You are on page 1of 45

Extending Switched Networks

with VLANs
Module 4

© 2002, Cisco Systems, Inc. All rights reserved. 1
VLAN Operation Overview

©©2002,
2002,Cisco
CiscoSystems,
Systems,Inc.
Inc.All
Allrights
rightsreserved.
reserved. ICND v2.0—4-2 2
VLAN Overview

• Segmentation

• Flexibility

• Security

A VLAN = A Broadcast Domain = Logical Network (Subnet)

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-3
VLAN Operation

• Each logical VLAN is like a separate physical bridge.
• VLANs can span across multiple switches.
• Trunks carry traffic for multiple VLANs.
• Trunks use special encapsulation to distinguish between
different VLANs.
© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-4
VLAN Membership Modes

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-5
802.1Q Trunking

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-6
Importance of Native VLANs

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-7
802.1Q Frame

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-8
Per-VLAN Spanning Tree

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-9
ISL Tagging

ISL trunks enable VLANs across a backbone.

• Performed with ASIC
• Not intrusive to client stations;
ISL header not seen by client
• Effective between switches,
and between routers and
switches

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-10
ISL Encapsulation

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-11
VTP Protocol Features

• A messaging system that advertises VLAN configuration information
• Maintains VLAN configuration consistency throughout a common
administrative domain
• Sends advertisements on trunk ports only

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-12
VTP Modes
• Creates VLANs
• Modifies VLANs
• Deletes VLANs
• Sends/forwards
advertisements
• Synchronizes
• Saved in NVRAM

• Creates VLANs
• Forwards • Modifies VLANs
advertisements • Deletes VLANs
• Synchronizes • Forwards
• Not saved in advertisements
NVRAM • Does not
synchronize
• Saved in NVRAM

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-13
VTP Operation

• VTP advertisements are sent as multicast frames.
• VTP servers and clients are synchronized to the latest revision number.
• VTP advertisements are sent every 5 minutes or when there is a change.

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-14
VTP Pruning

• Increases available bandwidth by reducing unnecessary flooded traffic
• Example: Station A sends broadcast, and broadcast is flooded only toward
any switch with ports assigned to the red VLAN

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-15
Summary
• A VLAN permits a group of users to share a common
broadcast domain regardless of their physical location in
the internetwork. VLAN improve performance and
security in switched networks.
• A Catalyst switch operates in a network like a traditional
bridge. Each VLAN configured on the switch implements
address learning, forwarding/filtering decisions, and loop
avoidance mechanisms.
• Ports belonging to a VLAN are configured with a
membership mode that determines to which VLAN they
belong. Catalyst switches support two VLAN membership
modes: static and dynamic.
• The IEEE 802.1Q protocol is used to transport frames for
multiple VLANs between switches and routers, and for
defining VLAN topologies.
© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-16
Summary (Cont.)

• ISL is a Cisco proprietary protocol to transport multiple
VLANs between switches and routers. ISL provides VLAN
tagging capabilities while maintaining full wire-speed
performance.
• VTP is a protocol used to distribute and synchronize
identifying information about VLANs configured
throughout a switched network. VTP allows switched
network solutions to scale to large sizes by reducing the
manual configuration required on each switch in the
network.
• VTP operates in one of three modes: server, client, or
transparent. The default VTP mode is server mode, but
VLANs are not propagated over the network until a
management domain name is specified or learned.
© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-17
Configuring VLANs

©©2002,
2002,Cisco
CiscoSystems,
Systems,Inc.
Inc.All
Allrights
rightsreserved.
reserved. ICND v2.0—4-18 18
VTP Configuration Guidelines

• VTP domain name
• VTP mode (server/client/transparent)—
VTP server mode is the default
• VTP pruning
• VTP password
• VTP trap

Use caution when adding a new switch to an existing domain.
Add a new switch in client mode to prevent the new switch from
propagating incorrect VLAN information.
Use the delete vtp command to reset the VTP revision number.

