switch-enterprisenets and vlans.pdf

8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf

1/118

Enterprise Network Design

& VLAN

XP [email protected]

081-357-661-007


2/118

2

Hierarchical approach

Hierarchical approach to network design enables the network to be:

Efficient

Connect users with resources they need regardless of location

Predictable behavior

High availability

Intelligent

Recover from failures and topology changes quickly in a predeterminedmanner.

Scalable

Supports future expansions and upgrades

Easily Managed

Low maintenance


3/118

3

Layers

Access Layer

Provides End users connect to the network

Layer 2 (VLAN) connectivity

Capabilities

Low cost per switch port High port density

Scalable uplinks to higher layers

VLAN membership, QoS

Resiliency through multiple links

Access Access

Distribution Distribution

Core


4/118

4

Layers

Distribution Layer

Provides

Interconnection between access and core layers

Sometimes called building distribution switches

VLANs and broadcast domains converge (end) here

Where switching (VLANs) meet routing

Capabilities

Aggregation of multiple access-layer devices

High Layer 3 throughput for packet handling (routing)

Security and policy based connectivity functions through access lists orpacket filters

QoS

Scalable and resilient high-speed links to core and access layers

Access Access


Core


5/118

5

Layers

Core Layer (Backbone)

Provides Connectivity of all distribution layer devices to the backbone

Efficient packet switching

Capabilities

High Layer 3 throughput

No costly or unnecessary packet manipulations (ACLs)

Redundancy and resiliency for high availability

Advanced QoS

Access Access


Core


6/118

6

Switch Block

Switch Block consists of:

Two distribution switches that aggregate one or more access

layer switches.

Each access layer switch has a pair of uplinks, one to eachdistribution switch.

Distribution switches may or may not have a link between them.

Many different options!


Access Access


7/118

7

Switch Block

Switch Block

Contains switching devices from access and distribution layers.

All switch blocks connect to the core block (campus backbone).

Contains both Layer 2 and Layer 3 functionality

Distribution Layer

Confines STP, VLAN

Access Layer

Supports individual VLANs


Access Access


8/118


9/118

9

Typical Switch Block Design

Switch block becomes fully dependent upon STP convergence for pathsand loop free connectivity.

Should configure multiple Root bridges to take advantage of redundant

links

Redundant links unused unless load balancing with PVST+ (RSTP)

Various adaptations of this.


Access Access

Core

VLANsA,B VLANsA,B

L2 L2L2 L2

L3

L2

L3


10/118

10

Best Practice Switch Block Design: Option A

Layer 2 connectivity contained at the access layer

Distribution Layer has only Layer 3 links.

VLANs do not span across switches at all. Access Switches

VLANs contained within a single access layer switch, switch chassis orstacked switch

Layer 2 uplinks to distribution switch

No dependence upon STP convergence Layer 3 link between distribution switches


Access Access

Core

VLANA VLAN B

L2

L3

L2L2 L2

L3

L3


11/118

11

Best Practice Switch Block Design: Option B

Limit layer 2 VLANs o the access layer switches.

No dependence on STP convergence. Network convergence and stability is offered by the routing protocol.

Distribution

Core

L3 L3

Distribution L3

L3 L3

AccessAccess


12/118

12

Core Block

Connect two or more switch blocks in a campus network.

Two basic core block designs:

Collapsed Core

Dual Core


13/118

13

Collapsed Core

Collapsed Core: Hierarchy's core layer is collapsed into the

distribution layer switches.

Both distribution and core layer functions provided within the same

switch. Found in smaller campus networks where the additional cost and

performance of separate core switches is not warranted.

Layer 3 Links


14/118

14

Dual Core

Dual Core: Connects two or more switch blocks in a redundant

fashion.

More scalable than collapsed cored.

Layer 3 Links


15/118

Implementing VLANs in Campus Networks


16/118

Implementing

VLAN

Technologies in a

Campus Network


17/118

17

Review VLANs, Trunking and VTP This presentation is a review of:

VLANs

VTP Trunking

DTP

We will examine these topics in more detail in Part 2.


18/118

Virtual Local Area Network (VLAN)

A VLAN is a logical group of end devices.

Broadcasts are contained within VLANs.

Modern design has 1 VLAN = 1 IP subnet. Trunks connect switches so as to transport multiple

VLANs.

Layer 3 devices interconnect VLANs.


19/118

End-to-End VLANs

Each VLAN is distributed geographically throughout the network.

Users are grouped into each VLAN regardless of the physical location

Theoretically easing network management.

As a user moves throughout a campus, the VLAN membership for thatuser remains the same.

Switches are configured for:

VTP server or client mode.


20/118

Local VLANs

Create local VLANs with physical boundaries in mind rather than job functions

of the users.

Local VLANs exist between the access and distribution layers.

Traffic from a local VLAN is routed at the distribution and core levels.

Switches are configured in VTP transparent mode.

One to three VLANs per access layer switch recommended.


21/118

VLAN Support on Catalyst Switches

Catalyst Switch Max VLANs VLAN ID Range

2940 4 1 - 1005

2950/2955 250 1 - 4094

2960 255 1 - 4094

2970/3550/3560/3750 1055 1 - 4094

2848G/2980G/4000/4500 4094 1 - 4094

6500 4094 1 - 4094


22/118

VLAN Ranges on Catalyst Switches

VLAN Range Range Usage Popagated via VTP?

0, 4095 Reserved For system use only. You cannot see

or use these.

n/a

1 Normal Cisco default. You can use this

VLAN, but you cannot delete it.

Yes

2 1001 Normal For Ethernet VLANs. You can create,

use, and delete these.

Yes

1002 1005 Normal Cisco defaults for FDDI and TokenRing. You cannot delete these.

Yes

1006 1024 Reserved For system use only. You cannot see

or use these.

n/a

1025 - 4094 Reserved For Ethernet VLANs only. VTP v 3 only. Notsupported in VTP v1

or v2. Requires VTP

transparent mode for

configuration.


23/118

23

Topology for this presentation

Basic Switch Configuration

Configure VLANs

Configure Trunking

Configure VTP


24/118

24

Follow along with Packet Tracer


25/118

25

Clearing switchesSwi t ch# delete vlan.datDel et e f i l ename [ vl an. dat ] ?Del et e f l ash: vl an. dat ? [ conf i r m]Swi t ch#

Swi t ch# erase startup-configEr asi ng t he nvr am f i l esyst em wi l l r emove al l conf i gur at i on f i l es!

Cont i nue? [ conf i r m][ OK]Er ase of nvr am: compl et eSwi t ch#


26/118

26

Configure Hostname and VLAN 1Swi t ch# configure terminal

Ent er conf i gur at i on commands, one per l i ne. End wi t h CNTL/ Z.

Swi t ch( conf i g) # hostname DLS1

DLS1( conf i g) # interface vlan 1

DLS1( conf i g- i f ) # ip address 10.1.1.101 255.255.255.0

DLS1( conf i g- i f ) # no shutdown

DLS1( conf i g) # end

DLS1#

Configure hostname

Configure VLAN 1

Default: Management VLAN is VLAN 1 (not best practice later)

Allows us to communicate with the switch over the network (ping, telnet ifprivilege and vty passwords configured)

Configure DLS1, DLS2, ALS1 and ALS2 switches on Packet Tracer

Hostname VLAN 1


27/118

27

Swi t ch# configure terminal

Ent er conf i gur at i on commands, one per l i ne. End wi t h CNTL/ Z.

