CCNA FAQ: Virtual LANs

Q1. In a LAN, which of the following terms best equates to the term VLAN?
a. Collision domain
b. Broadcast domain
c. Subnet domain
d. Single switch
e. Trunk

Answer: B

Q2. Imagine a switch with three configured VLANs. How many IP subnets are required, assuming that all hosts in all VLANs want to use TCP/IP?
a. 0
b. 1
c. 2
d. 3
e. You can’t tell from the information provided.

Answer: D. Although a subnet and a VLAN are not equivalent concepts, the devices in one VLAN are typically in the same subnet, and vice versa.

Q3. Which of the following fully encapsulates the original Ethernet frame in a trunking header rather than inserting another header inside the original Ethernet header?
a. VTP
b. ISL
c. 802.1Q
d. Both ISL and 802.1Q
e. None of the other answers are correct.

Answer: B

Q4. Which of the following adds the trunking header for all VLANs except one?
a. VTP
b. ISL
c. 802.1Q
d. Both ISL and 802.1Q
e. None of the other answers are correct.

Answer: C

Q 5. Which of the following VTP modes allow VLANs to be configured on a switch? (Choose two answers.)
a. Client
b. Server
c. Transparent
d. Dynamic
e. None of the other answers are correct.

Answer: B and C

Q6. Imagine that you are told that switch 1 is configured with the auto parameter fortrunking on its Fa0/5 interface, which is connected to switch 2. You have to configure switch 2. Which of the following settings for trunking could allow trunking to work? (Choose two answers.)
a. Trunking turned on
b. Auto
c. Desirable
d. Access
e. None of the other answers are correct.

Explanation: A and C. The auto setting means that the switch can negotiate trunking, but it can only respond to negotiation messages, and it cannot initiate the negotiation process. So, the other switch must be configured to trunk or to initiate the negotiation process (based on being configured with the dynamic desirable option.)

Q7. A switch has just arrived from Cisco. The switch has never been configured with any VLANs, VTP configuration, or any other configuration. An engineer gets into configuration mode and issues the vlan 22 command, followed by the name HannahsVLAN command. Which of the following are true?
a. VLAN 22 is listed in the output of the show vlan brief command.
b. VLAN 22 is listed in the output of the show running-config command.
c. VLAN 22 is not created by this process.
d. VLAN 22 does not exist in that switch until at least one interface is assigned to
that VLAN.

Explanation: A. The default VTP setting of VTP server mode means that the switch can configureVLANs, so the VLAN is configured. However, being in server mode, the configuration commands only show up in the show vlan brief command output, and are not listed as part of the running-config file.

Q8. Which of the following commands list the operational state of interface Gigabit 0/1 in regard to VLAN trunking? (Choose two answers.)
a. show interfaces gi0/1
b. show interfaces gi0/1 switchport
c. show interfaces gi0/1 trunk
d. show trunks

Answer: B and C

Q9. An engineer has just installed four new 2960 switches and connected the switches to each other using crossover cables. All the interfaces are in an “up and up” state. The engineer configures each switch with the VTP domain name Fred and leaves all four switches in VTP server mode. The engineer adds VLAN 33 at 9:00 a.m., and then within 30 seconds, issues a show vlan brief command on the other three switches, but does not find VLAN 33 on the other three switches. Which answer gives the most likely reason for the problem in this case?
a. VTP requires that all switches have the same VTP password.
b. The engineer should have been more patient and waited for SW1 to send its next
periodic VTP update.
c. None of the links between the switches trunk because of the default 2960 trunking administrative mode of auto.
d. None of the other answers are correct.

Explanation: C. VTP does not require a password, although if a password is used, the password must match. VTP sends VTP updates immediately after a VLAN database change. However, VTP only sends VTP messages over trunks, and 2960s default to using a trunking administrative mode of auto, which does not initiate the trunking negotiation process. So none of the switches automatically form a trunk, and no VTP messages are sent.

Q10. Switches SW1 and SW2 connect through an operational trunk. The engineer wants to use VTP to communicate VLAN configuration changes. The engineer configures a new VLAN on SW1, VLAN 44, but SW2 does not learn about the new VLAN. Which of the following configuration settings on SW1 and SW2 would not be a potential root cause why SW2 does not learn about VLAN 44? (Choose two answers.)
a. VTP domain names of larry and LARRY, respectively
b. VTP passwords of bob and BOB, respectively
c. VTP pruning enabled and disabled, respectively
d. VTP modes of server and client, respectively

Explanation: C and D. The domain name and password must be equal, and the switches must connect using a trunk before VTP will work. It is normal to have some switches as servers and some as clients. A mismatched pruning configuration setting does not prevent the synchronization of VLAN databases.

