Ch. 9 Implementing Ethernet Virtual LANs
For an 802.1Q trunk between two Ethernet switches, which answer most accurately defines which frames do not include an 802.1Q header? a. Frames in the native VLAN (only one) b. Frames in extended VLANs c. Frames in VLAN 1 (not configurable) d. Frames in all native VLANs (multiple allowed)
A (Frames in the native VLAN (only one)) . 802.1Q defines the native VLAN as one designated VLAN on a trunk for which the devices choose to not add an 802.1Q header for frames in that VLAN. The switches can set the native VLAN to any VLAN ID, but the switches should agree. The default native VLAN is VLAN 1. Note that only one such native VLAN is allowed on any one trunk; otherwise, that VLAN associated with untagged frames could not be discerned by the receiving switch.
Imagine that you are told that switch 1 is configured with the dynamic auto parameter for trunking on its Fa0/5 interface, which is connected to switch 2. You have to configure switch 2. Which of the following settings for trunking could allow trunking to work? (Choose two answers.) a. Trunking turned on b. dynamic auto c. dynamic desirable d. access e. None of the other answers are correct.
A (Trunking turned on) and C (dynamic desirable) . The dynamic auto setting means that the switch can negotiate trunking, but it can only respond to negotiation messages, and it cannot initiate the negotiation process. So, the other switch must be configured to trunk or to initiate the negotiation process (based on being configured with the dynamic desirable option).
A switch has just arrived from Cisco. The switch has never been configured with any VLANs, but VTP has been disabled. An engineer gets into configuration mode and issues the vlan 22 command, followed by the name Hannahs-VLAN command. Which of the following are true? (Choose two answers.) a. VLAN 22 is listed in the output of the show vlan brief command. b. VLAN 22 is listed in the output of the show running-config command. c. VLAN 22 is not created by this process. d. VLAN 22 does not exist in that switch until at least one interface is assigned to that VLAN.
A (VLAN 22 is listed in the output of the show vlan brief command.) and B (VLAN 22 is listed in the output of the show running-config command.) . The default VTP setting of VTP transparent mode means that the switch can configure VLANs, so the VLAN is configured. Additionally, the VLAN configuration details, including the VLAN name, show up as part of the running-config file.
A basic VLAN concept
A single switch creates two VLANs, treating the ports in each VLAN as being completely separate, The switch would never forward a frame sent by Dino (VLAN 1) over to either Wilma or Betty (in VLAN 2)
Result of the access switchport mode command
Access to dynamic auto, dynamic desirable and access. Trunk do not use.
Trunk
Always act as a trunk port.
Access
Always act as an access (nontrunk) port
Imagine a switch with three configured VLANs. How many IP subnets are required, assuming that all hosts in all VLANs want to use TCP/IP? a. 0 b. 1 c. 2 d. 3 e. You can't tell from the information provided.
D (3) . Although a subnet and a VLAN are not equivalent concepts, the devices in one VLAN are typically in the same IP subnet and vice versa.
show vlan (vlan)
Displays VLAN information.
show vtp status
Lists VTP configuration and status information.
Trunking administrative mode
The configured trunking setting on a Cisco switch interface, as configured with the switchport mode command.
Trunking operational mode
The current behavior of a Cisco switch interface for VLAN trunking.
VTP (VLAN Trunking Protocol)
A Cisco proprietary messaging protocol used between Cisco switches to communicate configuration information about the existence of VLANs, including the VLAN ID and VLAN name.
ISL (Inter-Switch link)
A Cisco proprietary protocol that maintains VLAN information as traffic flows between switches and routers.
Access interface
A LAN network design term that refers to a switch interface connected to end-user devices. configured so that it does not use VLAN trunking.
Layer 3 switch (multilayer switch)
A LAN switch that can also perform Layer 3 routing functions. The name comes from the fact that this device makes forwarding decisions based on logix from multiple OSI layers (Layer 2 and 3).
List the reasons why a trunk does not pass traffic for a VLAN.
A VLAN has been removed from the trunk's allowed VLAN list. A VLAN does not exist in the switch's configuration (as seen with the show vlan command). A VLAN does exist, but has been administratively disabled (shutdown) A VLAN has been automatically pruned by VTP A VLANs STP instance has placed the trunk interface into a blocking state.
VLAN
A group of devices connected to one or more switches, with the devices grouped into a single broadcast domain through switch configuration. VLANs allow switch administrators to separate the devices connected to the switches into separate VLANs without requiring separate physical switches, gaining design advantages of separating the traffic without the expense of buying additional hardware.
Trunk interface
A switch interface configured so that it operates using VLAN trunking (either 802.1Q or ISL).
Result of the dynamic auto switchport mode command
Access to Access and dynamic auto. Trunk on trunk and dynamic desirable.
Result of the dynamic desirable switchport mode command
Access to access. Trunk on dynamic auto, trunk and dynamic desirable.
In a LAN, which of the following terms best equates to the term VLAN? a. Collision domain b. Broadcast domain c. Subnet d. Single switch e. Trunk
B (Broadcast domain) . A VLAN is a set of devices in the same Layer 2 broadcast domain. A subnet often includes the exact same set of devices, but it is a Layer 3 concept. A collision domain refers to a set of Ethernet devices, but with different rules than VLAN rules for determining which devices are in the same collision domain.
