Configuracion VTP II

C H A P TER
13
Configuring VTP and Virtual LANs

This chapter describes how to configure VLAN Trunk Protocol (VTP) and virtual LANs (VLANs).
Note For complete syntax and usage information for the commands used in this chapter, refer to
the Catalyst 5000 Series Command Reference publication.
This chapter consists of these sections:
Using VTP on page 13-1

Using VLANs on page 13-12
Using VTP
These sections describe how to use VTP with the Catalyst 5000 series switches:
Understanding How VTP Works on page 13-1

VTP Default Configuration on page 13-5
VTP Configuration Guidelines on page 13-6
Configuring VTP on page 13-6
Understanding How VTP Works

Before you create VLANs, you must decide whether to use VTP in your network. With VTP, you
can make configuration changes centrally on a single Catalyst 5000 series switch and have those
changes automatically communicated to all the other switches in the network.
VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing
the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes
misconfigurations and configuration inconsistencies that can result in a number of problems, such as
duplicate VLAN names, incorrect VLAN-type specifications, and security violations.
Configuring VTP and Virtual LANs 13-1
Using VTP
These sections describe how VTP works on the Catalyst 5000 series switches:
Understanding the VTP Domain on page 13-2

Understanding VTP Modes on page 13-2
Understanding VTP Advertisements on page 13-3
Understanding VTP Version 2 on page 13-3
Understanding VTP Pruning on page 13-4
Understanding the VTP Domain

A VTP domain (also called a VLAN management domain) is made up of one or more interconnected
switches that share the same VTP domain name. A switch can be configured to be in one and only
one VTP domain. You make global VLAN configuration changes for the domain using either the
command-line interface (CLI) or Simple Network Management Protocol (SNMP).
By default, the Catalyst 5000 series switch is in VTP server mode and is in the no-management
domain state until the switch receives an advertisement for a domain over a trunk link or you
configure a management domain. You cannot create or modify VLANs on a VTP server until the
management domain name is specified or learned.
If the switch receives a VTP advertisement over a trunk link, it inherits the management domain
name and configuration revision number. The switch ignores advertisements with a different
management domain name or an earlier configuration revision number.
If you configure the switch as VTP transparent, you can create and modify VLANs but the changes
affect only the individual switch.
When you make a change to the VLAN configuration on a VTP server, the change is propagated to
all switches in the VTP domain. VTP advertisements are transmitted out all trunk connections,
including Inter-Switch Link (ISL), IEEE 802.1Q, IEEE 802.10, and ATM LAN Emulation (LANE).
VTP maps VLANs dynamically across multiple LAN types with unique names and internal index
associations. Mapping eliminates excessive device administration required from network
administrators.
Understanding VTP Modes

You can configure a Catalyst 5000 series switch to operate in any one of these VTP modes:
13-2
ServerIn VTP server mode, you can create, modify, and delete VLANs and specify other
configuration parameters (such as VTP version and VTP pruning) for the entire VTP domain.
VTP servers advertise their VLAN configuration to other switches in the same VTP domain and
synchronize their VLAN configuration with other switches based on advertisements received
over trunk links. VTP server is the default mode.
ClientVTP clients behave the same way as VTP servers, but you cannot create, change, or
delete VLANs on a VTP client.
TransparentVTP transparent switches do not participate in VTP. A VTP transparent switch

does not advertise its VLAN configuration and does not synchronize its VLAN configuration
based on received advertisements. However, in VTP version 2, transparent switches do forward
VTP advertisements that they receive out their trunk ports.
Catalyst 5000 Series Software Configuration Guide
Understanding How VTP Works
Understanding VTP Advertisements

Each Catalyst 5000 series switch in the VTP domain sends periodic advertisements out each trunk
port to a reserved multicast address. VTP advertisements are received by neighboring switches,
which update their VTP and VLAN configurations as necessary.
The following global configuration information is distributed in VTP advertisements:
VLAN IDs (ISL and 802.1Q)

Emulated LAN names (for ATM LANE)
802.10 SAID values (FDDI)
VTP domain name
VTP configuration revision number
VLAN configuration, including maximum transmission unit (MTU) size for each VLAN
Frame format
Understanding VTP Version 2

If you use VTP in your network, you must decide whether to use VTP version 1 or version 2. VTP
version 1 is supported in Catalyst 5000 series supervisor engine software release 2.1 or later and
ATM software release 3.1 or later. VTP version 2 is supported in Catalyst 5000 series software
release 3.1(1) and later.
Note If you are using VTP in a Token Ring environment, you must use version 2.
VTP version 2 supports the following features not supported in version 1:
Token Ring supportVTP version 2 supports Token Ring LAN switching and VLANs (Token
Ring Bridge Relay Function [TrBRF] and Token Ring Concentrator Relay Function [TrCRF]).
For more information about Token Ring VLANs, refer to the Understanding How VLANs
Work section on page 13-12.
Unrecognized Type-Length-Value (TLV) SupportA VTP server or client propagates

configuration changes to its other trunks, even for TLVs it is not able to parse. The unrecognized
TLV is saved in nonvolatile RAM (NVRAM).
Version-Dependent Transparent ModeIn VTP version 1, a VTP transparent switch inspects

