ITNET02 Module 04 Scaling VLANs

Module 4
Scaling VLANs
ITNET02
Basic Routing and Switching

Module Objectives
Module Title: Scaling VLANs

Module Objectives:
▪ Explain the need for manageability in a multi-switched VLAN environment
▪ Explain the use of VTP to synchronize VLAN configuration among switches
▪ Configure VTP in a network
▪ Explain the purpose and configure DTP to establish trunk links between switches
▪ Troubleshoot basic VLAN, Trunking and VTP related issues
Module References:
▪ CCNA R&S v6 ScaN- Module 2
▪ CCNAv7 SRWE – Module 3.3

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
4.1 Managing VLANs in a Network
VLANs
VLAN Ranges on Catalyst Switches
▪ Recall: Switches can support more than 4000
VLANs
• Normal range VLANs
• VLAN numbers from 1 to 1,005
• Configurations stored in the vlan.dat (in the flash
memory)
• Commonly used by small and medium-sized
networks
• Extended Range VLANs

• VLAN numbers from 1,006 to 4,096
• Configurations stored in the running configuration (NVRAM)
• Supports fewer VLAN features
• Commonly used by service providers or large organizations
VLANs
VLAN Management
▪ Recall:
• Ports need to be assigned to correct VLANs to be properly grouped together
• VLANs IDs need to be consistent across switches when trunking
• A VLAN must exist on every switch where its traffic needs to flow through
• Port modes (access / trunk) should match for data to be successfully transmitted
▪ Configuring and managing VLANs in a large network can be tedious – Imagine 20 or more
switches with more than 10 VLANs each!
▪ What’s needed for easier VLAN management in a multi-switch network:

• A way to automatically synchronize VLAN settings across switches
• A way for a switch port to automatically select the correct mode to use based on what’s
connected to it
4.2 VLAN Trunking Protocol
VTP Concepts and Operation
VTP Overview
▪ VLAN trunking protocol (VTP) allows a network administrator to manage VLANs by
distributing and synchronizing VLAN information over trunk links to VTP-enabled switches
throughout the switched network.
▪ Cisco proprietary protocol - Only Cisco manufactured switches can run this protocol
▪ Components:
VTP
VTP Domain VTP Mode VTP Password
Advertisements
VTP Domain
▪ A VTP domain consists of 1 or more interconnected switches
▪ All switches in a domain share VLAN configuration details through the exchange of VTP
advertisement messages using trunk connections
▪ A router of Layer 3 device defines the boundary of VTP messages
▪ Switches belonging to the same domain must share a common VTP domain name to share
VLAN configuration
VTP Domain 1 VTP Domain 2

Name: ITNET.com Name: LBYITN.com
VTP Modes
A VTP-enabled switch can be set to 1 of the following modes:
▪ Server
• Advertises and synchronizes VLAN information with other VTP-enabled switches in the same domain
• Allowed to create, delete and rename VLANs for the domain
▪ Client
• Advertises and synchronizes VLAN information with other VTP-enabled switches in the same domain
• Cannot modify VLAN configuration – i.e. cannot create, delete or rename VLANs
▪ Transparent
• Serves as relay only of VLAN information for switches in the VTP domain and does not synchronize
VLAN settings with other switches in the domain
• Can create, delete and rename VLANs, but these stay local to the switch
▪ Off
• Does not relay any VLAN information to other switches
• Can create, delete and rename VLANs, but these stay local to the© 2016
switch
Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
VTP Advertisements
▪ Each switch in the VTP domain sends periodic global VLAN configuration advertisements
through trunk ports
▪ Neighbor switches listen for advertisements and update their VLAN databases as necessary
▪ Three types of VTP Advertisements:

