8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
1/118
Enterprise Network Design
& VLAN
081-357-661-007
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
2/118
2
Hierarchical approach
Hierarchical approach to network design enables the network to be:
Efficient
Connect users with resources they need regardless of location
Predictable behavior
High availability
Intelligent
Recover from failures and topology changes quickly in a predeterminedmanner.
Scalable
Supports future expansions and upgrades
Easily Managed
Low maintenance
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
3/118
3
Layers
Access Layer
Provides End users connect to the network
Layer 2 (VLAN) connectivity
Capabilities
Low cost per switch port High port density
Scalable uplinks to higher layers
VLAN membership, QoS
Resiliency through multiple links
Access Access
Distribution Distribution
Core
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
4/118
4
Layers
Distribution Layer
Provides
Interconnection between access and core layers
Sometimes called building distribution switches
VLANs and broadcast domains converge (end) here
Where switching (VLANs) meet routing
Capabilities
Aggregation of multiple access-layer devices
High Layer 3 throughput for packet handling (routing)
Security and policy based connectivity functions through access lists orpacket filters
QoS
Scalable and resilient high-speed links to core and access layers
Access Access
Distribution Distribution
Core
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
5/118
5
Layers
Core Layer (Backbone)
Provides Connectivity of all distribution layer devices to the backbone
Efficient packet switching
Capabilities
High Layer 3 throughput
No costly or unnecessary packet manipulations (ACLs)
Redundancy and resiliency for high availability
Advanced QoS
Access Access
Distribution Distribution
Core
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
6/118
6
Switch Block
Switch Block consists of:
Two distribution switches that aggregate one or more access
layer switches.
Each access layer switch has a pair of uplinks, one to eachdistribution switch.
Distribution switches may or may not have a link between them.
Many different options!
Distribution Distribution
Access Access
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
7/118
7
Switch Block
Switch Block
Contains switching devices from access and distribution layers.
All switch blocks connect to the core block (campus backbone).
Contains both Layer 2 and Layer 3 functionality
Distribution Layer
Confines STP, VLAN
Access Layer
Supports individual VLANs
Distribution Distribution
Access Access
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
8/118
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
9/118
9
Typical Switch Block Design
Switch block becomes fully dependent upon STP convergence for pathsand loop free connectivity.
Should configure multiple Root bridges to take advantage of redundant
links
Redundant links unused unless load balancing with PVST+ (RSTP)
Various adaptations of this.
Distribution Distribution
Access Access
Core
VLANsA,B VLANsA,B
L2 L2L2 L2
L3
L2
L3
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
10/118
10
Best Practice Switch Block Design: Option A
Layer 2 connectivity contained at the access layer
Distribution Layer has only Layer 3 links.
VLANs do not span across switches at all. Access Switches
VLANs contained within a single access layer switch, switch chassis orstacked switch
Layer 2 uplinks to distribution switch
No dependence upon STP convergence Layer 3 link between distribution switches
Distribution Distribution
Access Access
Core
VLANA VLAN B
L2
L3
L2L2 L2
L3
L3
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
11/118
11
Best Practice Switch Block Design: Option B
Limit layer 2 VLANs o the access layer switches.
No dependence on STP convergence. Network convergence and stability is offered by the routing protocol.
Distribution
Core
L3 L3
Distribution L3
L3 L3
AccessAccess
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
12/118
12
Core Block
Connect two or more switch blocks in a campus network.
Two basic core block designs:
Collapsed Core
Dual Core
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
13/118
13
Collapsed Core
Collapsed Core: Hierarchy's core layer is collapsed into the
distribution layer switches.
Both distribution and core layer functions provided within the same
switch. Found in smaller campus networks where the additional cost and
performance of separate core switches is not warranted.
Layer 3 Links
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
14/118
14
Dual Core
Dual Core: Connects two or more switch blocks in a redundant
fashion.
More scalable than collapsed cored.
Layer 3 Links
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
15/118
Implementing VLANs in Campus Networks
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
16/118
Implementing
VLAN
Technologies in a
Campus Network
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
17/118
17
Review VLANs, Trunking and VTP This presentation is a review of:
VLANs
VTP Trunking
DTP
We will examine these topics in more detail in Part 2.
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
18/118
Virtual Local Area Network (VLAN)
A VLAN is a logical group of end devices.
Broadcasts are contained within VLANs.
Modern design has 1 VLAN = 1 IP subnet. Trunks connect switches so as to transport multiple
VLANs.
Layer 3 devices interconnect VLANs.
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
19/118
End-to-End VLANs
Each VLAN is distributed geographically throughout the network.
Users are grouped into each VLAN regardless of the physical location
Theoretically easing network management.
As a user moves throughout a campus, the VLAN membership for thatuser remains the same.
Switches are configured for:
VTP server or client mode.
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
20/118
Local VLANs
Create local VLANs with physical boundaries in mind rather than job functions
of the users.
Local VLANs exist between the access and distribution layers.
Traffic from a local VLAN is routed at the distribution and core levels.
Switches are configured in VTP transparent mode.
One to three VLANs per access layer switch recommended.
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
21/118
VLAN Support on Catalyst Switches
Catalyst Switch Max VLANs VLAN ID Range
2940 4 1 - 1005
2950/2955 250 1 - 4094
2960 255 1 - 4094
2970/3550/3560/3750 1055 1 - 4094
2848G/2980G/4000/4500 4094 1 - 4094
6500 4094 1 - 4094
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
22/118
VLAN Ranges on Catalyst Switches
VLAN Range Range Usage Popagated via VTP?
0, 4095 Reserved For system use only. You cannot see
or use these.
n/a
1 Normal Cisco default. You can use this
VLAN, but you cannot delete it.
Yes
2 1001 Normal For Ethernet VLANs. You can create,
use, and delete these.
Yes
1002 1005 Normal Cisco defaults for FDDI and TokenRing. You cannot delete these.
Yes
1006 1024 Reserved For system use only. You cannot see
or use these.
n/a
1025 - 4094 Reserved For Ethernet VLANs only. VTP v 3 only. Notsupported in VTP v1
or v2. Requires VTP
transparent mode for
configuration.
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
23/118
23
Topology for this presentation
Basic Switch Configuration
Configure VLANs
Configure Trunking
Configure VTP
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
24/118
24
Follow along with Packet Tracer
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
25/118
25
Clearing switchesSwi t ch# delete vlan.datDel et e f i l ename [ vl an. dat ] ?Del et e f l ash: vl an. dat ? [ conf i r m]Swi t ch#
Swi t ch# erase startup-configEr asi ng t he nvr am f i l esyst em wi l l r emove al l conf i gur at i on f i l es!
Cont i nue? [ conf i r m][ OK]Er ase of nvr am: compl et eSwi t ch#
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
26/118
26
Configure Hostname and VLAN 1Swi t ch# configure terminal
Ent er conf i gur at i on commands, one per l i ne. End wi t h CNTL/ Z.
Swi t ch( conf i g) # hostname DLS1
DLS1( conf i g) # interface vlan 1
DLS1( conf i g- i f ) # ip address 10.1.1.101 255.255.255.0
DLS1( conf i g- i f ) # no shutdown
DLS1( conf i g) # end
DLS1#
Configure hostname
Configure VLAN 1
Default: Management VLAN is VLAN 1 (not best practice later)
Allows us to communicate with the switch over the network (ping, telnet ifprivilege and vty passwords configured)
Configure DLS1, DLS2, ALS1 and ALS2 switches on Packet Tracer
Hostname VLAN 1
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
27/118
27
Swi t ch# configure terminal
Ent er conf i gur at i on commands, one per l i ne. End wi t h CNTL/ Z.