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-19
Creating a VTP Domain
Catalyst 1900
wg_sw_1900(config)#vtp [server | transparent | client] [domain
domain-name] [trap {enable | disable}] [password password]
[pruning {enable | disable}]

wg_sw_1900#configure terminal
Enter configuration commands, one per line. End with CNTL/Z
wg_sw_1900(config)#vtp transparent
wg_sw_1900(config)#vtp domain switchlab

Catalyst 2950
wg_sw_2950#vlan database
wg_sw_2950(vlan)#vtp [ server | client | transparent ]
wg_sw_2950(vlan)#vtp domain domain-name
wg_sw_2950(vlan)#vtp password password
wg_sw_2950(vlan)#vtp pruning
wg_sw_2950(vlan)#snmp-server enable traps vtp
wg_sw_2950(vlan)#exit

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-20
VTP Configuration Example

wg_sw_1900(config)#vtp transparent
wg_sw_1900(config)#vtp domain switchlab pruning enable
wg_sw_1900(config)#exit
wg_sw_1900#show vtp
VTP version: 1
Configuration revision: 4
Maximum VLANs supported locally: 1005
Number of existing VLANs: 6
VTP domain name : switchlab
VTP password :
VTP operating mode : Transparent
VTP pruning mode : Enabled
VTP traps generation : Enabled
Configuration last modified by: 0.0.0.0 at 00-00-0000
00:00:00
wg_sw_1900#config terminal
wg_sw_1900(config)#interface f0/26
wg_sw_1900(config-if)#trunk on desirable
wg_sw_1900(config-if)#exit
wg_sw_1900(config)#exit
wg_sw_1900#show trunk A
DISL state: On, Trunking: On, Encapsulation type: ISL

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-21
802.1Q Trunking Limitations

• Make sure the native
VLAN for an 802.1Q
trunk is the same on
both ends of the trunk
link.
• Make sure your
network is loop-free
before disabling STP.

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-22
Configuring
802.1Q Trunking

(config-if)#switchport mode trunk

• Configures the port as a VLAN trunk

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-23
Configuring ISL Trunking

wg_sw_1900(config-if)#trunk [on | off | desirable | auto |
nonegotiate]

• on = Set trunk on and negotiate with other side
• off = Set trunk off and negotiate with other side
• desirable = Negotiate with other side;
trunk on if other side is on, desirable, or auto
• auto = Will be a trunk only if the other side is on or desirable
• nonnegotiate = Set trunk on and will not negotiate

wg_sw_1900#conf terminal
Enter configuration commands, one per line. End with CNTL/Z
wg_sw_1900(config)#interface f0/26
wg_sw_1900(config-if)#trunk on

First Trunk Port (Port A)

• Note: The Catalyst 1900 only supports ISL encapsulation.
© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-24
VLAN Configuration Guidelines

• Maximum number of VLANs is switch-dependent.
• Catalyst desktop switches support 64 VLANs with a
separate spanning tree per VLAN.
• VLAN1 is the factory default Ethernet VLAN.
• CDP and VTP advertisements are sent on VLAN1.
• The Catalyst switch IP address is in the management
VLAN (VLAN1 by default).
• To add or delete VLANs, the switch must be in VTP
server or transparent mode.

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-25
Adding a VLAN
Catalyst 1900

wg_sw_1900(config)# vlan vlan# [name vlan-name]

wg_sw_1900#configure terminal
Enter configuration commands, one per line. End with CNTL/Z
wg_sw_1900(config)#vlan 9 name switchlab2

Catalyst 2950
wg_sw_2950#vlan database
wg_sw_2950(vlan)# vlan vlan# [name vlan-name]

wg_sw_2950#vlan database
wg_sw_ 2950(vlan)#vlan 9 name switchlab2
wg_sw_ 2950(vlan)#exit

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-26
Modifying a VLAN Name

wg_sw_a(config)#vlan vlan# name vlan-name

wg_sw_a#configure terminal
Enter configuration commands, one per line. End with CNTL/Z
wg_sw_a(config)#vlan 9 name switchlab90

wg_sw_a#show vlan 9

VLAN Name Status Ports
------------------------------------------------
9 switchlab90 Enabled
------------------------------------------------

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-27
Assigning Switch Ports to a VLAN

Catalyst 1900

wg_sw_1900(config-if)#vlan-membership {static {vlan#} | dynamic}

wg_sw_1900#conf terminal
Enter configuration commands, one per line. End with CNTL/Z
wg_sw_1900(config)#interface ethernet 0/8
wg_sw_1900(config-if)#vlan-membership static 9

