bcmsn30s02 vlan
TRANSCRIPT
![Page 1: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/1.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 1/66
![Page 2: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/2.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 2/66
Issues in a Poorly Designed Network
• Unbounded failuredomains
• Large broadcast domains
• Large amount of
unknown MAC unicasttraffic
• Unbounded multicasttraffic
• Management and
support challenges
• Possible securityvulnerabilities
![Page 3: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/3.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 3/66
Scalable Network Addressing
• Allocate IP address spaces in contiguous blocks.
• Allocate one IP subnet per VLAN.
IT, Human Resources Sales, Marketing Finance, Accounting
![Page 4: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/4.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 4/66
Interconnection Technologies
Technology Use
Fast Ethernet Connects end-user devices to the access
layer switchGigabitEthernet
Access to distributionswitch, high-use servers
10-GigabitEthernet
High-speed switch toswitch links, backbones
EtherChannel High-speed switch toswitch links, backboneswith redundancy
![Page 5: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/5.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 5/66
Determining Equipment and Cabling Needs
Each link providesadequate bandwidth for traffic aggregating over
that link.
![Page 6: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/6.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 6/66
VLANs and the Logical Network
![Page 7: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/7.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 7/66
Network Traffic Types
Traffic types to consider:
• Network management
• IP telephony
• Multicast
• Normal data
• Scavenger class
![Page 8: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/8.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 8/66
Traffic Path for IP Telephony
Consider complete traffic path when placing equipment andconfiguring VLANs.
![Page 9: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/9.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 9/66
Traffic Path for IP Multicast
Consider complete traffic path when placing equipment andconfiguring VLANs.
![Page 10: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/10.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 10/66
Summary
• Poorly designed networks can lead to large broadcastdomains.
• A hierarchical IP addressing scheme scales well in the CampusInfrastructure module.
•
The interconnection technology used depends on the amountof traffic the link must carry.
• Select the best equipment, cabling, and interconnectiontechnologies to connect devices.
• VLANs should map to the IP hierarchy for the Campus
Infrastructure module.• Separate voice and data VLANs are recommended.
![Page 11: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/11.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 11/66
Defining VLANs
Implementing VLANs
![Page 12: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/12.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 12/66
What Is an End-to-End VLAN?
• Users are grouped into VLANs independent of physicallocation.
• If users are moved within the campus, their VLANmembership remains the same.
![Page 13: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/13.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 13/66
What Is a Local VLAN?
Local VLANs are generally confined to a wiring closet.
![Page 14: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/14.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 14/66
Benefits of Local VLANs in the ECNM
• Deterministic traffic flow
• Active redundant paths
• High availability
• Finite failure domain
• Scalable design
![Page 15: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/15.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 15/66
VLAN Configuration Modes
Global Mode
Switch# configure terminal Switch(config)# vlan 3 Switch(config-vlan)# name Vlan3Switch(config-vlan)# exit Switch(config)# end
![Page 16: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/16.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 16/66
VLAN Configuration Modes
Database Mode
Switch# vlan database
Switch(vlan)# vlan 3
VLAN 3 added: Name: VLAN0003
Switch(vlan)# exit APPLY completed.Exiting....
![Page 17: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/17.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 17/66
VLAN Access Ports
The access switch port associated with a single data VLAN
![Page 18: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/18.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 18/66
VLAN Implementation Commands
Configuring VLANs
• vlan 101
• switchport mode access
• switchport access vlan 101
Verifying VLANs
• show interfaces
• show vlan
![Page 19: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/19.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 19/66
How to Implement a VLAN
• Create or configure a VLAN.
• Verify VLAN configuration.
• Associate switch ports withthe VLAN.
• Verify switch portconfiguration.
• Test VLAN connectivity.
• Implement VLAN and switchsecurity.
![Page 20: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/20.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 20/66
Configuring an Access VLAN
Switch(config)# vlan vlan_id
Create a VLAN.
Switch(config-vlan)# name vlan_name
Provide a VLAN name.
Switch(config-if)# switchport mode access
Place the switch port into access mode.
Switch(config-if)# switchport access vlan vlan_id
Associate the access switch port with a VLAN.
![Page 21: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/21.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 21/66
Verifying the Access VLAN Configuration
Switch#show vlan
VLAN Name Status Ports---- -------------------------------- --------- ---------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/7, Fa0/911 asw11_data active12 asw12_data active95 VLAN0095 active Fa0/8
99 Trunk_Native active100 Internal_Access active111 voice-for-group-11 active112 voice-for-group-12 active1002 fddi-default act/unsup1003 token-ring-default act/unsup1004 fddinet-default act/unsup1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1----- ---------- ----- ------ ------ -------- ---- -------- ------
1 enet 100001 1500 - - - - - 011 enet 100011 1500 - - - - - 0. . . . .. . . .. . .
