Cisco Switch Configuration

Questions and Answers

Which command combination is used on a Cisco switch to establish a trunk link with a device that does not support DTP?

• `switchport mode dynamic auto` and `switchport nonegotiate`
• `switchport mode access` and `switchport nonegotiate`
• `switchport mode trunk` and `switchport nonegotiate` (correct)
• `switchport mode dynamic desirable` and `switchport nonegotiate`

The default DTP mode on Cisco Catalyst switches is switchport mode trunk.

False (B)

What is the result of connecting two Cisco switch interfaces configured with switchport mode dynamic auto to each other?

access link

To ensure that a trunk is always established, statically configure the interface with switchport mode ______.

trunk

Match the following switchport modes with their descriptions:

switchport mode access = Puts the interface into permanent non-trunking mode. switchport mode trunk = Puts the interface into permanent trunking mode. switchport mode dynamic auto = Interface becomes a trunk if the neighboring interface is set to trunk or desirable mode. switchport mode dynamic desirable = Interface becomes a trunk if the neighboring interface is set to trunk, desirable, or dynamic auto mode.

What is the range of VLAN numbers designated as Extended Range VLANs?

1006 to 4096 (C)

VLAN Trunking Protocol (VTP) automatically learns extended VLANs.

False (B)

After creating a VLAN, what is the next essential step to make it functional?

assign ports to the VLAN

The command switchport mode access is used to configure a port as an ______ port.

access

Which command is used to remove a VLAN from a switch's configuration?

no vlan vlan-id (A)

Deleting the vlan.dat file is possible regardless of its location on the switch.

False (B)

What command is used to configure a switch port to be in permanent trunking mode?

switchport mode trunk (A)

Match the command with its function:

show vlan brief = Displays a summary of VLAN configurations. switchport trunk allowed vlan = Specifies which VLANs are allowed on a trunk link. show interfaces switchport = Displays the switchport configuration. switchport mode access = Sets the interface to access mode

Which of the following is a common cause of IP addressing issues within VLANs?

Devices in the same VLAN belonging to different IP networks. (B)

If a VLAN to which a port belongs is deleted, the port remains active and continues to forward traffic to other VLANs.

False (B)

What is the most common cause of trunking issues in a network?

Incorrect configurations

If a switch port is configured as an access port instead of a trunk port, devices connected to it may not be able to reach devices on other ______.

VLANs

What command output would help identify if a switch is not allowing traffic for a specific VLAN across a trunk link?

show switchport trunk allowed vlan (A)

Match the trunking modes with their descriptions:

Trunking = Interface is set to trunking. Non-trunking = Interface is set to non-trunking. Negotiate trunking = Interface is set to negotioate trunking with the neighbor interface.

What is the primary function of a VLAN?

To logically segment a Layer 2 network. (D)

What is the function of the Dynamic Trunking Protocol (DTP)?

Managing trunk negotiation between network devices. (B)

Dynamic Trunking Protocol (DTP) is an open standard protocol supported by all network device vendors.

False (B)

Packets can pass freely between different VLANs without the need for a router or Layer 3 device.

False (B)

Which VLAN is enabled on all switch ports by default?

VLAN 1

A VLAN that carries all untagged traffic is known as the ______ VLAN.

Native

Which of the following is NOT a benefit typically associated with using VLANs?

Increased network complexity due to additional configuration. (D)

Match the VLAN type with its description:

Data VLAN = Carries user-generated traffic Native VLAN = Carries untagged traffic Management VLAN = Carries network management traffic Voice VLAN = Supports time-sensitive voice traffic

Which is a key requirement for a voice VLAN to ensure voice quality?

All of the above (D)

What is the purpose of a VLAN trunk in a multi-switched environment?

To carry multiple VLANs over a single link

What is the primary function of a VLAN trunk?

To serve as a conduit for multiple VLANs between network devices. (C)

Cisco IOS exclusively supports a proprietary VLAN trunking protocol that is not compatible with IEEE standards.

False (B)

What is the purpose of VLAN tagging on Ethernet frames?

VLAN Identification

Before a frame is forwarded across a trunk link, it must be ______ with its VLAN information.

tagged

What is the range of normal VLANs?

