Professional Documents
Culture Documents
VLANs:
A VLAN is a group of devices on one or more LANs that are configured to
communicate as if they were attached to the same wire, when in fact they are
located on a number of different LAN segments. Because VLANs are based on
logical instead of physical connections, they are extremely flexible.
That links to other switches are known as Trunk ports and links to end devices
like PCs are known as Access ports. On a port, which is an Access Port, the
Untagged VLAN is called the Access VLAN. On a port, which is a Trunk Port, the
Untagged VLAN is called the Native VLAN.
Trunk port is used to connect between switches and access port is used to
connect to computers lap top printers etc, you cannot extend the data from one
switch to other switch access ports through trunk port. It can only extended
through access port of switch.
0, Reserv For system use only. You cannot see or use these N/A
4095 ed VLANs.
1 Norma Cisco default. You can use this VLAN but you cannot Yes
l delete it.
2- Norma Used for Ethernet VLANs; you can create, use, and Yes
1001 l delete these VLANs.
1002 Norma Cisco defaults for FDDI and Token Ring. You cannot Yes
- l delete VLANs 1002-1005.
1005
SW2(config)#vlan 50
SW2(config-vlan)#name Computers
SW2(config-vlan)#exit
Put the interfaces connected to the computers in the correct VLAN
SW1(config)#interface fa0/1
SW1(config-if)#switchport access vlan 50
SW2(config)#interface fa0/2
SW2(config-if)#switchport access vlan 50
Access VLAN Configuration
When we configure a port in access mode, we can specify which VLAN will carry
the traffic for that interface. If you do not configure the VLAN for a port in access
mode, or an access port, the interface carries traffic for the default VLAN
(VLAN1).
We can change the access port membership in a VLAN by specifying the new
VLAN. We must create the VLAN before we can assign it as an access VLAN for
an access port. If we change the access VLAN on an access port to a VLAN that is
not yet created, the system will shut that access port down.
If an access port receives a packet with an 802.1Q tag in the header other than
the access VLAN value, that port drops the packet without learning its MAC
source address.
To set the access VLAN when the interface is in access mode, use
the switchport access vlan command. To reset the access-mode VLAN to the
appropriate default VLAN for the switch, use the no form of this command.
Syntax Description
vlan- VLAN to set when the interface is in access mode. The range is from 1 to
id 4094, except for the VLANs reserved for internal use.
Trunk Configuration
Trunks are required to carry VLAN traffic from one switch to another.
Trunking
VLANs are local to each switch's database, and VLAN information is not
passed between switches.
Cisco switches have two Ethernet trunking mechanisms: ISL and IEEE
802.1Q.
Trunks carry traffic from all VLANs to and from the switch by default but
can be configured to carry only specified VLAN traffic.
Trunk links must be configured to allow trunking on each end of the link.
An access port can have only one VLAN configured on that port; it can
carry traffic for only one VLAN.
A trunk port can have two or more VLANs configured on that port; it can
carry traffic for several VLANs simultaneously.
By default, all ports on the device are Layer 3 ports.
You can make all ports Layer 2 ports using the setup script or by entering
the system default switchportcommand. See the Cisco Nexus 7000 Series NX-
OS Fundamentals Configuration Guide, Release 4.x for information on using the
setup script. To configure the port as a Layer 2 port using the CLI, use the
switchport command,
All ports in one trunk must be in the same virtual device context (VDC). See
the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide,
Release 4.x for information on VDCs.
All ports in the same trunk must be in the same VDC, and trunk ports cannot
carry VLANs from different VDCs.
show how you can use trunk ports in the network. The trunk port carries traffic
for two or more VLANs.
Trunk and Access Ports and VLAN Traffic
VTP Basics
VLAN Trunking Protocol (VTP) is a Cisco proprietary technology. Ask
administrators whether they like VTP and you will get varying answers. I dont
think anyone will deny there is a convenience that VTP provides. However,
dangers associated with VTP are enough to make an administrator shy away
from VTP as well. Ill go into these risks later and what can be done to avoid
them.
A VTP domain defines which VTP enabled switches are allowed to send VLAN
information to each other. VTP domains could be created for a data center,
another for the first floor, and another for the second floor. A VTP domain is
specified with the vtp domain VTPDomain command.
Configuring VTP is pretty straight forward so I wont go into what each command
does. Here is a basic configuration on a VTP server.
SW1(config)# vtp domain VTPDomain
Setting VTP domain name to VTPDomain.
SW1(config)# vtp mode server
Setting device to VTP Server mode for VLANS.
SW1(config)# vtp version 2
Setting device to VTP version 2.
SW1(config)# vtp password passw0rd
Setting device VLAN database password to passw0rd.
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 1
VTP Operating Mode : Server
VTP Domain Name : VTPDomain
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x46 0x61 0xA6 0xC8 0x1F 0x9B 0x64 0x6A
Configuration last modified by 0.0.0.0 at 3-1-93 01:34:49
Local updater ID is 10.10.0.2 on interface Vl55 (lowest numbered VLAN interface
found)
When two switches on a single network arent running VTP properly, compare the
MD5 digest on the switches. If they do not match, review the VTP version, the
domain, password, and revision numbers.