• Summary advertisements – contain VTP
domain name and configuration revision
number.
• Advertisement request - response to a
summary advertisement message when the
summary advertisement contains a higher
configuration revision number than the
current value.
• Subset advertisements - contain VLAN
information including any changes.
VTP Advertisements
Rev 0
Rev 0
Rev 0
Rev 0
VTP Advertisements
Rev 1
VLAN 10 Sales VLAN 10 is added
Rev 1 Rev 1
VLAN 10 Sales VLAN 10 Sales
Rev 0
Rev 0
Rev 0
VTP Advertisements
Rev 1
VLAN 10 Sales
Rev 1 Rev 1
Rev 0
Rev 1
VLAN 10 Sales
Rev 1
Copy VLAN 10 VLAN 10 Sales
Rev 0
VTP Advertisements
Rev 1
VLAN 10 Sales
Rev 1 Rev 1
Rev 0
Rev 1
VLAN 10 Sales
No changes to Rev 1
VLAN DB VLAN 10 Sales
Rev 1
VLAN 10 Sales
Copy VLAN 10
VTP Advertisements
Rev 2
VLAN 10 Sales VLAN 20 is added
VLAN 20 IT
Rev 2
VLAN 10 Sales Rev 2
VLAN 20 IT VLAN 10 Sales
VLAN 20 IT
Rev 0
Rev 1
VLAN 10 Sales
Rev 1
VLAN 10 Sales
VTP Advertisements
Rev 2
VLAN 10 Sales
VLAN 20 IT
Rev 2
VLAN 10 Sales Rev 2
VLAN 20 IT
Rev 0
Rev 2
VLAN 10 Sales
VLAN 20 IT
Rev 2
Copy VLAN 20 VLAN 10 Sales
VLAN 20 IT
Rev 1
VLAN 10 Sales
VTP Advertisements
Rev 2
VLAN 10 Sales
VLAN 20 IT
Rev 2
VLAN 10 Sales Rev 2
VLAN 20 IT
Rev 0
Rev 2
VLAN 10 Sales
VLAN 20 IT
Rev 2
VLAN 10 Sales
VLAN 20 IT
Rev 2
VLAN 10 Sales
VLAN 20 IT
Copy VLAN 20
VTP Advertisements
Rev 2
VLAN 10 Sales
VLAN 20 IT
VLAN 2 is created
Rev 0
Rev 2
VLAN 2 MyVLAN
VLAN 10 Sales
VLAN 20 IT
No effect to other
switches
Rev 2
VLAN 10 Sales
VLAN 20 IT
VTP Password
▪ Switches in the VTP domain can be configured with a VTP password to ensure that only advertisements
from other switches that know the same password will be accepted and used for synchronization
▪ VTP password is used in calculating for a hash value that is included in the advertisement message. This
is used by a receiving switch to authenticate the source of the advertisement
▪ Used as protection against attempts to tamper with the VLAN database by malicious hosts that may have
knowledge of the VTP domain name
VLAN 10
Switch1 Switch2
VLAN 20 Advertisement
send
Updates + VTP password VLAN 10 VLAN 10 VLAN 10 + VTP password
VLAN 20 VLAN 20 VLAN 20
359chze*@ 359chze*@
Computed hash
compute 359chze*@ 359chze*@ = 359chze*@

compute
Hash © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
VTP Configuration
Default VTP configuration
▪ By default, a switch will have the following default VTP settings:
Configuration Value VTP Versions:

• v1 and v2 are almost the
VTP Version 1
same, with v2 able to
Domain Name <none> perform additional
consistency checks and
Mode Server
support Token Ring
Password <none> networks
• v3 is capable of enhanced
Configuration revision 0
authentication and
supporting extended range
VLANs
VTP Configuration
VTP Configuration Overview
▪ Steps to configure VTP for the nework:

• Step 1 - Configure trunk links
• Step 2 - Configure the VTP version, mode, domain name and password of each switch
• Step 3 - Configure VLANs on the VTP Server. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
VTP Configuration
Step 1 – Configure Trunk Links
▪ Before VTP Advertisements can be successfully transmitted between switches, the
switches must be connected to each other using trunk links
▪ Example: S1(config)# interface fa0/1
S1(config-if)# switchport mode trunk
S1(config-if)# interface fa0/3
S2(config)# interface fa0/1

S3(config)# interface fa0/1

VTP Configuration
Step 2 – Configure the VTP Settings of Each Switch
Task IOS Command
Set the VTP version. This needs to be the same across all
Switch(config)# vtp version vnum
switches (1 / 2 / 3)
Set the VTP domain name. This needs to be the same
Switch(config)# vtp domain domain-name
across all switches
Set the VTP mode (server / client / transparent / off) Switch(config)# vtp mode mode
Set the VTP password. This needs to be the same across

Switch(config)# vtp password password
all switches (Optional but good practice)
▪ Example:
S1(config)# vtp version 2
S1(config)# vtp domain ITNET.com
S1(config)# vtp mode server
S1(config)# vtp password H3llo!
VTP Configuration
Step 3 – Configure VLANs on Servers
▪ Once VTP configurations are set on switches, VLANs can be created on servers and these will
automatically be propagated to the clients in the VTP domain.
▪ Example: S1(config)# vlan 10

