66
7/27/2019 BCMSN30S02 VLAN http://slidepdf.com/reader/full/bcmsn30s02-vlan 1/66

BCMSN30S02 VLAN

Embed Size (px)

Citation preview

Page 1: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 1/66

Page 2: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 2/66

Issues in a Poorly Designed Network

• Unbounded failuredomains

• Large broadcast domains

• Large amount of 

unknown MAC unicasttraffic

• Unbounded multicasttraffic

• Management and

support challenges

• Possible securityvulnerabilities

Page 3: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 3/66

Scalable Network Addressing

• Allocate IP address spaces in contiguous blocks.

• Allocate one IP subnet per VLAN.

IT, Human Resources Sales, Marketing Finance, Accounting

Page 4: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 4/66

Interconnection Technologies

Technology Use

Fast Ethernet Connects end-user devices to the access

layer switchGigabitEthernet

Access to distributionswitch, high-use servers

10-GigabitEthernet

High-speed switch toswitch links, backbones

EtherChannel High-speed switch toswitch links, backboneswith redundancy

Page 5: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 5/66

Determining Equipment and Cabling Needs

Each link providesadequate bandwidth for traffic aggregating over 

that link.

Page 6: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 6/66

VLANs and the Logical Network

Page 7: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 7/66

Network Traffic Types

Traffic types to consider:

• Network management

• IP telephony

• Multicast

• Normal data

• Scavenger class

Page 8: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 8/66

Traffic Path for IP Telephony

Consider complete traffic path when placing equipment andconfiguring VLANs.

Page 9: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 9/66

Traffic Path for IP Multicast

Consider complete traffic path when placing equipment andconfiguring VLANs.

Page 10: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 10/66

Summary

• Poorly designed networks can lead to large broadcastdomains.

• A hierarchical IP addressing scheme scales well in the CampusInfrastructure module.

The interconnection technology used depends on the amountof traffic the link must carry.

• Select the best equipment, cabling, and interconnectiontechnologies to connect devices.

• VLANs should map to the IP hierarchy for the Campus

Infrastructure module.• Separate voice and data VLANs are recommended.

Page 11: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 11/66

Defining VLANs

Implementing VLANs

Page 12: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 12/66

What Is an End-to-End VLAN?

• Users are grouped into VLANs independent of physicallocation.

• If users are moved within the campus, their VLANmembership remains the same.

Page 13: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 13/66

What Is a Local VLAN?

Local VLANs are generally confined to a wiring closet.

Page 14: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 14/66

Benefits of Local VLANs in the ECNM

• Deterministic traffic flow

• Active redundant paths

• High availability

• Finite failure domain

• Scalable design

Page 15: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 15/66

VLAN Configuration Modes

Global Mode

Switch# configure terminal Switch(config)# vlan 3 Switch(config-vlan)# name Vlan3Switch(config-vlan)# exit Switch(config)# end 

Page 16: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 16/66

VLAN Configuration Modes

Database Mode

Switch# vlan database 

Switch(vlan)# vlan 3 

 VLAN 3 added: Name: VLAN0003

Switch(vlan)# exit  APPLY completed.Exiting....

Page 17: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 17/66

VLAN Access Ports

The access switch port associated with a single data VLAN

Page 18: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 18/66

VLAN Implementation Commands

Configuring VLANs

• vlan 101

• switchport mode access

• switchport access vlan 101

Verifying VLANs

• show interfaces

• show vlan

Page 19: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 19/66

How to Implement a VLAN

• Create or configure a VLAN.

• Verify VLAN configuration.

• Associate switch ports withthe VLAN.

• Verify switch portconfiguration.

• Test VLAN connectivity.

• Implement VLAN and switchsecurity.

Page 20: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 20/66

Configuring an Access VLAN

Switch(config)# vlan vlan_id 

Create a VLAN.

Switch(config-vlan)# name vlan_name

Provide a VLAN name.

Switch(config-if)# switchport mode access

Place the switch port into access mode.

Switch(config-if)# switchport access vlan vlan_id 

Associate the access switch port with a VLAN.

Page 21: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 21/66

Verifying the Access VLAN Configuration

Switch#show vlan

 VLAN Name Status Ports---- -------------------------------- --------- ---------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/7, Fa0/911 asw11_data active12 asw12_data active95 VLAN0095 active Fa0/8

99 Trunk_Native active100 Internal_Access active111 voice-for-group-11 active112 voice-for-group-12 active1002 fddi-default act/unsup1003 token-ring-default act/unsup1004 fddinet-default act/unsup1005 trnet-default act/unsup

 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1----- ---------- ----- ------ ------ -------- ---- -------- ------

1 enet 100001 1500 - - - - - 011 enet 100011 1500 - - - - - 0. . . . .. . . .. . .

