SlideShare a Scribd company logo
1 of 21
VirtualLANs (VLANs) and VTP Page 1
rajasekar
 Virtual Lan(vlan) & VTP
VLAN :
 Collision vs Broadcast
 Vlan
 Advantageof vlan
 Vlan membership
 Vlan porttypes
 Vlan frames
 Frametag protocol
 802.1Qtunnelling
 Nativevlan
 DTP
 Vlan configuration
VTP :
 VTP versions
 VTP modes
 VTP advertisement
 VTP Messagetypes
 VTP pruning
 VTP configuration
VirtualLANs (VLANs) and VTP Page 2
rajasekar
Collision vs Broadcast
Collision: A collision occurs when two devices send a packetat the
sametime on the shared network segment.The packets collideand both
devices mustsend the packets again,which reduces network efficiency.
eg: HUB(each porton a hub is in the samecollision domain)
when hostA is trying to reach
host C.from thesame time
hostD is also trying to reach
hostC. HUB will receive both
frames and HUB as no idea
where to send frames as a
resultitsend to all theports,
from this stage collision is
detecting.
Broadcast: Broadcastis a typeof communication,wherethesending
device send a singlecopy of data and thatcopy of data will be delivered to
every device in thenetwork segment. Broadcast is a required type of
communication and wecannotavoid Broadcasts. Eg: arp,dhcp
when host Ais sending an
packet to hostC when switch
receives firsttimethen its send
to all theports onceits learned
the mac-address then itwill
notsend to all theports.
VirtualLANs (VLANs) and VTP Page 3
rajasekar
 VLAN:(Virtual Local Area Network)
A switch can belogically segmented into separatebroadcastdomains,
using Virtual LANs.On Cisco switches,all interfaces belongto VLAN 1 by
default,and should bededicated forsystemtrafficsuch as CDP,STP,VTP,
and DTP.
EachVLANrepresentsa uniquebroadcastdomain:
• Trafficbetween devices within thesameVLAN is switched.
• Trafficbetween devices in differentVLANs requires a Layer-3 deviceto
communicate.
Broadcasts fromone VLAN will notbe forwarded to anotherVLAN.The
logical separation provided by VLANs is nota Layer-3 function.VLAN tags
are inserted into theLayer-2 header.
Host A and B are in samebroadcastdomain,samelikeas E and F.
when I am trying to ping hostAto hostE itwill notping a switch that
segments a ports into differentbroadcastdomain.Thus,a Layer-3 deviceis
required forthosehosts to communicate.
VirtualLANs (VLANs) and VTP Page 4
rajasekar
Advantageofvlan
 Broadcast Control – eliminates unnecessary broadcast traffic,
improving network performance and scalability.
 Security – logically separates users and departments, allowing
administrators to implement access-lists to control traffic between
VLANs.
 Improved manageability VLANs providean easy,flexible,less
costly way to modify logical groups in changing environments..
Vlan membership
VLAN membership are two types:
 Static
 Dynamic
Static: InastaticVLAN,thenetwork administratorcreatesa VLAN andthen
assigns switch ports to the VLAN. Static VLANs are also called port-
based VLANs.
The association with the VLAN does not change until the administrator
changes the port assignment. End-user devices become the members
of VLAN based on the physical switch port to which they are connected.
Dynamic: A dynamic VLAN, the switch automatically assigns theportto
a VLAN using information from the user device like (mac, ip address etc).
When a device is connected to a switch port theswitch queries a database
to establish VLAN membership. A network administrator must
configure VLAN databaseof a VLANMembership Policy Server (VMPS).
DynamicVLANs supportinstantmovability of end devices.When we move
a device from a port on one switch to a port on another switch, the
dynamicVLANs will automatically configurethemembership of the VLAN.
Static VLAN assignmentis farmore common than dynamic,and will be the
focus of this guide.
VirtualLANs (VLANs) and VTP Page 5
rajasekar
VLAN Port Types
Two types of ports:
• Access ports
• Trunk ports
Access link: An access link is a part of only one VLAN, and normally access links
are for end devices. Any device attached to an access link is unaware of
a VLAN membership.
Trunk link: ATrunk link can carry multiple VLAN traffic and normally a trunk link
is used to connect switches to other switches or to routers. To identify
the VLAN that a frame belongs to.
Vlanframes
Frame tagging is used to identify the VLAN thatthe frame belongs to in a
network with multipleVLANs.The VLAN ID is placed on the frame when it
reaches a switch from an access port, which is a member of a VLAN.
That frame can then be forwarded out the trunk link port. Each switch can
see what VLAN the frame belongs to and can forward the frame to
corresponding VLAN access ports or to another VLAN trunk port.
VirtualLANs (VLANs) and VTP Page 6
rajasekar
Vlan frames (continued)
If HostAsends a frameto HostB,no frametaggingwill occur
• Theframe never leaves theSwitch A.
• Theframe stays within its own VLAN.
If HostAsends a frameto HostC,which is in a separateVLAN:
• Theframe again neverleaves theswitch.
• BecauseHost C is in a differentVLAN,the frame mustberouted.
If HostAsends a frameto HostD,which is on a separateswitch:
• Theframe is sentoutthetrunk port to Switch B.
• Theframe mustbe tagged as itis sentoutthetrunk port.
 The frameis tagged with its VLAN ID - VLAN 10 in this
example.
• When Switch B receives the frame, itwill only forward it out
ports belonging to VLAN 10
VirtualLANs (VLANs) and VTP Page 7
rajasekar
FrameTaggingProtocols
Cisco switches supporttwo frame tagging protocols:
• Inter-Switch Link(ISL)
• IEEE 802.1Q
Inter-SwitchLink(ISL)protocol is a Cisco propriety protocoland Inter-Switch Link
(ISL) is available and supported on Cisco products only.
Inter-Switch Link (ISL) protocol primarily is used forEthernetmedia (FastEthernet
orGigabitEthernet).Cisco hasalsoincluded provisionsto carry Token Ring,FDDI,
and ATM.
Inter-Switch Link (ISL) protocol encapsulates the entire Ethernet frame (Fast
Ethernet or Gigabit Ethernet) with a 26-byte header and a 4-byte frame check
sequence (FCS) for a total of 30 bytes of overhead. Inter-Switch Link (ISL) frame
format is shown below.
DA (DestinationAddress):ThedestinationaddressusesthemulticastMACaddress
01-00-0C-00-00-00.The first 40 bits of the DA field signal the receiver that the
packet is in Inter-Switch Link (ISL) format.
• Type: Thetypeof frameencapsulated:Ethernet(0000),Token Ring (0001),FDDI
(0010), and ATM (0011).
• User: The USER field consists of a 4-bitcode. The USER bits are used to extend
