building cisco multilayer switched networks (bcmsn) instructor name mr.siddiq ahmed ccie # 17864
TRANSCRIPT
A VLAN = A Broadcast Domain = Logical Network (Subnet)
VLAN Overview
– Layer 2 connectivity
– Logical organizational flexibility
– Single broadcast domain
– Management– Basic security
Configuring VLANs in Global Mode
Switch#configure terminal Switch(config)#vlan 3 Switch(config-vlan)#name Vlan3Switch(config-vlan)#exit Switch(config)#end
Configuring VLANs in VLAN Database Mode
Switch#vlan database Switch(vlan)#vlan 3
VLAN 3 added: Name: VLAN0003Switch(vlan)#exit APPLY completed.Exiting....
Assigning Access Ports to a VLAN Switch(config)#interface gigabitethernet 1/1Switch(config)#interface gigabitethernet 1/1
• Enters interface configuration mode
Switch(config-if)#switchport mode accessSwitch(config-if)#switchport mode access
• Configures the interface as an access port
Switch(config-if)#switchport access vlan 3Switch(config-if)#switchport access vlan 3
• Assigns the access port to a VLAN
Verifying the VLAN Configuration
Switch#show vlan [id | name] [vlan_num | vlan_name]Switch#show vlan [id | name] [vlan_num | vlan_name]
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/7 Fa0/8, Fa0/9, Fa0/11, Fa0/12 Gi0/1, Gi0/22 VLAN0002 active51 VLAN0051 active52 VLAN0052 active… VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------1 enet 100001 1500 - - - - - 1002 10032 enet 100002 1500 - - - - - 0 051 enet 100051 1500 - - - - - 0 052 enet 100052 1500 - - - - - 0 0
Verifying the VLAN Port Configuration
Switch#show running-config interface {fastethernet | gigabitethernet} slot/portSwitch#show running-config interface {fastethernet | gigabitethernet} slot/port
• Displays the running configuration of the interface
Switch#show interfaces [{fastethernet | gigabitethernet} slot/port] switchportSwitch#show interfaces [{fastethernet | gigabitethernet} slot/port] switchport
• Displays the switch port configuration of the interface
Switch#show mac-address-table interface interface-id [vlan vlan-id] [ | {begin | exclude | include} expression]Switch#show mac-address-table interface interface-id [vlan vlan-id] [ | {begin | exclude | include} expression]
• Displays the MAC address table information for the specified interface in the specified VLAN
Switch Ports and Trunk Ports
FunctionFunction
switchport mode trunkTrunk portswitchport mode trunkTrunk port
switchport mode dynamicDynamic portswitchport mode dynamicDynamic port
Sets the switch port to dynamically negotiate the status (access or trunk)
Sets the switch port to dynamically negotiate the status (access or trunk)
Sets the switch port to unconditionally become a trunk portSets the switch port to unconditionally become a trunk port
switchport mode access Access portswitchport mode access Access port
Sets the switch port to unconditionally be an access portSets the switch port to unconditionally be an access port
CommandCommand
Switch Port DTP Modes
FunctionFunction
trunktrunk
dynamic autodynamic auto
dynamic desirabledynamic desirable Sets the switch port to actively send and respond to DTP negotiation frames. Default for Ethernet
Sets the switch port to actively send and respond to DTP negotiation frames. Default for Ethernet
accessaccess
Sets the switch port to unconditional trunking mode and negotiates to become a trunk link, regardless of neighbor interface mode
Sets the switch port to unconditional trunking mode and negotiates to become a trunk link, regardless of neighbor interface mode
Unconditionally sets a switch port to access mode, regardless of other DTP functionsUnconditionally sets a switch port to access mode, regardless of other DTP functions
Sets the switch port to respond but not to actively send DTP negotiation framesSets the switch port to respond but not to actively send DTP negotiation frames
nonegotiate nonegotiate Specifies that DTP negotiation packets are not sent on the Layer 2 interface Specifies that DTP negotiation packets are not sent on the Layer 2 interface
ModeMode
18
– Performed with ASIC
– Not intrusive to client stations; client does not see the header
– Effective between switches, and between routers and switches
ISL Encapsulation
VLAN Ranges
VLAN RangeVLAN Range RangeRange UsageUsage
ReservedReserved For system use onlyFor system use only0, 40950, 4095
NormalNormal Cisco defaultCisco default11
