standard phase. It is likely these
names will change in the fnal release of 842.1s. The Cisco implementaton supports 16 instancesn one
IST (instance 4) and 15 MSTIs.
show vtp status
Cisco switches "show vtp status" Field Descriptons has a MD5 digest feld that is a 16-byte checksum of
the
VTP confguraton as shown below
Router# show vtp status
VTP Versionn 3 (capable)
Confguraton Revisionn 1
Maximum VLANs supported locallyn 1445
Number of existng VLANsn 37
VTP Operatng Moden Server

VTP Domain Namen [smartports]

VTP Pruning Moden Disabled
VTP V2 Moden Enabled
VTP Traps Generatonn Disabled
MD5 digest n 4x26 4xEE 4x4D 4x8t 4x73 4x4E 4x1B 4x68
Confguraton last modifed by 172.24.52.18 at 7-25-48 1tn33nt3
Local updater ID is 172.24.52.18 on interface Gi5/2 (frst layer3 interface fou)
VTP version runningn 2
Reference
htpn//www.cisco.com/en/US/tech/tk388/tk621/technologiesswhitespaper48186a448448tcfc.shtml
htpn//www.cisco.com/en/US/docs/ios-xml/ios/lanswitch/command/lsw-cr-book.pdf

Question 8
Refer to the exhibit.

What is true about the confguraton in this exhibit?

A. It is an invalid confguraton because it includes both an applicaton layer match and a Layer 3 ACL.
B. It will create a class map that matches the content of ACL 141 and the HTTP protocol, and will then
create an inspecton policy that will drop packets at the class map.
C. It will create a class map that matches the content of ACL 141 and the HTTP protocol, and will then
create an inspecton policy that will allow packets at the class map.
D. It will create a class map that matches the content of ACL 141 or the HTTP protocol (depending on the
zone of the interface), and will then create an inspecton policy that will drop packets at the class map.
E. It will create a class map that matches the content of ACL 141 or the HTTP protocol (depending on the
zone of the interface), and will then create an inspecton policy that will allow packets at the class map.
F. It is an invalid confguraton because the class map and policy map names must match.

Aoswern B
Explanatonn
Technically the syntax is incorrect as the applicaton that is being inspected should be listed afer the
keyword type. However, this is not listed as one of the optons. The correct confguraton should be as
followsn
class-map type inspect htp match-all el
match access-group 141
policy-map type inspect htp pl

class type inspect el drop

When multple match criteria exist in the trafc class, you can identfy evaluaton instructons using the
match any or match-all keywords. If you specify match-any as the evaluaton instructon, the trafc being
evaluated must match one of the specifed criteria, typically match commands of the same type. If you
specify match-all as the evaluaton instructon, the trafc being evaluated must match all the specifed
criteria, typically match commands of diferent types.
Identfying Trafc in an Inspecton Class Map
This type of class map allows you to match criteria that is specifc to an applicaton. For example, for DNS
trafc, you can match the domain name in a DNS query.
Note Not all applicatons support inspecton class maps. See the CLI help for a list of supported
applicatons. A class map groups multple trafc matches (in a match-all class map), or lets you match
any of a list of matches (in a match-any class map). The diference between creatng a class map and
defning the trafc match directly in the inspecton policy map is that the class map lets you group
multple match commands, and you can reuse class maps. For the trafc that you identfy in this class
map, you can specify actons such as dropping, resetng, and/or logging the connecton in the inspecton
policy map. If you want to perform diferent actons on diferent types of trafc, you should identfy the
trafc directly in the policy map.
To defne an inspecton class map, perform the following stepsn
Step 1 (Optonal) If you want to match based on a regular expression, see the "Creatng a Regular
Expression" secton and the "Creatng a Regular Expression Class Map" secton.
Step 2 Create a class map by entering the following commandn
hostname(confg)# class-map type inspect applicaton [match-all | match-any]
classsmapsname hostname(confg-cmap)#
Reference
htpn//www.cisco.com/en/US/docs/iossxrssw/iosxrsr3.8/vfw/command/reference/vfr38cm.html

