You are on page 1of 22

Implementing VLANs, Trunks and VTP

Design by Hò Vũ Anh Tuấn

© 2013 Cisco Systems, Inc. All rights reserved.

Cisco Public

1

Issues in a Poorly Designed Network
These issues are often found in poorly designed networks:
• • •

Large broadcast domains Management and support challenges Possible security vulnerabilities

Design by Hò Vũ Anh Tuấn

© 2013 Cisco Systems, Inc. All rights reserved.

Cisco Public

2

All rights reserved.VLAN Introduction • • • • A VLAN is a virtual LAN. Inc. Cisco Public 3 . VLAN = broadcast domain VLAN = logical network (subnet) VLANs address these needs: − − − Segmentation Security Network flexibility Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.

Network Traffic Types Traffic types to consider when designating VLANs:  Network management  IP telephony  IP Multicast  Normal data  Scavenger class Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Inc. All rights reserved. Cisco Public 4 .

All rights reserved.Creating a VLAN SwitchX# configure terminal SwitchX(config)# vlan vlan-id SwitchX(config-vlan)# name text Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Inc. Cisco Public 5 .

---.------------------------------2 switchlab99 active Fa0/2. All rights reserved.-----2 enet 100002 1500 0 0 . Fa0/12 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---. SwitchX# Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.-------.Verifying a VLAN SwitchX# show vlan [brief | id vlan-id || name vlan-name] SwitchX# show vlan id 2 VLAN Name Status Ports ---.--------.-------.----.-----.-----.-----. Inc. .-------------------------------. . Cisco Public 6 .----.---------.

4 SwitchX(config-if)# switchport access vlan 2 SwitchX# show vlan VLAN ---1 2 Name Status Ports -------------------------------. All rights reserved.--------. Cisco Public 7 . Fa0/4 Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Fa0/3.Assigning Switch Ports to a VLAN SwitchX(config-if)# switchport access vlan vlan-id SwitchX# configure terminal SwitchX(config)# interface range fastethernet 0/2 . Inc.---------------------default active Fa0/1 switchlab99 active Fa0/2.

Verifying VLAN Membership SwitchX# show vlan brief SwitchX# show vlan brief VLAN Name ---. Fa0/4 Status Ports --------.------------------------------act/unsup act/unsup Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.-------------------------------1 default 2 switchlab99 3 vlan3 4 vlan4 1002 fddi-default 1003 token-ring-default VLAN ---1004 1005 Name -------------------------------fddinet-default trnet-default Status --------active active active active act/unsup act/unsup Ports ------------------------------Fa0/1 Fa0/2. Inc. All rights reserved. Fa0/3. Cisco Public 8 .

Cisco Public 9 . All rights reserved. Inc.) SwitchX(config-if)# show interfaces interface switchport SwitchX# show interfaces fa0/2 switchport Name: Fa0/2 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: On Access Mode VLAN: 2 (switchlab99) Trunking Native Mode VLAN: 1 (default) --.Verifying VLAN Membership (Cont.output omitted ---- Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.

Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. All rights reserved.Trunking with 802. Cisco Public 10 . Inc.1Q • Running many VLANs between switches would require the same number of interconnecting links.

Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. All rights reserved. Frames are forwarded to the corresponding VLAN based on the tag information. A trunk allows the transportation of frames from different VLANs. Inc. Cisco Public 11 .) • • • • Combining many VLANs on the same port is called trunking. Each frame has a tag that specifies the VLAN that it belongs to.1Q (Cont.Trunking with 802.

All rights reserved.1Q Frame Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Inc.802. Cisco Public 12 .

All rights reserved. Inc. Cisco Public 13 .Understanding Native VLANs Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.

1Q Trunking SwitchX(config-if)# switchport mode {access | dynamic {auto | desirable} | trunk}  Configures the trunking characteristics of the port SwitchX(config-if)# switchport mode trunk  Configures the port as a VLAN trunk Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. All rights reserved. Cisco Public 14 .Configuring an 802. Inc.

. .1q Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1-13 © 2013 Cisco Systems. SwitchX# show interfaces fa0/11 trunk Port Fa0/11 Port Fa0/11 Port Fa0/11 Design by Hò Vũ Anh Tuấn Mode desirable Encapsulation 802. Cisco Public 15 .Verifying a Trunk SwitchX# show interfaces interface [switchport | trunk] SwitchX# show interfaces fa0/11 switchport Name: Fa0/11 Switchport: Enabled Administrative Mode: trunk Operational Mode: down Administrative Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) . Inc. All rights reserved.

Cisco Public 16 . Inc.VTP Features Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. All rights reserved.

VTP Modes  Create VLANs  Modify VLANs  Delete VLANs  Sends and forwards advertisements  Synchronizes  Cannot create. Inc. or delete VLANs  Sends and forwards advertisements  Synchronizes  Create local VLANs only  Modify local VLANs only  Delete local VLANs only  Forwards advertisements  Does not synchronize Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. All rights reserved. change. Cisco Public 17 .

Cisco Public 18 . Inc. Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. All rights reserved.  VTP advertisements are sent every 5 minutes or when there is a change.  VTP servers and clients are synchronized to the latest revision number.VTP Operation  VTP advertisements are sent as multicast frames.

Cisco Public 19 .Creating a VTP SwitchX# configure terminal SwitchX(config)# vtp mode [ server | client | transparent ] SwitchX(config)# vtp domain domain-name SwitchX(config)# vtp password password SwitchX(config)# end Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Inc. All rights reserved.

Inc. All rights reserved. SwitchX(config)# end SwitchX# show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 64 Number of existing VLANs : 17 VTP Operating Mode : Transparent VTP Domain Name : ICND VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x7D 0x6E 0x5E 0x3D 0xAF 0xA0 0x2F 0xAA Configuration last modified by 10. Cisco Public 20 .4 at 3-3-93 20:08:05 SwitchX# Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.1.VTP Configuration and Verification Example SwitchX(config)# vtp domain ICND Changing VTP domain name to ICND SwitchX(config)# vtp mode transparent Setting device to VTP TRANSPARENT mode.1.

• VLANs provide segmentation and organizational flexibility. reduced service availability. Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. • VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency. and limited support for new applications and solutions. Inc.Summary • A poorly designed network has increased support costs. Cisco Public 21 . All rights reserved. • Ethernet trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network.

Cisco Public 22 . All rights reserved. Inc.Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.