Swi t ch( conf i g) # hostname DLS2

DLS2( conf i g) # interface vlan 1

DLS2( conf i g- i f ) # ip address 10.1.1.102 255.255.255.0DLS2( conf i g- i f ) # no shutdown

Swi t ch# configure terminalEnt er conf i gur at i on commands, one per l i ne. End wi t h CNTL/ Z.Swi t ch( conf i g) # hostname ALS1ALS1( conf i g) # interface vlan 1ALS1( conf i g- i f ) # ip address 10.1.1.103 255.255.255.0ALS1( conf i g- i f ) # no shutdown

Swi t ch# configure terminal

Ent er conf i gur at i on commands, one per l i ne. End wi t h CNTL/ Z.Swi t ch( conf i g) # hostname ALS2ALS2( conf i g) # interface vlan 1ALS2( conf i g- i f ) # ip address 10.1.1.104 255.255.255.0ALS2( conf i g- i f ) # no shutdown

Configurations for other three switches


28/118

28

DLS1( conf i g) # no ip domain-lookup

DLS1( conf i g) # line console 0

DLS1( conf i g- l i ne) # logging synchronous

DLS1( conf i g- l i ne) # exec-timeout 0 0

DLS2( conf i g) # no ip domain-lookup

DLS2( conf i g) # line console 0

DLS2( conf i g- l i ne) # logging synchronous

DLS2( conf i g- l i ne) # exec-timeout 0 0

ALS1( conf i g) # no ip domain-lookup

ALS1( conf i g) # line console 0

ALS1( conf i g- l i ne) # logging synchronous

ALS1( conf i g- l i ne) # exec-timeout 0 0

Configure the line console information

(make your life easier)

ALS2( conf i g) # no ip domain-lookup

ALS2( conf i g) # line console 0

ALS2( conf i g- l i ne) # logging synchronous

ALS2( conf i g- l i ne) # exec-timeout 0 0

Already done in PT file


29/118

29

Our Topology

Redundancy between switches By default, are all links forwarding (active)? Why or why not?

No, Spanning Tree Protocol

Later we will examine how to make use of these blocked links either

with PVST or Etherchannel.

How can we determine which links are forwarding and which are blocked?

?

Note: We will configure 802.1Q between DLS1and DLS2. (Some diagrams may show ISL.)


30/118

30

What does this mean? (All host on same subnet.)

Host B pings Host DHost C pings Host A


31/118

31

Do show vlan on ALS1ALS1# show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/15, Fa0/16

Fa0/17, Fa0/18, Fa0/19, Fa0/20

Fa0/21, Fa0/22, Fa0/23, Fa0/24

Gi0/1, Gi0/2

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 0 0

1003 tr 101003 1500 - - - - - 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0

Notice default VLAN numbers, names, types.

Ports configured to trunk mode will not appear in any of the VLANs.

Are there any ports trunking?

No All ports are in VLAN 1 by default


32/118

32

Do show vtp status on DLS1

DLS1# show vtp statusVTP Ver si on : 2Conf i gur at i on Revi si on : 0Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 5VTP Operat i ng Mode : ServerVTP Domai n Name :VTP Pruni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl ed

MD5 di gest : 0x57 0xCD 0x40 0x65 0x63 0x590x47 0xBDConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 0- 0- 00 00: 00: 00Local updat er I D i s 10. 1. 1. 101 on i nt er f ace Vl 1 ( l owest number ed

VLAN i nt er f ace f ound)DLS1#

How many VLANs does a 3560 switch support?

1005 VLANs (Model and IOS dependent)

How many built-in VLANs are there?

5


33/118

33

Same show vtp status on DLS1DLS1# show vtp statusVTP Ver si on : 2Conf i gur at i on Revi si on : 0Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 5VTP Oper at i ng Mode : Ser ver

VTP Domai n Name :VTP Pruni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl edMD5 di gest : 0x7D 0x5A 0xA6 0x0E 0x9A 0x72 0xA0 0x3AConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 0- 0- 00 00: 00: 00

Local updat er I D i s 10. 1. 1. 101 on i nt er f ace Vl 1 ( l owest number ed VLANi nt er f ace f ound)

What is the default VTP version?

2

What is the starting configuration revision? 0

What is the default VTP Mode?

Server

What is the default VTP domain name? none

The switch in VTP

server mode with the highest

revision number propagates

VLAN information over

trunked ports.

Every time VLAN information

is modified in the VLAN

database the revision number

is increased by one.

More in Part 2!


34/118

34

Do show vtp status on ALS1

ALS1# show vtp status

VTP Ver si on : 2

Conf i gur at i on Revi si on : 0

Maxi mum VLANs suppor t ed l ocal l y : 255

Number of exi st i ng VLANs : 5

VTP Oper at i ng Mode : Ser ver

VTP Domai n Name :

VTP Pruni ng Mode : Di sabl ed

VTP V2 Mode : Di sabl ed

VTP Tr aps Gener at i on : Di sabl ed

MD5 di gest : 0x7D 0x5A 0xA6 0x0E 0x9A 0x72 0xA0 0x3AConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 0- 0- 00 00: 00: 00

Local updat er I D i s 10. 1. 1. 103 on i nt er f ace Vl 1 ( l owest number ed VLANi nt er f ace f ound) #

How many VLANs does a 2960 switch support?


35/118

Configuration: Create a VLAN

To create a new VLAN in global configuration mode.

Swi t ch( conf i g) # vlan vlan-id

vlan-id is 2-1001 or 1025-4094

To name a VLAN in VLAN configuration mode.

Swi t ch( conf i g- vl an) # name vlan-name

vlan-name is a descriptor for the VLAN.

Naming a VLAN is optional.

Swi t ch# configure terminalSwi t ch( conf i g) # vlan 5Swi t ch( conf i g- vl an) # name EngineeringSwi t ch( conf i g- vl an) # exit


36/118

Configuration: Disable Trunk Negotiation on a Port

To disable trunk negotiation on a switch port.

Swi t ch( conf i g- i f ) # switchport mode access

This command is optional but is recommended for security purposes.

An access port does not need to negotiate trunk formation.

To configure an optional macro for switch access ports.

Swi t ch( conf i g- i f ) # switchport host

This command optimizes a Layer 2 port for a host connection.

This macro sets the port mode to access, enables spanning-tree

portfast, and disables EtherChannel.

To assign a port to a VLAN in interface configuration mode.

Swi t ch( conf i g- i f ) # switchport access vlan vlan-id

vlan-id is a previously created VLAN or will be created.


37/118

Example: Assigning a Port to a VLAN

Swi t ch( conf i g) # interface FastEthernet 5/6Swi t ch( conf i g- i f ) # description PC ASwi t ch( conf i g- i f ) # switchport hostswi t chpor t mode wi l l be set t o accessspanni ng- t r ee por t f ast wi l l be enabl edchannel gr oup wi l l be di sabl edSwi t ch( conf i g- i f ) # switchport access vlan 200

Swi t ch( conf i g- i f ) # no shutdownSwi t ch( conf i g- i f ) # end


38/118

Verification: VLAN Configuration

The show vlan command and its derivatives are the

most useful commands for displaying information related to

VLANs. The following two forms have the same output.

Swi t ch# show vl an i d 3VLAN Name St at us Por t s

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

3 VLAN0003 act i ve Fa0/ 1

VLAN Type SAI D MTU Par ent Ri ngNo Br i dgeNo St p Br dgMode Tr ans1 Tr ans2

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

3 enet 100003 1500 - - - - - 0 0

Swi t ch# show vl an name VLAN0003VLAN Name St at us Por t s- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -3 VLAN0003 act i ve Fa0/ 1

VLAN Type SAI D MTU Par ent Ri ngNo Br i dgeNo St p Br dgMode Tr ans1 Tr ans2- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -3 enet 100003 1500 - - - - - 0 0


39/118

Verification: Interface Configuration

The show running-config command has an

interface keyword option to allow for interface-specific

output.

