51,To assign a switchport to the VLAN, you would use the switchport access vlan interface configuration command

52,enable

Configure terminal

Switch(config)# vtp mode transparent

Switch(config)# spanning-tree portfast default

Switch(config)# interface range fa0/1-24

Switch(config-if)# switchport mode access

Exit

Switch(config-if)# interface range fa0/12-24

Switch(config-if)# switchport access vlan 20

End

Copy running-config startup-config

53,The ‘set vlan vlan-num’ is used to configure VLANs on CAT OS switches. In order to make any configuration changes to these switches, you must first be in privileged enable mode

54,The pruning keyword is used to enable or disable VTP prining for the VTP domain. VTP pruning causes information about each pruning-eligible VLAN to be removed from VTP updates if there are no stations belonging to that VLAN out a particular switch port. Use the set vtp pruneeligible and clear vtp pruneeligible commands to specify which VLANs should or should not be pruned when pruning is enabled for the domain

55,You are a CCNP in the midst of configuring a switching solution on a switch that participates in multilayer switching. What show command would you use to view the MLS interfaces for a specific VTP domain?

Answer:show mls rp vtp-domain

56,While verifying your configuration on the non-IOS based switch named TK1, you issue the following command:

Show trunk

What is this command useful for ?

For verifying configuration

57,When connecting a new switch to your network you can accidentally change your current VLAN database if the new switch has a higher VLAN Trunking Protocol(VTP) revision number. If the newly inserted switch has no VLANs configured and the revision number is higher and is configured as a VTP server, it will override the configuration of the other switches within the network, deleting all of the configured VLANs. To avoid this, you must clear the VTP revision number on the new switch. The easiest way is to change the VTP domain name to “something_else” and back to “your_VTP_domain” on the new switch. This sets the VTP revision number to 0 and you can connect the switch to the network without any problem

58,Which three items are configured in MST configuration submode?

a. region name

b. configuration revision number

c. VLAN instance map

59,This explains how IEEE reaches the default recommended value for max age:

Max_age=End-to-end_BPDU_propa_delay+Message_age_overestimate=14+6=20sec

60,By using STP UplinkFast, you can accelerate the choice of a new root port when a link or switch fails or when STP reconfigures itself. The root port transitions to the forwarding state immediately without going through the listening and learning states, as it would with normal STP procedures. UplinkFast also limits the brust of multicast traffic by reducing the max-update-rate parameter.

61,There are two ways to configure load sharing by using trunk ports: using STP port priorities or using STP path costs. If you configure load sharing using STP port priorities, both load-sharing links must be connected to the same switch. If you configure load sharing using STP path costs, each load-sharing link can be connected to the same switch or to two different switches

62,PortFast is being configured on switch TK1. What should you take into consideration when configuring a switch with PortFast?

It should not be enabled on ports with redundant links to another switch

It enables fast connectivity to be established on the access layer port to a booting workstation

  What should you take into consideration when configuring a switch with UplinkFast?

When enabled, it is enabled for the entire switch and all VLANs

When the primary root port uplink fails, another blocked uplink can be immediately brought up for use

63,Root guard is configured on a per-port basis, and does not allow the port to become a STP root port. This means that the port is always STP-designated. If there is a better BPDU received on this port, root guard will put the port into root-inconsistent STP state, rather than taking the BPDU into account and electing a new STP root. Root guard needs to be enabled on all ports where the root bridge should not appear. In a way one can configure a perimeter around part of network where STP root is allowed to be located

64, HSRP的工作原理

HSRP协议利用一个优先级方案来决定哪个配置了HSRP协议的路由器成为默认的主动路由器。如果一个路由器的优先级设置得比所有其他路由器的优先级高，则该路由器成为主动路由器。路由器的缺省优先级是100，所以如果只设置一个路由器的优先级高于100，则该路由器将成为主动路由器。

