Home > VLAN Questions 2

VLAN Questions 2

November 24th, 2019 Go to comments

Question 1

Explanation

First let’s review main characteristics of three layers in a campus network:

* Access layer:

+ Low cost per switch port
+ High port density
+ Scalable uplinks to higher layers
+ User access functions such as VLAN membership, traffic and protocol filtering, and quality of service (QoS)
+ Resiliency through multiple uplinks

* Distribution Layer:

+ Aggregation of multiple access-layer devices
+ High Layer 3 throughput for packet handling
+ Security and policy-based connectivity functions through access lists or packet filters
+ QoS features
+ Scalable and resilient high-speed links to the core and access layers

* Core layer:

+ Very high throughput at Layer 3
+ No costly or unnecessary packet manipulations (access lists, packet filtering)
+ Redundancy and resilience for high availability
+ Advanced QoS functions

We can see at Distribution and Core layers, Layer 3 throughput (routing) is very high -> B is correct.

Nowadays, end-to-end VLANs are not recommended in an enterprise network, unless there is a good reason. In an end-to-end VLAN, broadcast traffic is carried over from one end of the network to the other, creating the possibility for a broadcast storm or Layer 2 bridging
loop to spread across the whole extent of a VLAN. This can exhaust the bandwidth of distribution and core-layer links, as well as switch CPU resources. Now the storm or loop has disrupted users on the end-to-end VLAN, in addition to users on other VLANs that might
be crossing the core.

When such a problem occurs, troubleshooting becomes more difficult. In other words, the risks of end-to-end VLANs outweigh the convenience and benefits.

From that we can infer VLAN traffic should be local to the switch -> D is correct.

(Reference: CCNP SWITCH 642-813 Official Certification Guide)

Question 2

Explanation

Normal access port belongs to VLAN 1 by default but this question asks about dynamic-access port. This is a quote from Cisco website about dynamic-access port:

Dynamic-Access Port VLAN Membership

“A dynamic-access port can belong to only one VLAN with an ID from 1 to 4094. When the link comes up, the switch does not forward traffic to or from this port until the VMPS provides the VLAN assignment. The VMPS receives the source MAC address from the first packet of a new host connected to the dynamic-access port and attempts to match the MAC address to a VLAN in the VMPS database.

If there is a match, the VMPS sends the VLAN number for that port. If the client switch was not previously configured, it uses the domain name from the first VTP packet it receives on its trunk port from the VMPS. If the client switch was previously configured, it includes its domain name in the query packet to the VMPS to obtain its VLAN number. The VMPS verifies that the domain name in the packet matches its own domain name before accepting the request and responds to the client with the assigned VLAN number for the client. If there is no match, the VMPS either denies the request or shuts down the port (depending on the VMPS secure mode setting).”

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swvlan.html

So answer B is the best choice here.

Note: “Dynamic-Access port” is a different from the DTP “Dynamic Auto” mode. We can configure “Dynamic-Access port” with the command “switchport access vlan dynamic” (not “switchport mode dynamic auto”).

Question 3

Question 4

Question 5

Explanation

Normal range VLANs are from 1 to 1005. Extended range VLANs are from 1006 to 4094.

In VTP version 1 and 2, extended-range VLANs are not saved in the VLAN database; they are saved in the switch running configuration file. You can save the extended-range VLAN configuration in the switch startup configuration file by using the copy running-config startup-config privileged EXEC command. VTP version 3 saves extended-range VLANs in the VLAN database.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/swvlan.html

Therefore answer B is correct, except that the extended range VLANs should be from 1006-4094 (not 4096).

Question 6

Explanation

When the native VLAN is tagged, all VLANs will be tagged.

Question 7

Explanation

When the switch is in VTP server or transparent mode, you can configure VLANs in the VLAN database mode. When you configure VLANs in VLAN database mode, the VLAN configuration is saved in the vlan.dat file, not the running-config or startup-config files. To display the VLAN configuration, enter the show running-config vlan command.

User-configurable VLANs have unique IDs from 1 to 4094. Database mode supports configuration of IDs from 1 to 1001, but not the extended addresses from 1006 to 4094.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/vlans.html#wp1037080

Question 8

Explanation

Normal range VLANs are from 1 to 1005 (in which VLANs 1002 to 1005 are Cisco defaults for FDDI and Token Ring. You cannot delete these VLANs). Extended range VLANs are from 1006 to 4094.

Question 9

Question 10

Comments
  1. bierrrr
    January 11th, 2020
  2. John2020
    January 25th, 2020

    @certprepare

    Please help with question 6. It is asking about the behavior of VLAN 1 BPDUs, how can the answer the second answer be PVST+ VLAN 99 BPDU travel across VLAN 99 tagged ?

    Please help with correct answers ?

    Thanks

  3. flkang
    January 28th, 2020

    Hello, about Q6.

    For me just answer A is correct

    When vlan dot1q tag native “command is applied control traffic continues to be accepted as untagged ON THE NATIVE VLAN on a trunked port”.

    https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/nxos/commands/l2/vlan-dot1q-tag-native.html

    The question states that native vlan is 99. I also fund that VLAN1 STP BPDUs are always sent untagged.

    So answer A. Normal STP VLAN 1 BPDU travel across VLAN 99 untagged

    Answer D seems to be correct, but I think it should said “PVST+ VLAN 99 BPDU travel across VLAN 99 UNTAGGED” instead of

    D. PVST+ VLAN 99 BPDU travel across VLAN 99 tagged

    If anybody can help plsss!!

  4. flkang
    January 28th, 2020

    Regarding Q5

    Vlan IDs go from VLAN 0 to VLAN 4095. Beeing those vlans (0 and 4095) reserved and not use in the 802.1q.

    Epyon is correct range should say 1006-4094

  5. polleke
    February 6th, 2020

    The question is about: the native VLAN (which is VLAN 99) and the native VLAN being tagged. So VLAN 99 being tagged. This is B and D.
    But in real life……..
    A. Normal STP VLAN 1 BPDU travel across VLAN 99 untagged –> Correct
    B. PVST+ VLAN 1 BPDU travel across VLAN 99 tagged –> Always tagged over VLAN 1
    C. Normal STP VLAN 1 BPDU travel across VLAN 1 untagged –> Always untagged over VLAN 99
    D. PVST+ VLAN 99 BPDU travel across VLAN 99 tagged –> Always tagged over VLAN 1

  6. King in the Castle
    February 11th, 2020

    Q2 A dynamic access port is member of which VLAN by default?

    A. VLAN 1 is the default VLAN.
    B. All VLANs are permitted in a dynamic access port link.
    C. By default the port has to participate in a VLAN election to determine which VLAN a port is assigned.
    D. None until the port VLAN is determined.

    @certprepare please update the options.
    I believe the correct answer for this should be B

  7. King in the Castle
    February 11th, 2020

    Sorry my bad correct answer is D.

    Default VMPS Client Configuration
    The following table shows the default VMPS and dynamic-access port configuration on client switches.

    Table 1 Default VMPS Client and Dynamic-Access Port Configuration

    Feature Default Setting

    VMPS domain server None

    VMPS reconfirm interval 60 minutes

    VMPS server retry count 3

    Dynamic-access ports None configured

  1. No trackbacks yet.