1、Configuring VLANs and VTP,Module 2,Implementing VLANs, 2003, Cisco Systems, Inc. All rights reserved.,BCMSN 2.02-2,Objectives,Upon completing this lesson, you will be able to: Describe the basic features and operation of VLANs on a switched network Compare end-to-end and local VLANs, and determine w

2、hen to use each Configure static VLANs Configure access ports for static and multi-VLAN membership Verify the VLAN configuration Troubleshoot common VLAN problems on a switched network,A VLAN = A Broadcast Domain = Logical Network (Subnet),VLAN Overview,Layer 2 connectivity Logical organizational fl

3、exibility Single broadcast domain Management Basic security,VLANs plus routing limits broadcasts to the domain of origin.,VLANs Establish Broadcast Domains,Local VLANs generally reside in the wiring closet.,Local VLANs,All users attached to same switch port must be in the same VLAN.,Static VLANs,Con

4、figuring VLANs in Global Mode,Switch#configure terminal Switch(config)#vlan 3 Switch(config-vlan)#name Vlan3 Switch(config-vlan)#exit Switch(config)#end,Configuring VLANs in VLAN Database Mode,Switch#vlan database Switch(vlan)#vlan 3 VLAN 3 added: Name: VLAN0003 Switch(vlan)#exit APPLY completed. Ex

5、iting.,Deleting VLANs in Global Mode,Switch#configure terminal Switch(config)#no vlan 3 Switch(config)#end,Deleting VLANs in VLAN Database Mode,Switch#vlan database Switch(vlan)#no vlan 3 VLAN 3 deleted: Name: VLAN0003 Switch(vlan)#exit APPLY completed. Exiting.,VLAN Membership Modes,VLAN membership

6、 can either be static or dynamic.,Assigning Access Ports to a VLAN,Switch(config)#interface gigabitethernet 1/1,Enters interface configuration mode,Switch(config-if)#switchport mode access,Configures the interface as an access port,Switch(config-if)#switchport access vlan 3,Assigns the access port t

7、o a VLAN,Verifying the VLAN Configuration,Switch#show vlan id | name vlan_num | vlan_name,VLAN Name Status Ports - - - - 1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/7 Fa0/8, Fa0/9, Fa0/11, Fa0/12 Gi0/1, Gi0/2 2 VLAN0002 active 51 VLAN0051 active 52 VLAN0052 active VLAN Type SAID MTU Parent RingNo Brid

8、geNo Stp BrdgMode Trans1 Trans2 - - - - - - - - - - - 1 enet 100001 1500 - - - - - 1002 1003 2 enet 100002 1500 - - - - - 0 0 51 enet 100051 1500 - - - - - 0 0 52 enet 100052 1500 - - - - - 0 0 Remote SPAN VLANs - Primary Secondary Type Ports - - - -,Verifying the VLAN Port Configuration,Switch#show

9、 running-config interface fastethernet | gigabitethernet slot/port,Displays the running configuration of the interface,Switch#show interfaces fastethernet | gigabitethernet slot/port switchport,Displays the switch port configuration of the interface,Switch#show mac-address-table interface interface-

10、id vlan vlan-id | begin | exclude | include expression,Displays the MAC address table information for the specified interface in the specified VLAN,Troubleshooting VLANs,Problem: One Device Cannot Communicate with Another,Use the show interface command: Make sure the VLAN membership of the switch po

11、rt is correct. If the host is in the same subnet as the switch interface, make sure the switch interface and the switch port to which the host is connected are assigned to the same VLAN.,Summary,A VLAN is a logical grouping of switch ports connecting nodes of virtually any type with no regard to phy

12、sical location. An end-to-end VLAN spans the entire switched network, while a local VLAN is restricted to a single switch. Static VLANs involve switch ports that you manually assign to a particular VLAN. You can configure VLANs using Cisco IOS commands in VLAN configuration mode. Once a VLAN has bee