themeaningoftheTYPE field.ThedefaultUSER fieldvalueis "0000".ForEthernet
frames, the USER field bits "0" and "1" indicate the priority of the packet as it
passes through the switch.
VirtualLANs (VLANs) and VTP Page 8
rajasekar
• SA (Source Address): Sourceaddress of the switch transmitting theInter-Switch
Link (ISL) frame.
• Len: The length of the packet.
• SNAP: Subnetwork Access Protocol (SNAP) and Logical Link Control (LLC). The
AAAA03 SNAP field is a 24-bit constant value of "AAAA03".
• HSA (High Bits of Source Address): The HSA field is a 24-bit value which
represents the upper 3 bytes (the manufacturer ID portion) of the SA field.
• VLAN (DestinationVLANID): Indicates VLAN ID of the packet. VLAN ID is a 15-
bit value that is used to distinguish frames on different VLANs. VLAN ID is also
known as the "color" of the frame.
• BPDU: Indicate whether a BPDU, or CDP or VTP frame
• Index: The port index of the source of the packet.
• Res: Reserved field foradditional information,forinstance,Token Ring orFDDI
Frame Check Sequence field. For Ethernet, this field should be zero.
• Encapsulated Ethernet Frame: The actual Ethernet frame.
• ISL CRC: Four-byte check on the ISL packet to ensure it is not corrupted.
 Cisco switches are specifically engineered to support these giant ISL -
tagged frames. Note that this is a key reason why ISL is Cisco-proprietary.
 ISL supports a maximum of 1000 VLANs on a trunk port. ISL is also almost
entirely deprecated - most modern Cisco switches no longer support it.
802.1Q trunks
802.1Q trunks support tagged and untagged Ethernet frames. An
untaggedEthernetframeisa standardunalteredEthernetframe.Untagged
Ethernet frames are usually used for native VLAN communication.
If a switch receives untagged Ethernet frames on a trunk port, they are
considered as partof thenativeVLAN and frames froma nativeaccess port
are not tagged when exiting the switch via a native VLAN trunk port.
VirtualLANs (VLANs) and VTP Page 9
rajasekar
In a tagged 802.1QEthernet frame, a 4-bytefield is inserted between the
original Ethernetframe Source Address field and the Type or Length field.
FCS is recomputed after the 4-bytetag is inserted. Following figureshows
802.1Q tagged Ethernet frame.
• TPID(Tag Protocol Identifier,16 bits):TPID (Tag Protocol Identifier) is globally
and always have a value of 0x8100 to signify an 802.1Q tag.
• Priority (3bits): ThePriority field is used by 802.1Qto implementLayer2 quality
of service (QoS).
• CFI (CanonicalFormatIdentifier,1 bit):TheCFI (CanonicalFormatIdentifier) bit
is used for compatibility purposes between Ethernet and Token Ring.
•VLAN ID (12 bits):TheVIDfieldis usedto distinguishbetweenVLANsonthelink.
 802.1Q supports a maximum of 4096 VLANs on a trunk port.
 Recall that ISL encapsulates a frame with an additional headerand trailer.
In contrast, 802.1Q embeds a 4-byte VLAN tag directly into the Layer-2
frame header. Because the Layer-2 header is modified, 802.1Q must
recalculate the frame’s CRC value.
VirtualLANs (VLANs) and VTP Page 10
rajasekar
802.1QTunneling(Q-in-Q)
802.1Qtunneling enables serviceproviders to usea singleVLAN to support
customers who havemultipleVLANs,whilepreserving customerVLAN IDs
and keeping trafficin differentcustomerVLANs segregated.
When you configuretunneling,you assigna tunnel portto a VLAN thatyou
dedicate to tunneling,which then becomes a tunnel VLAN.
To keep customertrafficsegregated,each customerrequires a separate
tunnel VLAN,butthatonetunnel VLAN supports all of thecustomer's VLANs.
The customerswitches aretrunk connected,butwith 802.1Qtunneling,the
service providerswitches only useoneserviceproviderVLAN to carry all the
customerVLANs,instead of directly carrying all thecustomerVLANs
Note: Tunnel trafficcarries a second 802.1Qtag only when itis on a trunk
link between service-providernetwork devices,with theoutertag containing
the service-provider-assigned VLAN ID and theinnertag containing the
customer-assigned VLAN IDs.
VirtualLANs (VLANs) and VTP Page 11
rajasekar
from this exampleCUSTOMER
switch A B & C haverangeof
vlan (100-400),when thisrange
of vlan enters intwo PROVIDER
switch theouter interfacecaries
singlevlan (3349) called outer
vlan.
NativeVLAN
Normally a Switch port configured as a trunk port send and receive IEEE 802.1q
VLAN tagged Ethernet frames.
If a switch receives untagged Ethernet frames on its Trunk port, they are
forwarded to the VLAN that is configured on the Switch as native VLAN. Both
sides of the trunk link must be configured to be in same native VLAN.
NativeVLANSare only supported on 802.1Qtrunkports.ISL does notsupport
untagged frames,and will always tag frames fromall VLANs.
VirtualLANs (VLANs) and VTP Page 12
rajasekar
DTP (Dynamic Trunking Protocol)
It is a Cisco proprietary trunking protocol used for negotiating trunking on a link
between two CiscoSwitches. DynamicTrunkingProtocol(DTP) canalsobeusedfor
negotiating the encapsulation type of either 802.1q or Cisco ISL.
DTP has two modes to dynamically decide whether a port becomes a trunk:
• Desirable– the port will actively attempt to form a trunk with theremote switch.
This is the default setting.
• Auto – the port will passively wait for the remote switch to initiate the trunk.
Trunk ports send out DTP frames every 30 seconds to indicate their configured
mode.
A Trunk will form in the following configurations:
 Trunk- Trunk
 Trunk -dynamic desirable
 Trunk- dynamic auto
 dynamic desirable- dynamic desirable
 dynamic desirable- dynamic auto
A trunk will neverformif thetwo sides of thetrunk aresetto dynamicauto,as both
ports are waiting for the other to initialize the trunk.
It is best practice to manually configure trunk ports, to avoid DTP negotiation
errors. DTP is also vulnerable to VLAN spoofing attacks.
VirtualLANs (VLANs) and VTP Page 13
rajasekar
Vlan configuration
By default,all interfaces belong to VLAN 1.To assign an interfaceto a different
VLAN, that VLAN mustfirstbe created:
To view all created VLANs, and interfaces assigned to each vlan:
Switch#showvlan
The standard rangeof VLAN numbers is 1 – 1005,with VLANs 1002-1005reserved
for legacy Token Ring and FDDI purposes.
The extended range of VLAN number is 1006-4094.
Configurationoptions forVLANIDs1006through4094 arelimitedtoMTU,RSPAN
VLAN, private VLAN, and UNI-ENI VLAN.
The listof VLANs are stored in a database file named vlan.dat.The vlan.dat fileis