VTP messages for the domain name and version, and forwards a message only if the version and
domain name match. Since only one domain is supported in the Catalyst 5000 series software,
VTP version 2 forwards VTP messages in transparent mode, without checking the version.
Consistency ChecksIn VTP version 2, VLAN consistency checks (such as VLAN names and
values) are performed only when you enter new information through the CLI or SNMP.
Consistency checks are not performed when new information is obtained from a VTP message,
or when information is read from NVRAM. If the digest on a received VTP message is correct,
its information is accepted without consistency checks.
Using VTP
Understanding VTP Pruning

VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as
broadcast, multicast, unknown, and flooded unicast packets. VTP pruning increases available
bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the
appropriate network devices. By default, VTP pruning is disabled.
Make sure that all devices in the management domain support VTP pruning before enabling it. VTP
pruning is supported in Catalyst 5000 series software release 2.3 and later.
Figure 13-1 shows a switched network without VTP pruning enabled. Port 1 on Switch 1 and port 2
on Switch 4 are assigned to the Red VLAN. A broadcast is sent from the host connected to Switch 1.
Switch 1 floods the broadcast and every switch in the network receives it, even though Switches 3,
5, and 6 have no ports in the Red VLAN.
Figure 13-1
Flooding Traffic without VTP Pruning

Catalyst series
Switch 4
Port 2
Catalyst series
Switch 5
Catalyst series
Switch 2
Red
VLAN
Catalyst series
Switch 6
Catalyst series
Switch 3
Catalyst series
Switch 1
S5812
Port 1
Figure 13-2 shows the same switched network with VTP pruning enabled. The broadcast traffic from
Switch 1 is not forwarded to Switches 3, 5, and 6 because traffic for the Red VLAN has been pruned
on the links indicated (port 5 on Switch 2 and port 4 on Switch 4).
13-4
VTP Default Configuration
Figure 13-2
Flooding Traffic with VTP Pruning

Switch 4
Port 2
Flooded traffic
is pruned.
Port
4
Catalyst 2900 XL or
Catalyst 3500 XL
Switch 2
Red
VLAN
Switch 5
Port
5
Switch 6
Switch 3
Switch 1
S5813
Port 1
Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP
pruning takes effect several seconds after you enable it. By default, VLANs 2 through 1000 are
pruning-eligible. VTP pruning does not prune traffic from VLANs that are pruning-ineligible.
VLAN 1 is always pruning-ineligible; traffic from VLAN 1 cannot be pruned.
To make a VLAN pruning ineligible, enter the clear vtp pruneeligible command. To make a VLAN
pruning eligible again, enter the set vtp pruneeligible command. You can set VLAN
pruning-eligibility regardless of whether VTP pruning is enabled or disabled for the domain.
Pruning eligibility always applies to the local device only, not for the entire VTP domain.

Table 13-1 shows the default VTP configuration.
Table 13-1
Feature
Default Value
VTP domain name
Null
VTP mode
Server
VTP version 2 enable state
Version 2 is disabled
VTP password
None
VTP pruning
Disabled
Using VTP
VTP Configuration Guidelines

Follow these guidelines when implementing VTP in your network:
All switches in a VTP domain must run the same VTP version.
You must configure a password on each Catalyst 5000 series switch in the management domain
when in secure mode.
Caution If you configure VTP in secure mode, the management domain will not function
properly if you do not assign a management domain password to each Catalyst 5000 series switch
in the domain.
A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTP
version 1 provided VTP version 2 is disabled on the VTP version 2-capable switch (VTP
version 2 is disabled by default).
Do not enable VTP version 2 on a switch unless all of the switches in the same VTP domain are
version 2-capable. When you enable VTP version 2 on a switch, all of the version 2-capable
switches in the domain enable VTP version 2.
In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN switching
to function properly.
Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for the
entire management domain.
Making VLANs pruning-eligible or pruning-ineligible on a switch affects pruning-eligibility for

those VLANs on that device only (not on all switches in the VTP domain).
Configuring VTP
These sections describe how to configure VTP on the Catalyst 5000 series switches:
13-6
Configuring a VTP Server on page 13-7

Configuring a VTP Client on page 13-7
Disabling VTP on page 13-8
Enabling VTP Version 2 on page 13-9
Disabling VTP Version 2 on page 13-9
Configuring VTP Pruning on page 13-10
Disabling VTP Pruning on page 13-11
Monitoring VTP on page 13-11
Configuring VTP
Configuring a VTP Server

