Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

myCCNP Switch 300-115 > Practice Q's - PVLANs > Flashcards

Practice Q's - PVLANs Flashcards

1
Q

Which PVLAN port type can only send frames to promiscuous ports?

A. private

B. promiscuous

C. isolated

D. community

E. public

A

Answer: C

Explanation:

There are three types of ports in a private VLAN (PVLAN): promiscuous, isolated, and community. A PVLAN isolated port type can only send frames to promiscuous ports.

Consider the following graphic:

Host B is attached to a promiscuous mode port. In this mode, Host B can send and receive frames with other promiscuous, isolated, or community ports assigned to the same privateVLAN. Therefore, frames can be exchanged with Hosts A or C. Hosts A and C are attached to isolated ports. Isolated ports are able to send frames to promiscuous ports but not to each other.

Isolated and promiscuous ports can be combined to achieve a desired level of separation between particular machines while still allowing required access to services. As another example, suppose that security policy dictated that Host A and Host C cannot communicate with one another, but both computers needed to access a database on Host B. The isolated ports keep them from communicating with one another, while the use of a promiscuous port to Host B allows them to access the database. Any other resources in the network that either machine needs access to should be therefore connected with a promiscuous port.

The third type of port is a community port. A community port can communicate with other community ports of the same private VLAN or promiscuous ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which IOS interface configuration command is required to configure a switch port to be a promiscuous PVLAN access port?

A. switchport mode promiscuous

B. switchport mode promiscuous-vlan

C. switchport mode private-vlan host

D. switchport mode private-vlan promiscuous

A

Answer: D

Explanation:

A promiscuous port type can send frames to all other ports in the same private VLAN (PVLAN). The switchport mode private-vlan promiscuous command configures a port to be a promiscuous port. The syntax is as follows:

  • switch(config-if)# switchport mode private-vlan promiscuous

There are three types of ports in a private VLAN (PVLAN): promiscuous, isolated, and community. A promiscuous port can send and receive frames with other promiscuous, isolated, or community ports assigned to the same private VLAN. Isolated ports are able to send frames to promiscuous ports, but not to each other. A community port can communicate with other community ports of the same private VLAN or with promiscuous ports.

Private VLANs are supported on switches that allow the configuration of primary and secondary VLANs. A primary VLAN carries the traffic between the promiscuous port and the isolated and community ports assigned to the same primary VLAN. There are two types of secondary VLANs, isolated and community. Isolated VLANs carry traffic from isolated ports to promiscuous ports.

Community VLANs carry traffic between community ports and to the promiscuous port. Therefore, on a promiscuous port, you would use the following command syntax to configure its primary and secondary VLANs:

  • switch(config-if)# private-vlan mapping primary_vlan_id secondary_vlan_id

PVLANs are created using the following special VLAN configuration commands:

  • switch(config)# vlan vlan_id
  • switch(config-vlan)# private-vlan [primary | isolated | community]
  • switch(config-vlan)# private-vlan association secondary_vlan_list

Host ports are defined using the following special PVLAN configuration command:

  • switch(config-if)# switchport mode private-vlan host

The command used for isolated and community ports is as follows:

  • switch(config-if)# switchport mode private-vlan host-association primary_vlan_id secondary_vlan_id
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What command should be used to view the private VLANs configured on ports and the private VLAN mappings?

A. show vlan brief

B. show pvlan

C. show interfaces switchport

D. show mac-address-table

A

Answer: C

Explanation:

The command show interfaces switchport is used to verify private VLANs configured on ports and the private VLAN mappings. The following is a sample of the output:

This output reveals that Fa3/1 is a promiscuous port in private VLAN (PVLAN) 20. PVLAN 20 is a member of the primary VLAN 200. Since this is a promiscuous port, it is able to exchange information with all other PVLANs associated with VLAN 200.

The show vlan brief command is only used to view the VLANs that exist and the ports that are members of them. No information about PVLANs and member association is included.

The show mac-address-table command is used to view the MAC addresses stored in the switches memory and the port and VLAN they are members of. No information about PVLANs is included in this output.

The command show pvlan is incorrect due to invalid syntax.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which IOS configuration command is required to configure a VLAN as a private VLAN?

A. switch(config-vlan)# private-vlan common

B. switch(config-vlan)# private-vlan private

C. switch(config-vlan)# private-vlan primary

D. switch(config-vlan)# private-vlan transparent

A

Answer: C

Explanation:

Private VLANs (PVLANs) are created using the following special VLAN configuration commands:

  • switch(config)# vlan vlan_id
  • switch(config-vlan)# private-vlan [primary | isolated | community]
  • switch(config-vlan)# private-vlan association secondary_vlan_list

There are three types of ports in a PVLAN: promiscuous, isolated, and community. A promiscuous port can send and receive frames with other promiscuous, isolated, or community ports assigned to the same private VLAN. The interface on the switch that is the default gateway for the segment should be a promiscuous port. Isolated ports are able to send frames to promiscuous ports, but not to each other. A community port can communicate with other community ports of the same private VLAN or with promiscuous ports.

Private VLANs are supported on switches that allow the configuration of primary and secondary VLANs. A primary VLAN carries the traffic between the promiscuous port and the isolated and community ports assigned to the same primary VLAN. There are two types of secondary VLANs: isolated and community. Isolated VLANs carry traffic from isolated ports to promiscuous ports.

Community VLANs carry traffic between community ports and to the promiscuous port. Ports are defined using the following special PVLAN configuration command:

  • switch(config-if)# switchport mode private-vlan [promiscuous | host]

The command used for isolated and community ports is as follows:

  • switch(config-if)# switchport mode private-vlan host-association primary_vlan_id secondary_vlan_id

The following command syntax is used to configure a promiscuous port’s primary and secondary VLANs:

  • switch(config-if)# private-vlan mapping primary_vlan_id secondary_vlan_id
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What command should be used to view the private VLANs configured on ports and the private VLAN mappings?

A. show vlan brief

B. show pvlan

C. show interfaces switchport

D. show mac-address-table

A

Answer: C Explanation:

The command show interfaces switchport is used to verify private VLANs configured on ports and the private VLAN mappings. The following is a sample of the output:

This output reveals that Fa3/1 is a promiscuous port in private VLAN (PVLAN) 20. PVLAN 20 is a member of the primary VLAN 200. Since this is a promiscuous port, it is able to exchange information with all other PVLANs associated with VLAN 200.

The show vlan brief command is only used to view the VLANs that exist and the ports that are members of them. No information about PVLANs and member association is included.

The show mac-address-table command is used to view the MAC addresses stored in the switches memory and the port and VLAN they are members of. No information about PVLANs is included in this output.

The command show pvlan is incorrect due to invalid syntax.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which PVLAN port types can send frames through a switch to community and promiscuous ports? (Choose two.)

A. public

B. private

C. isolated

D. community

E. promiscuous

A

Answer: D,E Explanation:

Community ports and promiscuous ports can send frames to other community ports and promiscuous ports in the same private VLAN.

There are three types of ports in a private VLAN (PVLAN): promiscuous, isolated, and community. A PVLAN community port (a port in the same VLAN) and promiscuous ports (a port that can forward to all interfaces, including the isolated and community ports within a PVLAN) can send traffic to other community or promiscuous ports.

Isolated ports are able to send frames to promiscuous ports, but not to other isolated ports.

A community port can communicate with other community ports in the same privateVLAN or with promiscuous ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

myCCNP Switch 300-115 (73 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions