VLANs: Segmentation, Routing, and Configuration

Questions and Answers

What is the primary purpose of VLANs in a switched network?

• To increase the physical distance between network devices.
• To segment the network into logical broadcast domains. (correct)
• To decrease the number of switches required in a network.
• To increase the speed of data transmission across the network.

How does a switch forward frames in a multi-switch environment with VLANs?

• By ignoring VLAN configurations and forwarding all traffic.
• By converting VLANs to IP addresses before forwarding.
• By broadcasting frames to all ports on all switches.
• By forwarding frames only to ports within the same VLAN. (correct)

What is the purpose of configuring a trunk port on a LAN switch?

• To disable VLANs on the switch and allow all traffic.
• To encrypt all data transmitted across the switch.
• To connect end-user devices to the network.
• To carry traffic for multiple VLANs between switches. (correct)

Which of the following describes a key function of VLANs?

Enabling the implementation of access and security policies by grouping users. (B)

Which statement accurately describes the behavior of VLANs regarding IP networks and broadcast domains?

Each VLAN is a broadcast domain, typically with its own IP network. (A)

What is a key characteristic of VLANs regarding the knowledge that hosts have about their VLAN affiliation?

The hosts grouped within a VLAN are unaware of the VLAN's existence. (C)

Which of the following is a benefit of using VLANs in a network?

Improved network security. (D)

Which type of VLAN is configured with all switch ports by default?

Default VLAN (B)

What is the role of VLAN trunks in a multi-switched environment?

To allow VLANs to span across multiple switches. (D)

What is VLAN trunking primarily used for?

Carrying multiple VLANs over a single link. (C)

Which statement best describes a VLAN trunk?

A point-to-point link that carries more than one VLAN. (A)

Which protocol is commonly supported by Cisco IOS for VLAN trunking?

IEEE 802.1q (D)

What is the primary purpose of VLAN tagging?

To identify the VLAN to which a frame belongs. (C)

What action does a switch take before placing frames into trunk links?

Adds VLAN tags (A)

Which of the following accurately describes Inter-Switch Link (ISL) for VLAN trunking?

ISL encapsulates the entire Ethernet frame and includes a VLAN ID. (A)

What is the length (in bits) of the VLAN ID field in both the ISL and IEEE 802.1Q protocols?

12 bits (D)

What happens to broadcast frames sent by a device within a specific VLAN?

They are only forwarded within that VLAN. (C)

In the context of VLANs, what is meant by 'inter-VLAN routing'?

The process of forwarding network traffic between different VLANs, using a router. (A)

Why are Layer 2 switches unable to forward traffic between VLANs without a router?

Layer 2 switches maintain separate MAC address tables for each VLAN and do not inherently route between them. (D)

In legacy inter-VLAN routing, what was a limitation in large networks with many VLANs?

The requirement for many router interfaces. (B)

What is the function of sub-interfaces in 'router-on-a-stick' inter-VLAN routing?

To allow a single physical interface to route traffic for multiple VLANs. (A)

Which of the following best describes the 'router-on-a-stick' approach to inter-VLAN routing?

A single physical interface on the router is configured as an 802.1Q trunk port. (B)

In a 'router-on-a-stick' configuration, how are VLAN members (hosts) configured to communicate with other networks?

They are configured to use the sub-interface address as a default gateway. (C)

What command is used on a Cisco switch to specify the VLANs allowed on a trunk link?

switchport trunk allowed vlan (A)

What command is used to verify the VLAN configuration on a trunk?

show interfaces trunk (D)

When initially configuring VLANs on a Cisco switch, which command is used to enter global configuration mode?

configure terminal (D)

After entering global configuration mode, what is the next step to create a VLAN with an ID of 20?

vlan 20 (A)

What command assigns a name to a VLAN?

vlan <vlan-id> name <name> (A)

After creating a VLAN, how do you assign a port to that VLAN?

Enter interface configuration mode, then use the switchport access vlan command. (D)

How can you remove a VLAN assignment from a port?

Use the no switchport access vlan command in interface configuration mode. (D)

Which command displays a summary of all VLANs configured on a switch?

show vlan summary (D)

What differentiates normal range VLANs from extended range VLANs on Cisco Catalyst switches?

Normal range VLANs have IDs 1-1005 and are stored in the vlan.dat file, while extended range VLANs can have IDs up to 4096 and are stored in the running configuration. (C)

Which range of VLAN IDs is reserved for Token Ring and Fiber Distributed Data Interface (FDDI) VLANs?

1002 to 1005 (A)

Where are the configurations for normal range VLANs stored on a Cisco switch?

In the vlan.dat file (flash memory). (A)

Which of the following accurately describes the primary function of VLAN Trunking Protocol (VTP)?

Managing and propagating VLAN configurations across multiple switches. (D)

What is a characteristic of extended VLANs regarding VLAN Trunking Protocol (VTP)?

