ITSY Ch 5.12 Using VLANs

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which 802.1Q priority is IP phone traffic on a voice VLAN tagged with by default?

5 By default, IP phone traffic on a voice VLAN is tagged with an 802.1Q priority of 5.

You are adding switches to your network to support additional VLANs. Unfortunately, the new switches are from a different vendor than the current switches. Which standard do you need to ensure that the switches are supported?

802.1Q If you want to implement VLANs when using multiple vendors in a switched network, be sure each switch supports the 802.1Q standard. 802.1x defines port-based network access controls. 802.11 defines wireless standards. 802.3 defines Ethernet standards.

Virtual LAN (VLAN)

A logical collection of devices that belong together and act as if they are connected to the same wire or physical switch. logical collections of network devices that communicate with each other on Layer 2 of the OSI model. They only receive unicast, multicast, and broadcast traffic for devices that belong to the same VLAN. In other words, VLANs allow us to take a single physical switch or series of switches and subdivide it into multiple virtual networks. Implementing VLANs provides several benefits, especially increased performance and security. Switches designed to use VLANs configure physical switch ports as either VLAN-specific ports or trunk lines. By using VLANs, you can segment the network into smaller broadcast domains, which reduces the number of broadcast messages that network devices receive. In other words, VLANs don't pass broadcast traffic to nodes that aren't part of their network. Reducing broadcast traffic has a direct affect on network performance. With VLANs, you can create separate logical networks for each department so only personnel in a certain department can access those resources. VLANs allow increased flexibility because ports are easily reconfigured as needs change within the organization, and the costs associated with those changes are minimal. VLANs are often used to isolate devices with weak security controls, as is common with Internet of Things devices. A virtual LAN can be defined as: A logical collection of devices that belong together and act as if they are connected to the same wire or physical switch. A grouping of devices based on service need, protocol, or other criteria, rather than physical proximity. VLANs let you assign devices on different switch ports to different logical (virtual) LANs. Although each switch can be connected to multiple VLANs, each switch port can be assigned to only one VLAN at a time. Defining VLANs creates additional and separate broadcast domains. Be aware of the following facts about VLANs: Many switches have default VLANs. For example most Cisco switches have the following default VLANs: VLAN 1 is the default VLAN. You can use this VLAN but you cannot delete it. VLAN 1002 - VLAN 1005 are reserved for backward compatibility with old VLAN implementations, which are no longer being used. You cannot use or delete these VLANs. By default, all ports are members of VLAN 1. Depending on the VLAN number, a VLAN is either normal or extended. 1 - 1005 is the normal range for VLANs. 1006 - 4094 is the extended range for VLANs.

Which of the following is an appropriate definition of a VLAN?

A logical grouping of devices based on service need, protocol, or other criteria. A virtual LAN (VLAN) can be defined as the following: A logical collection of devices that belong together and act as if they are connected to the same wire or physical switch. A logical grouping of devices based on service need, protocol, or other criteria rather than physical proximity.

VLAN tags

If a port is an untagged member of a VLAN, that means the packets destined for that port have no VLAN tags. You can also have ports that are tagged members of a VLAN, which means that the packets which are destined to go to those ports have VLAN tags. These VLAN tags are an extra four bytes that contain a VLAN ID and a VLAN priority, which are used for trunking, quality of service, and other advanced features.

broadcast traffic

Many protocols send requests or responses to all devices or nodes that are part of their local area network. all network devices need to digest these packets. Obviously, as broadcasts increase on a network, the overall performance decreases.

The IT manager has asked you to create four new VLANs for a new department. As you are going through the VLAN configurations, you find some VLANs numbered 1002-1005. However, they are not in use. What should you do with these VLANs?

Nothing. They are reserved and cannot be used or deleted. You should do nothing and leave these VLANs alone. VLANs 1002 through 1005 are reserved for backward compatibility with old VLAN implementations, which are no longer being used. You cannot use or delete these VLANs. These VLANs are reserved and cannot be used on the new network. You cannot edit these VLANs, and you do not want to assign them to ports on the switch since they cannot be used.

A virtual LAN can be created using which of the following?

Switch Use a switch to create virtual LANs (VLANs). The various ports on a switch can be assigned to a specific VLAN to create logically distinct networks on the same physical network topology. Routers, gateways, and hubs are common network devices, but they do not support the creation of VLANs.

When configuring VLANs on a switch, what is used to identify which VLAN a device belongs to?

Switch port VLAN membership is configured by assigning a switch port to a VLAN. A switch can have multiple VLANs configured on it, but each switch port can only be a member of a single VLAN. All devices connected to a switch port are members of the same VLAN.

You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?