Swi t ch( conf i g) # hostname DLS2
DLS2( conf i g) # interface vlan 1
DLS2( conf i g- i f ) # ip address 10.1.1.102 255.255.255.0DLS2( conf i g- i f ) # no shutdown
Swi t ch# configure terminalEnt er conf i gur at i on commands, one per l i ne. End wi t h CNTL/ Z.Swi t ch( conf i g) # hostname ALS1ALS1( conf i g) # interface vlan 1ALS1( conf i g- i f ) # ip address 10.1.1.103 255.255.255.0ALS1( conf i g- i f ) # no shutdown
Swi t ch# configure terminal
Ent er conf i gur at i on commands, one per l i ne. End wi t h CNTL/ Z.Swi t ch( conf i g) # hostname ALS2ALS2( conf i g) # interface vlan 1ALS2( conf i g- i f ) # ip address 10.1.1.104 255.255.255.0ALS2( conf i g- i f ) # no shutdown
Configurations for other three switches
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
28/118
28
DLS1( conf i g) # no ip domain-lookup
DLS1( conf i g) # line console 0
DLS1( conf i g- l i ne) # logging synchronous
DLS1( conf i g- l i ne) # exec-timeout 0 0
DLS2( conf i g) # no ip domain-lookup
DLS2( conf i g) # line console 0
DLS2( conf i g- l i ne) # logging synchronous
DLS2( conf i g- l i ne) # exec-timeout 0 0
ALS1( conf i g) # no ip domain-lookup
ALS1( conf i g) # line console 0
ALS1( conf i g- l i ne) # logging synchronous
ALS1( conf i g- l i ne) # exec-timeout 0 0
Configure the line console information
(make your life easier)
ALS2( conf i g) # no ip domain-lookup
ALS2( conf i g) # line console 0
ALS2( conf i g- l i ne) # logging synchronous
ALS2( conf i g- l i ne) # exec-timeout 0 0
Already done in PT file
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
29/118
29
Our Topology
Redundancy between switches By default, are all links forwarding (active)? Why or why not?
No, Spanning Tree Protocol
Later we will examine how to make use of these blocked links either
with PVST or Etherchannel.
How can we determine which links are forwarding and which are blocked?
?
Note: We will configure 802.1Q between DLS1and DLS2. (Some diagrams may show ISL.)
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
30/118
30
What does this mean? (All host on same subnet.)
Host B pings Host DHost C pings Host A
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
31/118
31
Do show vlan on ALS1ALS1# show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Notice default VLAN numbers, names, types.
Ports configured to trunk mode will not appear in any of the VLANs.
Are there any ports trunking?
No All ports are in VLAN 1 by default
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
32/118
32
Do show vtp status on DLS1
DLS1# show vtp statusVTP Ver si on : 2Conf i gur at i on Revi si on : 0Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 5VTP Operat i ng Mode : ServerVTP Domai n Name :VTP Pruni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl ed
MD5 di gest : 0x57 0xCD 0x40 0x65 0x63 0x590x47 0xBDConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 0- 0- 00 00: 00: 00Local updat er I D i s 10. 1. 1. 101 on i nt er f ace Vl 1 ( l owest number ed
VLAN i nt er f ace f ound)DLS1#
How many VLANs does a 3560 switch support?
1005 VLANs (Model and IOS dependent)
How many built-in VLANs are there?
5
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
33/118
33
Same show vtp status on DLS1DLS1# show vtp statusVTP Ver si on : 2Conf i gur at i on Revi si on : 0Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 5VTP Oper at i ng Mode : Ser ver
VTP Domai n Name :VTP Pruni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl edMD5 di gest : 0x7D 0x5A 0xA6 0x0E 0x9A 0x72 0xA0 0x3AConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 0- 0- 00 00: 00: 00
Local updat er I D i s 10. 1. 1. 101 on i nt er f ace Vl 1 ( l owest number ed VLANi nt er f ace f ound)
What is the default VTP version?
2
What is the starting configuration revision? 0
What is the default VTP Mode?
Server
What is the default VTP domain name? none
The switch in VTP
server mode with the highest
revision number propagates
VLAN information over
trunked ports.
Every time VLAN information
is modified in the VLAN
database the revision number
is increased by one.
More in Part 2!
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
34/118
34
Do show vtp status on ALS1
ALS1# show vtp status
VTP Ver si on : 2
Conf i gur at i on Revi si on : 0
Maxi mum VLANs suppor t ed l ocal l y : 255
Number of exi st i ng VLANs : 5
VTP Oper at i ng Mode : Ser ver
VTP Domai n Name :
VTP Pruni ng Mode : Di sabl ed
VTP V2 Mode : Di sabl ed
VTP Tr aps Gener at i on : Di sabl ed
MD5 di gest : 0x7D 0x5A 0xA6 0x0E 0x9A 0x72 0xA0 0x3AConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 0- 0- 00 00: 00: 00
Local updat er I D i s 10. 1. 1. 103 on i nt er f ace Vl 1 ( l owest number ed VLANi nt er f ace f ound) #
How many VLANs does a 2960 switch support?
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
35/118
Configuration: Create a VLAN
To create a new VLAN in global configuration mode.
Swi t ch( conf i g) # vlan vlan-id
vlan-id is 2-1001 or 1025-4094
To name a VLAN in VLAN configuration mode.
Swi t ch( conf i g- vl an) # name vlan-name
vlan-name is a descriptor for the VLAN.
Naming a VLAN is optional.
Swi t ch# configure terminalSwi t ch( conf i g) # vlan 5Swi t ch( conf i g- vl an) # name EngineeringSwi t ch( conf i g- vl an) # exit
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
36/118
Configuration: Disable Trunk Negotiation on a Port
To disable trunk negotiation on a switch port.
Swi t ch( conf i g- i f ) # switchport mode access
This command is optional but is recommended for security purposes.
An access port does not need to negotiate trunk formation.
To configure an optional macro for switch access ports.
Swi t ch( conf i g- i f ) # switchport host
This command optimizes a Layer 2 port for a host connection.
This macro sets the port mode to access, enables spanning-tree
portfast, and disables EtherChannel.
To assign a port to a VLAN in interface configuration mode.
Swi t ch( conf i g- i f ) # switchport access vlan vlan-id
vlan-id is a previously created VLAN or will be created.
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
37/118
Example: Assigning a Port to a VLAN
Swi t ch( conf i g) # interface FastEthernet 5/6Swi t ch( conf i g- i f ) # description PC ASwi t ch( conf i g- i f ) # switchport hostswi t chpor t mode wi l l be set t o accessspanni ng- t r ee por t f ast wi l l be enabl edchannel gr oup wi l l be di sabl edSwi t ch( conf i g- i f ) # switchport access vlan 200
Swi t ch( conf i g- i f ) # no shutdownSwi t ch( conf i g- i f ) # end
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
38/118
Verification: VLAN Configuration
The show vlan command and its derivatives are the
most useful commands for displaying information related to
VLANs. The following two forms have the same output.
Swi t ch# show vl an i d 3VLAN Name St at us Por t s
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
3 VLAN0003 act i ve Fa0/ 1
VLAN Type SAI D MTU Par ent Ri ngNo Br i dgeNo St p Br dgMode Tr ans1 Tr ans2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
3 enet 100003 1500 - - - - - 0 0
Swi t ch# show vl an name VLAN0003VLAN Name St at us Por t s- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -3 VLAN0003 act i ve Fa0/ 1
VLAN Type SAI D MTU Par ent Ri ngNo Br i dgeNo St p Br dgMode Tr ans1 Tr ans2- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -3 enet 100003 1500 - - - - - 0 0
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
39/118
Verification: Interface Configuration
The show running-config command has an
interface keyword option to allow for interface-specific
output.
Swi t ch# show running-config interface FastEthernet 5/6Bui l di ng conf i gur at i on. . .!Cur r ent conf i gur at i on : 33 byt esi nt er f ace Fast Et her net 5/ 6swi t chpor t access vl an 200swi t chpor t mode accessswi t chpor t hostend
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
40/118
Verification: Switch Port Configuration
One of the most useful commands for showing VLAN
configuration information specific to a switch port is theshow interfaces interface_id switchport
command.Swi t ch# show interfaces f0/18 switchportName: Fa0/ 18Swi t chpor t : Enabl edAdmi ni st r at i ve Mode: st at i c access
Operat i onal Mode: downAdmi ni st r at i ve Tr unki ng Encapsul at i on: dot 1qNegot i at i on of Tr unki ng: Of fAccess Mode VLAN: 20 ( VLAN0020)
Tr unki ng Nat i ve Mode VLAN: 1 ( def aul t )Admi ni st r at i ve Nat i ve VLAN t aggi ng: enabl ed
Voi ce VLAN: 150 ( VLAN0150)Oper at i onal pr i vat e- vl an: none
Tr unki ng VLANs Enabl ed: ALLPr uni ng VLANs Enabl ed: 2- 1001Capt ure Mode Di sabl edCapt ure VLANs Al l owed: ALL
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
41/118
Verification: MAC Address Information
You can view MAC address information specific to an
interface and an associated VLAN.
