You are on page 1of 14

LAN Switching Technologies

VLANs:
A VLAN is a group of devices on one or more LANs that are configured to
communicate as if they were attached to the same wire, when in fact they are
located on a number of different LAN segments. Because VLANs are based on
logical instead of physical connections, they are extremely flexible.
That links to other switches are known as Trunk ports and links to end devices
like PCs are known as Access ports. On a port, which is an Access Port, the
Untagged VLAN is called the Access VLAN. On a port, which is a Trunk Port, the
Untagged VLAN is called the Native VLAN.
Trunk port is used to connect between switches and access port is used to
connect to computers lap top printers etc, you cannot extend the data from one
switch to other switch access ports through trunk port. It can only extended
through access port of switch.

VLA Rang Usage Propag


Ns e ated
by VTP

0, Reserv For system use only. You cannot see or use these N/A
4095 ed VLANs.

1 Norma Cisco default. You can use this VLAN but you cannot Yes
l delete it.

2- Norma Used for Ethernet VLANs; you can create, use, and Yes
1001 l delete these VLANs.

1002 Norma Cisco defaults for FDDI and Token Ring. You cannot Yes
- l delete VLANs 1002-1005.
1005

1006 Extend For Ethernet VLANs only. When configuring extended- No


- ed range VLANs, note the following:
4094 Layer 3 ports and some software features require
internal VLANs. Internal VLANs are allocated from
1006 and up. You cannot use a VLAN that has been
allocated for such use. To display the VLANs used
internally, enter the show vlan internal
usage command.
Switches running Catalyst product family software
do not support configuration of VLANs 1006-1024. If
you configure VLANs 1006-1024, ensure that the
VLANs do not extend to any switches running Catalyst
product family software.
You must enable the extended system ID to use
extended range VLANs. See the "Enabling the
Extended System ID" section.

Table 10-1 VLAN Ranges

Example of Creating a VLAN


SW1(config)#vlan 50
SW1(config-vlan)#name Computers
SW1(config-vlan)#exit

SW2(config)#vlan 50
SW2(config-vlan)#name Computers
SW2(config-vlan)#exit
Put the interfaces connected to the computers in the correct VLAN
SW1(config)#interface fa0/1
SW1(config-if)#switchport access vlan 50

SW2(config)#interface fa0/2
SW2(config-if)#switchport access vlan 50
Access VLAN Configuration
When we configure a port in access mode, we can specify which VLAN will carry
the traffic for that interface. If you do not configure the VLAN for a port in access
mode, or an access port, the interface carries traffic for the default VLAN
(VLAN1).
We can change the access port membership in a VLAN by specifying the new
VLAN. We must create the VLAN before we can assign it as an access VLAN for
an access port. If we change the access VLAN on an access port to a VLAN that is
not yet created, the system will shut that access port down.
If an access port receives a packet with an 802.1Q tag in the header other than
the access VLAN value, that port drops the packet without learning its MAC
source address.

Switchport access vlan

To set the access VLAN when the interface is in access mode, use
the switchport access vlan command. To reset the access-mode VLAN to the
appropriate default VLAN for the switch, use the no form of this command.

switchport access vlan vlan-id

no switchport access vlan

Syntax Description

vlan- VLAN to set when the interface is in access mode. The range is from 1 to
id 4094, except for the VLANs reserved for internal use.

Trunk Configuration
Trunks are required to carry VLAN traffic from one switch to another.
Trunking

VLANs are local to each switch's database, and VLAN information is not
passed between switches.

Trunk links provide VLAN identification for frames traveling between


switches.

Cisco switches have two Ethernet trunking mechanisms: ISL and IEEE
802.1Q.

Certain types of switches can negotiate trunk links.

Trunks carry traffic from all VLANs to and from the switch by default but
can be configured to carry only specified VLAN traffic.

Trunk links must be configured to allow trunking on each end of the link.

To enable trunking between the switches, use the following steps:

1. Enable trunking on a port.

a. Enable the trunk:

IOS (global) interface type mod/port

(interface) switchport mode


dynamic [auto | desirable]

(interface) switchport mode trunk

(interface) switchport nonegotiate


A Layer 2 port can be configured as an access or a trunk port as follows:

An access port can have only one VLAN configured on that port; it can
carry traffic for only one VLAN.
A trunk port can have two or more VLANs configured on that port; it can
carry traffic for several VLANs simultaneously.
By default, all ports on the device are Layer 3 ports.
You can make all ports Layer 2 ports using the setup script or by entering
the system default switchportcommand. See the Cisco Nexus 7000 Series NX-
OS Fundamentals Configuration Guide, Release 4.x for information on using the
setup script. To configure the port as a Layer 2 port using the CLI, use the
switchport command,
All ports in one trunk must be in the same virtual device context (VDC). See
the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide,
Release 4.x for information on VDCs.
All ports in the same trunk must be in the same VDC, and trunk ports cannot
carry VLANs from different VDCs.
show how you can use trunk ports in the network. The trunk port carries traffic
for two or more VLANs.
Trunk and Access Ports and VLAN Traffic

VTP Basics
VLAN Trunking Protocol (VTP) is a Cisco proprietary technology. Ask
administrators whether they like VTP and you will get varying answers. I dont
think anyone will deny there is a convenience that VTP provides. However,
dangers associated with VTP are enough to make an administrator shy away
from VTP as well. Ill go into these risks later and what can be done to avoid
them.
A VTP domain defines which VTP enabled switches are allowed to send VLAN
information to each other. VTP domains could be created for a data center,
another for the first floor, and another for the second floor. A VTP domain is
specified with the vtp domain VTPDomain command.

Configuring VTP is pretty straight forward so I wont go into what each command
does. Here is a basic configuration on a VTP server.
SW1(config)# vtp domain VTPDomain
Setting VTP domain name to VTPDomain.
SW1(config)# vtp mode server
Setting device to VTP Server mode for VLANS.
SW1(config)# vtp version 2
Setting device to VTP version 2.
SW1(config)# vtp password passw0rd
Setting device VLAN database password to passw0rd.

To verify configuration of VTP, run the show vtp status command.

VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 1
VTP Operating Mode : Server
VTP Domain Name : VTPDomain
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x46 0x61 0xA6 0xC8 0x1F 0x9B 0x64 0x6A
Configuration last modified by 0.0.0.0 at 3-1-93 01:34:49
Local updater ID is 10.10.0.2 on interface Vl55 (lowest numbered VLAN interface
found)

When two switches on a single network arent running VTP properly, compare the
MD5 digest on the switches. If they do not match, review the VTP version, the
domain, password, and revision numbers.

Preview
A VTP client is a switch which accepts configurations but doesnt allow for
manual VLAN configuration through its CLI. Any VLAN configuration needs to be
done on the VTP server. Immediately after the vlan.dat file is updated on the
server, VTP packets are sent through the layer 2 network and clients update their
vlan.dat file.

In addition to server and client modes, a third type exists. Transport mode
effectively disables VTP on the switch without completely turning it off. VTP
packets will be sent through a transparent switch but the packets wont be
processed by the transparent switch.

VTP Versions
Difference between VTP versions
VTP version 1:
Supports normal VLAN numbers (1-1001)
Supports pruning of unused VLANs (no longer sends broadcasts and unknown
unicasts
supports cleartext and MD5 digest password
VTP version 2:
Forwards the VTP messages without checking the version number or domain in
transparent mode
Supports Token Ring
Performs consistency check on the VTP / VLAN parameters (from CLI or SNMP)
Pass on Unrecognised TLVs

VTP version 3:
Supports extended VLAN numbers (1-4095)
Transfer information regarding Private VLAN structure
Support for databases other than VLAN (for example MST)
Protection from unintended database overrides during insertion of new switches
Hidden password protection

VTP Configurations
I will be working with Switch1 and Switch2. I will configure port fa0/9 on each
switch as a trunk port, configure VTP for the domain lab.local with a VTP
password of cisco. I will configure Switch2 to be a VTP Client. Finally I will verify
VTP is working with some useful show and debugging commands.

Switch 1

switch1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch1(config)#int fastEthernet 0/9
switch1(config-if)#switchport mode trunk
switch1(config-if)#exit
switch1(config)#vtp domain lab.local
Changing VTP domain name from NULL to lab.local
switch1(config)#vtp password cisco
Setting device VLAN database password to cisco.
switch1(config)#end

switch1#sh vtp status


VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 6
VTP Operating Mode : Server
VTP Domain Name : lab.local
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x12 0xBF 0xAA 0x37 0xDC 0x26 0xF2 0x03
Configuration last modified by 10.0.1.210 at 3-1-93 03:11:00
Local updater ID is 10.0.1.210 on interface Vl1 (lowest numbered VLAN interface
found)

