Section 9. Implementing VLANs and Trunks

Question 1

Q1-What are VLANs?

Answer 1

VLANs are broadcast domains in a Layer 2 network.

Each VLAN is like a distinct virtual bridge within the switch. Each virtual bridge you create in a switch defines a broadcast domain. By default, traffic from one VLAN cannot pass to another VLAN. Each of the users in a VLAN would also be in the same IP subnet. By default, each access port can belong to only one data VLAN.

Question 2

Q2-What are the six characteristics of a typical VLAN setup?

Answer 2

Six characteristics of a typical VLAN setup are as follows:

Each logical VLAN is like a separate physical bridge.

For different VLANs to communicate with each other, traffic must be forwarded through a router or Layer 3 switch.

Each VLAN is considered to be a separate logical network.

VLANs can span multiple switches.

Each VLAN is a separate broadcast domain.

VLANs can enhance security by logically segmenting a network.

Question 3

Q3-For VLANs to communicate with each other, what network component is needed?

Answer 3

A router or Layer 3 switch is needed for inter-VLAN communication. It is important to think of a VLAN as a distinct virtual bridge in a switch, with is its own IP subnet and broadcast domain. A network device cannot communicate from one IP subnet to another without a router. The same is true for a VLAN; you cannot communicate from one VLAN to another without a router-capable device.

Question 4

Q4-What is VLAN membership?

Answer 4

VLAN membership describes which VLAN a port on a switch is assigned.

Question 5

Q5-What are the three ways that inter-VLAN communication can be established?

Answer 5

The three ways that inter-VLAN communication can be established are as follows:

Router on a stick: Involves a single connection, called a trunk link, from the switch to a router. The trunk link uses a trunking protocol to differentiate between VLANs.

Router with a separate interface in each VLAN.

Layer 3 switch.

Question 6

Q6-What are two methods to assign a port to a VLAN?

Answer 6

The two methods to assign a port to a VLAN are as follows:

Statically: Statically assigning a port to a VLAN is a manual process performed by the administrator.

Dynamically: VLAN Membership Policy Server (VMPS) allows you to define VLAN membership through the MAC address. Security products such as Cisco ISE allow you to set ports on VLANs based on the type of endpoint that connects to the port.

Question 7

Q7-What are trunk links?

Answer 7

Trunk links allow the switch to carry multiple VLANs across a single link.

By default, each port on a switch belongs to VLAN 1. For devices that are in a VLAN (that spans multiple switches) to talk to other devices in the same VLAN, you must use trunking or have a dedicated port for each VLAN.

Trunk links encapsulate frames using a Layer 2 protocol. This encapsulation contains information for a switch to distinguish traffic from different VLANs and to deliver frames to the proper VLANs. The Catalyst 2960 supports 802.1Q as its trunking protocol.

Question 8

Q8-Describe 802.1Q tagging.

Answer 8

IEEE 802.1Q tagging provides an industry-standard method of identifying frames that belong to a particular VLAN. 802.1Q does this by using an internal tag that modifies the existing Ethernet frame with the VLAN identification.

Question 9

Q9-In 802.1Q, what is the native VLAN?

Answer 9

The native VLAN is VLAN1 by default. 802.1Q does not tag the native VLAN across trunk links.

Question 10

Q10-What IOS commands assign interface g0/1 to VLAN 10 and interface g0/2 to VLAN 20?

Answer 10

From global configuration mode, the IOS commands that assign interface g0/1 to VLAN 10 and interface g0/2 to VLAN 20 are as follows:
Cat2960(config)# int g0/1
Cat2960(config-if)# switchport access vlan 10
Cat2960(config-if)# int g0/2
Cat2960(config-if)# switchport access vlan 20

Question 11

Q11-As a network administrator, you want to add gigabit interfaces 1 through 12 to VLAN 10 on your Catalyst 2960 switch. How do you statically assign these ports to VLAN 10?

Answer 11

To configure a range of ports to a VLAN, enter the range command. The following commands from global configuration mode assign ports 1–12 to VLAN 10:
Cat2960(config)# interface range g 0/1 - 12
Cat2960(config-if-range)# switchport mode access
Cat2960(config-if-range)# switchport access vlan 10

Question 12

Q12-Configure a Catalyst 2960 switch with VLAN number 10 and name the VLAN “Accounting.”

Answer 12

To configure a VLAN on a Catalyst 2960 switch, first ensure that the switch is in VTP server or transparent mode. When the switch is in one of these modes, the vlan vlan-id global configuration command adds a VLAN. The vlan-id can be a number from 2 to 1001 for normal-range VLANs and 1006 to 4094 for extended VLANs.
The following walks you through the solution configuration:
Switch(config)# vlan 10
Switch(config-vlan)# name Accounting

Question 13

Q13-As a network administrator, you want to create two VLANs, one named Admin and the other named Sales. What commands will create the two VLANs using VLAN ID 10 for the Admin VLAN and VLAN ID 20 for the Sales VLAN?

