Whitebox switching.

CCNP Switch 300-115 Study Guide – VLANs and VTP

I recently sat my CCNP 300-115 – Switch exam. I spent months taking notes on all of the important information needed to pass the exam. This study guide focuses on all things related to VLANs, VTP/ trunking protocols and Private VLANs.

Please see also

VTP and VLANs

  • IEEE 802.1Q – Networking standard that supports Virtual LANs (VLANs)
  • The IEEE 802.1Q frame format adds a 4 byte field to a Ethernet frame
  • The IEEE 802.1Q frame retains the original MAC address
  • VTP – Virtual Trunking Protocol
  • Vlan numbers – 2-1001, extended -1006 – 4094
  • Size of the VLAN field inside a 802.1Q frame – 12-bit
  • Which portion of the frame is the 802.1q header found – Ethernet header
  • 2 Advantages of VTP – Supports the use of AES to encrypt VTP messages, can be configured to allow only one VTP server to make changes to the VTP domain
  • 2 statements about 802.1q – when enabled it forces a recalculation of the frame check sequence, it dds a 32-bit field to the Ethernet frame between the source mac and length fields.
  • When new switches are added to VTP domain as clients ensure that connected ports are configured as trunks. important note. Always verify that connecting ports are trunking ports
  • After implementing VTP, you find that extended VLANs are not being propagated. Ensure that you have enabled VTP version 3. Extended VLANs are only supported in version 3
  • VTP Pruning- technique used to automatically limits vlan traffic to only switches that require it. VTP pruning can prevent unnecessary VLAN information from passing the extended LAN segment
  • When you would like to permit certain VLANs over trunk you will not use VTP pruning. You will prune manually using the allowed VLAN list command
  • #show VTP status – command to show vtp information
  • 2 protocols that use the native vlan 1 by default – CDP, VTP
  • Vlans tag protocol – 0x8100
  • VLAN configurations are stored in the vlan.dat file
  • All untagged traffic that arrives is placed into the native VLAN
  • Voice VLANs must be configured separately from the VLAN that carries data
  • If the port is trusted, data traffic that passes through the Cisco IP phone maintains QOS values.
  • Show interface trunk command will show native VLAN information.
  • VTP Pruning must be disabled on a switch that will be configured with private VLANs.
  • I you are to use VTP and private VLANS =  configure VTP in transparent mode.
  • VLAN Access list – allows VLANs to be strictly permitted by the administrator
  • Command #vlan dot1q tag native- configures all control traffic to be tagged
  • VLAN maps have been configured. What actions are taken in a VLAN map that does not contain a match clause = Implicit deny feature at end of list.
  • If interfaces are assigned to a VLAN, and the VLAN is deleted, they go down until they are reassigned to a VLAN
  • Portfast is automatically enabled when an administrator enables a voice VLAN
  • To limit a default VLAN from being propagated across all trunks you must manually prune the default VLAN with switchport trunk allowed VLANs remove
  • For a LAN switch to support 802.1q Q-in-Q encapsulation, it must support a 1504 MTU or higher
  • Commands used to find out native VLAN – #show interface trunk, #show interface brief.
  • VTP advertisement parameters – password, revision number, management domain name
  • Normal range VLANs are stored in vlan.dat, extended range is stored in startup config
  • The native VLAN can be changed on a per port basis
  • Extended VLANs – require the extended system ID to be enabled on the device.
  • CDP is used to propagate voice VLANs to a Cisco phone. 
  • Statements about 802.1Q are true – adds a 32 bit field to the Ethernet frame between the source mac address and length, when it is enabled, it forces a recalculation of the frame check sequence.
  • Minimum frame size 802.1q – 68 bytes
  • Maximum frame size 802.1q – 1522 bytes
  • Value of the TPID/tag protocol identifier of QinQ – 0x88a8
  • Value of the TPID/tag protocol identifier of dot1q – 0x8100
  • When an Access port receives an 802.1q tagged frame it drops the frame
  • VTP V3 advantages – supports propagation of private vlans, it can be configured to allow only one VTP server to make changes to the VTP domain, supports databases other than VLAN database
  • #switchport autostate exclude – command causes the exclusion of an interface from the determination of the uplink state of the vlan SVI interface.
  • 2 secondary Private VLAN types- community and isolated
  • In IEEE 802.1Q each frame is tagged with a 12 bit VLAN ID and the User field that contains 3 priority bits.
  • In ISL, Each frame is tagged with a 15 bit VLAN ID and a 4 bit user field. The lower 3 bits of which are used to represent COS.
  • When frames are forwarded over switch boundaries, the frames also include a field that indicates the COS of each frame
  • Command used to select the Voice VLAN mode to be used on an IP phone connected to a switch port – (config-if) #switchport voice vlan (ID | dot1p |untagged | none)
  • VLAN ID must be inside a ISL frame header
  • Command that configures a switchport to forma trunk without using negotiation – #switchport mode trunk.
  • Default Voice VLAN condition for a switchport – Switchport voice vlan none
  • Cisco Proprietary method for trunk encapsulation – ISL
  • If 2 switches each support all types of trunk encapsulation on a link, ISL will be negotiated
  • ISL – Native VLAN frames are tagged
  • To delete the VLAN database file – deleteflash:vlan.dat
  • VTP advertisement and pruning statistics is displayed using the command #show VTP counters
  • Requirements for dot1q trunking – the native VLAN must have the same VLAN number on each side of the link, the encapsulation protocol must be the same on each end of the link.
  • If a port is configured as an access port and trunk, It will be a trunk. 
  • Two statements about VTP – Switches running in transparent mode pass VTP messages, A switch running in transparent mode saves learned VLANS into its local database
  • Statements about 802.1q – it inserts a 4 byte tag field in to the Ethernet frame, When it is enabled, the minimum Ethernet frame size is 68 bytes, it encapsulates the original Ethernet frame and adds a VLAN identifier, it adds a 32-bit field to the Ethernet frame between the source MAC address and length fields, when It is enabled, it forces a recalculation of the frame check sequence field.
  • VTP mode which will not affect the VLAN database – Transparent
  • Protect network from VLAN hopping attacks – Configure the native VLAN on the trunks to an unused value, Prune the native VLAN off both ends of the trunk, Tag the native VLAN.

Private VLANS

  • VTP transparent mode must be configured on switch before private VLANs are configured.
  • Promiscuous port – private vlan access port that belongs to the primary VLAN and can communicate with all interfaces, including the community and isolated host ports
  • Isolated VLAN – can only have 1 VLAN and be a secondary VLAN that carries unidirectional traffic upstream from the hosts toward the promiscuous ports and the gateway
  • PVLAN type that can host ports and communicate with promiscuous ports – primary
  • Isolated private VLAN – communicate only with promiscuous ports, can be configured on more than one port in the same VLAN.
  • Two types of VLANs using PVLANs – community, isolated
  • Isolated ports can only forward traffic to promiscuous ports
  • In a private VLAN, promiscuous ports are part of the primary VLAN and the community and isolated ports are part of the secondary VLAN
  • A Private VLAN will only have 1 primary VLAN and several secondary VLANs

5 comments

Leave a Reply