CCNA2_Lesson_6
Where is Extended Range VLAN configuration stored?
Saved, by default, in the running configuration file.
What are subinterfaces?
Subinterfaces are software-based virtual interfaces that are assigned to physical interfaces. Each subinterface is configured independently with its own IP address and prefix length. This allows a single physical interface to simultaneously be part of multiple logical networks.
Ssubinterfaces on a router
Subinterfaces are software-based virtual interfaces, associated with a single physical interface. Subinterfaces are configured in software on a router and each subinterface is independently configured with an IP address and VLAN assignment. Subinterfaces are configured for different subnets corresponding to their VLAN assignment to facilitate logical routing.
What is Tagged traffic?
Tagged traffic refers to traffic that has a 4-byte tag inserted within the original Ethernet frame header, specifying the VLAN to which the frame belongs. The 802.1Q trunk port places untagged traffic on the native VLAN, which by default is VLAN 1.
802.1Q
The IEEE standardized protocol for VLAN trunking.
Can VLAN Trunking Protocol store extended range VLANs?
The VLAN Trunking Protocol (VTP), which helps manage VLAN configurations between switches, can only learn and store normal range VLANs.
What is the meaning of the number 10 in the encapsulation dot1Q 10 native router subinterface command?
The administrator can use the encapsulation command to specify the encapsulation type (IEEE 802.1Q or ISL), the VLAN ID, and optionally the native VLAN.
What happens to a port that is associated with VLAN 10 when the administrator deletes VLAN 10 from the switch?
The port becomes inactive.
What is a characteristic of legacy inter-VLAN routing?
The router requires one Ethernet link for each VLAN.
What is the maximum number of VLANs on router-on-a-stick?
The router-on-a-stick method of inter-VLAN routing does not scale beyond 50 VLANs
What is the maximum number of vlans for the router-on-a-stick method?
The router-on-a-stick method of inter-VLAN routing does not scale beyond 50 VLANs.
A Cisco switch currently allows traffic tagged with VLANs 10 and 20 across trunk port Fa0/5. What is the effect of issuing a switchport trunk allowed vlan 30 command on Fa0/5?
The switchport trunk allowed vlan 30 command allows traffic that is tagged with VLAN 30 across the trunk port. Any VLAN that is not specified in this command will not be allowed on this trunk port.
What is time-to-live value?
The time-to-live value determines exactly how many router hops away the ICMP echo is allowed to reach. The first ICMP echo request is sent with a time-to-live value set to expire at the first router on route to the destination device. When the ICMP echo request times out on the first route, an ICMP message is sent back from the router to the originating device. The device records the response from the router and proceeds to send out another ICMP echo request, but this time with a greater time-to-live value. This allows the ICMP echo request to traverse the first router and reach the second device on route to the final destination. The process repeats recursively until finally the ICMP echo request is sent all the way to the final destination device.
Will devises on different subnets receive an ARP request if they are not divided by vlans?
They will, because in this case they are in the same broadcast domain.
What is needed to create a management VLAN?
To create the management VLAN, the switch virtual interface (SVI) of that VLAN is assigned an IP address and a subnet mask, allowing the switch to be managed via HTTP, Telnet, SSH, or SNMP. Because the out-of-the-box configuration of a Cisco switch has VLAN 1 as the default VLAN, VLAN 1 would be a bad choice for the management VLAN.
What needs to be done to create a management VLAN?
To create the management VLAN, the switch virtual interface (SVI) of that VLAN is assigned an IP address and a subnet mask, allowing the switch to be managed via HTTP, Telnet, SSH, or SNMP. Because the out-of-the-box configuration of a Cisco switch has VLAN 1 as the default VLAN, VLAN 1 would be a bad choice for the management VLAN.
What are Trunk ports?
Trunk ports are the links between switches that support the transmission of traffic associated with more than one VLAN. An 802.1Q trunk port supports traffic coming from many VLANs (tagged traffic), as well as traffic that does not come from a VLAN (untagged traffic).
Type field in a tag section
Type - A 2-byte value called the tag protocol ID (TPID) value. For Ethernet, it is set to hexadecimal 0x8100.
How to check whether the local and peer native VLANs match
Use the show interfaces trunk command to check whether the local and peer native VLANs match. If the native VLAN does not match on both sides, VLAN leaking occurs.
User priority field in a tag section
User priority - A 3-bit value that supports level or service implementation.
Can VLAN 1 be renamed or deleted?
VLAN 1 has all the features of any VLAN, except it cannot be renamed or deleted. By default, all Layer 2 control traffic is associated with VLAN 1.
what VLAN is configured for voice traffic?
