VLANs Flashcards
What OSI Layer do VLANs live at?
Layer 2
True or False - Switches do not forward broadcast traffic by default
False. They do forward broadcast traffic by default
True or False - Switches forward broadcast traffic everywhere, including between IP Subnets
True
What kind of traffic were VLANs designed to segment?
Broadcast Traffic
What does broadcast traffic on a switch bypass?
It bypasses the router and/or the firewall because it’s a Layer 2 broadcast
VLANS segment the LAN into what?
Separate Broadcast Domains
If you have VLANs set up on a switch, the switch will only allow traffic within the same what?
VLAN
How would you create a VLAN on a switch?
vlan {vlan #id}
vlan {name}
How would you put an interface in a specific VLAN?
int {int}
switchport mode access
switchport acc vlan {vlan-id}
How would you configure a range of interfaces from fa0/1 to fa0/5 to go in a VLAN?
int range fa0/1 - 5
sw mode access
sw acc vlan {vlan #id}
What is the command to verify which ports are in specific VLANs?
show vlan brief
What is the command to view specific information about a switchport?
show int {int} switchport
If you’re sending unicast traffic to a different subnet with both devices in VLAN 1 will the traffic make it there without a router?
No, unicast traffic between subnets still need a router to get to where it’s going
Scenario: You have 3 computers.
PC1: 10.10.10.5/24
PC2: 10.10.10.6/24
PC3: 10.10.20.2/24
All 3 are in VLAN 1
If PC1 sends a ping to 10.10.10.255 will PC3 receive that broadcast traffic as well?
Yes, broadcast traffic, regardless of what subnet the device is in, will get forwarded out ALL ports on the switch.
Do switches send traffic between multiple VLANs?
No, routers do this
What encapsulation mode is a VLAN Trunk configured in?
Dot1Q
Why would you want to have trunk ports between switches?
So that your devices can talk to other devices in their same VLAN on other switches.
What happens to the Layer 2 header when it forwards traffic to another switch for the same VLAN?
It tags the Layer 2 Dot1Q header with the correct VLAN
When a switch receives a packet with a Layer 2 header Dot1Q VLAN tag for VLAN 299. What ports will it send that traffic out of?
Only ports configured in VLAN 299
What happens when a switch forwards traffic tagged with a Dot1Q VLAN out to an access port?
It strips the Layer 2 Dot1Q tag. The end device isn’t VLAN aware so it wouldn’t know what do with it
Scenario: If you have a server with multiple VMs running in multiple different VLANs, what should you make sure of?
You need to have the link between the switch and the server trunked
True or False - For a phone that is daisychained, you only need to have the voice vlan command configured
False. You need to the port configured in access mode and also the access vlan designation as well
How would you configure a trunkport?
int {int}
description {description of trunk port}
switchport trunk encapsulation dot1q (modern switches don’t require this command)
switchport mode trunk
Do you need to configure both sides of the link to be a trunk?
Yes
What is the default native VLAN?
1
Do Native VLANs have to match on both sides of a trunk to come up?
Yes
What is a Native VLAN used for?
To assign any traffic which is untagged on a trunk port to the native VLAN
What is a full configuration for a Trunk Port to SW2 with a Native VLAN of 100 on int gi1/0/1
vlan 100
name Native VLAN
int {int}
description Trunk to SW2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 100
How would you LIMIT allowed VLANs on a switch?
Allowed: 10
Allowed: 20
Allowed: 30
Not Allowed: 40
int {int}
switchport trunk allowed vlan 10,20,30
We don’t include 40 because it’s not allowed
If two switches are cabled together in the right circumstances they can negotiate a trunk using what?
Cisco’s Dynamic Trunking Protocol
What is switchport mode dynamic auto?
This command will form a trunk IF the neighbor switch port is set to trunk or switchport mode dynamic desirable
This will form a trunk if the neighbor switch port is set to trunk, desirable or auto. Default on older switches.
sw mode trunk or switchport mode dynamic desirable
How would you disable DTP?
switchport nonegotiate
What command would you enter to check the administrative mode on a switchport?
show int {int} switchport
What 2 items would be in the Operational Mode of a show int switchport command?
