Home > VLAN Questions 4

VLAN Questions 4

November 24th, 2019 in SWITCH 300-115 Go to comments

Question 1

Question 2

Question 3

Explanation

Normal range VLANs are from 1 to 1005 (in which VLANs 1002 to 1005 are Cisco defaults for FDDI and Token Ring. You cannot delete these VLANs). Extended range VLANs are from 1006 to 4094.

Question 4

Question 5

Explanation

If VLAN 20 has not been created in the switch then the command “switchport access vlan 20” will automatically create this VLAN.

Question 6

Question 7

Explanation

You can configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone -> Therefore we can configure two VLANs in total.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_40_se/configuration/guide/scg/swvoip.pdf

Question 8

Explanation

Normal range VLANs are from 1 to 1005 (in which VLANs 1002 to 1005 are Cisco defaults for FDDI and Token Ring. You cannot delete these VLANs). Extended range VLANs are from 1006 to 4094. When you configure VLANs in VLAN database mode, the VLAN configuration is saved in the vlan.dat file, not the running-config or startup-config files.

When the switch is in VTP server or transparent mode, you can configure VLANs in the VLAN database mode.

Question 9

Explanation

VTPv3 supports for extended VLAN range (VLANs 1006 to 4094). VTP versions 1 and 2 only supports VLANs 1 to 1005. If extended VLANs are configured, we cannot convert from VTP version 3 to version 1 or 2. VTP version 3 saves extended-range VLANs in the VLAN database.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvtp.html

If you configure extended VLANs, you must also enable the spanning-tree extended system-ID feature (with the command “spanning-tree extend system-id”).

Reference: https://users.iit.uni-miskolc.hu/~szkovacs/HaloII/VLAN/ht_xvlan.pdf

Question 10

Question 11

Question 12

Explanation

CDP and VTP are always use VLAN 1 even if we change the native VLAN to another VLAN.

Comments
  1. ugurdy
    February 3rd, 2019

    Q1 is not correct. There is only one vlan.dat file on the switch and voice vlan in it. And also “B” could be correct, but it is not a MUST.

    B and D should be the correct answers.

  2. Renko
    February 27th, 2019

    @ugurdy

    I agree, you are right.

  3. Lik
    March 6th, 2019

    Q10
    B and C correct

    Untagged frames are tagged with the native VLAN ID of the trunk port before further processing. Only those egress frames whose VLAN tags are inside the allowed range for that 802.1Q trunk port are received. If the VLAN tag on a frame happens to match that of the native VLAN on the trunk port, the tag is stripped off and the frame is sent untagged.
    https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/layer2/503_U2_1/b_Cisco_n3k_layer2_config_guide_503_U2_1/b_Cisco_n3k_layer2_config_gd_503_U2_1_chapter_0110.html

  4. NIC
    April 1st, 2019

    @ugurdy

    Did you get Q1 on the exam?

  5. ugurdy
    May 31st, 2019

    @NIC

    No, I didn’t take the exam yet, but the answer doesn’t make any sense. There is a single vlan database and it includes both voice vlan as well as data vlans.

  6. Z-A-M
    June 12th, 2019

    @ugurdy

    Agree with you.

  7. Anynomous CS
    June 29th, 2019

    My understanding for conclusion of tagging vs native VLAN:
    Normally, native isn’t tagged over trunk
    Unless the following command is set:
    Globally ( vlan dot1q tag native )
    Please confirm

  8. sasuke
    August 29th, 2019

    @Lik

    I agree.

  9. blacksword
    September 10th, 2019

    guys regarding Q1:
    It must be untrusted port because this is a feature in dhcp snooping to consider if the port is allowed to give IP addresses. so there’s no chance that a port that is connected to an IP phone has Dhcp server as well.
    regarding the second point, of course there is only 1 database so must be on the same vlan database.hope this is useful

  10. tom
    September 13th, 2019

    @blacksword
    Agree,
    A trusted port is a port that is connected to a DHCP server (or to other network devices) and is allowed to assign DHCP addresses. DHCP messages received on trusted ports are allowed to pass through the device.

    In a service provider environment, any device that is not in the service provider network is an untrusted source (such as a customer switch). Host ports are untrusted sources.

    Voice vlan configured on end users port’s so its untrusted ports.

    https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_2/security/configuration/guide/n1000v_security/n1000v_security_12dhcpsnoop.pdf

  11. Efiko
    September 21st, 2019

    @Lik. I’m with you on that one. Q10 should be “B” and “C”!

  12. CJ
    September 21st, 2019

    @Efiko

    Which two statements about native VLANs are true? (Choose two)

    A. All outgoing traffic without a VLAN tag is tagged with the native VLAN.
    B. All untagged traffic that arrives on the device is placed into the native VLAN.
    C. The VLAN tag is stripped from all incoming traffic that matches the native VLAN.
    D. They are propagated through VTP.
    E. The default native VLAN is VLAN 11.
    F. All incoming traffic that matches the native VLAN is dropped at the switch.

    I’m not sure about B.
    Let’s assume that Host-A is connected to switch on Port Fa0/1 with following config:
    switchport mode access
    switchport access vlan 2

    Host-A is sending untagged frames, but switch will NOT place them into native VLAN. (Will place them into VLAN 2).

    In my opinion C and D is correct answer.

  13. Efiko
    September 22nd, 2019

    @CJ, you may have a point… I guess I was thinking more traffic arriving at the trunk.

    But I don’t know about “D”. Have you got any Cisco documentation/link that supports that option?