VTP can learn and propagate extended VLAN configurations if VTP version 3 is used. (B)

What is the first step in configuring a 'Router-on-a-Stick' setup?

Configure the router interface connected to the switch as a trunk link. (A)

In 'Router-on-a-Stick' configuration, after configuring the physical interface as a trunk, what is the next step in setting up inter-VLAN routing?

Create and configure subinterfaces for each VLAN. (C)

Which command assigns an IP address to a router subinterface in a 'Router-on-a-Stick' configuration?

ip address <ip_address> <subnet_mask> under each subinterface. (A)

In the context of troubleshooting VLANs, what command confirms that traffic for specific VLANs is permitted on a trunk?

show interfaces trunk (B)

Flashcards

What is a VLAN?

A logical grouping of network devices that allows them to communicate as if they were on the same physical LAN segment.

What is a Broadcast Domain?

A broadcast domain is a logical division of a network where all devices can reach each other via broadcast at the data link layer.

How do VLANs affect network communication?

Each logical VLAN acts like a separate physical switch, with its own broadcast domain and MAC address table. Devices in one VLAN cannot directly communicate with devices in another VLAN.

How do VLANs segment networks?

VLANs segment networks based on function, project team, or application, irrespective of physical location.

VLAN Isolation

VLANs are mutually isolated; packets can only pass btween them via a router.

How do VLANs control broadcast domains?

Used to limit the reach of broadcast frames, acting as broadcast domain of its own.

What is VLAN Frame Tagging?

The process of adding a VLAN identification header to a LAN frame, which is standard IEEE 802.1Q.

What is a VLAN Trunk?

A point-to-point link that carries traffic for multiple VLANs. VLAN trunks are typically established between switches.

VLAN trunk

A trunk port must be configured to allow the VLANs to be used over the link.

Switchport trunk allowed vlan

The command used to specify which VLANs are allowed in a trunk line.

Data VLAN

User-generated traffic

Default VLAN

Where all switch ports become part of this VLAN until switch is configured.

Management VLAN

Used to access management capabilities.

Legacy Inter-VLAN Routing

Used actual routers to route between VLANs. Each VLAN was connected to a different physical router interface with IP addresses for that VLAN.

What is Router-on-a-Stick?

A router-on-a-stick uses one physical interface configured as an 802.1Q trunk port. Logical sub-interfaces are created, one per VLAN, each with an IP address from the VLAN it represents.

VLAN Trunking

VLAN Trunking allows a single physical router interface to route traffic for multiple VLANS.

Sub Interfaces

Sub interfaces on a router can be used to divide a single physical interface into multiple logical interfaces. Each physical interface can have up to 65,535 logical interfaces

Normal Range VLANs

VLAN numbers from 1 to 1,005.Configurations are stored in the vlan.dat. IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs.

Extended Range VLANs

VLAN numbers from 1,006 to 4,096. Configurations stored in the running configuration (NVRAM). VLAN Trunking Protocol (VTP) does not learn extended VLANs

Study Notes

VLAN Segmentation

• Focuses on the purpose of VLANs in switched networks
• Explains how switches forward frames based on VLAN configurations in multi-switch environments

VLAN Implementations

• Details configuring a switch port to be assigned to a VLAN based on requirements
• Explains configuring a trunk port on a LAN switch
• Focuses on troubleshooting VLAN and trunk configurations

Inter-VLAN Routing Using Routers

• Describes the options for configuring Inter-VLAN routing
• Explains configuring Router-on-a-Stick Inter-VLAN routing

Broadcast Domains

• Without VLANs, each LAN often constitutes a single broadcast domain potentially leading to network congestion
• Separate broadcast domains can be achieved in a traditional setup using three separate switches

VLANs as Logical Switches

• Each logical VLAN is like a separate physical switch
• Each VLAN is a separate broadcast domain
• Each VLAN contains its own MAC address table
• A computer in one VLAN cannot directly send frames to computers in another VLAN

VLAN Definitions and Characteristics

• Allows administrators to segment networks based on factors like function, project team, or application, irrespective of physical location
• Enables implementation of finely-grained access and security policies
• Acts as a logical partition within a Layer 2 network
• Supports the coexistence of multiple partitions (VLANs)
• Each constitutes its own broadcast domain, typically with its IP network
• VLANs are mutually isolated; traffic passes through a router
• Layer 2 network partitioning occurs within a Layer 2 device, usually a switch
• Hosts within a VLAN are generally unaware of the VLAN

Benefits of VLANs

• Improved Security
• Reduced Cost
• Better Performance
• Smaller Broadcast Domains
• IT Efficiency
• Management Efficiency
• Simpler Project and Application Management

Types of VLANs

• Data VLAN: Carries user-generated traffic
• Default VLAN: Initially includes all of a switch's ports until reconfiguration
• Management VLAN: facilitates access to switch management capabilities

VLAN Trunks in Multi-Switch Environments

• Links are configured between switches to transmit traffic from specified VLANs
• Network functions depend on the presence of VLAN trunks

VLAN Trunks

• Functions as a point-to-point link that carries multiple VLANs
• Typically established between switches to facilitate communication between devices in the same VLAN connected to different switches
• A trunk is not associated with specific VLANs
• Neither are the ports used to establish the connection used to establish the trunk link
• Cisco IOS supports IEEE 802.1q, a popular VLAN trunk protocol.