Swi t ch# show mac address-table interface GigabitEthernet 0/1 vlan 1
Mac Addr ess Tabl e- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Vl an Mac Addr ess Type Port s- - - - - - - - - - - - - - - - - - - - - - - -1 0008. 2199. 2bc1 DYNAMI C Gi 0/ 1
Tot al Mac Addr esses f or t hi s cr i t er i on: 1
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
42/118
ImplementingTrunking in a
Campus Network
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
43/118
43
VTP, Trunking and DTP
Trunking it when surfing Not so much
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
44/118
VLAN Trunking
Trunks carry the traffic for multiple VLANs across a single
physical link (multiplexing).
Extends Layer 2 operations across an entire network.
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
45/118
VLAN Trunking with Inter-Switch Link (ISL)
ISL is Cisco-proprietary trunking protocol.
ISL is nearly obsolete.
ISL encapsulates Ethernet frames, adding 30 bytes ofoverhead.
ISL is supported on non-access-layer Cisco switches.
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
46/118
VLAN Trunking with IEEE 802.1Q
802.1Q is a widely supported industry-standard protocol.
Smaller frame overhead than ISL.
Overhead is 4 bytes. Has the 802.1p field for QoS support.
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
47/118
47
VTP (VLAN Trunking Protocol)
Configuring VLANs without VTP.
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
48/118
48
VTP (VLAN Trunking Protocol)
VLAN Trunk Protocol (VTP) reduces administration in a switched
network.
VLAN information can be configured on a VTP server, which is then
distributed through all switches in the domain.
Do not have to configure on each switch individually.
Cisco-proprietary
http://www.cisco.com/warp/public/473/vtp_flash/
VTP
Message
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
49/118
49
VTP (VLAN Trunking Protocol) Modes
Server
Can create, modify, and delete VLANs
Configure VTP version and VTP pruning (next week).
Advertise their VLAN configuration to other switches in the same VTP
domain VTP advertisements sent/received over trunk links.
Default mode.
Client
Behave the same way as VTP servers, but you cannot create, change,or delete VLANs on a VTP client.
Transparent
Does not participate in VTP.
Does not advertise its VLAN configuration.
Does not synchronize its VLAN configuration based on receivedadvertisements
Does forward VTP advertisements that they receive out their trunk portsin VTP Version 2.
Off(CatOS switches only)
Behaves the same as in VTP transparent mode with the exception thatVTP advertisements are not forwarded.
DLS1( conf i g) # vtp mode ?
cl i ent Set t he devi ce t o cl i ent mode.
ser ver Set t he devi ce t o ser ver mode.t r anspar ent Set t he devi ce t o t r anspar ent mode.
DLS1( conf i g) #
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
50/118
50
VTP Verifying the VTP Mode
DLS1# show vtp statusVTP Ver si on : 2Conf i gur at i on Revi si on : 0Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 5VTP Operat i ng Mode : ServerVTP Domai n Name :VTP Pruni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl ed
MD5 di gest : 0x57 0xCD 0x40 0x65 0x63 0x590x47 0xBDConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 0- 0- 00 00: 00: 00Local updat er I D i s 10. 1. 1. 101 on i nt er f ace Vl 1 ( l owest number ed
VLAN i nt er f ace f ound)DLS1#
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
51/118
51
Configure the VTP domain name on DLS1
DLS1( conf i g) # vtp domain SWLAB
Changi ng VTP domai n name f r om NULL t o SWLAB
Will the other switches receive the domain name in a VTP update?
We will see in a moment.
Hint: Switches transmit VTP messages only over 802.1Q and ISL trunks.
Domain is case
sensitive.
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
52/118
52
Configure DLS1 as a VTP Server and ALS1 as a
VTP ClientDLS1( conf i g) # vtp mode server
Devi ce mode al r eady VTP SERVER.
Configure other two switches Configure DLS2 switch as a VTP Server
Configure ALS2 switch as a VTP Clients
Verify VTP Mode
ALS1( conf i g) # vtp mode client
Set t i ng devi ce t o VTP CLI ENT mode.
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
53/118
53
VTP Server and ClientsDLS2( conf i g) # vtp mode serverDevi ce mode al r eady VTP SERVER.DLS2( conf i g) # endDLS2# show vtp statusVTP Ver si on : 2
Conf i gur at i on Revi si on : 0Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 5VTP Operat i ng Mode : ServerVTP Domai n Name :
ALS2( conf i g) # vtp mode client
Set t i ng devi ce t o VTP CLI ENT mode.
ALS2( conf i g) # end
ALS2# show vtp status
VTP Ver si on : 2
Conf i gur at i on Revi si on : 0
Maxi mum VLANs suppor t ed l ocal l y : 255
Number of exi st i ng VLANs : 5
VTP Oper at i ng Mode : Cl i entVTP Domai n Name :
Why do these switches not have the VTP
domain name configured on DLS1?
VLAN information is not
propagated until the VTPDomain Name is learned
through trunked ports.
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
54/118
54
Non-trunking by defaultALS1# show interfaces fastethernet 0/6 switchportName: Fa0/ 6Swi t chpor t : Enabl edAdmi ni st r at i ve Mode: dynami c aut oOper at i onal Mode: st at i c accessAdmi ni st r at i ve Tr unki ng Encapsul at i on: dot 1q
Oper at i onal Tr unki ng Encapsul at i on: nat i veNegot i at i on of Tr unki ng: OnAccess Mode VLAN: 1 ( def aul t )
Tr unki ng Nat i ve Mode VLAN: 1 ( def aul t )Voi ce VLAN: noneAdmi ni st r at i ve pr i vat e- vl an host - associ at i on: none
Admi ni st r at i ve pr i vat e- vl an mappi ng: noneAdmi ni st r at i ve pr i vat e- vl an t r unk nat i ve VLAN: noneAdmi ni st r at i ve pr i vat e- vl an t r unk encapsul at i on: dot 1qAdmi ni st r at i ve pr i vat e- vl an t r unk nor mal VLANs: noneAdmi ni st r at i ve pr i vat e- vl an t r unk pr i vat e VLANs: noneOper at i onal pr i vat e- vl an: none
Ports on the 2960 and 3560 are set to dynamic auto by default.
Does not try to negotiate a trunk unless one side is configured with
switchport mode trunk command.
This results in the interface being in access mode (non-trunking)
How the port was configured.
How the is operating.
D namic Tr nking Protocol (DTP)
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
55/118
Dynamic Trunking Protocol (DTP)
Access - Puts the interface into permanent non-trunking mode and negotiates to convert the link into a non-trunk link.
The interface becomes a non-trunk interface even if the neighboring interface does not agree to the change.
Trunk - Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link. The
interface becomes a trunk interface even if the neighboring interface does not agree to the change.
Nonegotiate - Puts the interface into permanent trunking mode but prevents the interface from generating DTP
frames. You must configure the neighboring interface manually as a trunk interface to establish a trunk link. Use this
mode when connecting to a device that does not support DTP.
Dynamic desirable - Makes the interface actively attempt to convert the link to a trunk link. The interface becomes atrunk interface if the neighboring interface is set to trunk, desirable, or auto mode.
Dynamic auto - Makes the interface willing to convert the link to a trunk link. The interface becomes a trunk interface if
the neighboring interface is set to trunk or desirable mode. This is the default mode for all Ethernet interfaces in Cisco
IOS.