Answer 13

Issue the following commands from global configuration mode to create the two VLANs:
Cat2960(config)# vlan 10
Cat2960(config-vlan)# name Admin
Cat2960(config-vlan)# vlan 20
Cat2960(config-vlan)# name Sales

Question 14

Q14-What are normal-range VLANs?

Answer 14

Normal-range VLANs are VLANs with VLAN IDs from 1 to 1005.

If the switch is in VTP server or transparent mode, you can add, modify, or remove configuration for VLANs 2 to 1001 in the VLAN database. VLAN IDs 1 and 1002–1005 are automatically created and cannot be removed. VLAN ID 1 is reserved as the default VLAN and VLAN IDs 1002–1005 are reserved for Token Ring and FDDI.

Question 15

Q15-What are extended-range VLANs?

Answer 15

Extended-range VLANs are VLANs with VLAN IDs from 1006 to 4094. Extended-range VLANs can only be configured if the switch is in VTP transparent mode with the appropriate IOS licensing installed. Extended-range VLAN configurations are not stored in the VLAN database but are stored in the switch running the configuration file.

Question 16

Q16-What command allows you to view information that is specific to VLAN 10?

Answer 16

To view information that is specific to VLAN 10, enter the show vlan id 10 privileged EXEC command, as follows:
Cat2960# show vlan id 10

VLAN Name Status Ports
———————- ——— ——————————-
10 sales active Fa0/1, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12

Question 17

Q17-What IOS commands display information on all configured VLANs?

Answer 17

The show vlan {name vlan-name | id id} command and the show vlan brief command display information on all configured VLANs.

In addition to displaying all information on configured VLANs, the show vlan and show vlan brief commands display the switch interfaces that are assigned to each VLAN.

Question 18

Q18-What are three ways to verify the ports assigned to VLANs?

Answer 18

To verify that a port is assigned to a VLAN, you could use the show vlan (and its applicable extensions), show interface type number, show running-config (and it applicable extensions), show interface status, and show mac-address-table commands. This list is not complete but does include some of the most common commands used by a CCNA candidate. Here is an example of the show running-config interface command for port g0/1 on the switch:
Cat2960# show running-config interface g0/1
Building configuration…
Current configuration : 84 bytes!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access

Question 19

Q19-How do you verify the VLANs on a Catalyst switch and the ports assigned to each VLAN?

Answer 19

You can use two commands to verify the VLANs on a switch: the more detailed show vlan {name vlan-name | id id} privileged EXEC command or the show vlan brief privileged command, as follows:
Switch# show vlan brief
VLAN Name Status Ports
—- ——————- ——— —————————-
1 default active Gi0/2
10 InternetAccess active
20 Operations active Fa0/1, Fa0/2,
30 Administration active Fa0/6, Fa0/7, Fa0/8, Fa0/9
40 Engineering active Fa0/3, Fa0/4,
Fa0/5, Fa0/10, Fa0/11, Fa0/12,
Fa0/13,Fa0/14, Fa0/15, Fa0/16,
Fa0/17, Fa0/18, Fa0/19,Fa0/20
60 Public active Fa0/21, Fa0/22, Fa0/23, Fa0/24
!text-omitted!

Question 20

Q20-How do you configure an interface for trunking on a Catalyst 2960 switch?

Answer 20

To configure an interface for trunking, use the switchport mode trunk interface command.

To enable an interface for trunking on a Catalyst 2960 switch, use the switchport mode [dynamic {auto | desirable} | trunk] interface command. The following examples configure one interface for trunking and a second interface to trunk only if the neighboring device is set to trunk, desirable, or auto:
Cat2960(config)# interface g0/1
Cat2960(config-if)# switchport mode trunk
Cat2960(config-if)# interface g0/2
Cat2960(config-if)# switchport mode dynamic desirable

Question 21

Q21-What is DTP?

Answer 21

Dynamic Trunking Protocol (DTP) is a Cisco-proprietary, point-to-point Layer 2 protocol that manages trunk negotiation. Switches from other vendors do not support DTP.

DTP is enabled by default on a switch port when certain trunking modes are configured on the switch port. DTP manages trunk negotiation only if the port on the other switch is configured in a trunk mode that supports DTP.

Question 22

Q22-When configuring trunking on a Catalyst 2960, what are the four Layer 2 interface modes supported?