1 to 1005 (A)

IDs 1002 through 1005 are reserved for legacy Token Ring and Fiber Distributed Data Interface (FDDI) VLANs, they can be removed.

False (B)

What is the result of a switch port receiving a broadcast frame?

The frame is forwarded out all ports, excluding the originating port. (B)

Match the field with the action regarding VLAN tags on Ethernet frames:

Trunk Links = Add VLAN tag information before sending frames Non-Trunk Ports = Remove VLAN tags before forwarding frames 802.1Q VLAN tag = Includes VLAN ID (VID)

Flashcards

Enable Trunking (no DTP)

Commands to enable trunking when DTP isn't supported.

Default DTP Mode

Default DTP configuration on Cisco Catalyst switches.

switchport mode access

Command to set an interface to permanent non-trunking mode.

switchport mode trunk

Command to set an interface to permanent trunking mode.

switchport nonegotiate

Prevents interface from generating DTP frames.

Extended Range VLANs

VLAN numbers ranging from 1006 to 4096.

switchport access vlan vlan-id

A command used in interface configuration mode to assign a port to a specific VLAN.

Access Port VLAN limit

A port that can only belong to one VLAN at a time.

no vlan vlan-id

A global configuration command used to remove a VLAN.

delete vlan.dat

A privileged EXEC mode command to delete the VLAN database file.

VLAN Trunk

An OSI Layer 2 link between two switches that carries traffic for multiple VLANs.

IEEE 802.1Q

A popular VLAN trunking protocol supported by Cisco IOS.

VLANs

Limits the reach of broadcast frames by creating separate broadcast domains.

Frame Tagging

The process of adding a VLAN identification header to a frame.

IEEE 802.1Q

A VLAN trunking protocol that defines the structure of the tagging header.

VLAN ID (VID)

The field within the 802.1Q VLAN tag that identifies the VLAN.

Normal Range VLANs

VLAN numbers ranging from 1 to 1005, with configurations stored in the vlan.dat file.

Reserved VLAN IDs

Automatically created VLANs (1002-1005) reserved for legacy Token Ring and FDDI VLANs.

VLAN (Virtual LAN)

A logical partition of a Layer 2 network, allowing segmentation of LAN devices regardless of physical location.

VLAN Isolation

Each VLAN is a separate broadcast domain, isolated from other VLANs. Packets can only cross between VLANs via a router.

Default VLAN

All switch ports are members of this VLAN by default. Often referred to as VLAN1

Data VLAN

VLANs created to carry user-generated traffic for specific groups or devices.

Native VLAN

The VLAN that carries untagged traffic, which does not originate from a VLAN port. It is VLAN 1, by default.

Management VLAN

A VLAN specifically for carrying network management traffic like SSH, SNMP, and Syslog.

Voice VLAN

A VLAN configured to prioritize time-sensitive voice traffic, ensuring quality with assured bandwidth and low delay.

Resetting a Trunk

Returning a trunk port to its default settings.

VLAN IP Addressing

VLANs are often linked with IP networks; devices in one VLAN must be in the same IP network to communicate without a router.

Missing VLAN

If a device can't connect, and IP addresses are correct, check if the VLAN exists on the switch.

Common Trunk Problems

Occur due to configuration mistakes.

Incorrect Port Mode

A trunk port mistakenly configured as an access port.

Incorrect VLAN List

Trunk not allowing traffic for a specific VLAN

Dynamic Trunking Protocol (DTP)

A protocol that manages trunk negotiation between network devices.

Trunk Negotiation

Interfaces can automatically negotiate trunking with neighboring interfaces.

Study Notes

VLAN Definitions

• VLANs segment LAN devices regardless of their physical location.
• In a scenario depicted, IT, HR, and Sales users on different floors connect to the same LAN segment.
• A VLAN (virtual LAN) is a logical partition of a Layer 2 network.
• With VLANs, you can create multiple partitions and allow multiple entities to co-exist.
• Layer 2 partitioning occurs within a Layer 2 device, commonly a switch.
• Each VLAN serves as a broadcast domain that spans multiple physical LAN segments.
• Hosts within the same VLAN do not know of the VLAN's existence.
• VLANs are isolated; data packets traverse them only via a router.

