VLAN Flashcards
What is a collection of computers on a LAN(s) that are grouped together in a single broadcast domain independent of their physical location?
VLAN
Meaning of VLAN
Virtual local area network
With VLAN, can you group devices according to function or traffic patterns?
Yes
Enumerate 3 benefits of using VLAN
- Increased performance by restricting broadcasts
- Improved manageability and simplified network tuning
- Increased security options
What is an Ethernet interface on a VLAN-capable device that connects the device to another VLAN-capable device?
VLAN Trunk Interface
What is a number from 1 to 4094 associated with the VLAN?
VLAN ID (VID)
What’s the range for VLAN ID?
1 to 4094
What is the information that is added to the header of an
Ethernet frame
Tag (noun)
What standard defined the format of the Tag?
IEEE 802.1Q standard
What do you call the verb to add a VLAN tag to a data frame’s Ethernet header?
Tag (verb)
What kind of device adds a tag?
802.1Q-compliant (i.e. router, switch, Firebox)
What kind of packets does 2 802.1Q devices normally carry?
Tagged data packets
What is the term for the physical segment between two 802.1Q devices that typically carries only tagged data packets?
Tagged data segment
What is the term for removing a VLAN tag from a frame’s Ethernet header?
Untag
Where is a VLAN tag removed from?
Frame’s Ethernet header
When should the data frames be configured as untagged?
When an 802.1Q device sends data to a network
device that cannot understand 802.1Q VLAN tags
What is the term for the physical segment between a VLAN device and a device that cannot understand VLAN tags
normally carries only untagged data packets?
Untagged data segment
Are clients are untagged by default?
Yes
How many untagged VLANs are recommended?
1
What is the recommended 1 untagged VLAN for?
Direct management access
What kind of data frames can the interface accept when it’s configured for VLAN?
both tagged and untagged data frames
Can VLAN 10, for example, be a member of eth1 & eth2?
Yes
Can an interface be simultaneously belong to both an external and internal VLAN?
Yes
Can a VLAN interface can send and receive untagged traffic for an external VLAN?
Yes
Tag/Untag: If the interface connects to a device that can receive and understand 802.1Q VLAN tags
Tag
Tag/Untag: Devices you connect to this interface are usually VLAN switches (managed switches) or routers.
Tag
Tag/Untag: If the interface connects to a device that cannot receive and understand 802.1Q VLAN tags
Untag
Tag/Untag: Devices you connect to this interface are usually
computers or printers
Untag
Device interfaces that can use VLAN tags as defined in IEEE 802.1Q
Managed switch or an 802.1Q switch
Can you use VLANs if your Firebox is configured in Drop-In Mode?
No
Can you configure VLANs if your Firebox is configured in Bridge Mode?
No
In bridge mode, what does the Firebox do with VLAN tagged traffic?
Pass between 802.1Q bridges or switches
In bridge mode, can a Firebox be managed from a VLAN that has a specified VLAN tag?
Yes
Are Multi-WAN configuration settings are applied to VLAN traffic
Yes
What determines the number of VLANs you can create?
Firebox device model and license
How to see the number of VLANs you can add to your Firebox?
Policy Manager > Setup > Feature Keys > Total Number
of VLAN Interfaces row
How many VLANs are recommended to be configured to operate on external interfaces?
Not more than 10
Can too many VLANs on external interfaces affect performance
Yes
What should all network segments you want to add to a VLAN must have?
IP addresses on the VLAN network
How do I allow traffic to a VLAN from a device outside the VLAN?
- Add a policy for it
- Include the VLAN’s alias name or subnet in the To section
By default, does the Firebox allow traffic to a device in any VLAN?
No
How do I allow traffic that starts in a VLAN and leaves the VLAN?
Configure the VLAN as a Trusted or Optional zone
Is traffic is not allowed to leave a network protected by the Firebox unless there is a policy to allow it?
Yes
What does the default configuration the Quick Setup Wizard creates for the Firebox include?
Outgoing policy
What does the outgoing policy do?
Allows traffic from Any-Trusted/Any-Optional to Any-External
What happens if the VLAN uses the Trusted or Optional security zone?
Any device in the VLAN can use the Outgoing policy
to send traffic to Any-External
How to allow traffic that starts in one VLAN and goes to another VLAN?
Apply separate security policies to VLANs
By default, can devices in one VLAN see the traffic from another VLAN?
No
What does the Apply firewall policies to intra-VLAN traffic check box do?
Applies firewall policies to traffic between clients on two networks that are part of the same VLAN
What is needed to ensure if policies are applied to intra-VLAN traffic?
No alternate path exists between the source
and destination