![Page 22: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/22.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 22/66
Summary
• An end-to-end VLAN is geographically dispersed throughoutthe network.
• Local VLANs should be created with physical boundaries inmind.
•VLANs solve issues that arise in a Layer 2 switched network.
• VLANs can be configured globally or in VLANdatabase mode.
• An access switch port is associated with one VLAN.
• Cisco provides a series of commands to configure a VLANand verify configuration on an access switch.
• A series of ordered steps should be followed to implementa VLAN.
![Page 23: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/23.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 23/66
Defining VLANs
Implementing Trunks
![Page 24: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/24.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 24/66
Maintaining Specific VLAN Identification
•
Specifically developed for multi-VLAN interswitchcommunications
• Places a unique identifier in each frame
• Functions at Layer 2
![Page 25: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/25.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 25/66
VLAN Trunking
![Page 26: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/26.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 26/66
Comparing ISL and 802.1Q
ISL 802.1Q
Proprietary Nonproprietary
Encapsulated Tagged
Protocol independent Protocol dependent
Encapsulates the oldframe in a new frame
Adds a field tothe frame header
![Page 27: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/27.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 27/66
Trunking with ISL
• Is a Cisco proprietaryprotocol
• Supports PVST
• Uses an encapsulation
process• Does not modify the
original frame
![Page 28: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/28.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 28/66
ISL Encapsulation
![Page 29: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/29.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 29/66
Trunking with 802.1Q
• An IEEE standard
• Adds a 4-byte tag tothe original frame
• Additional tagincludes a priority
field
• Does not tag framesthat belong to thenative VLAN
• Supports Cisco IP
telephony
![Page 30: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/30.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 30/66
The 802.1Q Tagging Process
![Page 31: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/31.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 31/66
802.1Q Native VLAN
Native VLAN frames are carried over the trunk link untagged.
![Page 32: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/32.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 32/66
VLAN Ranges
VLAN Range Use
0, 4095 Reserved for system use only
1 Cisco default
2 –1001 For Ethernet VLANs
1002 –1005 Cisco defaults for FDDI and Token Ring
1006 –4094 Ethernet VLANs only, unusable on specificlegacy platforms
![Page 33: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/33.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 33/66
Trunking Configuration Commands
Configuring a Trunk
• switchport trunk
• switchport mode
• switchport nonegotiate
• Trunks can be configured statically or via DTP.
• DTP provides the ability to negotiate the trunking method.
![Page 34: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/34.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 34/66
Switchport Mode Interactions
Dynamic
Auto
Dynamic
DesirableTrunk Access
Dynamic
AutoAccess Trunk Trunk Access
DynamicDesirable
Trunk Trunk Trunk Access
Trunk Trunk Trunk TrunkNot
recommended
Access Access Access
Not
recommended Access
Note: Table assumes DTP is enabled at both ends.
• show dtp interface – to determine current setting
![Page 35: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/35.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 35/66
How to Configure Trunking
1. Enter interface configuration mode.
2. Shut down interface.
3. Select the encapsulation (802.1Q or ISL).
4. Configure the interface as a Layer 2 trunk.
5. Specify the trunking native VLAN (for 802.1Q).
6. Configure the allowable VLANs for this trunk.
7. Use the no shutdown command on the interface toactivate the trunking process.
8. Verify the trunk configuration.
![Page 36: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/36.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 36/66
802.1Q Trunk Configuration
Switch(config)#interface fastethernet 5/8
Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport trunk allowed vlan 1,5,11,1002-1005 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk native vlan 99Switch(config-if)#switchport nonegotiate Switch(config-if)#no shutdown
![Page 37: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/37.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 37/66
Verifying the 802.1Q Configuration
Switch#show running-config interface {fastethernet |gigabitethernet} slot/port
Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ]
Switch#show interfaces fastEthernet 5/8 switchport Name: fa5/8Switchport: Enabled
Administrative Mode: trunkOperational Mode: trunk
Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off Access Mode VLAN: 1 (default)Trunking Native Mode VLAN: 99 (trunk_only)
Trunking VLANs Enabled: 1,5,11,1002-1005Pruning VLANs Enabled: 2-1001
. . .
![Page 38: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/38.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 38/66
Verifying a 802.1Q Dynamic Trunk Link
Switch#show running-config interface fastethernet 5/8
Building configuration...
