Implementing VLANs and Trunks Flashcards
What problems do VLANs solve?
- There is virtually no layer 2 security.
- There is no segmentation at layer 2.
- There is no real way to differentiate devices at layer 2. (for QoS, etc.)
In the past, routers were placed everywhere and server were placed on every network.
- Routers are expensive and slow (compared to Switches with their ASIC procs)
- Server are also expensive
What do VLANs do for the network?
- VLANs create multiple broadcast domains / subnets / networks
- VLANs extend the entire layer 2 fabric (stop at router)
- VLANs segment and isolate traffic
What are the VLAN ranges on Cisco Catalyst switches?
0, 4095 - Reserved - For system use only. You cannot use these VLANs
1 - Normal - Cisco default VLAN on a switch. You can use this VLAN, but not delete it. All interfaces belong to this VLAN by default.
2 - 1001 - Normal - Used for Ethernet VLANs
1002 - 1005 - Normal - For legacy reasons, these are used for Token Ring & FDDI VLANs. You cannot delete 1002 - 1005.
1006 - 4094 - Extended - Used for Ethernet VLANs
How do the different VTP version affect the VLANs on the switch?
VLANs 1 - 1005 (normal range) are always saved in the VLAN database (vlan.dat) in flash memory as well as the switch running config (& starting config if saved), regardless of VTP version.
VTP version 1 & 2 - VLANs 1006 - 4094 (extended range) are not stored in the VLAN database, but are stored in the local switch config if VTP mode is set to transparent. VTP version 1 & 2 do not support VTP mode server
VTP version 3 - supports VLANs 1006 - 4094 (extended range) in both transparent and server mode. So the VLANs do get saved in the VLAN database and get propagated.
What is the non-Cisco terms for an switchport in access mode and a switchport in trunk mode?
Access = untagged
Trunk = tagged
What is DTP and how does it behave depending on each side of the communication?
Dynamic Trunking Protocol
dynamic auto + dynamic auto = access
dynamic auto + dynamic desireable = trunk
dynamic desireable + dynamic desireable = trunk
dynamic auto or dynamic desireable + trunk = trunk
dynamic auto or dynamic desireable + acess = access
What would be the command to check if a port had a valid VLAN assigned and was able to communicate normally?
Switch# show interfaces Ethernet0/1 switchport
If you see any of the VLANs marked as (Inactive), then you need to either create that VLAN on the switch or assign the interface to a valid VLAN already on the switch.
Example in screenshot.
What are the common commands to verify VLANs?
show vlan - displays each VLAN id, name, status and ports (and some other info too)
show vlan id vlan_number or show vlan name vlan-name - displays detailed info about that specific VLAN, similar output to the show vlan command.
show vlan brief - displays one line about each VLAN, includes the VLAN number, name, status and ports.
NOTE: Connected trunk ports DO NOT appear in the show vlan brief output.
show mac address-table vlan vlan-id - displays all of the mac addresses in the CAM table for a specific vlan.
What is 802.1Q and what are it’s characteristics?
It is “trunking”. Which is when you combine many VLANs on the same port.
- it allows the transport of frames from different VLANs
- each frame has a tag that specifies the VLAN it belongs to
- the receiving device forwards the frames to the corresponding VLAN based on the tag info
- trunks are point-to-point connections between two network devices lie a server, router, or switch
What is a native VLAN and what is it’s importance?
For a 802.1Q trunk port, there is one VLAN, called the native VLAN, that does not have it’s traffic tagged when going over the trunk link.
By default, that native VLAN is 1.
Both switches must have the same native VLAN configured or errors will occur on the interfaces and any untagged traffic will go to the wrong VLAN on the receiving switch.
NOTE: However, the trunk connections will still stay up and continue to work OK for other VLAN traffic.
What are the commands to configure a trunk port and specifying what ports should be able to go over the link?
NOTE: On older Cisco equipment, you may need to also specify the 802.1Q encapsulation protocol, the default being ISL (Inter-Switch Link).
switchport trunk encapsulation dot1q
Other useful commands to modify the allowed VLAN list is:
switchport trunk allowed vlan add vlan_list
switchport trunk allowed vlan remove vlan_list
What commands can help you verify a trunk port’s configuration?
show interfaces interface-id switchport
show interfaces trunk
show interfaces status
What is the general recommendation for native VLAN configuration?
- Change the native VLAN to something other than 1
- Configure the switch to also tag that traffic, even though it’s the native VLAN
What are the modes of VTP and how do they function?
- VTP mode server - Can create/update/delete VLANs and switches with VTP mode client will look to these for revisions.
- VTP mode client - Cannot create/update/delete VLANs, it only will change based on servers in the VTP domain.
- VTP mode transparent - Do not participate in the vlan database sync with other switches.