Lab 23 Vlan Part 1

Lab 22 : Virtual LAN Part 1
Objective:
1.
2.
3.
4.
5.
Understanding VLAN
Configuration VLAN
Understanding Trunking
Understanding and Configuring DTP
Understanding and Configuring VTP
Commands Introduced:
1.
2.
3.
4.
5.
i
.
c
t
Vlan
Name
Switchport mode
Vtp domain
Vtp mode
CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]
.
t
n
i
1. Verify the connectivity between all the PCs.
i
.
c
t
.
t
n
i
Hint: Ping was successful, which confirms that connectivity is there for all the PCs.
2. Check the MAC address table of SW1 and SW2

SW1#show mac-address-table
Mac Address Table
------------------------------------------Vlan Mac Address
Type
Ports
---- ------------------ ----1 0001.96db.b718 DYNAMIC Fa0/24
1 0006.2a18.9883 DYNAMIC Fa0/1
1 000b.be75.3404 DYNAMIC Fa0/24
1 000d.bde1.c6c4 DYNAMIC Fa0/24
1 00d0.9790.7298 DYNAMIC Fa0/2
2
SW2#show mac-address-table
Mac Address Table
------------------------------------------Vlan Mac Address
Type
Ports
---- ------------------ ----1 0006.2a18.9883 DYNAMIC Fa0/24
1 000b.be75.3404 DYNAMIC Fa0/2
1 000d.bde1.c6c4 DYNAMIC Fa0/1
1 0030.a342.5418 DYNAMIC Fa0/24
Hint: Both switches know about all the devices connected. Observe the ports column, two mac
addresses are known via port fa0/24, which is connected to SW1 and SW2
n
i
Hint: Though the devices are connected across multiple switches, anyone can communicate with
any other. So if you have more number of hosts you shall connect them using multiple switches.
.
t
Hint: Though all the users can communicate with each other, it will create a problem in a huge
network. Assume that a network with a size of 1000 hosts, and one employee who belongs to
Finance department is sending a broadcast message to all the members of his team and it will
be sent to all the employees though it is not meant for them, which is a security issue.
3. Observe the following output.
i
.
c
t
Hint: A broadcast is sent from 10.0.0.10, and everyone connected are replying back for this
request. Observe the reply from section of each and every line to see the responded stations.
Here 10.0.0.20, 10.0.0.30 and 10.0.0.40 stations are replying back. If we allow this the entire
network may be filled with the broadcast and the confidential information may be shared with
unintended recipient. So we can understand the security issue here.
4. Why the broadcast sent to all the ports?
SW1#show vlan
3
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 default
active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
Hint: VLAN (Virtual LAN) is nothing but a LAN. This feature can be used to slice the switches
logically into multiple switches. By default all the switch ports associated to vlan 1. Since all
the interfaces belongs to the same port they can communicate with each other.
Check the same on switch 2
SW2#show vlan
.
t
n
i
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 default
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
i
.
c
t
Hint: Even in switch2 all the ports belongs to vlan 1. This allows all the ports on switch1 and
switch2 can talk to each other.
Hint: VLAN1 is known as Native VLAN. If the switch receives traffic on a trunk port without VLAN
tag information, then it will be considered as native vlan traffic and it will be tagged.
5. Create two vlans 10 and 20 and name them as HR and Admin
a. Vlans can be created using two methods. Here I will be demonstrating you both the
methods. On switch 1 we will create the VLANs using the old method and on Switch2 we will
create the VLANs using the new method.
SW1#vlan database
4
% Warning: It is recommended to configure VLAN from config mode,

as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Hint: vlan database takes you to a specific configuration mode with a warning message.
SW1(vlan)#vlan 10 nam
SW1(vlan)#vlan 10 name HR
VLAN 10 added:
Name: HR
SW1(vlan)#vlan 20 name Admin
VLAN 20 added:
Name: Admin
.
t
n
i
Hint: After creating the vlan use exit command to save and exit the sub configuration
mode. If you press ctrl + z then you will exit the mode without saving the configuration.
b. Create the VLANS on switch 2
SW2(config)#vlan 10
SW2(config-vlan)#name HR
SW2(config-vlan)#exit
SW2(config)#vlan 20
SW2(config-vlan)#name Admin
SW2(config-vlan)#exit
i
.
c
t
c. Verify the VLANs created

