Chapter 2 - Defining VLANs Objectives

Describe issues with 802.1Q Native VLANs and explain how to resolve those issues. Describe trunk link problems and explain how to solve those. Identify common problems with VTP configuration. Describe best practices for using VTP in the Enterprise Composite Network Model.

Chapter 2

Normal Range VLANs

Used in small- and medium-sized business and enterprise networks. Identified by a VLAN ID between 1 and 1005. IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs. IDs 1 and 1002 to 1005 are automatically created and cannot be removed. Configurations are stored within a VLAN database file, called vlan.dat. The vlan.dat file is located in the flash memory of the switch. The VLAN trunking protocol (VTP), which helps manage VLAN configurations between switches, can only learn normal range VLANs and stores them in the VLAN database file.
Chapter 2

Extended Range VLANs

Enable service providers to extend their infrastructure to a greater number of customers. Some global enterprises could be large enough to need extended range VLAN IDs.

Are identified by a VLAN ID between 1006 and 4094.

Supports fewer VLAN features than normal range VLANs. Are saved in the running configuration file. VTP does not learn extended range VLANs.
Chapter 2
3

VLAN Types
Data user data, with the switching block Voice VoIP telephony Management device management for administrators Native supports untagged traffic (802.1q only)
Management VLAN 99 172.17.99.10/24

Computer

Fa0/4

Fa0/1
Data VLAN 20 172.17.20.22/24 Voice VLAN 30 172.17.30.23/24

Fa0/3 Fa0/18
Computer

Fa0/18
Computer

Fa0/1 Fa0/3

Data VLAN 20 172.17.20.25/24 Voice VLAN 30 172.17.30.26/24

Fa0/6

Fa0/6

Chapter 2

Voice VLAN
VoIP traffic requires: Assured bandwidth to ensure voice quality

Transmission priority over other types of network traffic

Ability to be routed around congested areas on the network Delay of less than 150 milliseconds (ms) across the network
Chapter 2

802.1Q Native VLAN Considerations

Native VLAN must match at ends of trunk otherwise frames will leak from one VLAN to another it will merge traffic between the mismatched VLANs. By default the native VLAN will be VLAN1 - Avoid using VLAN 1 for management purposes. Eliminate native VLANs from 802.1Q trunks by making the native VLAN an unused VLAN.

Chapter 2

802.1Q Tagging

802.1Q does not encapsulate the original frame, but modifies the Ethernet type field by adding a Tag Control Information (TCI) field. A TCI contains a 12-bit VLAN identifier (VID), uniquely identifying the VLAN to which the frame belongs (4,096 VLANs max, with 0 and 4095 reserved). Because inserting this header changes the frame, 802.1Q encapsulation forces a recalculation of the original FCS field in the Ethernet trailer.
Chapter 2
7

Inter-switch Link (ISL)

Supports multiple Layer 2 protocols (Ethernet, Token Ring, FDDI, and ATM). Supports PVST. Does not use a native VLAN, so it encapsulates every frame. Encapsulation process leaves original frames unmodified.
Chapter 2
8

CDP and Mismatched Native VLANs

Instances where unmatching VLAN IDs are reported between two devices are displayed in the console

In this example, a mismatch is reported on Ethernet 1/0 with native VLAN 5 and router1 Ethernet 2/3 with native VLAN 27:

%NATIVE_VLAN_MISMATCH: native VLAN mismatch discovered on Ethernet1/0 (5), with router1 Ethernet2/3 (27)
Chapter 2
9

Dynamic Trunk Protocol (DTP)

What is DTP?
Automates ISL/802.1Q trunk configuration Operates between switches Does not operate on routers Not supported on 2900XL or 3500XL

DTP states on ISL/dot1Q trunking port can be set to:

auto on off desirable non-negotiate

Chapter 2

10

DTP Trunking Modes

Switchport Mode Access- permanent non-trunking mode, regardless of neighbouring interface settings. Switchport Mode Trunk permanent trunking mode, regardless of neighbouring interface settings.

Switchport Mode Dynamic Desirable actively tries to convert the port to a trunk if the neighbouring interface is set to trunk, desirable or auto. Switchport Mode Dynamic Auto port is willing to convert to a trunk if neighbouring interface is set to trunk or desirable. Switchport Nonegotiate port does not generate DTP frames, and must be manually configured. Chapter 2

11

Resolving Trunk Link Problems

When using DTP, ensure that both ends of the link are in the same VTP domain. Ensure that the trunk encapsulation type configured on both ends of the link is valid. DTP should be turned off on links where trunking is not required. Best practice is to configure trunk and nonegotiate where trunks are required.

Chapter 2

12

VLAN Trunking Protocol (VTP)

Before discussing VTP, it is important to understand that VTP is not necessary in order to configure VLANs or Trunking on Cisco Switches. VTP is a Cisco proprietary protocol that allows VLAN configuration to be consistently maintained across a common administrative domain. VTP minimises the possible configuration inconsistencies that arise when changes are made.

