Lecture 10: Switching. Vlan. Inter-vlan Flashcards
(20 cards)
What are the main benefits of learning VLANs and switching?
Helps understand how data is forwarded on networks.
Prepares students for configuration in Cisco Packet Tracer.
Covers key concepts like frame forwarding, broadcast/collision domains, VLAN, Inter-VLAN routing, and switch security.
What is the 5-step Cisco switch boot sequence?
- POST (Power-On Self-Test) checks CPU, DRAM, flash.
- Loads boot loader from ROM.
- Initializes CPU registers and memory mapping.
- Initializes flash file system.
- Loads the default IOS image.
What do the main switch LED indicators show on Cisco 2960?
- SYST: Power and health status.
- RPS: Redundant Power Supply status.
- STAT: Port link/activity.
- DUPLX: Duplex mode (full/half).
- SPEED: Port speed (10/100/1000 Mbps).
- PoE: Power over Ethernet status.
- The Mode button toggles LED display between these modes.
What are the two main switch forwarding methods?
Store-and-Forward: Receives full frame and checks for errors before forwarding (Cisco’s preferred method).
Cut-Through: Forwards frame immediately after reading destination MAC address (low latency).
What are collision and broadcast domains?
Collision domain: Where data packets can collide; common in half-duplex setups with hubs.
Broadcast domain: Network area where a broadcast frame is forwarded; VLANs help reduce these.
What is a VLAN and what standard does it follow?
A Virtual Local Area Network is a logical separation within a physical network.
VLANs follow IEEE 802.1Q standard.
VLANs segment the network into smaller broadcast domains.
What are access ports and trunk ports in VLANs?
Access port: Belongs to a single VLAN; used for connecting end devices.
Trunk port: Carries traffic for multiple VLANs; used between switches. Tagged VLANs pass through it, and untagged packets use the native VLAN.
What is the purpose of the native VLAN?
Carries untagged traffic on a trunk port.
By default, it’s VLAN 1, but it is recommended to change it for security.
What are the types of VLANs in Cisco devices?
- Default VLAN (VLAN 1): Used by default; cannot be deleted or renamed.
- Data VLANs: Created for users and hosts.
- Voice VLANs: Dedicated for IP phones and voice traffic.
- Management VLANs: Used to access and manage the switch remotely.
- Native VLAN: Used for untagged traffic on trunk ports.
What is the VLAN ID range on Catalyst switches?
Catalyst 2960 and 3650 switches support over 4000 VLANs.
How do you configure VLANs and assign ports?
- vlan 10 → Create VLAN.
- name student → Name the VLAN.
- interface f0/2
switchport mode access
switchport access vlan 10 - interface g0/1
switchport mode trunk
switchport trunk allowed vlan 10,20
switchport trunk native vlan 99
What are the types of Inter-VLAN Routing?
Legacy routing: One physical port per VLAN on a router.
Router-on-a-Stick: Single trunk port with subinterfaces for each VLAN (e.g., int g0/0.10).
Layer 3 Switch Routing: Uses SVIs (Switch Virtual Interfaces) and enables ip routing.
What is DTP and how do modes interact?
Dynamic Trunking Protocol (DTP) negotiates trunk links automatically.
* Modes: Dynamic Auto, Dynamic Desirable, Access, Trunk.
** Auto + Auto = Access
** Auto + Desirable = Trunk
** Desirable + Desirable = Trunk
** Trunk + Trunk = Trunk
*For security, disable DTP with switchport nonegotiate.
What is VTP?
VTP (VLAN Trunking Protocol) synchronizes VLANs across switches.
Modes:
What are VTPs modes?
Server: Can create, delete, and advertise VLANs.
Client: Cannot create VLANs but receives them from server.
Transparent: Does not participate in advertisements but forwards them.
Config Example:
vtp mode server
vtp domain mydomain
vtp password mypass
What is port security in switches?
Port security restricts access based on MAC addresses.
What are MAC address learning types in port security?
Manual: Admin enters MAC addresses explicitly.
Dynamic: Switch learns MACs automatically but doesn’t save them.
Sticky: Learned MACs are saved to configuration if you save the running-config.
What are port security violation modes?
Protect: Discards unauthorized traffic silently.
Restrict: Discards and logs unauthorized traffic.
Shutdown: Disables the port entirely (default behavior).
What is VLAN hopping and how does double tagging work?
VLAN hopping: Attack where frames are sent into unauthorized VLANs.
Double tagging: Frame contains two VLAN tags, the outer is removed by first switch, second tag lets it access a different VLAN.
How can VLAN attacks be mitigated?
Disable DTP on all access ports (switchport mode access).
Place unused ports into an unused VLAN.
Manually set trunk ports (switchport mode trunk).
Disable DTP on trunks with switchport nonegotiate.
Change native VLAN to a non-default VLAN.