Question 9
While you are troubleshootng network performance issues, you notce that a switch is periodically
Fooding all unicast trafc. Further investgaton reveals that periodically the switch is also having spikes
in CPU utlizaton, causing the MAC address table to be Fushed and relearned. What is the most likely
cause of this issue?
A. a routng protocol that is Fooding updates
B. a Fapping port that is generatng BPDUs with the TCN bit set
C. STP is not running on the switch
D. a user that is downloading the output of the show-tech command
E. a corrupted switch CAM table

Aoswern B
Explanatonn
Spanning-Tree Protocol Topology Changes
Another common issue caused by Fooding is Spanning-Tree Protocol (STP) Topology Change Notfcaton
(TCN). TCN is designed to correct forwarding tables afer the forwarding topology has changed. This is
necessary to avoid a connectvity outage, as afer a topology change some destnatons previously
accessible via partcular ports might become accessible via diferent ports. TCN operates by shortening

the forwarding table aging tme, such that if the address is not relearned, it will age out and Fooding will
occur. TCNs are triggered by a port that is transitoning to or from the forwarding state. Afer the TCN,
even if the partcular destnaton MAC address has aged out, Fooding should not happen for long in most
cases since the address will be relearned. The issue might arise when TCNs are occurring repeatedly with
short intervals. The switches will constantly be fast-aging their forwarding tables so Fooding will be
nearly constant.
Normally, a TCN is rare in a well-confgured network. When the port on a switch goes up or down, there
is eventually a TCN once the STP state of the port is changing to or from forwarding. When the port is
Fapping, repettve TCNs and Fooding occurs.
Ports with the STP portast feature enabled will not cause TCNs when going to or from the forwarding
state. Confguraton of portast on all end-device ports (such as printers, PCs, servers, and so on) should
limit TCNs to a low amount. Refer to this document for more informaton on TCNsn
Understanding Spanning-Tree Protocol Topology Changes Noten In MSFC IOS, there is an optmizaton
that will trigger VLAN interfaces to repopulate their ARP tables when there is a TCN in the respectve
VLAN. This limits Fooding in case of TCNs, as there will be an ARP broadcast and the host MAC address
will be relearned as the hosts reply to ARP.
Reference
htpn//www.cisco.com/en/US/products/hw/switches/ps744/productsstechsnote48186a44841d4848.sht
ml

Question 10
Your network is sufering from regular outages. Afer troubleshootng, you learn that the transmit lead of
a fber uplink was damaged. Which two features can prevent the same issues in the future? (Choose
two.)
A. root guard
B. loop guard
C. BPDU guard
D. UDLD
E. BPDU skew detecton

Aoswern B, D
STP Loop Guard
The STP loop guard feature provides additonal protecton against Layer 2 forwarding loops (STP loops).
An STP loop is created when an STP blocking port in a redundant topology erroneously transitons to the
forwarding state. This usually happens because one of the ports of a physically redundant topology (not
necessarily the STP blocking port) no longer receives STP BPDUs. In its operaton, STP relies on
contnuous recepton or transmission of BPDUs based on the port role. The designated port transmits
BPDUs, and the non-designated port receives BPDUs. When one of the ports in a physically redundant
topology no longer receives BPDUs, the STP conceives that the topology is loop free. Eventually, the
blocking port from the alternate or backup port becomes designated and moves to a forwarding state.
This situaton creates a loop. The loop guard feature makes additonal checks. If BPDUs are not received
on a non-designated port, and loop guard is enabled, that port is moved into the STP loop-inconsistent
blocking state, instead of the listening / learning / forwarding state. Without the loop guard feature, the
port assumes the designated port role. The port moves to the STP forwarding state and creates a loop.

