You are on page 1of 70

C H A P T E R

5

Creating and Maintaining VLANs
A virtual LAN (VLAN) is a switched network that is logically segmented by function, project team, or application, without regard to the physical locations of the users. Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to stations in the VLAN. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router or bridge as shown in Figure 5-1. Because a VLAN is considered a separate logical network, it contains its own bridge Management Information Base (MIB) information and can support its own implementation of the Spanning Tree Protocol (STP). This chapter describes how to create and maintain VLANs through the Cluster Management software and the command-line interface (CLI). It contains the following information:

How to configure static-access and multi-VLAN ports without having the VLAN Trunk Protocol (VTP) database globally propagate VLAN configuration information. How VTP works and how to configure its domain name, modes, version, and pruning capability. How to add, modify, and remove VLANs with different media characteristics to and from the VTP database. How to configure Fast Ethernet and Gigabit Ethernet VLAN trunks on a switch. The switch supports Inter-Switch Link (ISL) and IEEE 802.1Q trunking methods of transmitting VLAN traffic. This section describes how to configure the allowed-VLAN list, the pruning-eligible list, and the native VLAN for untagged traffic. Two methods of load sharing using STP are also described.

• • •

Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04

5-1

Chapter 5

Creating and Maintaining VLANs

How to configure dynamic port VLAN membership by using the VLAN Membership Policy Server (VMPS). The VMPS dynamically assigns switch ports to VLANs based on the source Media Access Control (MAC) address of the end station connected to the port. When you move an end station from a port on one switch in the network to a port on another switch in the network, that switch dynamically assigns the new port to the proper VLAN for that end station. How to configure IEEE 802.1p class of service (CoS) port priorities for port forwarding untagged frames. You assign CoS to certain types of traffic to give it priority over other traffic.
VLANs as Logically Defined Networks
Catalyst 3500 series XL Engineering VLAN Marketing VLAN Accounting VLAN

Figure 5-1

Cisco router

Floor 3 Catalyst 2900 series XL Fast Ethernet

Floor 2 Catalyst 2900 series XL

Floor 1
15933

Cisco IOS Desktop Switching Software Configuration Guide

5-2

78-6511-04

Chapter 5

Creating and Maintaining VLANs Number of Supported VLANs

Number of Supported VLANs
Table 5-1 lists the number of supported VLANs on 2900 and 3500 XL switches.
Table 5-1 Number of Supported VLANs

Catalyst Switch 2900 XL modular switches with 8 MB of DRAM 3500 XL switches

Number of Supported VLANs 250 250

Trunking Supported? Yes Yes Yes

2900 XL fixed switches with 8 MB of DRAM 64

VLANs are identified with a number between 1 and 1001. Regardless of the switch model, only 64 possible instances of STP are supported. The switches in Table 5-1 support both Inter-Switch Link (ISL) and IEEE 802.1Q trunking methods for transmitting VLAN traffic over 100BaseT and Gigabit Ethernet ports. However, trunking is not supported on all switches and modules. For the list of products that support trunking, refer to the Release Notes for Catalyst 2900 Series XL and Catalyst 3500 Series XL Cisco IOS Release 12.0(5)XU.

VLAN Port Membership Modes
You configure a port to belong to a VLAN by assigning a membership mode that determines the kind of traffic the port carries and the number of VLANs it can belong to. Table 5-2 lists the membership modes and characteristics.

Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04

5-3

A multi-VLAN port can belong to up to 250 VLANs (some models only support 64 VLANs) and is manually assigned.Chapter 5 VLAN Port Membership Modes Creating and Maintaining VLANs Table 5-2 Port Membership Modes Membership Mode Static-access Multi-VLAN VLAN Membership Characteristics A static-access port can belong to one VLAN and is manually assigned. VLAN traffic on the multi-VLAN port is not encapsulated. The VMPS can be a Catalyst 5000 series switch but never a 2900 or 3500 XL switch. You cannot configure a multi-VLAN port when a trunk is configured on the switch. An ATM port can only be a trunk port. see the “Managing the MAC Address Tables” section on page 4-42. For more information. You can also modify the pruning-eligible list to block flooded traffic to VLANs on trunk ports that are included in the list. VTP exchanges VLAN configuration messages with other switches over trunk links. you can map the LAN emulation (LANE) client to a VLAN or bind one or more permanent virtual connections (PVCs) to a VLAN. Cisco IOS Desktop Switching Software Configuration Guide 5-4 78-6511-04 . Trunk (ISL. By default. refer to the Catalyst 2900 Series XL ATM Modules Installation and Configuration Guide. For more information. The VLAN ID is then displayed in the Assigned VLANs column of the VLAN Membership window. all ports are static-access ports assigned to VLAN 1. When a port belongs to a VLAN. A trunk is a member of all VLANs in the VLAN database by default. and renaming of VLANs on a network-wide basis. the switch learns and manages the addresses associated with the port on a per-VLAN basis. or IEEE 802.1Q) Note By using the ATM module CLI. VTP maintains VLAN configuration consistency by managing the addition. Dynamic access A dynamic-access port can belong to one VLAN and is dynamically assigned by a VMPS. ATM. but membership can be limited by configuring the allowed-VLAN list. deletion.

The switch automatically transitions to VTP transparent mode (VTP is disabled). You must connect the multi-VLAN port to a router or server. see the “Managing Configuration Conflicts” section on page 4-2. Some restrictions apply to multi-VLAN ports. you can assign a static-access port to a VLAN and set the VTP mode to transparent to disable VTP. Table 5-3 VLAN Combinations Port Mode VTP Required? Configuration Procedure “Assigning Static-Access Ports to a VLAN” section on page 5-7 Comments If you do not want to use VTP to globally propagate the VLAN configuration information. For more information. Static-access ports No Static-access and No multi-VLAN ports “Overlapping VLANs and Multi-VLAN Ports” section on page 5-9 “Assigning Static-Access Ports to a VLAN” section on page 5-7 Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-5 . No VTP configuration is required.Chapter 5 Creating and Maintaining VLANs VLAN Port Membership Modes VLAN Membership Combinations You can configure your switch ports in various VLAN membership combinations as listed in Table 5-3.

You can change the VTP version on the switch and enable VTP pruning. You can change the reconfirmation interval and the retry count on the VMPS client switch.Chapter 5 VLAN Port Membership Modes Creating and Maintaining VLANs Table 5-3 VLAN Combinations (continued) Port Mode Static-access and trunk ports VTP Required? Recommended Configuration Procedure “CLI: Configuring VTP Server Mode” section on page 5-21 Add. Dynamic-access and trunk ports Yes “CLI: Entering the IP Address of the VMPS” section on page 5-63 “CLI: Configuring Dynamic Ports on VMPS Clients” section on page 5-64 “Configuring a Trunk Port” section on page 5-40 so that the VMPS client can receive VTP information from the VMPS You must connect the dynamic-access port to an end station and not to another switch. see the “Trunks Interacting with Other Features” section on page 5-39. For more information. and configure the native “Configuring a Trunk Port” section on page 5-40 VLAN for untagged traffic on the trunk port. You can define the allowed-VLAN list. Configure the VMPS and the client with the same VTP domain name. Cisco IOS Desktop Switching Software Configuration Guide 5-6 78-6511-04 . Some restrictions apply to trunk ports. change the pruning-eligible list. change the pruning-eligible list. and configure the native VLAN for untagged traffic on the trunk port. modify. or remove VLANs in the database as described in the “Configuring VLANs in the VTP Database” section on page 5-32 “CLI: Assigning Static-Access Ports to a VLAN” section on page 5-37 Comments Make sure to configure at least one trunk port on the switch and that this trunk port is connected to the trunk port of a second switch. You can define the allowed-VLAN list.

Links among a command switch.Chapter 5 Creating and Maintaining VLANs Assigning Static-Access Ports to a VLAN Clusters. all ports are static-access ports assigned to the management VLAN. By default. The command switch is the single point of management for the cluster and cluster members. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-7 . For more information about the rcommand command. VLAN Membership. and IOS commands operate as usual. Assigning Static-Access Ports to a VLAN By default. ensure that the port through which you are connected to a switch is in the management VLAN. VLAN 1. If you are using SNMP or the Cluster Management Suite (CMS) to manage the switch. Enter exit on the member switch in privileged EXEC mode to return to the command-switch CLI. You can assign a static-access port to a VLAN without having VTP globally propagate VLAN configuration information (VTP is disabled). command mode changes. To assign a VLAN. refer to the Cisco IOS Desktop Switching Command Reference (online only). and candidate switches must be through ports that belong to the management VLAN. you can use the privileged EXEC rcommand command and the number of the member switch to display the member-switch CLI. for example. you might need to enter an extra command from the command-switch CLI to access the member switch. Once you have accessed the member switch. If you are configuring VLANs on a member switch. the management VLAN is VLAN 1. When configuring port parameters. you access the VLAN Membership window (Figure 5-2) by selecting VLAN>VLAN Membership from the menu bar and clicking the Assign VLANs tab. and the Management VLAN This software release supports the grouping of switches into a cluster that can be managed as a single entity. cluster members. For information on configuring the management VLAN. see the “Changing the Management VLAN” section on page 3-33.

You can also assign the port through the CLI on standalone. first log in to the member switch by using the privileged EXEC rcommand command. For more information on how to use this command. and member switches. You configure the switch for VTP transparent mode. which disables VTP. command. If you are assigning a port on a cluster member switch to a VLAN. Cisco IOS Desktop Switching Software Configuration Guide 5-8 29678 78-6511-04 .Chapter 5 Assigning Static-Access Ports to a VLAN Creating and Maintaining VLANs Figure 5-2 VLAN Membership: Assign VLANs Tab Display the VLANs configured on a switch and the ports and membership mode of a given VLAN. by selecting VLAN>VTP Management from the menu bar and clicking the VTP Configuration tab (Figure 5-5). refer to the Cisco IOS Desktop Switching Command Reference (online only).