通过在设置了HSRP协议的路由器之间广播HSRP优先级，HSRP协议选出当前的主动路由器。当在预先设定的一段（Hold Time 缺省为10秒）时间内主动路由器不能发送hello消息，或者说HSRP检测不到主动路由器的hello消息时，将认为主动路由器有故障，这时HSRP会选择优先级最高的备用路由器变为主动路由器，同时将按HSRP优先级在配置了HSRP的路由器中再选择一台路由器作为新的备用路由器。

所有参与HSRP的路由器共享一个虚的IP地址，网络中的工作站将缺省网关指向该虚地址，被选出的主动路由器负责转发由工作站发到虚地址的数据包。

Hello消息是基于UDP的信息包，配置了HSRP的路由器将会周期性的广播Hello消息包，并利用Hello消息包来选择主动路由器和备用路由器及判断路由器是否失效。

配置了HSRP协议的路由器交换以下三种多点广播消息：

●Hello──hello消息通知其他路由器，发送路由器的HSRP优先级和状态信息，HSRP路由器默认为每3秒钟发送一个hello消息；

●Coup──当一个备用路由器变为一个主动路由器时发送一个coup消息；

●Resign──当主动路由器要宕机或者当有优先级更高的路由器发送hello消息时，主动路由器发送一个resign消息。

在任一时刻，配置了HSRP协议的路由器处于由以下六种状态：

●Initial --表示路由器的HSRP还未运行，一般在配置第一台HSRP路由器时会显示此状态；

●Learn--表示配置HSRP的路由器还未知道虚地址，并一直监听来自主动路由器的消息包；

●Listening──表示配置HSRP的路由器还已知道虚地址，路由器还在监听hello消息；

●Speaking and listening──路由器正在发送和监听hello消息；

●Standby──处于被用状态，当主动路由器失效时路由器可被选为主动路由器，接管包转发功能；

●Active──路由器执行包转发功能。

VRRP的工作原理

在VRRP协议中，有两组重要的概念：VRRP路由器和虚拟路由器，主控路由器和备份路由器。VRRP路由器是指运行VRRP的路由器，是物理实体，虚拟路由器是指VRRP协议创建的，是逻辑概念。一组VRRP路由器协同工作，共同构成一台虚拟路由器。该虚拟路由器对外表现为一个具有唯一固定IP地址和MAC地址的逻辑路由器。处于同一个VRRP组中的路由器具有两种互斥的角色：主控路由器和备份路由器，一个VRRP组中有且只有一台处于主控角色的路由器，可以有一个或者多个处于备份角色的路由器。VRRP协议使用选择策略从路由器组中选出一台作为主控，负责ARP相应和转发IP数据包，组中的其它路由器作为备份的角色处于待命状态。当由于某种原因主控路由器发生故障时，备份路由器能在几秒钟的时延后升级为主路由器。由于此切换非常迅速而且不用改变IP地址和MAC地址，故对终端使用者系统是透明的。

二、工作原理　　一个VRRP路由器有唯一的标识：VRID，范围为0-255。该路由器对外表现为唯一的虚拟MAC地址，地址的格式为00-00-5E-00-01-[VRID]。主控路由器负责对ARP请求用该MAC地址做应答。这样，无论如何切换，保证给终端设备的是唯一一致的IP和MAC地址，减少了切换对终端设备的影响。　

VRRP控制报文只有一种：VRRP通告(advertisement)。它使用IP多播数据包进行封装，组地址为224.0.0.18，发布范围只限于同一局域网内。这保证了VRID在不同网络中可以重复使用。为了减少网络带宽消耗只有主控路由器才可以周期性的发送VRRP通告报文。备份路由器在连续三个通告间隔内收不到VRRP或收到优先级为0的通告后启动新的一轮VRRP选举。　　在VRRP路由器组中，按优先级选举主控路由器，VRRP协议中优先级范围是0-255。若VRRP路由器的IP地址和虚拟路由器的接口IP地址相同，则称该虚拟路由器作VRRP组中的IP地址所有者；IP地址所有者自动具有最高优先级：255。优先级0一般用在IP地址所有者主动放弃主控者角色时使用。可配置的优先级范围为1-254。

