Configuring VTP, Vlans, Vlan Trunks, and Vmps
Uploaded by
apConfiguring VTP, Vlans, Vlan Trunks, and Vmps
Uploaded by
apC H A P TER 9
Configuring VTP, VLANs, VLAN
Trunks, and VMPS
This chapter describes how to configure the following features:
• Virtual LANs (VLANs)—A VLAN is a group of end stations with a common set of
requirements, independent of physical location. VLANs have all the same attributes as a physical
LAN but allow you to group end stations even if they are not located physically on the same LAN
segment.
• VLAN Trunking Protocol (VTP)—VTP is a Layer 2 messaging protocol that maintains VLAN
configuration consistency throughout the network. VTP manages the addition, deletion, and
renaming of VLANs on a network-wide basis and allows you to make central changes that are
communicated automatically to all the other switches in the network.
• VTP pruning—VTP pruning enhances network bandwidth by reducing the amount of
unnecessary flooded traffic over trunk links.
• Fast Ethernet VLAN trunks—A trunk is a point-to-point link between two Catalyst 5000 series
switch ports or between a Catalyst 5000 series switch and a router. Fast Ethernet VLAN trunks
use Cisco’s Inter-Switch Link (ISL) or industry-standard IEEE 802.1Q encapsulation to carry
traffic for multiple VLANs over a single link.
• VLAN Management Policy Server (VMPS)—VMPS allows you to assign each switch port to a
VLAN dynamically, based on the source MAC address of the host connected to the port. On
dynamic ports, you can move a host from a port on one switch to a port on another switch in the
network and the port to which you connect the host will be assigned to the proper VLAN.
For complete syntax and usage information for the commands used in this chapter, refer to the
Catalyst 5000 Series Command Reference publication.
Configuring VTP
Before you create VLANs, you must decide whether to use VTP in your network. If you choose to
use VTP, you must decide whether the switch will be a VTP server or a VTP client. If you choose
not to use VTP, you must set the switch to transparent mode. If you use VTP, you must decide
whether to use VTP version 1 or version 2. If you are using VTP in a Token Ring environment, you
must use version 2.
After you decide which version of VTP to run, you must create a VTP domain (also called a VLAN
management domain) before you create the desired VLANs. In a VTP domain, VLANs can only be
created, changed, and deleted if the switch is in VTP server mode (the default). The VLAN
configuration cannot be changed if the switch is in VTP client mode. Both clients and servers update
their VTP and VLAN configuration based on the advertisements they receive over their trunk links.
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-1
Configuring VTP
VTP version 1 is supported in Catalyst 5000 series supervisor engine software release 2.1 or later
and ATM software release 3.1 or later. VTP version 2, an extension to VTP that supports Token Ring
LAN switching and other features, is supported in Catalyst 5000 series software release 3.1(1) and
later.
For more information on VTP, see the “Understanding VTP” section in this chapter.
Configuration Guidelines
Caution VTP version 1 and VTP version 2 are not interoperable on switches in the same VTP
domain. Every switch in the VTP domain must use the same VTP version.
These guidelines apply to switches within the same VTP domain:
• All switches in a VTP domain must run the same VTP version.
• A switch that is capable of running VTP version 2 can operate in the same domain as a switch
running VTP version 1 if VTP version 2 remains disabled on the VTP version 2-capable switch.
• You must use VTP version 2 if you are running VTP in a Token Ring environment.
• If all switches in a domain are capable of running VTP version 2, you only need to enable VTP
version 2 on one switch (using the set vtp v2 enable command); the version number is then
propagated to the other VTP version 2-capable switches in the VTP domain.
Procedure
A VTP version 2-capable switch will not run version 2 unless you manually enable it on at least one
switch in the VTP domain. To enable VTP version 2, perform this task in privileged mode:
Task Command
Enable VTP version 2. set vtp v2 enable
To configure the switch as a VTP server, perform these tasks in privileged mode:
Task Command
Step 1 Define the VTP domain name. set vtp domain name
Step 2 Place the switch in VTP server set vtp mode server
mode.
Step 3 (Optional) Enable VTP pruning. set vtp pruning enable
VTP pruning is disabled by
default.
Step 4 (Optional) Set a password for the set vtp passwd passwd
VTP domain.
9-2 Catalyst 5000 Series Software Configuration Guide
Configuration Guidelines
This example shows how to configure the switch as a VTP server:
Console> (enable) set vtp domain Lab_Network
VTP domain Lab_Network modified
Console> (enable) set vtp mode server
VTP domain Lab_Network modified
Console> (enable) set vtp pruning enable
This command will enable the pruning function in the entire management domain.
All devices in the management domain should be pruning-capable before enabling.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Network modified
Console> (enable)
To configure the switch as a VTP client, perform these tasks in privileged mode:
Task Command
Step 1 Define the VTP domain name. set vtp domain name
Step 2 Place the switch in VTP client set vtp mode client
mode.
The VTP client switch receives VTP updates from VTP servers and updates its configuration
accordingly. The following example shows how to configure the switch as a VTP client:
Console> (enable) set vtp domain Lab_Network
VTP domain Lab_Network modified
Console> (enable) set vtp mode client
VTP domain Lab_Network modified
Console> (enable)
To configure the switch as VTP transparent (effectively disabling VTP on the switch), perform this
task in privileged mode:
Task Command
Place the switch in VTP transparent mode set vtp mode transparent
(disabling VTP on the switch).
A VTP transparent switch does not send VTP updates, and ignores VTP updates from VTP servers.