Chapter 5 Creating and Maintaining VLANs Overlapping VLANs and Multi-VLAN Ports Beginning in privileged EXEC mode. The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. when a multi-VLAN port receives an unknown MAC address. Enter the VLAN membership mode for multi-VLAN ports. A multi-VLAN port performs normal switching functions in all its assigned VLANs. Intra-VLAN traffic stays within the boundaries of the respective VLANs as shown in Figure 5-3. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-9 . Overlapping VLANs and Multi-VLAN Ports A multi-VLAN port connected to a router can link two or more VLANs. and enter the port to be added to the VLAN. Separate nonconsecutive VLAN IDs with a comma. configure terminal interface interface switchport mode multi switchport multi vlan vlan-list Step 5 Step 6 end show interface interface-id switchport Return to privileged EXEC mode. use a hyphen to designate a range of IDs. Multi-VLAN ports also respond to the STP messages generated by the different instances of STP in each VLAN. Connectivity between VLANs is accomplished by using the router connected to the multi-VLAN port. follow these steps to assign ports for multi-VLAN membership: Command Step 1 Step 2 Step 3 Step 4 Purpose Enter global configuration mode. Enter interface configuration mode. For example. all the VLANs to which the port belongs learn the address. which disables VTP. Verify your entries. Assign the port to more than one VLAN. Configuring a switch port for multi-VLAN mode causes VTP to transition to transparent mode.

To display this window. You can assign a multi-VLAN port to VLANs by using the VLAN Management window (Figure 5-2). first log into the member switch by using the privileged EXEC rcommand command. Cisco IOS Desktop Switching Software Configuration Guide 5-10 12516 VLAN 77 Cisco router VLAN 42 78-6511-04 . Figure 5-3 Two VLANs Sharing a Port Connected to a Router Ports in static-access mode Port in multi-VLAN mode Caution To avoid unpredictable STP behavior and a loss of connectivity. and member switches.Chapter 5 Overlapping VLANs and Multi-VLAN Ports Creating and Maintaining VLANs For the restrictions that apply to multi-VLAN ports. If you are assigning a port on a cluster member switch to a VLAN. refer to the Cisco IOS Desktop Switching Command Reference (online only). do not connect multi-VLAN ports to hubs or switches. and click the Assign VLANs tab. command. select VLAN>VLAN Membership from the menu bar. For more information on how to use this command. see the “Managing Configuration Conflicts” section on page 4-2. Connect multi-VLAN ports to routers or servers. You can also configure the multi-VLAN port through the CLI on standalone.

and security violations. Separate nonconsecutive VLAN IDs with a comma. configure terminal interface interface switchport mode multi switchport multi vlan vlan-list Step 5 Step 6 end show interface interface-id switchport Return to privileged EXEC mode. follow these steps to assign ports for multi-VLAN membership: Command Step 1 Step 2 Step 3 Step 4 Purpose Enter global configuration mode. Enter interface configuration mode. The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. deletion. Verify your entries. VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems. and enter the port to be added to the VLAN. and renaming of VLANs on a network-wide basis. Enter the VLAN membership mode for multi-VLAN ports. Configuring a switch port for multi-VLAN mode causes VTP to transition to transparent mode.Chapter 5 Creating and Maintaining VLANs Using the VLAN Trunk Protocol Beginning in privileged EXEC mode. Using the VLAN Trunk Protocol VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition. which disables VTP. Assign the port to more than one VLAN. incorrect VLAN-type specifications. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-11 . such as duplicate VLAN names. use a hyphen to designate a range of IDs.

If you configure a switch for VTP transparent mode. the change is propagated to all switches in the VTP domain.Chapter 5 Using the VLAN Trunk Protocol Creating and Maintaining VLANs Before you create VLANs. The VTP Domain A VTP domain (also called a VLAN management domain) consists of one switch or several interconnected switches under the same administrative responsibility. but the changes are not transmitted to other switches in the domain. and they affect only the individual switch. A switch can be in only one VTP domain.1Q. Without VTP. IEEE 802. it inherits the domain name and configuration revision number.10. If the switch receives a VTP advertisement over a trunk link. When you make a change to the VLAN configuration on a VTP server. a 2900 or 3500 XL switch is in the no-management-domain state until it receives an advertisement for a domain over a trunk link (a link that carries the traffic of multiple VLANs) or until you configure a domain name. For domain name and password configuration guidelines. The switch then ignores advertisements with a different domain name or an earlier configuration revision number. and Asynchronous Transfer Mode (ATM) LAN Emulation (LANE). see the “Domain Names” section on page 5-16. You make global VLAN configuration changes for the domain by using the CLI. and have those changes automatically communicated to all the other switches in the network. Cluster Management software. By default. including Inter-Switch Link (ISL). you must decide whether to use VTP in your network. but VLAN information is not propagated over the network until a domain name is specified or learned. you cannot send information about VLANs to other switches. you can create and modify VLANs. such as a 2900 or 3500 XL switch. The default VTP mode is server mode. VTP advertisements are sent over all trunk connections. Cisco IOS Desktop Switching Software Configuration Guide 5-12 78-6511-04 . or Simple Network Management Protocol (SNMP). IEEE 802. you can make configuration changes centrally on a single switch. Using VTP.

and delete VLANs and specify other configuration parameters (such as VTP version) for the entire VTP domain. modify. change. VTP In this mode. In VTP server mode. and delete VLANs on a switch in VTP transparent mode. However. you can create. The switch then operates with the VLAN configuration that preceded the one that sent it into transparent mode. VLAN configurations are saved in nonvolatile RAM. VTP server is the default mode. but they are not advertised to other switches. modify. VTP client In this mode. a VTP client behaves like a VTP server. transparent A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. but you cannot create.Chapter 5 Creating and Maintaining VLANs Using the VLAN Trunk Protocol VTP Modes and VTP Mode Transitions You can configure a supported switch to be in one of the VTP modes listed in Table 5-4: Table 5-4 VTP Modes VTP Mode VTP server Description In this mode. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-13 . You can create. transparent switches do forward VTP advertisements that they receive from other switches. VLAN configurations are saved in nonvolatile RAM. VLAN configurations are not saved in nonvolatile RAM. In VTP transparent mode. VTP servers advertise their VLAN configurations to other switches in the same VTP domain and synchronize their VLAN configurations with other switches based on advertisements received over trunk links. Two configurations can cause a switch to automatically change its VTP mode: • When the network is configured with more than 64 VLANs. In VTP client mode. the switch automatically changes from VTP server or client mode to VTP transparent mode. or delete VLANs on a VTP client. VTP transparent switches do not participate in VTP.

the switch automatically changes to transparent mode. VTP Advertisements Each switch in the VTP domain sends periodic global configuration advertisements from each trunk port to a reserved multicast address. Note Because trunk ports send and receive VTP advertisements. the switch cannot receive any VTP advertisements. The “VTP Configuration Guidelines” section on page 5-16 provides tips and caveats for configuring VTP. VTP advertisements distribute the following global domain information in VTP advertisements: • • • • VTP domain name VTP configuration revision number Update identity and update timestamp MD5 digest VTP advertisements distribute the following VLAN information for each configured VLAN: • • • • • VLAN ID VLAN name VLAN type VLAN state Additional VLAN configuration information specific to the VLAN type Cisco IOS Desktop Switching Software Configuration Guide 5-14 78-6511-04 . Neighboring switches receive these advertisements and update their VTP and VLAN configurations as necessary. you must ensure that at least one trunk port is configured on the switch and that this trunk port is connected to the trunk port of a second switch. Otherwise.Chapter 5 Using the VLAN Trunk Protocol Creating and Maintaining VLANs • When a multi-VLAN port is configured on a supported switch in VTP server mode or client mode.

VTP version 2 forwards VTP messages in transparent mode without checking the version and domain name. • • • VTP Pruning Pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to reach the destination devices. Version-Dependent Transparent Mode—In VTP version 1. Consistency checks are not performed when new information is obtained from a VTP message or when information is read from nonvolatile RAM. a switch floods broadcast. and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them. Only VLANs included in the pruning-eligible list can be pruned. Unrecognized Type-Length-Value (TLV) support—A VTP server or client propagates configuration changes to its other trunks. Because only one domain is supported. VTP pruning blocks unneeded flooded traffic to VLANs on trunk ports that are included in the pruning-eligible list. multicast. Consistency Checks—In VTP version 2. even for TLVs it is not able to parse. see the “VLANs in the VTP Database” section on page 5-27. The unrecognized TLV is saved in nonvolatile RAM when the switch is operating in VTP server mode. For more information about Token Ring VLANs. a VTP transparent switch inspects VTP messages for the domain name and version and forwards a message only if the version and domain name match. or SNMP. VLAN consistency checks (such as VLAN names and values) are performed only when you enter new information through the CLI. VLANs 2 through 1001 are Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-15 . By default. Without VTP pruning.Chapter 5 Creating and Maintaining VLANs Using the VLAN Trunk Protocol VTP Version 2 VTP version 2 supports the following features not supported in version 1: • Token Ring support—VTP version 2 supports Token Ring LAN switching and VLANs (Token Ring Bridge Relay Function [TrBRF] and Token Ring Concentrator Relay Function [TrCRF]). the Cluster Management software. its information is accepted without consistency checks. If the digest on a received VTP message is correct.

all switches in the VTP domain must be configured with the same domain name. the flooding continues. 5. The broadcast traffic from Switch 1 is not forwarded to Switches 3. and the VTP version number. Port 4 Catalyst 2900 XL or Catalyst 3500 XL Switch 2 Red VLAN Switch 5 Flooded traffic is pruned. In addition. Switches in VTP transparent mode do not exchange VTP messages with other switches. VTP pruning is also supported with VTP version 1 and version 2. Cisco IOS Desktop Switching Software Configuration Guide 5-16 78-6511-04 . Figure 5-4 shows a switched network with VTP pruning enabled. Figure 5-4 Optimized Flooded Traffic with VTP Pruning Switch 4 Port 2 Flooded traffic is pruned. and you do not need to configure a VTP domain name for them. you must always assign a domain name.Chapter 5 Using the VLAN Trunk Protocol Creating and Maintaining VLANs pruning eligible on 2900 and 3500 XL trunk ports. Domain Names When configuring VTP for the first time. and 6 because traffic for the Red VLAN has been pruned on the links indicated (port 5 on Switch 2 and port 4 on Switch 4). If the VLANs are configured as pruning-ineligible. Port 5 Port 1 30768 Switch 6 Switch 3 Switch 1 VTP Configuration Guidelines The following sections describe the guidelines you should follow when configuring the VTP domain name and password.