Current configuration:
!
interface FastEthernet5/8
switchport mode dynamic desirable
switchport trunk encapsulation dot1q
Switch#show interfaces fastethernet 5/8 trunk
Port Mode Encapsulation Status Native vlan
Fa5/8 desirable 802.1q trunking 99
Port Vlans allowed on trunk
Fa5/8 1,5,11,1002-1005
Port Vlans allowed and active in management domain
Fa5/8 1,5,1002-1005
Port Vlans in spanning tree forwarding state and not pruned
Fa5/8 1,5,1002-1005
![Page 39: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/39.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 39/66
ISL Trunk Configuration
Switch(config)#interface fastethernet 2/1 Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation isl
Switch(config-if)#switchport trunk allowed vlan 1-5,1002-1005 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport nonegotiate Switch(config-if)#no shutdown
![Page 40: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/40.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 40/66
Verifying ISL Trunking
Switch#show running-config interface {fastethernet |gigabitethernet} slot/port
Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ]
Switch#show interfaces fastethernet 2/1 trunk
Port Mode Encapsulation Status Native VLANFa2/1 trunk isl trunking 99
Port VLANs allowed on trunk
Fa2/1 1-5,1002-1005
Port VLANs allowed and active in management domainFa2/1 1-2,1002-1005
Port VLANs in spanning tree forwarding state and not pruned Fa2/1 1-2,1002-1005
![Page 41: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/41.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 41/66
Summary
• Trunk links carry traffic from multiple VLANs.
• ISL is Cisco proprietary and encapsulates the Layer 2 frames.
• 802.1Q is an IEEE standard for trunking, which implements a4-byte tag.
• The 802.1Q native VLANs forward frames without the tag.
• VLAN numbers have specific ranges and purposes.
• Various commands are used to configure and verify ISL and802.1Q trunk links.
•
Allow only required VLANs over the trunk.
![Page 42: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/42.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 42/66
Defining VLANs
Propagating VLAN Configurations with VTP
![Page 43: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/43.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 43/66
The VTP Domain
• Group of switches that exchange VLAN information
• VLANs administered centrally at a chosen switch
![Page 44: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/44.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 44/66
The VTP Protocol
• Advertises VLAN configuration information
• Maintains VLAN configuration consistency throughout acommon administrative domain
• Sends advertisements on trunk ports only
![Page 45: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/45.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 45/66
VTP Modes
Client
• Cannot create, change,
or delete VLANs• Forwards advertisements
• Synchronizes VLANconfigurations
• Does not save inNVRAM
Transparent
• Creates, modifies, and deletes local VLANs
• Forwards advertisements
• Does not synchronize VLAN configurations
• Saves configuration in NVRAM
Server (default mode)
• Creates, modifies, and deletes VLANs
• Sends and forwards advertisements
• Synchronizes VLAN configurations
• Saves configuration in NVRAM
![Page 46: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/46.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 46/66
Pruning Disabled Pruning Enabled
VTP Pruning
• Uses bandwidth more efficiently by reducing unnecessaryflooded traffic
• Example: Station A sends broadcast; broadcast flooded onlytoward any switch with ports assigned to the red VLAN
![Page 47: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/47.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 47/66
VTP Operation
•
VTP advertisements are sent as multicast frames.• VTP servers and clients are synchronized to the latest revision number.
• VTP advertisements are sent every 5 minutes or when there is a change.
![Page 48: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/48.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 48/66
VTP Configuration Commands
Configuring VTP
• vtp domain
• vtp mode
• vtp password
Verifying VTP
• show vtp status
• show vtp counters
![Page 49: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/49.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 49/66
Configuring a VTP Management Domain
Configure each switch in the following order to avoiddynamic learning of the domain name:
• VTP password
• VTP domain name (case sensitive)
• VTP mode (server mode is the default)
![Page 50: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/50.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 50/66
Configuring and Verifying VTP
Switch#show vlan brief
• Displays a list of current VLANs
Switch(config)#vtp mode
• Sets the VTP mode to server, client, or transparent
Switch(config)#vtp domain domain_name
• Sets the VTP domain name
Switch# show vtp status
• Displays the current settings for VTP
• Sets the VTP password
Switch(config)#vtp password password_string
![Page 51: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/51.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 51/66
Verifying the VTP Configuration
Switch#show vtp status
VTP Version : 2Configuration Revision : 28 Maximum VLANs supported locally : 1005 Number of existing VLANs : 17 VTP Operating Mode : Client VTP Domain Name : BCMSN VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80Configuration last modified by 10.1.1.1 at 8-12-05 15:04:49Switch#
Switch#show vtp status
![Page 52: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/52.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 52/66
Verifying the VTP Configuration (Cont.)
Switch#show vtp counters
VTP statistics:Summary advertisements received : 7
Subset advertisements received : 5Request advertisements received : 0Summary advertisements transmitted : 997Subset advertisements transmitted : 13Request advertisements transmitted : 3 Number of config revision errors : 0 Number of config digest errors : 0 Number of V1 summary errors : 0
VTP pruning statistics:Trunk Join Transmitted Join Received Summary advts received from
non-pruning-capable device---------------- ---------------- ---------------- ---------------------------Fa5/8 43071 42766 5
Switch#show vtp counters
![Page 53: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/53.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 53/66
Adding a Switch to an Existing VTP Domain
Ensure a new switch has VTP revision 0 before adding itto a network.
