1. © 2003, Cisco Systems, Inc. All rights reserved. 2-1 VLANs

2. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-2 Traditional Campus Networks Collision Domain 1 Collision Domain 2 Broadcast Domain Bridges terminate collision domains

3. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-3 Performance Issues Multicast, broadcast, and unknown destination events become global events Server A ARP I need to know the MAC address for Server A ARP

4. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-4 Broadcast Issues Broadcasts can consume all available bandwidth Each device must decode the broadcast frame Server A

5. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-5 A VLAN = A Broadcast Domain = Logical Network (Subnet) VLAN Overview Layer 2 connectivity Logical organizational flexibility Single broadcast domain Management Basic security

6. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-6 VLAN Operations Switch A Green VLAN Black VLAN Red VLAN Switch B Green VLAN Black VLAN Red VLAN Each logical VLAN is like a separate physical bridge VLANs can span across multiple switches

7. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-7 VLAN Operations Switch A Green VLAN Black VLAN Red VLAN Switch B Green VLAN Black VLAN Red VLAN Trunk Each logical VLAN is like a separate physical bridge VLANs can span across multiple switches Trunks carries traffic for multiple VLANs Fast Ethernet

8. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-8 VLANs plus routing limits broadcasts to the domain of origin. VLANs Establish Broadcast Domains

9. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-9 Solution: Localizing Traffic 10.1.1.010.1.2.0 10.1.3.0 LAN broadcasts terminate at the router interface

10. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-10 Solution: Localizing Traffic (Cont.) VLAN3 VLAN2VLAN1 VLANs contain broadcast traffic and separate traffic flows

11. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-11 VLAN7 VLAN6 VLAN5 Current Campus Networks VLAN3 VLAN2 VLAN1 VLAN10 VLAN9 VLAN8 Layer 3 devices interconnect LAN segments while still containing broadcast domains

12. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-12 Layer 2 End-to-End VLANs Distribution Layer Core Layer Fast or Gigabit Ethernet Wiring Closet Fast Ethernet Workgroup Servers Switched Ethernet Enterprise Servers Inter-VLAN Routing End-to-end VLANs span the switch fabric

13. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-13 Local VLANs generally reside in the wiring closet. Local VLANs

14. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-14 End-to-End or Campus-wide VLANs.

15. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-15 15 Geographic or Local VLANs.

16. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-16 Benefits of Local VLANs in the ECNM Deterministic traffic flow Active redundant paths High availability Finite failure domain Scalable design

17. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-17 Scalable Network Addressing Allocate IP address spaces in contiguous blocks. Allocate one IP subnet per VLAN. IT, Human Resources Sales, MarketingFinance, Accounting

18. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-18 Configuring VLANs in Global Mode Switch#configure terminal Switch(config)#vlan 3 Switch(config-vlan)#name Vlan3 Switch(config-vlan)#exit Switch(config)#end

19. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-19 Configuring VLANs in VLAN Database Mode Switch#vlan database Switch(vlan)#vlan 3 VLAN 3 added: Name: VLAN0003 Switch(vlan)#exit APPLY completed. Exiting....

20. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-20 Deleting VLANs in Global Mode Switch#configure terminal Switch(config)#no vlan 3 Switch(config)#end

21. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-21 Deleting VLANs in VLAN Database Mode Switch#vlan database Switch(vlan)#no vlan 3 VLAN 3 deleted: Name: VLAN0003 Switch(vlan)#exit APPLY completed. Exiting....

22. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-22 Assigning Access Ports to a VLAN Switch(config)#interface gigabitethernet 1/1 Enters interface configuration mode Switch(config-if)#switchport mode access Configures the interface as an access port Switch(config-if)#switchport access vlan 3 Assigns the access port to a VLAN

23. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-23 Verifying the VLAN Configuration Switch#show vlan [id | name] [vlan_num | vlan_name] VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/7 Fa0/8, Fa0/9, Fa0/11, Fa0/12 Gi0/1, Gi0/2 2 VLAN0002 active 51 VLAN0051 active 52 VLAN0052 active … VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 1002 1003 2 enet 100002 1500 - - - - - 0 0 51 enet 100051 1500 - - - - - 0 0 52 enet 100052 1500 - - - - - 0 0 … Remote SPAN VLANs ------------------------------------------------------------------------------ Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------

24. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-24 Verifying the VLAN Port Configuration Switch#show running-config interface {fastethernet | gigabitethernet} slot/port Displays the running configuration of the interface Switch#show interfaces [{fastethernet | gigabitethernet} slot/port] switchport Displays the switch port configuration of the interface Switch#show mac-address-table interface interface-id [vlan vlan-id] [ | {begin | exclude | include} expression] Displays the MAC address table information for the specified interface in the specified VLAN

25. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-25 Troubleshooting VLANs

26. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-26 Summary A VLAN is a logical grouping of switch ports connecting nodes of virtually any type with no regard to physical location. An end-to-end VLAN spans the entire switched network, while a local VLAN is restricted to a single switch. Static VLANs involve switch ports that you manually assign to a particular VLAN. You can configure VLANs using Cisco IOS commands in VLAN configuration mode. Once a VLAN has been defined, you can assign switch ports to it. You use show commands to confirm that a VLAN and its associated ports have been configured correctly. To troubleshoot VLANs, you should check the physical connections, switch configuration, and VLAN configuration.

27. © 2003, Cisco Systems, Inc. All rights reserved. 2-27 Case Study

28. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-28 Topology for this presentation Basic Switch Configuration Configure VLANs Configure Trunking Configure VTP

29. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-29 Topology for this presentation Basic Switch Configuration Configure VLANs Configure Trunking Configure VTP

30. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-30 Follow along with Packet Tracer Download: PT-Topology-VLANs.pkt

31. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-31 Clearing switches Switch# delete vlan.dat Delete filename [vlan.dat]? Delete flash:vlan.dat? [confirm] Switch# Switch# erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete Switch#

32. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-32 Configure Hostname and VLAN 1 Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# hostname DLS1 DLS1(config)# interface vlan 1 DLS1(config-if)# ip address 10.1.1.101 255.255.255.0 DLS1(config-if)# no shutdown DLS1(config)# end DLS1# Configure hostname Configure VLAN 1  Default: Management VLAN is VLAN 1  Allows us to communicate with the switch over the network (ping, telnet if priviledge and vty passwords configured) Configure DLS1, DLS2, ALS1 and ALS2 switches on Packet Tracer  Hostname  VLAN 1

33. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-33 Configurations for other three switches

34. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-34 Our Topology Redundancy between switches By default, are all links forwarding (active)? Why or why not? No, Spanning Tree Protocol Later we will examine how to make use of these blocked links either with PVST or Etherchannel. How can we determine which links are forwarding and which are blocked? ? Note: We will configure 802.1Q between DLS1 and DLS2.

35. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-35 Spanning Tree Protocol (More later!)

36. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-36 Spanning Tree Protocol

37. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-37 Spanning Tree Protocol

38. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-38 What does this mean? (All host on same subnet.) Host B pings Host DHost C pings Host A

39. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-39 Do show vlan on ALS1 Notice default VLAN numbers, names, types. Ports configured to trunk mode will not appear in any of the VLANs. Are there any ports trunking?  No – All ports are in VLAN 1 by default

40. © 2003, Cisco Systems, Inc. All rights reserved. 2-40 Implementing VLAN Trunks

41. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-41 Maintaining Specific VLAN Identification What is a VLAN trunk?  Trunks carry traffic for multiple VLANs across the same physical link. Places a unique identifier in each frame Functions at Layer 2

42. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-42 Comparing ISL and 802.1Q ISL802.1Q ProprietaryNonproprietary EncapsulatedTagged Protocol independentProtocol dependent Encapsulates the old frame in a new frame Adds a field to the frame header ISL (Inter-Switch Link) is no longer supported by Cisco, opting for 802.1 Q. Note: Not all switches support both protocols.

43. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-43 Trunking with ISL Is a Cisco proprietary protocol Supports PVST Uses an encapsulation process Does not modify the original frame

44. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-44 Trunking with 802.1Q An IEEE standard Adds a 4-byte tag to the original frame Additional tag includes a priority field Does not tag frames that belong to the native VLAN Supports Cisco IP telephony

45. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-45 802.1Q Native VLAN Native VLAN frames are carried over the trunk link untagged.

46. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-46 VLAN Ranges and Mappings VLAN Range Range Usage Reserved For system use only 0, 4095 Normal Cisco default 1 1 Normal For Ethernet VLANs 2-1001 Normal Cisco defaults for FDDI and Token Ring 1002-1005 Extended For Ethernet VLANs only 1025-4094

47. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-47 Trunking Configuration Commands Configuring a Trunk switchport trunk switchport mode switchport nonegotiate Trunks can be configured statically or via DTP. DTP provides the ability to negotiate the trunking method.

48. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-48 Switch Ports and Trunk Ports Function switchport mode trunk Trunk port switchport mode trunk Trunk port switchport mode dynamic Dynamic port switchport mode dynamic Dynamic port Sets the switch port to dynamically negotiate the status (access or trunk) Sets the switch port to unconditionally become a trunk port switchport mode access Access port switchport mode access Access port Sets the switch port to unconditionally be an access port Command

49. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-49 Switch Port DTP Modes Function trunk dynamic auto dynamic desirable Sets the switch port to actively send and respond to DTP negotiation frames. Default for Ethernet access Sets the switch port to unconditional trunking mode and negotiates to become a trunk link, regardless of neighbor interface mode Unconditionally sets a switch port to access mode, regardless of other DTP functions Sets the switch port to respond but not to actively send DTP negotiation frames nonegotiate Specifies that DTP negotiation packets are not sent on the Layer 2 interface Mode

50. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-50 Switchport Mode Interactions Dynamic Auto Dynamic Desirable TrunkAccess Dynamic Auto AccessTrunk Access Dynamic Desirable Trunk Access Trunk Not recommended Access Not recommended Access Note: Table assumes DTP is enabled at both ends.

51. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-51 How to Configure Trunking 1.Enter interface configuration mode. 2.Shut down interface. 3.Select the encapsulation (802.1Q or ISL). 4.Configure the interface as a Layer 2 trunk. 5.Specify the trunking native VLAN (for 802.1Q). 6.Configure the allowable VLANs for this trunk. 7.Use the no shutdown command on the interface to activate the trunking process. 8.Verify the trunk configuration.

52. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-52 802.1Q Trunk Configuration Switch(config)#interface fastethernet 5/8 Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport trunk allowed vlan 1,5,11,1002-1005 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk native vlan 99 Switch(config-if)#switchport nonegotiate Switch(config-if)#no shutdown

53. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-53 Verifying the 802.1Q Configuration Switch#show running-config interface {fastethernet | gigabitethernet} slot/port Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ] Switch#show interfaces fastEthernet 5/8 switchport Name: fa5/8 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Off Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 99 (trunk_only) Trunking VLANs Enabled: 1,5,11,1002-1005 Pruning VLANs Enabled: 2-1001...

54. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-54 Verifying a 802.1Q Dynamic Trunk Link Switch#show running-config interface fastethernet 5/8 Building configuration... Current configuration: ! interface FastEthernet5/8 switchport mode dynamic desirable switchport trunk encapsulation dot1q Switch#show interfaces fastethernet 5/8 trunk Port Mode Encapsulation Status Native vlan Fa5/8 desirable 802.1q trunking 99 Port Vlans allowed on trunk Fa5/8 1,5,11,1002-1005 Port Vlans allowed and active in management domain Fa5/8 1,5,1002-1005 Port Vlans in spanning tree forwarding state and not pruned Fa5/8 1,5,1002-1005

55. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-55 ISL Trunk Configuration Switch(config)#interface fastethernet 2/1 Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation isl Switch(config-if)#switchport trunk allowed vlan 1-5,1002-1005 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport nonegotiate Switch(config-if)#no shutdown

56. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-56 Verifying ISL Trunking Switch#show running-config interface {fastethernet | gigabitethernet} slot/port Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ] Switch#show interfaces fastethernet 2/1 trunk Port Mode Encapsulation Status Native VLAN Fa2/1 trunk isl trunking 99 Port VLANs allowed on trunk Fa2/1 1-5,1002-1005 Port VLANs allowed and active in management domain Fa2/1 1-2,1002-1005 Port VLANs in spanning tree forwarding state and not pruned Fa2/1 1-2,1002-1005

57. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-57 Problem: A Device Cannot Establish a Connection Across a Trunk Link Make sure: The Layer 2 interface mode configured on both ends of the link is valid. The trunk encapsulation type configured on both ends of the link is valid. The native VLAN is the same on both ends of the trunk (802.1Q trunks).

58. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-58 Summary Trunk links carry traffic from multiple VLANs. ISL is Cisco proprietary and encapsulates the Layer 2 frames. 802.1Q is an IEEE standard for trunking, which implements a 4-byte tag. The 802.1Q native VLANs forward frames without the tag. VLAN numbers have specific ranges and purposes. Various commands are used to configure and verify ISL and 802.1Q trunk links. Allow only required VLANs over the trunk.

