Acceso bueno

Two entries in the exhibit show that the same MAC address has been used in two different VLANs. Which MAC address is shown in the above output?. It is a MAC address of FortiLink interface on FortiGate. It is a MAC address of a switch that accepts multiple VLANs. It is a MAC address of an upstream FortiSwitch. It is a MAC address of FortiGate in HA configuration.

Core-1 and Access-1 are managed and authorized by FortiGate-1, which uses port4 as the FortLink interface. After FortiGate authorizes and manages Core-2, port1 status becomes STP discarding. Why is port1 in the discarding state?. port1 on Core-2 is discarding only management traffic. Core-1 and Core-2 do not have MCLAG configuration. Access-1 is the root bridge and can only have one root port. Core-2 has the lowest bridge priority.

Which two statements about the FortiLink authorization process are true? (Choose two.). The administrator must manually pre-authorize FortiGate on FortiSwitch by adding the FortiGate serial number. FortiSwitch requires a reboot to complete the authorization process. FortLink frame is sent by FortiGate to FortiSwitch to complete the authorization. FortiLink authorization sets the FortiSwitch management mode to FortiLink.

Traffic arriving on port2 on FortiSwitch is tagged with VLAN ID 10 and destined for PC1 connected on port1. PC1 expects to receive traffic untagged from port1 on FortiSwitch. Which two configurations can you perform on FortiSwitch to ensure PC1 receives untagged traffic on port1? (Choose two.). Add the MAC address of PC1 as a member of VLAN 10. Add VLAN ID 10 as a member of the untagged VLANs on port1. Remove VLAN 10 from the allowed VLANs and add it to untagged VLANs on port1. Enable Private VLAN on VLAN 10 and add VLAN 20 as an isolated VLAN.

Port1 and port2 are the only ports configured with the same native VLAN 10. What are two reasons that can trigger port1 to shut down? (Choose two.). port1 was shut down by loop guard protection. STP triggered a loop and applied loop guard protection on port1. An endpoint sent a BPDU on port1 that it received from another interface. Loop guard frame sourced from port1 was received on port1.

What makes the use of the sniffer command on the FortiSwitch CLI unreliable on _port_23?. The types of packets captured is limited. Just the port egress payloads are printed on CLI. Only untagged VLAN traffic can be captured. The switch port might be used as a trunk member.

Which interfaces on FortiSwitch send out FortiLink discovery frames by default in order to detect a FortiGate with an enabled FortiLink interface?. All ports have auto-discovery enabled by default. No ports are enabled by default for auto-discovery. This must be configured under config switch interface. The ports with auto-discovery enabled by default are dependent upon the FortiSwitch model. The last four switch ports on FortiSwitch have auto-discovery by default.

Which LLDP-MED Type-Length-Values does FortiSwitch collect from endpoints to track network devices and determine their characteristics?. Network policy. Power management. Location. Inventory management.

What two conclusions can be made regarding DHCP snooping configuration? (Choose two.). Maximum value to accept clients DHCP request is configured as per DHCP server range. Fortiswitch is configured to trust OHCP replies coming on FortLink interface. DHCP clients that are trusted by DHCP snooping configured is only one. Global configuration for DHCP snooping is set to forward DHCP client requests on all ports in the VLAN.

What are two reasons why time synchronization between FortiGate and its managed FortiSwitch is critical in switch management? (Choose two.). FortiSwitch does not retain its time after a reboot, which gets reset after each reboot. FortiSwitch will not be able to become an NTP server for downstream devices. FortiSwitch cannot complete the DTLS handshake used in the CAPWAP tunnel. FortiSwitch will not allow other FortiSwitch devices in the chain be discovered by FortiGate.

Which statement about the quarantine VLAN on FortiSwitch is true?. Quarantine VLAN has no DHCP server. Users who fail 802.1X authentication can be placed on the quarantine VLAN. It is only used for quarantined devices if global setting is set to quarantine by VLAN. FortiSwitch can block devices without configuring quarantine VLAN to be part of the allowed VLANs.

The exhibit shows the current status of the ports on the managed FortiSwitch, Access-1. Why would FortiGate display a serial number in the Native VLAN column associated with the port23 entry?. port23 is configured as the dedicated management interface. Ports connected to adjacent FortiSwitch devices show their serial number as the native VLAN. port23 is a member of a trunk that uses the Access-1 FortiSwitch serial number as the name of the trunk. A standalone switch with the shown serial number is connected on port23.

What are two ways in which automatic MAC address quarantine works on FortiSwitch? (Choose two.) OJO. FortiSwitch supports only by VLAN quarantine mode. FortiGate applies the quarantine-related configuration only on FortiGate. FortiAnalyzer with a threat detection services license is required. MAC address quarantine can be enabled through the FortiGate CLI only.

How does FortiGate handle configuration of flow tracking sampling if you export the settings to a managed FortiSwitch stack with sampling mode set to perimeter is true?. FortiGate configures FortiSwitch to perform ingress sampling on all switch interfaces. FortiGate configures FortiSwitch to perform ingress sampling on all switch interfaces, except ICL and ISL interfaces. FortiGate configures and enables flow sampling on FortiSwitch but does not change existing sampling settings of interfaces. FortiGate configures and enables egress sampling on all management interfaces.

The profile shown in the exhibit is assigned to a group of managed FortiSwitch ports, and these ports are connected to endpoints which are powered by PoE. Which configuration action can you perform on the LLDP profile to cause these endpoints to exchange PoE information and negotiate power with the managed FortiSwitch?. Create new a LLDP-MED application type to define the PoE parameters. Assign a new LDP profile to handle different LLDP-MED TLVs. Define an LLDP-MED location ID to use standard protocols for power. Add power management as part of LLDP-MED TLVs to advertise.

Which two types of Layer 3 interfaces can participate in dynamic routing on FortiSwitch? (Choose two.). Detected management interfaces. Loopback interfaces. Switch virtual interfaces. Physical interfaces.