76 Chapter 3: Virtual LANs and Trunking
Table 3-2 summarizes the key features and points of comparison between ISL and 802.1Q.
Table 3-2 |
ISL and 802.1Q Compared |
|
|
|
|
|
|
|
Function |
ISL |
802.1Q |
|
|
|
|
|
Standards body that defines the protocol |
Cisco-proprietary |
IEEE |
|
|
|
|
|
Encapsulates the original frame |
Yes |
No |
|
|
|
|
|
Allows multiple spanning trees |
Yes, with PVST+ |
Yes, with PVST+ or 802.1S |
|
|
|
|
|
Uses a native VLAN |
No |
Yes |
|
|
|
|
VLAN Trunking Protocol (VTP)
Cisco switches use the proprietary VTP to exchange VLAN configuration information between switches. VTP defines a Layer 2 messaging protocol that allows the switches to exchange VLAN configuration information so that the VLAN configuration stays consistent throughout a network. For instance, if you want to use VLAN 3 and name it “accounting,” you can configure that information in one switch, and VTP will distribute that information to the rest of the switches. VTP manages the additions, deletions, and name changes of VLANs across multiple switches, minimizing misconfigurations and configuration inconsistencies that can cause problems, such as duplicate VLAN names or incorrect VLANtype settings.
VTP makes VLAN configuration easier. However, you have not yet seen how to configure VLANs, so to better appreciate VTP, consider this example: If a network has ten interconnected switches, and parts of VLAN 3 were on all ten switches, you would have to enter the same config command on all ten switches to create the VLAN. With VTP, you would create VLAN 3 on one switch, and the other nine switches would learn about VLAN 3 dynamically.
The VTP process begins with VLAN creation on a switch called a VTP server. The changes are distributed as a broadcast throughout the network. Both VTP clients and servers hear the VTP messages and update their configuration based on those messages. So VTP allows switched network solutions to scale to large sizes by reducing the manual configuration needs in the network.
How VTP Works
VTP floods advertisements throughout the VTP domain every 5 minutes, or whenever there is a change in VLAN configuration. The VTP advertisement includes a configuration revision number, VLAN names and numbers, and information about which switches have ports assigned to each VLAN. By configuring the details on one (or more) VTP server and propagating the information through advertisements, all switches know the names and numbers of all VLANs.
VLAN Trunking Protocol (VTP) 77
One of the most important components of the VTP advertisements is the configuration revision number. Each time a VTP server modifies its VLAN information, it increments the configuration revision number by 1. The VTP server then sends out a VTP advertisement that includes the new configuration revision number. When a switch receives a VTP advertisement with a larger configuration revision number, it updates its VLAN configuration. Figure 3-6 illustrates how VTP operates in a switched network.
Figure 3-6 VTP Operation
1 Add New VLAN
2 Rev 3 |
Rev 4 |
3 Send VTP Advertisement |
VTP |
3 Send VTP Advertisement |
|
Server |
|
VTP |
|
VTP |
client |
|
Client |
4 Rev 3 |
Rev 4 |
5 Sync New VLAN Info |
|
4 Rev 3
Rev 4
5 Sync New VLAN Info
VTP operates in one of three modes:
■Server mode
■Client mode
■Transparent mode
For VTP to exchange information, some switches act as servers, and some act as clients. VTP servers can create, modify, and delete VLANs and other configuration parameters for the entire VTP domain; this information, in turn, is propagated to the VTP clients and servers in that same domain. VTP servers save VLAN configurations in the Catalyst NVRAM, whereas in clients, the VLAN configuration is not stored at all. A VTP client cannot create, change, or delete VLANs, nor can it save VLAN configurations in nonvolatile memory.
So why be a VTP client? Well, if one engineer designs and implements the network, it’s a lot more convenient for that person to configure the VLANs in one switch (the VTP server) and have the information propagated to VTP clients.
