dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
592
tired_runner
Premium Member
join:2000-08-25
CT
·Frontier FiberOp..

tired_runner

Premium Member

Another head scratcher.... for me anyway

This is what I can remember from taking the CCNA security test the previous time, so the wording isn't exactly what it is on the actual exam.

But one of my weak points surprisingly appears to be layer 2.

I don't know if I'm answering it right or wrong since that's never disclosed, but here it goes:

L2 host #1 connected to switch 1 on VLAN A needs to communicate to L2 host #2
connected to switch 1 on VLAN B. How can you accomplish this?
 
A. Enable inter-VLAN routing
B. Enable SVI interfaces
C. Connect the hosts directly through a hub
D. Connect the hosts directly through a router
 

Last night I finally decided to fire up a 3550 I have sitting around and followed a Cisco whitepaper for enabling inter-VLAN routing on it, and I was able to get it going without issue.

And based on that lab exercise, I think the right answers are B and D since A is really summarizing answers B and D; which is turning VLANs into SVIs, converting an L2 port into a L3 port, and connecting my router into said port so that the switch forwards traffic through for it for routes it doesn't know about.



I humbly seek your thoughts on this. I really want to pass the test this time.

TIA
markysharkey
Premium Member
join:2012-12-20
united kingd

markysharkey

Premium Member

Hmmmm... I would say enabling an SVI ADDS layer 3 to a layer 2 construct rather than converts one to the other as both later 2 and layer 3 co-exist.
I'd put A as my answer if the question is a single answer option as router (ASA) on a stick is still enabling inter-vlan routing. If the answer is "choose 2" or more then I agree B and D.
It would help if the question specified if the switch was Layer 3 capable although it is specific at saying "L2 host" so maybe multiple SVI's are out, even though base level 2960S's now support basic layer 3 functionality. But that last line is the difference between an exam question and real world experience!
So answer A = router on a stick as all you need is a trunk link and sub-if's / encapsulation config on the router, and EVERY layer 2 switch can do that regardless of IOS version or hardware platform.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to tired_runner

MVM

to tired_runner
...was going to ask as well whether they were looking for multiple answer or single answer.

I'd also apply the Cisco Exam mindset of selecting the LEAST INCORRECT answer; C and D, IMO, completely changes the topology / available devices
from what you were given initially. B is a bit more of a grey area as the question IMPLIES a layer2 only switch, but we all know the
Real World(TM) doesn't work that way.

My 00000010bits

Regards
tired_runner
Premium Member
join:2000-08-25
CT
·Frontier FiberOp..

tired_runner to markysharkey

Premium Member

to markysharkey
The question doesn't mention if it's a L2 or L3 switch. It's a 2-choice question.

I figured it would be maybe A and D, but after playing with the 3550 and seeing what's involved, enabling inter-VLAN routing isn't a one-step option or even a single choice. It requires that you tell a L3-capable switch configured for L2 by default to behave like a router to accomplish the goal by doing at least B and D.

If one of the answers were to enable an interface as a trunk, then that takes out having to configure the switch as a L3 altogether.

This test is purposely confusing at best. I don't remember the CCNA being this puzzling. The material isn't that difficult.
creatine8
join:2007-09-05
Canada

creatine8 to tired_runner

Member

to tired_runner
I would reply A and B. In order for 2 vlans to communicate, you need a device to route between them. Since both devices are connecting to a switch, the switch requires SVI interfaces to act as a default gateway for the hosts.
markysharkey
Premium Member
join:2012-12-20
united kingd

markysharkey to tired_runner

Premium Member

to tired_runner
Maybe head for 9tut on this one.
I am NOT advocating brain dumps as I think they are a bad thing, but stupidly worded questions like this can be the difference between an otherwise competent person passing or failing.
smcallah
join:2004-08-05
Home

smcallah to tired_runner

Member

to tired_runner
It would be A & B if you have to supply 2 answers.

C & D imply doing things to the host rather than making the network do what it's supposed to do.