Therefore. to a version that does support VTP.Chapter 5 Creating and Maintaining VLANs Using the VLAN Trunk Protocol Caution Do not configure a VTP domain if all switches are operating in VTP client mode. you must configure the switch with the correct domain name. the domain password. After the configuration. Passwords You can configure a password for the VTP domain. and VTP enters transparent mode. Upgrading from Previous Software Releases When you upgrade from a software version that supports VLANs but does not support VTP. Caution The domain does not function properly if you do not assign the same password to each switch in the domain. a 2900 or 3500 XL switch that is booted without a VTP configuration does not accept VTP advertisements until you configure it with the correct password. If you configure a VTP password for a domain. If you are adding a new switch to an existing network that has VTP capability. such as Cisco IOS Release 11. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-17 . but it is not required.2(8)SA3. make sure you configure at least one switch in the VTP domain for VTP server mode. If you want the switch to propagate VLAN configuration information to other switches and to learn the VLANs enabled on the network. the switch accepts the next VTP advertisement that uses the same password and domain name in the advertisement. ports that belong to a VLAN retain their VLAN membership. The domain name becomes UPGRADE. and VTP does not propagate the VLAN configuration to other switches. and change the VTP mode to VTP server. it is impossible to make changes to the VLAN configuration of that domain. All domain switches must share the same password. If you configure the domain. the new switch learns the domain name only after the applicable password has been configured on the switch. Switches without a password or with the wrong password reject VTP advertisements.

Chapter 5 Using the VLAN Trunk Protocol

Creating and Maintaining VLANs

VTP Version
Follow these guidelines when deciding which VTP version to implement:
• •

All switches in a VTP domain must run the same VTP version. A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTP version 1 if version 2 is disabled on the version 2-capable switch (version 2 is disabled by default). Do not enable VTP version 2 on a switch unless all of the switches in the same VTP domain are version-2-capable. When you enable version 2 on a switch, all of the version-2-capable switches in the domain enable version 2. If there is a version 1-only switch, it will not exchange VTP information with switches with version 2 enabled. If there are Token Ring networks in your environment (TrBRF and TrCRF), you must enable VTP version 2 for Token Ring VLAN switching to function properly. To run Token Ring and Token Ring-Net, disable VTP version 2. Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for the entire VTP domain.

Default VTP Configuration
Table 5-5 shows the default VTP configuration.
Table 5-5 VTP Default Configuration

Feature VTP domain name VTP mode VTP version 2 enable state VTP password VTP pruning

Default Value Null. Server. Version 2 is disabled. None. Disabled.

Cisco IOS Desktop Switching Software Configuration Guide

5-18

78-6511-04

Chapter 5

Creating and Maintaining VLANs Using the VLAN Trunk Protocol

Configuring VTP
You can configure VTP by using the VTP Management window (Figure 5-5). To display this window, select VLAN>VTP Management from the menu bar, and click the VTP Configuration tab.
Figure 5-5 VTP Management: VTP Configuration Tab

Read-only VTP information.

Configures VLAN parameters when you add or modify a VLAN in the VTP database.

Assign a VTP domain name from 1 to 32 characters. All switches under the same administrative responsibility must be configured with the same domain name.

If you configure a password, it must be the same on all switches in the domain.

After you configure VTP, you must configure a trunk port so that the switch can send and receive VTP advertisements. For more information, see the “How VLAN Trunks Work” section on page 5-38. You can also configure VTP through the CLI on standalone, command, and member switches by entering commands in the VLAN database command mode. If you are configuring VTP on a cluster member switch to a VLAN, first log in to the member switch by using the privileged EXEC rcommand command. For more information on how to use this command, refer to the Cisco IOS Desktop Switching Command Reference (online only).
Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04

29674

5-19

Chapter 5 Using the VLAN Trunk Protocol

Creating and Maintaining VLANs

When you enter the exit command in VLAN database mode, it applies all the commands that you entered. VTP messages are sent to other switches in the VTP domain, and you are returned to privileged EXEC mode.

Note

The Cisco IOS end and Ctrl-Z commands are not supported in VLAN database mode.

Cisco IOS Desktop Switching Software Configuration Guide

5-20

78-6511-04

The name can be from 1 to 32 characters. In the display.Chapter 5 Creating and Maintaining VLANs Using the VLAN Trunk Protocol CLI: Configuring VTP Server Mode When a switch is in VTP server mode. All switches operating in VTP server or client mode under the same administrative responsibility must be configured with the same domain name. vlan database vtp domain domain-name Step 3 vtp password password-value (Optional) Set a password for the VTP domain. Verify the VTP configuration. you can change the VLAN configuration and have it propagated throughout the network. Configure a VTP administrative-domain name. Return to privileged EXEC mode. check the VTP Operating Mode and the VTP Domain Name fields. The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. the VTP domain does not function properly if you do not assign the same password to each switch in the domain. If you configure a VTP password. follow these steps to configure the switch for VTP server mode: Command Step 1 Step 2 Purpose Enter VLAN database mode. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-21 . The password can be from 8 to 64 characters. Beginning in privileged EXEC mode. Step 4 Step 5 Step 6 vtp server exit show vtp status Configure the switch for VTP server mode (the default).

check the VTP Operating Mode field. Step 5 Step 6 exit show vtp status Update the VLAN database. If you configure a VTP password. Beginning in privileged EXEC mode. The client switch receives VTP updates from a VTP server in the VTP domain and then modifies its configuration accordingly. Cisco IOS Desktop Switching Software Configuration Guide 5-22 78-6511-04 . Therefore. Configure a VTP administrative-domain name. follow these steps to configure the switch for VTP client mode: Command Step 1 Step 2 Step 3 Purpose Enter VLAN database mode. Caution Do not configure a VTP domain name if all switches are operating in VTP client mode. The default setting is VTP server.Chapter 5 Using the VLAN Trunk Protocol Creating and Maintaining VLANs CLI: Configuring VTP Client Mode When a switch is in VTP client mode. In the display. If you do so. All switches operating in VTP server or client mode under the same administrative responsibility must be configured with the same domain name. you cannot change its VLAN configuration. Configure the switch for VTP client mode. Verify the VTP configuration. vlan database vtp client vtp domain domain-name Step 4 vtp password password-value (Optional) Set a password for the VTP domain. the VTP domain does not function properly if you do not assign the same password to each switch in the domain. The name can be from 1 to 32 characters. it is impossible to make changes to the VLAN configuration of that domain. The password can be from 8 to 64 characters. and return to privileged EXEC mode. propagate it throughout the administrative domain. make sure you configure at least one switch as the VTP server.

Chapter 5 Creating and Maintaining VLANs Using the VLAN Trunk Protocol The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. follow these steps to configure the switch for VTP transparent mode: Command Step 1 Step 2 Purpose Enter VLAN database mode. Configure the switch for VTP transparent mode. The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. CLI: Disabling VTP (VTP Transparent Mode) When you configure the switch for VTP transparent mode. Beginning in privileged EXEC mode. you disable VTP on the switch. In the display. This step disables VTP on the switch. The default setting is VTP server. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-23 . a VTP transparent switch does forward received VTP advertisements on all of its trunk links. every VTP version 2-capable switch in the VTP domain enables version 2. vlan database vtp transparent Step 3 Step 4 exit show vtp status Return to privileged EXEC mode. The switch then does not send VTP updates and does not act on VTP updates received from other switches. Verify the VTP configuration. When you enable VTP version 2 on a switch. However. check the VTP Operating Mode field. CLI: Enabling VTP Version 2 VTP version 2 is disabled by default on VTP version 2-capable switches.

Chapter 5 Using the VLAN Trunk Protocol Creating and Maintaining VLANs Caution VTP version 1 and VTP version 2 are not interoperable on switches in the same VTP domain. Verify that VTP version 2 is enabled. Every switch in the VTP domain must use the same VTP version. Step 1 Step 2 vlan database vtp v2-mode Step 3 exit Update the VLAN database. propagate it throughout the administrative domain. In the display. follow these steps to enable VTP version 2: Command Purpose Enter VLAN configuration mode. Cisco IOS Desktop Switching Software Configuration Guide 5-24 78-6511-04 . Enable VTP version 2 on the switch. VTP version 2 is disabled by default on VTP version 2-capable switches. and return to privileged EXEC mode. Step 4 show vtp status The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. Do not enable VTP version 2 unless every switch in the VTP domain supports version 2. Note In a Token Ring environment. For more information on VTP version configuration guidelines. check the VTP V2 Mode field. you must enable VTP version 2 for Token Ring VLAN switching to function properly. Beginning in privileged EXEC mode. see the “VTP Version” section on page 5-18.

In the display. Verify that VTP version 2 is disabled. follow these steps to disable VTP version 2: Command Step 1 Step 2 Step 3 Purpose Enter VLAN configuration mode. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-25 . check the VTP V2 Mode field. propagate it throughout the administrative domain.Chapter 5 Creating and Maintaining VLANs Using the VLAN Trunk Protocol CLI: Disabling VTP Version 2 Beginning in privileged EXEC mode. and return to privileged EXEC mode. Disable VTP version 2. Update the VLAN database. vlan database no vtp v2-mode exit Step 4 show vtp status The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation.