Swi t ch# show running-config interface FastEthernet 5/6Bui l di ng conf i gur at i on. . .!Cur r ent conf i gur at i on : 33 byt esi nt er f ace Fast Et her net 5/ 6swi t chpor t access vl an 200swi t chpor t mode accessswi t chpor t hostend


40/118

Verification: Switch Port Configuration

One of the most useful commands for showing VLAN

configuration information specific to a switch port is theshow interfaces interface_id switchport

command.Swi t ch# show interfaces f0/18 switchportName: Fa0/ 18Swi t chpor t : Enabl edAdmi ni st r at i ve Mode: st at i c access

Operat i onal Mode: downAdmi ni st r at i ve Tr unki ng Encapsul at i on: dot 1qNegot i at i on of Tr unki ng: Of fAccess Mode VLAN: 20 ( VLAN0020)

Tr unki ng Nat i ve Mode VLAN: 1 ( def aul t )Admi ni st r at i ve Nat i ve VLAN t aggi ng: enabl ed

Voi ce VLAN: 150 ( VLAN0150)Oper at i onal pr i vat e- vl an: none

Tr unki ng VLANs Enabl ed: ALLPr uni ng VLANs Enabl ed: 2- 1001Capt ure Mode Di sabl edCapt ure VLANs Al l owed: ALL


41/118

Verification: MAC Address Information

You can view MAC address information specific to an

interface and an associated VLAN.

Swi t ch# show mac address-table interface GigabitEthernet 0/1 vlan 1

Mac Addr ess Tabl e- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Vl an Mac Addr ess Type Port s- - - - - - - - - - - - - - - - - - - - - - - -1 0008. 2199. 2bc1 DYNAMI C Gi 0/ 1

Tot al Mac Addr esses f or t hi s cr i t er i on: 1


42/118

ImplementingTrunking in a

Campus Network


43/118

43

VTP, Trunking and DTP

Trunking it when surfing Not so much


44/118

VLAN Trunking

Trunks carry the traffic for multiple VLANs across a single

physical link (multiplexing).

Extends Layer 2 operations across an entire network.


45/118

VLAN Trunking with Inter-Switch Link (ISL)

ISL is Cisco-proprietary trunking protocol.

ISL is nearly obsolete.

ISL encapsulates Ethernet frames, adding 30 bytes ofoverhead.

ISL is supported on non-access-layer Cisco switches.


46/118

VLAN Trunking with IEEE 802.1Q

802.1Q is a widely supported industry-standard protocol.

Smaller frame overhead than ISL.

Overhead is 4 bytes. Has the 802.1p field for QoS support.


47/118

47

VTP (VLAN Trunking Protocol)

Configuring VLANs without VTP.


48/118

48

VTP (VLAN Trunking Protocol)

VLAN Trunk Protocol (VTP) reduces administration in a switched

network.

VLAN information can be configured on a VTP server, which is then

distributed through all switches in the domain.

Do not have to configure on each switch individually.

Cisco-proprietary

http://www.cisco.com/warp/public/473/vtp_flash/

VTP

Message


49/118

49

VTP (VLAN Trunking Protocol) Modes

Server

Can create, modify, and delete VLANs

Configure VTP version and VTP pruning (next week).

Advertise their VLAN configuration to other switches in the same VTP

domain VTP advertisements sent/received over trunk links.

Default mode.

Client

Behave the same way as VTP servers, but you cannot create, change,or delete VLANs on a VTP client.

Transparent

Does not participate in VTP.

Does not advertise its VLAN configuration.

Does not synchronize its VLAN configuration based on receivedadvertisements

Does forward VTP advertisements that they receive out their trunk portsin VTP Version 2.

Off(CatOS switches only)

Behaves the same as in VTP transparent mode with the exception thatVTP advertisements are not forwarded.

DLS1( conf i g) # vtp mode ?

cl i ent Set t he devi ce t o cl i ent mode.

ser ver Set t he devi ce t o ser ver mode.t r anspar ent Set t he devi ce t o t r anspar ent mode.

DLS1( conf i g) #


50/118

50

VTP Verifying the VTP Mode

DLS1# show vtp statusVTP Ver si on : 2Conf i gur at i on Revi si on : 0Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 5VTP Operat i ng Mode : ServerVTP Domai n Name :VTP Pruni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl ed

MD5 di gest : 0x57 0xCD 0x40 0x65 0x63 0x590x47 0xBDConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 0- 0- 00 00: 00: 00Local updat er I D i s 10. 1. 1. 101 on i nt er f ace Vl 1 ( l owest number ed

VLAN i nt er f ace f ound)DLS1#


51/118

51

Configure the VTP domain name on DLS1

DLS1( conf i g) # vtp domain SWLAB

Changi ng VTP domai n name f r om NULL t o SWLAB

Will the other switches receive the domain name in a VTP update?

We will see in a moment.

Hint: Switches transmit VTP messages only over 802.1Q and ISL trunks.

Domain is case

sensitive.


52/118

52

Configure DLS1 as a VTP Server and ALS1 as a

VTP ClientDLS1( conf i g) # vtp mode server

Devi ce mode al r eady VTP SERVER.

Configure other two switches Configure DLS2 switch as a VTP Server

Configure ALS2 switch as a VTP Clients

Verify VTP Mode

ALS1( conf i g) # vtp mode client

Set t i ng devi ce t o VTP CLI ENT mode.


53/118

53

VTP Server and ClientsDLS2( conf i g) # vtp mode serverDevi ce mode al r eady VTP SERVER.DLS2( conf i g) # endDLS2# show vtp statusVTP Ver si on : 2

Conf i gur at i on Revi si on : 0Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 5VTP Operat i ng Mode : ServerVTP Domai n Name :

ALS2( conf i g) # vtp mode client

Set t i ng devi ce t o VTP CLI ENT mode.

ALS2( conf i g) # end


VTP Ver si on : 2




VTP Oper at i ng Mode : Cl i entVTP Domai n Name :

Why do these switches not have the VTP

domain name configured on DLS1?

VLAN information is not

propagated until the VTPDomain Name is learned

through trunked ports.


54/118

54

Non-trunking by defaultALS1# show interfaces fastethernet 0/6 switchportName: Fa0/ 6Swi t chpor t : Enabl edAdmi ni st r at i ve Mode: dynami c aut oOper at i onal Mode: st at i c accessAdmi ni st r at i ve Tr unki ng Encapsul at i on: dot 1q

Oper at i onal Tr unki ng Encapsul at i on: nat i veNegot i at i on of Tr unki ng: OnAccess Mode VLAN: 1 ( def aul t )

Tr unki ng Nat i ve Mode VLAN: 1 ( def aul t )Voi ce VLAN: noneAdmi ni st r at i ve pr i vat e- vl an host - associ at i on: none

Admi ni st r at i ve pr i vat e- vl an mappi ng: noneAdmi ni st r at i ve pr i vat e- vl an t r unk nat i ve VLAN: noneAdmi ni st r at i ve pr i vat e- vl an t r unk encapsul at i on: dot 1qAdmi ni st r at i ve pr i vat e- vl an t r unk nor mal VLANs: noneAdmi ni st r at i ve pr i vat e- vl an t r unk pr i vat e VLANs: noneOper at i onal pr i vat e- vl an: none

Ports on the 2960 and 3560 are set to dynamic auto by default.

Does not try to negotiate a trunk unless one side is configured with

switchport mode trunk command.

This results in the interface being in access mode (non-trunking)

How the port was configured.

How the is operating.