When a switch is in VTP server mode, you can change the VLAN configuration and have it
propagate throughout the network.
To configure the switch as a VTP server, perform this task in privileged mode:
Task
Command
Step 1
Define the VTP domain name.
set vtp domain name
Step 2
Place the switch in VTP server

mode.
set vtp mode server
Step 3
(Optional) Set a password for the

VTP domain.
set vtp passwd passwd
Step 4
Verify the VTP configuration.
show vtp domain
This example shows how to configure the switch as a VTP server and verify the configuration:
Console> (enable) set vtp domain Lab_Network
VTP domain Lab_Network modified
Console> (enable) set vtp mode server
Console> (enable) show vtp domain
Domain Name
Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ---------Lab_Network
1
2
server
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- ------------10
1023
40
enabled
Last Updater
V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- ------------------------172.20.52.70
disabled disabled 2-1000
Console> (enable)
Configuring a VTP Client

When a switch is in VTP client mode, you cannot change the VLAN configuration on the switch.
The client switch receives VTP updates from a VTP server in the management domain and modifies
its configuration accordingly.
To configure the switch as a VTP client, perform this task in privileged mode:
Task
Command
Step 1
Define the VTP domain name.
set vtp domain name
Step 2
Place the switch in VTP client

mode.
set vtp mode client
Step 3
show vtp domain
Using VTP
This example shows how to configure the switch as a VTP client and verify the configuration:
Console> (enable) set vtp domain Lab_Network
Console> (enable) set vtp mode client
Domain Name
-------------------------------- ------------ ----------- ----------- ---------Lab_Network
1
2
client
---------- ---------------- --------------- ------------10
1023
40
enabled
Last Updater
--------------- -------- -------- ------------------------172.20.52.70
Console> (enable)
Disabling VTP
When you configure the switch as VTP transparent, you disable VTP on the switch. A VTP
transparent switch does not send VTP updates and does not act on VTP updates received from other
switches. However, a VTP transparent switch running VTP version 2 does forward received VTP
advertisements out all of its trunk links.
To disable VTP on the switch, perform this task in privileged mode:
Task
Command
Step 1
Place the switch in VTP

transparent mode (disabling VTP
on the switch).
set vtp mode transparent
Step 2
show vtp domain
This example shows how to configure the switch as VTP transparent and verify the configuration:
Console> (enable) set vtp mode transparent
VTP domain Lab_Net modified
Domain Name
-------------------------------- ------------ ----------- ----------- ---------Lab_Net
1
2
Transparent Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- ------------10
1023
0
enabled
Last Updater
--------------- -------- -------- ------------------------172.20.52.70
Console> (enable)
13-8
Configuring VTP
Enabling VTP Version 2

VTP version 2 is disabled by default on VTP version 2-capable switches. When you enable VTP
version 2 on a switch, every VTP version 2-capable switch in the VTP domain will enable version 2
as well.
Caution VTP version 1 and VTP version 2 are not interoperable on switches in the same VTP
domain. Every switch in the VTP domain must use the same VTP version. Do not enable VTP
version 2 unless every switch in the VTP domain supports version 2.
Note In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN
switching to function properly.
To enable VTP version 2, perform this task in privileged mode:

Task
Command
Step 1
Enable VTP version 2 on the switch.
set vtp v2 enable
Step 2
Verify that VTP version 2 is enabled.
show vtp domain
This example shows how to enable VTP version 2 and verify the configuration (shown by the arrow):
Console> (enable) set vtp v2 enable
This command will enable the version 2 function in the entire management domain.
All devices in the management domain should be version2-capable before enabling.
Do you want to continue (y/n) [n]? y
Domain Name
-------------------------------- ------------ ----------- ----------- ---------Lab_Net
1
2
server
---------- ---------------- --------------- ------------10
1023
1
enabled
Last Updater
--------------- -------- -------- ------------------------172.20.52.70
enabled disabled 2-1000
Console> (enable)
Disabling VTP Version 2

To disable VTP version 2, perform this task in privileged mode:
Task
Command
Step 1
Disable VTP version 2.
set vtp v2 disable
Step 2
Verify that VTP version 2 is

disabled.
show vtp domain
Using VTP
This example shows how to disable VTP version 2:

Console> (enable) set vtp v2 disable
This command will disable the version 2 function in the entire management domain.
Warning: trbrf & trcrf vlans will not work properly in this mode.
Console> (enable)
Configuring VTP Pruning

