Chapter 9Virtual LANs (VLANs)

Setup 1

Setup 2

Setup 3

VLAN Advantages1- Broadcast Control2- Security3- Flexibility and Scalability

Managing VLANs1- Create VLAN2- Assign ports to VLANS: Static or Dynamic using VLAN Management Policy Server (VMPS)

In 1900 Series

Step1 1900A(config)#vlan 2 name Sales

Step2 1900A(config)#int f0/11900A(config-if)#vlan-membership static 21900A(config-if)#^Z

Step3 1900A#sh vlan

Managing VLANsIn 2950 Series

Step1 2950B#vlan database2950B(vlan)#vlan 2 name Sales2950B(vlan)#apply

OR2950B(config)#vlan 22950B(config-vlan)#name Sales

Step2 2950B(config)#int f0/12950B(config-if)#switchport mode ?

access Set trunking mode to ACCESS unconditionallydynamic Set trunking mode to dynamically negotiate access

or trunk modetrunk Set trunking mode to TRUNK unconditionally

2950B(config-if)#switchport mode access2950B(config-if)#switchport access vlan 22950B(config-if)#^Z

Step3 2950B#sh vlan2950B#sh vlan brief

Connecting VLANs

VLAN 3VLAN 2 VLAN 4 VLAN 3VLAN 2 VLAN 4

1- Access Link

A.L

A.L

A.L

VLAN 3VLAN 2 VLAN 4 VLAN 3VLAN 2 VLAN 4

2- Trunk Link

T.L

VLAN Identification in Trunks

ISL (Inter-Switch Link) IEEE 802.1q

* Cisco proprietary * Open Standardencapsulation method encapsulation method* 1900 Series * 2950 Series

VLAN IDFrameFCS

Trunk Link

Tagging Frames

Configuring TrunkingIn 1900 Series

1900A(config)#int f0/161900A(config-if)#trunk on

off auto desirable non-negotiate

In 2950 Series

2950B(config)#int f0/242950B(config-if)#switchport mode trunk2950B(config-if)#switchport mode dynamic auto2950B(config-if)#switchport mode dynamic desirable2950B(config-if)#switchport nonegotiate

Configuring Trunking1- Auto: Changes to Trunk if available (default)2- Desirable: Changes to Trunk if neighbor port is Trunk, Desirable or Auto.3- Nonegotiate: The neighbor must be either Trunk or Access.4- Trunk: Makes link Trunk even if neighbor port is Access.

In 3550 Series

3550C(config)#int f0/123550C(config-if)#switchport trunk encapsulation ?

dot1q Interface uses only 802.1q trunking encapsulation when trunking

isl Interface uses only ISL trunking encapsulation when trunking

negotiate Device will negotiate trunking encapsulation with peer on interface

3550C(config-if)#switchport trunk encapsulation dot1q

Defining the Allowed VLANs on a Trunk2950B(config)#int f0/12950B(config-if)#switchport trunk ?

allowed Set allowed VLAN characteristics when interface is in trunking mode

native Set trunking native characteristics when interface is in trunking mode

pruning Set pruning VLAN characteristics when interface is in trunking mode

2950B(config-if)#switchport trunk allowed vlan ?WORD VLAN IDs of the allowed VLANs when this port is in

trunking modeadd add VLANs to the current listall all VLANsexcept all VLANs except the followingnone no VLANsremove remove VLANs from the current list

2950B(config-if)#switchport trunk allowed vlan remove ?WORD VLAN IDs of disallowed VLANS when this port is in

trunking mode

2950B(config-if)#switchport trunk allowed vlan remove 42950B(config-if)#switchport trunk allowed vlan remove 4-8

Modifying the Trunk Native VLAN2950B(config-if)#switchport trunk native vlan ?

<1-4094> VLAN ID of the native VLAN when this port is in trunking mode

2950B(config-if)#switchport trunk native vlan 40

19:23:29: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatchdiscovered on FastEthernet0/1 (40), with Core FastEthernet0/7 (1).19:24:29: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatchdiscovered on FastEthernet0/1 (40), with Core FastEthernet0/7 (1).