Preview
A VTP client is a switch which accepts configurations but doesnt allow for
manual VLAN configuration through its CLI. Any VLAN configuration needs to be
done on the VTP server. Immediately after the vlan.dat file is updated on the
server, VTP packets are sent through the layer 2 network and clients update their
vlan.dat file.
In addition to server and client modes, a third type exists. Transport mode
effectively disables VTP on the switch without completely turning it off. VTP
packets will be sent through a transparent switch but the packets wont be
processed by the transparent switch.
VTP Versions
Difference between VTP versions
VTP version 1:
Supports normal VLAN numbers (1-1001)
Supports pruning of unused VLANs (no longer sends broadcasts and unknown
unicasts
supports cleartext and MD5 digest password
VTP version 2:
Forwards the VTP messages without checking the version number or domain in
transparent mode
Supports Token Ring
Performs consistency check on the VTP / VLAN parameters (from CLI or SNMP)
Pass on Unrecognised TLVs
VTP version 3:
Supports extended VLAN numbers (1-4095)
Transfer information regarding Private VLAN structure
Support for databases other than VLAN (for example MST)
Protection from unintended database overrides during insertion of new switches
Hidden password protection
VTP Configurations
I will be working with Switch1 and Switch2. I will configure port fa0/9 on each
switch as a trunk port, configure VTP for the domain lab.local with a VTP
password of cisco. I will configure Switch2 to be a VTP Client. Finally I will verify
VTP is working with some useful show and debugging commands.
Switch 1
switch1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch1(config)#int fastEthernet 0/9
switch1(config-if)#switchport mode trunk
switch1(config-if)#exit
switch1(config)#vtp domain lab.local
Changing VTP domain name from NULL to lab.local
switch1(config)#vtp password cisco
Setting device VLAN database password to cisco.
switch1(config)#end
Switch2
switch2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch2(config)#interface fastEthernet 0/9
switch2(config-if)#switchport mode trunk
switch2(config-if)#exit
switch2#terminal monitor
switch2#debug sw-vlan vtp events
vtp events debugging is on
switch1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch1(config)#vlan 3
switch1(config-vlan)#name test-vlan
switch1(config-vlan)#end
00:11:10: VTP LOG RUNTIME: Summary packet received, domain = lab.local, rev
= 1, followers = 1
00:11:10: VTP LOG RUNTIME: Summary packet rev 1 greater than domain
lab.local rev 0
00:11:10: VTP LOG RUNTIME: Domain lab.local currently not in updating state
00:11:10: VTP LOG RUNTIME: Subset packet received, domain = lab.local, rev =
1, seq = 1, length = 244
00:11:10: VTP LOG RUNTIME: Transmit vtp summary, domain lab.local, rev 1,
followers 1
MD5 digest calculated = C5 62 5F 4A 7B 07 69 C7 0E CD E9 42 0E 7C AF 5C
switch2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch2(config)#vlan 4
VTP VLAN configuration not allowed when device is in CLIENT mode.
VTP Gotchas
If you configure a default switch as a VTP client but dont configure a VTP domain and then
reload the switch, the switch will come back up in VTP server mode. This could be a problem
if you were to configure a default switch as a client and then shipped it to site with the
intention of the switch inheriting the current VTP domain name once it was connected to the
network. Although the switch will inherit the VTP domain name, it will be in VTP server mode
sw3(config)#^Z
sw3#sh vtp s
VTP Version :2
Configuration Revision :0
MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
sw3#wr
Building configuration
[OK]
sw3#reload
VTP Version :2
Configuration Revision :0
MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
STP Basics
STP Elections
STP Modes
STP Features
Preview
Etherchannels
Switch Stacking and Chassis Aggregation
802.1X
DHCP Snooping
Non-default Native VLAN
Lan Switching Technologies
Routing Technologies
Inter-VLAN Routing
Router on a Stick
Dynamic Routing Protocols
EIGRP for IPv4 Overview
EIGRP for IPv4 Configurations
EIGRP for IPv4 Troubleshooting
EIGRP for IPv6 Configurations
OSPFv2 for IPv4 Overview
OSPFv2 for IPv4 Configurations
OSPFv2 for IPv4 Troubleshooting
OSPFv3 for IPv6 Configurations
Routing Technologies
WAN Technologies
WAN
PPP and MLPPP
PPPoE
GRE Tunnels
eBGP IPv4
WAN Technologies
Infrastructure Services
HSRP
Cloud Resources
QoS
Access-Lists
APIC-EM Path Trace ACL
Infrastructure Services
Infrastructure Maintenance
SNMP
IP SLA
SPAN
AAA with TACACS and RADIUS
Network Programmability
Layer 3 Troubleshooting
Infrastructure Maintenance