Interestingly, to avoid using VTP to exchange VLAN information in Cisco switches, you do not “disable” VTP. Instead, you use VTP transparent mode. With VTP transparent mode on all switches in a network, VTP is not used. Alternatively, with VTP transparent mode on just some of the switches in a network, VTP servers and clients can work as they normally do,
78 Chapter 3: Virtual LANs and Trunking
and the VTP transparent mode switches simply ignore the VTP messages. A switch in transparent mode forwards VTP advertisements received from other switches while ignoring the information in the VTP message.
A switch configured in VTP transparent mode can create, delete, and modify VLANs, but the changes are not transmitted to other switches in the domain; they affect only that switch. Choosing to use transparent mode is typical when a network needs to distribute administrative control of the switches.
Table 3-3 offers a comparative overview of the three VTP modes.
Table 3-3 VTP Modes
|
Server |
Client |
Transparent |
Function |
Mode |
Mode |
Mode |
|
|
|
|
Originates VTP advertisements |
Yes |
No |
No |
|
|
|
|
Processes received advertisements and synchronizes VLAN |
Yes |
Yes |
No |
configuration information with other switches |
|
|
|
|
|
|
|
Forwards VTP advertisements received in a trunk |
Yes |
Yes |
Yes |
|
|
|
|
Saves VLAN configuration in NVRAM |
Yes |
No |
Yes |
|
|
|
|
Can create, modify, or delete VLANs using configuration |
Yes |
No |
Yes |
commands |
|
|
|
|
|
|
|
VTP Pruning
By default, a trunk connection carries traffic for all VLANs. Broadcasts (and unknown destination unicasts) in every VLAN are sent to every switch in the network, according to the current STP topology. However, in most networks, a switch does not have interfaces in every VLAN, so the broadcasts for the VLANs in which it has no interfaces simply waste bandwidth.
VTP pruning allows switches to prevent broadcasts and unknown unicasts from flowing to switches that do not have any ports in that VLAN. Figure 3-7 provides an example of VTP pruning.
VLAN and Trunking Configuration 79
Figure 3-7 VTP Pruning
Switch 4
Port 2
B
Switch 5 |
|
Switch 2 |
|
Flooded |
|
|
|
Traffic Is |
|
|
VLAN |
Pruned |
|
|
10 |
|
|
Port 1 |
A |
|
|
|
|
Switch 6 |
Switch 3 |
Switch 1 |
|
In Figure 3-7, Switches 1 and 4 support ports in VLAN 10. With VTP pruning enabled, when Station A sends a broadcast, the broadcast is flooded only toward any switch with ports assigned to VLAN 10. As a result, broadcast traffic from Station A is not forwarded to Switches 3, 5, and 6, because traffic for VLAN 10 has been pruned by VTP on the links indicated on Switches 2 and 4.
VTP pruning increases the available bandwidth by restricting flooded traffic, which consists of broadcasts and unknown destination unicasts. VTP pruning is one of the two most compelling reasons to use VTP. The other reason is to make VLAN configuration easier and more consistent.
VLAN and Trunking Configuration
You can purchase Cisco switches, install devices with the correct cabling, turn on the switches, and they work. You would never need to configure the switch and it would work fine, even if you interconnected switches—until you needed more than one VLAN. Even the default STP and trunking settings would likely work just fine, but if you want to use VLANs, you need to add some configuration.
In real networks, VLANs are the most likely feature to be configured on a switch. Almost every network uses them, and there is no reasonable dynamic way to assign specific ports to specific VLANs. So you simply need to configure the switch to know which ports are in which VLANs.
80 Chapter 3: Virtual LANs and Trunking
As you might expect, you can also configure VTP and trunking. VTP is on by default, and trunking negotiation is attempted on all ports by default. So, although you might not be required to configure either VTP or trunking in a real network you should certainly be ready to configure VTP and trunking for the exams.