D namic Tr nking Protocol (DTP)


55/118

Dynamic Trunking Protocol (DTP)

Access - Puts the interface into permanent non-trunking mode and negotiates to convert the link into a non-trunk link.

The interface becomes a non-trunk interface even if the neighboring interface does not agree to the change.

Trunk - Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link. The

interface becomes a trunk interface even if the neighboring interface does not agree to the change.

Nonegotiate - Puts the interface into permanent trunking mode but prevents the interface from generating DTP

frames. You must configure the neighboring interface manually as a trunk interface to establish a trunk link. Use this

mode when connecting to a device that does not support DTP.

Dynamic desirable - Makes the interface actively attempt to convert the link to a trunk link. The interface becomes atrunk interface if the neighboring interface is set to trunk, desirable, or auto mode.

Dynamic auto - Makes the interface willing to convert the link to a trunk link. The interface becomes a trunk interface if

the neighboring interface is set to trunk or desirable mode. This is the default mode for all Ethernet interfaces in Cisco

IOS.

Configuring an Interface for Trunking


56/118

Configuring an Interface for Trunking

Select the encapsulation type:Swi t ch( conf i g- i f ) # switchport trunk encapsulation {isl | dot1q |

negotiate}

Configure the interface as a Layer 2 trunk:Swi t ch( conf i g- i f ) # switchport mode {dynamic {auto | desirable} |

trunk}

Specify the native VLAN:Swi t ch( conf i g- i f ) # switchport trunk native vlan vlan-id

Configure the allowable VLANs for this trunk:Swi t ch( conf i g- i f ) # switchport trunk allowed vlan {add | except | all |

remove} vlan-id[,vlan-id[,vlan-id[,...]]]

Swi t ch( conf i g) # interface FastEthernet 5/8Swi t ch( conf i g- i f ) # switchport trunk encapsulation dot1qSwi t ch( conf i g- i f ) # switchport mode trunkSwi t ch( conf i g- i f ) # switchport nonegotiate optionalSwi t ch( conf i g- i f ) # switchport trunk allowed vlan 1-100Swi t ch( conf i g- i f ) # no shutdownSwi t ch( conf i g- i f ) # end

Verifying Trunk Configuration


57/118

Verifying Trunk Configuration

Swi t ch# show running-config interface f5/8Bui l di ng conf i gur at i on. . .Cur r ent conf i gur at i on:!i nt er f ace Fast Et her net 5/ 8swi t chpor t mode dynami c desi r abl eswi t chpor t t r unk encapsul at i on dot 1q

end

Swi t ch# show interfaces f5/8 switchportName: Fa5/ 8Swi t chpor t : Enabl edAdmi ni st r at i ve Mode: dynami c desi r abl eOper at i onal Mode: t r unkAdmi ni st r at i ve Tr unki ng Encapsul at i on: negot i at e

Oper at i onal Tr unki ng Encapsul at i on: dot 1qNegot i at i on of Tr unki ng: Enabl edAccess Mode VLAN: 1 ( def aul t )Tr unki ng Nat i ve Mode VLAN: 1 ( def aul t )Tr unki ng VLANs Enabl ed: ALLPr uni ng VLANs Enabl ed: 2- 1001

Swi t ch# show interfaces f5/8 trunkPor t Mode Encapsul at i on St at us Nat i ve vl anFa5/ 8 desi r abl e n- 802. 1q t r unki ng 1

Por t Vl ans al l owed on t r unkFa5/ 8 1- 1005

DTP (Dynamic Trunking Protocol) and Switchport Mode


58/118

58

DTP (Dynamic Trunking Protocol) and Switchport Mode

Interactions

Dynamic AutoDynamic

DesirableTrunk Access

Dynamic Auto Access Trunk Trunk Access

Dynamic

DesirableTrunk Trunk Trunk Access

Trunk Trunk Trunk Trunk Not recommended

Access Access AccessNot

recommended

Access

N t ki b d f lt


59/118

59

Non-trunking by defaultALS1#show inter fa 0/11 switchport

Name: Fa0/11

Switchport: Enabled

Administrative Mode: dynamic auto

Operational Mode: static access

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: nativeNegotiation of Trunking: On

Access Mode VLAN: 1 (default)

ALS2#show inter fa 0/11 switchport

Name: Fa0/11

Switchport: Enabled

Administrative Mode: dynamic auto

Operational Mode: static access

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: native

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

2960 and 3560 switches do not try to negotiate a trunk unless the otherside is configured with switchport mode trunk command.

show interfaces without switchport option


60/118

60

show interfaces without switchport optionALS1# show interfaces fastethernet 0/6

FastEthernet0/6 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is 001b.0c98.8106 (bia 001b.0c98.8106)

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, media type is 10/100BaseTXinput flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:01, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

51 packets input, 9122 bytes, 0 no buffer

Received 49 broadcasts (0 multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 0 multicast, 0 pause input

0 input packets with dribble condition detected489 packets output, 38801 bytes, 0 underruns

0 output errors, 0 collisions, 1 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

als1#

Without the switchport

option this command

shows basic interface

(non-vlan) information.

Non trunking by default


61/118

61

Non-trunking by defaultALS1#show vlan


---- -------------------------------- --------- -------------------------------


Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/15, Fa0/16Fa0/17, Fa0/18, Fa0/19, Fa0/20

Fa0/21, Fa0/22, Fa0/23, Fa0/24

Gi0/1, Gi0/2

Even though trunking is not yet configured between the switches, can the hostsping each other? Try it!

Yes, as long as the hosts are on the same subnet they will be able to ping

each other without trunking. (Host A and Host B)

This is because all ports are on VLAN 1.

Like a switched network with no vlans.

So why do we establish VLANs?

To segment broadcast domains.

Why do we need trunks?

To carry traffic for multiple VLANs.

Without VLANS what does this mean?


62/118

62

Without VLANS what does this mean?

ARP Request from Host A to Host B. Which hosts will see it?

Only Host B is on the same subnet as Host A, but the entire network (allhosts) will receive the broadcast.

Why are not all of the links used?

Spanning Tree Protocol is keeping the network loop free.

With VLANS what does this mean?


63/118

63

With VLANS what does this mean?

ARP Request from Host A to Host B. Which hosts will see it?

Only Host B is on the same VLAN as Host A, so other hosts will not receivethe broadcast.

With VTP pruning broadcasts (dashed lines) within their VLAN will be kept

within their VLAN.

XX

DTP and Switchport Mode Interactions


64/118

64

p

Dynamic AutoDynamic

DesirableTrunk Access

Dynamic Auto Access Trunk Trunk Access

DynamicDesirable

Trunk Trunk Trunk Access

Trunk Trunk Trunk Trunk Not recommended

Access Access Access Notrecommended Access

Note: Table assumes DTP is enabled at both ends.

ALS1( conf i g- i f ) # switchport mode ?

access Set t r unki ng mode t o ACCESS uncondi t i onal l y

dynami c Set t r unki ng mode t o dynami cal l y negot i at e access or t r unk mode

t r unk Set t r unki ng mode t o TRUNK uncondi t i onal l y

ALS1( conf i g- i f ) # switchport mode dynamic ?

aut o Set t r unki ng mode dynami c negot i at i on paramet er t o AUTO

desi r abl e Set t r unki ng mode dynami c negot i at i on parameter t o DESI RABLE

Default

Default

Configure DLS1 for Trunking


65/118

65

Configure DLS1 for Trunking

ALS1( conf i g) # interface range fastethernet 0/11 - 12

ALS1( conf i g- i f - r ange) # switchport mode trunk

ALS1( conf i g- i f - r ange) #

What will this do to these two links?

Does ALS2 need to be configured as a trunk?