To configure VTP pruning, perform this task in privileged mode:
Task
Command
Step 1
Enable VTP pruning in the management

domain.
set vtp pruning enable
Step 2
(Optional) Make specific VLANs

pruning-ineligible on the device. (By
default, VLANs 21000 are
pruning-eligible.)
clear vtp pruneeligible vlan_range
Step 3
(Optional) Make specific VLANs

pruning-eligible on the device.
set vtp pruneeligible vlan_range
Step 4
Verify the VTP pruning configuration.
show vtp domain
Step 5
Verify that the appropriate VLANs are

being pruned on trunk ports.
show trunk
This example shows how to enable VTP pruning in the management domain and how to make
VLANs 299, 250255, and 5011000 pruning-eligible on the particular device:
Console> (enable) set vtp pruning enable
This command will enable the pruning function in the entire management domain.
All devices in the management domain should be pruning-capable before enabling.
Console> (enable) clear vtp pruneeligible 100-500
Vlans 1,100-500,1001-1005 will not be pruned on this device.
VTP domain Lab_Network modified.
Console> (enable) set vtp pruneeligible 250-255
Vlans 2-99,250-255,501-1000 eligible for pruning on this device.
VTP domain Lab_Network modified.
Domain Name
-------------------------------- ------------ ----------- ----------- ---------Lab_Network
1
2
server
---------- ---------------- --------------- ------------8
1023
16
disabled
Last Updater
--------------- -------- -------- ------------------------172.20.52.2
disabled enabled 2-99,250-255,501-1000
Console> (enable) show trunk
Port
Mode
Encapsulation Status
Native vlan
-------- ----------- ------------- ------------ ----------1/1
auto
isl
trunking
523
13-10
Configuring VTP
Port
-------1/1
Vlans allowed on trunk

--------------------------------------------------------------------1-1005
Port
-------1/1
Vlans allowed and active in management domain

--------------------------------------------------------------------1,522-524
Port
Vlans in spanning tree forwarding state and not pruned
-------- --------------------------------------------------------------------1/1
1,522-524
Console> (enable)
Disabling VTP Pruning

To disable VTP pruning, perform this task in privileged mode:
Task
Command
Step 1
Disable VTP pruning in the management

domain.
set vtp pruning disable
Step 2
Verify that VTP pruning is disabled.
show vtp domain
This example shows how to disable VTP pruning in the management domain:
Console> (enable) set vtp pruning disable
This command will disable the pruning function in the entire management domain.
Console> (enable)
Monitoring VTP
To monitor VTP activity, including VTP advertisements sent and received and VTP errors, perform
this task:
Task
Command
Display VTP statistics for the switch.
show vtp statistics
This example shows how to display VTP statistics on the switch:

Console> (enable) show vtp statistics
VTP statistics:
summary advts received
4690
subset advts received
7
request advts received
0
summary advts transmitted
4397
subset advts transmitted
8
request advts transmitted
0
No of config revision errors
0
No of config digest errors
0
VTP pruning statistics:
Trunk
Join Trasmitted Join Received
-------- --------------1/1
0
1/2
0
Console> (enable)
------------0
0
Summary advts received from

non-pruning-capable device
--------------------------0
0
Using VLANs
Using VLANs
These sections describe how to use VLANs on the Catalyst 5000 series switches:
Understanding How VLANs Work on page 13-12

VLAN Default Configuration on page 13-17
VLAN Configuration Guidelines on page 13-17
Configuring VLANs on page 13-18
Understanding How VLANs Work

A VLAN is a group of end stations with a common set of requirements, independent of physical
location. VLANs have the same attributes as a physical LAN but allow you to group end stations
even if they are not located physically on the same LAN segment.
The following sections describe how VLANs work on the Catalyst 5000 series switches:
Understanding VLANs in a VTP Domain on page 13-12

Understanding Token Ring VLANs on page 13-14
Understanding VLANs in a VTP Domain

VLANs allow you to group ports on Catalyst 5000 series switches to limit unicast, multicast, and
broadcast traffic flooding. Flooded traffic originating from a particular VLAN is only flooded out
other ports belonging to that VLAN.
Note Before you create VLANs, you must decide whether to use VTP to maintain global VLAN
configuration information for your network. For complete information on VTP, refer to the Using
VTP section on page 13-1.
13-12
Figure 13-3 shows an example of VLANs segmented into logically defined networks.
Figure 13-3
VLANs as Logically Defined Networks

Engineering
VLAN
Marketing
VLAN
Accounting
VLAN
Catalyst 5000
Cisco router
Floor 3
Catalyst 5000
Fast
Ethernet
Floor 2
Catalyst 5000
S5071
Floor 1
VLANs are often associated with IP subnetworks. For example, all the end stations in a particular
IP subnet belong to the same VLAN. Traffic between VLANs must be routed. Port VLAN
membership on the switch is assigned manually on a port-by-port basis. When you assign switch
ports to VLANs using this method, it is known as port-based, or static, VLAN membership.
Note Catalyst 5000 series switches support dynamic VLAN membership using the VLAN
Membership Policy Server (VMPS). For information on how to configure VMPS and dynamic port
VLAN membership, refer to the Configuring Dynamic Port VLAN Membership with VMPS
chapter.
The in-band (sc0) interface of a Catalyst 5000 series switch can be assigned to any VLAN, so you
can access another Catalyst 5000 series switch on the same VLAN directly without a router. Only
one IP address at a time can be assigned to the in-band interface. If you change the IP address and
assign the interface to a different VLAN, the previous IP address and VLAN assignment are
overwritten.
You can set these parameters when you create a VLAN in the management domain:
VLAN number
VLAN state (active or suspended)
VLAN name
VLAN type (Ethernet, Fiber Disributed Data Interface [FDDI], FDDI network entity title [NET],
TrBRF, or TrCRF)
Maximum transmission unit (MTU) for the VLAN

