© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-2 Outline Overview VTP Configuration 802.1Q Trunking Configuration ISL Trunking Configuration VLAN Creation VLAN Name Modification VLAN Port Assignment VLAN Configuration Verification Adds, Moves, and Changes for VLANs VLAN Troubleshooting Summary

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-3 VTP domain name VTP mode (server, client, or transparent); server mode is default VTP pruning VTP password VTP version Use caution when adding a new switch to an existing domain. Add a new switch in client mode to prevent the new switch from propagating incorrect VLAN information. Reset the VTP revision number to 0, but change the VTP mode to transparent. VTP Configuration Guidelines

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-4 Catalyst 2950 Series wg_sw_2950# configure terminal wg_sw_2950(config)# vtp mode [ server | client | transparent ] wg_sw_2950(config)# vtp domain domain-name wg_sw_2950(config)# vtp password password wg_sw_2950(config)# vtp pruning wg_sw_2950(config)# end Creating a VTP Domain

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-5 VTP Configuration Example Switch(config)# vtp domain ICND Changing VTP domain name to ICND Switch(config)# vtp mode transparent Setting device to VTP TRANSPARENT mode. Switch(config)# end Switch#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 64 Number of existing VLANs : 17 VTP Operating Mode : Transparent VTP Domain Name : ICND VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x7D 0x6E 0x5E 0x3D 0xAF 0xA0 0x2F 0xAA Configuration last modified by at :08:05 Switch#

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3— Q Trunking Issues Make sure that the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link. Make sure that your network is loop-free before disabling STP. Note that native VLAN frames are untagged.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-7 Configuring 802.1Q Trunking wg_sw_a(config-if)# switchport mode trunk Configures the port as a VLAN trunk Note: The Catalyst 2950 series switches support only 802.1Q encapsulation.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-8 Configuring ISL Trunking wg_sw_4000(config)# interface {fastethernet | gigabitethernet} slot/port Select the interface to configure. wg_sw_4000(config-if)# shutdown (Optional) Shut down the interface to prevent traffic flow until configuration is complete. wg_sw_4000(config-if)# switchport trunk encapsulation {isl | dot1q | negotiate} (Optional) Specify the encapsulation. Note: You must enter this command with either the isl or dot1q keyword to support the switchport mode trunk command, which is not supported by the default mode (negotiate). wg_sw_4000(config-if)# switchport mode {dynamic {auto | desirable} | trunk} Configure the interface as a Layer 2 trunk (r equired only if the interface is a Layer 2 access port or to specify the trunking mode).

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-9 Configuring ISL Trunking (Cont.) wg_sw_4000# configure terminal wg_sw_4000(config-if)# interface gigabitEthernet 2/24 wg_sw_4000(config-if)# shutdown wg_sw_4000(config-if)# switchport trunk encapsulation isl wg_sw_4000(config-if)# switchport mode trunk wg_sw_4000(config-if)# no shutdown Note: Not all Catalyst series switches support ISL encapsulation.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-10 VLAN Creation Guidelines The maximum number of VLANs is switch-dependent. Most Catalyst desktop switches support 64 VLANs with a separate spanning tree per VLAN. VLAN 1 is the factory default Ethernet VLAN. CDP and VTP advertisements are sent on VLAN 1. The Catalyst switch IP address is in the management VLAN (VLAN 1 by default). To add or delete VLANs, the switch must be in VTP server or transparent mode.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-11 Adding a VLAN Catalyst 2950 Series Switch# configure terminal Switch(config)# vlan 2 Switch(config-vlan)# name VLAN2

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-12 wg_sw_a(config-vlan)# name vlan-name wg_sw_a# configure terminal wg_sw_a(config)# vlan 2 wg_sw_a(config-vlan)# name switchlab2 Modifying a VLAN Name

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-13 Assigning Switch Ports to a VLAN Catalyst 2950 Series wg_sw_2950(config-if)# switchport access [vlan vlan# | dynamic] wg-sw_2950# configure terminal wg_sw_2950(config)# interface fastethernet 0/2 wg_sw_2950(config-if)# switchport access vlan 2 wg_sw_2950# show vlan VLAN Name Status Ports default active Fa0/1, Fa0/3, Fa0/ vlan2 active Fa0/2

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-14 Verifying the VTP Configuration wg_sw_2950# show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 64 Number of existing VLANs : 17 VTP Operating Mode : Server VTP Domain Name : ICND_lab VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x7D 0x6E 0x5E 0x3D 0xAF 0xA0 0x2F 0xAA Configuration last modified by at :08:05

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-15 Verifying a Trunk wg_sw_2950# show interfaces interface [switchport | trunk] wg_sw_2950# show interfaces fa0/11 switchport Name: Fa0/11 Switchport: Enabled Administrative Mode: trunk Operational Mode: down Administrative Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default)... wg_sw_2950# show interfaces fa0/11 trunk Port Mode Encapsulation Status Native vlan Fa0/11 desirable 802.1q trunking 1 Port Vlans allowed on trunk Fa0/ Port Vlans allowed and active in management domain Fa0/