VLAN 150
VLAN ID (VID) field in a tag section
VLAN ID (VID) - A 12-bit VLAN identification number that supports up to 4096 VLAN IDs.
What are Extended Range VLAN ID numbers?
VLAN ID between 1006 and 4094.
Does a VLAN trunk belong to a specific VLAN?
VLAN trunk does not belong to a specific VLAN; rather, it is a conduit for multiple VLANs between switches and routers.
Why should a big company choose to use VLAN trunking?
VLAN trunking allows a single physical router interface to route traffic for multiple VLANs. This technique is termed router-on-a-stick and it uses virtual subinterfaces on the router to overcome the hardware limitations based on physical router interfaces.
Are VLANs based on logical or physical connections
VLANs are based on logical connections, instead of physical connections
Explain the router-on-a-stick routing model
When configuring inter-VLAN routing using the router-on-a-stick model, the physical interface of the router must be connected to a trunk link on the adjacent switch. On the router, subinterfaces are created for each unique VLAN on the network. Each subinterface is assigned an IP address specific to its subnet/VLAN and is also configured to tag frames for that VLAN. This way, the router can keep the traffic from each subinterface separate as it traverses the trunk link back to the switch.
Cisco Discovery Protocol (CDP)
a Cisco proprietary Layer 2 protocol to gather information about neighboring Cisco devices. It instructs IP phones to send voice traffic to the switch in one of three ways, depending on the type of traffic: In a voice VLAN tagged with a Layer 2 class of service (CoS) priority value In an access VLAN tagged with a Layer 2 CoS priority value In an access VLAN, untagged (no Layer 2 CoS priority value)
VLAN tag field consists of:
a Type field, a Priority field, a Canonical Format Identifier field, and VLAN ID field
What is VLAN leaking?
an access port might accept frames from VLANs different from the VLAN to which it is assigned
Normal Range VLANs
are identified by a VLAN ID between 1 and 1005.
How to change the port VLAN membership?
change the port VLAN membership using the switchport access vlan command.
Configure Router-on-a-Stick: Router Subinterface Configuration
config t interface g0/0.10 ip address 172.16.10.1 255.255.255.0 encapsulation dot1q 10 interface g0/0.20 ip address 172.16.20.1 255.255.255.0 encapsulation dot1q 20 interface g0/0 no shutdown end
How to configure Legacy Inter-VLAN Routing: Switch Configuration
config t vlan 10 interface f0/0 switchport access vlan 10 copy running-config startup-config
Configure Router-on-a-Stick: Switch Configuration
config t vlan 20 vlan 10 interface f0/0 switchport mode trunk end
How to reset configured value on a switch?
config t interface g0/0 no switchport trunk allowed vlan no switchport trunk native vlan end
How to configure Voice and Data VLANs on the same switchport?
config t vlan 20 name Students vlan 150 name Voice interface f0/18 switchport mode access switchport access vlan 20 mls qos trust cos switchport voice vlan 150
Commands used to assign ports to the already created vlan
config t -> interface g0/0 -> switchport mode access -> switchport access vlan 20 - > end
Commands to configure a switch port on one end of a trunk link
config t -> interface g0/0 -> switchport mode trunk -> switchport trunk native vlan 99 -> switchport trunk allowed vlan 10, 20, 20, 99 -> end
Commands used to add a vlan to a switch
config t -> vlan 99 -> name Students -> end
Configure Legacy Inter-VLAN Routing: Router Interface Configuration
confit t interface g0/0 ip address 172.17.10.1 255.255.255.0 no shut copy running-config startup-config
What is considered a security risk when configuring native and management VLANs?
designing the network with the native VLAN the same as the management VLAN is considered a security risk.
What is a disadvantage of using router-on-a-stick inter-VLAN routing?
does not scale well beyond 50 VLANs
In which location are the normal range VLANs stored on a Cisco switch by default?
flash memory
Command used to simultaneously configure multiple interface?
interface range
What will a Cisco switch do if it receives untagged frames on its trunk port?
it forwards those frames to the native VLAN. But! if there are no devices associated with the native VLAN (which is not unusual) and there are no other trunk ports (which is not unusual), then the frame is dropped.
Is it possible to have more than one management VLAN in a switch?
it is possible to have more than one active SVI theoretically, so a switch can have more than one management VLAN, but having more than one increases exposure to network attacks.