Using VLANs
Security Association Identifier (SAID)

Bridge identification number for TrBRF VLANs
Ring number for FDDI and TrCRF VLANs
Parent VLAN number for TrCRF VLANs
Spanning-Tree Protocol (STP) type for TrCRF VLANs
VLAN number to use when translating from one VLAN type to another
Note When translating from one VLAN type to another, the Catalyst 5000 series switch requires a
different VLAN number for each media type.
Understanding Token Ring VLANs

Two Token Ring VLAN types are supported on Catalyst 5000 series switches running VTP
version 2:
Token Ring TrBRF VLANs

Token Ring TrCRF VLANs
Token Ring TrBRF VLANs

Token Ring Bridge Relay Function (TrBRF) VLANs interconnect multiple Token Ring
Concentrator Relay Function (TrCRF) VLANs in a switched Token Ring network (see Figure 13-4).
The TrBRF can be extended across a network of switches interconnected via trunk links. The
connection between the TrCRF and the TrBRF is referred to as a logical port.
Figure 13-4
Interconnected Token Ring TrBRF and TrCRF VLANs
SRB or SRT
BRF
CRF
Token
Ring
001
Token
Ring
001
SRS
Token
Ring
011
SRS
Token
Ring
002
Token
Ring
002
Token
Ring
002
S6624
SRS
For source routing, the switch appears as a single bridge between the logical rings. The TrBRF can
function as a source-route bridge (SRB) or source-route transparent (SRT) bridge running either the
IBM or IEEE STP. If SRB is used, you can define duplicate Media Access Control (MAC) addresses
on different logical rings.
13-14
The Catalyst 5000 series Token Ring software runs an instance of STP for each TrBRF VLAN and
each TrCRF VLAN. For TrCRF VLANs, STP removes loops in the logical ring. For TrBRF VLANs,
STP interacts with external bridges to remove loops from the bridge topology, similar to STP
operation on Ethernet VLANs.
Caution Certain parent TrBRF STP and TrCRF bridge mode configurations can place the logical
ports (the connection between the TrBRF and the TrCRF) of the TrBRF in a blocked state. For
more information, refer to the VLAN Configuration Guidelines section on page 13-17.
For source routing, the switch appears as a single bridge between the logical rings. The TrBRF can
function as an SRB or SRT bridge running either the IBM or IEEE STP. If SRB is used, duplicate
MAC addresses can be defined on different logical rings.
To accommodate IBM System Network Architecture (SNA) traffic, you can use a combination of
SRT and SRB modes. In a mixed mode, the TrBRF considers some ports (logical ports connected to
TrCRFs) to operate in SRB mode while others operate in SRT mode.
Token Ring TrCRF VLANs

Token Ring Concentrator Relay Function (TrCRF) VLANs define port groups with the same logical
ring number. You can configure two types of TrCRFs in your network: undistributed and backup.
Typically, TrCRFs are undistributed, which means each TrCRF is limited to the ports on a single
Catalyst 5000 series switch. Multiple undistributed TrCRFs on the same or separate switches can be
associated with a single parent TrBRF (see Figure 13-5). The parent TrBRF acts as a multiport
bridge, forwarding traffic between the undistributed TrCRFs.
Note To pass data between rings located on separate switches, you can associate the rings to the
same TrBRF and configure the TrBRF for SRB.
Figure 13-5
Switch A
Undistributed TrCRFs
Switch B
ISL
TrCRF
350
TrCRF
200
S6813
TrBRF 3
TrCRF
400
Note By default, Token Ring ports are associated with the default TrCRF (VLAN 1003,
trcrf-default), which has the default TrBRF (VLAN 1005, trbrf-default) as its parent. In this
configuration, a distributed TrCRF is possible (see Figure 13-6), and traffic is passed between the
default TrCRFs located on separate switches provided that the switches are connected via an ISL
trunk.
Using VLANs
Figure 13-6
Distributed TrCRF
Switch A
Switch B
ISL
TrBRF 2
TrCRF
300
TrCRF
300
S6812
TrCRF
300
Within a TrCRF, source-route switching forwards frames based on either MAC addresses or route
descriptors. The entire VLAN can operate as a single ring, with frames switched between ports
within a single TrCRF.
You can specify the maximum hop count for All-Routes and Spanning-Tree Explorer frames for
each TrCRF. This limits the maximum number of hops an explorer is allowed to traverse. If a port
determines that the explorer frame it is receiving has traversed more than the number of hops
specified, it does not forward the frame. The TrCRF determines the number of hops an explorer has
traversed based on the number of bridge hops in the route information field.
A backup TrCRF enables you to configure an alternate route for traffic between undistributed
TrCRFs located on separate switches that are connected by a TrBRF, in the event that the ISL
connection between the switches fails. Only one backup TrCRF for a TrBRF is allowed, and only
one port per switch can belong to a backup TrCRF.
If the ISL connection between the switches fails, the port in the backup TrCRF on each affected
switch automatically becomes active, rerouting traffic between the undistributed TrCRFs through the
backup TrCRF. When the ISL connection is reestablished, all but one port in the backup TrCRF is
disabled. Figure 13-7 illustrates the backup TrCRF.
Figure 13-7
Backup TrCRF
Switch A
ISL
Switch B
TrBRF 1
TrCRF
600
Backup
TrCRF 612
13-16
S6811
TrCRF
601
VLAN Default Configuration