Additionally, VTP reduces the complexity of managing and monitoring VLAN networks, allowing changes on one switch to be propagated to other switches via VTP.
On most Cisco switches, VTP is running and has certain defaults already configured.
Chapter 2
13

VTP Operation
1. Create VLAN 40 on S1 VTP server
Computer

VTP allows a network manager to makes changes on a switch that is configured as a VTP server. The VTP server distributes and synchronizes VLAN information to VTP-enabled switches throughout the switched network,

S1
PC1 172.17.10.21/24

VLAN 40 Fa0/2 S3 Fa0/11 Fa0/18

Computer

Computer

Fa0/1 Fa0/11 S2

PC4 172.17.10.24/24
Computer

PC2 172.17.20.22/24

Fa0/18
Computer

Fa0/1 Fa0/2 VLAN 40

PC5 172.17.20.25/24

Fa0/6
PC3 172.17.30.23/24

Fa0/6
PC6 172.17.30.26/24

Computer

2. VTP propagates VLAN 40 to S2 & S3 VTP clients

Computer

VTP stores VLAN configurations in the VLAN database called vlan.dat.

Chapter 2
14

Default VTP Configuration

Sh vtp status

Chapter 2

15

VTP Domains
VTP allows separation of a network into smaller
cisco1
S1

cisco2

management domains
S4

to help reduce VLAN management

Until the VTP domain name is specified, VLANs cannot be created or modified on a VTP server, and VLAN information is not propagated over the network.

S2

S3

S5

S6

Chapter 2

16

VTP Domain Name Propagation

Computer

1.

cisco2

S1
VTP VTP Advert Advert

Server

The network manager configures the VTP domain name as cisco2 on the VTP server switch S1.

Null0 cisco2

2. The VTP server sends out a VTP advertisement with the new domain name embedded inside.

S2

S3

Client Null0 cisco2 Null0 cisco2

Client

3. The S2 and S3 VTP client switches update their VTP configuration to the new domain name.

Chapter 2

17

VTP Revision Number

The configuration revision number is a 32-bit number that indicates the level of revision for a VTP frame.
The default configuration number for a switch is zero.

Each time a VLAN is added or removed, the configuration revision number is incremented. Each VTP device tracks the VTP configuration revision number that is assigned to it.

Note: A VTP domain name change does not increment the revision number. Instead, it resets the revision number to zero.
Chapter 2
18

VTP Message Types

Server and client switches issue summary advertisements every 5 minutes. Servers inform neighbor switches what they believe to be the current VTP revision number Clients request VLAN information from servers using the advertisement request.

Subset advertisements contain detailed information about VLANs and are sent by servers in response to an advertisement request from a client.
Chapter 2
19

VTP Operation - Server

VTP servers can create, modify, delete VLAN and VLAN configuration parameters for the entire domain. VTP servers save VLAN configuration information in the switch NVRAM. VTP servers send VTP messages out to all trunk ports.
Chapter 2
20

VTP Operation - Client

VTP clients cannot create, modify, or delete VLAN information. The only role of VTP clients is to process VLAN changes and send VTP messages out all trunk ports. The VTP client maintains a full list of all VLANs within the VTP domain, but it does not store the information in NVRAM. Any changes made must be received from a VTP server advertisement.

Chapter 2

21

VTP Operation - Transparent

Switches in VTP transparent mode forward VTP advertisements but ignore information contained in the message. A transparent switch will not modify its database when updates are received, nor will the switch send out an update indicating a change in its own VLAN status.

Except for forwarding VTP advertisements, VTP is disabled on a transparent switch.

There is also an off VTP mode in which switches behave the same as in the VTP transparent mode, except VTP advertisements are not forwarded. Chapter 2 22

VTP Pruning
VTP pruning prevents unnecessary flooding of broadcast information from one VLAN across all trunks in a VTP domain. VTP pruning permits switches to negotiate which VLANs are assigned to ports at the other end of a trunk and, hence, prune the VLANs that are not assigned to ports on the remote switch. Pruning is disabled by default. VTP pruning is enabled using the vtp pruning global configuration command on the VTP Server.
S1
PC1 VLAN 10 PC4 VLAN 20
Computer

Computer

Fa0/1 Fa0/11

Fa0/2

PC2 VLAN 20

Fa0/18
Computer

S2

Fa0/1 Fa0/2

S3

Fa0/11 Fa0/18
Computer

PC5 VLAN 20

Fa0/6
PC3 VLAN 10

Fa0/6
PC6 VLAN 20

Computer

Computer

Chapter 2

23

Implementing VTP in the Enterprise Composite Network Model

Plan VTP domain boundaries. Have only one or two VTP servers. Configure a VTP password. Manually configure the VTP domain name on all devices. When setting up a new domain
Configure VTP client switches first so that they participate passively

When cleaning up an existing VTP domain

Configure passwords on servers first because clients may need to maintain current VLAN information until the server is verified as complete.

Chapter 2

24

Summary
802.1Q native VLAN can cause security issues. Configure the native VLAN to be an unused VLAN. Some trunk link configuration combinations can result in problems on the link. Best practice is to configure trunks statically rather than with DTP

Misconfiguration of VTP can give unexpected results.

Make only one or two VTP servers; keep the remainder as clients.
Chapter 2
25

Chapter 2 - Defining VLANs Objectives

Describe issues with 802.1Q Native VLANs and explain how to resolve those issues. Describe trunk link problems and explain how to solve those. Identify common problems with VTP configuration. Describe best practices for using VTP in the Enterprise Composite Network Model.

Chapter 2

26

Self Check
1. What is the danger of mismatched native VLANs? 2. What is the default native VLAN?

3. In a DTP configuration, what elements determine whether or not an operational trunk link is formed as well as the type of trunk the link becomes?
4. Name 4 VTP modes and describe their VTP roles. 5. What is a VTP Bomb?

Chapter 2

27

Any Questions?
Chapter 2
28