Interview Question on VLAN

#VLAN Definition

A virtual local area network (VLAN) is a virtualized connection that connects multiple devices and network nodes from different LANs into one logical network, isolating the traffic for each group.

[VLAN হলো Virtual LAN বা Logical LAN যেটা বিভিন্ন Physical LAN এ অবস্থিত এমন কতো গুলা Device কে একটা group এর under নিয়ে আসে । যার ফলে তারা separate broadcast domain হিসাবে কাজ করে ।]

N.B: A VLAN is created to minimise the broadcast domain.

#VLAN works on which OSI layer.

Layer 2 (data link) switching can also allow for a virtual LAN (VLAN) to be implemented. A VLAN is implemented to segment the network, reduce collisions, organize the network, boost performance, and—hopefully—increase security.

#VLAN Ranges

Here are the important ranges of VLAN:

VLAN 0-4095	:	Reserved VLAN, which cannot be seen or used.
VLAN 1	:	This is a default VLAN of switches. You cannot delete or edit this VLAN, but it can be used.
VLAN 2-1001	:	It is a normal VLAN range. You can create, edit, and delete it.
VLAN 1002-1005	:	These ranges are CISCO defaults for token rings and FDDI. You cannot delete this VLAN.
VLAN 1006-4094	:	It is an extended range of VLANs.

#Types Of Virtual LAN

VLAN differs in its types based on the purpose for which it is set up. Here we are discussing the most common types:

• Management VLAN: This is any VLAN you configure to access the management capabilities of a switch for the most sensitive management tasks, like monitoring, system logging, SNMP, etc. 

• Data VLAN: This type is also called user VLAN and caters exclusively to user-generated data.

• Voice VLAN: It is configured to carry voice traffic.

• Default VLAN: It is the one to which all ports on a device are connected upon switching on. Most of the switches have Virtual LAN 1 as default. 

• Native VLAN: It refers to one which crosses the Trunk port that does not have a VLAN tag. Whenever there is incoming traffic on the port without a VLAN tag, it gets linked to the Native VLAN. To summarize, it is a method of passing untagged traffic between multiple switches or Is the Vlan Not Tagged By 802.1q.

#Why is Native VLAN used?

Here are some of the uses that are given below:

• It is used to support and carry untagged traffic on a trunk port.
• To separate traffic sent by the devices to the different PC’S.
• To reduce the workload.
• Eliminates the need for expensive routers.
• It provides more flexibility.
• If the native VLAN is configured wrongly for the trunk ports on the same trunk link, layer 2 loops can occur.
• When it is configured to 802.1Q on a cisco switch, then it is possible to define a different native VLAN.
• We can access VLAN to an access port from that defined native VLAN which is for an operational trunk.
• Support only Dot1Q.
• All switch ports are by default assigned to a VLAN1.
• To ensure better security by keeping the host that works with sensitive data on separate VLAN.

#How many ways VLAN can be configured?

• Port-based: The purpose of a port-based VLAN is to connect a virtual local area network with a port.
• Protocol-based: In this type, connection with ports depends on the protocol which has been used. This means that the traffic is processed based on protocols
• MAC-based: In this type, virtual LAN is assigned to those incoming packets, which are untagged. This helps to segregate traffic depending upon the source address of the packet. Membership is defined based on the MAC addresses.
• Subnet-based: In this type, the membership is based on the IP Subnet address.

#What Is Inter-vlan Routing?

Virtual LAN (vlans) divides one physical network into multiple broadcast domains. But vlan-enabled switches cannot, by themselves, forward traffic across vlans boundaries. So, you need to have routing between these vlans which is called inter vlan routing.

Layer 2 VLAN

When some physical ports of a switch are connected to under separate VLANs is called Layer 2 VLAN

Layer 3 VLAN

When many VLANs are created under the same physical port is called Layer 3 VLAN.

#What is Access port and Trunk port?

Access port, also called untagged port, refers to that switch port that carries traffic for a single VLAN while on a Trunk port, also called tagged port, traffic for many Virtual LANs is carried.

In one word access mode is used to connect end devices (host) to switches while trunk mode is used to connect between switches.

#What are the differences between Trunk port and Access Port?

Below is the major comparison between Trunk Port vs Access Port:

Basis of Comparison	Trunk Port	Access Port
Terminology	It carries traffic on one or more VLANs on the same physical links.	It’s a part of only one VLAN and normally used to terminate end devices like Laptops, PC and printer.
Support Mode	Multiple Untagged VLANs.	Single Untagged VLAN.
Common Use-Cases	Switch to switch Hypervisor to switch Switch to router Switch to the server, especially on       VM terminology	PC/Printer to switch.
Comments	VLAN 1 can be tagged. It is untagged by default.	Belongs to 1 VLAN only.
Tags	Allows multiple VLANs to traverse and add tags.	Allows single VLAN to traverse and removes tags.
Configuration	To designate port to trunk mode- switch port mode trunk.	To designate a port to access mode-switch port mode access.
Protocols	It uses the encapsulation protocol ISL (inter-switch link) 802.1Q	It uses an encapsulation protocol that is IEEE 802.1Q.
Layer	It’s in a layer 2 Ethernet frame.	It’s in the Layer 2 Ethernet frame.
Bandwidth	It provides higher bandwidth.	Comparatively lower than trunk port.
Voice VLAN	This feature Doesn’t support this port.	Support on the access port.

#What protocol is used over Trunk port?