13、n defined, you can assign switch ports to it. You use show commands to confirm that a VLAN and its associated ports have been configured correctly. To troubleshoot VLANs, you should check the physical connections, switch configuration, and VLAN configuration.,Implementing VLAN Trunks, 2003, Cisco Sy

14、stems, Inc. All rights reserved.,BCMSN v2.02-19,Objectives,Upon completing this lesson, you will be able to: Describe the features of VLAN trunking and dynamic trunking protocol Describe the basic features and operation of ISL and 802.1Q trunking Explain the role of native VLANs and how they affect

15、the trunking configuration Explain how to use VLAN ranges and mappings to scale VLANs,Objectives (Cont.),Describe the operation and purpose of service provider-managed VLAN services Configure and verify ISL trunks Configure and verify 802.1Q trunks Troubleshoot VLAN trunking problems on a switched n

16、etwork,VLAN Trunking,Trunk Link Physical Implementation,Switch Ports and Trunk Ports,Function,switchport mode trunk Trunk port,switchport mode dynamic Dynamic port,Sets the switch port to dynamically negotiate the status (access or trunk),Sets the switch port to unconditionally become a trunk port,s

17、witchport mode access Access port,Sets the switch port to unconditionally be an access port,Command,Switch Port DTP Modes,Function,trunk,dynamic auto,dynamic desirable,Sets the switch port to actively send and respond to DTP negotiation frames. Default for Ethernet,access,Sets the switch port to unc

18、onditional trunking mode and negotiates to become a trunk link, regardless of neighbor interface mode,Unconditionally sets a switch port to access mode, regardless of other DTP functions,Sets the switch port to respond but not to actively send DTP negotiation frames,nonegotiate,Specifies that DTP ne

19、gotiation packets are not sent on the Layer 2 interface,Mode,Performed with ASIC Not intrusive to client stations; client does not see the header Effective between switches, and between routers and switches,ISL Encapsulation,ISL and Layer 2 Encapsulation,802.1Q Trunking,802.1Q Frame,802.1Q and Layer

20、 2 Encapsulation,Importance of Native VLANs,VLAN Ranges and Mappings,VLAN Range,Range,Usage,Reserved,For system use only,0, 4095,Normal,Cisco default,1,Normal,For Ethernet VLANs,2-1001,Normal,Cisco defaults for FDDI and Token Ring,1002-1005,Extended,For Ethernet VLANs only,1025-4094,802.1Q Tunneling

21、,Double-Tagged Ethernet Packets,Layer 2 Protocol Tunneling,Catalyst Switch Features,Configuring ISL Trunking,Switch(config)#interface fastethernet 2/1,Switch(config-if)#switchport trunk encapsulation isl,Switch(config-if)#switchport mode trunk,Enters interface configuration mode,Selects the encapsul

22、ation,Configures the interface as a Layer 2 trunk,Verifying ISL Trunking,Switch#show running-config interface fastethernet | gigabitethernet slot/port,Switch#show interfaces fastethernet | gigabitethernet slot/port switchport | trunk ,Switch#show interfaces fastethernet 2/1 trunk Port Mode Encapsula

23、tion Status Native VLAN Fa2/1 desirable isl trunking 1 Port VLANs allowed on trunk Fa2/1 1-1005 Port VLANs allowed and active in management domain Fa2/1 1-2,1002-1005 Port VLANs in spanning tree forwarding state and not pruned Fa2/1 1-2,1002-1005,Configuring 802.1Q Trunking,Switch(config)#interface

24、fastethernet 5/8 Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport trunk allowed vlan 1,15,11,1002-1005 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport nonegotiate Switch(config-if)#no shutdown,Verifying 802.1Q Trunkin

25、g,Switch#show running-config interface fastethernet | gigabitethernet slot/port,Switch#show interfaces fastethernet | gigabitethernet slot/port switchport | trunk ,Switch#show interfaces gigabitEthernet 0/1 switchport Name: Gi0/1 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk

26、 Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 . . .,Problem: A Device Cannot Establish a Connection Acr

