Switches (VLANs, Trunks, Inter-VLAN Routing Flashcards
(31 cards)
How does a switch learn what entries to place in its MAC addressing table?
A switch learns MAC addresses by examining the source MAC address of incoming frames and associating it with the port the frame arrived on.
What is the difference between an access link and a trunk link? When is each used?
Access links connect end devices to switches and carry traffic for only one VLAN with no tagging.
Trunk links connect switches or switches to routers and carry traffic for multiple VLANs using tagging, allowing VLANs to span the network.
What happens when the two switches at the ends of a trunk link, are using different VLAN numbers as their native VLAN for that link?
It causes a VLAN mismatch, leading to traffic being misrouted or dropped.
Untagged frames sent on the native VLAN may be incorrectly interpreted, resulting in connectivity issues and potential security risks.
What is the difference between a Management VLAN and a Native VLAN? When is each used?
Management VLAN is used to remotely access and manage the switch (e.g., via SSH or Telnet).
Native VLAN is used to carry untagged traffic across a trunk link.
What is a VLAN? What are the characteristics of a VLAN?
VLANs are logical groupings of devices that act like they’re on the same network, even if they’re on different physical LANs.
They’re configured on switch ports, not on end-devices, and keep traffic separate between VLANs.
What are the benefits of VLANs?
- Improved Security
- Devices in different VLANs can’t communicate without a router, limiting access between departments (e.g., HR can’t directly access Finance).
- Better Network Performance
- Reduces broadcast traffic by limiting broadcast domains to smaller groups.
- Logical Grouping
- Users/devices can be grouped by function (not physical location), making networks more flexible and easier to manage.
- Simplified Administration
- Moves, adds, and changes are easier because you don’t need to rewire — just assign the port to a different VLAN.
- Improved Troubleshooting & Containment
- Problems like broadcast storms are contained within a VLAN, making them easier to isolate and fix
What are the different types of VLANs?
VLAN 1
- VLAN 1 became a special VLAN as Layer 2 devices needed to have a default VLAN to assign to their ports.
Default VLAN
- All devices default to VLAN 1.
Native VLAN
- This is for trunk links only.
- All frames are tagged on a trunk link except for those on the native VLAN.
Management VLAN
- This is used for SSH/Telnet VTY traffic and should not be used to carry user/data traffic.
User VLAN
- What is normally thought of when we think of VLANs. A user VLAN is created to segment a group of users, either geographically or logically, from the rest of the network.
Data VLAN
- Dedicated to user-generated traffic (email, web traffic, …).
What is VLAN 1?
By default, all Layer 2 control traffic is associated with VLAN 1. VLAN 1 is:
- The default VLAN.
- The default Native VLAN.
- The default Management VLAN.
- Cannot be deleted or renamed.
Why should a Management VLAN be used?
A separate management VLAN lets admins still access and fix the network during problems like broadcast storms. It also keeps trusted devices (like switches/routers) separate from users, reducing the risk of accidental or intentional access.
What happens in a network without VLANs?
Without VLANs, all devices connected to the switches will receive all unicast, multicast, and broadcast traffic.
With VLANs, that traffic stays only within each VLAN. Devices in different VLANs can’t communicate unless a Layer 3 device (like a router) connects them.
Why are VLAN tags added to frames? What is frame tagging?
Ethernet frames don’t normally show which VLAN they belong to. So, when sent over trunk links carrying multiple VLANs, a VLAN tag is added to each frame (called frame tagging).
Switches add these tags on trunk ports and remove them before sending frames to regular (non-trunk) ports, because end devices don’t understand VLAN tags. The frame’s error-checking info (FCS) is updated accordingly.
Why should a Native VLAN be used?
Native VLANs are defined to maintain backward compatibility with untagged traffic common in legacy LAN scenarios to support devices that do not possess native VLAN tagging capabilities. Unlike other VLANs, the native VLAN does not carry a tag in the network, making it easily understandable by older devices when trunk links are transmitted.
What is Dynamic Trunking Protocol (DTP)? How and why should it be disabled?
DTP is Cisco’s protocol to auto-negotiate trunk links between switches. It helps configure VLAN trunking automatically.
It can be disabled for better security and control using the “switchport nonegotiate” command.
A malicious device could spoof DTP and trick your switch into forming a trunk, giving access to all VLANs. Disabling DTP ensures only intended trunk links are formed.
What are the different DTP modes? What are their purposes?
Access - Permanent access mode and negotiates to convert the neighboring link into an access link.
Trunk - Permanent trunking mode and negotiates to convert the neighboring link into a trunk link.
Dynamic Auto - Will become a trunk interface if the neighboring interface is set to trunk or desirable mode.