Table 3-4 lists and briefly describes the commands covered in this section. Following that, a few examples explain the basics of VLANs, trunking, and VTP configuration.
Table 3-4 2950 VLAN Command List
Command |
Description |
|
|
vlan database |
EXEC command that puts the user in VLAN |
|
configuration mode. |
|
|
vtp {domain domain-name | password |
Defines VTP parameters in VLAN |
password | pruning | v2-mode | {server | client |
configuration mode. |
| transparent}} |
|
|
|
vlan vlan-id [name vlan-name] |
VLAN database configuration command that |
|
creates and names a VLAN. |
|
|
switchport mode {access | dynamic {auto | |
Interface subcommand that configures the |
desirable} | trunk} |
interface for trunking. |
|
|
switchport trunk {{allowed vlan vlan-list} | |
Interface subcommand that refines the list of |
{native vlan vlan-id} | {pruning vlan vlan-list}} |
allowed VLANs, defines the 802.1Q native |
|
VLAN, and limits the range of VLANs for |
|
which pruning can occur. |
|
|
switchport access vlan vlan-id |
Interface subcommand that statically |
|
configures the interface into that one VLAN. |
|
|
show interfaces [interface-id | vlan vlan-id] |
Displays trunk status. |
[switchport | trunk] |
|
|
|
show vlan [brief | id vlan-id | name vlan-name |
EXEC command that lists information about |
| summary] |
the VLAN. |
|
|
show vlan [vlan] |
Displays VLAN information. |
|
|
show vtp status |
Lists VTP configuration and status |
|
information. |
|
|
show spanning-tree vlan vlan-id |
EXEC command that lists information about |
|
the spanning tree for a particular VLAN. |
|
|
VLAN Configuration for a Single Switch
Cisco 2950 switches use a slightly different configuration mode to configure VLAN and VTP information as compared to the other switch configuration commands. You use VLAN configuration mode, which is reached by using the vlan database enable mode EXEC
VLAN and Trunking Configuration 81
command. So, instead of using the configure terminal enable mode command, you enter vlan database, after which you are placed in VLAN configuration mode.
In VLAN configuration mode, you can configure VLAN information as well as VTP settings. By default, a 2950 switch uses VTP server mode, so any VLANs you configure are advertised in VTP updates.
Example 3-1 shows a VLAN configuration in a single switch. Figure 3-8 shows the switch that is configured and the VLANs.
Figure 3-8 Network with One Switch and Three VLANs
Switch 1
0/1
VLAN 1
0/5
VLAN 2
0/9
VLAN 3
Example 3-1 Single-Switch VLAN Configuration Matching Figure 3-8
Switch#vlan database
Switch(vlan)#vlan 2 name barney-2
VLAN 2 added:
Name: barney-2
Switch(vlan)#vlan 3 name wilma-3
VLAN 3 added:
continues
82 Chapter 3: Virtual LANs and Trunking
Example 3-1 Single-Switch VLAN Configuration Matching Figure 3-8 (Continued)
Name: wilma-3
Switch(vlan)#?