Page 22: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 22/66

Summary

• An end-to-end VLAN is geographically dispersed throughoutthe network.

• Local VLANs should be created with physical boundaries inmind.

•VLANs solve issues that arise in a Layer 2 switched network.

• VLANs can be configured globally or in VLANdatabase mode.

• An access switch port is associated with one VLAN.

• Cisco provides a series of commands to configure a VLANand verify configuration on an access switch.

• A series of ordered steps should be followed to implementa VLAN.

Page 23: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 23/66

Defining VLANs

Implementing Trunks

Page 24: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 24/66

Maintaining Specific VLAN Identification

Specifically developed for multi-VLAN interswitchcommunications

• Places a unique identifier in each frame

• Functions at Layer 2

Page 25: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 25/66

VLAN Trunking

Page 26: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 26/66

Comparing ISL and 802.1Q

ISL 802.1Q

Proprietary Nonproprietary

Encapsulated Tagged

Protocol independent Protocol dependent

Encapsulates the oldframe in a new frame

Adds a field tothe frame header 

Page 27: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 27/66

Trunking with ISL

• Is a Cisco proprietaryprotocol

• Supports PVST

• Uses an encapsulation

process• Does not modify the

original frame

Page 28: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 28/66

ISL Encapsulation

Page 29: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 29/66

Trunking with 802.1Q

• An IEEE standard

• Adds a 4-byte tag tothe original frame

• Additional tagincludes a priority

field

• Does not tag framesthat belong to thenative VLAN

• Supports Cisco IP

telephony

Page 30: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 30/66

The 802.1Q Tagging Process

Page 31: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 31/66

802.1Q Native VLAN

Native VLAN frames are carried over the trunk link untagged.

Page 32: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 32/66

VLAN Ranges

VLAN Range Use

0, 4095 Reserved for system use only

1 Cisco default

2 –1001 For Ethernet VLANs

1002 –1005 Cisco defaults for FDDI and Token Ring

1006 –4094 Ethernet VLANs only, unusable on specificlegacy platforms

Page 33: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 33/66

Trunking Configuration Commands

Configuring a Trunk

• switchport trunk

• switchport mode

• switchport nonegotiate

• Trunks can be configured statically or via DTP.

• DTP provides the ability to negotiate the trunking method.

Page 34: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 34/66

Switchport Mode Interactions

Dynamic

Auto

Dynamic

DesirableTrunk Access 

Dynamic

AutoAccess Trunk Trunk Access

DynamicDesirable

Trunk Trunk Trunk Access

Trunk Trunk Trunk TrunkNot

recommended

Access Access Access

Not

recommended Access

Note: Table assumes DTP is enabled at both ends.

• show dtp interface  – to determine current setting

Page 35: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 35/66

How to Configure Trunking

1. Enter interface configuration mode.

2. Shut down interface.

3. Select the encapsulation (802.1Q or ISL).

4. Configure the interface as a Layer 2 trunk.

5. Specify the trunking native VLAN (for 802.1Q).

6. Configure the allowable VLANs for this trunk.

7. Use the no shutdown command on the interface toactivate the trunking process.

8. Verify the trunk configuration.

Page 36: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 36/66

802.1Q Trunk Configuration

Switch(config)#interface fastethernet 5/8 

Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation dot1q  Switch(config-if)#switchport trunk allowed vlan 1,5,11,1002-1005 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk native vlan 99Switch(config-if)#switchport nonegotiate Switch(config-if)#no shutdown

Page 37: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 37/66

Verifying the 802.1Q Configuration

Switch#show running-config interface {fastethernet |gigabitethernet} slot/port

Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ]

Switch#show interfaces fastEthernet 5/8 switchport Name: fa5/8Switchport: Enabled 

 Administrative Mode: trunkOperational Mode: trunk

 Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q 

 Negotiation of Trunking: Off Access Mode VLAN: 1 (default)Trunking Native Mode VLAN: 99 (trunk_only)

Trunking VLANs Enabled: 1,5,11,1002-1005Pruning VLANs Enabled: 2-1001

. . .

Page 38: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 38/66

Verifying a 802.1Q Dynamic Trunk Link

Switch#show running-config interface fastethernet 5/8 

Building configuration...