Step 4 show vtp status Pruning is supported with VTP version 1 and version 2. Beginning in privileged EXEC mode. Only VLANs included in the pruning-eligible list can be pruned. You only need to enable pruning on one switch in VTP server mode. By default. Cisco IOS Desktop Switching Software Configuration Guide 5-26 78-6511-04 . check the VTP Pruning Mode field. Verify that your entries. and the number of VLANs. pruning is disabled. You enable VTP pruning on a switch in VTP server mode. it is enabled for the entire VTP domain. VLANs 2 through 1001 are pruning eligible on 2900 and 3500 XL trunk ports. For information. the current VTP revision.Chapter 5 Using the VLAN Trunk Protocol Creating and Maintaining VLANs CLI: Enabling VTP Pruning Pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the destination devices. and return to privileged EXEC mode. If you enable pruning on the VTP server. vlan database vtp pruning Step 3 exit Update the VLAN database. You can also display statistics about the advertisements sent and received by the switch. The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. see the “CLI: Changing the Pruning-Eligible List” section on page 5-45. Enable pruning in the VTP administrative domain. follow these steps to enable VTP pruning: Command Step 1 Step 2 Purpose Enter VLAN configuration mode. propagate it throughout the administrative domain. In the display. By default. CLI: Monitoring VTP You monitor VTP by displaying its configuration information: the domain name.

Token Ring-Net) VLAN state (active or suspended) Maximum transmission unit (MTU) for the VLAN Security Association Identifier (SAID) Bridge identification number for TrBRF VLANs Ring number for FDDI and TrCRF VLANs Parent VLAN number for TrCRF VLANs Spanning Tree Protocol (STP) type for TrCRF VLANs VLAN number to use when translating from one VLAN type to another The “Default VLAN Configuration” section on page 5-29 lists the default values and possible ranges for each VLAN media type. VLANs in the VTP Database You can set the following parameters when you add a new VLAN to or modify an existing VLAN in the VTP database: • • • • • • • • • • • VLAN ID VLAN name VLAN type (Ethernet. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-27 . Token Ring. or TrCRF. TrBRF. show vtp status show vtp counters The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. Fiber Distributed Data Interface [FDDI].Chapter 5 Creating and Maintaining VLANs VLANs in the VTP Database Beginning in privileged EXEC mode. FDDI network entity title [NET]. follow these steps to monitor VTP activity: Command Step 1 Step 2 Purpose Display the VTP switch configuration information. Display counters about VTP messages being sent and received.

TrCRF. the switch must be in VTP server mode or VTP transparent mode.Chapter 5 VLANs in the VTP Database Creating and Maintaining VLANs Token Ring VLANs Although the 2900 and 3500 XL switches do not support Token Ring connections. Switches running this IOS release do not support Token Ring or FDDI media. FDDI-Net. Before you can create a VLAN. 4 of the active VLANs (1002 to 1005) are reserved for Token Ring and FDDI. If VTP reports that there are 254 active VLANs. a remote device such as a Catalyst 5000 series switch with Token Ring connections could be managed from one of the supported switches. see the “Configuring VTP” section on page 5-19. • • Cisco IOS Desktop Switching Software Configuration Guide 5-28 78-6511-04 . and some models only support 64 VLANs. Switches running this IOS release advertise information about the following Token Ring VLANs when running VTP version 2: • • Token Ring TrBRF VLANs Token Ring TrCRF VLANs For more information on configuring Token Ring VLANs. or TrBRF traffic. see the Catalyst 5000 Series Software Configuration Guide. The switch does not forward FDDI. VLAN Configuration Guidelines Follow these guidelines when creating and modifying VLANs in your network: • A maximum of 250 VLANs can be active on supported switches. For information on configuring VTP. but it does propagate the VLAN configuration through VTP.

where xxxx is the VLAN ID 100000+VLAN ID 1500 0 0 active Range 1–1005 No range 1–4294967294 1500–18190 0–1005 0–1005 active.10 SAID MTU size Ring number Default 1002 VLANxxxx.10 SAID MTU size Translational bridge 1 Translational bridge 2 VLAN state Default 1 VLANxxxx. Table 5-6 Ethernet VLAN Defaults and Ranges Parameter VLAN ID VLAN name 802. where xxxx is the VLAN ID 100000+VLAN ID 1500 None Range 1–1005 No range 1–4294967294 1500–18190 1–4095 Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-29 . Note Catalyst 2900 and 3500 XL switches support Ethernet interfaces exclusively.Chapter 5 Creating and Maintaining VLANs VLANs in the VTP Database Default VLAN Configuration Table 5-6 through Table 5-10 shows the default configuration for the different VLAN media types. you configure FDDI and Token Ring media-specific characteristics only for VTP global advertisements to other switches. Because FDDI and Token Ring VLANs are not locally supported. suspend Table 5-7 FDDI VLAN Defaults and Ranges Parameter VLAN ID VLAN name 802.

10 SAID MTU size Bridge number STP type Translational bridge 1 Translational bridge 2 VLAN state Default 1004 VLANxxxx. ieee 0–1005 0–1005 active. suspend Table 5-9 Token Ring (TrBRF) VLAN Defaults and Ranges Parameter VLAN ID VLAN name 802. where xxxx is the VLAN ID 100000+VLAN ID VTPv1 1500.Chapter 5 VLANs in the VTP Database Creating and Maintaining VLANs Table 5-7 FDDI VLAN Defaults and Ranges (continued) Parameter Parent VLAN Translational bridge 1 Translational bridge 2 VLAN state Default 0 0 0 active Range 0–1005 0–1005 0–1005 active.10 SAID MTU size Default 1005 VLANxxxx. ibm. suspend Table 5-8 FDDI-Net VLAN Defaults and Ranges Parameter VLAN ID VLAN name 802. VTPv2 4472 Cisco IOS Desktop Switching Software Configuration Guide Range 1–1005 No range 1–4294967294 1500–18190 5-30 78-6511-04 . where xxxx is the VLAN ID 100000+VLAN ID 1500 0 ieee 0 0 active Range 1–1005 No range 1–4294967294 1500–18190 0–15 auto.

suspend Table 5-10 Token Ring (TrCRF) VLAN Defaults and Ranges Parameter VLAN ID VLAN name 802.10 SAID Ring Number Parent VLAN MTU size Translational bridge 1 Translational bridge 2 VLAN state Bridge mode ARE max hops STE max hops Backup CRF Default 1003 VLANxxxx. ibm. ieee 0–1005 0–1005 active.Chapter 5 Creating and Maintaining VLANs VLANs in the VTP Database Table 5-9 Token Ring (TrBRF) VLAN Defaults and Ranges (continued) Parameter Bridge number STP type Translational bridge 1 Translational bridge 2 VLAN state Default VTPv1 0. suspend srb. VTPv2 default 4472 0 0 active srb 7 7 disabled Range 1–1005 No range 1–4294967294 1–4095 0–1005 1500–18190 0–1005 0–1005 active. VTPv2 user-specified ibm 0 0 active Range 0–15 auto. enable Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-31 . srt 0–13 0–13 disable. where xxxx is the VLAN ID 100000+VLAN ID VTPv1 default 0. VTPv2 user-specified VTPv1 default 0. VTPv2 user-specified VTPv1 default 1500.

and click the VLAN Configuration tab.dat file is stored in nonvolatile memory. To display this window. The vlan. modify or remove VLAN configurations in the VTP database. You use the CLI vlan database command mode to add.Chapter 5 VLANs in the VTP Database Creating and Maintaining VLANs Configuring VLANs in the VTP Database You can use the VTP Management window (Figure 5-6) or the CLI to add.dat file is upgraded automatically. You cannot remove VLANs 1 or 1002-1005. Select a row. commands to add. Click Help to for more information on using this window. change. and delete VLANs. change.dat. select VLAN>VTP Management from the menu bar. VTP globally propagates these VLAN changes throughout the VTP domain. The vlan. and you can display them by entering the privileged EXEC mode show vlan command. Cisco IOS Desktop Switching Software Configuration Guide 5-32 30767 78-6511-04 . Figure 5-6 VTP Management: VLAN Configuration Tab Add a VLAN to the database. and click Modify to change its parameters. and delete VLANs are written to the file vlan. In VTP server or transparent mode. and click Remove to delete a VLAN from the database. but you cannot return to an earlier version of Cisco IOS after you upgrade to this release. Select an existing VLAN.

dat file. The results of these commands are written to the running-configuration file. use the VLAN database commands described in the Cisco IOS Desktop Switching Command Reference (online only). refer to the Cisco IOS Desktop Switching Command Reference (online only). You use the interface configuration command mode to define the port membership mode and add and remove ports from VLAN. Note VLANs can be configured to support a number of parameters that are not discussed in detail in this section. For complete information on the commands and parameters that control VLAN configuration. and you can display the file by entering the privileged EXEC mode show running-config command. If you want to modify the VLAN configuration or VTP.Chapter 5 Creating and Maintaining VLANs VLANs in the VTP Database Caution You can cause inconsistency in the VLAN database if you attempt to manually delete the vlan. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-33 .

VLAN0004 could be a default VLAN name. see the “Default VLAN Configuration” section on page 5-29. Step 3 Step 4 show vlan name vlan-name The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. assign a number and name to the VLAN. Beginning in privileged EXEC mode. If no name is entered for the VLAN. Cisco IOS Desktop Switching Software Configuration Guide 5-34 78-6511-04 . the default is to append the vlan-id to the word VLAN. the VLAN is an Ethernet VLAN. and return to privileged EXEC mode. For example. For the list of default parameters that are assigned when you add a VLAN. If you do not specify the VLAN type. vlan database vlan vlan-id name vlan-name Add an Ethernet VLAN by assigning a number to it. 4-digit ID that can be a number from 1 to 1001. propagate it throughout the administrative domain. Verify the VLAN configuration.Chapter 5 VLANs in the VTP Database Creating and Maintaining VLANs CLI: Adding an Ethernet VLAN Each VLAN has a unique. follow these steps to add an Ethernet VLAN: Command Step 1 Step 2 Purpose Enter VLAN database mode. exit Update the VLAN database. To add a VLAN to the VLAN database.

and change the MTU size.Chapter 5 Creating and Maintaining VLANs VLANs in the VTP Database CLI: Modifying an Ethernet VLAN Beginning in privileged EXEC mode. follow these steps to modify an Ethernet VLAN: Command Step 1 Step 2 Step 3 Purpose Enter VLAN configuration mode. Verify the VLAN configuration. propagate it throughout the administrative domain. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-35 . vlan database vlan vlan-id mtu mtu-size exit Step 4 show vlan vlan-id The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. and return to privileged EXEC mode. Update the VLAN database. Identify the VLAN.

