Describe issues with 802.1Q Native VLANs and explain how to resolve those issues. Describe trunk link problems and explain how to solve those. Identify common problems with VTP configuration. Describe best practices for using VTP in the Enterprise Composite Network Model.
Chapter 2
VLAN Types
Data user data, with the switching block Voice VoIP telephony Management device management for administrators Native supports untagged traffic (802.1q only)
Management VLAN 99 172.17.99.10/24
Computer
Fa0/4
Fa0/1
Data VLAN 20 172.17.20.22/24 Voice VLAN 30 172.17.30.23/24
Fa0/3 Fa0/18
Computer
Fa0/18
Computer
Fa0/1 Fa0/3
Fa0/6
Fa0/6
Chapter 2
Voice VLAN
VoIP traffic requires: Assured bandwidth to ensure voice quality
Chapter 2
802.1Q Tagging
802.1Q does not encapsulate the original frame, but modifies the Ethernet type field by adding a Tag Control Information (TCI) field. A TCI contains a 12-bit VLAN identifier (VID), uniquely identifying the VLAN to which the frame belongs (4,096 VLANs max, with 0 and 4095 reserved). Because inserting this header changes the frame, 802.1Q encapsulation forces a recalculation of the original FCS field in the Ethernet trailer.
Chapter 2
7
Supports multiple Layer 2 protocols (Ethernet, Token Ring, FDDI, and ATM). Supports PVST. Does not use a native VLAN, so it encapsulates every frame. Encapsulation process leaves original frames unmodified.
Chapter 2
8
In this example, a mismatch is reported on Ethernet 1/0 with native VLAN 5 and router1 Ethernet 2/3 with native VLAN 27:
%NATIVE_VLAN_MISMATCH: native VLAN mismatch discovered on Ethernet1/0 (5), with router1 Ethernet2/3 (27)
Chapter 2
9
Chapter 2
10
Switchport Mode Dynamic Desirable actively tries to convert the port to a trunk if the neighbouring interface is set to trunk, desirable or auto. Switchport Mode Dynamic Auto port is willing to convert to a trunk if neighbouring interface is set to trunk or desirable. Switchport Nonegotiate port does not generate DTP frames, and must be manually configured. Chapter 2
11
Chapter 2
12
Additionally, VTP reduces the complexity of managing and monitoring VLAN networks, allowing changes on one switch to be propagated to other switches via VTP.
On most Cisco switches, VTP is running and has certain defaults already configured.
Chapter 2
13
VTP Operation
1. Create VLAN 40 on S1 VTP server
Computer
VTP allows a network manager to makes changes on a switch that is configured as a VTP server. The VTP server distributes and synchronizes VLAN information to VTP-enabled switches throughout the switched network,
S1
PC1 172.17.10.21/24
Computer
Fa0/1 Fa0/11 S2
PC4 172.17.10.24/24
Computer
PC2 172.17.20.22/24
Fa0/18
Computer
PC5 172.17.20.25/24
Fa0/6
PC3 172.17.30.23/24
Fa0/6
PC6 172.17.30.26/24
Computer
Computer
Sh vtp status
Chapter 2
15
VTP Domains
VTP allows separation of a network into smaller
cisco1
S1
cisco2
management domains
S4
S2
S3
S5
S6
Chapter 2
16
1.
cisco2
S1
VTP VTP Advert Advert
Server
The network manager configures the VTP domain name as cisco2 on the VTP server switch S1.
Null0 cisco2
2. The VTP server sends out a VTP advertisement with the new domain name embedded inside.
S2
S3
Client
3. The S2 and S3 VTP client switches update their VTP configuration to the new domain name.
Chapter 2
17
Each time a VLAN is added or removed, the configuration revision number is incremented. Each VTP device tracks the VTP configuration revision number that is assigned to it.
Note: A VTP domain name change does not increment the revision number. Instead, it resets the revision number to zero.
Chapter 2
18
Subset advertisements contain detailed information about VLANs and are sent by servers in response to an advertisement request from a client.
Chapter 2
19
VTP servers can create, modify, delete VLAN and VLAN configuration parameters for the entire domain. VTP servers save VLAN configuration information in the switch NVRAM. VTP servers send VTP messages out to all trunk ports.
Chapter 2
20
VTP clients cannot create, modify, or delete VLAN information. The only role of VTP clients is to process VLAN changes and send VTP messages out all trunk ports. The VTP client maintains a full list of all VLANs within the VTP domain, but it does not store the information in NVRAM. Any changes made must be received from a VTP server advertisement.
Chapter 2
21
Switches in VTP transparent mode forward VTP advertisements but ignore information contained in the message. A transparent switch will not modify its database when updates are received, nor will the switch send out an update indicating a change in its own VLAN status.
VTP Pruning
VTP pruning prevents unnecessary flooding of broadcast information from one VLAN across all trunks in a VTP domain. VTP pruning permits switches to negotiate which VLANs are assigned to ports at the other end of a trunk and, hence, prune the VLANs that are not assigned to ports on the remote switch. Pruning is disabled by default. VTP pruning is enabled using the vtp pruning global configuration command on the VTP Server.
S1
PC1 VLAN 10 PC4 VLAN 20
Computer
Computer
Fa0/1 Fa0/11
Fa0/2
PC2 VLAN 20
Fa0/18
Computer
S2
Fa0/1 Fa0/2
S3
Fa0/11 Fa0/18
Computer
PC5 VLAN 20
Fa0/6
PC3 VLAN 10
Fa0/6
PC6 VLAN 20
Computer
Computer
Chapter 2
23
Chapter 2
24
Summary
802.1Q native VLAN can cause security issues. Configure the native VLAN to be an unused VLAN. Some trunk link configuration combinations can result in problems on the link. Best practice is to configure trunks statically rather than with DTP
Chapter 2
26
Self Check
1. What is the danger of mismatched native VLANs? 2. What is the default native VLAN?
3. In a DTP configuration, what elements determine whether or not an operational trunk link is formed as well as the type of trunk the link becomes?
4. Name 4 VTP modes and describe their VTP roles. 5. What is a VTP Bomb?
Chapter 2
27
Any Questions?
Chapter 2
28