VLAN database editing buffer manipulation commands:
abort |
Exit mode without applying the changes |
apply |
Apply current changes and bump revision number |
exit |
Apply changes, bump revision number, and exit mode |
no |
Negate a command or set its defaults |
reset |
Abandon current changes and reread current database |
show |
Show database information |
vlan |
Add, delete, or modify values associated with a single VLAN |
vtp |
Perform VTP administrative functions. |
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface fastEthernet 0/5
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config)#interface fastEthernet 0/6
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config)#interface fastEthernet 0/7
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config)#interface fastEthernet 0/8
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config)#interface range fastEthernet 0/9 - 12
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 3
Switch(config-if)#^Z
Switch#show vlan brief
VLAN |
Name |
Status |
Ports |
|
---- |
-------------------------------- |
--------- |
------------------------------- |
|
1 |
default |
active |
Fa0/1, Fa0/2, Fa0/3, Fa0/4 |
|
|
|
|
Fa0/13, Fa0/14, |
Fa0/15, Fa0/16 |
|
|
|
Fa0/18, Fa0/19, |
Fa0/20, Fa0/21 |
|
|
|
Fa0/22, Fa0/23, Fa0/24, Gi0/1 |
|
|
|
|
Gi0/2 |
|
|
|
|
|
|
2 |
barney-2 |
active |
Fa0/5, Fa0/6, Fa0/7, Fa0/8 |
|
3 |
wilma-3 |
active |
Fa0/9, Fa0/10, Fa0/11, Fa0/12 |
|
|
|
|
|
|
VLAN and Trunking Configuration 83
Example 3-1 Single-Switch VLAN Configuration Matching Figure 3-8 (Continued)
1002 |
fddi-default |
|
|
active |
|
|
|
|
||
1003 |
token-ring-default |
|
active |
|
|
|
|
|||
1004 |
fddinet-default |
|
|
active |
|
|
|
|
||
1005 |
trnet-default |
|
|
active |
|
|
|
|
||
Switch#show vlan id 2 |
|
|
|
|
|
|
|
|
||
VLAN |
Name |
|
|
|
Status |
Ports |
|
|
|
|
---- |
-------------------------------- --------- |
------------------------------- |
||||||||
|
|
|
|
|
|
|||||
2 |
barney-2 |
|
|
active |
Fa0/5, Fa0/6, Fa0/7, Fa0/8 |
|||||
VLAN |
Type |
SAID |
MTU |
Parent RingNo BridgeNo Stp |
BrdgMode Trans1 Trans2 |
|||||
---- |
----- ---------- ----- |
------ |
------ |
-------- ---- |
-------- |
------ |
------ |
|||
2 |
enet |
100002 |
1500 |
- |
- |
- |
- |
- |
0 |
0 |
Remote SPAN VLAN |
|
|
|
|
|
|
|
|
||
---------------- |
|
|
|
|
|
|
|
|
||
Disabled |
|
|
|
|
|
|
|
|
|
|
Primary Secondary Type |
|
|
Ports |
|
|
|
|
|
||
------- --------- ----------------- ------------------------------------------
In this example, the user starts by creating two new VLANs, barney-2 and wilma-3. Then, interfaces 1 through 4 are placed in VLAN 1, interfaces 5 through 8 in VLAN 2, and interfaces 9 through 12 in VLAN 3, as shown in Figure 3-8. However, the configuration requires the use of VLAN configuration mode as well as the normal configuration mode.
VLAN configuration mode behaves a little differently from configuration mode. First, to enter VLAN configuration mode, you use the vlan database EXEC command instead of configure terminal. To add VLANs, you use the vlan command, as shown in the vlan 2 name barney-2 and vlan 3 name Wilma-3 commands.
Interestingly, these two new VLANs are not really created in this example until the exit command is used. Before using any configuration added in VLAN configuration mode, you must tell the switch to accept the changes. Notice the highlighted help text shown immediately after the vlan commands in the example. It implies that the exit and apply commands would cause these changes to be accepted, but the abort command would cause the changes to be aborted—in other words, not accepted. In the example, the exit command is used, both when exiting VLAN configuration mode and when accepting the changes. Notice that the highlighted message following the exit command shows that the switch even tells you that the “apply” completed successfully, creating the two VLANs in this case.
84 Chapter 3: Virtual LANs and Trunking
After the VLANs are created, configuration mode can be used to assign each interface to the right VLAN. Cisco IOS software assigns each interface to VLAN 1 by default, so no commands are required for interfaces fastethernet 0/1 through 0/4. For the next four ports, the interface subcommand command switchport access vlan 2 puts each interface into VLAN 2. (Trunk negotiations are disabled on those interfaces by telling the switch that these interfaces are used as access ports, using the switchport mode access command.)
