15 - Questions - VLANs & Trunks
What is the default range for normal VLANs?
The correct answer is "1-1005." VLANs 0 and 4095 are for system use only. The default range for normal VLANs is 1-1005. VLAN 1 is the default VLAN, and 1002-1005 are reserved for legacy reasons. Extended range of VLANs is 1006-4094, which is not supported on all switches. The range of 1-4094 represents both the normal and extended range of VLANs.
Your boss asked you to secure the unused switch ports on a switch that resides on a 2nd floor. Which two options are recommended as best practice? (Choose two.)
The correct answer is "Administratively shut down the unused ports" and "Create a black hole VLAN, and place unused ports into that VLAN." A good security practice is to configure all the ports on all switches to be associated with VLANs other than VLAN 1. Also, all unused switch ports should be assigned to black hole VLAN and set to be administratively down. A black hole VLAN is a term for a VLAN, which has no route, or no default-gateway to other networks within your organization, or to the internet.
Assume that you have received a switch with no prior VLAN configuration. Regarding VLANs, which statement is true?
The correct answer is "All interfaces belong to VLAN 1." VLAN 1 is the factory default VLAN. If you do not assign a VLAN to an access port, VLAN 1 is assigned automatically. The switch interfaces are in down state, unlike interfaces on a router, which are by default in administratively down state. The show vlan brief command shows VLANs 1, 1002-1005.
Regarding trunk ports, which statement is true?
The correct answer is "By default, all VLANs are allowed on a trunk." If you do not explicitly allow VLANs to traverse the trunk, all will be allowed to cross the link. By default the native VLAN is VLAN 1, and it is untagged by default. All the other VLANs that are traversing the trunk are tagged. If you use the show vlan command, you will not see any trunk ports in the output. In this case, it is better to use the show interfaces trunk command.
Refer to the example. PC1 sends a broadcast. Which personal computers (PCs) will receive a copy of the broadcast frame?
The correct answer is "PC4, PC5, and PC6." Ports in the same VLAN share broadcasts. Ports in different VLANs do not share broadcasts. If you want to carry traffic for multiple VLANs across multiple switches, you need a trunk to connect two switches. Trunking allows switches to pass frames from multiple VLANs over a single physical connection. It is the responsibility of the Ethernet switch to look at the 4-byte tag field and determine where to deliver the frame.
Which statement regarding broadcasts and VLANs is true?
The correct answer is "Ports in the same VLAN share broadcasts, while ports in different VLANs do not." With VLANs, a switch can put some interfaces into one broadcast domain and some into another. The individual broadcast domains that are created by the switch are called VLANs. Ports in the same VLAN share broadcasts. Ports in different VLANs do not share broadcasts. Containing broadcasts within a VLAN improves the overall performance of the network. If you want to carry traffic for multiple VLANs across multiple switches, you need a trunk to connect two switches.
Which Cisco IOS command should you use to create a VLAN?
The correct answer is "Switch(config)# vlan." To add a VLAN to the VLAN database, use the vlan global configuration command by entering a VLAN ID. You can enter a new VLAN ID to create a VLAN, or enter an existing VLAN ID to modify that VLAN. Other options are not valid Cisco IOS commands.
Assume that you are the sole network engineer in your company. You have received a new ticket saying that there is a new employee on 3rd floor; her PC is connected to a switch interface. You have connected to the switch on the floor and entered the interface configuration mode of the connected port to the PC. Once you have configured the interface to access mode, which command should you use to assign the interface to a data VLAN?
The correct answer is "switchport access vlan vlan-id." When you connect host to a switch port, you should associate it with a VLAN. In the interface configuration mode you should set the interface to an access mode, and then put the access port in VLAN using the switchport access vlan vlan-id command. The other commands are invalid commands.
What must you ensure when configuring two ends of an 802.1Q trunk?
The native VLAN must be the same.
What happens to a port that belongs to VLAN 5 after VLAN 5 is accidentally deleted?
The port becomes inactive and will not be functional until the missing VLAN 5 is created.
By default, which VLAN or VLANs are permitted across a trunk link?
all VLANs
What do VLANs do to improve network performance?
separate large broadcast domains into smaller broadcast domains
Assume that you have just created a VLAN 10 on a switch. Which command should you use to verify if the VLAN was created?
show vlan brief
Assume that you have been told to secure the trunk ports on a switch. Which two options are recommended as best practice? (Choose two.)
Change the native VLAN to something other than VLAN 1. Tag the native VLAN.
How does 802.1Q incorporate VLAN information into a frame?
It adds a 4-byte tag to the frame header.