SW1#show vlan
VLAN Name
Status Ports
---- -------------------------------- --------- ------------------------------1 default
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
10 HR
active
20 Admin
active
5
SW2#show vlan
VLAN Name
Status Ports
---- -------------------------------- --------- ------------------------------1 default
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
10 HR
active
20 Admin
active
.
t
n
i
Hint: Now we have created two vlans on both switches. But if you need to create these vlans
on multiple switches then it will be a repetitive task. And even a small change in the vlan,
needs to be done on all the switches manually. To manage the vlan information on all the
switches, we shall make use of VTP (A cisco proprietory protocol) with which VLAN details
can be distributed on all the switches. Even a change done on a switch will be advertised to
all the switches, so that all the switches can update themselves.
6. Enable VTP on both the switches.
a. Verify the VTP status
i
.
c
t
SW1#show vtp status

VTP Version
:2
Configuration Revision
:2
Maximum VLANs supported locally : 255
Number of existing VLANs
:7
VTP Operating Mode
: Server
VTP Domain Name
:
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
VTP Traps Generation
: Disabled
MD5 digest
: 0x82 0x0A 0x00 0xDF 0x6D 0xB6 0xB2 0xD6
Configuration last modified by 0.0.0.0 at 3-1-93 01:27:36
Local updater ID is 0.0.0.0 (no valid interface found)
SW2#show vtp status

VTP Version
6
:2
:2
:7
VTP Operating Mode
: Server
VTP Domain Name
:
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
: Disabled
MD5 digest
: 0x82 0x0A 0x00 0xDF 0x6D 0xB6 0xB2 0xD6
n
i
Hint: No valid VTP domain has been configured on the switches. And both the switches are
acting as SERVER. By default all the switches will be kept in VTP Server Mode, which allows
the administrator to create on all the switches, but it needs to be distributed to other
switches. But the VTP messages are restricted to a single domain, hence you need to
configure the domain name on which this VTP updates are valid. By default the domain
name is blank. And hence no VTP messages can be processed.
.
t
Hint: Also observe the VTP Revision number; every change will increment the VTP Revision
number by one. We have created two VLAN hence two increments.
i
.
7. Create a vlan on switch1 and verify it
c
t
a. Write down the VTP Revision number on both the switches

SW1: ___________
SW2: ___________
b. Create a vlan
SW1(config)#vlan 30
SW1(config-vlan)#name junisys
c. Write the VTP Revision number on both the switches

SW1: ___________
SW2: ___________
Hint: Every change on vlan database will increment the vtp revision number by one.
d. Verify the vlan on SW1 & SW2
7
SW1#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 default
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
10 HR
active
20 Admin
active
30 junisys
active
SW2#show vlan
.
t
n
i
VLAN Name
Status Ports
---- -------------------------------- --------- ------------------------------1 default
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
10 HR
active
20 Admin
active
i
.
c
t
Hint: vlan 30 information is not distributed to the neighboring switch. Either you shall create
the vlan on switch2 or you shall make use of VTP.
8. Configure VTP to distribute the VLAN informations.
a. Configure VTP domain name on SW1
SW1(config)#vtp domain junisys.in
Changing VTP domain name from NULL to junisys.in
Hint: Now the SW1 is configured as part of junisys.in domain.
8
b. Verify the VTP domain configuration on SW1

SW1#show vtp status
VTP Version
:2
:0
Maximum VLANs supported locally
: 255
:8
VTP Operating Mode
: Server
VTP Domain Name
: junisys.in
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
: Disabled
MD5 digest
: 0xC8 0x40 0x1A 0xF6 0x2B 0xFB 0x00 0xC6
.
t
n
i
Hint: Observe the VTP domain name updated with junisys.in. And also observe the
VTP Revision number got reset to 0, this is because now the switch is part of new vtp
domain.
c. Verify the vtp staus
i
.
c
t
SW2#show vtp status

VTP Version
:2
:0
: 255
:7
VTP Operating Mode
: Server
VTP Domain Name
: junisys.in
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
: Disabled
MD5 digest
: 0x2A 0xC8 0x29 0x84 0x24 0xAC 0x10 0x32
Hint: We dint configure the vtp domain name on switch. It was null. When the VTP
domain is null, and it receive an update via VTP with a domain name configured and
then immediately the null domain changes to the domain name specified in the VTP
update message. Because of this the second switch auto configures himself to VTP
DOMAIN NAME OF junisys.in
9
d. Verify the vlan details on SW2