usually stored in flash, though on some switch models it is stored in NVRAM
Extended-range VLANs are not saved in the VLAN database.
VirtualLANs (VLANs) and VTP Page 14
rajasekar
Configure Vlan
All the interfaces or belong to vlan 1. To change the vlan on interfaces vlan
must first be created. If u want to give a name for the vlan u can give its
optional.
Switch(config)# vlan 10
Switch(config-vlan)# name cisco
First cmd creates vlan for particular port and enters into vlan configuration
mode. Second cmd is used to configure name of the vlan
To remove VLAN:
Switch(config)# no vlan 10
VirtualLANs (VLANs) and VTP Page 15
rajasekar
Configure Vlan (continued)
ConfigureAccessmode
The modetells that port is ACCESS orTRUNKso in theaboveimagethatfast
ethernet 0/1 is configured to access port.
ConfigureTrunkmode
VirtualLANs (VLANs) and VTP Page 16
rajasekar
To explicitlyallowa subsetof VLANs on a trunk port:
Switch(config)# interfacef0/4
Switch(config-if)# switchporttrunkallowed vlan10,20,21-25
To remove a VLAN fromthe allowedlist:
Switch(config)# interface f0/4
Switch(config-if)# switchport trunkallowed vlanremove 20
To adda specificVLAN back into theallowedlist:
Switch(config)#interface f0/4
Switch(config-if)#switchporttrunkallowed vlan add20
To allowall VLANs exceptfor a specificrange:
Switch(config-if)#switchporttrunk allowed vlanexcept 21-25
To configuretheDTP modeon an interface:
Switch(config)# interface f0/4
Switch(config-if)#switchportmodedynamicdesirable
Switch(config-if)#switchportmodedynamicauto
To allowall VLANs again:
Switch(config-if)# interfacef0/4
Switch(config-if)#switchporttrunk allowed vlanall
To allownativeVLAN:
Switch(config)#interface F0/4
Switch(config-if)# switchportmodetrunk
Switch(config-if)# switchporttrunk nativevlan20
Showcmd:
showvlan
showinterfacesfa0/1 trunk
showinterfacestrunk
VirtualLANs (VLANs) and VTP Page 17
rajasekar
VTP (VlanTrunkingProtocol)
VLAN Trunk Protocol reduces administrationin a switched network.When you
configurea newVLAN on one VTP server, the VLAN is distributed through all
switches in thedomain.
This reduces theneed to configurethesameVLAN everywhere. VTP is a Cisco-
proprietary protocol thatis availableon mostof theCisco Catalystseries
products.
VTP requires thatall participating switches joina VTP domain.Switches must
belong to thesame domain to shareVLAN information
VTP version
There are three types of version
VTP version1: It supports thestandard 1 – 1005 VLAN range.VTP version 1 is
also defaulton Catalystswitches.
VTP version2: Itsupports
Token Ring support
VLAN consistency checks
Domain-independenttransparentpassthrough
VTP version3: Itsupports
The extended 1006-4094 VLAN range.
Supportforprivate VLANs.
Improved VTP authentication.
Ability to enableVTP on a per-portbasis.
VTPv1 and v2 are notcompatible.
VTP Version 3 was supported on only limited Cisco switch platforms
VirtualLANs (VLANs) and VTP Page 18
rajasekar
VTP Modes:
A switch using VTP mustoperatein oneof three modes:
• Server
• Client
• Transparent
 Server In VTP servermode, you can create, modify,and delete VLANs and
specify otherconfigurationparameters,such as VTP version and VTP pruning,
forthe entireVTP domain.VTP servers advertisetheirVLAN configuration to
otherswitches in thesame VTP domain and synchronizetheirVLAN
configurationwith otherswitches based on advertisementsreceived overtrunk
links.
 Client VTP clients behavethesameway as VTP servers, butyou cannotcreate,
change,ordelete VLANs on a VTP client.
 Transparent AVTP transparentswitch maintainsits own local VLAN
database,and does notdirectly participatein theVTP domain.Atransparent
switch will neveraccept VLAN databaseinformationfromanotherswitch,even
a server. Also,a transparentswitch will neveradvertiseits local VLAN database
to anotherswitch.
VTP messagetypes:
 Summary advertisements
 Subsetadvertisement
 Advertisementrequests
Summary advertisementsItcontains thefollowing data.
Both VTP servers and clients will send outa summary advertisementevery 300
seconds
 VTP domain
 VTP version
 Domain name
 Configurationrevisionnumber
 Time stamp
 MD5 digest
VirtualLANs (VLANs) and VTP Page 19
rajasekar
A subsetadvertisement It contain thefollowinginformation:
 VTP version
 Domain name
 Configurationrevision number
 VLAN IDs for each VLAN in the database
 VLAN-specificinformation,suchas theVLAN nameand MTU
AdvertisementRequests
A switch needs a VTP advertisementrequestin thesesituations:
 The switch has been reset.
 The VTP domain namehas been changed.
 The switch has received a VTP summary advertisementwith a
higherconfigurationrevisionthan its own.
VTP Pruning:
 VLAN Trunking Protocol (VTP) is used to
communicateVLAN information between switches in thesameVTP
domain. VLANTrunking Protocol(VTP) pruning is a featurein Cisco
switches,which stops VLAN updateinformationtrafficfrombeing sent
down trunk links if theupdates arenotneeded.
 In normal operation a switch needs to flood broadcastframes,multicast
frames, orunicastframes wherethe destination MACaddress is unknown
to all its ports.
 If theneighbouring switch doesn’thave any activeports inthe
sourceVLAN, this broadcastis unnecessary and excessiveunwanted
trafficmay create problems on thenetwork.
 VLAN Trunking Protocol (VTP) pruning helpsin increasing theavailable
bandwidthby reducing unnecessary flooded traffic.
 Broadcastframes,multicastframes,orunicastframes wherethe
destination MACaddress is unknownareforwarded overa trunk
link only if theswitch on thereceiving end of the trunk link has ports in
the source VLAN.
VirtualLANs (VLANs) and VTP Page 20
rajasekar
Configuring VTP
By default,a switch is in VTP server mode,. To changetheVTP
Switch(config)#vtp domain MYDOMAINNotethatthedomain nameis case
sensitive.
To configuretheVTP mode:
Switch(config)# vtp modeserver
Switch(config)# vtp modeclient
Switch(config)#vtp mode transparent
The VTP domain can besecured using a password:
Switch(config)#vtp password P@SSWORD!
The password is also casesensitive.All switches participating in theVTP domain
mustbe configured with thesamepassword.Thepassword is hashed into a 16-
byte MD5 digest.
VTP pruning is disabled by defaulton IOS switches.VTP pruningmustbe
enabled on a server, and will be applied globally to theentireVTP domain:
Switch(config)#vtppruning
Both VLAN 1 and the systemVLANs 1002-1005 arenevereligibleforpruning.
To manually specify which VLANsarepruning eligibleon a trunk:
VirtualLANs (VLANs) and VTP Page 21
rajasekar