Answer 22

The four Layer 2 interface modes supported when configuring trunking on a Catalyst 2960 are as follows:

switchport mode access: Makes the interface a nontrunking access port.

switchport mode dynamic auto: Allows the interface to convert to a trunk link if the connecting neighbor interface is set to trunk or desirable.

switchport mode dynamic desirable: Makes the interface attempt to convert the link to a trunk link. The link becomes a trunk if the neighbor interface is set to trunk, desirable, or auto.

switchport mode trunk: Configures the port to permanent trunk mode and negotiates with the connected device if the other side can convert the link to trunk mode.

Question 23

Q23-What are the default Layer 2 Ethernet interface VLAN settings on a Catalyst 2960 switch?

Answer 23

The default Layer 2 Ethernet interface VLAN settings on a Catalyst 2960 switch are as follows:

Interface mode: switchport mode dynamic auto

Trunking Encapsulation Type: dot1q

Negotiation of Trunking: On

Trunking VLANs: All allowed

Default VLAN: VLAN 1

VLAN pruning eligible range: 2 to 1001

Native VLAN: 1

The switchport mode dynamic auto command allows the interface to convert the interface from an access link to a trunk link. The interface becomes a trunk if the neighboring interface is set to trunk or desirable.

Question 24

Q24-How do you display the trunking interfaces on a Catalyst 2960 switch?

Answer 24

The show interfaces trunk privileged EXEC command shows the interfaces that are trunking on a switch and the trunk configuration, as follows:
Cat2960# show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/1 1-4094
Port Vlans allowed and active in management domain
Gi0/1 1-3,5,10,20,30,40,50,60
Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1-3,5,40

Question 25

Q25-Because VLANs are considered individual broadcast domains, for inter-VLAN communication to occur, a Layer 3 device is needed. What three things must occur for inter-VLAN routing?

Answer 25

Three requirements for inter-VLAN routing to occur are as follows:

The router must know how to reach all VLANs.

The routers must have a separate physical connection for each VLAN, or trunking must be enabled on a single physical connection.

The use of a Layer 3 switch if no router is being used.

Question 26

Q26-What are the three solutions for inter-VLAN routing?

Answer 26

The three solutions for inter-VLAN communication are

Using a router with a separate interface for each VLAN

A router on a stick

A Layer 3 switch

Question 27

Q27-How do you enable routing between VLANs on a router on a stick?

Answer 27

The encapsulation dot1q vlan-id subinterface command enables 802.1Q trunking on a Cisco router.

To configure trunking on a router, first create a subinterface and then configure the subinterface with the encapsulation dot1q vlan-id command, where the vlan-id is the VLAN number of the associated VLAN. The following example enables inter-VLAN routing for VLANs 1 (native VLAN), 10, and 20:
RouterB(config)# int g0/0
RouterB(config-if)# ip address 192.168.1.1 255.255.255.0
RouterB(config-if)# int g0/0.10
RouterB(config-if)# ip address 192.168.10.1 255.255.255.0
RouterB(config-if)# encapsulation dot1q 10
RouterB(config-if)# int g0/0.20
RouterB(config-if)# ip address 192.168.20.1 255.255.255.0
RouterB(config-if)# encapsulation dot1q 20

Question 28

Q28-To enable inter-VLAN routing using a Layer 3 switch, what must be configured on the Layer 3 switch?

Answer 28

To enable a Layer 3 switch to perform inter-VLAN routing, Switch Virtual Interfaces (SVI) on the switch need to be configured, IP routing must be enabled, VLANs must be configured on the switch, and at least one physical port must support the VLANs to be routed.

Question 29

Q29-What is DHCP?

Answer 29

Dynamic Host Configuration Protocol (DHCP) allows a host to obtain an IP address automatically and to set TCP/IP stack configuration parameters such as subnet mask, default gateway, and DNS addresses from a DHCP server.

Question 30

Q30-When a DHCP-enabled client first boots up, what does the client broadcast?

Answer 30

The client broadcasts a DHCPDISCOVER message on the local subnet. The destination address of DHCPDISCPOVER messages is 255.255.255.255.

Question 31

Q31-What is included in a DHCPOFFER message?

Answer 31

In a DHCPOFFER message, initial IP configuration for the client, such as IP address, subnet mask, and default gateway, is included. A DHCPOFFER message originates from the DHCP server.

Question 32

Q32-Because a DHCPDISCOVER message is a broadcast, a router will not forward DHCPDISCOVER messages. If a client is on a different IP subnet than the DHCP server, how do you forward the DHCPDISCOVER message form the client to the DHCP server?

Answer 32

You forward the DHCPDISCOVER message by issuing the ip helper-address dhcpserver-address interface command on the remote router. The ip helper-address global configuration command is entered on the router that the remote host is directly connected to.