Implementing VLANs, Trunks and VTP

Design by Hò Vũ Anh Tuấn

© 2013 Cisco Systems, Inc. All rights reserved.

Cisco Public

1

Issues in a Poorly Designed Network
These issues are often found in poorly designed networks:
• • •

Large broadcast domains Management and support challenges Possible security vulnerabilities

Design by Hò Vũ Anh Tuấn

© 2013 Cisco Systems, Inc. All rights reserved.

Cisco Public

2

VLAN = broadcast domain VLAN = logical network (subnet) VLANs address these needs: − − − Segmentation Security Network flexibility Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Inc.VLAN Introduction • • • • A VLAN is a virtual LAN. Cisco Public 3 . All rights reserved.

Cisco Public 4 . All rights reserved.Network Traffic Types Traffic types to consider when designating VLANs:  Network management  IP telephony  IP Multicast  Normal data  Scavenger class Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Inc.

Inc. All rights reserved. Cisco Public 5 .Creating a VLAN SwitchX# configure terminal SwitchX(config)# vlan vlan-id SwitchX(config-vlan)# name text Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.

.-----. Inc.-------------------------------.------------------------------2 switchlab99 active Fa0/2.---------. All rights reserved.--------.-----.-------.-----.Verifying a VLAN SwitchX# show vlan [brief | id vlan-id || name vlan-name] SwitchX# show vlan id 2 VLAN Name Status Ports ---. SwitchX# Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.---.----. . Cisco Public 6 .----.-----2 enet 100002 1500 0 0 .-------. Fa0/12 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---.

Inc.Assigning Switch Ports to a VLAN SwitchX(config-if)# switchport access vlan vlan-id SwitchX# configure terminal SwitchX(config)# interface range fastethernet 0/2 . Fa0/4 Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Cisco Public 7 .4 SwitchX(config-if)# switchport access vlan 2 SwitchX# show vlan VLAN ---1 2 Name Status Ports -------------------------------.---------------------default active Fa0/1 switchlab99 active Fa0/2.--------. All rights reserved. Fa0/3.

Inc.Verifying VLAN Membership SwitchX# show vlan brief SwitchX# show vlan brief VLAN Name ---. Cisco Public 8 . All rights reserved. Fa0/4 Status Ports --------.------------------------------act/unsup act/unsup Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Fa0/3.-------------------------------1 default 2 switchlab99 3 vlan3 4 vlan4 1002 fddi-default 1003 token-ring-default VLAN ---1004 1005 Name -------------------------------fddinet-default trnet-default Status --------active active active active act/unsup act/unsup Ports ------------------------------Fa0/1 Fa0/2.

Verifying VLAN Membership (Cont.) SwitchX(config-if)# show interfaces interface switchport SwitchX# show interfaces fa0/2 switchport Name: Fa0/2 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: On Access Mode VLAN: 2 (switchlab99) Trunking Native Mode VLAN: 1 (default) --. All rights reserved. Cisco Public 9 .output omitted ---- Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Inc.

All rights reserved. Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.1Q • Running many VLANs between switches would require the same number of interconnecting links. Inc. Cisco Public 10 .Trunking with 802.

Inc.Trunking with 802.) • • • • Combining many VLANs on the same port is called trunking. A trunk allows the transportation of frames from different VLANs.1Q (Cont. Cisco Public 11 . All rights reserved. Frames are forwarded to the corresponding VLAN based on the tag information. Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Each frame has a tag that specifies the VLAN that it belongs to.

All rights reserved.802. Cisco Public 12 .1Q Frame Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Inc.

Inc.Understanding Native VLANs Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Cisco Public 13 . All rights reserved.

1Q Trunking SwitchX(config-if)# switchport mode {access | dynamic {auto | desirable} | trunk}  Configures the trunking characteristics of the port SwitchX(config-if)# switchport mode trunk  Configures the port as a VLAN trunk Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. All rights reserved. Inc.Configuring an 802. Cisco Public 14 .

. .1q Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1-13 © 2013 Cisco Systems. SwitchX# show interfaces fa0/11 trunk Port Fa0/11 Port Fa0/11 Port Fa0/11 Design by Hò Vũ Anh Tuấn Mode desirable Encapsulation 802. Inc. All rights reserved.Verifying a Trunk SwitchX# show interfaces interface [switchport | trunk] SwitchX# show interfaces fa0/11 switchport Name: Fa0/11 Switchport: Enabled Administrative Mode: trunk Operational Mode: down Administrative Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) . Cisco Public 15 .

VTP Features Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Inc. All rights reserved. Cisco Public 16 .

VTP Modes  Create VLANs  Modify VLANs  Delete VLANs  Sends and forwards advertisements  Synchronizes  Cannot create. change. or delete VLANs  Sends and forwards advertisements  Synchronizes  Create local VLANs only  Modify local VLANs only  Delete local VLANs only  Forwards advertisements  Does not synchronize Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. All rights reserved. Cisco Public 17 . Inc.

VTP Operation  VTP advertisements are sent as multicast frames. All rights reserved.  VTP advertisements are sent every 5 minutes or when there is a change. Inc. Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Cisco Public 18 .  VTP servers and clients are synchronized to the latest revision number.

Inc. Cisco Public 19 .Creating a VTP SwitchX# configure terminal SwitchX(config)# vtp mode [ server | client | transparent ] SwitchX(config)# vtp domain domain-name SwitchX(config)# vtp password password SwitchX(config)# end Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. All rights reserved.

Cisco Public 20 .4 at 3-3-93 20:08:05 SwitchX# Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.VTP Configuration and Verification Example SwitchX(config)# vtp domain ICND Changing VTP domain name to ICND SwitchX(config)# vtp mode transparent Setting device to VTP TRANSPARENT mode. All rights reserved.1. Inc.1. SwitchX(config)# end SwitchX# show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 64 Number of existing VLANs : 17 VTP Operating Mode : Transparent VTP Domain Name : ICND VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x7D 0x6E 0x5E 0x3D 0xAF 0xA0 0x2F 0xAA Configuration last modified by 10.

Cisco Public 21 . • VLANs provide segmentation and organizational flexibility. • VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency. • Ethernet trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network. Inc. All rights reserved.Summary • A poorly designed network has increased support costs. Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. and limited support for new applications and solutions. reduced service availability.

Cisco Public 22 . All rights reserved.Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Inc.