27、oss a Trunk Link,Make sure: The Layer 2 interface mode configured on both ends of the link is valid. The trunk encapsulation type configured on both ends of the link is valid. The native VLAN is the same on both ends of the trunk (802.1Q trunks).,Summary,A trunk is a Layer 2 point-to-point link betw

28、een networking devices capable of Layer 2 operations. Trunks carry the traffic of multiple VLANs or multiple networks over a single physical link. ISL is a Cisco proprietary protocol for interconnecting Layer 2-capable devices. The 802.1Q protocol is an open standard protocol used to interconnect mu

29、ltiple Layer 2-capable devices. 802.1Q trunks define a native VLAN for frames that are not tagged by default. ISL VLAN numbers are in the range 1 to 1001, while 802.1Q VLAN numbers are in the range 0 to 4094.,Summary (Cont.),802.1Q tunneling allows service providers to transport VLANs within VLANs,

30、preserving individual customers VLAN assignments without requiring them to be unique. Switch ports are configured for ISL trunking using Cisco IOS commands. Switch ports are configured for 802.1Q trunking using Cisco IOS commands. If a problem exists with a trunking link, make sure that the interfac

31、e modes, encapsulation types, and native VLANs are correct on both sides of the link.,Implementing VLAN Trunk Protocol, 2003, Cisco Systems, Inc. All rights reserved.,BCMSN 2.02-44,Objectives,Upon completing this lesson, you will be able to: Define VTP and explain where to use it on a switched netwo

32、rk Describe how VTP versions 1 and 2 operate including domains, modes, advertisements, and pruning Configure VTP domains in server, client, and transparent modes Verify the VTP configuration Troubleshoot the VTP configuration,Advertises VLAN configuration information Maintains VLAN configuration con

33、sistency throughout a common administrative domain Sends advertisements on trunk ports only,VTP Protocol Features,Cannot create, change, or delete VLANs Forwards advertisements Synchronizes VLAN configurations Does not save in NVRAM,Creates, modifies, and deletes VLANs Sends and forwards advertiseme

34、nts Synchronizes VLAN configurations Saves configuration in NVRAM,Creates, modifies, and deletes VLANs locally only Forwards advertisements Does not synchronize VLAN configurations Saves configuration in NVRAM,VTP Modes,VTP Operation,VTP advertisements are sent as multicast frames. VTP servers and c

35、lients are synchronized to the latest revision number. VTP advertisements are sent every 5 minutes or when there is a change.,Increases available bandwidth by reducing unnecessary flooded traffic Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned

36、to the red VLAN.,VTP Pruning,VTP Versions,All switches in a management domain must run the same version.,VTP Configuration Guidelines,Configure the following: VTP domain name VTP mode (server mode is the default) VTP pruning VTP password VTP trap Use caution when adding a new switch into an existing

37、 domain. Add a new switch in client mode to prevent the new switch from propagating incorrect VLAN information.,Configuring a VTP Server,Switch(config)#vtp server,Configures VTP server mode,Switch(config)#vtp domain domain-name,Specifies a domain name,Switch(config)#vtp password password,Sets a VTP

38、password,Switch(config)#vtp pruning,Enables VTP pruning in the domain,Configuring a VTP Server (Cont.),Switch#configure terminal Switch(config)#vtp server Setting device to VTP SERVER mode. Switch(config)#vtp domain Lab_Network Setting VTP domain name to Lab_Network Switch(config)#end,Verifying the

39、VTP Configuration,Switch#show vtp status,Switch#show vtp status VTP Version : 2 Configuration Revision : 247 Maximum VLANs supported locally : 1005 Number of existing VLANs : 33 VTP Operating Mode : Client VTP Domain Name : Lab_Network VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0 x45 0 x52 0 xB6 0 xFD 0 x63 0 xC8 0 x49 0 x80 Configuration last modified by 0.0.0.0 at 8-12-99 15:04:49 Switch#,Verifying the VTP Configuration (Cont.),Switch#show vtp counters,Switch#show vtp counters VTP statistics: Summary advertisements received :