  14. CJ
    September 22nd, 2019

    @Efiko

    D is kinda strange answer, because it depends.
    VTP [ver 1-2] propagates VLANs 1-1005 so if native VLAN is within this range it will be propagated like every other VLAN in this range.
    VTP [ver 3] propagates standard VLANs (1-1005) and extended VLANs (1006-4094).

  15. CJ
    September 22nd, 2019

    But VTP will not propagate native vlan, per se. Native VLAN is significant per 802.1q link only, not for every link.
    So VTP will not say to other switch “hey, this VLAN is a native VLAN”. VTP does not understand concept of native VLAN; it propagates just VLANs regardless of “native status”.

    So maybe answer D is not correct.

  16. JM
    October 11th, 2019

    Q4. Which command enable you to determine VLAN. show running-config was not one of the options.

  17. CSC
    October 15th, 2019

    @JM
    When you did the commad #show run. Show all configuration set in interface including “switchport trunk allowed native XX”.

  18. CSC
    October 15th, 2019

    Hi Guys, Look the complete and correct question “Q6”

    Refer to the exhibit.

    Switch# configure terminal
    Switch(config)# vlan 3
    Switch(config-vlan)# end

    You have applied this configuration to Switches A, B, C and D, and the switches are connected to one another on access ports. Which two additional actions must you take to enable the hosts on VLAN 3 to communicate with one another considering future growth with hosts on additional VLANs? (Choose two.)

    A. Assign VLAN 3 to the ports connecting to the hosts.
    B. Reconfigure the access ports connecting the switches as trunk ports.
    C. Configure VLAN 3 as an SVI with a working IP address.
    D. Configure VTP transparent mode to allow hosts with additional VLANs.
    E. Configure VLAN 3 in VLAN database mode.

    Correct Answer: AB

  19. john
    December 8th, 2019

    Hi Guys,

    What are the correct answers for Q1 :

    question about voice VLAN with the possibility of two answers. (Choose two)
    A. The voice VLAN must be on a different VLAN database.
    B. The voice VLAN must be configured on a trusted port.
    C. The voice VLAN must be configured on an untrusted port.
    D. The voice VLAN must be on the same VLAN database.

    BC or CD ?
    Thanks

  20. john
    December 9th, 2019

    Sorry For Q1 , I meant to say is correct answer BD or CD ?

    Thanks

  21. john
    December 9th, 2019

    Hello Guys,

    Q:7 How many VLANs can be assigned to a user access port configured for VoIP?
    A. 1
    B. 2
    C. 3
    D. unlimited

    A or B ?

  22. Saji
    December 13th, 2019

    Q 10

    Which two statements about native VLANs are true? (Choose two)
    A. All outgoing traffic without a VLAN tag is tagged with the native VLAN.

    B. All untagged traffic that arrives on the device is placed into the native VLAN.

    C. The VLAN tag is stripped from all incoming traffic that matches the native VLAN.

    D. They are propagated through VTP.

    E. The default native VLAN is VLAN 11.
    
F. All incoming traffic that matches the native VLAN is dropped at the switch.

    Answer:
    B ==> We all agree.
    Let me explain why answer D is INCORRECT, VLANs are propagated through VTP (Thats the whole purpose) but native VLANs are local to the switch trunk port.(native VLAN traffics are NOT tagged when it travels through the trunk ).

    For example If you create a vlan 10 and make it Native by issuing the command “switchport trunk native vlan 10” in an interface
    VLAN 10 will be propagated via VTP to the rest of the network through that trunk. But it will no means makes other switch(SW2)’s VLAN 10 as native.
    If SW1 and SW2 are connected back to back like below, (assuming VTP domain is configured in both switched)

    SW1(gi0/0) (gi0/0)SW2

    SW1
    vlan 10
    exit
    int gi0/0
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 10
    switchport mode trunk

    SW2
    int gi0/0
    switchport trunk encapsulation dot1q
    switchport mode trunk

    “show vlan” and show “interface trunk” command reveals that vlan 10 is appears in VTP database in sw2 (as normal vlan) but native vlan is not changed it still show VLAN 1 as the native(default).

    NOTE- I checked on real gears.
    But VTP control traffics are propagated through VLAN 1 (unfortunately by default it is the native vlan too).
    Even if you changed it as above “switchport trunk native vlan 10” still VTP traffic goes through vlan 1.
    Because VTP traffic needs to be carried via trunk, so it has to use one of the vlan to travel. CISCO uses the vlan 1 which u cannot delete it
    ———————— — — ———
    Answer C ==> correct why ?? read the below….,..,,

    it was tricky to lab it but still hard works reveals the truth!!

    PC1 ——> SW1(gi0/0) (gi0/0)SW2 <——PC2

    Both PCs are in vlan 10

    SW1

    VLAN DOT1Q TAG NATIVE
    ! TO tag the native vlan
    vlan 10
    exit
    int gi0/0
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 10
    switchport mode trunk

    SW2
    ! Native vlan is not tagged
    int gi0/0
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 10
    switchport mode trunk

    Note – when u ping PC2 from PC1, PC2 replay back.
    which means answer C “The VLAN tag is stripped from all incoming traffic that matches the native VLAN” is correct. SW1’s native vlan 10 is tagged but not on the SW2’s native vlan . In this case SW2 passes the traffic to the PC2 (that why I get the echo packets)

    Did ping succeeds ? Hell no! why? since SW1’native vlan is tagged, so it expects the vlan 10’s traffic be tagged.
    even the wireshark on the trunk port reveals that ping request goes with vlan 10 and reply come as no tag (native).

    answer B & C is perfect choice

  1. No trackbacks yet.