Configuring an Interface for Trunking
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
56/118
Configuring an Interface for Trunking
Select the encapsulation type:Swi t ch( conf i g- i f ) # switchport trunk encapsulation {isl | dot1q |
negotiate}
Configure the interface as a Layer 2 trunk:Swi t ch( conf i g- i f ) # switchport mode {dynamic {auto | desirable} |
trunk}
Specify the native VLAN:Swi t ch( conf i g- i f ) # switchport trunk native vlan vlan-id
Configure the allowable VLANs for this trunk:Swi t ch( conf i g- i f ) # switchport trunk allowed vlan {add | except | all |
remove} vlan-id[,vlan-id[,vlan-id[,...]]]
Swi t ch( conf i g) # interface FastEthernet 5/8Swi t ch( conf i g- i f ) # switchport trunk encapsulation dot1qSwi t ch( conf i g- i f ) # switchport mode trunkSwi t ch( conf i g- i f ) # switchport nonegotiate optionalSwi t ch( conf i g- i f ) # switchport trunk allowed vlan 1-100Swi t ch( conf i g- i f ) # no shutdownSwi t ch( conf i g- i f ) # end
Verifying Trunk Configuration
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
57/118
Verifying Trunk Configuration
Swi t ch# show running-config interface f5/8Bui l di ng conf i gur at i on. . .Cur r ent conf i gur at i on:!i nt er f ace Fast Et her net 5/ 8swi t chpor t mode dynami c desi r abl eswi t chpor t t r unk encapsul at i on dot 1q
end
Swi t ch# show interfaces f5/8 switchportName: Fa5/ 8Swi t chpor t : Enabl edAdmi ni st r at i ve Mode: dynami c desi r abl eOper at i onal Mode: t r unkAdmi ni st r at i ve Tr unki ng Encapsul at i on: negot i at e
Oper at i onal Tr unki ng Encapsul at i on: dot 1qNegot i at i on of Tr unki ng: Enabl edAccess Mode VLAN: 1 ( def aul t )Tr unki ng Nat i ve Mode VLAN: 1 ( def aul t )Tr unki ng VLANs Enabl ed: ALLPr uni ng VLANs Enabl ed: 2- 1001
Swi t ch# show interfaces f5/8 trunkPor t Mode Encapsul at i on St at us Nat i ve vl anFa5/ 8 desi r abl e n- 802. 1q t r unki ng 1
Por t Vl ans al l owed on t r unkFa5/ 8 1- 1005
DTP (Dynamic Trunking Protocol) and Switchport Mode
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
58/118
58
DTP (Dynamic Trunking Protocol) and Switchport Mode
Interactions
Dynamic AutoDynamic
DesirableTrunk Access
Dynamic Auto Access Trunk Trunk Access
Dynamic
DesirableTrunk Trunk Trunk Access
Trunk Trunk Trunk Trunk Not recommended
Access Access AccessNot
recommended
Access
N t ki b d f lt
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
59/118
59
Non-trunking by defaultALS1#show inter fa 0/11 switchport
Name: Fa0/11
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: nativeNegotiation of Trunking: On
Access Mode VLAN: 1 (default)
ALS2#show inter fa 0/11 switchport
Name: Fa0/11
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
2960 and 3560 switches do not try to negotiate a trunk unless the otherside is configured with switchport mode trunk command.
show interfaces without switchport option
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
60/118
60
show interfaces without switchport optionALS1# show interfaces fastethernet 0/6
FastEthernet0/6 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 001b.0c98.8106 (bia 001b.0c98.8106)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTXinput flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
51 packets input, 9122 bytes, 0 no buffer
Received 49 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected489 packets output, 38801 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
als1#
Without the switchport
option this command
shows basic interface
(non-vlan) information.
Non trunking by default
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
61/118
61
Non-trunking by defaultALS1#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
Even though trunking is not yet configured between the switches, can the hostsping each other? Try it!
Yes, as long as the hosts are on the same subnet they will be able to ping
each other without trunking. (Host A and Host B)
This is because all ports are on VLAN 1.
Like a switched network with no vlans.
So why do we establish VLANs?
To segment broadcast domains.
Why do we need trunks?
To carry traffic for multiple VLANs.
Without VLANS what does this mean?
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
62/118
62
Without VLANS what does this mean?
ARP Request from Host A to Host B. Which hosts will see it?
Only Host B is on the same subnet as Host A, but the entire network (allhosts) will receive the broadcast.
Why are not all of the links used?
Spanning Tree Protocol is keeping the network loop free.
With VLANS what does this mean?
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
63/118
63
With VLANS what does this mean?
ARP Request from Host A to Host B. Which hosts will see it?
Only Host B is on the same VLAN as Host A, so other hosts will not receivethe broadcast.
With VTP pruning broadcasts (dashed lines) within their VLAN will be kept
within their VLAN.
XX
DTP and Switchport Mode Interactions
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
64/118
64
p
Dynamic AutoDynamic
DesirableTrunk Access
Dynamic Auto Access Trunk Trunk Access
DynamicDesirable
Trunk Trunk Trunk Access
Trunk Trunk Trunk Trunk Not recommended
Access Access Access Notrecommended Access
Note: Table assumes DTP is enabled at both ends.
ALS1( conf i g- i f ) # switchport mode ?
access Set t r unki ng mode t o ACCESS uncondi t i onal l y
dynami c Set t r unki ng mode t o dynami cal l y negot i at e access or t r unk mode
t r unk Set t r unki ng mode t o TRUNK uncondi t i onal l y
ALS1( conf i g- i f ) # switchport mode dynamic ?
aut o Set t r unki ng mode dynami c negot i at i on paramet er t o AUTO
desi r abl e Set t r unki ng mode dynami c negot i at i on parameter t o DESI RABLE
Default
Default
Configure DLS1 for Trunking
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
65/118
65
Configure DLS1 for Trunking
ALS1( conf i g) # interface range fastethernet 0/11 - 12
ALS1( conf i g- i f - r ange) # switchport mode trunk
ALS1( conf i g- i f - r ange) #
What will this do to these two links?
Does ALS2 need to be configured as a trunk?
Default
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
66/118
66
ALS1( conf i g) #interface range fastethernet 0/11 - 12
ALS1( conf i g- i f - r ange) # switchport mode trunk
Trunking! We will verify this on ALS1 in a moment.
ALS1# show interface trunk
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
67/118
67
Por t Mode Encapsul at i on St at us Nat i ve vl an
Fa0/ 11 on 802. 1q t r unki ng 1
Fa0/ 12 on 802. 1q t r unki ng 1
Por t Vl ans al l owed on t r unk
Fa0/ 11 1- 4094Fa0/ 12 1- 4094
Por t Vl ans al l owed and act i ve i n management domai n
Fa0/ 11 1
Fa0/ 12 1
Por t Vl ans i n spanni ng t r ee f or war di ng st at e and notpruned
Fa0/ 11 1
Fa0/ 12 1ALS1#
ALS1 Manually Configured Trunk
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
68/118
68
ALS1 Manually Configured Trunk
ALS1# show inter fa 0/11 switchport
Name: Fa0/ 11
Swi t chpor t : Enabl ed
Admi ni st r at i ve Mode: t r unk
Oper at i onal Mode: t r unkAdmi ni st r at i ve Tr unki ng Encapsul at i on: dot 1q
Oper at i onal Tr unki ng Encapsul at i on: dot 1q
Negot i at i on of Tr unki ng: On
Access Mode VLAN: 1 ( def aul t )
Why is the administrative mode trunk?
Because we configured the port(s) as trunking:
ALS1( conf i g) # interface range fastethernet 0/11 - 12
ALS1( conf i g- i f - r ange) # switchport mode trunk
ALS2 Default Dynamic Auto
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
69/118
69
y
ALS2# show inter fa 0/11 switchport
Name: Fa0/ 11
Swi t chpor t : Enabl ed
Admi ni st r at i ve Mode: dynami c aut o
Oper at i onal Mode: t r unkAdmi ni st r at i ve Tr unki ng Encapsul at i on: dot 1q
Oper at i onal Tr unki ng Encapsul at i on: dot 1q
Negot i at i on of Tr unki ng: On
Access Mode VLAN: 1 ( def aul t )
Tr unki ng Nat i ve Mode VLAN: 1 ( def aul t )
What is the DTP setting on ALS2? (This did not change.)
