Everyday Ten Ask ccie security written exam forums

1. Question: Can you deploy two radius server addresses on one switch? Are authenticate users based on different ports to different radius servers?

Answer: web authentication can be achieved
      1X authentication cannot be achieved
      Cause: The web authentication is called in the porta template and the 1X authentication is called globally.
2. Question: Will the interface with the POE power supply be plugged into the computer and burn out?
Answer: No, it is the same as other normal interfaces because the POE switch will not supply power if it recognizes that the interface is not a PD device.
3. Question: What happens when the VSL line is broken after BFD detection?
Answer: After the VSL line is disconnected, all ports except the exception port will be down (including the BDF detection port), the standby information will not be seen on the host and the standby machine will become the recovery state.
4. Question: When the stacking device is up, the stacking port is in the down state. How do I monitor the stacking interface of the device?
Answer: There is no way to monitor the device stack interface. However, the device can be monitored according to the oid of the stacking state of the device because the device will restart once the stack interface is disconnected and the stack state will be renegotiated.
5. Question: Is DHCP destined for a specific IP address of a specific terminal?
Answer: You cannot create the same address pool as the dynamic address pool. You must create a new address pool.
6. Question: If dhcp snooping is enabled on the switch and a trusted port is configured, the address acquisition is slow, or the address is not obtained.
Answer: It may be the dhcp snooping entry is full. If the snooping entry is full, the switch will discard the dhcp packet. If you check the dhcp snooping entry, check whether the entry is sufficient use.
7. Question: What is the survival time in the show ip dhcp snooping table item?
Answer: The existence of the lease (sec) time value in the show ip dhcp snooping binding table item is the same as the dhcp lease timewhich is the remaining time of the dhcp lease.
8: Problem: Filter the dhcp message of a port so that users under the interface cannot automatically get the IP address.
Answer: Configure the dhcp snooping function on the corresponding switch
 and configure it on the corresponding interface.
     ip dhcp Snooping suppression
     Instructions for use: By configuring this command, you can deny all DHCP requests under this port from requesting messages, i.e. all users under that port are prohibited from requesting addresses through DHCP.
9: Question: DHCP address pool on the core switch, only write dhcp snooping on the core switch does not set the trust port to prevent the server private and core address pool address normal release?
Answer: You can prevent the server from being privately and the core address pool from being released normally because the dhcp snooping principle is that the non-trust port is discarded when receiving the offer message and the offer message from the interface does not do anything.
10: Question: How do I tell if i can configure a fixed assigned address with client-identifier or with hardware address?
Answer: You can first let the terminal get an address through show ip dhcp bingding to see if the mac address is plus 01 prefix, there is 01 prefix is used client-identifier. Otherwise ,the flower is to use address hardware.
PASSHOT will often update some network engineers in the work of the difficult problems. If you feel good, please collect our website! Here can help you CCIE Written exam and CCIE Lab exam.  

Comments

Popular posts from this blog

How to choose Cisco dumps?

What is proxy communication?

What are CCNP Data Center jobs in Dubai?