More Related Content

What's hot

At8000 s configurando vla_ns
At8000 s configurando vla_nsAt8000 s configurando vla_ns
At8000 s configurando vla_ns
NetPlus
 
Expl sw chapter_04_vtp-full
Expl sw chapter_04_vtp-fullExpl sw chapter_04_vtp-full
Expl sw chapter_04_vtp-full
aghacrom
 

What's hot (20)

Vlans and inter vlan routing
Vlans and inter vlan routingVlans and inter vlan routing
Vlans and inter vlan routing
 
Virtual local area networks
Virtual local area networksVirtual local area networks
Virtual local area networks
 
LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)
LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)
LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)
 
Vlan
VlanVlan
Vlan
 
Vlan
Vlan Vlan
Vlan
 
Day 14.2 inter vlan
Day 14.2 inter vlanDay 14.2 inter vlan
Day 14.2 inter vlan
 
Virtual LAN
Virtual LANVirtual LAN
Virtual LAN
 
Vlan
VlanVlan
Vlan
 
Vlan Types
Vlan TypesVlan Types
Vlan Types
 
vlan
vlanvlan
vlan
 
Virtual LAN
Virtual LANVirtual LAN
Virtual LAN
 
At8000 s configurando vla_ns
At8000 s configurando vla_nsAt8000 s configurando vla_ns
At8000 s configurando vla_ns
 
Inter VLAN Routing
Inter VLAN RoutingInter VLAN Routing
Inter VLAN Routing
 
Vlan final
Vlan finalVlan final
Vlan final
 
Expl sw chapter_04_vtp-full
Expl sw chapter_04_vtp-fullExpl sw chapter_04_vtp-full
Expl sw chapter_04_vtp-full
 
Lan & vlan
Lan & vlanLan & vlan
Lan & vlan
 
VTP
VTPVTP
VTP
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
 
Switching
SwitchingSwitching
Switching
 
CCNA- part 9 vlan
CCNA- part 9 vlanCCNA- part 9 vlan
CCNA- part 9 vlan
 

Viewers also liked

Utilizacion de fuentes_digitales_de_la_info (1)
Utilizacion de fuentes_digitales_de_la_info (1)Utilizacion de fuentes_digitales_de_la_info (1)
Utilizacion de fuentes_digitales_de_la_info (1)
BrEnda CA
 
NaziPropagandaInAnimationDissertation
NaziPropagandaInAnimationDissertationNaziPropagandaInAnimationDissertation
NaziPropagandaInAnimationDissertation
Claudio Ravenstein
 

Viewers also liked (12)

VEX Robotics Competition
VEX Robotics CompetitionVEX Robotics Competition
VEX Robotics Competition
 
Abservice5
Abservice5Abservice5
Abservice5
 
Utilizacion de fuentes_digitales_de_la_info (1)
Utilizacion de fuentes_digitales_de_la_info (1)Utilizacion de fuentes_digitales_de_la_info (1)
Utilizacion de fuentes_digitales_de_la_info (1)
 
Compensation Package and Employee Job Satisfaction of First Security Islami B...
Compensation Package and Employee Job Satisfaction of First Security Islami B...Compensation Package and Employee Job Satisfaction of First Security Islami B...
Compensation Package and Employee Job Satisfaction of First Security Islami B...
 
