Site hosted by Angelfire.com: Build your free website today!

INTERNETWORKING III

 

CHAPTER 3 STUDY GUIDE

 

A VLAN is a logical grouping of devices or users. These devices or users can be grouped by function, department, or application, regardless of their physical segment location. VLAN configuration is done at the switch via software. VLANs are not standardized and require the use of proprietary software from the switch vendor.

 

 

1.     VLANs logically segment the physical LAN infrastructure into different subnets (or broadcast domains for Ethernet) so that broadcast frames are switched only between ports within the same VLAN.

 

2.     VLAN technology is a cost-effective and efficient way of grouping network users into virtual workgroups regardless of their physical location on the network. Some of the main differences between LANs and VLANs are as follows:

·        VLANs work at Layer 2 and Layer 3 of the OSI reference model.

·        Communication between VLANs is provided by Layer 3 routing.

·        VLANs provide a method of controlling network broadcasts.

·        The network administrator assigns users to a VLAN.

·        VLANs can increase network security by defining which network nodes can communicate with each other.

 

3.     Circle the correct word to make each statement true.
The backbone commonly acts as the collection point for large volumes of traffic. It also carries end-user VLAN information and identification between switches, routers, and directly attached servers. Within the backbone, (high/low)-bandwidth, (high/low) -capacity links are typically chosen to carry the traffic throughout the enterprise.

 

4.     The traditional role of a router is to provide firewalls, broadcast management, and route processing and distribution.

 

5.     Routers are one of the core components of VLAN communications.

 

6.     The most common approaches for logically grouping users into distinct VLANs are frame filtering and frame identification (frame tagging). Both of these techniques look at the frame when it is either received or forwarded by the switch. Based on the set of rules defined by the administrator, these techniques determine where the frame is to be sent, filtered, or broadcast. These take place at Layer 2.

 

7.     Frame tagging uniquely assigns a VLAN ID to each frame. The VLAN IDs are assigned to each VLAN in the switch configuration by the switch administrator. This technique was chosen by the Institute of Electrical and Electronic Engineers (IEEE) standards group because of its scalability. IEEE 802.1q states that frame tagging is the way to implement VLANs.

 

 

8.     A VLAN makes up a switched network that is logically segmented by:

·        function

·        project teams

·        applications

 

9.     The three VLAN implementation methods that can be used to assign a switch port to a VLAN are:

·        port-centric

·        static

·        dynamic

 

10.  Port-centric VLANs use the same VLAN ID. This method makes the  administrator's job easier and the network more efficient because:

·        Users are assigned by port.

·        VLANs are easily administered.

·        It provides increased security between VLANs.

·        Packets do not "leak" into other domains.

 

11.  Circle the correct word to make each statement true.
(Dynamic/Static) VLANs are ports on a switch that you manually assign to a VLAN. They are secure, easy to configure, and straightforward to monitor, and they work well in networks in which moves are controlled and managed.

 

12.  Circle the correct word to make each statement true.
(Dynamic/Static) VLANs are ports on a switch that can automatically determine their VLAN assignments.

 

13.  List the three bases for dynamic VLAN functions.

·        MAC address

·        logical addressing

·        protocol type of the data packets

 

14.  VLANs are a significant improvement over the typical LAN-based techniques used in wiring closets because they require less rewiring, configuration, and debugging. Router configuration is left intact; a simple move for a user from one location to another does not create any configuration modifications in the router if the user stays in the same VLAN.

 

15.  Firewall protection is commonly provided by a router.

 

16.  VLANs are an effective mechanism for extending firewalls from the routers to the switch fabric and protecting the network against potentially dangerous broadcast problems.

 

17.  One cost-effective and easy administrative technique to increase security is to segment the network into multiple broadcast groups which allows the network manager to:

·        Restrict the number of users in a VLAN group

·        Prevent another user from joining without first receiving approval from the VLAN network management application

·        Configure all unused ports to a default low-service VLAN

 

18.  Restricted applications and resources are commonly placed in a secured VLAN group. On the secured VLAN, the switch restricts access into the group. Restrictions can be placed based on station addresses, application types, or protocol types.

 

19.  Using access control lists, you can add more security enhancements to a VLAN.

 

20.  Each hub segment connected to a switch port can be assigned to only one VLAN.