FAQ-VLAN# INTERVIEW PREP GUIDE ABOUT VIRTUAL LOCAL AREAN NETWORK
'Practical term used in professional training'
🔹 What is a VLAN and how does it improve scalability and security ?
A VLAN (Virtual LAN) logically segments a switch into multiple broadcast domains, reducing broadcast traffic, improving performance, enhancing security, and simplifying network management.
🔹 How does VLAN tagging work in IEEE 802.1Q ?
802.1Q inserts a 4-byte tag into Ethernet frames containing VLAN ID, priority (PCP), and DEI. Tagged frames allow multiple VLANs over a single trunk link.
🔹 Difference between access ports and trunk ports
Access port: Carries traffic for one VLAN (untagged) & Trunk port: Carries multiple VLANs using 802.1Q tagging.
🔹 Explain native VLAN and its security implications ?
Native VLAN carries untagged traffic on a trunk. Misuse can lead to VLAN hopping attacks if not secured.
🔹 What happens if native VLANs mismatch ?
Causes traffic leakage, STP issues, and potential security breaches.
🔹 How does a switch handle untagged frames on a trunk port ?
They are assigned to the native VLAN.
🔹 What is VLAN hopping ?
An attack allowing access to unauthorized VLANs. Switch spoofing
Double tagging.
🔹 How to prevent VLAN hopping ?
Disable DTP, Use unused native VLAN, Force access mode on ports, Disable unused ports.
🔹 What is DTP ?
Dynamic Trunking Protocol automatically negotiates trunking between Cisco switches.
🔹 Why is DTP a security risk ?
Attackers can force trunk formation to access multiple VLANs.
🔹 Static VLAN vs Dynamic VLAN ?
Static: Port-based manual assignment
Dynamic: VLAN assigned via VMPS/RADIUS (Old one), Now DHCP (New one technology).
🔹 What is Voice VLAN ?
A special VLAN for IP phones to prioritize voice traffic using QoS.
🔹 How does STP work in VLANs ?
STP prevents loops per VLAN or per instance depending on STP mode.
🔹 What is PVST+ ?
Cisco STP implementation running one STP instance per VLAN.
🔹 PVST+ vs Rapid PVST+ vs MST
PVST+: Slow convergence
Rapid PVST+: Faster (RSTP)
MST: Groups VLANs into instances.
🔹 What is VLAN pruning ?
Restricts unnecessary VLANs from trunk links.
🔹 What is VTP ?
VLAN Trunking Protocol distributes VLAN info across switches and modes also Server, Client, Transparent, Off.
🔹 What is VTP pruning ?
Automatically removes unused VLANs from trunks.
🔹 Risks of VTP ?
Wrong revision number can delete VLANs across the network.
Sol:
| Existing Production Network | A new switch is added to the network, but it was previously used |
|---|---|
| VTP Domain: HTIS VTP Mode: Server VLANs: 10,20,30,40 Current Revision Number: 10 |
Same VTP domain (HTIS) VTP mode = Server Revision number = 50 VLANs = only default VLAN 1 |
| 🔹What Happens When You Connect It? | |
📉 Result:Users disconnected, Servers unreachable, Entire network outage | |
| 🔹Live Command Output (After Damage) | |
| SW1# show vlan brief VLAN Name Status Ports 1 default active | |
1. Set VTP transparent mode
2. Delete vlan.dat
3. Verify revision number is 0
3. Then connect trunk
🔹 What happens if VLAN IDs mismatch and Maximum VLANs supported ?
Traffic loss, broadcast issues, and connectivity failure.
4094 VLANs (12-bit VLAN ID field).
🔹 What is Inter-VLAN routing ?
Routing traffic between VLANs using a router or L3 switch.
🔹 Router-on-a-stick vs L3 switching ?
Router-on-a-stick: External router, trunk link
L3 switch: Internal routing via SVIs (faster)
🔹 What is an SVI ?
Logical L3 interface representing a VLAN.
🔹 How does L3 switch route between VLANs ?
Uses SVIs and routing table for packet forwarding.
🔹 What happens when an SVI is down ?
Inter-VLAN communication for that VLAN stops.
🔹 Can two SVIs have same subnet ?
No, It causes IP conflicts and routing ambiguity.
🔹 Configure routed port : -
interface gi0/1
no switchport
ip address x.x.x.x y.y.y.y
🔹 How does ARP work across VLANs ?
ARP stays within VLAN; router performs ARP for next hop.
🔹 What is Proxy ARP ?
Router replies on behalf of another device; not recommended.
🔹 HSRP/VRRP/GLBP with VLANs ?
Provide gateway redundancy per VLAN using virtual IP.
🔹 what is Role of VLANs in redundancy ?
Supports load balancing, failover, and high availability.
🔹 DHCP relay with VLANs ?
L3 switch forwards DHCP requests to server using helper-address.
🔹 Can one VLAN have multiple subnets ?
Technically yes, but not recommended.
🔹 VLANs with MPLS & Data Centers ?
VLANs integrate with VRF, VXLAN, and MPLS for scalable segmentation.
🔹 Best practices for VLAN design ?
1. Functional segmentation, 2. Avoid VLAN 1, 3. Limit trunk VLANs, 4. Use consistent numbering.
|| Alway be study right sight ||