NormalNormal For Ethernet VLANsFor Ethernet VLANs2-10012-1001
NormalNormal Cisco defaults for FDDI and Token Ring
Cisco defaults for FDDI and Token Ring1002-10051002-1005
ExtendedExtended For Ethernet VLANs onlyFor Ethernet VLANs only1025-40941025-4094
Configuring ISL Trunking
Switch(config)#interface fastethernet 2/1Switch(config)#interface fastethernet 2/1
Switch(config-if)#switchport trunk encapsulation islSwitch(config-if)#switchport trunk encapsulation isl
Switch(config-if)#switchport mode trunkSwitch(config-if)#switchport mode trunk
• Enters interface configuration mode
• Selects the encapsulation
• Configures the interface as a Layer 2 trunk
Verifying ISL Trunking
Switch#show running-config interface {fastethernet | gigabitethernet} slot/portSwitch#show running-config interface {fastethernet | gigabitethernet} slot/port
Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ]Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ]
Switch#show interfaces fastethernet 2/1 trunk
Port Mode Encapsulation Status Native VLAN Fa2/1 desirable isl trunking 1
Port VLANs allowed on trunk Fa2/1 1-1005
Port VLANs allowed and active in management domain Fa2/1 1-2,1002-1005
Port VLANs in spanning tree forwarding state and not pruned Fa2/1 1-2,1002-1005
Configuring 802.1Q Trunking
Switch(config)#interface fastethernet 5/8 Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport trunk allowed vlan 1,15,11,1002-1005 Switch(config-if)#switchport mode trunkSwitch(config-if)#switchport nonegotiate Switch(config-if)#no shutdown
Verifying 802.1Q Trunking
Switch#show running-config interface {fastethernet | gigabitethernet} slot/portSwitch#show running-config interface {fastethernet | gigabitethernet} slot/port
Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ]Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ]
Switch#show interfaces gigabitEthernet 0/1 switchportName: Gi0/1Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: OnAccess Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)Trunking VLANs Enabled: ALLPruning VLANs Enabled: 2-1001 . . .
– Advertises VLAN configuration information
– Maintains VLAN configuration consistency throughout a common administrative domain
– Sends advertisements on trunk ports only
VTP Protocol Features
VTP Operation• VTP advertisements are sent as multicast frames.
• VTP servers and clients are synchronized to the latest revision number.
• VTP advertisements are sent every 5 minutes or when there is a change.
31
• Cannot create, change, or delete VLANs
• Forwards advertisements
• Synchronizes VLAN configurations
• Does not save in NVRAM
• Creates, modifies, and deletes VLANs
• Sends and forwards advertisements
• Synchronizes VLAN configurations
• Saves configuration in NVRAM
• Creates, modifies, and deletes VLANs locally only
• Forwards advertisements
• Does not synchronize VLAN configurations
• Saves configuration in NVRAM
VTP Modes
• Increases available bandwidth by reducing unnecessary flooded traffic
• Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN.
VTP Pruning
33
VTP Configuration Guidelines
– Configure the following:• VTP domain name • VTP mode (server mode is the default)• VTP pruning• VTP password• VTP trap
– Use caution when adding a new switch into an existing domain.
– Add a new switch in client mode to prevent the new switch from propagating incorrect VLAN information.
Configuring a VTP Server
Switch(config)#vtp server Switch(config)#vtp server
• Configures VTP server mode
Switch(config)#vtp domain domain-name Switch(config)#vtp domain domain-name
• Specifies a domain name
Switch(config)#vtp password password Switch(config)#vtp password password
• Sets a VTP password
Switch(config)#vtp pruning Switch(config)#vtp pruning
• Enables VTP pruning in the domain
Configuring a VTP Server
Switch#configure terminal
Switch(config)#vtp server
Setting device to VTP SERVER mode.Switch(config)#vtp domain Lab_Network
Setting VTP domain name to Lab_NetworkSwitch(config)#end
Verifying the VTP Configuration
Switch#show vtp statusSwitch#show vtp status
Switch#show vtp status
VTP Version : 2Configuration Revision : 247Maximum VLANs supported locally : 1005Number of existing VLANs : 33VTP Operating Mode : ClientVTP Domain Name : Lab_NetworkVTP Pruning Mode : EnabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80Configuration last modified by 0.0.0.0 at 8-12-99 15:04:49Switch#