Flashcards in Chapter 9: Implementing Ethernet Virtual LANs Deck (41)
1. In a LAN, which of the following terms best equates to the term VLAN?
a. Collision domain
b. Broadcast domain
d. Single switch
2. Imagine a switch with three configured VLANs. How many IP subnets are required,
assuming that all hosts in all VLANs want to use TCP/IP?
e. You can’t tell from the information provided.
3. Switch SW1 sends a frame to switch SW2 using 802.1Q trunking. Which of the
answers describes how SW1 changes or adds to the Ethernet frame before forwarding
the frame to SW2?
a. Inserts a 4-byte header and does change the MAC addresses
b. Inserts a 4-byte header and does not change the MAC addresses
c. Encapsulates the original frame behind an entirely-new Ethernet header
d. None of the other answers are correct
4. For an 802.1Q trunk between two Ethernet switches, which answer most accurately
defines which frames do not include an 802.1Q header?
a. Frames in the native VLAN (only one)
b. Frames in extended VLANs
c. Frames in VLAN 1 (not configurable)
d. Frames in all native VLANs (multiple allowed)
5. Imagine that you are told that switch 1 is configured with the dynamic auto parameter
for trunking on its Fa0/5 interface, which is connected to switch 2. You have to
configure switch 2. Which of the following settings for trunking could allow trunking
to work? (Choose two answers.)
a. Trunking turned on
b. dynamic auto
c. dynamic desirable
e. None of the other answers are correct.
6. A switch has just arrived from Cisco. The switch has never been configured with
any VLANs, but VTP has been disabled. An engineer gets into configuration mode
and issues the vlan 22 command, followed by the name Hannahs-VLAN command.
Which of the following are true? (Choose two answers.)
a. VLAN 22 is listed in the output of the show vlan brief command.
b. VLAN 22 is listed in the output of the show running-config command.
c. VLAN 22 is not created by this process.
d. VLAN 22 does not exist in that switch until at least one interface is assigned to
7. Which of the following commands identify switch interfaces as being trunking interfaces:
interfaces that currently operate as VLAN trunks? (Choose two answers.)
a. show interfaces
b. show interfaces switchport
c. show interfaces trunk
d. show trunks
Basic VLAN concept
With VLANs, a switch
can configure some interfaces into one broadcast domain and some into another, creating
multiple broadcast domains. These individual broadcast domains created by the switch are
called virtual LANs (VLAN).
Reasons for using VLANs
■ To reduce CPU overhead on each device by reducing the number of devices that receive
each broadcast frame
■ To reduce security risks by reducing the number of hosts that receive copies of frames
that the switches flood (broadcasts, multicasts, and unknown unicasts)
■ To improve security for hosts that send sensitive data by keeping those hosts on a separate
■ To create more flexible designs that group users by department, or by groups that work
together, instead of by physical location
■ To solve problems more quickly, because the failure domain for many problems is the
same set of devices as those in the same broadcast domain
■ To reduce the workload for the Spanning Tree Protocol (STP) by limiting a VLAN to a
single access switch
12-bit field supports a theoretical maximum of 212 (4096) VLANs, while in practice, it supports
a maximum of 4094.
802.1Q also defines one special VLAN ID on each trunk as the native VLAN (defaulting
to use VLAN 1). By definition, 802.1Q simply does not add an 802.1Q header to frames in
the native VLAN. When the switch on the other side of the trunk receives a frame that does
not have an 802.1Q header, the receiving switch knows that the frame is part of the native
VLAN. Note that because of this behavior, both switches must agree on which VLAN is the
Routing between VLANs with router-on-a-stick
A much less expensive (and much preferred) option uses a VLAN trunk between the
switch and router, requiring only one physical link between the router and switch, while supporting
Routing between VLANs with Layer 3 switch
In concept, a Layer 3 switch works a lot like the original two devices on which the Layer 3
switch is based: a Layer 2 LAN switch and a Layer 3 router
Configuration checklist for configuring VLANs and assigning
Step 1. To configure a new VLAN, follow these steps:
A. From configuration mode, use the vlan vlan-id global configuration
command to create the VLAN and to move the user into VLAN configuration
B. (Optional) Use the name name VLAN subcommand to list a name for
the VLAN. If not configured, the VLAN name is VLANZZZZ, where
ZZZZ is the 4-digit decimal VLAN ID.
Step 2. For each access interface (each interface that does not trunk, but instead
belongs to a single VLAN), follow these steps:
A. Use the interface command to move into interface configuration mode
for each desired interface.
B. Use the switchport access vlan id-number interface subcommand to
specify the VLAN number associated with that interface.
C. (Optional) To disable trunking on that same interface, so that the interface
does not negotiate to become a trunk, use the switchport mode
access interface subcommand.
Options of the switchport mode command
Command Option Description
ACCESS- Always act as an access (nontrunk) port
TRUNK- Always act as a trunk port
DYNAMIC DESIRABLE-Initiates negotiation messages and responds to negotiation messages to
dynamically choose whether to start using trunking
DYNAMIC AUTO-Passively waits to receive trunk negotiation messages, at which point
the switch will respond and negotiate whether to use trunking
Expected trunking results based on the configuration of the
switchport mode command
List Reasons why a trunk does
Reasons why a trunk does not pass traffic for a VLAN
■ A VLAN has been removed from the trunk’s allowed VLAN list.
■ A VLAN does not exist in the switch’s configuration (as seen with the show vlan
■ A VLAN does exist, but has been administratively disabled (shutdown).
■ A VLAN has been automatically pruned by VTP.
■ A VLAN’s STP instance has placed the trunk interface into a blocking state.
The IEEE standardized protocol for VLAN trunking.
In campus LANs, an Ethernet segment
over which the devices add a VLAN
header that identifi es the VLAN in which the
Trunking administrative mode
gured trunking setting on a Cisco switch
interface, as confi gured with the switchport
A group of devices,
connected to one or more switches, with the
devices grouped into a single broadcast domain
through switch confi guration. VLANs
allow switch administrators to separate the
devices connected to the switches into separate
VLANs without requiring separate physical
switches, gaining design advantages of
separating the traffi c without the expense of
buying additional hardware.
VLAN Trunking Protocol (VTP)
A Cisco proprietary
messaging protocol used between
Cisco switches to communicate confi guration
information about the existence of VLANs,
including the VLAN ID and VLAN name.
VTP transparent mode
One of three VTP
operational modes. Switches in transparent
mode can confi gure VLANs, but they do not
tell other switches about the changes, and
they do not learn about VLAN changes from
Layer 3 switch
multilayer switch- A LAN switch that can
also perform Layer 3 routing functions. The
name comes from the fact that this device
makes forwarding decisions based on logic
from multiple OSI layers (Layers 2 and 3).
A LAN network design
term that refers to a switch interface connected
to end-user devices, confi gured so that
it does not use VLAN trunking.
A switch interface configured
so that it operates using VLAN trunking
(either 802.1Q or ISL).
Global config command that both creates the
VLAN and puts the CLI into VLAN configuration
VLAN subcommand that names the VLAN
VLAN mode subcommand that enables (no
shutdown) or disables (shutdown) the VLAN
Global config command that has the same effect as
the [no] shutdown VLAN mode subcommands
[no] shutdown vlan (vlan-id)