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-16 Verifying a VLAN Catalyst 2950 Series wg_sw_2950# show vlan id 2 VLAN Name Status Ports switchlab99 active Fa0/2, Fa0/12 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans enet wg_sw_2950# wg_sw_2950# show vlan [brief | id vlan-id || name vlan-name]

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-17 wg_sw_2950# show vlan brief VLAN Name Status Ports default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 2 vlan2 active 3 vlan3 active 4 vlan4 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup VLAN Name Status Ports fddinet-default act/unsup 1005 trnet-default act/unsup wg_sw_2950# show vlan brief Verifying VLAN Membership wg_sw_2950# show interfaces interface switchport

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-18 Verifying STP for a VLAN wg_sw_2950# show spanning-tree [active | detail | vlan vlan-id | summary] wg_sw_2950# show spanning-tree vlan 2 VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 2 Address fc.a840 Cost 31 Port 12 (FastEthernet0/12) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority (priority sys-id-ext 2) Address 0008.a445.9b40 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type Fa0/2 Desg FWD Shr Fa0/12 Root FWD P2p

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-19 Executing Adds, Moves, and Changes for VLANs wg_sw_a(config)# vlan vlan-id wg_sw_a(config-vlan)# Enters the privileged EXEC VLAN configuration mode Writes VLAN adds, moves, and changes to the vlan.dat file wg_sw_a(config-if)# switchport access vlan vlan# Statically assigns a VLAN to a specific port

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-20 Troubleshooting Switched LANs

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-21 Problem: One Device Cannot Communicate with Another Make sure that the IP address, subnet mask, and VLAN membership of the switch interface are correct. If the host is in the same subnet as the switch interface, make sure that the switch interface and the switch port to which the host is connected are assigned to the same VLAN. If the host is in a different subnet, make sure that the default gateway on the switch is configured with the address of a router that is in the same subnet as the switch interface.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-22 Problem: One Device Cannot Communicate with Another (Cont.) If the port is in listening or learning mode, wait until the port is in forwarding mode and try to connect to the host again. Make sure that the speed and duplex settings on the host and the appropriate switch ports are correct. If the connected device is an end station, enable spanning- tree PortFast and disable trunking on the port. Make sure that the switch is learning the MAC address of the host.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-23 Problem: A Device Cannot Establish a Connection Across a Trunk Link Make sure that the trunking mode that is configured on both ends of the link is valid. The trunking mode should be “on” or “desirable” on one end and “on,” “desirable,” or “auto” on the other end. Make sure that the trunk encapsulation type that is configured on both ends of the link is valid. On IEEE 802.1Q trunks, make sure that the native VLAN is the same on both ends of the trunk.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-24 Problem: VTP Not Updating Configuration on Other Switches Make sure that the switches are connected through trunk links. VTP updates are exchanged only over trunk links. Make sure that the VTP domain name is the same on the appropriate switches. VTP updates are exchanged only between switches in the same VTP domain. Check to see if the switch is in VTP transparent mode. Only switches in VTP server or VTP client mode update their VLAN configuration based on VTP updates from other switches. If you are using VTP passwords, you must configure the same password on all switches in the VTP domain.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-25 Summary When creating VLANs, you must decide whether to use VTP in your network. With VTP, you can make configuration changes centrally on one or more switches and have those changes automatically communicated to all the other switches in the same VTP domain. The IEEE 802.1Q protocol carries traffic for multiple VLANs over a single link on a multivendor network. Use the switchport mode interface configuration command to set a Fast Ethernet or Gigabit Ethernet port to trunk mode. The ISL protocol operates in a point-to-point environment to carry traffic for multiple VLANs over a single link. ISL is a Cisco proprietary protocol. On switches that support ISL, such as the Catalyst 4000, use the switchport trunk encapsulation interface configuration command to set a port to encapsulate with ISL.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-26 Summary (Cont.) Catalyst switches have a factory default configuration in which various default VLANs are preconfigured to support various media and protocol types. The vlan global configuration command can be used to create a VLAN. An existing VLAN name or number can be modified using the vlan global configuration command syntax. After creating a VLAN, a port or a number of ports can be statically assigned to that VLAN. A port can belong to only one VLAN at a time. VLAN configurations can be verified using the show commands.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-27 Summary (Cont.) To add, change, or delete VLANs, the switch must be in VTP server or transparent mode. When VLAN changes are made from a switch that is in VTP server mode, the change is automatically propagated to other switches in the same VTP domain. Changes made in VTP transparent mode affect only the local switch and are not propagated within the VTP domain. VLAN changes cannot be made in VTP client mode. Misconfiguration of a VLAN is one of the most common errors in switched networks.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-28