Is this the default on a 3560 switch? Yes
Dynamic AutoTrunk
Notice it is now trunking because the other end is set to trunk.
ALS2 Default Dynamic Auto
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
70/118
70
yALS2#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/11 auto 802.1q trunking 1
Fa0/12 auto 802.1q trunking 1
Port Vlans allowed on trunkFa0/11 1-4094
Fa0/12 1-4094
Port Vlans allowed and active in management domain
Fa0/11 1
Fa0/12 1
Port Vlans in spanning tree forwarding state and not pruned
Fa0/11 1
Fa0/12 none
Verifying trunks on ALS2
Dynamic AutoTrunk
Default
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
71/118
71
Status
ALS1( conf i g) # interface range fastethernet 0/11 - 12ALS1( conf i g- i f - r ange) # switchport mode trunk
No additional configuration needed on ALS2.
Switches that support both ISL and 802.1Q
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
72/118
72
pp
Swi t ch( conf i g) # interface range fastethernet 0/1 4
Swi t ch( conf i g- i f - r ange) # switchport mode trunk
Command r ej ect ed: An i nt er f ace whose t r unk encapsul at i on i s"Aut o" can not be conf i gur ed t o "t r unk" mode.
Swi t ch( conf i g- i f - r ange) # switchport trunk encapsulation dot1q
Swi t ch( conf i g- i f - r ange) # switchport mode trunk
What happens when we use the switchport mode trunk command without specifying the
encapsulation on switches that support both protocols? On switches that support multiple trunking encapsulations (802.1Q and ISL), you
must first configure the trunking encapsulation before setting the interface to trunk
mode.
The switchport trunk encapsulation command must be configured before the
switchport mode trunk.
Configure the rest of the trunk links
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
73/118
73
What about the VTP domain names on DLS1 and DLS2?
No other trunk links configured so DLS1 and DLS2 still have no VTP
domain name.
Trunking only configured between ALS1 and ALS2.
Configure the rest if the trunk links as shown in the topology.
Packet Tracer only supports 802.1Q trunks, not ISL.
ALS1( conf i g) #inter range fa 0/7 - 10
ALS1( conf i g- i f - r ange) #switchport mode trunk
ALS2( conf i g) #i t f 0/7 10
Fa 0/11 12 previously
configured trunk
F 0/11 12 d f lt
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
74/118
74
DLS1( conf i g) #inter range fa 0/7 - 12
DLS1( conf i g- i f - r ange) #switchport mode trunk
Command r ej ect ed: An i nt er f ace whose t r unk encapsul at i on i s
"Aut o" can not be conf i gur ed t o "t r unk" mode.Command r ej ect ed: An i nt er f ace whose t r unk encapsul at i on i s"Aut o" can not be conf i gur ed t o "t r unk" mode.
Command r ej ect ed: An i nt er f ace whose t r unk encapsul at i on i s"Aut o" can not be conf i gur ed t o "t r unk" mode.
Command r ej ect ed: An i nt er f ace whose t r unk encapsul at i on i s
"Aut o" can not be conf i gur ed t o "t r unk" mode.Command r ej ect ed: An i nt er f ace whose t r unk encapsul at i on i s
"Aut o" can not be conf i gur ed t o "t r unk" mode.
Command r ej ect ed: An i nt er f ace whose t r unk encapsul at i on i s"Aut o" can not be conf i gur ed t o "t r unk" mode.
DLS1( conf i g- i f - r ange) #switchport trunk encapsulation dot1q
DLS1( conf i g- i f - r ange) #switchport mode trunk
DLS2( conf i g) #inter range fa 0/7 - 12
DLS2( conf i g- i f - r ange) #switchport trunk encapsulation dot1q
DLS2( conf i g- i f - r ange) #switchport mode trunk
ALS2( conf i g) #inter range fa 0/7 - 10
ALS2( conf i g- i f - r ange) #switchport mode trunk
Note: I have configured the rest of the trunk links manually: switchport mode trunk
Only one end of the link needs to be configured manually, if the other end is
configured dynamic auto.
Now verify trunking on all switches:
show interfaces fa 0/7 switchport show interfaces trunk
Fa 0/11 12 default
dynamic desirable
PT does not support ISL.
Two ends: Trunk Mode and Dynamic Auto
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
75/118
75
ALS1# show interface fa 0/11 switchportName: Fa0/ 11Swi t chpor t : Enabl edAdmi ni st r at i ve Mode: t r unkOper at i onal Mode: t r unkAdmi ni st r at i ve Tr unki ng Encapsul at i on: dot 1q
Oper at i onal Tr unki ng Encapsul at i on: dot 1qNegot i at i on of Tr unki ng: OnAccess Mode VLAN: 1 ( def aul t )
Tr unki ng Nat i ve Mode VLAN: 1 ( def aul t )
ALS2# show interfaces fa 0/11 switchport
Name: Fa0/ 11Swi t chpor t : Enabl edAdmi ni st r at i ve Mode: dynami c aut oOper at i onal Mode: t r unkAdmi ni st r at i ve Tr unki ng Encapsul at i on: dot 1qOper at i onal Tr unki ng Encapsul at i on: dot 1q
Negot i at i on of Tr unki ng: OnAccess Mode VLAN: 1 ( def aul t )
How can you tell if an interface is trunking, due to dynamic auto instead of
manually configured as trunk?
Two ends: Trunk Mode and Dynamic Auto
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
76/118
76
ALS1# show interface trunk
Por t Mode Encapsul at i on St at us Nat i ve vl anFa0/ 7 on 802. 1q t r unki ng 1Fa0/ 8 on 802. 1q t r unki ng 1Fa0/ 9 on 802. 1q t r unki ng 1
Fa0/ 10 on 802. 1q t r unki ng 1Fa0/ 11 on 802. 1q t r unki ng 1Fa0/ 12 on 802. 1q t r unki ng 1
ALS2# show interface trunk
Por t Mode Encapsul at i on St at us Nat i ve vl anFa0/ 7 on 802. 1q t r unki ng 1Fa0/ 8 on 802. 1q t r unki ng 1Fa0/ 9 on 802. 1q t r unki ng 1Fa0/ 10 on 802. 1q t r unki ng 1
Fa0/ 11 aut o 802. 1q t r unki ng 1Fa0/ 12 aut o 802. 1q t r unki ng 1
How can you tell if an interface is trunking, due to dynamic auto instead of
manually configured as trunk?
VTP Update
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
77/118
77
ALS2# show vtp statusVTP Ver si on : 2
Conf i gur at i on Revi si on : 0Maxi mum VLANs suppor t ed l ocal l y : 255Number of exi st i ng VLANs : 5VTP Operat i ng Mode : ServerVTP Domai n Name : SWLAB
VTP Pruni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl edMD5 di gest : 0x57 0xCD 0x40 0x65 0x47 0xBDConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 0- 0- 00 00: 00: 00Local updat er I D i s 0. 0. 0. 0 ( no val i d i nt er f ace f ound)
ALS2#
We now have a trunk links between VTP servers and clients.
What does this mean for ALS2 and getting a VTP domain name?
ALS2 receives the VTP update from ALS1 who received VTP update from
DLS1 and updates Domain Name
DLS1( conf i g) # vtp domain SWLAB
Changi ng VTP domai n name f r om NULL t o SWLAB
Previous command
VTP Updates Received
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
78/118
78
DLS1# show vtp statusVTP Ver si on : 2Conf i gur at i on Revi si on : 0Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 5
VTP Oper at i ng Mode : Ser verVTP Domai n Name : SWLABVTP Pruni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl ed
MD5 di gest : 0x57 0xCD 0x40 0x65 0x630x59 0x47 0xBD
Conf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 0- 0- 00 00: 00: 00Local updat er I D i s 0. 0. 0. 0 ( no val i d i nt er f ace f ound)DLS1#
VTP update sends domain name over trunk links.
What does this mean?
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
79/118
79
We have configured trunking but all of our access ports (hosts) are on VLAN 1.
We have configured trunking but we still need to configure the access ports for
separate VLANs.
Currently broadcasts propagating though entire network.
