[TABS_R id=12073]
Which statements are NOT true regarding Virtual Local Area Networks (VLANs)? (Choose two.)
- VLANs define broadcast domains.
- VLANs are logical groups of hosts.
- VLANs are location-dependent.
- VLANs are limited to a single switch.
- VLANs may be subnets of major networks.
Explanation:
VLANs are NOT location-dependent and can span to multiple switches using trunk links. VLANs provide location independence that makes addition, change, and movement of networking devices a simple process. VLANs allow you to group people according to their job function, which also eases the implementation of security policies.
A VLAN is a group of networking devices in the same broadcast domain. Each time you create a new VLAN on a switch, a new broadcast domain is created. VLANs are not restricted to any physical boundary in the switched network. VLANs operate as separate subnets, and so for inter-VLAN communication to occur there must be a router in the network or a route feature card in one of the switches. In other words, if a switch is configured with two VLANs, and there are hosts connected to the VLANs, then hosts in one VLAN will be unable to connect to hosts in another VLAN if the switch is not connected to a router.
VLANs are logical groups of hosts. A host or user can be located anywhere in the switched network and still belong to the same broadcast domain. If you move a host from one switch to another switch in the same switched network, you can still keep the host in the original VLAN.
VLANs may be subnets of a major network. A subnet is a contained broadcast domain. A broadcast that occurs in one subnet will not be forwarded, by default, to another subnet. Layer 3 devices provide the forwarding function at boundary. Each of these subnets requires a unique network number. To move from one network number to another, you need a Layer 3 device. Each VLAN is a separate broadcast domain and requires a Layer 3 device for inter-VLAN routing.
Securing access to sensitive devices can be achieved in two steps:
– Access lists enforced at the router
– Restricted VLANs configured on the switches
– From a security standpoint, devices can be placed on a private VLAN to prevent sensitive information from being captured by devices on other VLANs. Access lists enforced at the router can be used to prevent unauthorized access to the private VLAN.
VLANs provide the following benefits:
– Logical, rather than physical, grouping of devices
– Grouping of devices by function or department
– Enhanced network security
– Decreased size of broadcast domains with the increased number of broadcast domains
– VLAN greatly simplify adding, moving and changing host in the network
VLANs have the following characteristics:
– VLANs logically divide a switch into multiple, independent switches at Layer 2
– A VLAN can span multiple switches
– Trunk links can carry traffic for multiple VLANs between the switches and between the switch and a router
– VLAN create segmented broadcast domains in switched networks
Objective:
LAN Switching Fundamentals
Sub-Objective:
Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches
[TABS_R id=12073]