Table 13-2 shows the default VLAN configuration.
Table 13-2
Feature
Default Value
Native (default) VLAN
VLAN 1
Port VLAN assignments
All ports assigned to VLAN 1

Token Ring ports assigned to VLAN 1003 (trcrf-default)
VLAN state
Enabled
MTU size
1500 bytes
4472 bytes for Token Ring VLANs
SAID value
100,000 plus the VLAN number (for example, the SAID for VLAN
VLAN 3 is 100003)
Pruning eligibility
VLAN 21000 are pruning-eligible
Default FDDI VLAN
VLAN 1002
Default FDDI NET VLAN
VLAN 1004
Default Token Ring TrBRF VLAN
VLAN 1005 (trbrf-default) with bridge number 0F
Default Token Ring TrCRF VLAN
VLAN 1003 (trcrf-default)
TrBRF STP
IBM
TrCRF bridge mode
SRB
VLAN Configuration Guidelines

Follow these guidelines when creating and modifying VLANs in your network:
A maximum of 250 VLANs can be active at any time.
The default TrBRF (VLAN 1005) can only be the parent of the default TrCRF (VLAN 1003).
You cannot specify the default TrBRF as the parent of a user-configured TrCRF.
You must configure a TrBRF before you configure the TrCRF (the parent TrBRF VLAN you
specify must exist).
In a Token Ring environment, the logical ports (the connection between the TrBRF and the
TrCRF) of the TrBRF are placed in a blocked state if either of these conditions exists:
Before you can create a VLAN, the switch must be in VTP server mode or VTP transparent
mode. If the switch is a VTP server, you must define a VTP domain. For information on
configuring VTP, refer to the Configuring VTP section on page 13-6.
The TrBRF is running the IBM STP, and the TrCRF is in SRT mode.
The TrBRF is running the IEEE STP, and the TrCRF is in SRB mode.
Using VLANs
Configuring VLANs
Note VLANs support a number of parameters that are not discussed in detail in this section. For
complete information on the set vlan command and its parameters, refer to the Catalyst 5000 Series
Command Reference publication.
These sections describe how to configure VLANs on the Catalyst 5000 series switches:
Creating or Modifying an Ethernet VLAN section on page 13-18

Creating or Modifying an FDDI VLAN section on page 13-19
Creating or Modifying a Token Ring TrBRF VLAN section on page 13-19
Creating or Modifying a Token Ring TrCRF VLAN section on page 13-20
Assigning Switch Ports to a VLAN section on page 13-22
Deleting a VLAN section on page 13-23
Creating or Modifying an Ethernet VLAN

To create a new Ethernet VLAN, perform this task in privileged mode:
Task
Command
Step 1
Create a new Ethernet VLAN.
set vlan vlan_num [name name] [said said] [mtu mtu]

[translation vlan_num]
Step 2
Verify the VLAN configuration.
show vlan [vlan_num]
Note The default VLAN type is Ethernet; if you do not specify the VLAN type, the VLAN is an
Ethernet VLAN.
This example shows how to create an Ethernet VLAN and verify the configuration:
Console> (enable) set vlan 500 name Engineering
Vlan 500 configuration successful
Console> (enable) show vlan 500
VLAN Name
Status
IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- -----------------------500 Engineering
active
344
VLAN Type SAID
MTU
Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ -----500 enet 100500
1500 0
0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ---------Console> (enable)
13-18
Configuring VLANs
To modify the VLAN parameters on an existing Ethernet VLAN, perform this task in privileged
mode:
Task
Command
Step 1
Modify an existing Ethernet VLAN.
set vlan vlan_num [name name] [state {active |

suspend}] [said said] [mtu mtu] [translation vlan_num]
Step 2
Creating or Modifying an FDDI VLAN

To create a new FDDI VLAN, perform this task in privileged mode:
Task
Command
Step 1
Create a new FDDI or FDDI NET type