What does the command 'logging synchronous' do?
it prevents console messages from interrupting command entry
Which type of VLAN is used to designate which traffic is untagged when crossing a trunk port?
native
When a Cisco switch receives untagged frames on a 802.1Q trunk port, which VLAN ID is the traffic switched to by default?
native VLAN ID
Which command is used to remove only VLAN 20 from a switch?
no vlan 20
How to remove VLAN 20 from the switch?
no vlan 20 Alternatively, the entire vlan.dat file can be deleted using the delete vlan.dat the erase startup-config command must accompany the delete vlan.dat command prior to reload to restore the switch to its factory default condition.
can VLAN1 be renamed or deleted?
no, it cannot be
An access port can belong to only one VLAN at a time. Are there any exceptions to this rule?
one exception to this rule is that of a port connected to an IP phone and an end device. In this case, there would be two VLANs associated with the port: one for voice and one for data.
how to verify routing connectivity?
ping tracert
Is it a security risk to configure native and management VLAN in one?
setting native VLAN the same as the management VLAN is considered a security risk
Command to verify the switchport status on a port?
show interface f0/18 switchport
Show commands
show interfaces f0/18 switchport show interfaces show interfaces switchport switchport access vlan show vlan brief show vlan show vlan name student show vlan summary show mac address-table show interfaces trunk
command to check which addresses were learned on a particular port of the switch, and to which VLAN that port is assigned,
show mac address-table
The _________ command displays the VLAN assignment for all ports as well as the existing VLANs on the switch.
show vlan
What command to use to see subinterfaces on a router?
show vlan
Which command displays the count of all configured VLANs?
show vlan summary
What is inter-VLAN routing?
the process of forwarding network traffic from one VLAN to another VLAN using routing is known as inter-VLAN routing.
What is a router's primary role?
to move information between networks, not to provide network access to end devices
When configuring a router as part of a router-on-a-stick inter-VLAN routing topology, where should the IP address be assigned?
to the subinterface
Which troubleshooting command to use to check which addresses were learned on a particular port of the switch, and to which VLAN that port is assigned?
'show mac address-table interface f0/1'
What are inter-VLAN routing options?
- Legacy inter-VLAN routing - Router-on-a-Stick - Layer 3 switching using SVIs
Which two characteristics match extended range VLANs? (Choose two.)
- VLAN IDs exist between 1006 to 4094. - They are saved in the running-config file by default.
A network administrator is determining the best placement of VLAN trunk links. Which two types of point-to-point connections utilize VLAN trunking? (Choose two.)
- between two switches that utilize multiple VLANs - between a switch and a server that has an 802.1Q NIC
How to configure a native sub-interface in router-on-a-stick?
-interface g0/0.99 -encapsulation dot1q 99 native - ip .......
Canonical Format Identifier (CFI)
A 1-bit identifier that enables Token Ring frames to be carried across Ethernet links.
Is VLAN trunk OSI layer 2 or 3?
A VLAN trunk is an OSI Layer 2 link between two switches that carries traffic for all VLANs
Data VLAN
A data VLAN is a VLAN that is configured to carry user-generated traffic. A VLAN carrying voice or management traffic would not be a data VLAN. It is common practice to separate voice and management traffic from data traffic. A data VLAN is sometimes referred to as a user VLAN. Data VLANs are used to separate the network into groups of users or devices.
What is a management VLAN?
A management VLAN is any VLAN configured to access the management capabilities of a switch. VLAN 1 is the management VLAN by default
What port is Native VLAN assigned to?
A native VLAN is assigned to an 802.1Q trunk port.
What is a native VLAN assigned to?
A native VLAN is assigned to an 802.1Q trunk port. An 802.1Q trunk port supports traffic coming from many VLANs (tagged traffic), as well as traffic that does not come from a VLAN (untagged traffic).
What is the need for a native vlan?
A native Vlan is designed to allow older equipment to still connect to your network. Cisco does this, they allow for legacy technology you may have. If two legacy devices need to talk to each other accross a switch "Trunk" then you do it with a NATIVE VLAN.
A small college uses VLAN 10 for the classroom network and VLAN 20 for the office network. What is needed to enable communication between these two VLANs while using legacy inter-VLAN routing?
A router with at least two LAN interfaces should be used.
Why is it that a separate VLAN is needed to support Voice over IP (VoIP)?
A separate VLAN is needed to support Voice over IP (VoIP). VoIP traffic requires: - Assured bandwidth to ensure voice quality - Transmission priority over other types of network traffic - Ability to be routed around congested areas on the network - Delay of less than 150 ms across the network. To meet these requirements, the entire network has to be designed to support VoIP.
router-on-a-stick inter-VLAN routing
A single physical interface on the router connects to a trunk port on a switch and routes traffic between multiple VLANs on a network.
