CCNP Exam Prep Tips and Must Knows

examstudytest157868103

Things You’ll Need to Know about VLAN Deployment:

 

End-to-End VLANs

  • Geographically dispersed users appear on the same subnet
  • Same policy can be applied to same group of users
  • All switches need to know all VLANs
  • Broadcast frames flood all switches
  • Troubleshooting may be challenging

Local VLANs

  • Design is scalable
  • Troubleshooting is easier
  • Traffic flow is predictable
  • Redundant paths can be built easily
  • More routing devices are required than in end-to-end model
  • Users belong to the same broadcast domain when they are at the same location

Dynamic Trunking Protocol – DTP

 

Dynamic Auto

Dynamic Desirable

Trunk

Access

Dynamic Auto

Access

Trunk

Trunk

Access

Dynamic Desirable

Trunk

Trunk

Trunk

Access

Trunk

Trunk

Trunk

Trunk

Limited Connectivity

Access

Access

Access

Limited Connectivity

Access

Trunk Configuration Recommendations

  • Configure VLANs
  • Configure trunk mode
  • Disable trunk negotiation
  • Manually remove unnecessary VLANs from trunks
  • Configure native vlan to unused VLAN
  • Disable trunking on host ports
  • Do not use VTP

Private VLANs

  • A primary VLAN is associated with secondary VLANs
  • The secondary VLANs are either isolated VLANs  or community VLANs
  • Hosts can communicate with promiscuous ports
  • The hosts on community VLANs can also communicate within same community
  • A promiscuous port communicates with all other ports
  • Typically a promiscuous port connects to a Layer 3 switch that is configured as the default gateway for hosts

Private VLAN Configuration

  • VTP must be configured as Transparent Mode
    • Sw(config)# vtp transparent
    • Create secondary VLANs
    • Sw(config)# vlan 201
    • Sw(config-vlan) # private-vlan community
  • Create a primary VLAN and associate the secondary VLANs to it
    • Sw(config-vlan)# vlan 100
    • Sw(config-vlan)# private vlan primary
    • Sw(config-vlan)# private-vlan association 201
  • Secondary VLANs will be configured as community ports or isolated ports
    • Sw(config-if)# switchport mode private-vlan host
    • Sw(config-if)# switchport private-vlan host-associate 100 201
  • Configure switch ports as host or promiscuous
    • Sw(config-if)# switchport mode private-vlan promiscuous
    • Sw(config-if)# switchport private-vlan mapping 100 201

Make sure you can configure:

  • VLANs
  • Access ports
  • Trunk ports      
  • VTP
  • Private VLANs
  • Disable DTP

Know how to:

  • Limit VLANs allowed in a trunk
  • Configure Native VLAN
  • Configure trunk encapsulation

Make sure you are familiar with output:

  • Show interface status
  • Show vtp status
  • Show interface switchport
  • Show interface trunk
In this article

Join the Conversation