VLAN Define virtual LANs (VLANs) on the switch. With a VLAN, a port on the switch is associated with a VLAN. Only devices connected to ports that are members of the same VLAN can communicate with each other. Routers are used to allow communication between VLANs if necessary. Use a virtual private network (VPN) to connect two hosts securely through an unsecured network (such as the internet). VPN tunneling protocols protect data as it travels through the unsecured network. Spanning Tree Protocol is a switch feature that allows for redundant paths between switches. Port security is a method of requiring authentication before a network connection is allowed.

You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and internet access. Which feature should you implement?

VLANs Use VLANs to segregate hosts based on switch ports. You could define two VLANs, one for employees connected throughout the building and another for the ports in the lobby. The ports in the lobby would have only internet access, while devices connected to ports in the rest of the building could communicate with other devices within the same VLAN. Use port authentication to control access to the network based on things such as username and password. Port authentication would allow or deny access, but this would not restrict access once authenticated or provide any type of access if not authenticated. A demilitarized zone is a buffer network, or subnet, that sits between a private network and an untrusted network (such as the internet). Network Address Translation (NAT) modifies the IP addresses in packets as they travel from one network to another. NAT allows you to connect a private network to the internet without obtaining registered addresses for every host. Hosts on the private network share the registered IP addresses.

VLANs and Voice over IP

VLANs are commonly used with Voice over IP (VoIP) to distinguish voice traffic from data traffic. You can give traffic on the voice VLAN higher priority to ensure timely delivery. When using VLANS for VoIP, consider the following facts: To create a voice VLAN, use the "switchport voice vlan [number]" command. By default, IP phone traffic on a voice VLAN is tagged with an 802.1Q priority of 5. When an interface is configured with a voice VLAN, the PortFast feature is automatically enabled on the interface. A Cisco IP phone automatically uses the VLAN ID of the port it is connected to. Non-Cisco IP phones require the VLAN ID to be manually configured on the IP phone.

VLAN Advantages and Disadvantages

VLANs with switches offer the following administrative benefits: You can create virtual LANs based on criteria other than physical location, such as workgroup, protocol, or service. You can simplify device moves. Devices are moved to new VLANs by modifying the port assignment. You can control broadcast traffic and create collision domains based on logical criteria. You can control security (isolate traffic within a VLAN). You can load-balance network traffic (divide traffic logically, rather than physically). Creating VLANs with switches offers the following benefits over using routers to create distinct networks: Switches are easier to administer than routers. Switches are less expensive than routers. Switches offer higher performance because they introduce less latency. A disadvantage of using switches to create VLANs is that you might be tied to a specific vendor. How VLANs are created and identified can vary from vendor to vendor. Creating a VLAN using switches might mean you must use only that vendor's switches throughout the network. (If you want to implement VLANs when using multiple vendors in a switched network, be sure each switch supports the 802.1Q standards.) Despite advances in switch technology, routers are still typically used to: Filter WAN traffic. Route traffic between separate networks. Route packets between VLANs, though Layer 3 switches can also do this.

The IT manager has asked you to create a separate VLAN to be used exclusively for wireless guest devices to connect to. Which of the following is the primary benefit of creating this VLAN?

You can control security by isolating wireless guest devices within this VLAN. The primary benefit of creating a VLAN for wireless guest devices to connect to is it allows you to control security by isolating wireless guest devices within this VLAN. Devices on this VLAN cannot communicate with other devices in other VLANs unless you allow traffic to get through with a router or Layer 3 switch. In this case, you would likely keep this wireless guest VLAN isolated from the rest of your network and only allow traffic from this VLAN to communicate with the internet. The following are also benefits of creating VLANs in general (but these are not the primary benefit of creating a wireless guest VLAN): You can create virtual LANs based on criteria other than physical location (such as workgroup, protocol, or service). You can simplify device moves (devices are moved to new VLANs by modifying the port assignment). You can control broadcast traffic and create collision domains based on logical criteria. You can load-balance network traffic (divide traffic logically rather than physically).

VLAN-specific ports

belong to a specific VLAN, and when data is sent through that port, the switch knows which other ports belong to the same VLAN, and the switch only sends data to those ports.

Trunk line ports

is configured to carry packets for many different VLANs. However, because data on a trunk line can be from any number of VLANs, the packets need to declare the VLAN destination. To accomplish this, each frame sent over a trunk line adds the VLAN ID, so the receiving device knows how to forward the packets.

You are creating a VLAN for voice over IP (VoIP). Which command should you use?

switchport voice vlan [number] To create a voice VLAN, use the switchport voice vlan [number] command.


Ensembles d'études connexes

PEDIATRIC SUCCESS ORTHOPEDIC DISORDERS CHAPTER 12

View Set

Cambridge English Profile Level C1

View Set

Southern Rock: Allman Brothers / Lynyrd Skynyrd / Charlie Daniels

View Set

notecards for lebron james research project

View Set

1232 EAQ 2 Clinical Skills questions

View Set

What pronoun would I use when.....

View Set