Loop Guard versus UDLD

Loop guard and Unidirectonal Link Detecton (UDLD) functonality overlap, partly in the sense that both
protect against STP failures caused by unidirectonal links. However, these two features difer in
functonality and how they approach the problem. This table describes loop guard and UDLD
functonalityn

Based on the various design consideratons, you can choose either UDLD or the loop guard feature. In
regards to STP, the most notceable diference between the two features is the absence of protecton in
UDLD against STP failures caused by problems in sofware. As a result, the designated switch does not
send BPDUs.
However, this type of failure is (by an order of magnitude) more rare than failures caused by
unidirectonal links. In return, UDLD might be more Fexible in the case of unidirectonal links on
EtherChannel. In this case, UDLD disables only failed links, and the channel should remain functonal
with the links that remain. In such a failure, the loop guard puts it into loop-inconsistent state in order to
block the whole channel.
Additonally, loop guard does not work on shared links or in situatons where the link has been
unidirectonal since the link-up. In the last case, the port never receives BPDU and becomes designated.
Because this behavior could be normal, this partcular case is not covered by loop guard. UDLD provides
protecton against such a scenario.
As described, the highest level of protecton is provided when you enable UDLD and loop guard.
Reference
htpn//www.cisco.com/en/US/tech/tk388/tk621/technologiesstechsnote48186a448448t6t4.
shtml#loopsguardsvssuld

Question 11
When troubleshootng the issue, you notce the electon of a new root bridge with an unknown MAC
address. Knowing that all access ports have the PortFast feature enabled, what would be the easiest way
to resolve the issue without losing redundant links?
A. Enable bpduguard globally.
B. Enable rootguard.
C. Enable loopguard.
D. Enable spanning tree.
E. Enable UDLD.

Aoswern A
Explanatonn
Loopguard, spanning tree, and UDLD are obvious red herrings. This leaves enabling rootguard or
bpduguard. One key is that enabling bpduguard only afects ports that have portast enabled; see the
following URL under "Confguraton."
Referencen
htpn//www.cisco.com/en/US/tech/tk388/tk621/technologiesstechsnote48186a448448t82f.shtml

Question 12
You are the network administrator of a small Layer 2 network with 54 users. Lately, users have been
complaining that the network is very slow. While troubleshootng, you notce that the CAM table of your
switch is full, although it supports up to 12, 444 MAC addresses. How can you solve this issue and
prevent it from happening in the future?
A. Upgrade the switches
B. Confgure BPDU guard
C. Confgure VLAN access lists
D. Confgure port security
E. Confgure Dynamic ARP inspecton

Aoswern D
Explanatonn
Enabling Port Security
Port security is either autoconfgured or enabled manually by specifying a MAC address. If a MAC
address is not specifed, the source address from the incoming trafc is autoconfgured and secured, up
to the maximum number of MAC addresses allowed. These autoconfgured MAC addresses remain
secured for a tme, depending upon the aging tmer set. The autoconfgured MAC addresses are cleared
from the port in case of a link-down event.
When you enable port security on a port, any dynamic CAM entries that are associated with the port are
cleared. If there are any currently confgured statc or permanent CAM entrie on that same port, you may
not be able to enable the port-security on that port. If this is the case, clear the confgured statc and
permanent earl entries on that port and then enable port-security.
To enable port security, perform this task in privileged moden

Reference
htpn//www.cisco.com/en/US/docs/switches/lan/catalystt444/8.2glx/confguraton/guide/secsport.html

Question 13
DRAG DROP

Aoswern

Explanatonn
ip bandwidth-percent eigrp changes the bandwidth EIGRP may use on an interface

metric weights
neighbor confgures unicast updates
variance allows for unequal cost load sharing
prefx-list
ofset-list modifes the metric of specifc routes
auto-summary

Question 14
Which two statements are true about 842.1s? (Choose two.)
A. 842.1s supports a reduced number of spanning-tree instances.
B. 842.1s has beter convergence tmes than 842.1w.
C. 842.1s does not support load balancing over the same physical topology.
D. The CPU utlizaton for 842.1s is lower than the CPU utlizaton for 842.1w.

Aoswern A, D
Explanatonn
Referencen
htpn//www.cisco.com/en/US/tech/tk388/tk621/technologiesswhitespaper48186a448448tcfc.shtml

Question 15
Which confguraton is used to enable root guard?
A. interface gig3/1
spanning-tree guard root
B. interface gig3/1
spanning-tree root guard
C. interface gig3/1
spanning-tree root-guard
D. interface gig3/1
spanning-tree root-guard default

Aoswern A
Explanatonn
Referencen
htpn//www.cisco.com/en/US/tech/tk388/tk621/technologiesstechsnote48186a448448t6t4.shtml

Question 16
Which two statements describe spanning-tree BPDU processing for a blocking port? (Choose two.)
A. BPDUs that enter a blocking port are discarded.

