Section 3 – Implement Switch based Layer 3 services, given a network design and a set of requirements
QUESTION NO: 1
The Company security administrator is concerned with VLAN hopping based attacks. Which two statements about these attacks are true? (Select two)
A. Attacks are prevented by utilizing the port-security feature.
B. An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.
C. Configuring an interface with the switchport mode dynamic command will prevent VLAN hopping.
D. An end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.
E. Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.
Answer: B,E
QUESTION NO: 2
Based on the network diagram and routing table output in the exhibit, which of these statements is true?
A. InterVLAN routing will not occur since no routing protocol has been configured.
B. InterVLAN routing has been configured properly, and the workstations have connectivity to each other.
C. Although interVLAN routing is not enabled, both workstations will have connectivity to each other.
D. Although interVLAN routing is enabled, the workstations will not have connectivity to each other.
Answer: B
Explanation:
A Layer 2 network can also exist as a VLAN inside one or more switches. VLANs are essentially isolated from each other so that packets in one VLAN cannot cross into another VLAN.
To transport packets between VLANs, you must use a Layer 3 device. Traditionally, this has been a router’s function. The router must have a physical or logical connection to each VLAN so that it can forward packets between them. This is known as interVLAN routing . InterVLAN routing can be performed by an external router that connects to each of the VLANs on a switch. Separate physical connections can be used, or the router can access each of the VLANs through a single trunk link.
The Switch Port which is connected with Router should be trunk link, You need to configure like:
Switch( config)# interface fa 0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk encapsulation dot1q
In Router you need to configure like:
Router( config)# interface fa 0/0
Router(config-if)# description VLAN 1
Router(config-if)# ip address 192.168.10.1 255.255.255.0
Router( config)# interface fa 0/0.10
Router(config-subif)# description Management VLAN 10
Router(config-subif)# encapsulation dot1q 10
Router(config-subif)# ip address 192.168.91.1 255.255.255.0
Router( config)# interface fa 0/0.20
Router(config-subif)# description Engineering VLAN 20
Router(config-subif)# encapsulation dot1q 20
Router(config-subif)# ip address 192.168.20.1 255.255.255.0
QUESTION NO: 3
Refer to the exhibit. VLAN2, VLAN3, and VLAN10 are configured on the switch D-SW1. Host computers are on VLAN 2 (10.1.2.0), servers are on VLAN 3 (10.1.3.0), and the management
VLAN is on VLAN10 (10.1.10.0). Hosts are able to ping each other but are unable to reach the servers. On the basis of the exhibited output, which configuration solution could rectify the problem?
A. Assign an IP address of 10.1.3.1/24 to VLAN3.
B. Configure default gateways to IP address 10.1.10.1 on each host.
C. Enable IP routing on the switch D-SW1.
D. Configure a default route that points toward network 200.1.1.0/24.
E. Configure default gateways to IP address 10.1.2.1 on each host.
F. Configure default gateways to IP address 200.1.1.2 on each host.
Answer: A
Explanation:
Although a routed port is configured for connectivity with an external router, Inter-VLAN routing would most likely be achieved through the use of a virtual interface.
Example:
To route between VLANs 10 and 20 which have been configured on the multilayer switch use the following configuration:
RouteSwitch( config)# interface vlan 10
RouteSwitch(config-if)# ip address 10.0.10.1 255.255.255.0
RouteSwitch(config)# interface vlan 20
RouteSwitch(config-if)# ip address 10.0.20.1 255.255.255.0
QUESTION NO: 4
The Company network needs to pass traffic between VLANs. Which device should be used to accomplish this?
A. Hub
B. Switch
C. Router
D. Bridge
E. None of the other alternatives apply
Answer: C
Explanation:
A VLAN is a virtual LAN contained within a switch, so for it to pass information into a different VLAN within the same switch it has to leave that switch and re-enter via a router. VLANs contain local traffic only, so in order to reach users in another VLAN the traffic must go through a router or a layer 3 routing processor.
QUESTION NO: 5
The Company security administrator is concerned with VLAN hopping based attacks. Which two statements about these attacks are true? (Select two)
A. Attacks are prevented by utilizing the port-security feature.
B. An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.
C. Configuring an interface with the switchport mode dynamic command will prevent VLAN hopping.
D. An end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.
E. Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.
Answer: B,E
One thought on “642-813 Q&A – Implement Switch based Layer 3 services (1-5)”
Comments are closed.