Example 3-1 shows the user entering the same commands for interfaces 0/5 through 0/8. The switch IOS lets you configure more than one interface at once, as seen with the interface range fastEthernet 0/9 - 12 command. This command tells the switch to add the commands that follow to all four interfaces in the range. In this case, each interface is placed in VLAN 3 by the switchport access vlan 3 command.
After sifting through the configuration, you can see that VLAN configuration doesn’t take a lot of commands. In fact, if you had entered just the switchport access vlan commands before creating the VLANs in VLAN configuration mode, the switch would have automatically created the VLANs. The VLAN names would have been boring—names such as “VLAN 1” and “VLAN 2,” with no Flintstones cartoon characters in the name—but it would have worked.
Finally, the end of Example 3-1 lists a couple of important show commands. The show vlan brief command gives a quick synopsis of the VLANs and the interfaces in each VLAN. Notice the highlighted portions of the two newly created VLANs. If you want more details about a particular VLAN, you can use the show vlan command to list its details, identifying it by name or by VLAN ID. In this case, the show vlan id 2 command shows information about VLAN 2.
VLAN Trunking Configuration
Example 3-2 shows the same switch as in the previous example, but with a trunk to a second switch added, as shown in Figure 3-9. The new switch is a 1900 series switch. The 2950 is configured as the VTP server, with trunking in a “desirable” state. The 1900 is a VTP client, with trunking in an “auto” state.
VLAN and Trunking Configuration 85
Figure 3-9 Network with Two Switches and Three VLANs
sw1-2950 |
sw2-1900 |
0/1 |
|
VLAN 1 |
VLAN 1 |
0/5 
VLAN 2
VLAN 3
0/9
VLAN 3
0/16
0/17
Example 3-2 Trunking: Configuration and show Commands on 2950 Switch 1
sw1-2950#configure terminal |
|
|
Enter configuration commands, one |
per line. End with CNTL/Z. |
|
sw1-2950(config)#interface fastethernet 0/17 |
||
sw1-2950(config-if)#switchport mode dynamic desirable |
||
sw1-2950(config-if)#^Z |
|
|
sw1-2950#vlan database |
|
|
sw1-2950(vlan)#vtp domain fred |
|
|
Changing VTP domain name from NULL to fred |
||
sw1-2950(vlan)#exit |
|
|
|
|
|
APPLY completed. |
|
|
Exiting.... |
|
|
sw1-2950#show vtp status |
|
|
VTP Version |
: |
2 |
Configuration Revision |
: |
1 |
Maximum VLANs supported locally : |
1005 |
|
Number of existing VLANs |
: |
7 |
|
|
|
VTP Operating Mode |
: |
Server |
VTP Domain Name |
: |
fred |
|
|
|
continues
86 Chapter 3: Virtual LANs and Trunking
Example 3-2 Trunking: Configuration and show Commands on 2950 Switch 1 (Continued)
VTP Pruning Mode |
: Disabled |
VTP V2 Mode |
: Disabled |
VTP Traps Generation |
: Disabled |
MD5 digest |
: 0x54 0x80 0xA5 0x82 0x8D 0x8E 0x5F 0x94 |
Configuration last modified by 0.0.0.0 at 3-1-93 00:31:11
Local updater ID is 10.1.1.10 on interface Vl1 (lowest numbered VLAN interface found)
sw1-2950#show interfaces fastEthernet 0/17 switchport
Name: Fa0/17
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Voice VLAN: none (Inactive)
Appliance trust: none
sw1-2950#show interfaces fastEthernet 0/17 trunk
Port |
Mode |
Encapsulation |
Status |
Native vlan |
Fa0/17 |
desirable |
n-isl |
trunking |
1 |
Port |
Vlans allowed on trunk |
|
|
|
Fa0/17 |
1-4094 |
|
|
|
Port |
Vlans allowed and active in management domain |
|||
Fa0/17 |
1-3 |
|
|
|
Port |
Vlans in spanning tree forwarding state and not pruned |
|||
Fa0/17 |
1-3 |
|
|
|
! |
|
|
|
|
! Next command from sw2-1900
!