59. © 2003, Cisco Systems, Inc. All rights reserved. 2-59 Implementing VLAN Trunk Protocol © 2003, Cisco Systems, Inc. All rights reserved. BCMSN 2.0—2-59

60. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-60 VTP (VLAN Trunking Protocol) Configuring VLANs without VTP.

61. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-61 VTP (VLAN Trunking Protocol) VLAN Trunk Protocol (VTP) reduces administration in a switched network. VLAN information can be configured on a VTP server, which is then distributed through all switches in the domain. Do not have to configure on each switch individually. Cisco-proprietary http://www.cisco.com/warp/public/473/vtp_flash/ VTP Message

62. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-62 Advertises VLAN configuration information Maintains VLAN configuration consistency throughout a common administrative domain Sends advertisements on trunk ports only VTP Protocol Features

63. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-63 Cannot create, change, or delete VLANs Forwards advertisements Synchronizes VLAN configurations Does not save in NVRAM Creates, modifies, and deletes VLANs Sends and forwards advertisements Synchronizes VLAN configurations Saves configuration in NVRAM Creates, modifies, and deletes VLANs locally only Forwards advertisements Does not synchronize VLAN configurations Saves configuration in NVRAM VTP Modes

64. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-64 VTP Operation VTP advertisements are sent as multicast frames. VTP servers and clients are synchronized to the latest revision number. VTP advertisements are sent every 5 minutes or when there is a change.

65. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-65 Increases available bandwidth by reducing unnecessary flooded traffic Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN. VTP Pruning

66. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-66 VTP Versions All switches in a management domain must run the same version.

67. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-67 Adding a Switch to an Existing VTP Domain Ensure a new switch has VTP revision 0 before adding it to a network.

68. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-68 VTP Configuration Guidelines Configure the following: –VTP domain name –VTP mode (server mode is the default) –VTP pruning –VTP password –VTP trap Use caution when adding a new switch into an existing domain. Add a new switch in client mode to prevent the new switch from propagating incorrect VLAN information.

69. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-69 Configuring a VTP Server Switch(config)#vtp server Configures VTP server mode Switch(config)#vtp domain domain-name Specifies a domain name Switch(config)#vtp password password Sets a VTP password Switch(config)#vtp pruning Enables VTP pruning in the domain

70. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-70 Configuring a VTP Server (Cont.) Switch#configure terminal Switch(config)#vtp server Setting device to VTP SERVER mode. Switch(config)#vtp domain Lab_Network Setting VTP domain name to Lab_Network Switch(config)#end

71. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-71 Verifying the VTP Configuration Switch#show vtp status VTP Version : 2 Configuration Revision : 247 Maximum VLANs supported locally : 1005 Number of existing VLANs : 33 VTP Operating Mode : Client VTP Domain Name : Lab_Network VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80 Configuration last modified by 0.0.0.0 at 8-12-99 15:04:49 Switch#

72. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-72 Verifying the VTP Configuration (Cont.) Switch#show vtp counters VTP statistics: Summary advertisements received : 7 Subset advertisements received : 5 Request advertisements received : 0 Summary advertisements transmitted : 997 Subset advertisements transmitted : 13 Request advertisements transmitted : 3 Number of config revision errors : 0 Number of config digest errors : 0 Number of V1 summary errors : 0 VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------- ---------------- ---------------- --------------------------- Fa5/8 43071 42766 5

73. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-73 Problem: VTP Not Updating Configuration on Other Switches Make sure switches are connected through trunk links. Make sure the VTP domain name is the same on the appropriate switches. Check that the switch is not in VTP transparent mode. Verify the same password used on all switches in the VTP domain.

74. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-74 Summary VTP is used to distribute and synchronize information about VLANs configured throughout a switched network. If you use VTP in your network, you must decide whether to use VTP version 1 or version 2. Verify the supervisor support for VTP before making your decision. When a network device is in VTP server mode, you can change the VLAN configuration and have it propagate throughout the network. Use show commands to verify the VTP configuration. Problems with VTP configuration can frequently be traced to improperly configured trunk links, domain names, VTP modes, or passwords.

75. © 2003, Cisco Systems, Inc. All rights reserved. 2-75 Case Study

76. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-76 Configure the VTP domain name on DLS1 DLS1(config)# vtp domain SWLAB Changing VTP domain name from NULL to SWLAB Will the other switches receive the domain name in a VTP update?  We will see in a moment.  Hint: Switches transmit VTP messages only over 802.1Q and ISL trunks. Domain is case sensitive.

77. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-77 Do show vtp status on DLS1 How many VLANs does a 3560 switch support?  1005 VLANs (Model and IOS dependent) How many built-in VLANs are there? 55

78. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-78 Same show vtp status on DLS1

79. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-79 Do show vtp status on ALS1 ALS1# show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 255 Number of existing VLANs : 5 VTP Operating Mode : Server VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x7D 0x5A 0xA6 0x0E 0x9A 0x72 0xA0 0x3A Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater ID is 10.1.1.103 on interface Vl1 (lowest numbered VLAN interface found)# How many VLANs does a 2960 switch support?

80. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-80 Configure DLS1 as a VTP Server and ALS1 as a VTP Client Configure other two switches  Configure DLS2 switch as a VTP Server  Configure ALS2 switch as a VTP Clients Verify VTP Mode

81. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-81 VTP Server and Clients Why do these switches not have the VTP domain name configured on DLS1?

82. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-82 Non-trunking by default Ports on the 2960 and 3560 are set to dynamic auto by default.  Does not try to negotiate a trunk unless one side is configured with command. This results in the interface being in access mode (non-trunking)

83. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-83 DTP (Dynamic Trunking Protocol) and Switchport Mode Interactions Dynamic Auto Dynamic Desirable TrunkAccess Dynamic AutoAccessTrunk Access Dynamic Desirable Trunk Access Trunk Not recommended Access Not recommended Access

84. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-84 84 Non-trunking by default 2960 and 3560 switches do not try to negotiate a trunk unless the other side is configured with switchport mode trunk command.

85. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-85 Non-trunking by default Even though trunking is not yet configured between the switches, can the hosts ping each other? Try it!  Yes, as long as the hosts are on the same subnet they will be able to ping each other without trunking. (Host A and Host B)  This is because all ports are on VLAN 1.  Like a switched network with no vlans. So why do we establish VLANs?  To segment broadcast domains. Why do we need trunks?  To carry traffic for multiple VLANs.

86. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-86 Without VLANS what does this mean? ARP Request from Host A to Host B. Which hosts will see it?  Only Host B is on the same subnet as Host A, but the entire network (all hosts) will receive the broadcast. Why are not all of the links used?  Spanning Tree Protocol is keeping the network loop free.

87. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-87 With VLANS what does this mean? ARP Request from Host A to Host B. Which hosts will see it?  Only Host B is on the same VLAN as Host A, so other hosts will not receive the broadcast.  With VTP pruning broadcasts (dashed lines) within their VLAN will be kept within their VLAN. XX

88. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-88 Configure DLS1 for Trunking ALS1(config)# interface range fastethernet 0/11 - 12 ALS1(config-if-range)# switchport mode trunk ALS1(config-if-range)# What will this do to these two links? Does ALS2 need to be configured as a trunk?

89. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-89 89 ALS1(config)# interface range fastethernet 0/11 - 12 ALS1(config-if-range)# switchport mode trunk Trunking! We will verify this on ALS1 in a moment. Default

90. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-90

91. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-91

92. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-92 ALS2 – Default Dynamic Auto What is the DTP setting on ALS2? (This did not change.) Is this the default on a 3560 switch?Yes Dynamic AutoTrunk Notice it is now trunking because the other end is set to trunk.

93. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-93 ALS2 – Default Dynamic Auto Verifying trunks on ALS2 Dynamic AutoTrunk

94. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-94 Switches that support both ISL and 802.1Q What happens when we use the switchport mode trunk command without specifying the encapsulation on switches that support both protocols?  On switches that support multiple trunking encapsulations (802.1Q and ISL), you must first configure the trunking encapsulation before setting the interface to trunk mode.  The switchport trunk encapsulation command must be configured before the switchport mode trunk.

95. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-95 Configure the rest of the trunk links What about the VTP domain names on DLS1 and DLS2?  No other trunk links configured so DLS1 and DLS2 still have no VTP domain name. Trunking only configured between ALS1 and ALS2. Configure the rest if the trunk links as shown in the topology. Packet Tracer only supports 802.1Q trunks, not ISL.

96. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-96 Configure the VLAN on the access port for ALS1 ALS1(config)# inter fa 0/6 ALS1(config-if)# switchport mode ? access Set trunking mode to ACCESS unconditionally dynamic Set trunking mode to dynamically negotiate access or trunk mode trunk Set trunking mode to TRUNK unconditionally ALS1(config-if)# switchport mode access With a single host attached will we ever need trunking on this port?  No, so we configure it for access mode, permanent non-trunking. (We will discuss Voice VLANs later.) Configure access ports on other three switches (DLS1, DLS2, ALS2).

97. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-97 Homework #1 ดาวน์โหลดไฟล์ PT-Topology-VLANs-Part1.pkt ให้ Host A และ B อยู่ใน VLAN 120 ให้ Host C อยู่ใน VLAN 100 และ Host D อยู่ใน VLAN 110 ให้ตั้งชื่อ VLAN เป็นอะไรก็ได้ที่แตกต่างกันในแต่ละ VLAN ให้ใช้ Protocol 802.1q ทั้งหมด ให้ DLS1 เป็น VTP Server และ DLS2 เป็น VTP Server โดยตั้งเป็นคนละ Domain โดยให้ ALS1 และ ALS2 เป็น VTP Client ของ DLS2 (Domain ตั้งเป็น อะไรก็ได้ ) ให้ Config Trunk Link และ Access Port ให้ Capture Screen ที่แสดงผลของการ Config โดย ต้องแสดงให้เห็นว่า Port ใดที่เป็น Trunk และ Port ใด ที่เป็น Access ( เช่น Capture จากคำสั่ง show interface) ให้แสดงให้เห็นการ Config VTP และแสดงว่า VTP Domain ที่สร้างที่ DLS2 ได้ Propagate มาที่ SW อื่นๆ ให้แสดงให้เห็นว่ามีการสร้าง VLAN ตามที่กำหนด ทำเอกสารเป็น PDF และส่งไฟล์มาที่ khthana@hotmail.com

98. © 2003, Cisco Systems, Inc. All rights reserved. 2-98 Correcting Common VLAN Configuration Errors

99. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-99 Issues with 802.1Q Native VLAN Native VLAN frames are carried over the trunk link untagged. A native VLAN mismatch will merge traffic between VLANs.

100. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-100 802.1Q Native VLAN Considerations Native VLAN must match at ends of trunk; otherwise, frames will “leak” from one VLAN to another. By default, the native VLAN will be VLAN1. –Avoid using VLAN1 for management purposes. Eliminate native VLANs from 802.1Q trunks by making the native VLAN an “unused” VLAN.

101. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-101 Explaining Trunk Link Problems Trunks can be configured statically or autonegotiated with DTP. For trunking to be autonegotiated, the switches must be in the same VTP domain. Some trunk configuration combinations will successfully configure a trunk, some will not. Will any of the above combinations result in an operational trunk?

102. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-102 Resolving Trunk Link Problems When using DTP, ensure that both ends of the link are in the same VTP domain. Ensure that the trunk encapsulation type configured on both ends of the link is valid. On links where trunking is not required, DTP should be turned off. Best practice is to configure trunk and nonegotiate where trunks are required.

103. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-103 Common Problems with VTP Configuration Updates not received as expected –VTP domain and password must match. Missing VLANs –Configuration has been overwritten by another VTP device. Too many VLANs –Consider making VTP domain smaller.

104. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-104 Example of New Switch Overwriting an Existing VTP Domain VTP Version : 2 Configuration Revision : 1 Maximum VLANs supported locally : 1005 Number of existing VLANs : 6 VTP Operating Mode : Server VTP Domain Name : building1 VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 1005 Number of existing VLANs : 7 VTP Operating Mode : Client VTP Domain Name : building1 New switch not connected

105. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-105 Example of New Switch Overwriting an Existing VTP Domain (Cont.) VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 1005 Number of existing VLANs : 7 VTP Operating Mode : Server VTP Domain Name : building1 VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 1005 Number of existing VLANs : 7 VTP Operating Mode : Client VTP Domain Name : building1 New switch connected

106. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-106 Implementing VTP in the ECNM Plan VTP domain boundaries. Have only one or two VTP servers. Configure a VTP password. Manually configure the VTP domain name on all devices. When setting up a new domain: –Configure VTP client switches first so that they participate passively. When cleaning up an existing VTP domain: –Configure passwords on servers first because clients may need to maintain current VLAN information until the server is verified as complete.

107. © 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-107 Summary 802.1Q native VLAN can cause security issues. Configure the native VLAN to be an “unused” VLAN. Some trunk link configuration combinations can result in problems on the link. Best practice is to configure trunks statically rather than with DTP. Misconfiguration of VTP can give unexpected results. Make only one or two VTP servers; keep the remainder as clients.