Default


66/118

66

ALS1( conf i g) #interface range fastethernet 0/11 - 12


Trunking! We will verify this on ALS1 in a moment.

ALS1# show interface trunk


67/118

67

Por t Mode Encapsul at i on St at us Nat i ve vl an

Fa0/ 11 on 802. 1q t r unki ng 1

Fa0/ 12 on 802. 1q t r unki ng 1

Por t Vl ans al l owed on t r unk

Fa0/ 11 1- 4094Fa0/ 12 1- 4094

Por t Vl ans al l owed and act i ve i n management domai n

Fa0/ 11 1

Fa0/ 12 1

Por t Vl ans i n spanni ng t r ee f or war di ng st at e and notpruned

Fa0/ 11 1

Fa0/ 12 1ALS1#

ALS1 Manually Configured Trunk


68/118

68

ALS1 Manually Configured Trunk

ALS1# show inter fa 0/11 switchport

Name: Fa0/ 11

Swi t chpor t : Enabl ed

Admi ni st r at i ve Mode: t r unk

Oper at i onal Mode: t r unkAdmi ni st r at i ve Tr unki ng Encapsul at i on: dot 1q

Oper at i onal Tr unki ng Encapsul at i on: dot 1q

Negot i at i on of Tr unki ng: On

Access Mode VLAN: 1 ( def aul t )

Why is the administrative mode trunk?

Because we configured the port(s) as trunking:

ALS1( conf i g) # interface range fastethernet 0/11 - 12


ALS2 Default Dynamic Auto


69/118

69

y

ALS2# show inter fa 0/11 switchport

Name: Fa0/ 11


Admi ni st r at i ve Mode: dynami c aut o

Oper at i onal Mode: t r unkAdmi ni st r at i ve Tr unki ng Encapsul at i on: dot 1q

Oper at i onal Tr unki ng Encapsul at i on: dot 1q

Negot i at i on of Tr unki ng: On


Tr unki ng Nat i ve Mode VLAN: 1 ( def aul t )

What is the DTP setting on ALS2? (This did not change.)

Is this the default on a 3560 switch? Yes

Dynamic AutoTrunk

Notice it is now trunking because the other end is set to trunk.

ALS2 Default Dynamic Auto


70/118

70

yALS2#show interfaces trunk

Port Mode Encapsulation Status Native vlan

Fa0/11 auto 802.1q trunking 1

Fa0/12 auto 802.1q trunking 1

Port Vlans allowed on trunkFa0/11 1-4094

Fa0/12 1-4094

Port Vlans allowed and active in management domain

Fa0/11 1

Fa0/12 1

Port Vlans in spanning tree forwarding state and not pruned

Fa0/11 1

Fa0/12 none

Verifying trunks on ALS2

Dynamic AutoTrunk

Default


71/118

71

Status

ALS1( conf i g) # interface range fastethernet 0/11 - 12ALS1( conf i g- i f - r ange) # switchport mode trunk

No additional configuration needed on ALS2.

Switches that support both ISL and 802.1Q


72/118

72

pp

Swi t ch( conf i g) # interface range fastethernet 0/1 4

Swi t ch( conf i g- i f - r ange) # switchport mode trunk

Command r ej ect ed: An i nt er f ace whose t r unk encapsul at i on i s"Aut o" can not be conf i gur ed t o "t r unk" mode.

Swi t ch( conf i g- i f - r ange) # switchport trunk encapsulation dot1q

Swi t ch( conf i g- i f - r ange) # switchport mode trunk

What happens when we use the switchport mode trunk command without specifying the

encapsulation on switches that support both protocols? On switches that support multiple trunking encapsulations (802.1Q and ISL), you

must first configure the trunking encapsulation before setting the interface to trunk

mode.

The switchport trunk encapsulation command must be configured before the

switchport mode trunk.

Configure the rest of the trunk links


73/118

73

What about the VTP domain names on DLS1 and DLS2?

No other trunk links configured so DLS1 and DLS2 still have no VTP

domain name.

Trunking only configured between ALS1 and ALS2.

Configure the rest if the trunk links as shown in the topology.

Packet Tracer only supports 802.1Q trunks, not ISL.

ALS1( conf i g) #inter range fa 0/7 - 10

ALS1( conf i g- i f - r ange) #switchport mode trunk

ALS2( conf i g) #i t f 0/7 10

Fa 0/11 12 previously

configured trunk

F 0/11 12 d f lt


74/118

74

DLS1( conf i g) #inter range fa 0/7 - 12

DLS1( conf i g- i f - r ange) #switchport mode trunk

Command r ej ect ed: An i nt er f ace whose t r unk encapsul at i on i s

"Aut o" can not be conf i gur ed t o "t r unk" mode.Command r ej ect ed: An i nt er f ace whose t r unk encapsul at i on i s"Aut o" can not be conf i gur ed t o "t r unk" mode.


Command r ej ect ed: An i nt er f ace whose t r unk encapsul at i on i s

"Aut o" can not be conf i gur ed t o "t r unk" mode.Command r ej ect ed: An i nt er f ace whose t r unk encapsul at i on i s

"Aut o" can not be conf i gur ed t o "t r unk" mode.


DLS1( conf i g- i f - r ange) #switchport trunk encapsulation dot1q


DLS2( conf i g) #inter range fa 0/7 - 12

DLS2( conf i g- i f - r ange) #switchport trunk encapsulation dot1q


ALS2( conf i g) #inter range fa 0/7 - 10

ALS2( conf i g- i f - r ange) #switchport mode trunk

Note: I have configured the rest of the trunk links manually: switchport mode trunk

Only one end of the link needs to be configured manually, if the other end is

configured dynamic auto.

Now verify trunking on all switches:

show interfaces fa 0/7 switchport show interfaces trunk

Fa 0/11 12 default

dynamic desirable

PT does not support ISL.

Two ends: Trunk Mode and Dynamic Auto


75/118

75

ALS1# show interface fa 0/11 switchportName: Fa0/ 11Swi t chpor t : Enabl edAdmi ni st r at i ve Mode: t r unkOper at i onal Mode: t r unkAdmi ni st r at i ve Tr unki ng Encapsul at i on: dot 1q

Oper at i onal Tr unki ng Encapsul at i on: dot 1qNegot i at i on of Tr unki ng: OnAccess Mode VLAN: 1 ( def aul t )


ALS2# show interfaces fa 0/11 switchport

Name: Fa0/ 11Swi t chpor t : Enabl edAdmi ni st r at i ve Mode: dynami c aut oOper at i onal Mode: t r unkAdmi ni st r at i ve Tr unki ng Encapsul at i on: dot 1qOper at i onal Tr unki ng Encapsul at i on: dot 1q

Negot i at i on of Tr unki ng: OnAccess Mode VLAN: 1 ( def aul t )

How can you tell if an interface is trunking, due to dynamic auto instead of

manually configured as trunk?

Two ends: Trunk Mode and Dynamic Auto


76/118

76


Por t Mode Encapsul at i on St at us Nat i ve vl anFa0/ 7 on 802. 1q t r unki ng 1Fa0/ 8 on 802. 1q t r unki ng 1Fa0/ 9 on 802. 1q t r unki ng 1

Fa0/ 10 on 802. 1q t r unki ng 1Fa0/ 11 on 802. 1q t r unki ng 1Fa0/ 12 on 802. 1q t r unki ng 1


Por t Mode Encapsul at i on St at us Nat i ve vl anFa0/ 7 on 802. 1q t r unki ng 1Fa0/ 8 on 802. 1q t r unki ng 1Fa0/ 9 on 802. 1q t r unki ng 1Fa0/ 10 on 802. 1q t r unki ng 1

Fa0/ 11 aut o 802. 1q t r unki ng 1Fa0/ 12 aut o 802. 1q t r unki ng 1

How can you tell if an interface is trunking, due to dynamic auto instead of

manually configured as trunk?

