Configuring VTP and VLANs on Cisco switches
Written by vaheeD on December 29, 2012
Concepts
VLAN: A virtual local area network, virtual LAN or VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together even if they are not located on the same network switch. VLAN membership can be configured through software instead of physically relocating devices or connections. (Wikipedia)
Trunk: A trunk link carries multiple VLANs through a single network link through the use of a “trunking protocol”. (Wikipedia)
802.1Q: To allow for multiple VLANs on one link, frames from individual VLANs must be identified by a “trunking protocol”. The most common and preferred method, IEEE 802.1Q adds a tag (4 bytes) to the Ethernet frame header, labeling it as belonging to a certain VLAN. (Wikipedia)
Native VLAN: If a switch receives untagged frames on a trunkport, they are assumed to be part of the vlan that are designated on the switchport as the native vlan.
VTP: VLAN Trunking Protocol (VTP) is a Layer 2 messaging protocol that propagates the definition of VLANs on the whole local area network. To do this, VTP carries VLAN information to all the switches in a VTP domain. VTP only works over trunk links. This includes Inter-Switch Link(ISL), IEEE 802.1q, and LAN emulation (LANE) trunks. (Wikipedia)
VTP Server: The VTP Server can add, delete or rename VLANS. It also advertises the domain name, The VLAN configuration and configuration revision number to all other switches in the VTP domain. It maintains a list of all VLANS in the domain in NVRAM and can retrieve this information even if switch reset occurs. The advertisements is sent to a special destination multicast MAC address 01-00-0C-CC-CC-CC.
VTP CLient: A VTP Client can not add, delete or rename VLANS. It maintains a list ot all VLANS in the domain, but does not store them.
VTP Transparent: A VTP Transparent switch must have its VLANS configured manually. Changes to VLAN configuration are not propagated to other switches. It will still relay VTP messages over its trunk links to other switches if it is in the same VTP domain or in a null VTP domain.
VTP Pruning: VTP pruning increases network available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to reach the destination devices. Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them. (Cisco)
Monitoring VTP
show vtp status show vtp counters
Configuring VTP Server
configure terminal vtp domain SW_DOMAIN1 vtp password 123456 vtp mode server vtp pruning end
Resetting the VTP configuration revision number on clients
show vtp status ! Write down the domain name. ! Write down the configuration revision number. configure terminal vtp domain TEMPNAME end show vtp status configure terminal ! Restore original domain name. vtp domain domain-name end
Configuring VTP Client
configure terminal vtp domain SW_DOMAIN1 vtp password 123456 vtp mode client end
Checking defined VLANs
show vlan show vlan brief
Checking vlan database (vlan.dat)
show flash
Checking trunks
show running-config interface gigabitEthernet 1/0/1 show interfaces gigabitEthernet 1/0/1 switchport show interfaces gigabitEthernet 1/0/1 trunk show interfaces trunk
Configuring trunk ports
configure terminal interface range gigabitEthernet 1/0/1 - 4 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no shutdown end
Configuring access ports
configure terminal interface range fastEthernet 1/0/1 - 48 switchport mode access no cdp enable end
Creating VLANs – old way
enable vlan database vlan 100 name USERS apply end
Creating VLANs – new way
configure terminal vlan 100 name USERS end
Assigning ports to VLANs
configure terminal interface fastEthernet 1/0/1 switchport mode access no cdp enable switchport access vlan 100 end
Configuring management VLAN
configure terminal ! Disable default VLAN 1 interface vlan 1 no ip address shutdown exit ! Create new VLAN 2 for management vlan 2 name MANAGEMENT exit ! Assigin IP address to management VLAN 2 interface vlan 2 ip address 172.31.0.1 255.255.255.0 no shutdown end
Configuring native VLAN
configure terminal ! Create new VLAN 3 for native VLAN use vlan 3 name NATIVE exit ! Configuring VLAN 3 as native on trunk ports interface range gigabitEthernet 1/0/1 - 4 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate switchport trunk native vlan 3 no shutdown end
Control what VLANs can pass through trunk ports
configure terminal interface range gigabitEthernet 1/0/1 - 4 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate switchport trunk native vlan 3 switchport trunk allowed 10,20,30 no shutdown end
Clearing switch config
write erase delete flash:vlan.dat