SW2#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 default
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Gi0/1
Gi0/2
10 HR
active
20 Admin
active
30 junisys
active
.
t
n
i
Hint: Since both the switches are bound to the same vtp domain junisys.in, the vlan
what we created on sw2 (vlan 30, junisys) has been shared with SW2
9. Now create a VLAN on SW2
a. Create a vlan 40 and name it itcert
SW2(config)#vlan 40
SW2(config-vlan)#name itcert
i
.
c
t
b. Verify the vlan database on SW2

SW2#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18
Fa0/21, Fa0/22, Fa0/23, Gi0/1
Gi0/2
10 HR
active
20 Admin
active
30 junisys
active
10
40 itcert
active
Hint: We have created a vlan on SW2

c. Check the vlan database of SW1
SW1#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23
10 HR
active
20 Admin
active
30 junisys
active
40 itcert
active
c
t
.
t
n
i
Hint: vlan 40 is also available on SW1. Like this you will be able to create the vlan on any
switch and it will be shared with all the switches belongs to the same VTP domain.
i
.
Hint: But this is a problem, you dont have any control on it. Anyone who gains access to any
switch can modify this. You have to restrict the vlan configuration on only one switch.
10. Configure the SW1 as the only switch where the vlan configuration is possible and it can be
shared with SW2
a. Observe the VTP status of both the switches

SW1#show vtp status
VTP Version
VTP Operating Mode
VTP Domain Name
VTP Pruning Mode
VTP V2 Mode
11
:2
:0
: 255
:8
: Server
: junisys.in
: Disabled
: Disabled
: Disabled
MD5 digest
: 0xC8 0x40 0x1A 0xF6 0x2B 0xFB 0x00 0xC6
Hint: SW1 is in VTP Server mode, which means administration can manage the vlans on
this switch.
SW2#show vtp status
VTP Version
:2
:0
: 255
:7
VTP Operating Mode
: Server
VTP Domain Name
: junisys.in
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
: Disabled
MD5 digest
: 0x2A 0xC8 0x29 0x84 0x24 0xAC 0x10 0x32
c
t
.
t
n
i
Hint: Even SW2 is in VTP Server mode. So vlan configuration is possible on both the
switches. By default all the switches will be kept in VTP Server mode.
i
.
b. Configure the SW2 so that no vlan configuration is possible on it but It can learn the same
from SW1
a. Configure SW2 as VTP Client
SW2(config)#vtp mode client

Setting device to VTP CLIENT mode.
b. Check the VTP Status on SW2
SW2#show vtp status
VTP Version
VTP Operating Mode
VTP Domain Name
VTP Pruning Mode
VTP V2 Mode
12
:2
:4
: 250
:9
: Client
: junisys.in
: Disabled
: Disabled

: Disabled
MD5 digest
: 0x12 0xE1 0x48 0x7C 0xAA 0x65 0x5E 0xD5
Hint: Now SW2 is kept in VTP Client mode.
c. Create vlan 50 and name it as cisco on SW2
SW2(config)#vlan 50
VTP VLAN configuration not allowed when device is in CLIENT mode.
Hint: Observe the warning message. If the switch is kept in VTP client mode then vlan
configuration is not possible.
d. Create vlan 50 and name it as cisco on SW1
SW1(config)#vlan 50
SW1(config-vlan)#name cisco
.
t
n
i
e. Verify the VLAN database on both the switches

SW1#show vlan
i
.
c
t
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23
10 HR
active
20 Admin
active
30 junisys
active
40 itcert
active
50 cisco
active
SW2#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
13
Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Gi0/1
Gi0/2
10
20
30
40
50
HR
Admin
junisys
itcert
cisco
active
active
active
active
active
n
i
Hint: Now the VLAN configuration can be done only on SW1 and which can be shared to
all VTP Clients belongs to the same VTP Domain.
Hint: If the switch is kept in VTP Transparent mode it can receive and forward the VTP
messages but it will not process the same.
Hint: Now the problem is anyone can configure a switch with this vtp domain name and
connects to the existing network and he can modify the VLAN configuration from his
rogue switch.
11. Secure the VTP communication.
i
.
a. Configure a password for VTP updates
c
t
.
t
SW1(config)#vtp password jts@123

Setting device VLAN database password to jts@123
Hint: Now SW2 has been configured with a password, when it sends an update , the update
will be protected by this password.
b. Create a vlan on SW1

SW1(config)#vlan 70
SW1(config-vlan)#name test
c. Check the vlan database
SW1#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
14
Fa0/13, Fa0/14, Fa0/15, Fa0/16

Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23
10
20
30
40
50
70
HR
Admin
junisys
itcert
cisco
test
active
active
active
active
active
active
SW2#show vlan
n
i
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Gi0/1
Gi0/2
10 HR
active
20 Admin
active
30 junisys
active
40 itcert
active
50 cisco
active
i
.
c
t
.
t
Hint: VLAN 70 (test) is not available in SW2
d. Debug VTP events
SW2#debug sw-vlan vtp event

vtp events debugging is on
e. Create another VLAN on SW1
SW1(config)#vlan 80
SW1(config-vlan)#name test1
Hint: Because of this change SW1 will be constructing a new update and will be sent to
neighbor. This update is secured
15
f.
Observe the VTP update on SW2

SW2#
00:18:02: VTP LOG RUNTIME: Summary packet received, domain = junisys.in, rev = 7,
followers = 1
00:18:02: VTP LOG RUNTIME: Summary packet rev 7 greater than domain junisys.in rev 5
00:18:02: VTP LOG RUNTIME: Domain junisys.in currently not in updating state
00:18:02: VTP LOG RUNTIME: Subset packet received, domain = junisys.in, rev = 7, seq = 1,
length = 336
00:18:02: VTP LOG RUNTIME: MD5 digest failing
calculated = B1 E8 E6 66 4F EF A7 3C DD 8E 60 6A D3 30 E1 4F
transmitted = 57 B6 A4 20 7E 8F B7 08 9D 40 A4 55 B8 5F 0C 48
.
t
n
i
Hint: First line says that SW2 has received an summary update on junisys.in domain.
Which is having greater revision number than SW2 (SW2 has revision number of 5). Hence
SW2 needs to update its VLAN Database. But SW2 cant update because the MD5 is not
matching.
i
.
c
t
Hint: Whenever an vtp update is send the hash value of VTP password will be appended.
The receiver will calculate his own has value, if both are matching then the update can be
processed.
g. Configure the SW2 with vtp password
SW2(config)#vtp password jts@123

Setting device VLAN database password to jts@123
Hint: Now SW2 is also configured with the same password.

h. Create another VLAN on SW1
SW1(config)#vlan 90
Hint: If this vlan is not created then you need to wait till VTP update timer to expire and
which is 5 minutes by default.
i.
16
Observe the debug output on SW2

SW2#
00:25:33: VTP LOG RUNTIME: Summary packet received, domain = junisys.in, rev = 8,
followers = 1
00:25:33: VTP LOG RUNTIME: Summary packet rev 8 greater than domain junisys.in rev 5
00:25:33: VTP LOG RUNTIME: Subset packet received, domain = junisys.in, rev = 8, seq = 1,
length = 356
00:25:33: VTP LOG RUNTIME: Transmit vtp summary, domain junisys.in, rev 8, followers 1
MD5 digest calculated = 19 A4 2A 34 B3 3B 83 39 8F 3D F9 6B 73 FE 12 00
n
i
Hint: Now calculated hash is matching for the update, so SW2 can process the updates.
j.
Check the vlan database on SW2

SW2#SHOW vlan
.
t
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Gi0/1
Gi0/2
10 HR
active
20 Admin
active
30 junisys
active
40 itcert
active
50 cisco
active
70 test
active
80 test1
active
90 test2
active
i
.
c
t
Hint: Now the vlan information are synchronized.

12. For logging purpose enable the identity of the updater.
17
a. Check the vtp status

SW2#show vtp status
VTP Version
:2
:8
: 13
VTP Operating Mode
: Client
VTP Domain Name
: junisys.in
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
: Disabled
MD5 digest
: 0x19 0xA4 0x2A 0x34 0xB3 0x3B 0x83 0x39
.
t
n
i
Hint: Observe the highlighted area which doesnt have the details of the updater.
b. Configure an ip address for vlan1 interface on SW1
SW1(config)#interface vlan 1
SW1(config-if)#ip add
SW1(config-if)#ip address 10.0.0.1 255.0.0.0
SW1(config-if)#nos hut
SW1(config-if)#no shut
SW1(config-if)#no shutdown
i
.
c
t
c. Check the interface status
SW1#show ip int brief

Interface
IP-Address
Vlan1
10.0.0.1
FastEthernet0/1
unassigned
FastEthernet0/2
unassigned
FastEthernet0/3
unassigned
OK?
YES
YES
YES
YES
Method
manual
unset
unset
unset
Hint: Now SW1 has an ip address

d. Check the VTP status now on SW1
SW1#show vtp status
VTP Version
:2
:8
18
Status
up
down
down
down