B. BPDUs that enter a blocking port are processed.

C. Loopguard puts an interface into a loop-inconsistent state when BPDUs stop being received on a
blocking port.
D. BPDUs are only processed on forwarding ports.

Aoswern B, C
Explanatonn
Referencen
htpn//www.infraworld.eu/spanning-tree-root-guard-and-loop-guard/

Question 17
When troubleshootng duplex mismatches, which two are errors that are typically seen on the half
duplex end? (Choose two.)
A. excessive collisions
B. FCS errors
C. runts
D. late collisions

Aoswern B, C
Explanatonn
Referencen
htpn//www.netcordia.com/resources/tech-tps/switch-port-duplex-mismatch.asp

Question 18
You are using VTP (version 2) in your network to transport VLAN informaton between switches. When
adding a switch to the network (that has been used in the lab previously), you notce that a lot of the
existng VLANs have been deleted or replaced with other names. What can you do to prevent this from
happening in the future, without losing all VTP features that you are using today?
A. confgure a hard-to-guess VTP domain name
B. use a hard-to-guess VTP password
C. use VTP transparent mode
D. implement VTP version 3

Aoswern D
Explanatonn
Referencen
htpn//www.cisco.com/en/US/prod/collateral/switches/ps5718/ps748/solutonsguidesc78s548414.html

Question 19

Which two combinatons are valid PAgP confguratons that will set up a PAgP channel? (Choose two.)
A. On-Passive
B. On-Auto
C. Passive-Actve
D. Desirable-Auto
E. Actve-Actve
F. Desirable-Desirable

Aoswern D, F
Explanatonn
Referencen
htpn//www.cisco.com/en/US/products/hw/switches/ps647/productssconfguratonsexample48186a448
448t788.shtml (see port aggregaton protocol)

Question 20
Spanning Tree Protocol IEEE 842.1 s defnes the ability to deploy which of these?
A. one global STP instance for all VLANs
B. one STP instance for each VLAN
C. one STP instance per set of VLANs
D. one STP instance per set of bridges

Aoswern C
Explanatonn
The IEEE 842.1s standard is the Multple Spanning Tree (MST). With MST, you can group VLANs and run
one instance of Spanning Tree for a group of VLANs. Other STP typesn
Common Spanning Tree (CST), which is defned with IEEE 842.1w, defnes one spanning tree instance for
all VLANs.
Rapid Spanning Tree (RSTP), which is defned with 842.1w, is used to speed up STP convergence. Switch
ports exchange an explicit handshake when they transiton to forwarding.

Question 21
Which two of these are used in the selecton of a root bridge in a network utlizing Spanning Tree
Protocol IEEE 842.1 D? (Choose two.)
A. Designated Root Cost
B. bridge ID priority
C. max age
D. bridge ID MAC address
E. Designated Root Priority

F. forward delay

Aoswern B, D
Explanatonn
The root bridge of the spanning tree is the bridge with the smallest (lowest) bridge ID. Each bridge has a
unique identfer (ID) and a confgurable priority number; the bridge ID contains both numbers. To
compare two bridge IDs, the priority is compared frst. If two bridges have equal priority, then the MAC
addresses are compared. For example, if switches A (MACa4244.4444.1111) and B
(MACa4244.4444.2222) both have a priority of 14, then switch A will be selected as the root bridge. If
the network administrators would like switch B to become the root bridge, they must set its priority to
be less than 14.