Dynamic Desirable - Actively seeks to become a trunk by negotiating with other auto or desirable interfaces.
What is Inter-VLAN routing?
Hosts in one VLAN cannot communicate with hosts in another VLAN unless there is a router or a Layer 3 switch to provide routing services. Inter-VLAN routing is the process of forwarding network traffic from one VLAN to another VLAN.
What are the three Inter-VLAN routing options?
Legacy Inter-VLAN Routing - This is a legacy solution. It does not scale well.
Router-on-a-Stick - This is an acceptable solution for a small to medium-sized network.
Layer 3 Switch Using Switched Virtual Interfaces (SVIs) - This is the most scalable solution for medium to large organisations.
All three inter-VLAN routing options work for both IPv4 and IPv6 addressing. For IPv6 routing, the router must be configured with the “ipv6 unicast-routing” command.
What is Legacy Inter-VLAN Routing? What are its limitations?
Legacy inter-VLAN routing solution relies on using a router with multiple Ethernet interfaces.
Each router interface is connected to a switch port in different VLANs. The router interfaces serve as the default gateways to the local hosts on the VLAN subnet.
Packets would arrive on the router through one interface, be routed and leave through another.
Limitations:
- Requires one physical interface per VLAN on the router.
- Not scalable — limited by the number of physical ports.
- Expensive and complex cabling setup.
- Slower, as traffic leaves the switch, goes to the router, then comes back.
What is Router-on-a-Stick Inter-VLAN Routing?
Router-on-a-stick uses one physical router interface with multiple sub-interfaces to route and tag frames between different VLANs. Each sub-interface is assigned a VLAN and IP address, and the main interface is set as an 802.1Q trunk. Traffic is tagged by VLAN, routed by the sub-interface, and sent back out with the correct VLAN tag.
Limitations:
- Single point of failure — one physical link handles all VLAN traffic.
- Bandwidth bottleneck — limited to the speed of one interface.
- Requires proper trunk configuration on both switch and router.
- Slightly more complex setup and troubleshooting than Layer 3 switching.
What is Inter-VLAN Routing on a Layer 3 Switch? What are the benefits and limitations?
Layer 3 switches (or multilayer switches) perform inter-VLAN routing using switched virtual interfaces (SVIs). Each VLAN gets an SVI, which acts like a router interface to route traffic between VLANs—all within the switch itself.
Benefits:
- Faster performance – Routing is done in hardware (no need to leave the switch).
- Lower latency – Data stays within the switch.
- No external router needed – Routing happens on the switch itself.
- Supports multiple trunk links – EtherChannel boosts bandwidth.
- Reduces bottlenecks – More efficient than router-on-a-stick.
Limitations:
- The only disadvantage is that Layer 3 switches are more expensive.
What are common Inter-VLAN Routing issues? How do you troubleshoot this?
Missing VLANs
- Create (or re-create the VLAN if it does not exist).
Switch Trunk Port Issues
- Ensure trunks are configured correctly and enabled.
Switch Access Port Issues
- Assign correct VLAN to access port.
- Host is incorrectly configured in the wrong subnet.
Router Configuration Issues
- Router sub-interface assigned to the wrong VLAN ID.
- If the physical interface is disabled, all sub-interfaces are disabled.
What happens when a VLAN is deleted?
Any ports assigned to that VLAN become inactive. They remain associated with the VLAN (and thus inactive) until you assign them to a new VLAN or recreate the missing VLAN. Recreating the missing VLAN would automatically reassign the hosts to it.
What is the format of the IEEE 802.1Q header?
The IEEE 802.1Q header is 4 Bytes.
- Type: Marks the frame as VLAN-tagged so devices recognises it uses 802.1Q.
- User Priority: Supports QoS.
- Canonical Format Identifier (CFI): Used in older bridging that can support token ring frames on Ethernet.
- VLAD ID (VID): Identifies the VLAN the frame belongs to.
What is the frame forwarding process on a switch?
- Receives a frame on an interface (ingress port).
- Checks the source MAC address:
a. Adds it to the MAC address table if it’s new.
b. Associates the MAC address with the incoming port. - Checks the destination MAC address:
a. If the destination MAC is in the MAC address table:
i. Forwards the frame only out the port associated with that MAC (unicast).
b. If the destination MAC is not known:
i. Floods the frame out all ports except the one it came in on (unknown unicast).
c. If it’s a broadcast or multicast:
i. Floods the frame out all ports in the same VLAN. - The switch continues learning and updating its MAC address table dynamically.
What are the two switch forwarding methods?
Store-and-Forward Switching: Receives the entire frame and ensures the frame is valid. This is Cisco’s preferred switching method.
Cut-Through Switching: Forwards the frame immediately after reading the destination MAC address of an incoming frame.