Cisco IOS Desktop Switching Software Configuration Guide 5-36 78-6511-04 . Caution When you delete a VLAN. Step 1 Step 2 Step 3 vlan database no vlan vlan-id exit Step 4 show vlan brief The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. Update the VLAN database. the VLAN is removed from all switches in the VTP domain. When you delete a VLAN from a switch that is in VTP transparent mode. and return to privileged EXEC mode. Verify the VLAN removal. Beginning in privileged EXEC mode. follow these steps to delete a VLAN on the switch: Command Purpose Enter VLAN configuration mode. You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005.Chapter 5 VLANs in the VTP Database Creating and Maintaining VLANs CLI: Deleting a VLAN from the Database When you delete a VLAN from a switch that is in VTP server mode. any ports assigned to that VLAN become inactive. Remove the VLAN by using the VLAN ID. They remain associated with the VLAN (and thus inactive) until you assign them to a new VLAN. the VLAN is deleted only on that specific switch. propagate it throughout the administrative domain.

all ports are static-access ports assigned to VLAN 1. follow these steps to assign a port to a VLAN in the VTP database: Command Step 1 Step 2 Purpose Enter global configuration mode. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-37 . For more information on how to use this command. first log in to the member switch by using the privileged EXEC rcommand command. If you are assigning a port on a cluster member switch to a VLAN. and the Priority for Untagged Frames fields. In the display. Access Mode VLAN. Return to privileged EXEC mode.Chapter 5 Creating and Maintaining VLANs VLANs in the VTP Database CLI: Assigning Static-Access Ports to a VLAN By default. Enter interface configuration mode. Beginning in privileged EXEC mode. Verify the VLAN configuration. and define the interface to be added to the VLAN. configure terminal interface interface Step 3 Step 4 Step 5 Step 6 switchport mode access switchport access vlan 3 exit show interface interface-id switchport The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. which is the default management VLAN. Assign the port to the VLAN. Define the VLAN membership mode for this port. check the Operation Mode. refer to the Cisco IOS Desktop Switching Command Reference (online only).

Chapter 5 How VLAN Trunks Work Creating and Maintaining VLANs How VLAN Trunks Work A trunk is a point-to-point link that transmits and receives traffic between switches or between switches and routers. Figure 5-7 Catalyst 2900 Series XL and Catalyst 3500 Series XL Switches in an ISL Trunking Environment Catalyst 5000 series switch ISL trunk Catalyst 2900 XL switch ISL trunk ISL trunk ISL trunk Catalyst 3500 XL switch Catalyst 3500 XL switch VLAN3 Catalyst 2900 XL switch VLAN2 VLAN1 VLAN2 VLAN1 VLAN3 15929 Cisco IOS Desktop Switching Software Configuration Guide 5-38 78-6511-04 . the default protocol. or industry-standard IEEE 802. Figure 5-7 shows a network of switches that are connected by ISL trunks.1Q to carry traffic for multiple VLANs over a single link. Trunks carry the traffic of multiple VLANs and can extend VLANs across an entire network. 100BaseT and Gigabit Ethernet trunks use Cisco Inter-Switch Link (ISL).

Chapter 5 Creating and Maintaining VLANs How VLAN Trunks Work IEEE 802. A trunk port cannot be a secure port. Secure ports Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-39 . We recommend that you leave STP enabled on the native VLAN of an 802.1Q trunks impose some limitations on the trunking strategy for a network. Table 5-11 Trunks Interacting with Other Features Switch Feature Port monitoring Network port Trunk Port Interaction A trunk port cannot be a monitor port. A static-access port can monitor the traffic of its VLAN on a trunk port. • Trunks Interacting with Other Features ISL. When configured as a network port.1Q trunk without disabling STP on every VLAN in the network can potentially cause STP loops. and ATM trunking interacts with other switch features as described in Table 5-11. a trunk port serves as the network port for all VLANs associated with the port. A network port receives all unknown unicast traffic on a VLAN. If the native VLAN on one end of the trunk is different from the native VLAN on the other end. Make sure your network is loop-free before disabling STP. Disabling STP on the native VLAN of an 802.1Q trunks: • Make sure the native VLAN for an 802. spanning-tree loops might result.1Q trunk or disable STP on every VLAN in the network.1Q Configuration Considerations IEEE 802. The following restrictions apply when using 802.1Q.1Q trunk is the same on both ends of the trunk link. IEEE 802.

1Q trunks can be grouped into EtherChannel port groups. select VLAN>VLAN Membership from the menu bar. Port grouping ISL and 802. unknown unicast packets cannot be blocked. if the trunk port is acting as a network port. Configuring a Trunk Port You configure trunk ports by using the Assign VLANs (Figure 5-2) and Trunk Configuration (Figure 5-8) tabs of the VLAN Membership window. Cisco IOS Desktop Switching Software Configuration Guide 5-40 78-6511-04 . However. If you change the configuration of one of the following parameters. but all trunks in the group must have the same configuration. ATM ports are always trunk ports but cannot be part of an EtherChannel port group.Chapter 5 How VLAN Trunks Work Creating and Maintaining VLANs Table 5-11 Trunks Interacting with Other Features (continued) Switch Feature Trunk Port Interaction Blocking unicast The port block command can be used to block the and multicast forwarding of unknown unicast and multicast packets to packets on a trunk VLANs on a trunk. When a group is first created. all port cease to be trunks. Then click the Assign VLANs tab or the Trunk Configuration tab. the switch propagates the setting you entered to all ports in the group: • • • • • Allowed-VLAN list STP path cost for each VLAN STP port priority for each VLAN STP Port Fast setting Trunk status: if one port in a port group ceases to be a trunk. To display this window. all ports follow the parameters set for the first port to be added to the group.

VLANs 1-1005 are allowed on each trunk. you must ensure that at least one trunk port is configured on the switch and that this trunk port is connected to the trunk port of a second switch. the switch cannot receive any VTP advertisements. and member switches. 29676 You can also configure a trunk port through the CLI on standalone.1Q trunks only). If you are assigning a port on a cluster member switch to a VLAN.Chapter 5 Creating and Maintaining VLANs How VLAN Trunks Work Figure 5-8 VLAN Membership: Trunk Configuration Tab Select this tab to change the port membership mode to ISL trunk or 802. For information on trunk port interactions with other features. see the “Trunks Interacting with Other Features” section on page 5-39. Otherwise.1Q trunk. You can remove VLANs from the allowed list to prevent traffic from those VLANs from passing over the trunk. command. Only VLANs included in the list can be pruned. For more information on how to use this command. the pruning-eligible list. CLI: Configuring a Trunk Port You cannot have multi-VLAN and trunk ports configured on the same switch. or the native VLAN for untagged traffic (802. By default. Select a row or rows. You can modify this list. refer to the Cisco IOS Desktop Switching Command Reference (online only). and click Modify to change the allowed-VLAN list. first log in to the member switch by using the privileged EXEC rcommand command. By default. VLANs 2-1001 are pruningeligible on trunk port. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-41 . Note Because trunk ports send and receive VTP advertisements.

follow these steps to configure a port as an ISL or 802. Configure the port to support ISL or 802. Enter the interface configuration mode and the port to be configured for trunking.1Q encapsulation. Step 7 copy running-config startup-config Note This software release does not support trunk negotiation via the Dynamic Trunk Protocol (DTP). formerly known as Dynamic ISL (DISL). In the display. If you are connecting a trunk port to a Catalyst 5000 switch or other DTP device. configure terminal interface interface_id switchport mode trunk switchport trunk encapsulation {isl | dot1q} Step 5 Step 6 end show interface interface-id switchport Return to privileged EXEC mode.1Q trunk port: Command Step 1 Step 2 Step 3 Step 4 Purpose Enter global configuration mode. check the Operational Mode and the Operational Trunking Encapsulation fields.Chapter 5 How VLAN Trunks Work Creating and Maintaining VLANs Beginning in privileged EXEC mode. use the non-negotiate option on the DTP-capable device so that the switch port does not generate DTP frames. Verify your entries. Configure the port as a VLAN trunk. Save the configuration. The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. You must configure each end of the link with the same encapsulation type. Cisco IOS Desktop Switching Software Configuration Guide 5-42 78-6511-04 .

When VTP detects a newly enabled VLAN and the VLAN is in the allowed list for a trunk port. In the display. All VLANs. Verify your entries. configure terminal interface interface_id no switchport mode end show interface interface-id switchport The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. you can remove VLANs from the allowed list. a trunk port sends to and receives traffic from all VLANs in the VLAN database. CLI: Defining the Allowed VLANs on a Trunk By default. Enter the interface configuration mode and the port to be added to the VLAN. However. the trunk port does not become a member of the new VLAN. Beginning in privileged EXEC mode. Return to privileged EXEC. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-43 . preventing traffic from those VLANs from passing over the trunk. 1 to 1005. Return the port to its default static-access mode. if VTP knows of the VLAN. the trunk port automatically becomes a member of the enabled VLAN. To restrict the traffic a trunk carries. check the Negotiation of Trunking field. use the remove vlan-list parameter to remove specific VLANs from the allowed list.Chapter 5 Creating and Maintaining VLANs How VLAN Trunks Work CLI: Disabling a Trunk Port You can disable trunking on a port by returning it to its default static-access mode. follow these steps to disable trunking on a port: Command Step 1 Step 2 Step 3 Step 4 Step 5 Purpose Enter global configuration mode. and if the VLAN is in the allowed list for the port. are allowed on each trunk. A trunk port can become a member of a VLAN if the VLAN is enabled. When VTP detects a new VLAN and the VLAN is not in the allowed list for a trunk port.

