BSc. (Hons.

) Computer Science with

Network Security

BEng (Hons) Telecommunications

Cohorts: BCNS/16A/FT & BTEL/15B/FT

Examinations for 2016 – 2017 / Semester 2

Resit Examinations for BCNS/15B/FT

MODULE: Switching Techniques

MODULE CODE: CAN 2105C

Duration: 3 Hours

Instructions to Candidates:

1. Attempt all 3 questions.

2. The total marks is 100.
3. You should not answer with IOS commands.
4. Use a pencil and a ruler for your diagrams.

This Paper contains 3 questions and 5 pages.

Page 1 of 5
Switching Techniques (CAN 2105C) SITE/June Sem 2
QUESTION 1 (35 marks) Layer 2 security

(a) Layer 2 attacks are categorized into 4 categories namely:

MAC layer attacks

VLAN attacks
Spoofing attacks
Switch Device attacks

For each of the 4 categories of attacks above, state one specific attack
and give the corresponding description and mitigation technique(s).
Present your answers in a tabular form as follows:

(4 x 3 + 4 x3 marks)

(b) Describe and illustrate with the help of a diagram wherever necessary an
attack scenario whereby you need to implement the following security
measures:

(i) Port Security

(ii) DHCP Spoofing

(3 x 2 marks)

(c) The AAA network-security services provide the primary framework

through which you set up access control on a Cisco IOS switch. AAA
is an architectural framework for configuring a set of three
independent security functions in a consistent manner.

State 2 elements that the each A from the AAA services provides.

(5 marks)

Page 2 of 5
Switching Techniques (CAN 2105C) SITE/June Sem 2
QUESTION 2 (30 marks) MPLS

(a) What are the drawbacks with traditional IP? Why is Multi-Protocol Label
Switching (MPLS) technology a better solution?
(5 marks)
(b) Describe the following features of an MPLS network:

Forward Equivalence Class (FEC)

Label Distribution Protocol (LDP)

Label Switching Router (LSR)

Penultimate Hop Pooping (PHP)

(8 marks)

(c) MPLS uses a 32 bit Label header that contains multiple information. Draw
a packet structure to show the number of bits for the different fields.
Briefly mention the purpose of each field.

(5 marks)
(d) MPLS architecture has two major components which are data plane and
control plane. What is the difference between the control plane and the
data plane in MPLS?
(2 x 3 marks)
(e) Provide justifications for the following statements:

i. MPLS is available on low end routers

ii. MPLS is at layer 2.5 of the OSI model

iii. MPLS is a core network technology

(3 x2 marks)

Page 3 of 5
Switching Techniques (CAN 2105C) SITE/June Sem 2
QUESTION 3 (35 marks) MPLS / VPN

(a) What is the purpose of the following in an MPLS VPN network?

i. VPN Routing/Forwarding Instance (VRF) tables

ii. Route Distinguisher ( RD)

iii. Route Target (RT)

(3 x 4 marks)

(b) Route target is a 64-bit value attached to a BGP route as extended BGP
community.

(i) How are route targets used to build virtual routing tables in the
PE routers?

(ii) What is the impact of complex VPN topologies on virtual routing

tables in the PE routers?

(2 x 4 marks)

(c) How are VPN packets propagated across MPLS VPN backbone?

(5 marks)

(d) Consider the topology depicted in figure 3.1.

(i) Explicit & briefly describe the terminologies C-network, CE, PE,
P, iBGP in the MPLS VPN network as mentioned in figure 3.1.

Page 4 of 5
Switching Techniques (CAN 2105C) SITE/June Sem 2
 (ii) Assume an IP packet leaves the C-network from VPN_B on your
left to enter the MPLS-VPN domain through the Ingress router
and dedicated for VPN-B C-network on your right. Draw the
labeled packets at each stage. Choose appropriate label
numbers.

Figure 3.1

(2 x 5 marks)

***END OF QUESTION PAPER***

Page 5 of 5
Switching Techniques (CAN 2105C) SITE/June Sem 2