It will show whether it’s a Trunk or Access port
What 2 items would be in the Administrative Mode of a show int switchport command?
Dynamic Auto or Dynamic Desirable
An Access port is considered what type of port?
An untagged port
A Trunk port is considered what type of port?
A tagged port
Do untagged packets contain a VLAN tag?
No
How many VLANs can an untagged port belong to?
1
True or False - A tagged port can send both untagged and tagged packets
True
When a tagged port receives an untagged packet it does what?
It applies its native VLAN to that packet
When an untagged port (Access Port) receives a Tagged Packet (Containing a VLAN Tag) the switch will do what?
Send it out the port with that VLAN tag or it will drop the packet if the VLAN tag on the packet is not the same as the VLAN configured on that port
Packets that match the native VLAN configured on a tagged port are sent out as what?
Untagged packet because the tagged port will strip the dot1q header off as it sends it out to the switchport
What is the default DTP mode on modern switches?
Switchport mode dynamic auto
What does VTP stand for?
VLAN Trunking Protocol
What is VTP used for?
VTP allows you to add, edit or delete VLANs on switches configured as VTP Servers and have other switches configured as VTP Clients sync their VLAN database with the Server
Will a transparent mode VTP switch get updated with the Server’s VLAN database?
No, transparent mode will not update anything that the Server mode switch pushes
How do you configure a VTP mode server?
config mode
vtp domain {domain-name}
vtp mode server
How do you configure a VTP mode client?
config mode
vtp mode client
How do you configure a VTP mode transparent switch?
config mode
vtp mode transparent
If you want a transparent switch to know about the VLANs in a network, what do you need to do?
Manually add the VLANs because since it’s in transparent mode it will not receive VLAN database info from the server mode switch
How would you verify VTP?
show vtp status
If you wanted to, could you manually add, edit or delete VLAN database info on a Client mode switch?
No, that has to come the server mode switch
What 3 types of InterVLAN routing are there?
- Router with Separate Interfaces
- Router on a Stick
- Layer 3 Switch Routing
What are the commands to configure Layer 3 Switching on a non-WAN configuration?
ip routing
int vlan {vlan-id) (this creates the SVI)
ip address {ip-address} {subnet-mask}
What are the commands to configure WAN Layer 3 Routing on a Switch?
int {int}
no switchport
ip address {ip-address} {subnet-mask}
then include that port in a network statement for a routing protocol or use a static route
Assigning IP Addresses to an interface in the same subnet as other connected devices on the Router and then tagging them in the proper VLAN on the switch as an access port is considered what type of InterVLAN routing?
Router with Separate Interfaces
Why is Router with Separate Interfaces considered bad practice?
Because you’ll quickly run out of interfaces to use on the router
What commands would be used to configure Router with Separate Interfaces?
On the Router:
int {int}
ip address {ip-address} {subnet-mask}
On the Switch:
sw mode acc
sw acc vlan {vlan}
For Router on a Stick to work the cable going from the Switch to the Router has to be a what?
A Trunk Port
What does a Subinterface look like on a Router?
int fa0/1.10
or even
int gi0/2.20
What are the commands to configure Router on a Stick on the Router and the Switch?
Router
int {int}
no ip address
no shut
exit out of the int
int {sub-interface} – Ex: int fa0/1.10
encapsulation dot1q 10
ip address {ip-address} {subnet-mask} (This will be the gateway address for that VLAN)
On the Switch
int {int}
sw mode trunk
What are the general steps to create a VLAN and have it configured for interVLAN routing and WAN routing to other sites?
- Create the VLAN
- Enable IP Routing
- Create the SVI and IP it w/ a subnet mask
- Configure the Layer 3 interface to have it be a no switchport and add an IP Address and add a subnet mask to it
- Include that Layer 3 interface in a routing protocol or a static route