sw2-1900#show vlan
VLAN and Trunking Configuration 87
Example 3-2 Trunking: Configuration and show Commands on 2950 Switch 1 (Continued)
VLAN |
Name |
Status |
Ports |
-------------------------------------- |
|||
1 |
default |
Enabled |
1-12, AUI, A, B |
|
|
|
|
2 |
barney-2 |
Enabled |
|
3 |
wilma-3 |
Enabled |
|
1002 |
fddi-default |
Suspended |
|
1003 |
token-ring-defau |
Suspended |
|
1004 |
fddinet-default |
Suspended |
|
1005 |
trnet-default |
Suspended |
|
--------------------------------------
The example begins with interface 0/17 being configured as a trunk. On sw1-2950 the switchport mode dynamic desirable command causes the interface to negotiate to form a trunk. It negotiates whether to use trunking at all, as well as whether to use ISL or 802.1Q. sw2-1900 uses a trunk setting of auto, so assuming that the link is working, a trunk forms.
The configuration options for trunking commands on Cisco switches can be a little confusing. The most typical mistake is setting both sides to the dynamic auto setting. If you set both sides to auto, a trunk never forms, and you cannot pass VLAN traffic across the link.
In production networks, you might choose to simply configure the trunks as on, particularly because you know which ports should be trunks. However, auto and desirable let you configure the trunks remotely, without stopping the flow of traffic.
Table 3-5 summarizes the different trunking options on the 2950 and their meanings.
Table 3-5 2950 Trunk Configuration Options with the switchport mode Command
Option |
Description |
Trunking Action |
|
|
|
access |
Disables port trunk mode and does not even |
Does not trunk. |
|
attempt to form a trunk on the interface. |
|
|
|
|
trunk |
Configures the port in permanent trunk mode |
Always tries to trunk. |
|
and negotiates with the connected device to |
|
|
decide whether to use 802.1Q or ISL. |
|
|
|
|
dynamic desirable |
Triggers the port to negotiate the link from |
Trunks to switches |
|
nontrunking to trunk mode. The port negotiates |
set to the trunk, |
|
to a trunk port if the connected device is in the |
dynamic desirable, or |
|
trunk, dynamic desirable, or dynamic auto state. |
dynamic auto state. |
|
Otherwise, the port becomes a nontrunk port. |
|
|
|
|
dynamic auto |
Lets a port become a trunk only if the connected |
Trunks to switches |
|
device is in the dynamic desirable or trunk state. |
set to the trunk or |
|
|
dynamic desirable |
|
|
state. |
|
|
|
88 Chapter 3: Virtual LANs and Trunking
Next in Example 3-2, VLAN configuration mode is used to set the VTP domain name using the vtp domain fred command. sw1-2950 does not need to be configured as a VTP server, because Cisco switches default to be VTP servers. sw2-1900 was already configured to be a VTP client, in VTP domain fred, so in order for VTP to work, sw1-2950 needed to also use VTP domain fred. The show vtp command that follows shows that sw1-2950 is a VTP server in domain fred.
To find out if the link between the two interfaces is trunking, you can use either the show interfaces fastEthernet 0/17 switchport or show interfaces fastEthernet 0/17 trunk command on sw1-2950. As shown in Example 3-2, both commands list the configured setting (dynamic desirable), the status (trunking, which means that trunking is working), and the trunking protocol, which is ISL in this case. (1900 switches only support ISL.)
With the trunking protocol working, and with VTP working to distribute VLAN configuration information, sw2-1900 should learn about VLANs 2 and 3. The last command in Example 3-2 is taken from sw2-1900, a 1900 series switch. It shows that sw2-1900 does learn about VLANs barney-2 and wilma-3.