Describe security features in a switched network

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Questions derived from the 642-812 – Building Converged Cisco Multilayer Switched Networks (BCMSN) Cisco Self Test Software Practice Test.

 

Objective: Describe and configure security features in a switched network
SubObjective: Verify Catalyst switch (IOS-based) security configurations (i.e., port security, 802.1x, VACLs, private VLANs, DHCP snooping and DAI)

 

Item Number: 642-812.6.3.2
Single Answer, Multiple Choice

 

What command should be used to view the private VLANs configured on ports and the private VLAN mappings?

 

 

  1. Switch# show vlan brief
  2. Switch# show pvlan
  3. Switch# show interfaces switchport
  4. Switch# show mac-address-table

 

Answer:
C. Switch# show interfaces switchport

 

Tutorial:
The command show interfaces switchport is used to verify private VLANs configured on ports and the private VLAN mappings. The following is a sample of the output:

 

Switch#show interfaces fastethernet 3/1 switchport
                Name:Fa3/1
                Switchport:Enabled
                Administrative Mode:private-vlan promiscuous
                Operational Mode:private-vlan promiscuous
                Administrative Trunking Encapsulation:negotiate
                Operational Trunking Encapsulation:native
                Negotiation of Trunking:Off
                Access Mode VLAN:1 (default)
                Trunking Native Mode VLAN:1 (default)
                Voice VLAN:none
                Administrative Private VLAN Host Association:none
                Administrative Private VLAN Promiscuous Mapping:200 (VLAN0200) 20 (VLAN0020)
                Private VLAN Trunk Native VLAN:none
                Administrative Private VLAN Trunk Encapsulation:dot1q
                Administrative Private VLAN Trunk Normal VLANs:none
                Administrative Private VLAN Trunk Private VLANs:none
                Operational Private VLANs:
                200 (VLAN0200) 20 (VLAN0020)
                Trunking VLANs Enabled:ALL
                Pruning VLANs Enabled:2-1001
                Capture Mode Disabled
                Capture VLANs Allowed:ALL

 

We know from this output that Fa3/1 is a promiscuous port in private VLAN (PVLAN) 20. PVLAN 20 is a member of the primary VLAN 200. Since this is a promiscuous port, it is able to exchange information with all other PVLANs associated with VLAN 200.

 

The show vlan brief command is only used to view the VLANs that exist and the ports that are members of them. No information about PVLANs and member association is included.

 

The show mac-address-table command is used to view the MAC addresses stored in the switches memory and the port and VLAN they are members of. No information about PVLANs is included in this output.

 

The command show pvlan is incorrect due to invalid syntax.

 

Reference:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_19/config/pvlans.htm#1122974

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment:

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>