Benefits of VLANs

• VLANs can help with improved security, reduced costs, and better performance.
• Additional benefits of VLANS include smaller broadcast domains, IT efficiency, and application management.

Types of VLANs

• Default VLAN is also known as VLAN 1.
• All switch ports are members of VLAN 1 by default.
• Data VLANs are created for specific groups of users and carry user-generated traffic.
• Native VLAN carries all untagged traffic, specifically traffic not originating from a VLAN port.
• The native VLAN is VLAN 1 by default.
• Management VLAN carries network management traffic like SSH and SNMP, often the default VLAN 1.

Voice VLANs

• Cisco switches support voice VLANs for time-sensitive voice traffic which require assured bandwidth.
• Voice VLANs maintain a delay of less than 150 ms and give transmission priority, routing around congested areas.
• A voice VLAN feature enables access ports to handle user and IP voice traffic.
• An S3 F0/18 interface tags student traffic configured on VLAN 20 and voice traffic on VLAN 150.

VLAN Trunks

• A VLAN trunk is a point-to-point link that carries more than one VLAN.
• They're established between switches to support intra VLAN communication.
• VLAN trunks are not specific to a single VLAN but act as conduits for multiple VLANs between switches and routers.
• Cisco IOS supports IEEE 802.1Q, which is a popular VLAN trunking protocol.
• A trunk can connect a network device and server if equipped with a 802.1Q-capable NIC.
• Links between switches S1 and S2 and S1 and S3 are configured to transmit traffic from VLANs 10, 20, 30, and 99 across the network.

Controlling Broadcast Domains with VLANs

• A switch port forwards a broadcast frame to all ports, excluding the originating port in one broadcast domain.
• VLANs are used to limit the reach of broadcast frames by creating separate broadcast domains.
• VLANs controls broadcast reach in the network.

Tagging Ethernet Frames for VLAN Identification

• Frames are tagged with VLAN information before being forwarded across a trunk link.
• Frame tagging involves adding a VLAN identification header to the frame to properly transmit frames across a trunk link.
• IEEE 802.1Q is a popular protocol that defines the tagging header structure.
• Switches add VLAN tagging information after the Source MAC address field.
• VLAN ID (VID) is part of the 802.1Q VLAN tag.
• Trunk links add tag information before sending frames, removing the tag on non-trunk ports.

VLAN Ranges on Catalyst Switches

• VLANs are split into normal and extended ranges.
• Normal range VLANs are numbered 1 to 1,005.
• Normal range VLAN configurations are stored in vlan.dat file.
• VLAN IDs 1002 to 1005 are reserved for legacy Token Ring and Fiber Distributed Data Interface (FDDI).
• Extended range VLANs are numbered from 1,006 to 4,096.
• Extended range VLAN configurations are stored in the running configuration (NVRAM).
• VLAN Trunking Protocol (VTP) does not learn extended VLANs.
• Cisco Catalyst 2960 and 3560 Series switches support over 4,000 VLANs.

Creating a VLAN

• The command to create a VLAN is vlan 100,102,105-107 in global configuration mode

Assigning Ports to VLANs

• After VLAN creation, the next step is assigning it to a port.
• An access port can belong to only one VLAN at a time.
• To assign a port to a VLAN, use switchport mode access and switchport access vlan vlan-id in the interface configuration.
• The configurations assign traffic on the port to the specified VLAN.
• The IP address and subnet mask configured on the PC should match the subnet for the VLAN.
• The switchport access vlan command forces VLAN creation if it doesn't exist.

Changing VLAN Port Membership

• VLAN configuration can be changed using commands in the interface mode such as no switchport access vlan.
• Even if interface F0/18 was assigned to VLAN 20, it resets the switchport back to the default VLAN1 after using the command.

Deleting VLANs

• Delete VLANS using the no vlan vlan-id global configuration mode command.
• Use the delete vlan.dat privileged EXEC mode command to delete the entire vlan.dat file.
• This command is used only if the vlan.dat file hasn't moved from its original location.

