Term
| What is needed for different VLANs to communicate with each other? |
|
Definition
| In order to VLANs to communicate with each other, you need to have a router or layer3 device. |
|
|
Term
| What are some of the benefits when using VLANs in multilayer switched networks? |
|
Definition
- Efficient bandwidth utilization - Solves the scalability problems found in large, flat networks by dividing the network into smaller broadcast domains or subnets. - Security - Provide a basic level of security by allowing segregation of frames that contain sensitive or critical information from unauthorized users on separate VLANs. - Load balancing multiple paths - Combined with routing, VLANs intelligently determine the mest path to a destination and offer load balancing - Isolation of failure domains - Using a router with VLANs effecitvely prevents layer 2 loops, or broadcast-intensive applications from being propagated from a VLAn to other segments. |
|
|
Term
| Local VLANs should not extended beyond what module? |
|
Definition
| Local VLANs should not extend beyond the Building Distribution submodule |
|
|
Term
| What is the difference between a static and dynamic VLAN? |
|
Definition
| Static VLANs include switch ports that are manually assigned to a particular VLAN. Dynamic VLANs are assigned based on a source MAC address that has been entered into a VLAN Management policy Server (VMPS) |
|
|
Term
| How does VMPS work with dynamic VLANs? |
|
Definition
| The VLAN Management Policy Server (VMPS) contains a database that maps the MAC addresses to VLAN assignments. When VMPS is enabled, the switch downloads a MAC address-to-VLAN mapping database from a TFTP server and begins to service client requests. The switch assigns a VLAN to a host based on information in the MAC address-to-VLAN mapping on the VMPS. |
|
|
Term
| How many VLANs can a dynamic port belong to when using dynamic VLANs and VMPS? |
|
Definition
| A dynamic port belongs to only one VLAN at a time. Multiple hosts may be active on a dynamic port only if they all belong to the same VLAN. |
|
|
Term
| What's a better option for security access instead of VMPS? |
|
Definition
| Because of its own management overhead, it may be better to use IEEE 802.1X as a security access feature. |
|
|
Term
| How many VLANs can a Cisco Catalyst switch support? |
|
Definition
| A Cisco Catalyst switch can support up to 4096 VLANs, depending on the platform and software version |
|
|
Term
| Which VLANs cannot be seen or used on a Catalyst switch and are reserved for system use only? |
|
Definition
| VLANs 0, 4095, 1006-1024 are reserved on a Catalyst switch. This means that they cannot be seen or used and are for system use only. |
|
|
Term
| What are the default VLANs on a Catalyst switch for FDDI and token Ring? |
|
Definition
| A Cisco Catalyst switch reserves VLANs 1002-1005 for FDDI and Token Ring. These VLANs cannot be deleted. |
|
|
Term
| What versions of VTP support extended VLANs? |
|
Definition
| A Catalyst switch needs to use VTPv3 and be in tranparent mode to use extended Ethernet VLANs 1025-4095. VTPv1 and v2 do not support extended VLANs |
|
|
Term
| What methods exist for creating VLANs in IOS? |
|
Definition
- Global configuration mode - This mode adds support for configuring extended VLANs not configurable by the VLAN database configuration mode. - VLAN database configuration mode- This mode supports only the configuration of VLANs in normal VLAN range (1-1005) |
|
|
Term
| What mode must you use in order to create an extended range VLAN? |
|
Definition
| You must use global configuration mode to create an extended range VLAN. This option is not supported in VLAN database configuration mode. |
|
|
Term
| What command is used to enter VLAN database configuration mode? |
|
Definition
|
|
Term
| What command creates a VLAN in both configuration and vlan database configuration mode? |
|
Definition
|
|
Term
| What command assigns a name to a VLAN? |
|
Definition
|
|
Term
| What is the difference between VLAN database configuration mode and other modes on a switch? |
|
Definition
| VLAN database configuration mode is session-oriented. This means that any changes like adding, deleting, or modifying VLAN parameters do not take effect on the switch until you enter the apply or exit command. |
|
|
Term
| What command is used to remove any pending changes to the VTP database? |
|
Definition
|
|
Term
| What happen to access ports that belong to a VLAN when it's deleted? |
|
Definition
| The access ports move into the inactive state until the ports are moved to another VLAN as a security measure. |