S1(config-vlan)# SALES
S1(config-vlan)# vlan 20
S1(config-vlan)# MARKETING
S1(config-vlan)# vlan 30
S1(config-vlan)# name ACCOUNTING
S1(config)# end
▪ Each change in VLAN settings (creating, renaming, deleting) increments the VTP configuration revision
number of the domain
▪ VLANs can be configured on transparent switches but will not affect the rest of the switches in the
domain.
▪ Note: Extended range VLANs can be created only on transparent switches if using VTP version 1 and 2
VTP Verification
Verifying VTP Settings
▪ The show vtp status command displays the VTP status which includes :
• VTP Version capable and running S1#show vtp status
VTP Version : 2
• VTP Domain Name
Configuration Revision : 6
• Configuration Last Modified Maximum VLANs supported locally : 255
• VTP Operating Mode Number of existing VLANs : 8
VTP Operating Mode : Server
• Maximum VLANs Supported Locally VTP Domain Name : ITNET.com
• Number of Existing VLANs VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
• Configuration Revision VTP Traps Generation : Disabled
• MD5 Digest MD5 digest : 0x32 0x99 0xD7 0x17 0x16
Configuration last modified by 0.0.0.0 at 3-1-93 00:17:52
▪ The show vtp password command displays the currently configured VTP password
S1#show vtp password

VTP Password: H3llo!
S1#
VTP Caveats
▪ VTP configurations and revision number
are stored in as part of the vlan.dat file.
▪ Before connecting a switch to an existing

VTP domain, ALWAYS reset its config
revision number to zero to avoid
accidentally introducing VLAN database
changes to the network.
▪ 2 methods to reset VTP configuration

revision number:
• Change the switch's VTP domain to a
nonexistent VTP domain and then change
the domain back to the original name.
• Change the switch's VTP mode to
transparent and then back to previous VTP
mode.
▪ Scenario
VTP Caveats (Cont.) • S1, S2 and S3 are in the VTP domain
• VLAN DBs contain VLAN 1, 10 and 20
35 • Current revision number is 17
30, 40 35
30, 40 • S4 is added.
• Startup config and VLAN.dat have not
been erased
• VLAN DB contains VLAN 1, 30 and 40
• Same VTP domain name configured as
other two switches but has a higher revision
number (35)
• Effect
• S1, S2 and S3 will sync with S4, deleting
VLANs 10 and 20, and adding VLANs 30
and 40.
35 • Ports assigned to VLAN 10 and 20 are
30, 40
disabled
• Clients that are connected to effected ports
lose connectivity to the network
4.3 Dynamic Trunking Protocol
Dynamic Trunking Protocol
Introduction to DTP
▪ Dynamic Trunking Protocol (DTP) manages VLAN trunk negotiation between switches to help
prevent incompatible port modes from disrupting network connectivity
▪ Works by having linked switch ports negotiate with each other for a trunking state only if both
sides of the connection can support it
▪ Cisco proprietary protocol. Switches from other vendors do not support DTP.
▪ Automatically enabled on a switch port when certain trunking modes are configured on the
switch port.
I’m capable of trunking. Yes, I can too.

Let’s form a trunk link! Let’s do that!
Negotiated Interface Modes
▪ Different trunking modes:
• Access - Port periodically sends DTP advertisements, It advertises to the remote port that it is not
trunking and cannot go to the a trunking state
• Dynamic auto - Port periodically sends DTP frames. It advertises to the remote switch port that it is can
trunk but does not request to go to the trunking state. This is the default mode.
• Dynamic desirable - Port periodically sends DTP frames. It advertises to the remote switch port that it
can trunk and asks the remote switch port to go to the trunking state.
• Trunk – Port periodically sends DTP advertisements, It advertises to the remote port that it is in a trunking
state
• DTP Off – Port does not send nor respond to DTP frames
Configuring DTP
Task IOS Command
Select the interface to be configured Switch(config)# interface interface-id
Set the DTP mode (access / trunk / dynamic auto/ dynamic desirable)
Switch(config-if)# switchport mode mode
Note: Switch ports are using dynamic auto mode by default
Turn off DTP (Optional)
Switch(config-if)# switchport nonnegotiate
Note: If turning off DTP, only trunk or access mode can be used
▪ Example:
S1(config)# interface Fa0/1
S1(config-if)# switchport mode dynamic desirable
S2(config)# interface Fa0/1