1Q trunk: Command Step 1 Step 2 Step 3 Step 4 Purpose Enter global configuration mode. Valid IDs are from 2 to 1001. switchport allowed-vlan copy running-config startup-config Save the configuration.Chapter 5 How VLAN Trunks Work Creating and Maintaining VLANs Beginning in privileged EXEC mode. use a hyphen to designate a range of IDs. The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. Enter interface configuration mode and the port to be added to the VLAN. The vlan-list parameter is a range of VLAN IDs Separate nonconsecutive VLAN IDs with a comma and no spaces. Cisco IOS Desktop Switching Software Configuration Guide 5-44 78-6511-04 . show interface interface-id Verify your entries. configure terminal interface interface_id switchport mode trunk switchport trunk allowed vlan remove vlan-list Step 5 Step 6 Step 7 end Return to privileged EXEC. follow these steps to modify the allowed list of a ISL or 802. Define the VLANs that are not allowed to transmit and receive on the port. Configure VLAN membership mode for trunks.

configure terminal interface interface-id Step 3 switchport trunk pruning vlan remove vlan-id Step 4 Step 5 exit show interface interface-id switchport Return to privileged EXEC mode. Verify your settings. VTP Pruning must be enabled for the following procedure to take effect. VLANs that are pruning-ineligible receive flooded traffic. Each trunk port has its own eligibility list. and select the trunk port for which VLANs should be pruned. Enter the VLANs to be removed from the pruning-eligible list. Beginning in privileged EXEC mode. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-45 . Valid IDs are from 2 to 1001. Enter interface configuration mode. Separate nonconsecutive VLAN IDs with a comma and no spaces. The “CLI: Enabling VTP Pruning” section on page 5-26 describes how to enable VTP pruning.Chapter 5 Creating and Maintaining VLANs How VLAN Trunks Work CLI: Changing the Pruning-Eligible List The pruning-eligible list applies only to trunk ports. use a hyphen to designate a range of IDs. The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. follow these steps to remove VLANs from the pruning-eligible list on a trunk port: Command Step 1 Step 2 Purpose Enter global configuration mode.

otherwise.1Q Configuration Considerations” section on page 5-39. By default.Chapter 5 How VLAN Trunks Work Creating and Maintaining VLANs CLI: Configuring the Native VLAN for Untagged Traffic A trunk port configured with 802. Configure the VLAN that is sending and receiving untagged traffic on the trunk port. the switch transmits the packet with a tag. Cisco IOS Desktop Switching Software Configuration Guide 5-46 78-6511-04 . Step 1 Step 2 configure terminal interface interface-id Step 3 switchport trunk native vlan vlan-id show interface interface-id switchport Step 4 If a packet has a VLAN ID the same as the outgoing port native VLAN ID.1Q tagging can receive both tagged and untagged traffic. and define the interface that is configured as the 802.1Q trunk: Command Purpose Enter global configuration mode. Beginning in privileged EXEC mode. Verify your settings. For information about 802. the switch forwards untagged traffic with the native VLAN configured for the port. The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation.1Q trunk. see the “IEEE 802. Valid IDs are from 1 to 1001. the packet is transmitted untagged. Enter interface configuration mode.1Q configuration issues. The native VLAN is VLAN 1 by default. and it is not dependent on the management VLAN. Note The native VLAN can be assigned any VLAN ID. follow these steps to configure the native VLAN on an 802.

Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-47 . How Class of Service Works Before you set up 802.1p CoS on a 2900 or 3500 XL switch that operates with the Catalyst 6000 family of switches. and they should be understood to ensure compatibility. VLANs that are assigned on trunk or access ports without identification or a tag are called native or untagged frames. For native frames.1Q frames with tag information. the tag is removed before the frame is transmitted to the target end station. QoS classifies frames by assigning priority-indexed CoS values to them and gives preference to higher-priority traffic such as telephone calls. a unique identifier (the tag) is inserted in each frame header before it is forwarded. There are differences in the 802.1p Class of Service The 2900 XL and 3500 XL switches provide QoS-based IEEE 802. Port Priority Frames received from users in the administratively-defined VLANs are classified or tagged for transmission to other devices. A tagged frame continues to use its assigned CoS value when it passes through the ingress port. the default priority of the input port is used. When the frame reaches the last switch or router. Port Scheduling Each port on the switch has a single receive queue buffer (the ingress port) for incoming traffic.Chapter 5 Creating and Maintaining VLANs How VLAN Trunks Work Configuring 802.1p class of service (CoS) values.1p implementation. When an untagged frame arrives. QoS uses classification and scheduling to transmit network traffic from the switch in a predictable manner. routers. refer to the Catalyst 6000 documentation. Based on rules you define. the priority value from the header frame is used. or end stations. For ISL or IEEE 802. The tag is examined and understood by each device before any broadcasts or transmissions to other switches. it is assigned the value of the port as its port default priority. You assign this value by using the CLI or CMS software.

Chapter 5 How VLAN Trunks Work Creating and Maintaining VLANs CoS configures each transmit port (the egress port) with a normal-priority transmit queue and a high-priority transmit queue. depending on the frame tag or the port information. Table 5-12 Transmit Queue Information Transmit queue category1 Transmit Queues 2900 XL switches. Catalyst 2900 XL switches with 4 MB of DRAM and the WS-X2914-XL and the WS-X2922-XL modules only have one transmit queue and do not support QoS. 2900 XL Ethernet modules (802.1p user priority) Frames with a priority value of 0 through 3 are sent to a normal-priority queue. Cisco IOS Desktop Switching Software Configuration Guide 5-48 78-6511-04 . Frames with a priority value of 0 through 3 are sent to a normal-priority queue. Table 5-12 shows the two categories of switch transmit queues. Frames in the normal-priority queue are forwarded only after frames in the high-priority queue are forwarded.1p user priority) 3500 XL switches. Frames with a priority value of 4 through 7 are sent to a high-priority queue. Frames with a priority value of 4 through 7 are sent to a high-priority queue. 1. Gigabit Ethernet modules (802.

Verify your entries. frames are forwarded to the high-priority queue of the output port. Set the port priority on the interface. both load-sharing links must be connected to the same switch. check the Priority for Untagged Frames field. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-49 . follow these steps to set the port priority for untagged (native) Ethernet frames: Command Step 1 Step 2 Step 3 Purpose configure terminal interface interface switchport priority default default-priority-id Enter global configuration mode. For load sharing using STP path costs. You configure load sharing on trunk ports by using STP port priorities or STP path costs. Enter the interface to be configured. The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation.Chapter 5 Creating and Maintaining VLANs How VLAN Trunks Work CLI: Configuring the CoS Port Priorities Beginning in privileged EXEC mode. you divide the traffic between the links according to which VLAN the traffic belongs. frames are forwarded to the normal priority queue of the output port. If you assign a priority level from 0 to 3. each load-sharing link can be connected to the same switch or to two different switches. Step 4 Step 5 end show interface interface-id switchport Return to privileged EXEC mode. With load sharing. If you assign a priority level from 4 to 7. Load Sharing Using STP Load sharing divides the bandwidth supplied by parallel trunks connecting switches. In the display. For load sharing using STP port priorities. To avoid loops. STP normally blocks all but one parallel link between switches.

see the “Configuring the Spanning Tree Protocol” section on page 4-62. Cisco IOS Desktop Switching Software Configuration Guide 5-50 78-6511-04 . and trunk 2 carries traffic for VLANs 3 through 6. For more information about the STP window. The trunk port with the lower priority (higher values) for the same VLAN remains in a blocking state for that VLAN. VLANs 3 through 6 are assigned a port priority of 10 on trunk 2. The trunk port with the higher priority (lower values) for a VLAN is forwarding traffic for that VLAN. the STP port priority setting determines which port is enabled and which port is in standby mode. trunk 1 carries traffic for VLANs 8 through 10. Then click the Port Parameters tab. In this way. Load Sharing Using STP Port Priorities When two ports on the same switch form a loop. One trunk port transmits or receives all traffic for the VLAN. the switches are configured as follows: • • • • VLANs 8 through 10 are assigned a port priority of 10 on trunk 1. Figure 5-9 shows two trunks connecting supported switches. VLANs 3 through 6 retain the default port priority of 128 on trunk 1. To display this window. You can set the priorities on a parallel trunk port so that the port carries all the traffic for a given VLAN. the trunk with the lower priority takes over and carries the traffic for all of the VLANs. In this example. No duplication of traffic occurs over any trunk port.Chapter 5 How VLAN Trunks Work Creating and Maintaining VLANs You can change STP port parameters by using the Port Parameters tab of the Spanning Tree Protocol window or by using the CLI. or consult the online help in the application. VLANs 8 through 10 retain the default port priority of 128 on trunk 2. If the active trunk fails. select Device>Spanning-Tree Protocol from the menu bar.

follow these steps to configure the network shown in Figure 5-9: Command Step 1 Step 2 Purpose On Switch 1. check the VTP Operating Mode and the VTP Domain Name fields. and define Fa0/1 as the interface to be configured as a trunk. Enter global configuration mode. Enter interface configuration mode.Chapter 5 Creating and Maintaining VLANs How VLAN Trunks Work Figure 5-9 Load Sharing by Using STP Port Priorities Switch 1 Trunk 1 VLANs 8 – 10 (priority 10) VLANs 3 – 6 (priority 128) Trunk 2 VLANs 3 – 6 (priority 10) VLANs 8 – 10 (priority 128) 15932 Switch 2 CLI: Configuring STP Port Priorities and Load Sharing Beginning in privileged EXEC mode. vlan database vtp domain domain-name Step 3 Step 4 Step 5 vtp server exit show vtp status Configure Switch 1 as the VTP server. Verify the VTP configuration on both Switch 1 and Switch 2. In the display. Step 6 Step 7 Step 8 show vlan configure terminal interface fa0/1 Verify that the VLANs exist in the database on Switch 1. Return to privileged EXEC mode. enter VLAN configuration mode. The domain name can be from 1 to 32 characters. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-51 . Configure a VTP administrative domain.