Catalyst 2950

wg_sw_2950(config-if)#switchport access vlan vlan#

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-28
Verifying the VTP Configuration
for the Catalyst 1900

wg_sw_1900#show vtp

wg_sw_1900#show vtp
VTP version: 1
Configuration revision: 4
Maximum VLANs supported locally: 1005
Number of existing VLANs: 6
VTP domain name : switchlab
VTP password :
VTP operating mode : Transparent
VTP pruning mode : Enabled
VTP traps generation : Enabled
Configuration last modified by: 10.1.1.40 at 00-00-0000 00:00:00

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-29
Verifying the VTP Configuration
for the Catalyst 2950

wg_sw_2950#show vtp status

wg_sw_2950#show vtp status
VTP Version : 2 <--- Indicates v2-capable
Configuration Revision : 4
Maximum VLANs supported locally : 68
Number of existing VLANs : 6
VTP Operating Mode : Server
VTP Domain Name : switchlab
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled <--- Indicates v2 disabled; v1 set
VTP Traps Generation : Disabled <--- Catalyst 2950 default
MD5 digest : 0x3D 0x02 0xD4 0x3A 0xC4 0x46 0xA1 0x03
Configuration last modified by 10.1.1.40 at 5-4-02 22:25:

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-30
Verifying a Trunk
Catalyst 1900
wg_sw_1900#show trunk [A | B]

wg_sw_1900#show trunk a
DISL state: On, Trunking: On, Encapsulation type: ISL

Catalyst 2950

wg_sw_2950#show interface interface switchport

wg_sw_2950#show interface fa0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative mode: trunk
Operational Mode: trunk
. . .

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-31
Verifying a VLAN
Catalyst 1900
wg_sw_1900#show vlan [vlan#]

wg_sw_1900#show vlan 9

VLAN Name Status Ports
-------------------------------------------------
9 switchlab2 Enabled
-------------------------------------------------

VLAN Type SAID MTU Parent RingNo BridgeNo Stp Trans1 Trans2
---------------------------------------------------------------------------
9 Ethernet 100009 1500 0 1 1 Unkn 0 0
---------------------------------------------------------------------------

Catalyst 2950
wg_sw_2950#show vlan [id vlan#]

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-32
Verifying VLAN Membership
on a Catalyst 1900

wg_sw_1900#show vlan-membership

wg_sw_1900#show vlan-membership

Port VLAN Membership Type Port VLAN Membership Type
--------------------------- ------------------------------
1 5 Static 13 1 Static
2 1 Static 14 1 Static
3 1 Static 15 1 Static
4 1 Static 16 1 Static
5 1 Static 17 1 Static
6 1 Static 18 1 Static
7 1 Static 19 1 Static
8 9 Static 20 1 Static

Note: port 1=e0/1, port 2=e0/2 .....

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-33
Verifying VLAN Membership
on a Catalyst 2950

wg_sw_2950#show vlan brief

wg_sw_2950#show vlan brief
VLAN Name Status Ports
---- ------------------------ --------- -----------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7,
Fa0/8, Fa0/9, Fa0/10, Fa0/11,
Fa0/12, Fa0/13, Fa0/14, Fa0/15,
Fa0/16, Fa0/17, Fa0/18, Fa0/19,
Fa0/20, Fa0/21
5 VLAN5 active Fa0/3
9 VLAN9 active Fa0/22, Fa0/23
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

wg_sw_2950#show interfaces interface switchport

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-34
Verifying STP for a VLAN
Catalyst 1900 wg_sw_1900#show spantree [vlan#]

wg_sw_1900#show spantree 1

VLAN1 is executing the IEEE compatible Spanning Tree Protocol
Bridge Identifier has priority 32768, address 0050.F037.DA00
Configured hello time 2, max age 20, forward delay 15
Current root has priority 0, address 00D0.588F.B600
Root port is FastEthernet 0/26, cost of root path is 10
Topology change flag not set, detected flag not set
Topology changes 53, last topology change occurred 0d00h17m14s ago
Times: hold 1, topology change 8960
hello 2, max age 20, forward delay 15
Timers: hello 2, topology change 35, notification 2
Port Ethernet 0/1 of VLAN1 is Forwarding
Port path cost 100, Port priority 128
Designated root has priority 0, address 00D0.588F.B600
Designated bridge has priority 32768, address 0050.F037.DA00
Designated port is Ethernet 0/1, path cost 10
Timers: message age 20, forward delay 15, hold 1