Q11. What are the characteristics of VLANs?

Answer: VLANs are created in switches to segment broadcast domains at Layer 2. Departments in your organization can be assigned their own VLAN, which provides a logical segmentation in which traffic from one department does not interfere with that of another department. VLANs can span multiple switches, which simplifies administration when users need to move throughout the switched network.

Q12. What are trunks and how do they work?

Answer: Trunks are used to carry VLAN traffic from one switch to another switch. Frames are tagged with a VLAN identifier as they traverse the trunk link and are removed on the receiving switch. ISL is a Cisco proprietary method of trunking in which the original frame is encapsulated with a 26-byte header and a 4-byte CRC. IEEE 802.1q trunks insert a 4-byte VLAN identifier inside the ethernet frame.

Q13. What is the purpose of VTP?

Answer: VTP is a convenient Cisco proprietary Layer 2 protocol that enables switches to advertise VLAN configuration information to other switches in a VTP domain.

Q14. What are the characteristics of the three VTP modes?

Answer: Server mode is the default VTP mode in which VTP advertisements are sent to other switches in the VTP domain. VLAN configurations in server mode are saved to the VLAN database.

Client mode processes and forwards VTP advertisements from the VTP server. You cannot change any VLAN configurations or save the VLAN configuration in client mode.

Transparent mode also forwards VTP advertisements from the VTP server; however, switches in transparent mode do not process the VTP advertisements. In transparent mode, you can configure VLANs and save them to NVRAM; however, these local VLANs are not advertised to other switches in the VTP domain.

Q15. Why is router-on-a-stick sometimes necessary in switched environments?

Answer: Router-on-a-stick is used when you want to allow traffic from one VLAN to be routed into another VLAN. Router-on-a-stick requires a switch to trunk to a Layer 3 router. The router uses subinterfaces to logically separate the VLANs into virtual interfaces in which the router can route in between.
Q16. Given the following output, which two facts can be determined? (Choose 2.)
A. This switch will save VLAN information into NVRAM.
B. This switch will synchronize its VLAN database with updates starting with number 46 or above.
C. This switch can add, change, and delete VLANs.
D. This switch passes VTP advertisements from the server.

Answer: B, D. Because this switch is operating in client mode, it synchronizes with updates received from the VTP server as long as the revision number is greater than its current revision number. It passes the advertisements from the VTP server to other switches in the VTP domain. Answer A is incorrect because client mode switches do not save their VLAN information into NVRAM. Answer C is incorrect because you cannot add, change, or delete VLANs in client mode.

Q17. Considering the following output:

Which of the following is false?
A. Interfaces Fast Ethernet 0/1–0/9 are in the management domain.
B. Interfaces above Fast Ethernet 0/10 could be configured as a trunk.
C. Interface Fast Ethernet 0/10 is an access port.
D. VLAN 2 was not configured with a custom name.

Answer: C. Interface Fast Ethernet 0/10 could not be an access port, or it would be included in the list of interfaces assigned to a VLAN. Answer A is true because they are all assigned to VLAN 1. Answer B is true because the interface number does not show up in the show vlan output if it is a trunk. D is true because the VLAN name is VLAN0002, which is the default naming convention the IOS uses when a name isn’t configured for a specific VLAN.

 Q18. Which of the following VTP modes save their VLAN information to NVRAM? (Choose 2.)
A. Transport
B. Client
C. Server
D. Transparent

Answer: C, D. Server and Transparent VTP modes are the only modes that save their VLAN configuration to NVRAM. Answer A is incorrect because Transport is not a VTP mode. Answer B is incorrect because switches operating in Client mode do not save their VLAN information in NVRAM.

Q19. Which is not a characteristic of VLANs?
A. Users can be moved easily because VLANs span multiple switches.
B. Users can be logically grouped according to their departments.
C. There is a separate instance of STP for each VLAN .
D. Broadcasts are not forwarded over trunks.

Answer: D. Broadcasts will still be forwarded over trunks to other switches in the same VLAN. Broadcasts in one VLAN, however, do not affect other VLANs. Answers A, B, and C are all characteristics that apply to VLANs.

Q20. You want to connect your Cisco Catalyst switch to a Nortel switch. Which of the following is true?
A. 802.1q trunks should be used.
B. ISL trunks should be used.
C. VLAN configurations will be accepted by the Nortel switch if it is in VTP client mode.
D. Cisco is the only switch that can configure VLANs.

Answer: A. Because you are connecting to a Nortel switch, you must use a standard method of trunking (IEEE 802.1q). ISL and VTP are Cisco proprietary functions. Answer B is incorrect because ISL is a Cisco proprietary trunk encapsulation. Answer C is incorrect because VTP is a Cisco proprietary protocol. Answer D is false because other switch manufacturers support VLAN configurations.