Alhuda Cibe - Distance learning Programs on Islamic Banking & Finance
Alhuda Cibe - Distance learning Programs on Islamic Banking & Finance Alhuda Cibe - Distance learning Programs on Islamic Banking & Finance
Alhuda Cibe - Distance learning Programs on Islamic Banking & Finance
 
Resumee Updated
Resumee UpdatedResumee Updated
Resumee Updated
 
Cuestionario ama
Cuestionario amaCuestionario ama
Cuestionario ama
 
3Com 3C6062
3Com 3C60623Com 3C6062
3Com 3C6062
 
Armand Aguillon on "Your Investment Property Magazine - Sep 2016 edition
Armand Aguillon on "Your Investment Property Magazine - Sep 2016 editionArmand Aguillon on "Your Investment Property Magazine - Sep 2016 edition
Armand Aguillon on "Your Investment Property Magazine - Sep 2016 edition
 
NaziPropagandaInAnimationDissertation
NaziPropagandaInAnimationDissertationNaziPropagandaInAnimationDissertation
NaziPropagandaInAnimationDissertation
 
Cash flow ppt
Cash flow pptCash flow ppt
Cash flow ppt
 
Wheat
WheatWheat
Wheat
 

Similar to Vlan and vtp

Лекц 9
Лекц 9Лекц 9
Лекц 9
Muuluu
 
ccna3mod9_VLAN Trunking Protocol (1).pptx
ccna3mod9_VLAN Trunking Protocol (1).pptxccna3mod9_VLAN Trunking Protocol (1).pptx
ccna3mod9_VLAN Trunking Protocol (1).pptx
GiyaShefin
 

Similar to Vlan and vtp (20)

Virtual Local Area Network
Virtual Local Area NetworkVirtual Local Area Network
Virtual Local Area Network
 
Vlan.pdf
Vlan.pdfVlan.pdf
Vlan.pdf
 
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram SnehiVLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
 
ENCOR_Capitulo 1.pptx
ENCOR_Capitulo 1.pptxENCOR_Capitulo 1.pptx
ENCOR_Capitulo 1.pptx
 
VLAN Trunking Protocol
VLAN Trunking ProtocolVLAN Trunking Protocol
VLAN Trunking Protocol
 
Chapter 8 .vlan.pdf
Chapter 8 .vlan.pdfChapter 8 .vlan.pdf
Chapter 8 .vlan.pdf
 
Лекц 9
Лекц 9Лекц 9
Лекц 9
 
W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf
W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdfW3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf
W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf
 
Virtual LAN and Vlan Trunking Protocol.pptx
Virtual LAN and Vlan Trunking Protocol.pptxVirtual LAN and Vlan Trunking Protocol.pptx
Virtual LAN and Vlan Trunking Protocol.pptx
 
ccna3mod9_VLAN Trunking Protocol (1).pptx
ccna3mod9_VLAN Trunking Protocol (1).pptxccna3mod9_VLAN Trunking Protocol (1).pptx
ccna3mod9_VLAN Trunking Protocol (1).pptx
 
Ethernet protocol
Ethernet protocolEthernet protocol
Ethernet protocol
 
Switching
SwitchingSwitching
Switching
 
CCNA_RSE_Chp6.pptx
CCNA_RSE_Chp6.pptxCCNA_RSE_Chp6.pptx
CCNA_RSE_Chp6.pptx
 
App Note Vlan Br Vlanid Transl
App Note Vlan Br Vlanid TranslApp Note Vlan Br Vlanid Transl
App Note Vlan Br Vlanid Transl
 
Ccna 9
Ccna  9Ccna  9
Ccna 9
 
VLANs_Module_3.pptx
VLANs_Module_3.pptxVLANs_Module_3.pptx
VLANs_Module_3.pptx
 
VLAN
VLANVLAN
VLAN
 
mod8-VLANs.ppt
mod8-VLANs.pptmod8-VLANs.ppt
mod8-VLANs.ppt
 
Mod8 vlans
Mod8 vlansMod8 vlans
Mod8 vlans
 
Vlan configuration in medium sized network
Vlan configuration in medium sized networkVlan configuration in medium sized network
Vlan configuration in medium sized network
 

Recently uploaded

Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
AS
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 
一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理
F
 

Recently uploaded (20)

Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni  9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni  9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
Local Call Girls in Gomati 9332606886 HOT & SEXY Models beautiful and charmi...
Local Call Girls in Gomati  9332606886 HOT & SEXY Models beautiful and charmi...Local Call Girls in Gomati  9332606886 HOT & SEXY Models beautiful and charmi...
Local Call Girls in Gomati 9332606886 HOT & SEXY Models beautiful and charmi...
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
 
Down bad crying at the gym t shirtsDown bad crying at the gym t shirts
Down bad crying at the gym t shirtsDown bad crying at the gym t shirtsDown bad crying at the gym t shirtsDown bad crying at the gym t shirts
Down bad crying at the gym t shirtsDown bad crying at the gym t shirts
 
Call girls Service Canacona - 8250092165 Our call girls are sure to provide y...
Call girls Service Canacona - 8250092165 Our call girls are sure to provide y...Call girls Service Canacona - 8250092165 Our call girls are sure to provide y...
Call girls Service Canacona - 8250092165 Our call girls are sure to provide y...
 
Leading-edge AI Image Generators of 2024
Leading-edge AI Image Generators of 2024Leading-edge AI Image Generators of 2024
Leading-edge AI Image Generators of 2024
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理
 
💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...
💚 Call Girls Bahraich   9332606886  High Profile Call Girls You Can Get The S...💚 Call Girls Bahraich   9332606886  High Profile Call Girls You Can Get The S...
💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
 