Chapter 5 How VLAN Trunks Work Creating and Maintaining VLANs Command Step 9 Purpose Configure the port as a trunk port. Repeat Steps 7 through 11 on Switch 2 to configure the trunk ports on interface Fa0/1 and Fa0/2. Enter interface configuration mode. 4. Verify the VLAN configuration. Return to privileged EXEC mode. and 6. Verify your entries. and 10. Return to privilege EXEC mode. Assign the port priority of 10 for VLANs 8. Return to global configuration mode. Cisco IOS Desktop Switching Software Configuration Guide 5-52 78-6511-04 . 9. switchport mode trunk end show interface fa0/1 switchport Step 10 Step 11 Step 12 Step 13 Step 14 show vlan When the trunk links come up. Enter global configuration mode on Switch 1. Verify the Switch 2 has learned the VLAN configuration. Enter interface configuration mode. Repeat Steps 7 through 11 on Switch 1 for interface Fa0/2. and define the interface to set the STP port priority. Step 15 Step 16 configure terminal interface fa0/1 Step 17 Step 18 Step 19 spanning-tree vlan 8 9 10 port-priority 10 end interface fa0/2 Step 20 Step 21 Step 22 spanning-tree vlan 3 4 5 6 port priority 10 exit show running-config The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. Assign the port priority of 10 for VLANs 3. and define the interface to set the STP port priority. 5. The trunk defaults to ISL trunking. VTP passes the VTP and VLAN information to Switch 2.

The VLANs keep the traffic separate. The path costs for the VLANs are assigned as follows: • • • • VLANs 2 through 4 are assigned a path cost of 30 on trunk port 1. VLANs 2 through 4 retain the default 100BaseT path cost on trunk port 2 of 19.Chapter 5 Creating and Maintaining VLANs How VLAN Trunks Work Load Sharing Using STP Path Cost You can configure parallel trunks to share VLAN traffic by setting different path costs on a trunk and associating the path costs with different sets of VLANs. because no loops exist. Figure 5-10 Load-Sharing Trunks with Traffic Distributed by Path Cost Switch 1 Trunk port 1 VLANs 2 – 4 (path cost 30) LANs 8 – 10 (path cost 19) Trunk port 2 VLANs 8 – 10 (path cost 30) VLANs 2 – 4 (path cost 19) 16591 Switch 2 Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-53 . VLANs 8 through 10 are assigned a path cost of 30 on trunk port 2. STP does not disable the ports. and redundancy is maintained in the event of a lost link. trunk ports 1 and 2 are 100BaseT ports. In Figure 5-10. VLANs 8 through 10 retain the default 100BaseT path cost on trunk port 1 of 19.

Enter interface configuration mode. Set the spanning-tree path cost to 30 for VLANs 2. Step 8 Step 9 configure terminal interface fa0/1 Step 10 Step 11 Step 12 spanning-tree vlan 2 3 4 cost 30 end Cisco IOS Desktop Switching Software Configuration Guide 5-54 78-6511-04 . Step 7 show vlan When the trunk links come up. 3. make sure that interface Fa0/1 and Fa0/2 are configured as trunk ports. Switch 1 receives the VTP information from the other switches. Repeat Steps 9 through 11 on Switch 1 interface Fa0/2. Enter global configuration mode. follow these steps to configure the network shown in Figure 5-10: Command Step 1 Step 2 Purpose Enter global configuration mode on Switch 1. and define Fa0/1 as the interface to set the STP cost. Repeat Steps 2 through 4 on Switch 1 interface Fa0/2. configure terminal interface fa0/1 Step 3 switchport mode trunk end Step 4 Step 5 Step 6 show running-config Verify your entries. Configure the port as a trunk port. and define Fa0/1 as the interface to be configured as a trunk. Return to global configuration mode. and 4.Chapter 5 How VLAN Trunks Work Creating and Maintaining VLANs CLI: Configuring STP Path Costs and Load Sharing Beginning in privileged EXEC mode. Enter interface configuration mode. and set the spanning-tree path cost to 30 for VLANs 8. and 10. Verify that Switch 1 has learned the VLAN configuration. In the display. The trunk defaults to ISL trunking. 9. Return to global configuration mode.

Secure mode determines whether the server shuts down the port when a VLAN is not allowed on it or just denies the port access to the VLAN. the VMPS sends a port-shutdown response. it continues to block traffic from the MAC address to or from the port. the VMPS sends the VLAN name to the client in response. In response to a request. depending on the secure mode of the VMPS. In the display.Chapter 5 Creating and Maintaining VLANs How the VMPS Works Command Step 13 Step 14 Purpose Return to privileged EXEC mode. – If the VLAN is not allowed on the port. the VMPS verifies the requesting port against this group and responds as follows: – If the VLAN is allowed on the port. How the VMPS Works A switch running this software release acts as a client to the VLAN Membership Policy Server (VMPS) and communicates with it through the VLAN Query Protocol (VQP). When the VMPS receives a VQP request from a client switch. it searches its database for a MAC address-to-VLAN mapping. the VMPS takes one of the following actions: • If the assigned VLAN is restricted to a group of ports. The server response is based on this mapping and whether or not the server is in secure mode. • If the VLAN in the database does not match the current VLAN on the port and active hosts exist on the port. exit show running-config The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. and the VMPS is not in secure mode. The switch continues to monitor the packets directed to the port and sends a query to the VMPS when it Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-55 . verify that the path costs are set correctly for interface Fa0/1 and Fa0/2. – If the VLAN is not allowed on the port. Verify your entries. If the switch receives an access-denied response from the VMPS. the VMPS sends an access-denied response. and the VMPS is in secure mode. the VMPS sends an access-denied or a port-shutdown response.

it disables the port. see the “How the VMPS Works” section on page 5-55. For more information on possible VMPS responses. Multiple hosts (MAC addresses) can be active on a dynamic port if they are all in the same VLAN. If you enter the none keyword for the VLAN name. the VMPS sends an access-denied or port-shutdown response. You can also use an explicit entry in the configuration table to deny access to specific MAC addresses for security reasons. Dynamic Port VLAN Membership A dynamic (nontrunking) port on the switch can belong to only one VLAN. Cluster Management software. If the switch receives a port-shutdown response from the VMPS. The port must be manually reenabled by using the CLI. If there is a match. The VMPS receives the source MAC address from the first packet of a new host connected to the dynamic port and attempts to match the MAC address to a VLAN in the VMPS database. If the client switch was not previously configured. When the link comes up. or SNMP. If the link goes down on a dynamic port.Chapter 5 How the VMPS Works Creating and Maintaining VLANs identifies a new address. the VMPS either denies the request or shuts down the port (depending on the VMPS secure mode setting). the port returns to an isolated state and does not belong to a VLAN. Cisco IOS Desktop Switching Software Configuration Guide 5-56 78-6511-04 . Any hosts that come online through the port are checked again with the VMPS before the port is assigned to a VLAN. the VMPS sends the VLAN number for that port. The VMPS verifies that the domain name in the packet matches its own domain name before accepting the request and responds to the client with the assigned VLAN number for the client. the switch does not forward traffic to or from this port until the VMPS provides the VLAN assignment. it includes its domain name in the query packet to the VMPS to obtain its VLAN number. it uses the domain name from the first VTP packet it receives on its trunk port from the VMPS. however. If the client switch was previously configured. the VMPS shuts down a dynamic port if more than 20 hosts are active on the port. If there is no match.

If you do not configure a fallback VLAN and the MAC address does not exist in the database. If you connect a device with a MAC address that is not in the database. and the MAC address-to-VLAN mapping. This ASCII text file is stored on a switch-accessible TFTP server that functions as a VMPS server. These naming conventions must be used in the VMPS database configuration file when it is configured to support a cluster. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-57 . es3%Fa02 refers to fixed 10/100 port 2 on member switch 3. the VMPS sends an access-denied response. it sends a port-shutdown response. such as the domain name. the VMPS sends the fallback VLAN name to the client. If the switch is a cluster member. The VMPS database configuration file on the server must use the 2900 XL and 3500 XL convention for naming ports. For example. For example. A 2900 or 3500 XL switch running this software release cannot act as the VMPS. Use a Catalyst 5000 series switch as the VMPS. the fall-back VLAN name. The file contains VMPS information. the command switch adds the name of the switch before the Fa. You can configure a fallback VLAN name.Chapter 5 Creating and Maintaining VLANs How the VMPS Works VMPS Database Configuration File The VMPS contains a database configuration file that you create. If the VMPS is in secure mode. Fa0/5 is fixed-port number 5.

5678.2.2233.2.eeff vlan-name Green address 1223. !vmps mode { open | secure } ! The default mode is open.4455 vlan-name hardware address 0000. !vmps domain <domain-name> ! The VMPS domain must be defined.1 port Fa1/3 device 172. !vmps fallback <vlan-name> !vmps no-domain-req { allow | deny } ! ! The default value is allow.ccdd.2 port es5%Fa0/2 device 192.168.1.a080 vlan-name hardware address aabb.7654 vlan-name --NONE-address fedc.168. vmps domain WBU vmps mode open vmps fallback default vmps no-domain-req deny ! ! !MAC Addresses ! vmps-mac-addrs ! ! address <addr> vlan-name <vlan_name> ! address 0012.2.16.3 all-ports ! !VLAN groups ! !vmps-vlan-group <group-name> ! vlan-name <vlan-name> Cisco IOS Desktop Switching Software Configuration Guide 5-58 78-6511-04 .168.2 port es5%Fa0/1 device 192.9abc vlan-name ExecStaff address fedc.1.ba98.Chapter 5 How the VMPS Works Creating and Maintaining VLANs The following example shows a sample VMPS database configuration file as it appears on a Catalyst 5000 series switch.168.1245 vlan-name Purple ! !Port Groups ! !vmps-port-group <group-name> ! device <device-id> { port <port-name> | all-ports } ! vmps-port-group WiringCloset1 device 192.6509.ba23.1 port Fa1/4 vmps-port-group “Executive Row” device 192.

