VLANS Flashcards
What is a VLAN
A VLAN is a group of devices on one or more LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. A VLAN creates a logical broadcast domain that can span multiple physical LAN segments.
What are the benefits of VLANs
Simplified administration for the network manager: By logically grouping users into the same virtual networks, you make it easy to set up and control your policies at a group level. When users physically move workstations, you can keep them on the same network with different equipment. Or if someone changes teams but not workstations, they can easily be given access to whatever new VLANs they need.
Improved security: Using VLANs improves security by reducing both internal and external threats. Internally, separating users improves security and privacy by ensuring that users can only access the networks that apply to their responsibilities. External threats are also minimized. If an outside attacker is able to gain access to one VLAN, they’ll be contained to that network by the boundaries and controls you have in place to segment it from your others.
Easier fault management: Troubleshooting problems on the network can be simpler and faster when your different user groups are segmented and isolated from one another. If you know that complaints are only coming from a certain subset of users, you’ll be able to quickly narrow down where to look to find the issue.
Improved quality of service: VLANs manage traffic more efficiently so that your end users experience better performance. You’ll have fewer latency problems on your network and more reliability for critical applications. VLANs also make prioritizing traffic much easier, allowing you to make sure critical application data keeps flowing even when lower priority traffic like web browsing spikes.
What are the different types of VLANs
o Default VLAN
o Data VLAN
o Native VLAN
o Management VLAN
o Voice VLAN
Describe the default VLAN
- The default VLAN on a Cisco switch is VLAN 1. Therefore, all switch ports are on VLAN 1 unless it is explicitly configured to be on another VLAN. By default, all Layer 2 control traffic is associated with VLAN 1.
- Important facts to remember about VLAN 1 include the following:
– All ports are assigned to VLAN 1 by default.
– The native VLAN is VLAN 1 by default.
– The management VLAN is VLAN 1 by default.
– VLAN 1 cannot be renamed or deleted.
Describe the data VLAN
- Dedicated to user-generated traffic (email and web traffic).
- VLAN 1 is the default data VLAN because all interfaces are assigned to
this VLAN.
Data VLANs are VLANs configured to separate user-generated traffic. They
are referred to as user VLANs because they separate the network into
groups of users or devices. A modern network would have many data
VLANs depending on organizational requirements. Note that voice and
network management traffic should not be permitted on data VLANs
Describe the management VLAN
- This is used for SSH/Telnet VTY traffic and should not be carried with end
user traffic. - Typically, the VLAN that is the SVI for the Layer 2 switch.
A management VLAN is a data VLAN configured specifically for network
management traffic including SSH, Telnet, HTTPS, HHTP, and SNMP. By
default, VLAN 1 is configured as the management VLAN on a Layer 2
switch.
Describe the native VLAN
- This is used for trunk links only.
- All frames are tagged on an 802.1Q trunk link except for those on the
native VLAN.
The native VLAN is the one into which untagged traffic will be put when it’s received on a trunk port. This makes it possible for your VLAN to support legacy devices or devices that don’t tag their traffic like some wireless access points and simply network attached devices - It is a best practice to configure the native VLAN as an unused VLAN,
distinct from VLAN 1 and other VLANs. In fact, it is not unusual to
dedicate a fixed VLAN to serve the role of the native VLAN for all trunk
ports in the switched domain.
Describe the concept of tagged and untagged traffic
- User traffic from a VLAN must be tagged with its VLAN ID when it is sent
to another switch. Trunk ports are used between switches to support the
transmission of tagged traffic. Specifically, an 802.1Q trunk port inserts a
4-byte tag in the Ethernet frame header to identify the VLAN to which the
frame belongs. - A switch may also have to send untagged traffic across a trunk link.
Untagged traffic is generated by a switch and may also come from legacy
devices. The 802.1Q trunk port places untagged traffic on the native
VLAN. The native VLAN on a Cisco switch is VLAN 1 (i.e., default VLAN)
Describe the voice vlan
- A separate VLAN is needed to support Voice over IP (VoIP). VoIP traffic
requires the following: - Assured bandwidth to ensure voice quality
- Transmission priority over other types of network traffic
- Ability to be routed around congested areas on the network
- Delay of less than 150 ms across the network
- To meet these requirements, the entire network has to be designed to
support VoIP. - In the figure, VLAN 150 is designed to carry voice traffic. The student
computer PC5 is attached to the Cisco IP phone, and the phone is
attached to switch S3. PC5 is in VLAN 20, which is used for student data
*See page 6 for illustration
What types of VLANs are assigned to VLAN 1
The default VLAN
The default Native VLAN
The default Management VLAN
Cannot be deleted or renamed
Explain as much as you can about the last q on page 7
See page 4
What are the different VLAN ranges
Normal
Extended
Describe normal range vlans
- Used in all small- and medium-sized business and enterprise networks.
- They are identified by a VLAN ID between 1 and 1005.
- IDs 1002 through 1005 are reserved for legacy network technologies (i.e.,
Token Ring and Fiber Distributed Data Interface). - IDs 1 and 1002 to 1005 are automatically created and cannot be removed.
- Configurations are stored in the switch flash memory in a VLAN database file
called vlan.dat. - VTP, configured, helps synchronize the VLAN database between switches
Describe extended range vlans
- They are used by service providers to service multiple customers and by
global enterprises large enough to need extended range VLAN IDs. - They are identified by a VLAN ID between 1006 and 4094.
- Configurations are saved, by default, in the running configuration.
- They support fewer VLAN features than normal range VLANs.
- Requires VTP transparent mode configuration to support extended range
VLANs.
What are the VLAN cisco commands
S1(config)# vlan 20
S1(config-vlan)# name student
//assigning interface
S1(config)# interface fa0/6
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 20
//for voice VLANs- in the assignment of an interface instead of access:
S3(config-if)# mls qos trust cos
S3(config-if)# switchport voice vlan 150
S1# show vlan summary
