Describe security features in a switched network
Questions derived from the 642-812 – Building Converged Cisco Multilayer Switched Networks (BCMSN) Cisco Self Test Software Practice Test.
Objective: Describe and configure security features in a switched network
SubObjective: Verify Catalyst switch (IOS-based) security configurations (i.e., port security, 802.1x, VACLs, private VLANs, DHCP snooping and DAI)
Item Number: 642-8220.127.116.11
Single Answer, Multiple Choice
What command should be used to view the private VLANs configured on ports and the private VLAN mappings?
- Switch# show vlan brief
- Switch# show pvlan
- Switch# show interfaces switchport
- Switch# show mac-address-table
C. Switch# show interfaces switchport
The command show interfaces switchport is used to verify private VLANs configured on ports and the private VLAN mappings. The following is a sample of the output:
Switch#show interfaces fastethernet 3/1 switchport
Administrative Mode:private-vlan promiscuous
Operational Mode:private-vlan promiscuous
Administrative Trunking Encapsulation:negotiate
Operational Trunking Encapsulation:native
Negotiation of Trunking:Off
Access Mode VLAN:1 (default)
Trunking Native Mode VLAN:1 (default)
Administrative Private VLAN Host Association:none
Administrative Private VLAN Promiscuous Mapping:200 (VLAN0200) 20 (VLAN0020)
Private VLAN Trunk Native VLAN:none
Administrative Private VLAN Trunk Encapsulation:dot1q
Administrative Private VLAN Trunk Normal VLANs:none
Administrative Private VLAN Trunk Private VLANs:none
Operational Private VLANs:
200 (VLAN0200) 20 (VLAN0020)
Trunking VLANs Enabled:ALL
Pruning VLANs Enabled:2-1001
Capture Mode Disabled
Capture VLANs Allowed:ALL
We know from this output that Fa3/1 is a promiscuous port in private VLAN (PVLAN) 20. PVLAN 20 is a member of the primary VLAN 200. Since this is a promiscuous port, it is able to exchange information with all other PVLANs associated with VLAN 200.
The show vlan brief command is only used to view the VLANs that exist and the ports that are members of them. No information about PVLANs and member association is included.
The show mac-address-table command is used to view the MAC addresses stored in the switches memory and the port and VLAN they are members of. No information about PVLANs is included in this output.
The command show pvlan is incorrect due to invalid syntax.