How would VLANs affect the ARP broadcast?
Host C and Host D would not receive the ARP Request.
If VTP pruning is enabled with no VLAN 120s on DLS1, DLS1 would not
receive the ARP Request either.
Access Ports
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
80/118
80
Configure the VLAN on the access port for ALS1
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
81/118
81
ALS1( conf i g) # inter fa 0/6
ALS1( conf i g- i f ) # switchport mode ?
access Set t r unki ng mode t o ACCESS uncondi t i onal l y
dynami c Set t r unki ng mode t o dynami cal l y negot i at e access or
t r unk mode
t r unk Set t r unki ng mode t o TRUNK uncondi t i onal l y
ALS1( conf i g- i f ) # switchport mode access
With a single host attached will we everneed trunking on this port?
No, so we configure it for access
mode, permanent non-trunking. (We
will discuss Voice VLANs later.) Configure access ports on other three
switches (DLS1, DLS2, ALS2).
Configuring Access Ports
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
82/118
82
ALS2( conf i g) # inter fa 0/6
ALS2( conf i g- i f ) # switchport mode access
Verify configurations with:
show interfaces fa0/6 switchport
This command is important, it will not allow trunking to occur if the other side tries tonegotiate it.
Optional: To disable Layer 2 DTP negotiation packets from going out an interface use:
switchport nonegotiate
Use with:
switchport mode access or switchport mode trunk
DLS1( conf i g) # inter fa 0/6
DLS1( conf i g- i f ) # switchport mode access
DLS2( conf i g) # inter fa 0/6
DLS2( conf i g- i f ) # switchport mode access
Example
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
83/118
83
ALS1# show interfaces fa 0/6 switchport
Name: Fa0/ 6
Swi t chpor t : Enabl ed
Admi ni st r at i ve Mode: st at i c access
Oper at i onal Mode: st at i c access
Admi ni st r at i ve Tr unki ng Encapsul at i on: dot 1q
Oper at i onal Tr unki ng Encapsul at i on: nat i ve
Negot i at i on of Tr unki ng: Of f
Access Mode VLAN: 1 ( def aul t )
Tr unki ng Nat i ve Mode VLAN: 1 ( def aul t )
Creating VLANs
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
84/118
84
Create the VLAN for the Access Port on DLS1
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
85/118
85
DLS1( conf i g) # inter fa 0/6DLS1( conf i g- i f ) # switchport mode access
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
86/118
86
DLS1( conf i g) # inter fa 0/1DLS1( conf i g- i f ) # switchport access vlan 55% Access VLAN does not exi st . Cr eat i ng vl an 55DLS1( conf i g- i f ) # end
DLS1# show vlan
VLAN Name St at us Por t s- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 def aul t act i ve Fa0/ 2, Fa0/ 3, Fa0/ 4, Fa0/ 5
Fa0/ 13, Fa0/ 14, Fa0/ 15, Fa0/ 16Fa0/ 17, Fa0/ 18, Fa0/ 19, Fa0/ 20Fa0/ 21, Fa0/ 22, Fa0/ 23, Fa0/ 24
Gi 0/ 1, Gi 0/ 255 VLAN0055 act i ve Fa0/ 1100 VLAN0100 act i ve Fa0/ 6110 VLAN0110 act i ve
DLS1# show inter fa 0/1 switchport
Name: Fa0/ 1Swi t chpor t : Enabl edAdmi ni st r at i ve Mode: dynami c aut oOperat i onal Mode: downAdmi ni st r at i ve Tr unki ng Encapsul at i on: negot i at eNegot i at i on of Tr unki ng: OnAccess Mode VLAN: 55 ( VLAN0055)
Both the switchport
mode access command
and switchport
access vlan n should
be used for non-VLAN 1ports.
Want negotiation to be
Off
Unexpected results may
occur.
No switchport mode
access command
configured on fa 0/1/
Removing VLAN 55
DLS1( f i ) # i f 0/1
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
87/118
87
DLS1( conf i g) # inter fa 0/1DLS1( conf i g- i f ) # no switchport access vlan 55
DLS1( conf i g- i f ) # exit
DLS1( conf i g) # no vlan 55
DLS1( conf i g) # end
DLS1# show vlan
VLAN Name St at us Por t s
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4
Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15
Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19
Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23
Fa0/ 24, Gi 0/ 1, Gi 0/ 2
100 VLAN0100 act i ve Fa0/ 6
110 VLAN0110 act i ve
Create the VLAN for the Access Port on DLS1
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
88/118
88
VLANs 100, 110 and 120 must be created on the appropriate switches.
Configure the host access port on DLS2 with their proper VLANs and verifywith: show vlan
Creating the VLAN for the Access Port on DLS2
DLS2( conf i g) # i t f 0/6
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
89/118
89
DLS2( conf i g) # inter fa 0/6DLS2( conf i g- i f ) # switchport access vlan 110
% Access VLAN does not exi st . Cr eat i ng vl an 110
DLS2( conf i g- i f ) # exit
DLS2# show vlan
VLAN Name St at us Por t s
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4
Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19
Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23
Fa0/ 24, Gi 0/ 1, Gi 0/ 2
100 VLAN0100 act i ve
110 VLAN0110 act i ve Fa0/ 61002 f ddi - def aul t act / unsup
1003 t oken- r i ng- def aul t act / unsup
1004 f ddi net - def aul t act / unsup
1005 t r net - def aul t act / unsup
Notice that thereare two new VLANS
and that interface
Fa 0/6 is active in
VLAN 100.
Looking at the number of VLANs
ALS1# show vlan
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
90/118
90
ALS1# show vlanVLAN Name St at us Por t s
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4
Fa0/ 5, Fa0/ 6, Fa0/ 13, Fa0/ 14
Fa0/ 15, Fa0/ 16, Fa0/ 17, Fa0/ 18
Fa0/ 19, Fa0/ 20, Fa0/ 21, Fa0/ 22Fa0/ 23, Fa0/ 24, Gi g0/ 1, Gi g0/ 2
100 VLAN0100 act i ve
110 VLAN0110 act i ve
1002 f ddi - def aul t act i ve
1003 t oken- r i ng- def aul t act i ve
1004 f ddi net - def aul t act i ve
1005 t r net - def aul t act i ve
ALS1# show vtp status
VTP Ver si on : 2
Conf i gur at i on Revi si on : 6
Maxi mum VLANs suppor t ed l ocal l y : 255
Number of exi st i ng VLANs : 7
VTP Operat i ng Mode : Cl i ent
VTP Domai n Name : SWLAB
VTP Pruni ng Mode : Di sabl ed
Why 7 VLANs and not 3?
We only configured two plus
VLAN 1.
Four other default VLANs
No longer recommended
DLS1# vlan database
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
91/118
91
DLS1# vlan database% War ni ng: I t i s r ecommended t o conf i gur e VLAN f r om conf i g mode,
as VLAN dat abase mode i s bei ng depr ecat ed. Pl ease consul t user
document at i on f or conf i gur i ng VTP/ VLAN i n conf i g mode.
DLS1( vl an) # exit
APPLY compl et ed.
Exi t i ng. . . .
DLS1#
Note: vlan database is no longer recommended by Cisco.
One less thing we need to remember!
Another way to create VLANs
ALS1( conf i g) # vlan 120
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
92/118
92
ALS1( conf i g) # vlan 120VTP VLAN conf i gurat i on not al l owed when devi ce i s i n CLI ENT mode.
ALS1( conf i g) #
ALS1( conf i g) # inter fa 0/6
ALS1( conf i g- i f ) # switchport access vlan 120
ALS1# show vlan
VLAN Name St at us Por t s
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4
Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15
Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19
Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23
Fa0/ 24, Gi g0/ 1, Gi g0/ 2
100 VLAN0100 act i ve
110 VLAN0110 act i ve
1002 f ddi - def aul t act i ve
1003 t oken- r i ng- def aul t act i ve
1004 f ddi net - def aul t act i ve
1005 t r net - def aul t act i ve
Use Global Configuration mode.
Lets now try it on a VTP server
VLANs cannot be created by
VTP Clients.
What if the interface isassigned that VLAN?
