Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
40 Cards in this Set
- Front
- Back
Five reasons for using VLANS
|
1. Segment into smaller LANs;
2. Better security; 3. Separate voice and data traffic; 4. Reduce STP workload; 5. Group users by dept not location |
|
Name the two VLAN trunking protocols. Who defined each?
|
ISL (Cisco) and 802.1q (IEEE)
|
|
Describe ISL trunking protocol
|
Defined by Cisco; Encapsulates original frames; does not use native VLAN
|
|
Describe 802.1q trunking protocol
|
IEEE; Adds 4 bytes to the original frame header; does not encapsulate; uses native VLAN
|
|
Which VLAN trunking protocol encapsulates the original frame?
|
ISL
|
|
What is the "Normal Range" for VLAN numbers
|
1 to 1005
|
|
What is the extended range for VLAN numbers
|
1006 to 4094
|
|
Which trunking protocols support multiple instances of STP?
|
Both ISL and 802.1q
|
|
Name the three VTP modes
|
Server, client, and transparent
|
|
When do VTP changes propagate to the network?
|
Changes propagate immediately. Servers and clients also send periodic messages every 5 minutes.
|
|
Three requirements for VTP to work between two switches
|
working VLAN trunk link; case sensitive VTP domain name must match; cast sensitive VTP password must match, if one exists.
|
|
Where is VTP configuration stored?
|
flash:vlan.dat; note: transparent mode stores in running-config
|
|
What does VTP transparent mode do with VTP update messages?
|
forwards them to other switches
|
|
What does VTP pruning do?
|
Uses VTP to automatically prune; do not send unneeded VLAN frames out trunks
|
|
Can you configure VLANs from the CLI on a client-mode switch?
|
No
|
|
CLI mode and command to configure a VLAN
|
configuration mode;
#vlan <id> [name <name>] name parameter may also go on next line. |
|
CLI mode and command to configure a VLAN on an interface
|
interface mode;
#switchport access vlan <id> |
|
Default VTP mode, VLANs, on a Cisco switch
|
VTP server mode;
no VTP domain name, VLAN 1 and 1002-1005 automatically configured, all access interfaces assigned to VLAN 1 |
|
CLI command to show basic vlan info
|
#show vlan brief
|
|
CLI command to set a range of interfaces to a certain vlan
|
#interface range fa0/10 - 20
#switchport access vlan <id> |
|
Name four switchport modes
|
access
trunk dynamic desirable dynamic auto |
|
CLI command to set switchport mode
|
#switchport mode <mode>
|
|
CLI command to show switchport modes
|
#show interfaces switchport
#show interfaces Gi0/1 switchport |
|
CLI command to allow specific vlans over a trunk
|
#switchport trunk allowed vlan {add | all | except | remove} vlan-list
|
|
Four reasons why a certain vlan would not cross a trunk
|
1. removed from the allowed list
2. does not exist or is not active in switch's vlan.dat 3. automatically pruned by vtp 4. trunk not in forwarding state |
|
CLI to show which vlans are allowed over a trunk
|
#show interfaces trunk
|
|
CLI command to configure voice vlan on access interface
|
#switchport voice vlan <id>
|
|
Why is it necessary to secure unused ports on a switch?
|
Attacker could connect to port, negotiate trunking, mess up VTP database
|
|
Cisco recommendations to protect unused ports (3):
|
shutdown
switchport mode access or switchport nonegotiate switchport access vlan <parking lot vlan> |
|
CLI commands to configure VTP
|
#vtp mode [server | client]
#vtp domain <name> #vtp password <password> #vtp version 2 (optional) |
|
CLI command to configure vtp pruning
|
#vtp pruning (only on servers)
|
|
CLI command to see VTP status
|
#show vtp status
|
|
CLI command to see vtp password
|
#show vtp password
|
|
VTP troubleshooting steps
|
1. verify vtp modes
2. verify working trunk(s) 3. verify vtp domain name and password; |
|
When two switches connect, which VTP database will be used?
|
The one with the higher VTP version number
|
|
How to set VTP version number back to zero
|
#delete flash:vlan.dat
or set mode to transparent then back to server/client |
|
What can cause slow intraVLAN connectivity? 7 items.
|
Traffic loop
Oversubscribed VLAN Congestion on switch inband path High CPU use on switch Hardware or software misconfiguration Software bugs Ingress errors on a cut-through switch |
|
What can cause slow interVLAN connectivity? 3 items.
|
User misconfiguration
Failure in programming shortcuts Hardware malfunctions |
|
VTP: CLI command to show allowed VLANs on a particular trunked interface
|
#show interfaces <fa01> trunk
|
|
VTP: Does a switch in default configuration advertise VTP updates? Why/Why not?
|
No. Even though the switch will be in server mode, it has a blank domain name. It will not send updates until a domain name is configured.
|