Q21. Which of the following would cause VLAN leakage?
A. Incorrect ISL configuration.
B. Native VLAN mismatch.
C. VTP passwords don’t match.
D. Saggy VLAN diapers.

Answer: B. VLAN leakage occurs when there is a VLAN mismatch on a trunk link with 802.1q. Answer A is incorrect because ISL does not use native VLANs. Answer C is incorrect because VTP does not affect VLAN leakage. Answer D is incorrect because switches don’t wear diapers.

Q22. Given the following output from two switches, why are the VLAN databases not synchronized?

A. VTP versions are incorrect.
B. Passwords do not match.
C. Both devices should be set to server mode.
D. VTP domains do not match.

Answer: D. The domain names are case sensitive. If they do not match, the switches cannot synchronize their VLAN database information. Answer A is incorrect because both switches are operating in the same VPT version. Based upon the fact that the MD5 digest of the VTP password is identical, Answer B is incorrect. Answer C is incorrect because both switches do not need to be in server mode in order for the switches to exchange VLAN configurations via VTP.

Q23. What can be determined from the following output?

A. The trunk is proprietary to Cisco.
B. Ethernet frames from VLAN 1 will not be tagged over the trunk.
C. This trunk will create giant frames that will be dropped by non-Cisco devices.
D. Ethernet frames are being encapsulated with a 30-byte VLAN ID.

Answer: B. Because the trunk is 802.1q with a native VLAN of 1, ethernet frames originating from VLAN 1 going over this trunk are not tagged. Answers A, C, and D are incorrect because they are characteristics of ISL.

Q24. How do you associate VLANs to an interface in a router-on-a-stick configuration?
A. By creating a VLAN interface in the switch.
B. By creating the subinterface number to match the VLAN.
C. By having a separate physical interface for each VLAN.
D. By using the encapsulation command.

Answer: D. The encapsulation command is used to assign VLANs to a subinterface. Answer A is incorrect because SVIs are in Layer 3 switches, not external routers. Answer B is a good design practice, but does not assign the VLANs to the subinterface. Answer C is incorrect because routeron-a-stick is over one interface.

Q25. Which of the following is not a characteristic of router-on-a-stick?
A. The interface must be 10Mbps or higher.
B. The link must be a trunk.
C. Subinterfaces are used to route in between the VLANs.
D. The IP address assigned is used as the VLAN’s default gateway.

Answer: A. Because the interface must be a trunk, the speed of the link should be 100Mbps or greater.
Answers B, C, and D are all characteristics of router-on-a-stick.

Question 26. Which of the following statements is true with regard to VLANs?
A. VLANs greatly reduce network security.
B. VLANs increase the number of collision domains while decreasing their size.
C. VLANs decrease the number of broadcast domains while decreasing their size.
D. Network adds, moves, and changes are achieved with ease by just configuring a port into the appropriate VLAN.

Answer: D. Here’s a list of ways VLANs simplify network management:

  • Network adds, moves, and changes are achieved with ease by just configuring a port into the appropriate VLAN.
  • A group of users that need an unusually high level of security can be put into its own VLAN so that users outside of the VLAN can’t communicate with them.
  • As a logical grouping of users by function, VLANs can be considered independent from their physical or geographic locations.
  • VLANs greatly enhance network security if implemented correctly.
  • VLANs increase the number of broadcast domains while decreasing their size.

Question 27. Write the command that must be present for this layer 3 switch to provide inter-VLAN routing between the two VLANs created with these commands:

Answer: ip routing Routing must be enabled on the layer 3 switch.

Question. In the diagram, how must the port on each end of the line be configured to carry traffic between the two hosts in the Sales VLAN?
A. Access port
B. 10 GB
C. Trunk
D. Spanning

Answer: C. VLANs can span across multiple switches by using trunk links, which carry traffi for multiple VLANs.

Question 28. What is the only type of second VLAN of which an access port can be a member?
A. Secondary
B. Voice
C. Primary
D. Trunk

Answer: B. While in all other cases access ports can be a member of only one VLAN, most switches will allow you to add a second VLAN to an access port on a switch port for your voice traffi; it’s called the voice VLAN. The voice VLAN used to be called the auxiliary VLAN, which allowed it to be overlaid on top of the data VLAN, enabling both types of traffi through the same port.

Question 29. In the following configuration, what command is missing in the creation of the VLAN interface?
A. no shutdown under int vlan 1
B. encapsulation dot1q 1 under int vlan 1
C. switchport access vlan 1
D. passive-interface

Answer: A. Yes, you have to do a no shutdown on the VLAN interface.