Switch SW1 sends a frame to switch SW2 using 802.1Q trunking. Which of the answers describes how SW1 changes or adds to the Ethernet frame before forwarding the frame to SW2? a. Inserts a 4-byte header and does change the MAC addresses b. Inserts a 4-byte header and does not change the MAC addresses c. Encapsulates the original frame behind an entirely-new Ethernet header d. None of the other answers are correct
B (Inserts a 4-byte header and does not change the MAC addresses) . 802.1Q defines a 4-byte header, inserted after the original frame's destination and source MAC address fields. The insertion of this header does not change the original frame's source or destination address. The header itself holds a 12-bit VLAN ID field, which identifies the VLAN associated with the frame.
Which of the following commands identify switch interfaces as being trunking interfaces: interfaces that currently operate as VLAN trunks? (Choose two answers.) a. show interfaces b. show interfaces switchport c. show interfaces trunk d. show trunks
B (show interfaces switchport) and C (show interfaces trunk) . The show interfaces switchport command lists both the administrative and operational status of each port. When a switch considers a port to be trunking, this command lists an operational trunking state of "trunk." The show interfaces trunk command lists a set of interfaces: the interfaces that are currently operating as trunks. So, both these commands identify interfaces that are operational trunks.
Result of the trunk switchport mode command
Do not use on access. Trunk on Dynamic auto, trunk and dynamic desirable.
vlan (vlan-id)
Global config command that both creates the VLAN and puts the CLI into VLAN configuration mode.
vtp mode { server | client | transparent | off }
Global config command that defines the VTP mode.
[no] shutdown vlan (vlan-id)
Global config command that has the same effect as the [no] shutdown VLAN mode subcommands.
Trunk
In campus LANs, an Ethernet segment over which the devices add a VLAN header that identifies the VLAN in which the frame exists.
Dynamic Desirable
Initiates negotiation messages and responds to negotiation messages to dynamically choose whether to start using trunking.
switchport mode {access | dynamic { auto | desirable} | trunk}
Interface subcommand that configures the trunking administrative mode on the interface.
switchport trunk allowed vlan {add | all | except | remove} vlan-list
Interface subcommand that defines the list of allowed VLANs.
switchport trunk native vlan (vlan-id)
Interface subcommand that defines the native VLAN for a trunk port.
switchport trunk encapsulation {dot1qisl | negotiate}
Interface subcommand that defines which type of trunking to use, assuming that trunking is configured or negotiated.
switchport nonegotiate
Interface subcommand that disables the negotation of VLAN trunking.
switchport access vlan (vlan-id)
Interface subcommand that statically configures the interface into that one VLAN.
show interfaces (interface-id) trunk
Lists information about all operational trunks (but no other interfaces), including the list of VLANs that can be forwarded over the trunk.
show interfaces (interface-id) switchport
Lists information about any interface regarding administrative settings and operational state.
show vlan [brief | id (vlan-id) | name (vlan-name) | Summary]
Lists information about the VLAN.
VTP transparent mode
One of three VTP operational modes. Switches in transparent mode can configure VLANs, but they do not tell other switches about the changes, and they do not learn about VLAN changes from other switches.
Dynamic auto
Passively waits to receive trunk negotiation messages, at which point the switch will respond and negotiate whether to use trunking.
Routing between VLANs with a router-on-a-stick (AKA a Trunk on the Router)
Router 1 uses VLAN trunking instead of a separate link for each VLAN.
List configuration checklist for configuring VLANs and assigning to interfaces.
Step 1. To configure a new VLAN, follow these steps: A. From configuration mode, use the vlan (vlan-id) global configuration command to create the VLAN and to move the user into VLAN configuration mode. B. (optional) Use the name (name) VLAN subcommand to list a name for the VLAN. If not configured, the VLAN name is VLANZZZZ, where ZZZZ is the 4-digit decimal VLAN ID. Step 2. For each access interface (each interface that does not trunk, but instead belongs to a single VLAN), follow these steps: A. Use the interface command to move into interface configuration mode for each desired interface. B. Use the switchport access vlan (id-number) interface subcommand to specify the VLAN number associated with that interface. C. (optional) To disable trunking on that same interface, so that the interface does not negotiate to become a trunk, use the switchport mode access interface subcommand.
802.1Q
THE IEEE standardized protocol for VLAN trunking.
[no] shutdown
VLAN mode subcommand that enables (no shutdown) or disables (shutdown) the VLAN.
name (vlan-name)
VLAN subcommand that names the VLAN.
Options of the switchport mode command
access, trunk, dynamic desirable, dynamic auto.
802.1Q Trunking
both ISL and 802.1Q tag each frame with the VLAN ID, the details differ. 802.1Q inserts an extra 4 byte 802.1Q VLAN header into the original frame's Ethernet header.
VLAN trunking
is when a PC (PC11) sends a broadcast frame on a interface such as fa0/. To flood the frame switch (SW1) needs to forward the broadcast frame to switch (SW2). However, SW1 needs to let SW2 know that the frame is part of VLAN 10, so that after the frame is received, SW2 will flood the frame only into VLAN 10, and not into VLAN 20. SW1 adds a VLAN header to the original Ethernet frame, with he VLAN header listing a VLAN ID of 10 in this case.
Routing between VLANs with a Layer 3 switch
same concept, but Layer 2 switching with Layer 3 routing in One device.
List the reasons for using VLANs
~To reduce CPU overhead on each device by reducing the number of devices that receive each broadcast frame. ~To reduce security risks by reducing the number of hosts that receive copies of frames that the switches flood (broadcasts, multicasts, and unknown unicasts). ~To improve security for hosts that send sensitive data by keeping those hosts on a separate VLAN. ~To create more flexible designs that group users by department , or by groups that work together, instead of by physical location. ~TO solve more problems more quickly, because the failure domain for many problems is the same set of devices as those in the same broadcast domain. ~To reduce the workload for the Spanning Tree Protocol (STP) by limiting a VLAN to a single access switch.