Current configuration:

!

interface FastEthernet5/8

switchport mode dynamic desirable

switchport trunk encapsulation dot1q 

Switch#show interfaces fastethernet 5/8 trunk 

Port Mode Encapsulation Status Native vlan

Fa5/8 desirable 802.1q trunking 99

Port Vlans allowed on trunk

Fa5/8 1,5,11,1002-1005

Port Vlans allowed and active in management domain

Fa5/8 1,5,1002-1005

Port Vlans in spanning tree forwarding state and not pruned 

Fa5/8 1,5,1002-1005

Page 39: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 39/66

ISL Trunk Configuration

Switch(config)#interface fastethernet 2/1 Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation isl 

Switch(config-if)#switchport trunk allowed vlan 1-5,1002-1005 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport nonegotiate Switch(config-if)#no shutdown

Page 40: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 40/66

Verifying ISL Trunking

Switch#show running-config interface {fastethernet |gigabitethernet} slot/port

Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ]

Switch#show interfaces fastethernet 2/1 trunk 

Port Mode Encapsulation Status Native VLANFa2/1 trunk isl trunking 99

Port VLANs allowed on trunk

Fa2/1 1-5,1002-1005

Port VLANs allowed and active in management domainFa2/1 1-2,1002-1005

Port VLANs in spanning tree forwarding state and not pruned Fa2/1 1-2,1002-1005

Page 41: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 41/66

Summary

• Trunk links carry traffic from multiple VLANs.

• ISL is Cisco proprietary and encapsulates the Layer 2 frames.

• 802.1Q is an IEEE standard for trunking, which implements a4-byte tag.

• The 802.1Q native VLANs forward frames without the tag.

• VLAN numbers have specific ranges and purposes.

• Various commands are used to configure and verify ISL and802.1Q trunk links.

Allow only required VLANs over the trunk.

Page 42: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 42/66

Defining VLANs

Propagating VLAN Configurations with VTP

Page 43: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 43/66

The VTP Domain

• Group of switches that exchange VLAN information

• VLANs administered centrally at a chosen switch

Page 44: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 44/66

The VTP Protocol

• Advertises VLAN configuration information

• Maintains VLAN configuration consistency throughout acommon administrative domain

• Sends advertisements on trunk ports only

Page 45: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 45/66

VTP Modes

Client

• Cannot create, change,

or delete VLANs• Forwards advertisements

• Synchronizes VLANconfigurations

• Does not save inNVRAM 

Transparent

• Creates, modifies, and deletes local VLANs

• Forwards advertisements

• Does not synchronize VLAN configurations

• Saves configuration in NVRAM

Server (default mode)

• Creates, modifies, and deletes VLANs

• Sends and forwards advertisements

• Synchronizes VLAN configurations

• Saves configuration in NVRAM

Page 46: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 46/66

Pruning Disabled Pruning Enabled

VTP Pruning

• Uses bandwidth more efficiently by reducing unnecessaryflooded traffic

• Example: Station A sends broadcast; broadcast flooded onlytoward any switch with ports assigned to the red VLAN

Page 47: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 47/66

VTP Operation

VTP advertisements are sent as multicast frames.• VTP servers and clients are synchronized to the latest revision number.

• VTP advertisements are sent every 5 minutes or when there is a change.

Page 48: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 48/66

VTP Configuration Commands

Configuring VTP

• vtp domain

• vtp mode

• vtp password

Verifying VTP

• show vtp status

• show vtp counters

Page 49: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 49/66

Configuring a VTP Management Domain

Configure each switch in the following order to avoiddynamic learning of the domain name:

• VTP password

• VTP domain name (case sensitive)

• VTP mode (server mode is the default)

Page 50: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 50/66

Configuring and Verifying VTP

Switch#show vlan brief

• Displays a list of current VLANs

Switch(config)#vtp mode

• Sets the VTP mode to server, client, or transparent

Switch(config)#vtp domain domain_name

• Sets the VTP domain name

Switch# show vtp status 

• Displays the current settings for VTP

• Sets the VTP password

Switch(config)#vtp password  password_string  

Page 51: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 51/66

Verifying the VTP Configuration

Switch#show vtp status 

 VTP Version : 2Configuration Revision : 28 Maximum VLANs supported locally : 1005 Number of existing VLANs : 17 VTP Operating Mode : Client VTP Domain Name : BCMSN VTP Pruning Mode : Enabled 

 VTP V2 Mode : Disabled  VTP Traps Generation : Disabled  MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80Configuration last modified by 10.1.1.1 at 8-12-05 15:04:49Switch#

Switch#show vtp status

Page 52: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 52/66

Verifying the VTP Configuration (Cont.)

Switch#show vtp counters

 VTP statistics:Summary advertisements received : 7

Subset advertisements received : 5Request advertisements received : 0Summary advertisements transmitted : 997Subset advertisements transmitted : 13Request advertisements transmitted : 3 Number of config revision errors : 0 Number of config digest errors : 0 Number of V1 summary errors : 0

 VTP pruning statistics:Trunk Join Transmitted Join Received Summary advts received from 

non-pruning-capable device---------------- ---------------- ---------------- ---------------------------Fa5/8 43071 42766 5

Switch#show vtp counters

Page 53: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 53/66

Adding a Switch to an Existing VTP Domain

Ensure a new switch has VTP revision 0 before adding itto a network.