VTP Update


77/118

77

ALS2# show vtp statusVTP Ver si on : 2

Conf i gur at i on Revi si on : 0Maxi mum VLANs suppor t ed l ocal l y : 255Number of exi st i ng VLANs : 5VTP Operat i ng Mode : ServerVTP Domai n Name : SWLAB

VTP Pruni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl edMD5 di gest : 0x57 0xCD 0x40 0x65 0x47 0xBDConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 0- 0- 00 00: 00: 00Local updat er I D i s 0. 0. 0. 0 ( no val i d i nt er f ace f ound)

ALS2#

We now have a trunk links between VTP servers and clients.

What does this mean for ALS2 and getting a VTP domain name?

ALS2 receives the VTP update from ALS1 who received VTP update from

DLS1 and updates Domain Name

DLS1( conf i g) # vtp domain SWLAB

Changi ng VTP domai n name f r om NULL t o SWLAB

Previous command

VTP Updates Received


78/118

78

DLS1# show vtp statusVTP Ver si on : 2Conf i gur at i on Revi si on : 0Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 5

VTP Oper at i ng Mode : Ser verVTP Domai n Name : SWLABVTP Pruni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl ed

MD5 di gest : 0x57 0xCD 0x40 0x65 0x630x59 0x47 0xBD

Conf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 0- 0- 00 00: 00: 00Local updat er I D i s 0. 0. 0. 0 ( no val i d i nt er f ace f ound)DLS1#

VTP update sends domain name over trunk links.

What does this mean?


79/118

79

We have configured trunking but all of our access ports (hosts) are on VLAN 1.

We have configured trunking but we still need to configure the access ports for

separate VLANs.

Currently broadcasts propagating though entire network.

How would VLANs affect the ARP broadcast?

Host C and Host D would not receive the ARP Request.

If VTP pruning is enabled with no VLAN 120s on DLS1, DLS1 would not

receive the ARP Request either.

Access Ports


80/118

80

Configure the VLAN on the access port for ALS1


81/118

81

ALS1( conf i g) # inter fa 0/6

ALS1( conf i g- i f ) # switchport mode ?

access Set t r unki ng mode t o ACCESS uncondi t i onal l y

dynami c Set t r unki ng mode t o dynami cal l y negot i at e access or

t r unk mode

t r unk Set t r unki ng mode t o TRUNK uncondi t i onal l y

ALS1( conf i g- i f ) # switchport mode access

With a single host attached will we everneed trunking on this port?

No, so we configure it for access

mode, permanent non-trunking. (We

will discuss Voice VLANs later.) Configure access ports on other three

switches (DLS1, DLS2, ALS2).

Configuring Access Ports


82/118

82


ALS2( conf i g- i f ) # switchport mode access

Verify configurations with:

show interfaces fa0/6 switchport

This command is important, it will not allow trunking to occur if the other side tries tonegotiate it.

Optional: To disable Layer 2 DTP negotiation packets from going out an interface use:

switchport nonegotiate

Use with:

switchport mode access or switchport mode trunk

DLS1( conf i g) # inter fa 0/6

DLS1( conf i g- i f ) # switchport mode access

DLS2( conf i g) # inter fa 0/6

DLS2( conf i g- i f ) # switchport mode access

Example


83/118

83

ALS1# show interfaces fa 0/6 switchport

Name: Fa0/ 6


Admi ni st r at i ve Mode: st at i c access

Oper at i onal Mode: st at i c access

Admi ni st r at i ve Tr unki ng Encapsul at i on: dot 1q

Oper at i onal Tr unki ng Encapsul at i on: nat i ve

Negot i at i on of Tr unki ng: Of f



Creating VLANs


84/118

84

Create the VLAN for the Access Port on DLS1


85/118

85

DLS1( conf i g) # inter fa 0/6DLS1( conf i g- i f ) # switchport mode access


86/118

86

DLS1( conf i g) # inter fa 0/1DLS1( conf i g- i f ) # switchport access vlan 55% Access VLAN does not exi st . Cr eat i ng vl an 55DLS1( conf i g- i f ) # end

DLS1# show vlan

VLAN Name St at us Por t s- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 def aul t act i ve Fa0/ 2, Fa0/ 3, Fa0/ 4, Fa0/ 5

Fa0/ 13, Fa0/ 14, Fa0/ 15, Fa0/ 16Fa0/ 17, Fa0/ 18, Fa0/ 19, Fa0/ 20Fa0/ 21, Fa0/ 22, Fa0/ 23, Fa0/ 24

Gi 0/ 1, Gi 0/ 255 VLAN0055 act i ve Fa0/ 1100 VLAN0100 act i ve Fa0/ 6110 VLAN0110 act i ve

DLS1# show inter fa 0/1 switchport

Name: Fa0/ 1Swi t chpor t : Enabl edAdmi ni st r at i ve Mode: dynami c aut oOperat i onal Mode: downAdmi ni st r at i ve Tr unki ng Encapsul at i on: negot i at eNegot i at i on of Tr unki ng: OnAccess Mode VLAN: 55 ( VLAN0055)

Both the switchport

mode access command

and switchport

access vlan n should

be used for non-VLAN 1ports.

Want negotiation to be

Off

Unexpected results may

occur.

No switchport mode

access command

configured on fa 0/1/

Removing VLAN 55

DLS1( f i ) # i f 0/1


87/118

87

DLS1( conf i g) # inter fa 0/1DLS1( conf i g- i f ) # no switchport access vlan 55

DLS1( conf i g- i f ) # exit

DLS1( conf i g) # no vlan 55

DLS1( conf i g) # end

DLS1# show vlan

VLAN Name St at us Por t s

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4

Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15

Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19

Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23

Fa0/ 24, Gi 0/ 1, Gi 0/ 2


110 VLAN0110 act i ve

Create the VLAN for the Access Port on DLS1


88/118

88

VLANs 100, 110 and 120 must be created on the appropriate switches.

Configure the host access port on DLS2 with their proper VLANs and verifywith: show vlan

Creating the VLAN for the Access Port on DLS2

DLS2( conf i g) # i t f 0/6


89/118

89

DLS2( conf i g) # inter fa 0/6DLS2( conf i g- i f ) # switchport access vlan 110

% Access VLAN does not exi st . Cr eat i ng vl an 110

DLS2( conf i g- i f ) # exit

DLS2# show vlan


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19

Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23

Fa0/ 24, Gi 0/ 1, Gi 0/ 2


110 VLAN0110 act i ve Fa0/ 61002 f ddi - def aul t act / unsup

1003 t oken- r i ng- def aul t act / unsup

1004 f ddi net - def aul t act / unsup

1005 t r net - def aul t act / unsup

Notice that thereare two new VLANS

and that interface

Fa 0/6 is active in

VLAN 100.

Looking at the number of VLANs

ALS1# show vlan


90/118

90

ALS1# show vlanVLAN Name St at us Por t s

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Fa0/ 5, Fa0/ 6, Fa0/ 13, Fa0/ 14

Fa0/ 15, Fa0/ 16, Fa0/ 17, Fa0/ 18

Fa0/ 19, Fa0/ 20, Fa0/ 21, Fa0/ 22Fa0/ 23, Fa0/ 24, Gi g0/ 1, Gi g0/ 2



1002 f ddi - def aul t act i ve

1003 t oken- r i ng- def aul t act i ve

1004 f ddi net - def aul t act i ve

1005 t r net - def aul t act i ve


VTP Ver si on : 2




VTP Operat i ng Mode : Cl i ent

VTP Domai n Name : SWLAB

VTP Pruni ng Mode : Di sabl ed

Why 7 VLANs and not 3?

