Question 200 of 530 from exam 400-251: CCIE Security written exam

BDE.

Sure! Here are detailed explanations for each statement regarding VLANs:

A. To create a new VLAN on a Cisco Catalyst switch, the VLAN name, VLAN ID, and VLAN type must all be specifically configured by the administrator.

This statement is true. When creating a VLAN on a Cisco Catalyst switch, the administrator must specify the VLAN name, VLAN ID, and VLAN type. The VLAN name is a user-friendly name that can be used to identify the VLAN, while the VLAN ID is a unique number that identifies the VLAN. The VLAN type specifies the type of traffic that will be carried by the VLAN, such as IP traffic, IPX traffic, or voice traffic.

B. A VLAN is a broadcast domain.

This statement is also true. A VLAN is a logical grouping of devices that share the same broadcast domain. In other words, devices within a VLAN can communicate with each other using broadcasts and multicast traffic, but cannot communicate directly with devices in other VLANs without the use of a Layer 3 device, such as a router.

C. Each VLAN must have an SVI configured on the Cisco Catalyst switch for it to be operational.

This statement is true. An SVI (Switched Virtual Interface) is a virtual interface that represents a VLAN on a switch. In order for a VLAN to be operational, an SVI must be configured for that VLAN on the switch. The SVI provides Layer 3 connectivity for the devices in the VLAN and allows them to communicate with devices in other VLANs.

D. The native VLAN is used for untagged traffic on an 802.1Q trunk.

This statement is true. The native VLAN is a VLAN that is not tagged with an 802.1Q VLAN ID when it is sent across an 802.1Q trunk. It is used to carry untagged traffic across the trunk, such as traffic from devices that do not support 802.1Q tagging. By default, the native VLAN on a Cisco Catalyst switch is VLAN 1, but it can be changed to any other VLAN.

E. VLANs can be connected across wide-area networks.

This statement is also true. VLANs can be extended across wide-area networks (WANs) using technologies such as VLAN Trunking Protocol (VTP), Layer 2 Tunneling Protocol (L2TP), and Virtual Private LAN Service (VPLS). However, it is important to ensure that the WAN links have sufficient bandwidth to support the traffic that will be carried by the VLANs, and that appropriate security measures are in place to protect the VLAN traffic as it crosses the WAN.