VLANs¶
Configuration and Verification¶
VLAN Foundations¶
Logically groups users
Segments broadcast domains
Subnet correlation
Access control
Quality of service
Local VLANs¶
Local VLANs do not extend beyond the distribution layer
Local VLAN traffic routed to other destinations
Should be created around physical boundries
Configuring VLANs¶
conf t
vlan 200
name MARKETTING
int r f0/0-10
switchport mode access
switchport access vlan 100
Deleting VLAN Database¶
wr e
del flash:vlan.dat
In-Depth Trunking¶
Trunking¶
Trunking (aka tagging) passes multi-vlan information between switches
Places VLAN information into each frame
Layer 2 feature
The Two Tagging Flavours¶
Inter-Switch Link (ISL)
CISCO proprietary
Encapsulates the entire frame
Being phased out
802.1Q
Open standard/industry standard
Inserts tag into frame rather than encapsulation
Digging Deeper Into the Trunk¶
ISL
26 byte header (Junk, VLAN, Junk)
Ethernet Frame
4 byte CRC
802.1Q
Destination MAC
Source MAC
4 byte tag (3 bit PRI, VLAN)
Ethernet Frame
FCS
Negotiating Trunking¶
Switches can auto-negotiate trunk connections using Dynamic Trunking Protocol (DTP)
Can be confusing…
Five different modes:
Access
Trunk
Dynamic Auto
Dynamic desirable
Non-negotiate
Configuring Trunk Ports¶
int fa0/15
switchport trunk encap dot1q
switchport mode trunk
! must do this everywhere:
switchport nonegotiate
switchport trunk native vlan 10
switchport trunk allowed vlan x y z
VLAN Trunking Protocol¶
VTP Modes¶
Server (default)
Power to change vlan information
Sends and receives vtp updates
Saves vlan configuration
Client
Cannot change vlan information
Sends and receives vtp updates
Does not save vlan configuration
Transparent
Power to change vlan information
Forwards (passes through) vtp updates - vtp v2
Does not listen to vtp advertisements
Saves vlan configuration
VTP Pruning¶
Keeps unnecessary broadcast traffic from crossing trunk links
Only works on vtp servers
Configuring VTP¶
Verify current VTP status
Configure VTP domain/password
Configure VTP mode
Set VTP version number
Verify
sh vtp status
vtp domain calebsargeant.com
vtp mode
vtp version 2
Common VLAN problems¶
Native VLAN mismatch
Trunk negotiation issues
Auto-to-auto does not become trunk
If possible, avoid DTP (trunk nonegotiate)
VTP updates not applying
Verify vtp domain/password
Verify vtp version
Verify trunk links
Delete flash:lvlan.dat and reboot