: 13
VTP Operating Mode
: Server
VTP Domain Name
: junisys.in
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
: Disabled
MD5 digest
: 0x19 0xA4 0x2A 0x34 0xB3 0x3B 0x83 0x39
Local updater ID is 10.0.0.1 on interface Vl1 (lowest numbered VLAN interface found)
e. Wait for the VTP update timer to expire or create a new vlan on SW1
SW1(config)#vlan 100
f.
.
t
n
i
Check the vlan database and vtp updater information on SW2

SW2#show vlan
c
t
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Gi0/1
Gi0/2
10 HR
active
20 Admin
active
30 junisys
active
40 itcert
active
50 cisco
active
70 test
active
80 test1
active
90 test2
active
100 test3
active
i
.
Hint: vlan 100 found in the database of SW2
19
SW2#show vtp status

VTP Version
:2
:9
: 14
VTP Operating Mode
: Client
VTP Domain Name
: junisys.in
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
: Disabled
MD5 digest
: 0xAE 0x5F 0x23 0x55 0xDF 0xDC 0xEA 0x91
n
i
Hint: Now we shall also note the ip address of the VTP message generator with this you can
confirm whether the updates are sent from the original source.
.
t
Hint: VTP always takes the lowest ip address of all the interface. If you want to have any
other interface IP then you shall use the following command.
13. Crete a vlan interface on SW1
c
t
SW1(config)#interface vlan 2
SW1(config-if)#ip address 11.0.0.1 255.0.0.0
SW1(config-if)#no shutdown
i
.
14. Configure the VTP to use the new interface ip as its ID
SW1(config)#vtp interface vlan2
15. Create a vlan on SW1
SW1(config)#vlan 101
16. Check the VTP updater field on SW2
SW2#show vtp status
VTP Version
VTP Operating Mode
20
:2
: 11
: 250
: 16
: Client
VTP Domain Name

: junisys.in
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
: Disabled
MD5 digest
: 0x57 0x59 0x8C 0x00 0x87 0xBB 0x30 0x43
Hope you guys enjoyed this basic VLAN and VTP lab and Let us see rest of the advanced configuration
on next part of this lab.
21
i
.
c
t
.
t
n
i

Lab 23 Vlan Part 1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lab 23 Vlan Part 1

Uploaded by

Copyright:

Available Formats

Lab 22 : Virtual LAN Part 1

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

1. Verify the connectivity between all the PCs.

2. Check the MAC address table of SW1 and SW2

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

% Warning: It is recommended to configure VLAN from config mode,

c. Verify the VLANs created

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

SW1#show vtp status

SW2#show vtp status

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

7. Create a vlan on switch1 and verify it

a. Write down the VTP Revision number on both the switches

c. Write the VTP Revision number on both the switches

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

b. Verify the VTP domain configuration on SW1

SW2#show vtp status

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

d. Verify the vlan details on SW2

b. Verify the vlan database on SW2

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

Hint: We have created a vlan on SW2

a. Observe the VTP status of both the switches

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

a. Configure SW2 as VTP Client

SW2(config)#vtp mode client

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

VTP Traps Generation

e. Verify the VLAN database on both the switches

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

Fa0/5, Fa0/6, Fa0/7, Fa0/8

a. Configure a password for VTP updates

SW1(config)#vtp password jts@123

b. Create a vlan on SW1

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

Fa0/13, Fa0/14, Fa0/15, Fa0/16

Hint: VLAN 70 (test) is not available in SW2

d. Debug VTP events

SW2#debug sw-vlan vtp event

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

Observe the VTP update on SW2

g. Configure the SW2 with vtp password

SW2(config)#vtp password jts@123

Hint: Now SW2 is also configured with the same password.

Observe the debug output on SW2

Check the vlan database on SW2

Hint: Now the vlan information are synchronized.

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

a. Check the vtp status

c. Check the interface status

SW1#show ip int brief

Hint: Now SW1 has an ip address

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

Maximum VLANs supported locally : 128

Check the vlan database and vtp updater information on SW2

Hint: vlan 100 found in the database of SW2

CCNA Practice Labs by Gopi Venkatesan| [gopi@itcert.in]

SW2#show vtp status

14. Configure the VTP to use the new interface ip as its ID

SW1(config)#vtp interface vlan2