Vlan and vtp

  • 1. VirtualLANs (VLANs) and VTP Page 1 rajasekar  Virtual Lan(vlan) & VTP VLAN :  Collision vs Broadcast  Vlan  Advantageof vlan  Vlan membership  Vlan porttypes  Vlan frames  Frametag protocol  802.1Qtunnelling  Nativevlan  DTP  Vlan configuration VTP :  VTP versions  VTP modes  VTP advertisement  VTP Messagetypes  VTP pruning  VTP configuration
  • 2. VirtualLANs (VLANs) and VTP Page 2 rajasekar Collision vs Broadcast Collision: A collision occurs when two devices send a packetat the sametime on the shared network segment.The packets collideand both devices mustsend the packets again,which reduces network efficiency. eg: HUB(each porton a hub is in the samecollision domain) when hostA is trying to reach host C.from thesame time hostD is also trying to reach hostC. HUB will receive both frames and HUB as no idea where to send frames as a resultitsend to all theports, from this stage collision is detecting. Broadcast: Broadcastis a typeof communication,wherethesending device send a singlecopy of data and thatcopy of data will be delivered to every device in thenetwork segment. Broadcast is a required type of communication and wecannotavoid Broadcasts. Eg: arp,dhcp when host Ais sending an packet to hostC when switch receives firsttimethen its send to all theports onceits learned the mac-address then itwill notsend to all theports.
  • 3. VirtualLANs (VLANs) and VTP Page 3 rajasekar  VLAN:(Virtual Local Area Network) A switch can belogically segmented into separatebroadcastdomains, using Virtual LANs.On Cisco switches,all interfaces belongto VLAN 1 by default,and should bededicated forsystemtrafficsuch as CDP,STP,VTP, and DTP. EachVLANrepresentsa uniquebroadcastdomain: • Trafficbetween devices within thesameVLAN is switched. • Trafficbetween devices in differentVLANs requires a Layer-3 deviceto communicate. Broadcasts fromone VLAN will notbe forwarded to anotherVLAN.The logical separation provided by VLANs is nota Layer-3 function.VLAN tags are inserted into theLayer-2 header. Host A and B are in samebroadcastdomain,samelikeas E and F. when I am trying to ping hostAto hostE itwill notping a switch that segments a ports into differentbroadcastdomain.Thus,a Layer-3 deviceis required forthosehosts to communicate.
  • 4. VirtualLANs (VLANs) and VTP Page 4 rajasekar Advantageofvlan  Broadcast Control – eliminates unnecessary broadcast traffic, improving network performance and scalability.  Security – logically separates users and departments, allowing administrators to implement access-lists to control traffic between VLANs.  Improved manageability VLANs providean easy,flexible,less costly way to modify logical groups in changing environments.. Vlan membership VLAN membership are two types:  Static  Dynamic Static: InastaticVLAN,thenetwork administratorcreatesa VLAN andthen assigns switch ports to the VLAN. Static VLANs are also called port- based VLANs. The association with the VLAN does not change until the administrator changes the port assignment. End-user devices become the members of VLAN based on the physical switch port to which they are connected. Dynamic: A dynamic VLAN, the switch automatically assigns theportto a VLAN using information from the user device like (mac, ip address etc). When a device is connected to a switch port theswitch queries a database to establish VLAN membership. A network administrator must configure VLAN databaseof a VLANMembership Policy Server (VMPS). DynamicVLANs supportinstantmovability of end devices.When we move a device from a port on one switch to a port on another switch, the dynamicVLANs will automatically configurethemembership of the VLAN. Static VLAN assignmentis farmore common than dynamic,and will be the focus of this guide.
  • 5. VirtualLANs (VLANs) and VTP Page 5 rajasekar VLAN Port Types Two types of ports: • Access ports • Trunk ports Access link: An access link is a part of only one VLAN, and normally access links are for end devices. Any device attached to an access link is unaware of a VLAN membership. Trunk link: ATrunk link can carry multiple VLAN traffic and normally a trunk link is used to connect switches to other switches or to routers. To identify the VLAN that a frame belongs to. Vlanframes Frame tagging is used to identify the VLAN thatthe frame belongs to in a network with multipleVLANs.The VLAN ID is placed on the frame when it reaches a switch from an access port, which is a member of a VLAN. That frame can then be forwarded out the trunk link port. Each switch can see what VLAN the frame belongs to and can forward the frame to corresponding VLAN access ports or to another VLAN trunk port.
  • 6. VirtualLANs (VLANs) and VTP Page 6 rajasekar Vlan frames (continued) If HostAsends a frameto HostB,no frametaggingwill occur • Theframe never leaves theSwitch A. • Theframe stays within its own VLAN. If HostAsends a frameto HostC,which is in a separateVLAN: • Theframe again neverleaves theswitch. • BecauseHost C is in a differentVLAN,the frame mustberouted. If HostAsends a frameto HostD,which is on a separateswitch: • Theframe is sentoutthetrunk port to Switch B. • Theframe mustbe tagged as itis sentoutthetrunk port.  The frameis tagged with its VLAN ID - VLAN 10 in this example. • When Switch B receives the frame, itwill only forward it out ports belonging to VLAN 10
  • 7. VirtualLANs (VLANs) and VTP Page 7 rajasekar FrameTaggingProtocols Cisco switches supporttwo frame tagging protocols: • Inter-Switch Link(ISL) • IEEE 802.1Q Inter-SwitchLink(ISL)protocol is a Cisco propriety protocoland Inter-Switch Link (ISL) is available and supported on Cisco products only. Inter-Switch Link (ISL) protocol primarily is used forEthernetmedia (FastEthernet orGigabitEthernet).Cisco hasalsoincluded provisionsto carry Token Ring,FDDI, and ATM. Inter-Switch Link (ISL) protocol encapsulates the entire Ethernet frame (Fast Ethernet or Gigabit Ethernet) with a 26-byte header and a 4-byte frame check sequence (FCS) for a total of 30 bytes of overhead. Inter-Switch Link (ISL) frame format is shown below. DA (DestinationAddress):ThedestinationaddressusesthemulticastMACaddress 01-00-0C-00-00-00.The first 40 bits of the DA field signal the receiver that the packet is in Inter-Switch Link (ISL) format. • Type: Thetypeof frameencapsulated:Ethernet(0000),Token Ring (0001),FDDI (0010), and ATM (0011). • User: The USER field consists of a 4-bitcode. The USER bits are used to extend themeaningoftheTYPE field.ThedefaultUSER fieldvalueis "0000".ForEthernet frames, the USER field bits "0" and "1" indicate the priority of the packet as it passes through the switch.