Question 22
If a port confgured with STP loop guard stops receiving BPDUs, the port will be put into which state?
A. learning state
B. listening state
C. forwarding state
D. loop-inconsistent state

Aoswern D
Explanatonn
STP Loop Guard
Feature Descripton
The STP loop guard feature provides additonal protecton against Layer 2 forwarding loops (STP loops).
An STP loop is created when an STP blocking port in a redundant topology erroneously transitons to the
forwarding state. This usually happens because one of the ports of a physically redundant topology (not
necessarily the STP blocking port) no longer receives STP BPDUs. In its operaton, STP relies on
contnuous recepton or transmission of BPDUs based on the port role. The designated port transmits
BPDUs, and the non-designated port receives BPDUs.
When one of the ports in a physically redundant topology no longer receives BPDUs, the STP conceives
that the topology is loop free. Eventually, the blocking port from the alternate or backup port becomes
designated and moves to a forwarding state. This situaton creates a loop.
The loop guard feature makes additonal checks. If BPDUs are not received on a non-designated port,
and loop guard is enabled, that port is moved into the STP loop-inconsistent blocking state, instead of
the listening / learning / forwarding state. Without the loop guard feature, the port assumes the
designated port role. The port moves to the STP forwarding state and creates a loop.
When the loop guard blocks an inconsistent port, this message is loggedn
CatOStSPANTREE-2-LOOPGUARDBLOCKn No BPDUs were received on port 3/2 in vlan 3.
Moved to loop-inconsistent state.
Cisco IOStSPANTREE-2-LOOPGUARDsBLOCKn Loop guard blocking port FastEthernet4/2t on VLAN4454.
Once the BPDU is received on a port in a loop-inconsistent STP state, the port transitons into another
STP state. According to the received BPDU, this means that the recovery is automatc and interventon is
not necessary. Afer recovery, this message is loggedn

CatOStSPANTREE-2-LOOPGUARDUNBLOCKn port 3/2 restored in vlan 3.

Cisco IOStSPANTREE-2-LOOPGUARDsUNBLOCKn Loop guard unblocking port FastEthernet4/2t on
VLAN4454.
Reference
htpn//www.cisco.com/en/US/tech/tk388/tk621/technologiesstechsnote48186a448448t6t4.shtml

Question 23
What is the purpose of the STP PortFast BPDU guard feature?
A. enforce the placement of the root bridge in the network
B. ensure that a port is transitoned to a forwarding state quickly if a BPDU is received
C. enforce the borders of an STP domain
D. ensure that any BPDUs received are forwarded into the STP domain

Aoswern C
Explanatonn
STP confgures meshed topology into a loop-free, tree-like topology. When the link on a bridge port goes
up, STP calculaton occurs on that port. The result of the calculaton is the transiton of the port into
forwarding or blocking state. The result depends on the positon of the port in the network and the STP
parameters. This calculaton and transiton period usually takes about 34 to 54 seconds. At that tme, no
user data pass via the port. Some user applicatons can tme out during the period.
In order to allow immediate transiton of the port into forwarding state, enable the STP PortFast feature.
PortFast immediately transitons the port into STP forwarding mode upon linkup. The port stll
partcipates in STP. So if the port is to be a part of the loop, the port eventually transitons into STP
blocking mode.
As long as the port partcipates in STP, some device can assume the root bridge functon and afect actve
STP topology. To assume the root bridge functon, the device would be atached to the port and would
run STP with a lower bridge priority than that of the current root bridge. If another device assumes the
root bridge functon in this way, it renders the network suboptmal. This is a simple form of a denial of
service (DoS) atack on the network. The temporary introducton and subsequent removal of STP devices
with low (4) bridge priority cause a permanent STP recalculaton.
The STP PortFast BPDU guard enhancement allows network designers to enforce the STP domain borders
and keep the actve topology predictable. The devices behind the ports that have STP PortFast enabled
are not able to inFuence the STP topology. At the recepton of BPDUs, the BPDU guard operaton
disables the port that has PortFast confgured. The BPDU guard transitons the port into errdisable state,
and a message appears on the console. This message is an examplen
2444 May 12 15n13n32 tSPANTREE-2-RXsPORTFASTnReceived BPDU on PortFast enable port.
Disabling 2/1
2444 May 12 15n13n32 tPAGP-5-PORTFROMSTPnPort 2/1 lef bridge port 2/1
Reference
htpn//www.cisco.com/en/US/tech/tk388/tk621/technologiesstechsnote48186a448448t82f.shtml#topi
c1