Switch2

switch2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch2(config)#interface fastEthernet 0/9
switch2(config-if)#switchport mode trunk
switch2(config-if)#exit

switch2(config)#vtp domain lab.local


Changing VTP domain name from NULL to lab.local
switch2(config)#vtp password cisco
Setting device VLAN database password to cisco
switch2(config)#vtp mode client
Setting device to VTP CLIENT mode.
switch2(config)#end

switch2#sh vtp status


VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 6
VTP Operating Mode : Client
VTP Domain Name : lab.local
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x12 0xBF 0xAA 0x37 0xDC 0x26 0xF2 0x03
Configuration last modified by 10.0.1.210 at 3-1-93 03:11:00

Turn on debugging for VTP events on Switch2

switch2#terminal monitor
switch2#debug sw-vlan vtp events
vtp events debugging is on

Create a new VLAN on Switch1

switch1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch1(config)#vlan 3
switch1(config-vlan)#name test-vlan
switch1(config-vlan)#end

Switch2 displays the VTP events.

00:11:10: VTP LOG RUNTIME: Summary packet received, domain = lab.local, rev
= 1, followers = 1

00:11:10: VTP LOG RUNTIME: Summary packet rev 1 greater than domain
lab.local rev 0

00:11:10: VTP LOG RUNTIME: Domain lab.local currently not in updating state

00:11:10: VTP LOG RUNTIME: Subset packet received, domain = lab.local, rev =
1, seq = 1, length = 244

00:11:10: VTP LOG RUNTIME: Transmit vtp summary, domain lab.local, rev 1,
followers 1
MD5 digest calculated = C5 62 5F 4A 7B 07 69 C7 0E CD E9 42 0E 7C AF 5C

I verify that the VTP revision number has incremented on switch2

switch2#sh vtp status


VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 64
Number of existing VLANs : 7
VTP Operating Mode : Client
VTP Domain Name : lab.local
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xC5 0x62 0x5F 0x4A 0x7B 0x07 0x69 0xC7
Configuration last modified by 10.0.1.210 at 3-1-93 00:20:13

Attempts to create a VLAN on switch2 fails as it is in Client mode

switch2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch2(config)#vlan 4
VTP VLAN configuration not allowed when device is in CLIENT mode.

VTP Gotchas

If you configure a default switch as a VTP client but dont configure a VTP domain and then

reload the switch, the switch will come back up in VTP server mode. This could be a problem

if you were to configure a default switch as a client and then shipped it to site with the

intention of the switch inheriting the current VTP domain name once it was connected to the

network. Although the switch will inherit the VTP domain name, it will be in VTP server mode

rather than client mode.

Set VTP mode to client on a defaulted switch:

sw3(config)#vtp mode client

Setting device to VTP CLIENT mode.

sw3(config)#^Z

sw3#sh vtp s

*Mar 1 00:13:33: %SYS-5-CONFIG_I: Configured from console by console

Notice that the VTP domain is NULL:

sw3#sh vtp statu

VTP Version :2

Configuration Revision :0

Maximum VLANs supported locally : 1005


Number of existing VLANs :5

VTP Operating Mode : Client

VTP Domain Name :

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

Lets write the config and reload:

sw3#wr

Building configuration

[OK]

sw3#reload

Proceed with reload? [confirm]

*Mar 1 00:13:43: %SYS-5-RELOAD: Reload requestedBase ethernet MAC Address:

After the switch comes back up notice the VTP mode:

sw3#sh vtp status

VTP Version :2

Configuration Revision :0

Maximum VLANs supported locally : 1005

Number of existing VLANs :5

VTP Operating Mode : Server

VTP Domain Name :

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

Local updater ID is 0.0.0.0 (no valid interface found)

STP Basics
STP Elections
STP Modes
STP Features
Preview
Etherchannels
Switch Stacking and Chassis Aggregation
802.1X
DHCP Snooping
Non-default Native VLAN
Lan Switching Technologies

Routing Technologies

Inter-VLAN Routing
Router on a Stick
Dynamic Routing Protocols
EIGRP for IPv4 Overview
EIGRP for IPv4 Configurations
EIGRP for IPv4 Troubleshooting
EIGRP for IPv6 Configurations
OSPFv2 for IPv4 Overview
OSPFv2 for IPv4 Configurations
OSPFv2 for IPv4 Troubleshooting
OSPFv3 for IPv6 Configurations
Routing Technologies

WAN Technologies
WAN
PPP and MLPPP
PPPoE
GRE Tunnels
eBGP IPv4
WAN Technologies

Infrastructure Services
HSRP
Cloud Resources
QoS
Access-Lists
APIC-EM Path Trace ACL
Infrastructure Services

Infrastructure Maintenance
SNMP
IP SLA
SPAN
AAA with TACACS and RADIUS
Network Programmability
Layer 3 Troubleshooting
Infrastructure Maintenance