Implementing VLANs, Trunks and VTP

Design by Hò Vũ Anh Tuấn

© 2013 Cisco Systems, Inc. All rights reserved.

Cisco Public

1

Issues in a Poorly Designed Network
These issues are often found in poorly designed networks:
• • •

Large broadcast domains Management and support challenges Possible security vulnerabilities

Design by Hò Vũ Anh Tuấn

© 2013 Cisco Systems, Inc. All rights reserved.

Cisco Public

2

Inc. Cisco Public 3 .VLAN Introduction • • • • A VLAN is a virtual LAN. All rights reserved. VLAN = broadcast domain VLAN = logical network (subnet) VLANs address these needs: − − − Segmentation Security Network flexibility Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.

Cisco Public 4 .Network Traffic Types Traffic types to consider when designating VLANs:  Network management  IP telephony  IP Multicast  Normal data  Scavenger class Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. All rights reserved. Inc.

Cisco Public 5 .Creating a VLAN SwitchX# configure terminal SwitchX(config)# vlan vlan-id SwitchX(config-vlan)# name text Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Inc. All rights reserved.

---.-----2 enet 100002 1500 0 0 . .------------------------------2 switchlab99 active Fa0/2.----.-------.Verifying a VLAN SwitchX# show vlan [brief | id vlan-id || name vlan-name] SwitchX# show vlan id 2 VLAN Name Status Ports ---.-----. Cisco Public 6 . SwitchX# Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.----.--------. Fa0/12 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---.-----.-----.-------. All rights reserved. . Inc.---------.-------------------------------.

---------------------default active Fa0/1 switchlab99 active Fa0/2. Cisco Public 7 . Fa0/4 Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.4 SwitchX(config-if)# switchport access vlan 2 SwitchX# show vlan VLAN ---1 2 Name Status Ports -------------------------------. Fa0/3. All rights reserved.--------.Assigning Switch Ports to a VLAN SwitchX(config-if)# switchport access vlan vlan-id SwitchX# configure terminal SwitchX(config)# interface range fastethernet 0/2 . Inc.

Cisco Public 8 . Inc.-------------------------------1 default 2 switchlab99 3 vlan3 4 vlan4 1002 fddi-default 1003 token-ring-default VLAN ---1004 1005 Name -------------------------------fddinet-default trnet-default Status --------active active active active act/unsup act/unsup Ports ------------------------------Fa0/1 Fa0/2. Fa0/3.------------------------------act/unsup act/unsup Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. All rights reserved. Fa0/4 Status Ports --------.Verifying VLAN Membership SwitchX# show vlan brief SwitchX# show vlan brief VLAN Name ---.

Cisco Public 9 . Inc.Verifying VLAN Membership (Cont. All rights reserved.) SwitchX(config-if)# show interfaces interface switchport SwitchX# show interfaces fa0/2 switchport Name: Fa0/2 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: On Access Mode VLAN: 2 (switchlab99) Trunking Native Mode VLAN: 1 (default) --.output omitted ---- Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.

1Q • Running many VLANs between switches would require the same number of interconnecting links. All rights reserved. Cisco Public 10 . Inc.Trunking with 802. Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.

Cisco Public 11 . Inc.Trunking with 802. All rights reserved.1Q (Cont. Each frame has a tag that specifies the VLAN that it belongs to. Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.) • • • • Combining many VLANs on the same port is called trunking. Frames are forwarded to the corresponding VLAN based on the tag information. A trunk allows the transportation of frames from different VLANs.

All rights reserved.802. Inc. Cisco Public 12 .1Q Frame Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.

Understanding Native VLANs Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. All rights reserved. Inc. Cisco Public 13 .

Cisco Public 14 .Configuring an 802. All rights reserved. Inc.1Q Trunking SwitchX(config-if)# switchport mode {access | dynamic {auto | desirable} | trunk}  Configures the trunking characteristics of the port SwitchX(config-if)# switchport mode trunk  Configures the port as a VLAN trunk Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.

Inc. SwitchX# show interfaces fa0/11 trunk Port Fa0/11 Port Fa0/11 Port Fa0/11 Design by Hò Vũ Anh Tuấn Mode desirable Encapsulation 802. All rights reserved.Verifying a Trunk SwitchX# show interfaces interface [switchport | trunk] SwitchX# show interfaces fa0/11 switchport Name: Fa0/11 Switchport: Enabled Administrative Mode: trunk Operational Mode: down Administrative Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) . . . Cisco Public 15 .1q Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1-13 © 2013 Cisco Systems.

Cisco Public 16 . All rights reserved.VTP Features Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Inc.

VTP Modes  Create VLANs  Modify VLANs  Delete VLANs  Sends and forwards advertisements  Synchronizes  Cannot create. All rights reserved. change. or delete VLANs  Sends and forwards advertisements  Synchronizes  Create local VLANs only  Modify local VLANs only  Delete local VLANs only  Forwards advertisements  Does not synchronize Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Inc. Cisco Public 17 .

VTP Operation  VTP advertisements are sent as multicast frames. Inc. Cisco Public 18 .  VTP servers and clients are synchronized to the latest revision number.  VTP advertisements are sent every 5 minutes or when there is a change. All rights reserved. Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems.

Cisco Public 19 .Creating a VTP SwitchX# configure terminal SwitchX(config)# vtp mode [ server | client | transparent ] SwitchX(config)# vtp domain domain-name SwitchX(config)# vtp password password SwitchX(config)# end Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Inc. All rights reserved.

4 at 3-3-93 20:08:05 SwitchX# Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Cisco Public 20 .1.VTP Configuration and Verification Example SwitchX(config)# vtp domain ICND Changing VTP domain name to ICND SwitchX(config)# vtp mode transparent Setting device to VTP TRANSPARENT mode. All rights reserved. Inc.1. SwitchX(config)# end SwitchX# show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 64 Number of existing VLANs : 17 VTP Operating Mode : Transparent VTP Domain Name : ICND VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x7D 0x6E 0x5E 0x3D 0xAF 0xA0 0x2F 0xAA Configuration last modified by 10.

Inc. reduced service availability.Summary • A poorly designed network has increased support costs. Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. • Ethernet trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network. • VLANs provide segmentation and organizational flexibility. • VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency. and limited support for new applications and solutions. All rights reserved. Cisco Public 21 .

All rights reserved. Inc.Design by Hò Vũ Anh Tuấn © 2013 Cisco Systems. Cisco Public 22 .