Question 24

When STP UplinkFast is enabled on a switch utlizing the default bridge priority, what will the new bridge
priority be changed to?
A. 8182
B. 1638t
C. t8152
D. 65535

Aoswern C
Explanatonn
Explanatonn
The STP UplinkFast is used to fast switchover to alternate ports when the root port fails. When STP
UplinkFast is enabled on a switch utlizing the default bridge priority (32768), the new bridge priority will
be changed to t8152. The reason for the priority being raised is to prevent the switch from becoming the
root (recall that lower bridge priority is preferred). To enable UplinkFast feature, use the "set spantree
uplinkfast enable" in privileged mode
The set spantree uplinkfast enable command has the following resultsn
Changes the bridge priority to t8152 for all VLANs (allowed VLANs).
Increases the path cost and portvlancost of all ports to a value greater than 3444.
On detectng the failure of a root port, an instant cutover occurs to an alternate port selected by
Spanning Tree Protocol (without using this feature, the network will need about 34 seconds to reestablish the connecton.
Reference
htpn//www.cisco.com/en/US/tech/tk388/tk621/technologiesstechsnote48186a448448t6t1.shtml

Question 25
Which of these best describes the actons taken when a VTP message is received on a switch confgured
with the VTP mode "transparent"?
A. VTP updates are ignored and forwarded out all ports.
B. VTP updates are ignored and forwarded out trunks only.
C. VTP updates are made to the VLAN database and are forwarded out trunks only.
D. VTP updates are ignored and are not forwarded.

Aoswern B
Explanatonn
You can confgure a switch to operate in any one of these VTP modesn
Server--In VTP server mode, you can create, modify, and delete VLANs and specify other confguraton
parameters, such as VTP version and VTP pruning, for the entre VTP domain. VTP servers advertse their
VLAN confguraton to other switches in the same VTP domain and synchronize their VLAN confguraton
with other switches based on advertsements received over trunk links. VTP server is the default mode.
Client--VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs
on a VTP client.
Transparent--VTP transparent switches do not partcipate in VTP. A VTP transparent switch does not

advertse its VLAN confguraton and does not synchronize its VLAN confguraton based on received
advertsements, but transparent switches do forward VTP advertsements that they receive out their
trunk ports in VTP Version 2. Of (confgurable only in CatOS switches)--In the three described modes,
VTP advertsements are received and transmited as soon as the switch enters the management domain
state. In the VTP of mode, switches behave the same as in VTP transparent mode with the excepton
that VTP advertsements are not forwarded.
VTP V2
VTP V2 is not much diferent than VTP V1. The ma=or diference is that VTP V2 introduces support for
Token Ring VLANs. If you use Token Ring VLANs, you must enable VTP V2. Otherwise, there is no reason
to use VTP V2. Changing the VTP version from 1 to 2 will not cause a switch to reload.
VTP Password If you confgure a password for VTP, you must confgure the password on all switches in
the VTP domain. The password must be the same password on all those switches. The VTP password that
you confgure is translated by algorithm into a 16-byte word (MD5 value) that is carried in all summaryadvertsement VTP packets.
VTP Pruning
VTP ensures that all switches in the VTP domain are aware of all VLANs. However, there are occasions
when VTP can create unnecessary trafc. All unknown unicasts and broadcasts in a VLAN are Fooded
over the entre VLAN. All switches in the network receive all broadcasts, even in situatons in which few
users are connected in that VLAN. VTP pruning is a feature that you use in order to eliminate or prune
this unnecessary trafc.
Reference
htpn//www.cisco.com/en/US/tech/tk388/tk688/technologiesstechsnote48186a448448tc52.shtml

THANKS FOR TRYING THE DEMO OF OUR PRODUCT

Visit Our Site to Purchase the Full Set of Actual 354-441 Exam wuestons With
Answers.

htpn//www.dumpsacademy.com/cisco/354-441-dumps.html
We Also Provide Practce Exam Sofware That Simulates Real Exam
Environment And Has Many Self-Assessment Features. Download Free
Product Demo Fromn

htpn//www.dumpsacademy.com/cisco/354-441-dumps.html

Money Back Guarantee