Catalyst 2950 wg_sw_2950#show spanning-tree vlan [vlan#]

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-35
Executing Adds, Moves, and Changes
for VLANs

wg_sw_a(config)#vlan database

• Enters the vlan database privileged EXEC command to
access VLAN configuration mode
• Writes VLAN adds, moves, and changes to the vlan.dat file

a(config)#vlan vlan-id mtu mtu-size

• Identifies a VLAN and changes the MTU size

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-36
Troubleshooting Switched LANs

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-37
Problem: One Device Cannot
Communicate with Another

• Make sure the IP address, subnet mask, and VLAN
membership of the switch interface is correct.
• If the host is in the same subnet as the switch
interface, make sure the switch interface and the
switch port to which the host is connected are
assigned to the same VLAN.
• If the host is in a different subnet, make sure the
default gateway on the switch is configured with the
address of a router in the same subnet as the switch
interface.

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-38
Problem: One Device Cannot
Communicate with Another (Cont.)

• If the port is in listening or learning mode, wait until the
port is in forwarding mode and try to connect to the
host again.
• Make sure the speed and duplex settings on the host
and the appropriate switch ports are correct.
• If the connected device is an end station, enable
spanning-tree PortFast, disable trunking, and disable
chaneling on the port.
• Make sure the switch is learning the MAC address of
the host.

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-39
Problem: A Device Cannot Establish a
Connection Across a Trunk Link

• Make sure the trunking mode configured on both
ends of the link is valid. The trunking mode
should be on or desirable on one end and on,
desirable, or auto on the other end.
• Make sure the trunk encapsulation type
configured on both ends of the link is valid.
• On IEEE 802.1Q trunks, make sure the native
VLAN is the same on both ends of the trunk.

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-40
Problem: VTP Not Updating
Configuration on Other Switches

• Make sure the switches are connected through trunk
links. VTP updates are exchanged only over trunk
links.
• Make sure the VTP domain name is the same on the
appropriate switches. VTP updates are only exchanged
between switches in the same VTP domain.
• Check if the switch is in VTP transparent mode. Only
switches in VTP server or VTP client mode update their
VLAN configuration based on VTP updates from other
switches.
• If you are using VTP passwords, you must configure
the same password on all switches in the VTP domain.

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-41
Summary

• Before you create VLANs, you must decide whether to use
VTP in your network. With VTP, you can make configuration
changes centrally on one or more switches and have those
changes automatically communicated to all the other
switches in the network.
• You will configure IEEE 802.1Q to carry traffic for multiple
VLANs over a single link on a multivendor network.
• ISL operates in a point-to-point environment to carry traffic
for multiple VLANs over a single link.
• Most Catalyst desktop switches support a maximum of 64
active VLANs. The Catalyst 1900 supports 1,024 VLANs with
the Enterprise Edition software. Depending on the model, the
2950 series can support up to 250 VLANs.

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-42
Summary (Cont.)

• After creating a VLAN, you can statically assign a
port or a number of ports to that VLAN. A port can
belong to only one VLAN at a time.
• You can verify the VLAN configuration using the
show commands.
• As network topologies, business requirements, and
individual assignments change, VLAN requirements
also change.
• Misconfiguration of a VLAN is one of the most
common errors in switched networks.

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-43
Visual Objective 4-1: Configuring a
Switch for Extended Functionality
Subnet VLAN Pod

10.1.1.0 1 wg_sw_x, core_sw_a,
core_sw_b, core_ro
10.2.2.0 2 core_ro, wg_ro_a
10.3.3.0 3 core_ro, wg_ro_b
10.4.4.0 4 core_ro, wg_ro_c
10.5.5.0 5 core_ro, wg_ro_d
10.6.6.0 6 core_ro, wg_ro_e
10.7.7.0 7 core_ro, wg_ro_f
10.8.8.0 8 core_ro, wg_ro_g
10.9.9.0 9 core_ro, wg_ro_h
10.10.10.0 10 core_ro, wg_ro_i
10.11.11.0 11 core_ro, wg_ro_j
10.12.12.0 12 core_ro, wg_ro_k
10.13.13.0 13 core_ro, wg_ro_l

© 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0—4-44