Question 30. Which of the following statements is true with regard to ISL and 802.1q?
A. 802.1q encapsulates the frame with control information; ISL inserts an ISL field along with tag control information.
B. 802.1q is Cisco proprietary.
C. ISL encapsulates the frame with control information; 802.1q inserts an 802.1q field along with tag control information.
D. ISL is a standard.

Answer: C. Unlike ISL which encapsulates the frame with control information, 802.1q inserts an 802.1q fild along with tag control information.

Question 31. What concept is depicted in the diagram?
A. Multiprotocol routing
B. Passive interface
C. Gateway redundancy
D. Router on a stick

Answer: D. Instead of using a router interface for each VLAN, you can use one FastEthernet interface and run ISL or 802.1q trunking. This allows all VLANs to communicate through one interface. Cisco calls this a “router on a stick.”

Question 32. Write the command that places an interface into VLAN 2. Write only the command and not the prompt.

Answer: switchport access vlan 2 This command is executed under the interface (switch port) that is being placed in the VLAN.

Question 33. Write the command that generated the following output:

Answer: show vlan After you create the VLANs that you want, you can use the show vlan command to check them out.

Question 34. Based on the configuration shown below, what statement is true?
S1(config)#ip routing
S1(config)#int vlan 10
S1(config-if)#ip address
S1(config-if)#int vlan 20
S1(config-if)#ip address
A. This is a multilayer switch.
B. The two VLANs are in the same subnet.
C. Encapsulation must be configured.
D. VLAN 10 is the management VLAN.

Answer: A. With a multilayer switch, enable IP routing and create one logical interface for each VLAN using the interface vlan number command and you’re now doing inter-VLAN routing on the backplane of the switch!

Question 35. What is true of the output shown below?
A. Interface F0/15 is a trunk port.
B. Interface F0/17 is an access port.
C. Interface F0/21 is a trunk port.
D. VLAN 1 was populated manually.

Answer: A. Ports Fa0/15–18 are not present in any VLANs. They are trunk ports.

Question 36. 802.1q untagged frames are members of the _________ VLAN.
A. Auxiliary
B. Voice
C. Native
D. Private

Answer: C. Untagged frames are members of the native VLAN, which by default is VLAN 1.

Question 37. Write the command that generated the following output. Write only the command and not the prompt:
Name: Fa0/15
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
[output cut]

Answer: sh interfaces fastEthernet 0/15 switchport This show interfaces interface switchport command shows us the administrative mode of dynamic desirable and that the port is a trunk port, DTP was used to negotiate the frame tagging method of ISL, and the native VLAN is the default of 1.

Question 38. Which statement is true regarding virtual local area networks (VLANs)?
A. VLANs are location dependent.
B. VLANs are limited to a single switch.
C. VLANs may be subnets of major networks.
D. VLANs define collision domains.

Answer: C. VLANs are not location dependent and can span to multiple switches using trunk links. Moreover, they can be subnets of major networks.

Question 39. In the diagram, what should be the default gateway address of Host B?

Answer: B. The host’s default gateway should be set to the IP address of the subinterface that is associated with the VLAN of which the host is a member, in this case VLAN 2.

Question 40. What is the purpose of frame tagging in virtual LAN (VLAN) configurations?
A. Inter-VLAN routing
B. Encryption of network packets
C. Frame identification over trunk links
D. Frame identification over access links

Answer: C. Frame tagging is used when VLAN traffi travels over a trunk link. Trunk links carry frames for multiple VLANs. Therefore, frame tags are used for identifiation of frames from different VLANs.

Question 41. Write the command to create VLAN 2 on a layer 2 switch. Write only the command and not the prompt.

Answer: vlan 2 To confiure VLANs on a Cisco Catalyst switch, use the global confi vlan command.

Question 42. Which statement is true regarding 802.1q frame tagging?
A. 802.1q adds a 26-byte trailer and 4-byte header.
B. 802.1q uses a native VLAN.
C. The original Ethernet frame is not modified.
D. 802.1q only works with Cisco switches.

Answer: B. 802.1q uses the native VLAN.

Q43. Write the command that prevents an interface from generating DTP frames. Write only the command and not the prompt.

Answer: switchport nonegotiate You can use this command only when the interface switchport mode is access or trunk. You must manually confiure the neighboring interface as a trunk interface to establish a trunk link.

Q44. In the configuration and diagram shown, what command is missing to enable interVLAN routing between VLAN 2 and VLAN 3?
A. encapsulation dot1q 3 under int f0/0.2
B. encapsulation dot1q 2 under int f0/0.2
C. no shutdown under int f0/0.2
D. no shutdown under int f0/0.3

Answer: B. The encapsulation command specifying the VLAN for the subinterface must be present under both subinterfaces.