S2(config-if)# switchport mode dynamic auto
Verifying DTP
▪ Show interface interface-id switchport– verifies trunking and DTP operation of a switch port
S1#show interface fa0/1 switchport

What mode is Name: Fa0/1
Switchport: Enabled
configured on the port
Administrative Mode: static trunk
Operational Mode: trunk
What the port is Administrative Trunking Encapsulation: dot1q
currently operating as Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
DTP on/off ...
Verifying DTP
▪ Show dtp interface interface-id – verifies DTP operation an a switch port
• TOS = Trunk Operational Status (what the port is currently operating as – access or trunk)
• TAS = Trunk Administrative Status (what mode is configured on the port – on, off, desirable, auto or
nonegotiate)
• TNS = Trunk Negotiation Status (what operation DTP negotiated for – access or trunk)
S1#show dtp interface fa0/1
DTP information for FastEthernet0/1:
TOS/TAS/TNS: TRUNK/DESIRABLE/TRUNK
TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q
Neighbor address 1: 0CD996D23F81
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 12/RUNNING
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
FSM state: S6:TRUNK
...
4.4 Troubleshooting VLANs, VTP
and Trunks
Troubleshoot VLANs, VTP and Trunks
Common Issues with VLANs Implementations
▪ When errors exist in VLAN-related configurations, it would most commonly result in
lack of connectivity between hosts that supposedly have access to each other
▪ Common errors
IP Wrong
Missing Incorrect
Addressing VLAN
VLANs Port Mode
Issue Assignment
Incorrect Native
Allowed VLAN VTP Issues
VLAN List mismatch
Troubleshoot VLANs and Trunks
IP Addressing Issue
▪ Common practice to associate a
VLAN with an IP network.
• Different IP networks must
communicate through a router.
• All devices within a VLAN must be
part of the same IP network to
communicate.
▪ In the figure, PC1 cannot

communicate to the server because it
has a wrong IP address configured.
Wrong Port Assignment
▪ If all the IP address mismatches have been solved, but the device still cannot connect, check if the
VLAN exists in the switch and if the port it connects to is correctly assigned.
S1#show mac address-table

Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports

---- ----------- -------- -----
10 0003.e498.b101 DYNAMIC Fa0/1

99 0003.e498.b101 DYNAMIC Fa0/1
Missing VLANs
▪ If all the IP address mismatches have been solved, but the device still cannot connect, check if the
VLAN exists in the switch and if the port it connects to is correctly assigned.
S1#show int fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (inactive)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
...
If the VLAN to which the port belongs is missing, the

port becomes inactive and is unable to communicate
with the rest of the network.
Missing VLANs
▪ Traffic also cannot be forwarded by a switch through its trunk connections for a VLAN that does not
exist
S1#show interfaces trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 99
Port Vlans allowed on trunk

Fa0/1 10,20,30
Port Vlans allowed and active in management domain

Fa0/1 20,30
Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 none
Switch#
X
Common VTP Issues
Common issues associated with VTP
Issue Symptoms How to Fix

Incompatible VTP versions VLAN databases not Ensure uniform version, password and domain
synchronizing name on all switches.
VTP Password Issues Domain name and password are case-
Incorrect VTP Domain Name sensitive.
No trunk link between VLAN databases not Ensure that there are functioning trunk links
switches synchronizing between switches in the same VTP domain
All switches set to client Unable to modify or VLAN Ensure there is at least 1 server in the domain.
mode settings for the network For better resiliency, set 2 switches as VTP
server so that there is a backup in case 1 fails.
Incorrect configuration Wrong VLAN settings are Recreate correct VLAN settings on the VTP
revision number propagated across all server.
switches in the network Remember to reset VTP settings on a used
switch before adding it to the network next
time © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Mismatched VTP Settings
▪ VTP version, domain name and passwords need to match on switches for VLAN databases to
synchronize correctly
S1#show vtp status
VTP Version : 2
Maximum VLANs supported locally : 255
Number of existing VLANs : 8
VTP Domain Name : ITNET.com
...
S1#
S2#show vtp status