|
|
Term
| What command creates a VLAN in CatOS? |
|
Definition
| set vlan vlan-id [vlan-name] |
|
|
Term
| What needs to be configured on a Catalyst switch using CatOS before any VLANs can be created? |
|
Definition
| Before any new VLANs can be created on a Catalyst switch running CatOS, the switch requires the configuration of a VTP name or a change of the VTP mode to transparent. |
|
|
Term
| What command configures a VTP domain name on a Catalyst using CatOS? |
|
Definition
| set vtp domain domain-name |
|
|
Term
| What command assigns ports to a VLAN in CatOS? |
|
Definition
| set vlan vlan-id [mod/port] |
|
|
Term
| What command deletes a VLAN in CatOS? |
|
Definition
|
|
Term
| What command would you use to display detailed information about a specific switch port? |
|
Definition
|
|
Term
| What command displays a switch port's characteristics and private VLAN and trunking information? |
|
Definition
| show interface interface_type slot/port switchport |
|
|
Term
| What command displays the MAC address table information for a specific interface in specific VLANs? |
|
Definition
| show mac-address-table interface interface_type slot/port |
|
|
Term
| What were some of the reasons that Cisco introduces private VLANs? |
|
Definition
- Provide security - Reduce the number of IP subnets - Reduce the VLAN's utilization by isolating traffic between network devices residing in the same VLAN |
|
|
Term
| Each private VLAN consists of what 2 supporting VLANs? |
|
Definition
- Primary VLAN - The high-level VLAN of the pVLAN. It can be composed of many secondary VLANs with the secondary VLANs belonging to the same subnet of the primary VLAN. - Secondary VLAN - Every secondary VLAN is a child to a primary VLAN and is mapped to 1 primary VLAN. End devices are attached to secondary pVLANs. |
|
|
Term
| How do promiscuous ports work with primary and secondary VLANs? |
|
Definition
Private VLANs define the use of promiscuous ports. All the devices inthe pVLAN can communicate with the promiscuous ports. A promiscuous port is only part of 1 primary VLAN, but each promiscuous port can map to more than one secondary VLAN. Promiscuous ports are generally router ports, backup servers, or VLAN interfaces.
|
|
|
Term
| What are the 2 different types of secondary VLANs? |
|
Definition
- Community VLANs - Ports that belong to the community VLAN are able to communicate with the other ports in the same community and promiscuous ports of the pVLAN. - Isolated VLANs - Ports that belong to an isolated VLAN can only communicate with promiscuous ports. Isolated ports cannot communicate with other ports in the same isolated VLAN. Each pVLAN has only one isolated VLAN |
|
|
Term
| What are some of the restrictions and limitations with the configuration of pVLANs? |
|
Definition
- Private VLAN configuration requires VTP to be in transparent mode for VTP version 1 and 2 - You cannot configure layer 3 VLAN interfaces for secondary VLANs - Private VLANs are not supported on EtherChannels or span destination ports. |
|
|
Term
| What command configures a VLAN as a specific type of pVLAN? |
|
Definition
private-vlan {community | isolated | primary}
|
|
|
Term
| What command associates the layer 2 secondary VLAN to the primary VLAN? |
|
Definition
| private-vlan association {secondary-vlan-list | add secondary-vlan-list | remove secondary-vlan-list} |
|
|
Term
| What command maps secondary VLANs to the layer 3 VLAN interface of a primary VLAN to allow layer 3 switching of pVLAN ingress traffic? |
|
Definition
| private-vlan mapping {secondary-vlan-list | add secondary-vlan-list | remove secondary-vlan-list} |
|
|
Term
| What interface configuration mode command configures the layer 2 port as a pVLAN port as either a host or promiscuous port? |
|
Definition
| switchport mode private-vlan {host | promiscuous} |
|
|
Term
| What command creates a primary and secondary VLANs using CatOS? |
|
Definition
| set vlan vlan-id pvlan--type {primary | isolated | community} |
|
|
Term
| What command maps a primary VLAN to a secondary VLAN using CatOS? |
|
Definition
| set pvlan primary-vlan-id {isolated-vlan-id | community-vlan-id} |
|
|
Term
| What command binds ports to a primary and secondary pVLAN using CatOS? |
|
Definition
| set pvlan primary-vlan-id {isolated-vlan-id | community-vlan-id} mod\ports |
|
|
Term
| What command specifies which ports will act as promiscuous ports when using CatOS? |
|
Definition
| set pvlan mapping primary-vlan-id {isolated-vlan-id | community-vlan-id} mod/ports |
|
|