No VLAN 120 (yet)
Another way to create VLANsVTP Server
DLS1( conf i g) # vlan 120 No VTP error message
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
93/118
93
DLS1( conf i g) #DLS1( conf i g- vl an) # end
DLS1# show vlan
VLAN Name St at us Por t s
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4
Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15
Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19
Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23
Fa0/ 24, Gi 0/ 1, Gi 0/ 2
100 VLAN0100 act i ve Fa0/ 6
110 VLAN0110 act i ve
120 VLAN0120 act i ve
1002 f ddi - def aul t act / unsup
1003 t oken- r i ng- def aul t act / unsup
1004 f ddi net - def aul t act / unsup
1005 t r net - def aul t act / unsup
VLAN 120 is created.
Lets see what happened back at ALS1
No VTP error message.
Back to ALS1
ALS1# show vlan
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
94/118
94
VLAN Name St at us Por t s
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4
Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15
Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23
Fa0/ 24, Gi g0/ 1, Gi g0/ 2
100 VLAN0100 act i ve
110 VLAN0110 act i ve
120 VLAN0120 act i ve Fa0/ 6
1002 f ddi - def aul t act i ve
1003 t oken- r i ng- def aul t act i ve
1004 f ddi net - def aul t act i ve
1005 t r net - def aul t act i ve
ALS1 now has VLAN 120 via VTP.
Fa 0/6 active on VLAN 120 configured previously.
Configure ALS2
ALS2( conf i g) # inter fa 0/6ALS2( f i i f ) # i h l 120
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
95/118
95
gALS2( conf i g- i f ) # switchport access vlan 120
ALS2( conf i g- i f ) # end
%SYS- 5- CONFI G_I : Conf i gur ed f r om consol e by consol e
ALS2# show vlan
VLAN Name St at us Por t s- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4
Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15
Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19
Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23
Fa0/ 24, Gi g0/ 1, Gi g0/ 2
100 VLAN0100 act i ve
110 VLAN0110 act i ve
120 VLAN0120 act i ve Fa0/ 6
Name the VLANs on the VTP Server DLS1
DLS1( conf i g) # vlan 100DLS1( conf i g- vl an) # name Server-Farm1
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
96/118
96
DLS1( conf i g vl an) # name Server Farm1DLS1( conf i g- vl an) # exitDLS1( conf i g) # vlan 110DLS1( conf i g- vl an) # name Server-Farm2DLS1( conf i g- vl an) # exitDLS1( conf i g) # vlan 120DLS1( conf i g- vl an) # name Net-Eng
DLS1( conf i g- vl an) # end
DLS1# show vlan
VLAN Name St at us Por t s- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23Fa0/ 24, Gi 0/ 1, Gi 0/ 2
100 Server - Farm1 act i ve Fa0/ 6110 Server - Farm2 act i ve120 Net - Eng act i ve
VTP updates other switches
ALS1# show vlan
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
97/118
97
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Gi0/1, Gi0/2100 Server-Farm1 active
110 Server-Farm2 active
120 Net-Eng active Fa0/6
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup active
Verification
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
98/118
98
Verify configurations:
show vlan
show vtp status
show interfaces interface switchport
show interfaces trunk
show running-config
ALS1
ALS1#show run!
interface FastEthernet0/9switchport mode trunk
VTP i nf ormat i on not shown i n running config. Useshow vtp status and show vlan.
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
99/118
99
!
version 12.2
!
hostname ALS1
!
no ip domain-lookup
!
interface FastEthernet0/1
. . .
!
interface FastEthernet0/5
!
interface FastEthernet0/6
switchport access vlan 120
switchport mode access
!
interface FastEthernet0/7
switchport mode trunk
!
interface FastEthernet0/8
switchport mode trunk
!
switchport mode trunk
!
interface FastEthernet0/10
switchport mode trunk
!
interface FastEthernet0/11
switchport mode trunk
!
interface FastEthernet0/12
switchport mode trunk
!
interface FastEthernet0/13
. . .
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.1.1.103 255.255.255.0
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
no login
ALS2
ALS2#show runversion 12.2
interface FastEthernet0/9switchport mode trunk
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
100/118
100
!
hostname ALS2
!
no ip domain-lookup
!
interface FastEthernet0/1
!
. . .
interface FastEthernet0/5
!
interface FastEthernet0/6
switchport access vlan 120
switchport mode access
!
interface FastEthernet0/7
switchport mode trunk
!
interface FastEthernet0/8
switchport mode trunk
!
p
!
interface FastEthernet0/10
switchport mode trunk
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
. . .
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.1.1.104 255.255.255.0
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
no login
DLS1
DLS1#show runversion 12.2
interface FastEthernet0/9
switchport trunk encapsulation dot1q
switchport mode trunk
!interface FastEthernet0/10
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
101/118
101
!
hostname DLS1
!
no ip domain-lookup
!
interface FastEthernet0/1
!
. . .
interface FastEthernet0/5
!
interface FastEthernet0/6
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/11
switchport trunk encapsulation dot1qswitchport mode trunk
!
interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/13
!
. . .
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.1.1.101 255.255.255.0
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
no login
DLS2
DLS2#show runversion 12.2
interface FastEthernet0/9
switchport trunk encapsulation dot1q
switchport mode trunk
!interface FastEthernet0/10
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
102/118
102
!
hostname DLS2
!
no ip domain-lookup
!
interface FastEthernet0/1
!
. . .
interface FastEthernet0/5
!
interface FastEthernet0/6
switchport access vlan 110
switchport mode access
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/11
switchport trunk encapsulation dot1qswitchport mode trunk
!
interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/13
!
. . .
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.1.1.102 255.255.255.0
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
no login
What we have done:
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
103/118
103
Configured 802.1Q Trunking links between switches
Configured DLS1 and DLS2 as VTP Servers (default) Configured ALS1 and ALS2 as VTP Clients
Configured VTP domain name
Configured VLANs for host ports
VTP Authentication: Add a password and change
the domain name on DLS1
DLS1( conf i g) # vtp password cisco
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
104/118
104
DLS1( conf i g) # vtp password ciscoSet t i ng devi ce VLAN dat abase passwor d t o ci scoDLS1( conf i g) # vtp domain CabrilloChangi ng VTP domai n name f r om SWLAB t o Cabr i l l oDLS1( conf i g) # end
DLS1# show vtp statVTP Ver si on : 2Conf i gur at i on Revi si on : 0Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 8
VTP Oper at i ng Mode : Ser verVTP Domai n Name : Cabr i l l oVTP Pr uni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl edMD5 di gest : 0xCC 0xEE 0xCE 0x23 0x7D 0x6A 0x35 0x6BConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 3- 1- 93 00: 10: 08
Local updat er I D i s 0. 0. 0. 0 ( no val i d i nt er f ace f ound)
DLS1#00: 18: 15: %DTP- 5- DOMAI NMI SMATCH: Unabl e t o per f orm t r unk negot i at i on on por t
Fa0/ 11 because of VTP domai n mi smat ch.
Verify any changes on DLS2
DLS2# show vtp statusVTP V i 2
Did DLS2 update its
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
105/118
105
VTP Ver si on : 2Conf i gur at i on Revi si on : 22Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 8VTP Oper at i ng Mode : Ser ver
VTP Domai n Name : SWLABVTP Pr uni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl edMD5 di gest : 0x7D 0xA0 0x5E 0xB9 0xDE 0xC1 0x7F 0x8EConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 3- 1- 93 00: 00: 00
Local updat er I D i s 10. 1. 1. 102 on i nt er f ace Vl 1 ( l owest number ed VLANi nt er f ace f ound)DLS2#
p
domain name from
DLS1? No
Why? Domain name andpasswords do not
match with DLS1
Verify no changes on ALS1...