![Page 54: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/54.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 54/66
Summary
• Switches in a VTP domain share VLAN information.
• VTP advertises VLAN information.
• VTP operates in one of three modes: server, client, or transparent.
• VTP Pruning uses available bandwidth more efficiently.
• VTP uses a specific process to distribute and synchronizeVLAN information between switches.
• Various commands are used to configure and verify VTPoperation on a switch.
• VTP commands should be applied in a particular order.
• Specific steps should be followed when adding a new switchto an existing VTP domain.
![Page 55: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/55.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 55/66
Defining VLANs
Correcting Common VLAN ConfigurationErrors
![Page 56: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/56.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 56/66
Issues with 802.1Q Native VLAN
• Native VLAN frames are carried over the trunk link untagged.
• A native VLAN mismatch will merge traffic between VLANs.
![Page 57: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/57.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 57/66
802.1Q Native VLAN Considerations
•
Native VLAN must match at ends of trunk; otherwise, frames will“leak” from one VLAN to another.
• By default, the native VLAN will be VLAN1.
– Avoid using VLAN1 for management purposes.
• Eliminate native VLANs from 802.1Q trunks by making the native
VLAN an “unused” VLAN.
![Page 58: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/58.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 58/66
Explaining Trunk Link Problems
• Trunks can be configured statically or autonegotiated with DTP.
• For trunking to be autonegotiated, the switches must be in the sameVTP domain.
• Some trunk configuration combinations will successfully configurea trunk, some will not.
• Will any of the above combinations result in an operational trunk?
![Page 59: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/59.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 59/66
Resolving Trunk Link Problems
• When using DTP, ensure that both ends of the link are in thesame VTP domain.
• Ensure that the trunk encapsulation type configured on bothends of the link is valid.
•
On links where trunking is not required, DTP should beturned off.
• Best practice is to configure trunk and nonegotiate wheretrunks are required.
![Page 60: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/60.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 60/66
Common Problems with VTP Configuration
• Updates not received as expected
– VTP domain and passwordmust match.
• Missing VLANs
– Configuration has beenoverwritten by another VTPdevice.
• Too many VLANs
– Consider making VTP domainsmaller.
Example of New Switch Overwriting
![Page 61: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/61.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 61/66
Example of New Switch Overwritingan Existing VTP Domain
VTP Version : 2Configuration Revision : 1Maximum VLANs supported locally : 1005
Number of existing VLANs : 6VTP Operating Mode : Server VTP Domain Name : building1
VTP Version : 2Configuration Revision : 2Maximum VLANs supported locally : 1005
Number of existing VLANs : 7VTP Operating Mode : ClientVTP Domain Name : building1
New switch not connected
Example of New Switch Overwriting an
![Page 62: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/62.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 62/66
Example of New Switch Overwriting anExisting VTP Domain (Cont.)
VTP Version : 2Configuration Revision : 2Maximum VLANs supported locally : 1005Number of existing VLANs : 7VTP Operating Mode : Server VTP Domain Name : building1
VTP Version : 2Configuration Revision : 2Maximum VLANs supported locally : 1005Number of existing VLANs : 7VTP Operating Mode : ClientVTP Domain Name : building1
New switch connected
![Page 63: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/63.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 63/66
Implementing VTP in the ECNM
• Plan VTP domain boundaries.
• Have only one or two VTP servers.
• Configure a VTP password.
• Manually configure the VTP domain name on all devices.
• When setting up a new domain:
– Configure VTP client switches first so that they participatepassively.
• When cleaning up an existing VTP domain:
–Configure passwords on servers first because clients mayneed to maintain current VLAN information until the server is verified as complete.
![Page 64: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/64.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 64/66
Summary
• 802.1Q native VLAN can cause security issues.
• Configure the native VLAN to be an “unused” VLAN.
• Some trunk link configuration combinations can result inproblems on the link.
•Best practice is to configure trunks statically rather thanwith DTP.
• Misconfiguration of VTP can give unexpected results.
• Make only one or two VTP servers; keep the remainder asclients.
![Page 65: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/65.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 65/66
Module Summary
• A poorly designed network leads to large broadcast domains.
• Global configuration mode is the preferred way of creatingand managing VLANs.
• Multiple VLANs can be carried on a single access todistribution link by configuring VLAN trunking.
• VLAN configuration information can be sent betweenswitches using VTP.
• VLAN configuration issues can lead to unexpectedcommunication problems.
![Page 66: BCMSN30S02 VLAN](https://reader034.vdocuments.us/reader034/viewer/2022051201/577cdaa51a28ab9e78a62464/html5/thumbnails/66.jpg)
7/27/2019 BCMSN30S02 VLAN
http://slidepdf.com/reader/full/bcmsn30s02-vlan 66/66