  • 8. VirtualLANs (VLANs) and VTP Page 8 rajasekar • SA (Source Address): Sourceaddress of the switch transmitting theInter-Switch Link (ISL) frame. • Len: The length of the packet. • SNAP: Subnetwork Access Protocol (SNAP) and Logical Link Control (LLC). The AAAA03 SNAP field is a 24-bit constant value of "AAAA03". • HSA (High Bits of Source Address): The HSA field is a 24-bit value which represents the upper 3 bytes (the manufacturer ID portion) of the SA field. • VLAN (DestinationVLANID): Indicates VLAN ID of the packet. VLAN ID is a 15- bit value that is used to distinguish frames on different VLANs. VLAN ID is also known as the "color" of the frame. • BPDU: Indicate whether a BPDU, or CDP or VTP frame • Index: The port index of the source of the packet. • Res: Reserved field foradditional information,forinstance,Token Ring orFDDI Frame Check Sequence field. For Ethernet, this field should be zero. • Encapsulated Ethernet Frame: The actual Ethernet frame. • ISL CRC: Four-byte check on the ISL packet to ensure it is not corrupted.  Cisco switches are specifically engineered to support these giant ISL - tagged frames. Note that this is a key reason why ISL is Cisco-proprietary.  ISL supports a maximum of 1000 VLANs on a trunk port. ISL is also almost entirely deprecated - most modern Cisco switches no longer support it. 802.1Q trunks 802.1Q trunks support tagged and untagged Ethernet frames. An untaggedEthernetframeisa standardunalteredEthernetframe.Untagged Ethernet frames are usually used for native VLAN communication. If a switch receives untagged Ethernet frames on a trunk port, they are considered as partof thenativeVLAN and frames froma nativeaccess port are not tagged when exiting the switch via a native VLAN trunk port.
  • 9. VirtualLANs (VLANs) and VTP Page 9 rajasekar In a tagged 802.1QEthernet frame, a 4-bytefield is inserted between the original Ethernetframe Source Address field and the Type or Length field. FCS is recomputed after the 4-bytetag is inserted. Following figureshows 802.1Q tagged Ethernet frame. • TPID(Tag Protocol Identifier,16 bits):TPID (Tag Protocol Identifier) is globally and always have a value of 0x8100 to signify an 802.1Q tag. • Priority (3bits): ThePriority field is used by 802.1Qto implementLayer2 quality of service (QoS). • CFI (CanonicalFormatIdentifier,1 bit):TheCFI (CanonicalFormatIdentifier) bit is used for compatibility purposes between Ethernet and Token Ring. •VLAN ID (12 bits):TheVIDfieldis usedto distinguishbetweenVLANsonthelink.  802.1Q supports a maximum of 4096 VLANs on a trunk port.  Recall that ISL encapsulates a frame with an additional headerand trailer. In contrast, 802.1Q embeds a 4-byte VLAN tag directly into the Layer-2 frame header. Because the Layer-2 header is modified, 802.1Q must recalculate the frame’s CRC value.
  • 10. VirtualLANs (VLANs) and VTP Page 10 rajasekar 802.1QTunneling(Q-in-Q) 802.1Qtunneling enables serviceproviders to usea singleVLAN to support customers who havemultipleVLANs,whilepreserving customerVLAN IDs and keeping trafficin differentcustomerVLANs segregated. When you configuretunneling,you assigna tunnel portto a VLAN thatyou dedicate to tunneling,which then becomes a tunnel VLAN. To keep customertrafficsegregated,each customerrequires a separate tunnel VLAN,butthatonetunnel VLAN supports all of thecustomer's VLANs. The customerswitches aretrunk connected,butwith 802.1Qtunneling,the service providerswitches only useoneserviceproviderVLAN to carry all the customerVLANs,instead of directly carrying all thecustomerVLANs Note: Tunnel trafficcarries a second 802.1Qtag only when itis on a trunk link between service-providernetwork devices,with theoutertag containing the service-provider-assigned VLAN ID and theinnertag containing the customer-assigned VLAN IDs.
  • 11. VirtualLANs (VLANs) and VTP Page 11 rajasekar from this exampleCUSTOMER switch A B & C haverangeof vlan (100-400),when thisrange of vlan enters intwo PROVIDER switch theouter interfacecaries singlevlan (3349) called outer vlan. NativeVLAN Normally a Switch port configured as a trunk port send and receive IEEE 802.1q VLAN tagged Ethernet frames. If a switch receives untagged Ethernet frames on its Trunk port, they are forwarded to the VLAN that is configured on the Switch as native VLAN. Both sides of the trunk link must be configured to be in same native VLAN. NativeVLANSare only supported on 802.1Qtrunkports.ISL does notsupport untagged frames,and will always tag frames fromall VLANs.
  • 12. VirtualLANs (VLANs) and VTP Page 12 rajasekar DTP (Dynamic Trunking Protocol) It is a Cisco proprietary trunking protocol used for negotiating trunking on a link between two CiscoSwitches. DynamicTrunkingProtocol(DTP) canalsobeusedfor negotiating the encapsulation type of either 802.1q or Cisco ISL. DTP has two modes to dynamically decide whether a port becomes a trunk: • Desirable– the port will actively attempt to form a trunk with theremote switch. This is the default setting. • Auto – the port will passively wait for the remote switch to initiate the trunk. Trunk ports send out DTP frames every 30 seconds to indicate their configured mode. A Trunk will form in the following configurations:  Trunk- Trunk  Trunk -dynamic desirable  Trunk- dynamic auto  dynamic desirable- dynamic desirable  dynamic desirable- dynamic auto A trunk will neverformif thetwo sides of thetrunk aresetto dynamicauto,as both ports are waiting for the other to initialize the trunk. It is best practice to manually configure trunk ports, to avoid DTP negotiation errors. DTP is also vulnerable to VLAN spoofing attacks.
  • 13. VirtualLANs (VLANs) and VTP Page 13 rajasekar Vlan configuration By default,all interfaces belong to VLAN 1.To assign an interfaceto a different VLAN, that VLAN mustfirstbe created: To view all created VLANs, and interfaces assigned to each vlan: Switch#showvlan The standard rangeof VLAN numbers is 1 – 1005,with VLANs 1002-1005reserved for legacy Token Ring and FDDI purposes. The extended range of VLAN number is 1006-4094. Configurationoptions forVLANIDs1006through4094 arelimitedtoMTU,RSPAN VLAN, private VLAN, and UNI-ENI VLAN. The listof VLANs are stored in a database file named vlan.dat.The vlan.dat fileis usually stored in flash, though on some switch models it is stored in NVRAM Extended-range VLANs are not saved in the VLAN database.