VLAN Spanning Multiple Switches

• VLANs can span multiple switches, creating a cohesive, logical network segment across a physical infrastructure

VLAN Tagging

• Tagging involves adding an additional header to a LAN frame
• Used to identify which VLAN the frame belongs to
• Cisco refers to tagging as "TRUNKING"
• Trunks are responsible for carrying traffic for multiple VLANs

Controlling Broadcast Domains with VLANs

• Limits broadcast frames
• VLAN works as a broadcast domain.
• Transmits broadcast frames in VLAN
• Controls broadcast frames
• Unicast and multicast frames are forwarded within the originating VLAN.

Tagging Ethernet Frames for VLAN Identification

• Process involves adding a VLAN identification header to a frame
• Properly transmits multiple VLAN frames through a trunk link
• Switches tag frames to identify the VLAN to which they belong
• Different tagging protocols include ISL and IEEE 802.1Q
• Protocol defines structure of the tagging header
• Switches add VLAN tags before placing them into trunk links and removes the tags before forwarding frames through non-trunk ports
• Properly frames can transverse any number of switches via trunk links

VLAN Trunking Types

• ISL (Inter-Switch Link): Cisco Proprietary
• IEEE 802.1Q

ISL (Inter-Switch Link)

• A full Ethernet frame is encapsulated with ISL
• VLAN ID indicates which VLAN it is
• CISCO proprietary

IEEE 802.1Q

• Insertion of the IEEE 802.1Q tag by the switch before sending the frame
• Indicates VLAN (12 bit)

IEEE 802.1q Configuration Commands

• interface FastEthernet0/1
• switchport mode trunk
• switchport trunk allowed vlan 10,20,30,99
• end

Trunk Default State Commands

• configure terminal
• interface interface id
• no switchport trunk allowed vlan
• no switchport trunk native vlan
• end

Troubleshoot VLANs and Trunks

• VLANs must be allowed in the trunk before their frames can be transmitted across the link
• The command switchport trunk allowed vlan is used to specify the VLANs allowed in a trunk link.
• The show interfaces trunk command is used to ensure the correct VLANs are permitted in a trunk.

Routing Between VLANs

• Layer 2 switches cannot forward traffic between VLANs without a router
• The method for forwarding network traffic from one VLAN to another using a router

Legacy Inter-VLAN Routing

• Actual routers were used to route traffic between VLANs
• Each VLANs connected to a physical router interface.
• Packets arrive at router get routed and leave through router
• Routing was achieved using VLANs with ip address to connect to router interfaces.
• Routing required many interafaces

Passing traffic between VLANs

• Each VLAN needs different IP Subnets
• Does not send data framses though VLAN
• Needs MAC addres for each VLAN tables

Passing Traffic between VLANs cont.

• VLANs each need a IP subnet
• Needs a router with 3 LAN ports
• Creates a waste of resources

Router-on-a-Stick Inter-VLAN Routing

• Only requires one physcial interface on the router
• Physcial Interface configures a 802.1Q to understand VLAN tags
• Logical sub interfaces are created from VLANs
• Sub Interface needs to be configrured to route from VLAN
• VLANs configured to become subnet interface in a default route

Subinterfaces configuration

• Subinterfaces on a router can be divided by a single physical network in multiple logical interfac
• Each physical interface can have 65, 535 logical interfaces

Router on a Stick Confiuration

• VLAN trunking allows as single physical interface to route though multiple VLANs
• A physical interface connects to a trunk link on the adjacent switch.
• Sub interfaces are created in each unique VLAN
• Configures a IP sub network to tag frames in a VLAN

Switch configuration

• trunk command
• Subinterfaces enable to configure

Default VLANS

• Assigned in VLAN 1

VLANs Range Support

• Cisco Cataylst 2960 and 3560 series supports over 4000 VLANs
  • Normal 1 to 1005 VLANs
  • Extended Range 1006 to 4096 VLANs

Creating a VLAN Commands

• configure terminal
• vlan vlan-id
• name vlan-name
• end

Assigning Ports

• interface F0/18
• switchport mode access
• switchport access vlan 20
• end

Changing VLAN Commands

• int F0/18
• access
• no switchport

Deleting VLANs Commands

• cof t no vlan end

Assigning Information commands

• show vlan brief id name summary