We only configured two plus

VLAN 1.

Four other default VLANs

No longer recommended

DLS1# vlan database


91/118

91

DLS1# vlan database% War ni ng: I t i s r ecommended t o conf i gur e VLAN f r om conf i g mode,

as VLAN dat abase mode i s bei ng depr ecat ed. Pl ease consul t user

document at i on f or conf i gur i ng VTP/ VLAN i n conf i g mode.

DLS1( vl an) # exit

APPLY compl et ed.

Exi t i ng. . . .

DLS1#

Note: vlan database is no longer recommended by Cisco.

One less thing we need to remember!

Another way to create VLANs

ALS1( conf i g) # vlan 120


92/118

92

ALS1( conf i g) # vlan 120VTP VLAN conf i gurat i on not al l owed when devi ce i s i n CLI ENT mode.

ALS1( conf i g) #


ALS1( conf i g- i f ) # switchport access vlan 120

ALS1# show vlan


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15

Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19

Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23

Fa0/ 24, Gi g0/ 1, Gi g0/ 2







Use Global Configuration mode.

Lets now try it on a VTP server

VLANs cannot be created by

VTP Clients.

What if the interface isassigned that VLAN?

No VLAN 120 (yet)

Another way to create VLANsVTP Server

DLS1( conf i g) # vlan 120 No VTP error message


93/118

93

DLS1( conf i g) #DLS1( conf i g- vl an) # end

DLS1# show vlan


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4

Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15

Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19

Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23

Fa0/ 24, Gi 0/ 1, Gi 0/ 2




1002 f ddi - def aul t act / unsup

1003 t oken- r i ng- def aul t act / unsup

1004 f ddi net - def aul t act / unsup

1005 t r net - def aul t act / unsup

VLAN 120 is created.

Lets see what happened back at ALS1

No VTP error message.

Back to ALS1

ALS1# show vlan


94/118

94


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15

Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23

Fa0/ 24, Gi g0/ 1, Gi g0/ 2








ALS1 now has VLAN 120 via VTP.

Fa 0/6 active on VLAN 120 configured previously.

Configure ALS2

ALS2( conf i g) # inter fa 0/6ALS2( f i i f ) # i h l 120


95/118

95

gALS2( conf i g- i f ) # switchport access vlan 120

ALS2( conf i g- i f ) # end

%SYS- 5- CONFI G_I : Conf i gur ed f r om consol e by consol e

ALS2# show vlan

VLAN Name St at us Por t s- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15

Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19

Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23

Fa0/ 24, Gi g0/ 1, Gi g0/ 2




Name the VLANs on the VTP Server DLS1

DLS1( conf i g) # vlan 100DLS1( conf i g- vl an) # name Server-Farm1


96/118

96

DLS1( conf i g vl an) # name Server Farm1DLS1( conf i g- vl an) # exitDLS1( conf i g) # vlan 110DLS1( conf i g- vl an) # name Server-Farm2DLS1( conf i g- vl an) # exitDLS1( conf i g) # vlan 120DLS1( conf i g- vl an) # name Net-Eng

DLS1( conf i g- vl an) # end

DLS1# show vlan

VLAN Name St at us Por t s- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23Fa0/ 24, Gi 0/ 1, Gi 0/ 2

100 Server - Farm1 act i ve Fa0/ 6110 Server - Farm2 act i ve120 Net - Eng act i ve

VTP updates other switches

ALS1# show vlan


97/118

97


---- -------------------------------- --------- -------------------------------


Fa0/5, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/21, Fa0/22, Fa0/23

Fa0/24, Gi0/1, Gi0/2100 Server-Farm1 active

110 Server-Farm2 active

120 Net-Eng active Fa0/6

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup active

Verification


98/118

98

Verify configurations:

show vlan

show vtp status

show interfaces interface switchport

show interfaces trunk

show running-config

ALS1

ALS1#show run!

interface FastEthernet0/9switchport mode trunk

VTP i nf ormat i on not shown i n running config. Useshow vtp status and show vlan.


99/118

99

!

version 12.2

!

hostname ALS1

!

no ip domain-lookup

!

interface FastEthernet0/1

. . .

!


!


switchport access vlan 120

switchport mode access

!


switchport mode trunk

!



!


!



!



!



!


. . .

interface GigabitEthernet0/2

!

interface Vlan1

ip address 10.1.1.103 255.255.255.0

!

line con 0

exec-timeout 0 0

logging synchronous

line vty 0 4

no login

ALS2

ALS2#show runversion 12.2

interface FastEthernet0/9switchport mode trunk


100/118

100

!

hostname ALS2

!

no ip domain-lookup

!


!

. . .


!




!



!



!

p

!



!


!


!

. . .

!


!

interface Vlan1

ip address 10.1.1.104 255.255.255.0

!

line con 0

exec-timeout 0 0

logging synchronous

line vty 0 4

no login

DLS1

DLS1#show runversion 12.2


switchport trunk encapsulation dot1q


!interface FastEthernet0/10


101/118

101

!

hostname DLS1

!

no ip domain-lookup

!


!

. . .


!




!




!




!




!


switchport trunk encapsulation dot1qswitchport mode trunk

!




!


!

. . .


!

interface Vlan1

ip address 10.1.1.101 255.255.255.0

!

line con 0

exec-timeout 0 0

logging synchronous

line vty 0 4

no login

DLS2

DLS2#show runversion 12.2




!interface FastEthernet0/10


102/118

102

!

hostname DLS2

!

no ip domain-lookup

!


!

. . .


!




!




!




!




!


switchport trunk encapsulation dot1qswitchport mode trunk

!




!


!

. . .


!

interface Vlan1

ip address 10.1.1.102 255.255.255.0

!

line con 0

exec-timeout 0 0

logging synchronous

line vty 0 4

no login

What we have done:


103/118

103

Configured 802.1Q Trunking links between switches

Configured DLS1 and DLS2 as VTP Servers (default) Configured ALS1 and ALS2 as VTP Clients

Configured VTP domain name

Configured VLANs for host ports

VTP Authentication: Add a password and change

the domain name on DLS1

DLS1( conf i g) # vtp password cisco


104/118

104

DLS1( conf i g) # vtp password ciscoSet t i ng devi ce VLAN dat abase passwor d t o ci scoDLS1( conf i g) # vtp domain CabrilloChangi ng VTP domai n name f r om SWLAB t o Cabr i l l oDLS1( conf i g) # end

DLS1# show vtp statVTP Ver si on : 2Conf i gur at i on Revi si on : 0Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 8

VTP Oper at i ng Mode : Ser verVTP Domai n Name : Cabr i l l oVTP Pr uni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl edMD5 di gest : 0xCC 0xEE 0xCE 0x23 0x7D 0x6A 0x35 0x6BConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 3- 1- 93 00: 10: 08

Local updat er I D i s 0. 0. 0. 0 ( no val i d i nt er f ace f ound)

DLS1#00: 18: 15: %DTP- 5- DOMAI NMI SMATCH: Unabl e t o per f orm t r unk negot i at i on on por t

Fa0/ 11 because of VTP domai n mi smat ch.