If you connect the 2 hosts by a hub, that implies you either disconnected them from the switches and Re-IP'd them to communicate or they had more than 1 interface, both with an IP in the same network. If they don't tell you the hosts have more than one interface, then it can't be C.

And the same goes for D. If you connect them, DIRECTLY, through a router, that implies that you either disconnect them from the switches and re-IP the hosts and plug them into a router or that they have more than 1 interface, and that you also have to IP that separately from their VLAN A and VLAN B addresses.

Basically, no one uses hubs for such a thing when you have switches with VLANs, and no one is wasting ethernet ports on a single router to have 2 hosts talk.
tired_runner
Premium Member
join:2000-08-25
CT

tired_runner

Premium Member

I guess you're implying not to think beyond the switch in terms of L3, and assume A means enabling routing on the switch, and B means doing so via VLAN interfaces?
smcallah
join:2004-08-05
Home

smcallah to tired_runner

Member

to tired_runner
Yeah, those 2 answers are completely valid.

The other 2 answers require you to pull in other hardware and interfaces and neither being good network practice.
chandom
join:2001-05-23
Tallahassee, FL

chandom to tired_runner

Member

to tired_runner
Thoughts on A and B are correct.

A: enable ip routing
This will enable routing on the layer 3 switch
B: int vlan "A"
configure an appropriate ip and subnet mask
int vlan "B"
configure an appropriate ip and subnet mask
(ip ad.dr.e.ss sub.net.ma.sk)

Hint: If this was a simlet, check the PCS for the gateway and subnet mask. Use the gateway IP for the SVI IP.
tired_runner
Premium Member
join:2000-08-25
CT

tired_runner

Premium Member

Thanks for your help guys. I passed the test.

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix to tired_runner

Premium Member

to tired_runner
I'd say A.

its the simplest answer.

it could be a low end L2 switch that can't do SVI's and SVI would just be a way of doing inter-vlan routing.
DarkLogix

DarkLogix to tired_runner

Premium Member

to tired_runner
said by tired_runner:

I guess you're implying not to think beyond the switch in terms of L3, and assume A means enabling routing on the switch, and B means doing so via VLAN interfaces?

I'd think A=enable inter-vlan routing in some way (there are many ways, router on a stick linked via a trunk port, using a L3 switch, using multiple routers that somehow link the vlans at L3, and many more increasingly convoluted ways)

if it is single answer then A
if its 2 answer then A&B

B assumes its a L3 switch where as A is more conceptual
tired_runner
Premium Member
join:2000-08-25
CT

tired_runner

Premium Member

It was a 2-answer question. I chose the same A and B discussed here, but the order of the answers was changed around.

I passed the test this afternoon. Woo yay.

Time to start preparing for my CCNP. Fun times ahead.
chandom
join:2001-05-23
Tallahassee, FL

chandom

Member

Congrats on the CCNA, CCNP will be a fun world of mental hurt.

Passed my CCNP switch test last month. Real fun stuff.

Spanning tree is so much fun. Plus HSRP and a few other things.

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix to tired_runner

Premium Member

to tired_runner
my biggest issue with the CCNA exam is (or was as they changed it since then) just slowing down to think through the diagram to find what was wrong.

I was sitting there thinking about the time limit and rushed through it.
tired_runner
Premium Member
join:2000-08-25
CT

tired_runner to chandom

Premium Member

to chandom
Thanks.

I'm not sure if I wanna take the security route or the R&S route. First I want to build up the lab with more recent stuff.

I poke around with STP and HSRP at work from time to time. It does look like a pain in the ass.
tired_runner

tired_runner to DarkLogix

Premium Member

to DarkLogix
The biggest pain in the ass with the CCNA Security was the lab.

There were two; one where I was asked to implement an ACL, the other I was asked to answer questions about ZBFW using information in CCP that didn't make sense.

This time around I finished the test with 35 minutes to spare, and I felt that I took my time through a handful of the questions.

I'm just glad it's behind me now.