Wednesday, May 15, 2013

Debating a switch exam question ( you got to love cisco )

My weekly Cisco rant 

( certifications, and some of  the stupid questions  cisco presents ! )

Here's a link to a site that I just did  a exam topic refresher & for the 642-813  exam that I'm about to take.

 Here's the offending question ( #8 )

And my selection


The above was a question on one of the review sets of questions,  and my marked answer  "using the Type field in the Ethernet header" was  wrong. Really?

Comon cisco, how about providing some better answers.

Okay let's look at the other answers;

using 802.1q ToS bits ( btw this what they suggested was right, and  the reason of my rant )
implementing DCSP at layer3 ( definitely right since DSCP is  included in layer 3 only )
implementing DCSP at layer 2 ( wrong no DSCP in layer2  )

Okay so answer number #1 was wrong according to the exam, but answer #2 was what they expected & claimed was right. But is that really right?

1st  off  with the ToS bits, there's no such thing as ToS ( type of service ) or any bits in 802.1q or any thing that says ToS in regards to 802.1q tagging.  

With CoS  ( class of service ),  yes,  but with  ToS  no such beast &  it's miss leading and bad wording.

Cisco here's a clue, here's a Ethernet Header ;

Frame 10 (105 bytes on wire, 105 bytes captured)
    Arrival Time: May 15, 2013 23:27:30.659288000
    [Time delta from previous captured frame: 0.000002000 seconds]
    [Time delta from previous displayed frame: 0.000002000 seconds]
    [Time since reference or first frame: 0.000067000 seconds]
    Frame Number: 10
    Frame Length: 105 bytes
    Capture Length: 105 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:vlan:ip:gre:ip:tcp:ssl]
Ethernet II, Src: 40:55:39:2f:11:a9 (40:55:39:2f:11:a9), Dst: Force10N_57:1c:a3 (00:01:e8:57:1c:a3)
    Destination: Force10N_57:1c:a3 (00:01:e8:57:1c:a3)
        Address: Force10N_57:1c:a3 (00:01:e8:57:1c:a3)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: 40:55:39:2f:11:a9 (40:55:39:2f:11:a9)
        Address: 40:55:39:2f:11:a9 (40:55:39:2f:11:a9)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 203
    000. .... .... .... = Priority: 0
    ...0 .... .... .... = CFI: 0
    .... 0000 1100 1011 = ID: 203
    Type: IP (0x0800)

 Notice, no ToS field in that layer2 802.1q frame. Just ain't happening :)

The 1st answer that I selected,  was based on the Ether.Type of a 802.1q  tagged framed would be present in the header to indicated it's  tagged, and then inspection of the CoS value could be inspected. I bold that type and the priority field for 802.1p ( aka CoS )

This how a switch knows tagging is involved & to  determine if any the priority of the frame. Btw that Ether.Type would be 0x8100  where as a regular ipv4 Ether.Type would be 0x0800.

So going by we have no ToS bits in etherytype 0x8100 , or as matter fact even a standard ethernet frame, this should be a wrong answer imho. I'm going to reference wikipedia  and what they say about ToS & CoS

The question is badly worded & we should really expect more Cisco

Ken Felix
Freelance Network/Security Engineer
kfelix -----at----- hyperfeed ----com----

        ^      ^
==(   O   O )==

No comments:

Post a Comment