Thursday, March 06, 2014

Here's your CCNP SWITCH Training Post for Thursday, March 6!

Before we get started here, just a quick word -- for those of you asking how the new site's coming along, let me just say it's looking VERY good, and we expect to launch by the end of the month.

So if on occasion I haven't been here on the blog every day, the new website is to blame.  : )    It'll be worth it!

Right now, let's talk about ARP.

Do you give much thought to ARP at all?

Me either. It's a lot like DHCP, STP, etc., in that it works so well that we don't give it a lot of day-to-day thought.

Network intruders do, though, and that's why we have a little something called DAI -- Dynamic ARP Inspection.  That's what today's practice exam is all about, and there's a Video Boot Camp to boot.

Let's get started!

1.  The DAI process uses the same database used by another Cisco router function.  Which one?


B.  DHCP Snooping

C.  Username / password challenge

D.  PPP  (CHAP Only)

E.  None of the above.

2.   Dynamic ARP Inspection utilizes "trusted" and "untrusted" ports.  Which of the following happens when an ARP Request arrives on an untrusted port?

A.   The port goes into shutdown mode.

B.   If there is an entry for the ARP message in the database, the message is dropped.

C.    The port goes into err-disabled mode.

D.   The database is checked, and if there's an entry for that ARP message, the message goes on through.

3.    Which of the following matches Cisco's recommendations regarding DAI deployment?

A.  Trust ports connected to hosts

B.  Don't trust ports connected to hosts

C.  Ports connected to other switches should be configured as trusted

D.  All ports connected to other switches should be untrusted

Answers and today's video right after this!

Join over 50,000 students in my Video Boot Camps!

Get your CCNP with my CCNP SWITCH Boot Camp for $44!

(An even better deal - get all 3 CCNP Boot Camps for just $99!)

Today's answers:

1.  "B".  Dynamic ARP Inspection and DHCP Snooping share a common database.  (As opposed to sharing a separate one, I suppose!)

2.  "D".   Don't fall for this one.  A port in untrusted mode does NOT shut down or disable itself in any way when an ARP message is received.   "Untrusted" just means the DAI database will be checked for a match.

3.  "B, C".  When you configure DAI to trust ports leading to switches and not trust ports leading to hosts, that means an ARP message will only be inspected once as it travels.   (DAI runs only on ingress ports!)

Now let's spend some time with this CCNP SWITCH Video Boot Camp on DAI, and I'll see you Friday, new website permitting! :)

My CCNP SWITCH Study Guide is one of the highest-rated networking books on Amazon --- thanks to you!

Don't have your copy yet?  Grab it right now - I guarantee it's the best 10 bucks you'll ever spend on your CCNP studies!

No comments:

Blog Archive