A high school uses VLAN15 for the laboratory network and VLAN30 for the faculty network. What is required to enable communication between these two VLANs while using the router-on-a-stick approach?
A switch with a port that is configured as a trunk is needed when connecting to the router.
What is a trunk?
A trunk is a point-to-point link between two network devices that carries more than one VLAN. A VLAN trunk extends VLANs across an entire network. VLAN trunks allow all VLAN traffic to propagate between switches, so that devices which are in the same VLAN, but connected to different switches, can communicate without the intervention of a router.
What does a switch do after inserting the Type and tag control information fields
After the switch inserts the Type and tag control information fields, it recalculates the FCS values and inserts the new FCS into the frame.
Default VLAN
All switch ports become a part of the default VLAN after the initial boot up of a switch loading the default configuration. Switch ports that participate in the default VLAN are part of the same broadcast domain. This allows any device connected to any switch port to communicate with other devices on other switch ports. The default VLAN for Cisco switches is VLAN 1
What kind of traffic does a 802.1Q trunk port support?
An 802.1Q trunk port supports traffic coming from many VLANs (tagged traffic), as well as traffic that does not come from a VLAN (untagged traffic).
Canonical Format Identifier (CFI) field
Canonical Format Identifier (CFI) - A 1-bit identifier that enables Token Ring frames to be carried across Ethernet links
What happens if 802.1Q trunk configuration is not the same on both ends?
Cisco IOS Software reports errors.
Where are VLAN configurations stored?
Configurations are stored within a VLAN database file, called vlan.dat. The vlan.dat file is located in the flash memory of the switch.
What happens if a native VLAN mismatch exists?
Connectivity issues occur in the network if a native VLAN mismatch exists. Data traffic for VLANs, other than the two native VLANs configured, successfully propagates across the trunk link, but data associated with either of the native VLANs does not successfully propagate across the trunk link.
Can a switch port be assigned to several VLANs?
Each switch port can be assigned to only one VLAN (with the exception of a port connected to an IP phone or to another switch).
What must the network administrator do to remove Fast Ethernet port fa0/1 from VLAN 2 and assign it to VLAN 3?`
Enter the switchport access vlan 3 command in interface configuration mode.
VLAN IDs 1002 through 1005
IDs 1002 through 1005 are reserved for Token Ring and Fiber Distributed Data Interface (FDDI) VLANs. IDs 1 and 1002 to 1005 are automatically created and cannot be removed.
What will a trunk port port if it receives a tagged frame with the VLAN ID the same as the native VLAN?
If an 802.1Q trunk port receives a tagged frame with the VLAN ID that is the same as the native VLAN, it drops the frame.
Why would an interface be administratively up and protocol is down?
If no switchports are assigned to the interface then it is down
Legacy Inter-VLAN Routing
In legacy approach, inter-VLAN routing is performed by connecting different physical router interfaces to different physical switch ports. The switch ports connected to the router are placed in access mode and each physical interface is assigned to a different VLAN. Each router interface can then accept traffic from the VLAN associated with the switch interface that it is connected to, and traffic can be routed to the other VLANs connected to the other interfaces. This method of inter-VLAN routing is not efficient and is generally no longer implemented in switched networks.
A Cisco switch currently allows traffic tagged with VLANs 10 and 20 across trunk port Fa0/5. What is the effect of issuing a switchport trunk allowed vlan 30 command on Fa0/5?
It allows only VLAN 30 on Fa0/5.
Is Quality of Service (QoS) enabled in LANs supporting voice traffic?
LANs supporting voice traffic typically also have Quality of Service (QoS) enabled. Voice traffic must be labeled as trusted as soon as it enters the network. Use the mls qos trust cos command to set the trusted state of an interface.
Why not just using subnets instead of vlans?
Multiple IP subnets can exist on a switched network, without the use of multiple VLANs. However, the devices will be in the same Layer 2 broadcast domain. This means that any Layer 2 broadcasts, such as an ARP request, will be received by all devices on the switched network, even by those not intended to receive the broadcast. A VLAN creates a logical broadcast domain that can span multiple physical LAN segments.
Do layer 2 switches have routing tables?
No, they do not
Is it possible to have more than one active SVI?
On 15.x versions of the Cisco IOS for Catalyst 2960 Series switches, it is possible to have more than one active SVI.
How must packets be forwarded which are destined for devices that do not belong to the VLAN?
Packets destined for devices that do not belong to the VLAN must be forwarded through a device that supports routing.
Port Fa0/11 on a switch is assigned to VLAN 30. If the command no switchport access vlan 30 is entered on the Fa0/11 interface, what will happen?
Port Fa0/11 will be returned to VLAN 1.