Verify any changes on DLS2

DLS2# show vtp statusVTP V i 2

Did DLS2 update its


105/118

105

VTP Ver si on : 2Conf i gur at i on Revi si on : 22Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 8VTP Oper at i ng Mode : Ser ver

VTP Domai n Name : SWLABVTP Pr uni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl edMD5 di gest : 0x7D 0xA0 0x5E 0xB9 0xDE 0xC1 0x7F 0x8EConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 3- 1- 93 00: 00: 00

Local updat er I D i s 10. 1. 1. 102 on i nt er f ace Vl 1 ( l owest number ed VLANi nt er f ace f ound)DLS2#

p

domain name from

DLS1? No

Why? Domain name andpasswords do not

match with DLS1

Verify no changes on ALS1...

ALS1# show vtp statusVTP Ver si on : 2


106/118

106

VTP Ver si on : 2Conf i gur at i on Revi si on : 22Maxi mum VLANs suppor t ed l ocal l y : 255Number of exi st i ng VLANs : 8VTP Operat i ng Mode : Cl i ent

VTP Domai n Name : SWLABVTP Pr uni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl edMD5 di gest : 0x7D 0xA0 0x5E 0xB9 0xDE 0xC1 0x7F 0x8EConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 3- 1- 93 00: 00: 00

ALS1#

Add a VLAN on DLS1... (VTP authenticated switch)

DLS1( conf i g) # vlan 300DLS1( conf i g vl an) # name Guest


107/118

107

DLS1( conf i g- vl an) # name GuestDLS1( conf i g- vl an) # end

DLS1# show vlan


Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23

Fa0/ 24, Gi g0/ 1, Gi g0/ 2100 Ser ver - Far m1 act i ve Fa0/ 6110 Ser ver - Far m2 act i ve120 Net - Eng act i ve300 Guest act i ve

Will this change be reflected on DLS2?

DLS2# show vlan


108/118

108


Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15

Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23Fa0/ 24, Gi g0/ 1, Gi g0/ 2

100 Ser ver - Far m- 1 act i ve110 Ser ver - Far m- 2 act i ve Fa0/ 6120 Net - Eng act i ve


No VLAN 300 Same on ALS1 and ALS2.

Current

VTP

Domain = Cabrillo

Password = ciscoServerServerVLANs = 1, 100, 110, 120, 300


109/118

109

Domain = SWLABPassword = Client Client

VTP domain name and password must be the same for switches to bepart of the same VTP domain.

VLANs = 1, 100, 110, 120

Modify

VTP

Domain = Cabrillo

Password = cisco

Server Server


110/118

110

Client Client


Modify DLS2, ALS1 and ALS2 to authenticate with

DLS1...

DLS2( conf i g) # vtp domain Cabrillo


111/118

111

Changi ng VTP domai n name f r om SWLAB t o Cabr i l l oDLS2( conf i g) # vtp password ciscoSet t i ng devi ce VLAN dat abase passwor d t o ci scoDLS2( conf i g) #

Modify DLS2, ALS1, ALS2 Domain and Password are case-sensitive

Verify with

Show vtp status

Show vlan

ALS1( conf i g) # vtp domain CabrilloChangi ng VTP domai n name f r om SWLAB t o Cabr i l l oALS1( conf i g) # vtp password ciscoSet t i ng devi ce VLAN dat abase passwor d t o ci scoALS1( conf i g) #

ALS2( conf i g) # vtp domain CabrilloChangi ng VTP domai n name f r om SWLAB t o Cabr i l l oALS2( conf i g) # vtp password ciscoSet t i ng devi ce VLAN dat abase passwor d t o ci scoALS2( conf i g) #

Verify on DLS2DLS2# show vtp statusVTP Ver si on : 2Conf i gur at i on Revi si on : 2Maxi mum VLANs suppor t ed l ocal l y : 1005


112/118

112

Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 9VTP Oper at i ng Mode : Ser verVTP Domai n Name : Cabr i l l oVTP Pruni ng Mode : Di sabl ed

VTP V2 Mode : Di sabl edVTP Tr aps Generat i on : Di sabl edMD5 di gest : 0xAB 0x0C 0xEB 0xDE 0x6A 0x89 0x0C 0xADConf i gur at i on l ast modi f i ed by 10. 1. 1. 101 at 3- 1- 93 00: 17: 55Local updat er I D i s 10. 1. 1. 102 on i nt er f ace Vl 1 ( l owest number ed VLAN i nt er f ace f ound)

DLS2# show vlan


Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23Fa0/ 24, Gi g0/ 1, Gi g0/ 2

100 Ser ver - Far m- 1 act i ve110 Ser ver - Far m- 2 act i ve Fa0/ 6120 Net - Eng act i ve300 Guest act i ve

Verify on ALS1

ALS1# show vtp statusVTP Ver si on : 2Conf i gur at i on Revi si on : 2


113/118

113

Maxi mum VLANs suppor t ed l ocal l y : 255Number of exi st i ng VLANs : 9VTP Operat i ng Mode : Cl i entVTP Domai n Name : Cabr i l l oVTP Pruni ng Mode : Di sabl ed

VTP V2 Mode : Di sabl edVTP Tr aps Generat i on : Di sabl edMD5 di gest : 0xAB 0x0C 0xEB 0xDE 0x6A 0x89 0x0C 0xADConf i gur at i on l ast modi f i ed by 10. 1. 1. 101 at 3- 1- 93 00: 17: 55

ALS1# show vlan



100 Ser ver - Far m- 1 act i ve110 Ser ver - Far m- 2 act i ve120 Net - Eng act i ve Fa0/ 6300 Guest act i ve

Verify on ALS2

ALS2# show vtp statusVTP Ver si on : 2Conf i gur at i on Revi si on : 2M i VLAN t d l l l 255


114/118

114

Maxi mum VLANs suppor t ed l ocal l y : 255Number of exi st i ng VLANs : 9VTP Operat i ng Mode : Cl i entVTP Domai n Name : Cabr i l l oVTP Pruni ng Mode : Di sabl ed

VTP V2 Mode : Di sabl edVTP Tr aps Generat i on : Di sabl edMD5 di gest : 0xAB 0x0C 0xEB 0xDE 0x6A 0x89 0x0C 0xADConf i gur at i on l ast modi f i ed by 10. 1. 1. 101 at 3- 1- 93 00: 17: 55

ALS2# show vlan



100 Ser ver - Far m- 1 act i ve110 Ser ver - Far m- 2 act i ve120 Net - Eng act i ve Fa0/ 6300 Guest act i ve

Current

VTP

Domain = Cabrillo

Password = cisco

Server Server


115/118

115

Client Client


Use VTP in a Network

By default, all switches are configured to be VTP servers.

Fine for small scale networks


116/118

116

Fine for small-scale networks.

Size of the VLAN information is small and is easily stored in all

switches (in NVRAM).

In a large network:

Size of NVRAM is minimal.

Should choose a few well-equipped switches and keep them as

VTP servers.

Chosen to provide a degree of redundancy

Everything else that participates in VTP can be turned into a

client.

Use VTP in a Network

A VTP server without a VTP domain name cannot send or receive VLANinformation using VTP.

Client will learn domain from server if it does not have one


117/118

117

Client will learn domain from server if it does not have one.

But once a client has a domain it must be changed manually on the

client if changed on the server.

Dynamic Trunking Protocol (DTP) includes the VTP domain name in a DTPpacket.

Therefore, if you have two ends of a link that belong to different VTP

domains, the trunk does not come up if you use DTP.

In this special case, you must configure the trunk mode as on ornonegotiate, on both sides, in order to allow the trunk to come up

without DTP negotiation agreement.

If previously trunking, then trunking will continue.

TrunkDynamic Auto

NO TRUNK

VTP

domain

Cabrillo

VTP

domain

SWLAB

Trunk

TRUNK

Next .:


118/118

118

VTP pruning, authentication and troubleshooting

Native VLAN

Inter-VLAN routing

switch-enterprisenets and vlans.pdf

Documents