VLAN.
set vlan vlan_num [name name] type {fddi | fddinet}

[said said] [mtu mtu]
Step 2
To modify the VLAN parameters on an existing FDDI VLAN, perform this task in privileged mode:
Task
Command
Step 1
Modify an existing FDDI or FDDI NET type

VLAN.

suspend}] [said said] [mtu mtu]
Step 2
Creating or Modifying a Token Ring TrBRF VLAN

Note You must enable VTP version 2 before you create Token Ring VLANs. For information on
enabling VTP version 2, refer to the Configuring VTP section on page 13-6.
To create a new Token Ring TrBRF VLAN, perform this task in privileged mode:
Task
Command
Step 1
Create a new Token Ring TrBRF type

VLAN.
set vlan vlan_num [name name] type trbrf [said said]

[mtu mtu] bridge bridge_number [stp {ieee | ibm}]
Step 2
Note You must specify a bridge number when creating a new TrBRF.
Using VLANs
This example shows how to create a new Token Ring TrBRF VLAN and verify the configuration:
Console> (enable) set vlan 999 name TrBRF_999 type trbrf bridge a
VLAN Name
Status
---- -------------------------------- --------- ------- -----------------------999 TrBRF_999
active
VLAN Type SAID
MTU
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ -----999 trbrf 100999
4472 0xa
ibm 0
0
---- ------- ------- ---------Console> (enable)
To modify the VLAN parameters on an existing Token Ring TrBRF VLAN, perform this task in
privileged mode:
Task
Command
Step 1
Modify an existing Token Ring TrBRF type

VLAN.

suspend}] [said said] [mtu mtu] [bridge bridge_number]
[stp {ieee | ibm}]
Step 2
Creating or Modifying a Token Ring TrCRF VLAN

Note You must enable VTP version 2 before you create Token Ring VLANs. For information on
enabling VTP version 2, refer to the Configuring VTP section on page 13-6.
To create a new Token Ring TrCRF VLAN, perform this task in privileged mode:
Task
Command
Step 1
Create a new Token Ring TrCRF type

VLAN.
set vlan vlan_num [name name] type trcrf [said said]

[mtu mtu] {ring hex_ring_number | decring
decimal_ring_number} parent vlan_num
Step 2
Note You must specify a ring number (either in hexadecimal or in decimal) and a parent TrBRF
VLAN when creating a new TrCRF.
13-20
Configuring VLANs
This example shows how to create a Token Ring TrCRF VLAN and verify the configuration:
Console> (enable) set vlan 998 name TrCRF_998 type trcrf decring 10 parent 999
VLAN Name
Status
---- -------------------------------- --------- ------- -----------------------998 TrCRF_998
active
352
VLAN Type SAID
MTU
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ -----998 trcrf 100998
4472 999
0xa
srb
0
0
---- ------- ------- ---------998 7
7
off
Console> (enable)
To modify the VLAN parameters on an existing Token Ring TrCRF VLAN, perform this task in
privileged mode:
Task
Command
Step 1
Modify an existing Token Ring TrCRF type

VLAN.

suspend}] [said said] [mtu mtu] [ring hex_ring_num]
[decring decimal_ring_num] [bridge bridge_num]
[parent vlan_num]
Step 2
To create a backup TrCRF, assign one port on each switch that the TrBRF traverses to the backup
TrCRF.
To configure a TrCRF VLAN as a backup TrCRF, perform this task in privileged mode:
Task
Command
Step 1
Configure a TrCRF VLAN as a backup

TrCRF.
set vlan vlan_num backupcrf on
Step 2
Caution If the backup TrCRF port is attached to a Token Ring multistation access unit (MSAU),
it does not provide a backup path unless the ring speed and port mode are set by another device.
We recommend that you configure the ring speed and port mode for the backup TrCRF.
Using VLANs
To specify the maximum number of hops for All-Routes Explorer frames or Spanning-Tree Explorer
frames in the TrCRF, perform this task in privileged mode:
Task
Command
Step 1
Specify the maximum number of hops for

All-Routes Explorer frames in the TrCRF.
set vlan vlan_num aremaxhop hopcount
Step 2
Specify the maximum number of hops for

Spanning-Tree Explorer frames in the
TrCRF.
set vlan vlan_num stemaxhop hopcount
Step 3
This example shows how to limit All-Routes Explorer frames and Spanning-Tree Explorer frames
to ten hops, and how to verify the configuration (shown by the arrow):
Console> (enable) set vlan 998 aremaxhop 10 stemaxhop 10
VLAN Name
Status
---- -------------------------------- --------- ------- -----------------------998 VLAN0998
active
357
VLAN Type SAID

MTU
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ -----998 trcrf 100998
4472 999
0xff
srb
0
0

---- ------- ------- ---------998 10
10
off
Console> (enable)
Assigning Switch Ports to a VLAN