Verifying VLAN Information

• VLAN configurations are validated using the show vlan and show interfaces commands.
• The show vlan [brief | id vlan-id | name vlan-name | summary] command varies depending on the parameter used.
  • brief, displays one line for each VLAN showing the name, status, and ports.
  • id vlan-id, displays information about a VLAN identified by its ID number (range: 1 to 4094).
  • name vlan-name, displays information for a single VLAN via its name.
  • summary, displays information about a single VLAN with its name, which is an ASCII string from 1 to 32 characters.
• The show interfaces [interface-id | vlan vlan-id] | switchport command:
  • interface-id lists port types, modules, numbers, and channels (range is 1 to 16).
  • vlan vlan-id is VLAN identification and whose range is 1 to 4094.
  • switchport shows the administrative/operational status of a switching port.

Configuring IEEE 802.1q Trunk Links

• A VLAN trunk is an OSI Layer 2 link that carries traffic for all VLANs (unless restricted).
• switchport mode trunk puts the port into permanent trunking mode.
• switchport trunk allowed vlan specifies which VLANs are allowed on the trunk.

Resetting the Trunk to Default State

• The trunk is reset to the default state using these commands: no switchport trunk allowed vlan, no switchport trunk native vlan.

IP Addressing Issues with VLANs

• It's common to associate a VLAN with an IP network.
• Different IP networks must communicate through a router.
• All devices within a VLAN must be part of the same IP network.

Missing VLANs

• You must check the device configuration to ensure the device is correctly assigned to a VLAN.
• If the VLAN to which the port belongs is deleted, the port becomes inactive.

Common Problems with Trunks

• Trunking issues usually stem from incorrect configurations.
• Common trunk configuration errors include native VLAN mismatches, trunk mode mismatches, and allowed VLANs on trunks.
  • Native VLAN Mismatches will cause pose a security risk and create unintended results.
    • For example, one port uses VLAN 99 while the other uses VLAN 100.
  • Trunk Mode Mismatches will cause a loss of network connectivity.
    • For example, one side of the trunk is configured as an access port.
  • Allowed VLANs on Trunks will cause unexpected traffic or no traffic.
    • The list of allowed VLANs does not support current VLAN trunking requirements.

Incorrect Port Mode

• In an example, PC4 can't reach the Web server because the S3 trunk port is configured as an access port.

Incorrect VLAN List

• In an example, PC5 cannot reach the Student Email server because the switchport trunk allowed vlan command reveals S1 isn't allowing VLAN 20.

Introduction to DTP

• Ethernet trunk interfaces support different trunking modes. An interface is set to negotiate trunking or non-trunking with the neighbor interface.
• Trunk negotiation is managed by DTP.
• Dynamic Trunking Protocol (DTP) is a Cisco proprietary protocol.
• DTP is automatically enabled on Catalyst 2960X and Catalyst 3650 Series switches
• You can enable trunking via the switchport mode trunk and switchport nonegotiate commands.

DTP Defaults

• The default configuration for Cisco Catalyst switches is dynamic auto.
• The link between interfaces configured to ignore DTP and stay in trunking mode becomes a trunk.
• Setting the link between S1 and S3 with dynamic auto (default) sets an access link.
• It’s recommended to statically configure with switchport mode trunk.

Negotiated Interface Modes

• The different trunking modes include switchport mode access, switchport mode trunk,switchport mode dynamic auto, switchport mode dynamic desirable, and switchport nonegotiate.
• switchport mode access puts the interface into permanent non-trunking mode and negotiates to convert link to a non-trunk link.
• switchport mode trunk puts the interface into permanent trunking mode and negotiates to convert link to a trunk link.
• switchport mode dynamic auto interface becomes a trunk if the neighboring interface is set to trunk or desirable mode.
• switchport mode dynamic desirable turns the interface into a trunk if the neighboring interface is trunk, desirable, or dynamic auto mode.
• switchport nonegotiate prevents the interface from generating DTP frames.

Description

This lesson covers trunk link establishment, DTP, and VLAN configuration on Cisco switches. It includes switchport modes, VLAN ranges, and essential steps for VLAN setup. It also touches on removing VLANs and the switchport mode access command.