VTP Version : 2
VTP Domain Name : itnet.com
...
VTP Password: H3llo! © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
S2#
No Functional Trunks
▪ VTP relies on trunk links to synchronize VLAN database among switches. Ensure that switch-to-switch
links are operating properly as trunks
S3#show vtp status
VTP Version : 2
VTP Operating Mode : Client
VTP Domain Name : ITNET.com
...
No output!
S3#
▪ In this scenario, S3 has the correct VTP settings but the link to S1 is
not functioning as a trunk
Common Problems with Trunks
▪ Trunking issues are usually associated with incorrect configurations.
▪ The most common type of trunk configuration errors are:
▪ When a trunk problem is suspected, it is recommended to troubleshoot in the order shown above.
Native VLAN Mismatch
▪ A native VLAN mismatch can cause connectivity issues and at the same time, generate error
messages on the device console:
S1#
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/1 (2), with
S3 FastEthernet0/1 (99)
In this example, the Native VLAN should

be VLAN 99 however, the output of the
command identifies VLAN 2 as the Native
VLAN.

Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 2

Fa0/1 10,20,30,99
Incorrect / Mismatched Port Mode
▪ In this example, PC4 cannot reach the Web server.
• The trunk links on S1 and S3 are verified and reveal that the S3 trunk port has been configured as an
access port.
Name: Fa0/3
Switchport: Enabled
Administrative Mode: static trunk
Operational Mode: trunk
...
Name: Fa0/3
Switchport: Enabled
Administrative Mode: static access
Operational Mode: access
...
Incorrect Allowed VLAN List
▪ In this example, PC5 cannot reach the Student Email server.
• The output of the show interfaces trunk command reveals S1 is not allowing VLAN 20.

Port Mode Encapsulation Status
Fa0/1 on 802.1q trunki

Fa0/1 10,99
Port Vlans allowed and active in manage

Fa0/1 10,99
Port Vlans in spanning tree forwarding

Fa0/1 none
S1#
Questions?
Module Summary
What did you learn in this module?
• VTP is a Cisco proprietary protocol that is used to maintain consistency of VLAN
configurations across switches in a network
• VTP-enabled switches use VTP advertisements which carry a configuration
revision number to synchronize VLAN databases
• VTP-enabled switches take the role of:
• Server - performs synchronization, can change VLAN configurations globally
• Client – performs synchronization, cannot change VLAN configuration
• Transparent – does not synchronize with other switches, can change own VLAN
configurations
• Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP).
• DTP is a Cisco proprietary protocol that manages trunk negotiations.

ITNET02 Module 04 Scaling VLANs

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ITNET02 Module 04 Scaling VLANs

Uploaded by

Copyright:

Available Formats

Module 4

Basic Routing and Switching

Module Title: Scaling VLANs

▪ Explain the use of VTP to synchronize VLAN configuration among switches

▪ Configure VTP in a network

▪ Troubleshoot basic VLAN, Trunking and VTP related issues

▪ CCNAv7 SRWE – Module 3.3

• Extended Range VLANs

▪ What’s needed for easier VLAN management in a multi-switch network:

VTP Domain 1 VTP Domain 2

▪ Three types of VTP Advertisements:

compute 359chze*@ 359chze*@ = 359chze*@

Configuration Value VTP Versions:

▪ Steps to configure VTP for the nework:

S2(config)# interface fa0/1

S3(config)# interface fa0/1

Set the VTP password. This needs to be the same across

▪ Example: S1(config)# vlan 10

S1#show vtp password

▪ Before connecting a switch to an existing

▪ 2 methods to reset VTP configuration

I’m capable of trunking. Yes, I can too.

Select the interface to be configured Switch(config)# interface interface-id

S2(config)# interface Fa0/1

S1#show interface fa0/1 switchport

▪ In the figure, PC1 cannot

S1#show mac address-table

Vlan Mac Address Type Ports

10 0003.e498.b101 DYNAMIC Fa0/1

If the VLAN to which the port belongs is missing, the

S1#show interfaces trunk

Port Vlans allowed on trunk

Port Vlans allowed and active in management domain

Port Vlans in spanning tree forwarding state and not pruned

Issue Symptoms How to Fix

S2#show vtp status

▪ The most common type of trunk configuration errors are:

In this example, the Native VLAN should

S1#show interfaces trunk

Port Vlans allowed on trunk

S1#show interfaces trunk

Port Vlans allowed on trunk

Port Vlans allowed and active in manage

Port Vlans in spanning tree forwarding

You might also like

compute 359chze@ 359chze@ = 359chze*@