168. the switch retains the setting and applies it if the port is later configured as an access port. You can disable Port Fast mode on a dynamic port.Chapter 5 Creating and Maintaining VLANs How the VMPS Works ! vmps-vlan-group Engineering vlan-name hardware vlan-name software ! !VLAN port Policies ! !vmps-port-policies {vlan-name <vlan_name> | vlan-group <group-name> } ! { port-group <group-name> | device <device-id> port <port-name> } ! vmps-port-policies vlan-group Engineering port-group WiringCloset1 vmps-port-policies vlan-name Green device 192. When you configure a port as dynamic. but it is possible to enter the switchport access vlan dynamic command for a trunk port.1 port Fa0/9 vmps-port-policies vlan-name Purple device 192.2. The Port Fast mode accelerates the process of bringing the port into the forwarding state. see the “VMPS Database Configuration File” section on page 5-57. You must turn off trunking on the port before the dynamic access setting takes effect.1.2 port Fa0/10 port-group “Executive Row” VMPS Configuration Guidelines The following guidelines and restrictions apply to dynamic port VLAN membership: • • You must configure the VMPS before you configure ports as dynamic. Secure ports cannot be dynamic ports. the spanning-tree Port Fast feature is automatically enabled for that port. In this case. The communication between a cluster of switches and VMPS is managed by the command switch and includes port-naming conventions that are different from standard port names. You must disable port security on the port before it becomes dynamic. For the cluster-based port-naming conventions. • • • Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-59 .168. Trunk ports cannot be dynamic ports.

select Cluster>VMPS Configuration from the menu bar.Chapter 5 How the VMPS Works Creating and Maintaining VLANs • • Dynamic ports cannot be network ports or monitor ports. The VTP management domain of the VMPS client and the VMPS server must be the same. To display this window. and click the VMPS Server or the VMPS Info tab. Default VMPS Configuration Table 5-13 shows the default VMPS and dynamic port configuration on client switches. Cisco IOS Desktop Switching Software Configuration Guide 5-60 78-6511-04 . Table 5-13 Default VMPS Client and Dynamic Port Configuration Feature VMPS domain server VMPS reconfirm interval VMPS server retry count Dynamic ports Default Configuration None 60 minutes 3 None configured Configuring Dynamic VLAN Membership You configure dynamic VLANs by using the VMPS Server (Figure 5-11) and the VMPS Info (Figure 5-12) tabs of the VMPS Configuration window.

Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 30814 5-61 . If you are configuring VMPS on a cluster member switch to a VLAN. and click Make Primary to make the address the primary one. Only one address can be primary.Chapter 5 Creating and Maintaining VLANs How the VMPS Works Figure 5-11 VMPS Configuration: VMPS Server Tab Enter the IP address of the VMPS server to be queried by the client. To display this window. the client queries these addresses if no response is received from the primary server. Highlight the address. first log in to the member switch by using the privileged EXEC rcommand command. You also need to access the VLAN Membership window to assign the port connected to the end station for dynamic VLAN membership and the port connected to the VMPS server for trunking. You can enter up to three secondary addresses. command. refer to the Cisco IOS Desktop Switching Command Reference (online only). and member switches. You can also configure VMPS through the CLI on standalone. and click Add. select VLAN>VLAN Membership from the menu bar. For more information on how to use this command.

Cisco IOS Desktop Switching Software Configuration Guide 5-62 30815 78-6511-04 . Number of minutes between reconfirmation of VLAN assignments. Status is updated in the Reconfirmation Status section. Default is 3.Chapter 5 How the VMPS Works Creating and Maintaining VLANs Figure 5-12 VMPS Configuration: VMPS Info Tab Number of times the client tries to reach the current server before switching to an alternate. Default is 60. Click to reconfirm dynamic VLAN membership.

In the display. You can enter up to three secondary server addresses.Chapter 5 Creating and Maintaining VLANs How the VMPS Works CLI: Entering the IP Address of the VMPS You must enter the IP address of the Catalyst 5000 switch or the other device acting as the VMPS to configure the 2900 or 3500 XL switch as a client. configure terminal vmps server ipaddress primary vmps server ipaddress Step 4 Step 5 end show vmps Return to privileged EXEC mode. follow these steps to enter the IP address of the VMPS: Command Step 1 Step 2 Step 3 Purpose Enter global configuration mode. check the VMPS Domain Server field. The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. enter the address on the command switch. Enter the IP address of the switch acting as the primary VMPS server. If the VMPS is being defined for a cluster of switches. Verify the VMPS server entry. Enter the IP address for the switch acting as a secondary VMPS server. Beginning in privileged EXEC mode. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-63 .

Beginning in privileged EXEC mode. see the “CLI: Configuring a Trunk Port” section on page 5-41. refer to the Cisco IOS Desktop Switching Command Reference (online only). Verify the entry. In the display. Set the port to access mode.Chapter 5 How the VMPS Works Creating and Maintaining VLANs CLI: Configuring Dynamic Ports on VMPS Clients If you are configuring a port on a member switch as a dynamic port. Connecting dynamic ports to other switches can cause a loss of connectivity. Enter interface configuration mode and the switch port that is connected to the end station. Caution Dynamic port VLAN membership is for end stations. follow these steps to configure a dynamic port on the VMPS client switches: Command Purpose Enter global configuration mode. The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. check the Operational Mode field. Step 1 Step 2 configure terminal interface interface Step 3 Step 4 switchport mode access switchport access vlan dynamic Step 5 Step 6 end show interface interface switchport Return to privileged EXEC mode. The dynamic-access port must be connected to an end station. first log into the member switch by using the privileged EXEC rcommand command. For more information. The switch port that is connected to the VMPS server should be configured as a trunk. Cisco IOS Desktop Switching Software Configuration Guide 5-64 78-6511-04 . Configure the port as eligible for dynamic VLAN membership. For more information on how to use this command.

vmps reconfirm show vmps The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation.Chapter 5 Creating and Maintaining VLANs How the VMPS Works CLI: Reconfirming VLAN Memberships Beginning in privileged EXEC mode. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-65 . follow these steps to confirm the dynamic port VLAN membership assignments that the switch has received from the VMPS: Command Step 1 Step 2 Purpose Reconfirm dynamic port VLAN membership. Verify the dynamic VLAN reconfirmation status.

You can set the number of minutes after which reconfirmation occurs. For more information about this command. Enter a number from 1 to 120. refer to the Cisco IOS Desktop Switching Command Reference (online only). Verify the dynamic VLAN reconfirmation status. check the Reconfirm Interval field. Beginning in privileged EXEC mode. this parameter must be equal to or greater than the reconfirmation setting on the command switch.Chapter 5 How the VMPS Works Creating and Maintaining VLANs CLI: Changing the Reconfirmation Interval VMPS clients periodically reconfirm the VLAN membership information received from the VMPS. In the display. configure terminal vmps reconfirm minutes Step 3 Step 4 end show vmps Return to privileged EXEC mode. If you are configuring a member switch in a cluster. The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. Cisco IOS Desktop Switching Software Configuration Guide 5-66 78-6511-04 . follow these steps to change the reconfirmation interval: Command Step 1 Step 2 Purpose Enter global configuration mode. In addition. Enter the number of minutes between reconfirmations of the dynamic VLAN membership. you must first log into the member switch by using the privileged EXEC rcommand command. The default is 60 minutes.

The number of times VQP resends a query to the VMPS. check the Server Retry Count field. If no response is received after this many tries. The switch displays the following information about the VMPS: VMPS VQP Version The version of VQP used to communicate with the VMPS. the switch starts to query the secondary VMPS. In the display. The number of minutes the switch waits before reconfirming the VLAN-to-MAC-address assignments. The retry range is from 1 to 10.Chapter 5 Creating and Maintaining VLANs How the VMPS Works CLI: Changing the Retry Count Beginning in privileged EXEC mode. configure terminal vmps retry count Step 3 Step 4 exit show vmps Return to privileged EXEC mode. Change the retry count. the default is 3. Administering and Monitoring the VMPS You can display information about the VMPS by using the privileged EXEC show vmps command. Verify your entry. follow these steps to change the number of times that the switch attempts to contact the VMPS before querying the next server: Command Step 1 Step 2 Purpose Enter global configuration mode. The switch queries the VMPS using version 1 of VQP. The “Finding More Information About IOS Commands” section on page 4-1 contains the path to the complete IOS documentation. Reconfirm Interval Server Retry Count Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-67 .

enter the interface configuration mode no shutdown command. The switch currently sends queries to the one marked current. The VMPS shuts down the port to prevent the host from connecting to the network.Chapter 5 How the VMPS Works Creating and Maintaining VLANs VMPS domain server The IP address of the configured VLAN membership policy servers. • To reenable a shut-down dynamic port. Troubleshooting Dynamic Port VLAN Membership The VMPS shuts down a dynamic port under these conditions: • The VMPS is in secure mode. The one marked primary is the primary server. Cisco IOS Desktop Switching Software Configuration Guide 5-68 78-6511-04 . This can happen automatically when the reconfirmation interval expired. or you can force it by entering the privileged EXEC vmps reconfirm command or its Cluster Management software or SNMP equivalent. and it will not allow the host to connect to the port. VMPS Action The result of the most recent reconfirmation attempt. More than 20 active hosts reside on a dynamic port.

7. In this example. The Catalyst 5000 series Switch 3 and Switch 10 are secondary VMPS servers. The Catalyst 5000 series Switch 1 is the primary VMPS server. these assumptions apply: • • • • The VMPS server and the VMPS client are separate switches.20.22. End stations are connected to these clients: – Catalyst 2900 XL Switch 2 – Catalyst 3500 XL Switch 9 • The database configuration file is called Bldg-G. Cisco IOS Desktop Switching Software Configuration Guide 78-6511-04 5-69 .Chapter 5 Creating and Maintaining VLANs How the VMPS Works Dynamic Port VLAN Membership Configuration Example Figure 5-13 shows a network with a VMPS server switch and VMPS client switches with dynamic ports.db and is stored on the TFTP server with the IP address 172.

20.22.20.26.20.26.20.20.20.26.154 Switch 6 172.153 Ethernet segment (Trunk link) Switch 5 172.26.26.26.26.7 Secondary VMPS Server 2 Switch 3 172.157 Client End station 2 Dynamic-access port Switch 9 172.158 Trunk port 30769 Secondary VMPS Server 3 Switch 10 172.20.26.Chapter 5 How the VMPS Works Creating and Maintaining VLANs Figure 5-13 Dynamic Port VLAN Membership Configuration Catalyst 5000 series Primary VMPS Server 1 Switch 1 End station 1 Dynamic-access port Switch 2 TFTP server Router 172.151 Trunk port 172.26.152 Switch 4 172.20.20.20.26.20.155 Switch 7 172.159 Cisco IOS Desktop Switching Software Configuration Guide 5-70 78-6511-04 .150 Client 172.156 Switch 8 172.