Vlan, 802.1Q((dot1q))

#In how many ways can a trunk be configured?

Statically, passively dynamic, and actively dynamic
1) switchport mode trunk configures a switchport to always be a trunk.
2) switchport mode dynamic auto configures a switchport to be passively dynamic.
3) switchport mode dynamic desirable configures a switchport to be actively dynamic.

Difference between ISL and Dot1Q?

There are two main types of Encapsulation Trunking protocols.

ISL (inter switch link) which is cisco proprietary protocol.
802.1q which is an IEEE standard.

Below table will showcase how both the terms differ from each other & details of ISL and Dot1Q Encapsulation -

PARAMETER	ISL	DOT1Q
Abbreviation for	ISL (Inter Switch Link)
Standard	Cisco proprietary protocol	IEEE Standard
Vlans Supported	Supports up to 1000 Vlans	Supports 4096 Vlan
Encapsulation / Header size	Original frame is encapsulated, and a new header is inserted during the encapsulation process. A 26-byte header and a 4-byte FCS (frame check sequence) are inserted which makes it a total of 30 Bytes of overhead.	Under 802.1Q, the minimum frame size remains 64 bytes, but a bridge may extend the minimum size frame from 64 to 68 bytes on transmission. 802.1q encapsulation inserts a 4-byte tag into the original frame and FCS (Frame Check Sequence) is re-calculated.
PVST	Supported	Not Supported
Supported on Cisco NX-OS	Not Supported	Supported
Frame Format	ISL Header (Image in downloadable table)	802.1Q Tag (Image in downloadable table)
CPU Intensive	ISL uses more processor cycles than 802.1q because of the modification of the header and recalculation of FCS.	Less intensive than ISL
Native frame	ISL does not tag frames from native Vlans	802.1q does not tag frames from native Vlans
Configuration	Switch(config)#interface Fa1/1 Switch(config-if)#switchport trunk encapsulation isl Switch(config-if)#switchport mode trunk	Switch(config)#interface Fa 1/1 Switch(config-if)#switchport trunk encapsulation 802.1q Switch(config-if)#switchport mode trunk
Fields used	* DA (Destination Address) * Type * User * SA (Source Address) * Len * SNAP * HSA (High Bits of Source Address) * VLAN (Destination VLAN ID) * BPDU * Index * Res * ISL CRC:	* TPID * User Priority * CFI * VLAN ID
Supported models	ISL is supported in Cisco 1900 series switches only	All cisco and non-cisco models

What is DTP?

Dynamic Trunking Protocol (DTP) is a Cisco proprietary trunking protocol, which is used to automatically negotiate trunks between Cisco switches. Dynamic Trunking Protocol (DTP) can be used to negotiate and form trunk connection between Cisco switches dynamically.

Dynamic Trunking Protocol (DTP) can also be used for negotiating the encapsulation type of either IEEE 802.1Q or Cisco ISL (Inter-Switch Link).

Please note that Cisco ISL (Inter-Switch Link) is no more a widely accepted trunking standard. Many of the recent Cisco switches only support IEEE 802.1Q trunking standard.

What are the modes in DTP?

Modes of DTP:

    Switchport Mode Access (DTP mode OFF)
    Switchport Mode Trunk (DTP mode ON)
    Switchport Mode Dynamic Auto
    Switchport Mode Dynamic Desirable
    Switchport Nonegotiate

Is DTP enabled on every port of the switch by default?

By default, DTP is enabled, and the interfaces of your switches will be in "dynamic auto" or "dynamic desirable" mode. This means that whenever you receive a DTP packet that requests to form a trunk, your interface will be in trunk mode.

#Who breach the security by rebuilding the frame? ISL or Dot1Q?

802.1q

#CRC remains the same in which protocol ISL or Dot1Q?

ISL

Which Protocols Are Used to Configure Trunking on A Switch? Vlan trunking protocol (vtp) is a cisco proprietary protocol that propagates the definition of virtual local area networks (vlan) on the whole local area network. To do this, vtp carries vlan information to all the switches in a vtp domain. Vtp Advertisements can be sent over 802.1q, and isl trunks. What Is SVI? A switched virtual interface (SVI) is a vlan of switch ports represented by one interface to a routing or bridging system. There is no physical interface for the vlan and the SVI provides the layer 3 processing for packets from all switch ports associated with the vlan.

What Is Meant By “router On Stick”? Router-on-a-stick is a term frequently used to describe a setup up that consists of a router and switch connected using one Ethernet link configured as an 802.1q trunk link. In this setup, the switch is configured with multiple vlans and the router performs all routing between the different networks/vlan.

Which Protocol Encapsulates Ethernet Frames? ISL encapsulates Ethernet frames while 802.1q tags Ethernet frame.

How To Delete Vlan Information from Switch? Delete flash:vlan.dat

What Is Difference Between Dynamic Auto and Dynamic Desirable? Dynamic Desirable: attempts to negotiate a trunk with the other end. Dynamic Auto: forms a trunk only if requested by the other end.

What Is the Use of None Negotiate Command in Switch? None negotiate command disables automatic formation of trunk links. It will be good to configure trunk manually and give none-negotiate command for security reason.

What Is Frame Tagging and Different Types of Frame Tagging? Vlan frame tagging is a technology which is used to identify the vlan that the packet belongs to. The vlan frame tag is placed on the Ethernet frame when the Ethernet frame reaches a switch from an access port, which is a member of vlan.

*****