优先级的配置原则   : 可以依据链路的速度和成本、路由器性能和可靠性以及其它管理策略设定。主控路由器的选举中，高优先级的虚拟路由器获胜，因此，如果在VRRP组中有IP地址所有者，则它总是作为主控路由的角色出现。对于相同优先级的候选路由器，按照IP地址大小顺序选举。VRRP还提供了优先级抢占策略，如果配置了该策略，高优先级的备份路由器便会剥夺当前低优先级的主控路由器而成为新的主控路由器。　　

为了保证VRRP协议的安全性，提供了两种安全认证措施：明文认证和IP头认证。明文认证方式要求：在加入一个VRRP路由器组时，必须同时提供相同的VRID和明文密码。适合于避免在局域网内的配置错误，但不能防止通过网络监听方式获得密码。IP头认证的方式提供了更高的安全性，能够防止报文重放和修改等攻击。

单路由模式（SRM）：在设计两台交换机提供的冗余电路中，引入SRM冗余，用于替代内部冗余(双）MSFC配置（在此配置中，两个MSFC都处于活状态）可以将路由减少4到2台。

条件：两个MSFC（活动的称为活动路由器，另一个称为非指定路由器）必须运行相同的cisco映像，且配置相同中。

必须在监控引擎上启用高可用性特性。

使用SRM时，任何时候都只有指定路由器是可见的，非指定的路由器被完全启动，，并参与配置同步，配置SRM后，同步被自动启动。它的配置与状态与指定路由器完全一样，但接口处于line-down状态，不传输通信流。指定down时，其接口变up，需要一段时间才会有完整的路由表。

65,A VRRP group has one master and one or more backup virtual routers

66,One switch is not able to form the standby state to reach the active state. This could be caused by missing HSRP hello messages. There are several possible causes for HSRP packets to get lost between the peers. The most common problems are Physical Layer Problems or excessive network traffic caused by spanning-tree issues.

67,Which type of scheme describes the default operation of Gateway Load Balancing Protocol(GLBP)?

Per host using a round robin scheme

68,Only routed interfaces that provide access to hosts can be configured for HSRP. These interfaces include:routed Ethernet, routed fast Ethernet, routed gigabit Ethernet, SVI and EtherChannel

69, HSRP is defined in RFC 2281

VRRP is defined in RFC 2338

IRDP is defined in RFC 1256

70,Which command would you enter if you had a Cisco 3550 switch, and you wanted to configure priority queuing on your gig0/1 interface?

a. under the global configuration, configure “priority-queue out”

b. under the global configuration, configure “interface priority-queue gig0/1”

c. under the interface gig0/1, configure “priority-queue out”

d. priority queuing is on by default

answer:c

71,Which command would you enter on your Catalyst 2900XL switch if you wanted to enable an EtherChannel bundle?

Port group

72,Switch TK1 is a Catalyst 5000 switch. Which of the following set commands would you use to enable Fast EtherChannel on this switch?

Set port channel

73,Which of the following commands would you enter if you wanted to find out whether or not switch TK1 is capable of supporting EtherChannel?

a. show trunk

b. show interface

c. show port channel

d. show port capabilities

answer:d

74,With VMPS(VLAN Management Policy Server),you can assign switch ports to VLANs dynamically, based on the source Media Access Control(MAC) address of the device connected to the port. When you move a host from a port or one switch in the network to a port on another switch in the network, the switch assigns the new port to the proper VLAN for that host dynamically.

When you enable VMPS, a MAC address-to-VLAN mapping database downloads from a Trivial File Transfer Protocol(TFTP) server and VMPS begins to accept client requests. If you reset or power cycle the switch, the VMPS database downloads from the TFTP server automatically and VMPS is re-enabled

VMPS opens a user datagram protocol(UDP) socket to communicate and listen to client requests. When the VMPS server receives a valid request from a client, it searches its database for a MAC address-to-VLAN mapping.

75,There are three QoS models namely, integrated services model, best effort model, and differentiated services model.