  • 14. VirtualLANs (VLANs) and VTP Page 14 rajasekar Configure Vlan All the interfaces or belong to vlan 1. To change the vlan on interfaces vlan must first be created. If u want to give a name for the vlan u can give its optional. Switch(config)# vlan 10 Switch(config-vlan)# name cisco First cmd creates vlan for particular port and enters into vlan configuration mode. Second cmd is used to configure name of the vlan To remove VLAN: Switch(config)# no vlan 10
  • 15. VirtualLANs (VLANs) and VTP Page 15 rajasekar Configure Vlan (continued) ConfigureAccessmode The modetells that port is ACCESS orTRUNKso in theaboveimagethatfast ethernet 0/1 is configured to access port. ConfigureTrunkmode
  • 16. VirtualLANs (VLANs) and VTP Page 16 rajasekar To explicitlyallowa subsetof VLANs on a trunk port: Switch(config)# interfacef0/4 Switch(config-if)# switchporttrunkallowed vlan10,20,21-25 To remove a VLAN fromthe allowedlist: Switch(config)# interface f0/4 Switch(config-if)# switchport trunkallowed vlanremove 20 To adda specificVLAN back into theallowedlist: Switch(config)#interface f0/4 Switch(config-if)#switchporttrunkallowed vlan add20 To allowall VLANs exceptfor a specificrange: Switch(config-if)#switchporttrunk allowed vlanexcept 21-25 To configuretheDTP modeon an interface: Switch(config)# interface f0/4 Switch(config-if)#switchportmodedynamicdesirable Switch(config-if)#switchportmodedynamicauto To allowall VLANs again: Switch(config-if)# interfacef0/4 Switch(config-if)#switchporttrunk allowed vlanall To allownativeVLAN: Switch(config)#interface F0/4 Switch(config-if)# switchportmodetrunk Switch(config-if)# switchporttrunk nativevlan20 Showcmd: showvlan showinterfacesfa0/1 trunk showinterfacestrunk
  • 17. VirtualLANs (VLANs) and VTP Page 17 rajasekar VTP (VlanTrunkingProtocol) VLAN Trunk Protocol reduces administrationin a switched network.When you configurea newVLAN on one VTP server, the VLAN is distributed through all switches in thedomain. This reduces theneed to configurethesameVLAN everywhere. VTP is a Cisco- proprietary protocol thatis availableon mostof theCisco Catalystseries products. VTP requires thatall participating switches joina VTP domain.Switches must belong to thesame domain to shareVLAN information VTP version There are three types of version VTP version1: It supports thestandard 1 – 1005 VLAN range.VTP version 1 is also defaulton Catalystswitches. VTP version2: Itsupports Token Ring support VLAN consistency checks Domain-independenttransparentpassthrough VTP version3: Itsupports The extended 1006-4094 VLAN range. Supportforprivate VLANs. Improved VTP authentication. Ability to enableVTP on a per-portbasis. VTPv1 and v2 are notcompatible. VTP Version 3 was supported on only limited Cisco switch platforms
  • 18. VirtualLANs (VLANs) and VTP Page 18 rajasekar VTP Modes: A switch using VTP mustoperatein oneof three modes: • Server • Client • Transparent  Server In VTP servermode, you can create, modify,and delete VLANs and specify otherconfigurationparameters,such as VTP version and VTP pruning, forthe entireVTP domain.VTP servers advertisetheirVLAN configuration to otherswitches in thesame VTP domain and synchronizetheirVLAN configurationwith otherswitches based on advertisementsreceived overtrunk links.  Client VTP clients behavethesameway as VTP servers, butyou cannotcreate, change,ordelete VLANs on a VTP client.  Transparent AVTP transparentswitch maintainsits own local VLAN database,and does notdirectly participatein theVTP domain.Atransparent switch will neveraccept VLAN databaseinformationfromanotherswitch,even a server. Also,a transparentswitch will neveradvertiseits local VLAN database to anotherswitch. VTP messagetypes:  Summary advertisements  Subsetadvertisement  Advertisementrequests Summary advertisementsItcontains thefollowing data. Both VTP servers and clients will send outa summary advertisementevery 300 seconds  VTP domain  VTP version  Domain name  Configurationrevisionnumber  Time stamp  MD5 digest
  • 19. VirtualLANs (VLANs) and VTP Page 19 rajasekar A subsetadvertisement It contain thefollowinginformation:  VTP version  Domain name  Configurationrevision number  VLAN IDs for each VLAN in the database  VLAN-specificinformation,suchas theVLAN nameand MTU AdvertisementRequests A switch needs a VTP advertisementrequestin thesesituations:  The switch has been reset.  The VTP domain namehas been changed.  The switch has received a VTP summary advertisementwith a higherconfigurationrevisionthan its own. VTP Pruning:  VLAN Trunking Protocol (VTP) is used to communicateVLAN information between switches in thesameVTP domain. VLANTrunking Protocol(VTP) pruning is a featurein Cisco switches,which stops VLAN updateinformationtrafficfrombeing sent down trunk links if theupdates arenotneeded.  In normal operation a switch needs to flood broadcastframes,multicast frames, orunicastframes wherethe destination MACaddress is unknown to all its ports.  If theneighbouring switch doesn’thave any activeports inthe sourceVLAN, this broadcastis unnecessary and excessiveunwanted trafficmay create problems on thenetwork.  VLAN Trunking Protocol (VTP) pruning helpsin increasing theavailable bandwidthby reducing unnecessary flooded traffic.  Broadcastframes,multicastframes,orunicastframes wherethe destination MACaddress is unknownareforwarded overa trunk link only if theswitch on thereceiving end of the trunk link has ports in the source VLAN.
  • 20. VirtualLANs (VLANs) and VTP Page 20 rajasekar Configuring VTP By default,a switch is in VTP server mode,. To changetheVTP Switch(config)#vtp domain MYDOMAINNotethatthedomain nameis case sensitive. To configuretheVTP mode: Switch(config)# vtp modeserver Switch(config)# vtp modeclient Switch(config)#vtp mode transparent The VTP domain can besecured using a password: Switch(config)#vtp password P@SSWORD! The password is also casesensitive.All switches participating in theVTP domain mustbe configured with thesamepassword.Thepassword is hashed into a 16- byte MD5 digest. VTP pruning is disabled by defaulton IOS switches.VTP pruningmustbe enabled on a server, and will be applied globally to theentireVTP domain: Switch(config)#vtppruning Both VLAN 1 and the systemVLANs 1002-1005 arenevereligibleforpruning. To manually specify which VLANsarepruning eligibleon a trunk:
  • 21. VirtualLANs (VLANs) and VTP Page 21 rajasekar