2950B(config-if)#no switchport trunk native vlan

Routing between VLANs

Router#config tRouter(config)#int f0/0.1Router(config-subif)#encapsulation ?

dot1Q IEEE 802.1Q Virtual LAN

Router(config-subif)#encapsulation dot1Q ?<1-4094> IEEE 802.1Q VLAN ID

Router(config-subif)#encapsulation dot1Q 2Router(config-subif)# int f0/0.2Router(config-subif)#encapsulation dot1Q 3

2950B#config t2950B(config)#int f0/12950B(config-if)#switchport mode trunk2950B(config-if)#int f0/22950B(config-if)#switchport access vlan 12950B(config-if)#int f0/32950B(config-if)#switchport access vlan 12950B(config-if)#int f0/42950B(config-if)#switchport access vlan 32950B(config-if)#int f0/52950B(config-if)#switchport access vlan 32950B(config-if)#int f0/62950B(config-if)#switchport access vlan 2

Router(config)#int f0/0Router(config-if)#no ip addressRouter(config-if)#no shutdownRouter(config-if)#int f0/0.1Router(config-subif)#encapsulation dot1q 1Router(config-subif)#ip address 192.168.10.17 255.255.255.240Router(config-subif)#int f0/0.2Router(config-subif)#encapsulation dot1q 2Router(config-subif)#ip address 192.168.10.33 255.255.255.240Router(config-subif)#int f0/0.3Router(config-subif)#encapsulation dot1q 3Router(config-subif)#ip address 192.168.10.49 255.255.255.240

VLAN Trunking Protocol (VTP)•Creates VLANs•Modifies VLANs•Deletes VLANs•Sends and forwards advertisements•Synchronizes•Saved in NVRAM

•Can not Create, Modify or Delete VLANs•Sends and forwards advertisements•Synchronizes•Not saved in NVRAM

•Creates local VLANs only•Modifies local VLANs only•Deletes local VLANs only•Sends and forwards advertisements•Does not Synchronizes•Saved in NVRAM

2950B#(config)#vtp mode serverDevice mode already VTP SERVER.

2950B(config)#vtp domain CiscoChanging VTP domain name from null to Cisco

2950B(config)#vtp password ciscoSetting device VLAN database password to cisco

2950B(config)#do show vtp passwordVTP Password: cisco

2950B(config)#do show vtp statusVTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 255Number of existing VLANs : 8VTP Operating Mode : ServerVTP Domain Name : CiscoVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x15 0x54 0x88 0xF2 0x50 0xD9 0x03 0x07Configuration last modified by 192.168.24.6 at 3-14-93 15:47:32Local updater ID is 192.168.24.6 on interface Vl1 (lowest numbered VLANinterface found(

VTP Pruning

2950B#sh int trunkPort Mode Encapsulation Status Native vlanFa0/1 auto 802.1q trunking 1Fa0/2 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/1 1-4094Fa0/2 1-4094Port Vlans allowed and active in management domainFa0/1 1Fa0/2 1Port Vlans in spanning tree forwarding state and not prunedFa0/1 1Fa0/2 none

2950B(config-if)#switchport trunk pruning ?vlan Set VLANs enabled for pruning when interface is in trunking mode

2950B(config-if)#switchport trunk pruning vlan 3-4

Telephony: Configuring Voice VLANs• IP phone sends voice traffic with layer 3 IP precedence and layer 2 class of service (CoS) values, which are both set to 5 for voice traffic; all other traffic defaults to 0.• The switch supports quality of service (QoS) based on IEEE 802.1p CoS. (802.1p provides a mechanism for implementing QoS at the MAC level.)

By using CDP we can deal with:•Voice VLAN tagged with a layer 2 CoS priority value•Access VLAN tagged with a layer 2 CoS priority value•Access VLAN, untagged (no layer 2 CoS priority value)

Consider the following: 1. Use Access Ports.2. Set Voice VLAN Correctly3. Enable QoS before enabling Voice VLAN by using the command

2950B(config)#mls qos

4. You must set the port trust state to trust by using the command 2950B(config-if)#mls qos trust cos

5. Enable CDP6. Portfast is auto enbled when you enable Voice VLAN but not auto disabled

when you disable Voice VLAN7. You can back to default settings by using the command2950B(config-if)#no switchport voice vlan

2950B#configure t2950B(config)#mls qos to enable QoS 2950B(config)#interface f0/12950B(config-if)#switchport priority extend ?

cos Override 802.1p priority of devices on appliancetrust Trust 802.1p priorities of devices on appliance

2950B(config-if)#switchport priority extend trust to define untagged CoS with value = 0

2950B(config-if)#mls qos trust cos setting trust2950B(config-if)#switchport voice vlan dot1p2950B(config-if)#switchport mode access2950B(config-if)#switchport access vlan 32950B(config-if)#switchport voice vlan 10