VLAN Questions 2

November 19th, 2018 Go to comments

Question 1

Question 2

Question 3


The default Ethernet VLAN is VLAN 1. It is a security best practice to configure all the ports on all switches to be associated with VLANs other than VLAN 1. All used ports are associated with VLANs distinct from VLAN 1.

All control/management traffic (like CDP, VTP, DTP…) is sent on VLAN 1 and we should separate management and user data traffic. Another reason is by default, the native VLAN is also VLAN 1 which is untagged on trunk links so it may cause a security hole.

Question 4


The native VLAN must match on both sides of the trunk link for 802.1Q; otherwise the link will not work. If there is a native VLAN mismatch, Spanning Tree Protocol (STP) places the port in a port VLAN ID (PVID) inconsistent state and will not forward on the link -> STP can detect native VLAN mismatch.

Note: Cisco Discovery Protocol (CDP) version 2 passes native VLAN information between Cisco switches. If you have a native VLAN mismatch, you will see CDP error messages on the console output like this:

Dec 9 14:10:21: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/1 (1), with FastEthernet0/2 (301)

Therefore CDP can also detect native VLAN mismatch.

Question 5

Question 6


Answer A is not correct because when a packet is received from an 802.1Q trunk, it always carries VLAN ID information in the VLAN tag portion so the switch does not need to look up its source MAC address table to determine the VLAN ID of that packet.

Question 7

Question 8

Question 9