A VLAN created in a management domain remains unused until you assign one or more switch ports
to the VLAN. If you specify a VLAN that does not exist, the VLAN is created and the specified ports
are assigned to it.
Note Make sure you assign switch ports to a VLAN of the proper type. For example, assign
Ethernet, Fast Ethernet, and Gigabit Ethernet ports to Ethernet-type VLANs, Token Ring ports to
Token Ring TrCRF-type VLANs, and so forth.
To assign one or more switch ports to a VLAN, perform this task in privileged mode:
Task
13-22
Command
Step 1
Assign one or more switch ports to

a VLAN.
set vlan vlan_num mod_num/port_num
Step 2
Verify the port VLAN membership.

show port [mod_num[/port_num]]
Configuring VLANs
This example shows how to assign switch ports to a VLAN and verify the assignment:
Console> (enable) set vlan 560 4/10
VLAN 560 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- ----------------------560
4/10
VLAN Name
Status
---- -------------------------------- --------- ------- -----------------------560 Engineering
active
348
4/10
VLAN Type SAID
MTU
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ -----560 enet 100560
1500 0
0
---- ------- ------- ---------Console> (enable) show port 4/10
Port Name
Status
Vlan
Level Duplex Speed Type
----- ------------------ ---------- ---------- ------ ------ ----- -----------4/10
notconnect 560
normal
half
10 10BaseT
<...output truncated...>
Last-Time-Cleared
-------------------------Wed Jun 24 1998, 12:16:41
Console> (enable)
Deleting a VLAN
When you delete a VLAN in VTP server mode, the VLAN is removed from all switches in the VTP
domain. When you delete a VLAN in VTP transparent mode, the VLAN is deleted only on the
current switch.
Caution When you delete a VLAN, any ports assigned to that VLAN become inactive. Such ports
remain associated with the VLAN (and thus inactive) until you assign them to a new VLAN.
To delete a VLAN on the switch, perform this task in privileged mode:
Task
Command
Delete a VLAN.
clear vlan vlan_num
Note You cannot delete a Token Ring TrBRF VLAN without first reassigning its child TrCRFs to
another parent TrBRF, or deleting the child TrCRFs.
This example shows how to delete a VLAN (in this case, the switch is a VTP server):
Console> (enable) clear vlan 500
This command will deactivate all ports on vlan 500
in the entire management domain
Do you want to continue(y/n) [n]?y
Vlan 500 deleted
Console> (enable)
Using VLANs
13-24

Configuracion VTP II

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Configuracion VTP II

Uploaded by

Copyright:

Available Formats

C H A P TER

Configuring VTP and Virtual LANs

the Catalyst 5000 Series Command Reference publication.

This chapter consists of these sections:

Using VTP on page 13-1

Understanding How VTP Works on page 13-1

Understanding How VTP Works

Configuring VTP and Virtual LANs 13-1

Understanding the VTP Domain on page 13-2

Understanding the VTP Domain

Understanding VTP Modes

TransparentVTP transparent switches do not participate in VTP. A VTP transparent switch

Catalyst 5000 Series Software Configuration Guide

Understanding How VTP Works

Understanding VTP Advertisements

VLAN IDs (ISL and 802.1Q)

Understanding VTP Version 2

VTP version 2 supports the following features not supported in version 1:

Unrecognized Type-Length-Value (TLV) SupportA VTP server or client propagates

Version-Dependent Transparent ModeIn VTP version 1, a VTP transparent switch inspects

Configuring VTP and Virtual LANs 13-3

Understanding VTP Pruning

Flooding Traffic without VTP Pruning

Catalyst 5000 Series Software Configuration Guide

VTP Default Configuration

Flooding Traffic with VTP Pruning

VTP Default Configuration

VTP Default Configuration

VTP domain name

VTP version 2 enable state

Configuring VTP and Virtual LANs 13-5

VTP Configuration Guidelines

Making VLANs pruning-eligible or pruning-ineligible on a switch affects pruning-eligibility for

Configuring a VTP Server on page 13-7

Catalyst 5000 Series Software Configuration Guide

Configuring a VTP Server

Define the VTP domain name.

set vtp domain name

Place the switch in VTP server

set vtp mode server

(Optional) Set a password for the

set vtp passwd passwd

Verify the VTP configuration.

show vtp domain

Configuring a VTP Client

Define the VTP domain name.

set vtp domain name

Place the switch in VTP client

set vtp mode client

Verify the VTP configuration.

show vtp domain

Configuring VTP and Virtual LANs 13-7

Place the switch in VTP

set vtp mode transparent

Verify the VTP configuration.

show vtp domain

Catalyst 5000 Series Software Configuration Guide

Enabling VTP Version 2

switching to function properly.

To enable VTP version 2, perform this task in privileged mode:

Enable VTP version 2 on the switch.

set vtp v2 enable

Verify that VTP version 2 is enabled.