ALS1# show vtp statusVTP Ver si on : 2
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
106/118
106
VTP Ver si on : 2Conf i gur at i on Revi si on : 22Maxi mum VLANs suppor t ed l ocal l y : 255Number of exi st i ng VLANs : 8VTP Operat i ng Mode : Cl i ent
VTP Domai n Name : SWLABVTP Pr uni ng Mode : Di sabl edVTP V2 Mode : Di sabl edVTP Tr aps Gener at i on : Di sabl edMD5 di gest : 0x7D 0xA0 0x5E 0xB9 0xDE 0xC1 0x7F 0x8EConf i gur at i on l ast modi f i ed by 0. 0. 0. 0 at 3- 1- 93 00: 00: 00
ALS1#
Add a VLAN on DLS1... (VTP authenticated switch)
DLS1( conf i g) # vlan 300DLS1( conf i g vl an) # name Guest
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
107/118
107
DLS1( conf i g- vl an) # name GuestDLS1( conf i g- vl an) # end
DLS1# show vlan
VLAN Name St at us Por t s- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4
Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23
Fa0/ 24, Gi g0/ 1, Gi g0/ 2100 Ser ver - Far m1 act i ve Fa0/ 6110 Ser ver - Far m2 act i ve120 Net - Eng act i ve300 Guest act i ve
Will this change be reflected on DLS2?
DLS2# show vlan
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
108/118
108
VLAN Name St at us Por t s- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4
Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15
Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23Fa0/ 24, Gi g0/ 1, Gi g0/ 2
100 Ser ver - Far m- 1 act i ve110 Ser ver - Far m- 2 act i ve Fa0/ 6120 Net - Eng act i ve
1002 f ddi - def aul t act i ve
No VLAN 300 Same on ALS1 and ALS2.
Current
VTP
Domain = Cabrillo
Password = ciscoServerServerVLANs = 1, 100, 110, 120, 300
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
109/118
109
Domain = SWLABPassword = Client Client
VTP domain name and password must be the same for switches to bepart of the same VTP domain.
VLANs = 1, 100, 110, 120
Modify
VTP
Domain = Cabrillo
Password = cisco
Server Server
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
110/118
110
Client Client
VTP domain name and password must be the same for switches to bepart of the same VTP domain.
Modify DLS2, ALS1 and ALS2 to authenticate with
DLS1...
DLS2( conf i g) # vtp domain Cabrillo
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
111/118
111
Changi ng VTP domai n name f r om SWLAB t o Cabr i l l oDLS2( conf i g) # vtp password ciscoSet t i ng devi ce VLAN dat abase passwor d t o ci scoDLS2( conf i g) #
Modify DLS2, ALS1, ALS2 Domain and Password are case-sensitive
Verify with
Show vtp status
Show vlan
ALS1( conf i g) # vtp domain CabrilloChangi ng VTP domai n name f r om SWLAB t o Cabr i l l oALS1( conf i g) # vtp password ciscoSet t i ng devi ce VLAN dat abase passwor d t o ci scoALS1( conf i g) #
ALS2( conf i g) # vtp domain CabrilloChangi ng VTP domai n name f r om SWLAB t o Cabr i l l oALS2( conf i g) # vtp password ciscoSet t i ng devi ce VLAN dat abase passwor d t o ci scoALS2( conf i g) #
Verify on DLS2DLS2# show vtp statusVTP Ver si on : 2Conf i gur at i on Revi si on : 2Maxi mum VLANs suppor t ed l ocal l y : 1005
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
112/118
112
Maxi mum VLANs suppor t ed l ocal l y : 1005Number of exi st i ng VLANs : 9VTP Oper at i ng Mode : Ser verVTP Domai n Name : Cabr i l l oVTP Pruni ng Mode : Di sabl ed
VTP V2 Mode : Di sabl edVTP Tr aps Generat i on : Di sabl edMD5 di gest : 0xAB 0x0C 0xEB 0xDE 0x6A 0x89 0x0C 0xADConf i gur at i on l ast modi f i ed by 10. 1. 1. 101 at 3- 1- 93 00: 17: 55Local updat er I D i s 10. 1. 1. 102 on i nt er f ace Vl 1 ( l owest number ed VLAN i nt er f ace f ound)
DLS2# show vlan
VLAN Name St at us Por t s- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4
Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23Fa0/ 24, Gi g0/ 1, Gi g0/ 2
100 Ser ver - Far m- 1 act i ve110 Ser ver - Far m- 2 act i ve Fa0/ 6120 Net - Eng act i ve300 Guest act i ve
Verify on ALS1
ALS1# show vtp statusVTP Ver si on : 2Conf i gur at i on Revi si on : 2
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
113/118
113
Maxi mum VLANs suppor t ed l ocal l y : 255Number of exi st i ng VLANs : 9VTP Operat i ng Mode : Cl i entVTP Domai n Name : Cabr i l l oVTP Pruni ng Mode : Di sabl ed
VTP V2 Mode : Di sabl edVTP Tr aps Generat i on : Di sabl edMD5 di gest : 0xAB 0x0C 0xEB 0xDE 0x6A 0x89 0x0C 0xADConf i gur at i on l ast modi f i ed by 10. 1. 1. 101 at 3- 1- 93 00: 17: 55
ALS1# show vlan
VLAN Name St at us Por t s- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4
Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23Fa0/ 24, Gi g1/ 1, Gi g1/ 2
100 Ser ver - Far m- 1 act i ve110 Ser ver - Far m- 2 act i ve120 Net - Eng act i ve Fa0/ 6300 Guest act i ve
Verify on ALS2
ALS2# show vtp statusVTP Ver si on : 2Conf i gur at i on Revi si on : 2M i VLAN t d l l l 255
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
114/118
114
Maxi mum VLANs suppor t ed l ocal l y : 255Number of exi st i ng VLANs : 9VTP Operat i ng Mode : Cl i entVTP Domai n Name : Cabr i l l oVTP Pruni ng Mode : Di sabl ed
VTP V2 Mode : Di sabl edVTP Tr aps Generat i on : Di sabl edMD5 di gest : 0xAB 0x0C 0xEB 0xDE 0x6A 0x89 0x0C 0xADConf i gur at i on l ast modi f i ed by 10. 1. 1. 101 at 3- 1- 93 00: 17: 55
ALS2# show vlan
VLAN Name St at us Por t s- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 def aul t act i ve Fa0/ 1, Fa0/ 2, Fa0/ 3, Fa0/ 4
Fa0/ 5, Fa0/ 13, Fa0/ 14, Fa0/ 15Fa0/ 16, Fa0/ 17, Fa0/ 18, Fa0/ 19Fa0/ 20, Fa0/ 21, Fa0/ 22, Fa0/ 23Fa0/ 24, Gi g1/ 1, Gi g1/ 2
100 Ser ver - Far m- 1 act i ve110 Ser ver - Far m- 2 act i ve120 Net - Eng act i ve Fa0/ 6300 Guest act i ve
Current
VTP
Domain = Cabrillo
Password = cisco
Server Server
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
115/118
115
Client Client
VTP domain name and password must be the same for switches to bepart of the same VTP domain.
Use VTP in a Network
By default, all switches are configured to be VTP servers.
Fine for small scale networks
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
116/118
116
Fine for small-scale networks.
Size of the VLAN information is small and is easily stored in all
switches (in NVRAM).
In a large network:
Size of NVRAM is minimal.
Should choose a few well-equipped switches and keep them as
VTP servers.
Chosen to provide a degree of redundancy
Everything else that participates in VTP can be turned into a
client.
Use VTP in a Network
A VTP server without a VTP domain name cannot send or receive VLANinformation using VTP.
Client will learn domain from server if it does not have one
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
117/118
117
Client will learn domain from server if it does not have one.
But once a client has a domain it must be changed manually on the
client if changed on the server.
Dynamic Trunking Protocol (DTP) includes the VTP domain name in a DTPpacket.
Therefore, if you have two ends of a link that belong to different VTP
domains, the trunk does not come up if you use DTP.
In this special case, you must configure the trunk mode as on ornonegotiate, on both sides, in order to allow the trunk to come up
without DTP negotiation agreement.
If previously trunking, then trunking will continue.
TrunkDynamic Auto
NO TRUNK
VTP
domain
Cabrillo
VTP
domain
SWLAB
Trunk
TRUNK
Next .:
8/12/2019 SWITCH-EnterpriseNets and VLANs.pdf
118/118
118
VTP pruning, authentication and troubleshooting
Native VLAN
Inter-VLAN routing