Page 54: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 54/66

Summary

• Switches in a VTP domain share VLAN information.

• VTP advertises VLAN information.

• VTP operates in one of three modes: server, client, or transparent.

• VTP Pruning uses available bandwidth more efficiently.

• VTP uses a specific process to distribute and synchronizeVLAN information between switches.

• Various commands are used to configure and verify VTPoperation on a switch.

• VTP commands should be applied in a particular order.

• Specific steps should be followed when adding a new switchto an existing VTP domain.

Page 55: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 55/66

Defining VLANs

Correcting Common VLAN ConfigurationErrors

Page 56: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 56/66

Issues with 802.1Q Native VLAN

• Native VLAN frames are carried over the trunk link untagged.

• A native VLAN mismatch will merge traffic between VLANs.

Page 57: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 57/66

802.1Q Native VLAN Considerations

Native VLAN must match at ends of trunk; otherwise, frames will“leak” from one VLAN to another. 

• By default, the native VLAN will be VLAN1.

 – Avoid using VLAN1 for management purposes.

• Eliminate native VLANs from 802.1Q trunks by making the native

VLAN an “unused” VLAN.

Page 58: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 58/66

Explaining Trunk Link Problems

• Trunks can be configured statically or autonegotiated with DTP.

• For trunking to be autonegotiated, the switches must be in the sameVTP domain.

• Some trunk configuration combinations will successfully configurea trunk, some will not.

• Will any of the above combinations result in an operational trunk?

Page 59: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 59/66

Resolving Trunk Link Problems

• When using DTP, ensure that both ends of the link are in thesame VTP domain.

• Ensure that the trunk encapsulation type configured on bothends of the link is valid.

On links where trunking is not required, DTP should beturned off.

• Best practice is to configure trunk and nonegotiate wheretrunks are required.

Page 60: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 60/66

Common Problems with VTP Configuration

• Updates not received as expected

 – VTP domain and passwordmust match.

• Missing VLANs

 – Configuration has beenoverwritten by another VTPdevice.

• Too many VLANs

 – Consider making VTP domainsmaller.

Example of New Switch Overwriting

Page 61: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 61/66

Example of New Switch Overwritingan Existing VTP Domain

VTP Version : 2Configuration Revision : 1Maximum VLANs supported locally : 1005

Number of existing VLANs : 6VTP Operating Mode : Server VTP Domain Name : building1

VTP Version : 2Configuration Revision : 2Maximum VLANs supported locally : 1005

Number of existing VLANs : 7VTP Operating Mode : ClientVTP Domain Name : building1

New switch not connected

Example of New Switch Overwriting an

Page 62: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 62/66

Example of New Switch Overwriting anExisting VTP Domain (Cont.)

VTP Version : 2Configuration Revision : 2Maximum VLANs supported locally : 1005Number of existing VLANs : 7VTP Operating Mode : Server VTP Domain Name : building1

VTP Version : 2Configuration Revision : 2Maximum VLANs supported locally : 1005Number of existing VLANs : 7VTP Operating Mode : ClientVTP Domain Name : building1

New switch connected

Page 63: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 63/66

Implementing VTP in the ECNM

• Plan VTP domain boundaries.

• Have only one or two VTP servers.

• Configure a VTP password.

• Manually configure the VTP domain name on all devices.

• When setting up a new domain:

 – Configure VTP client switches first so that they participatepassively.

• When cleaning up an existing VTP domain:

 –Configure passwords on servers first because clients mayneed to maintain current VLAN information until the server is verified as complete.

Page 64: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 64/66

Summary

• 802.1Q native VLAN can cause security issues.

• Configure the native VLAN to be an “unused” VLAN. 

• Some trunk link configuration combinations can result inproblems on the link.

•Best practice is to configure trunks statically rather thanwith DTP.

• Misconfiguration of VTP can give unexpected results.

• Make only one or two VTP servers; keep the remainder asclients.

Page 65: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 65/66

Module Summary

• A poorly designed network leads to large broadcast domains.

• Global configuration mode is the preferred way of creatingand managing VLANs.

• Multiple VLANs can be carried on a single access todistribution link by configuring VLAN trunking.

• VLAN configuration information can be sent betweenswitches using VTP.

• VLAN configuration issues can lead to unexpectedcommunication problems.

Page 66: BCMSN30S02 VLAN

7/27/2019 BCMSN30S02 VLAN

http://slidepdf.com/reader/full/bcmsn30s02-vlan 66/66