IP Spoofing, Frame Processing, And More!

By: Chris Bryant

To help you prepare for Cisco certification exam success, here are some free CCNA, Security, CCENT, and CCNP practice exam questions.? There's also a free tutorial on Cisco switching methods, so let's get started!


Of the three frame processing options on Cisco switches - store-and-forward, cut-through, and fragment-free - identify which one best matches each of the following statements.

A. This is the fastest method of the three.

B. This is the slowest method of the three.

C. This method has the highest level of error detection.

D. This method has the lowest level of error detection.

E. This method is considered the "middle ground" of the three when it comes to error detection and transmission speed.


A. cut-through

B. store-and-forward

C. store-and-forward

D. cut-through

E. fragment-free

Here's a look at each method.

When store-and-forward is in use, the switch does indeed store the entire frame before forwarding it, which allows the switch to check the FCS before forwarding that frame. This allows the greatest level of error detection of the three frame processing methods.

With the other two methods, the entire frame will not be stored before forwarding. When the cut-through method is in use, the switch will read the MAC addresses on the incoming frame, and then begin to forward the frame even as part of it is still being received!

The FCS value is not checked, so while cut-through is a faster method of processing frames than store-and-forward, cut-through has no way to check for damaged frames. Cut-through is the fastest of the three processing methods, but it comes at a high cost - no error detection!

Cut-through is very fast, but offers no error detection; store-and-forward does offer error detection via the FCS check, but isn't as fast as cut-though.

Happily, there's a middle ground - fragment-free.

Fragment-free processing works on the presumption that if a frame is corrupted, the corruption will be found in the first 64 bytes. Therefore, fragment-free checks the first 64 bytes of the frame for damage. If no problems are found in the first 64 bytes of the frame, the forwarding process begins!

CCNA Exam:What command enables the dynamic mappings of DLCIs to IP addresses? Is this command used globally, at the interface level, or elsewhere?

Answer: That's the frame-relay inverse-arp command, and that should be enabled on the appropriate interface and/or subinterfaces. Inverse ARP is enabled by default on Cisco router serial interfaces.

CCNA Security And CCNP / ISCW Exam:What is RFC 3704 filtering, and why would we use it as part of a security plan?

Answer: IP Spoofing can be used against your network in several ways:

To inject a stream of malicious code and/or commands into your network

To trick legitimate network hosts into sending sensitive data to the attacker

As part of a reconnaissance attack, an attack that in itself may not be damaging, but is used to gather information for future, more destructive attacks.

RFC 3704 (an updated version of RFC 2827) recommends that packets from the following network ranges be prohibited from entering your network: /8 /8 (RFC 1918 Class A private range) /8 (loopback address range) /12 (RFC 1918 Class B private range) /16 (RFC 1918 Class C private range) /4 (reserved for IP multicasts) /4 (RFC 1918 Class E private range)

Blocking these address ranges for incoming traffic on your network's perimeter routers is sometimes called "2827 filtering" or "3704 filtering", referring to the original and updated RFCs that discuss this topic in a great deal of detail.


In the following configuration, what happens if you leave the subnets option out of the redistribution command?

R3(config)#router ospf 1

R3(config-router)#redistribute rip subnets

R3(config-router)#redistribute connected subnets

Answer: Subnets will not successfully be redistributed into OSPF.


What's the difference between Root Guard, BDPU Guard, and Loop Guard?

Answer: When a port is running Root Guard, no switch found off that port can become the root switch. When a superior BPDU is received on such a port, here's what you'll see:

00:26:46: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port FastEthernet0/24 on VLAN0023.

If any BPDU comes in on a port that's running BPDU Guard, the port will be shut down and placed into error disabled state, shown on the switch as err-disabled.

CCNP / ONT Exam:

Marking and classification often work hand-in-hand, but they're not quite the same thing. Define each term.

Answer: Classification identifies a certain type of trafficFree Web Content, while Marking is assigning a value to that class of traffic.

Look for free tutorials and more Cisco certification exam question sets on my website as well as this one!


» More on Security