This example shows how to configure the switch as VTP transparent:
Console> (enable) set vtp mode transparent
VTP domain modified
Console> (enable)
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-3
Configuring VTP
Verification
To verify the VTP configuration, perform these tasks:
Task Command
Step 1 Verify the VTP domain show vtp domain
configuration.
Step 2 View the VTP statistics. show vtp statistics
This example shows the output of the show vtp domain command indicating that the switch is VTP
version 2-capable and that VTP version 2 is enabled:
Console> show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Engineering 1 2 server -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
16 1023 0 enabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.10 enabled enabled 2-1000
This example shows the output for a switch configured as a VTP server:
Console> show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Engineering 1 2 server -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
16 1023 0 enabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
This example shows the output for a switch configured as a VTP client:
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Lab_Network 1 2 client -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
8 1023 5 disabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.70 disabled enabled 2-1000
Console> (enable)
This example shows the output for a switch configured as VTP transparent:
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
1 2 Transparent -
Vlan-count Max-vlan-storage Config Revision Notifications
9-4 Catalyst 5000 Series Software Configuration Guide
Understanding VTP
---------- ---------------- --------------- -------------
8 1023 5 disabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.70 disabled enabled 2-1000
Console> (enable)
To show VTP statistics, such as VTP advertisements sent and received and VTP errors, enter the
show vtp statistics command:
Console> (enable) show vtp statistics
VTP statistics:
summary advts received 7
subset advts received 6
request advts received 0
summary advts transmitted 983
subset advts transmitted 35
request advts transmitted 21
No of config revision errors 0
No of config digest errors 0
VTP pruning statistics:
Trunk Join Trasmitted Join Received Summary advts received from
non-pruning-capable device
-------- --------------- ------------- ---------------------------
1/1 547 540 0
3/1
4/1-2 636 0 0
Console> (enable)
Understanding VTP
VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency throughout
the network. VTP manages the addition, deletion, and renaming of VLANs on a network-wide basis,
and allows you to make central changes that are automatically communicated to all the other
switches in the network.
VTP minimizes possible configuration inconsistencies that arise when changes are made. These
inconsistencies can result in security violations because VLANs cross connect when duplicate
names are used and internally disconnect when VLANs are incorrectly mapped between one LAN
type and another.
Using VTP, each Catalyst 5000 series switch advertises its management domain on its trunk ports,
its configuration revision number, and its known VLANs and their specific parameters. A VTP
domain is made up of one or more interconnected devices that share the same VTP domain name. A
switch can be configured to be in one and only one VTP domain.
VTP servers and clients maintain all VLANs everywhere within the VTP domain. A VTP domain
defines the boundary of a particular VLAN. Servers and clients transmit information through trunks
to other attached switches and receive updates from those trunks.
VTP servers either maintain information in nonvolatile memory or access it using TFTP. Using VTP
servers, you can modify the global VLAN information with either the VTP MIB via the SNMP or
using the CLI. When you add or advertise VLANs, both servers and clients are notified that they
should be prepared to receive traffic on their trunk ports. A VTP server can also instruct a switch to
delete a VLAN and disable all ports assigned to it.
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-5
Configuring VTP Pruning
Advertisement frames are sent to a multicast address so that they can be received by all neighboring
devices, but they are not forwarded by normal bridging procedures. All devices in the same
management domain learn about any new VLANs configured in the transmitting device. Because of
this process, you need to configure a new VLAN only on one device in the management domain. All
other devices in the same management domain learn the configured information automatically. VTP
is transmitted on all trunk connections, including ISL, 802.1Q, 802.10, and LANE.
A new VLAN is indicated by a VTP advertisement received by a device running VTP. Devices
accept the traffic of the new VLAN and propagate it to their trunks after adding the VTP-learned
VLANs to their trunks.
Using periodic advertisements, VTP tracks configuration changes and communicates them to other
switches in the network. When a new switch is added to the network, the added devices receive
updates from VTP and automatically configure existing VLANs within the network.
VTP also maps VLANs dynamically across multiple LAN types with unique names and internal
index associations. Mapping eliminates excessive device administration required from network
administrators.
VTP establishes global configuration values and distributes the following global configuration
information:
• VLAN IDs (ISL and 802.1Q)
• Emulated LAN names (ATM LAN Emulation)
• 802.10 SAID values (FDDI)
• Maximum transmission unit (MTU) size for a VLAN
• Frame format
VTP version 2 supports Token Ring LAN switching and the following features:
• Unrecognized Type-Length-Value (TLV) Support—A VTP server or client propagates
configuration changes to its other trunks, even for TLVs it is not able to parse. The unrecognized
TLV is saved in NVRAM.
• Version-Dependent Transparent Mode—In VTP version 1, the transparent mode inspects VTP
messages for the domain name and version, and forwards a message only if the version and
domain name match. Since only one domain is supported in Catalyst 5000 series, VTP version 2
forwards VTP messages in transparent mode, without checking the version.
• Consistency Checks—In VTP version 2, VLAN consistency checks (such as VLAN names and
values) are done only when new information is entered through SNMP or the CLI. Consistency
checks are not done when new information is obtained from a VTP message, or when information
is read from NVRAM. If the digest on a received VTP message is correct, its information is
accepted without consistency checks.
Configuring VTP Pruning
VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as
broadcast, multicast, unknown, and flooded unicast packets. VTP pruning increases available
bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the
appropriate network devices. By default, VTP pruning is disabled in a management domain.
Make sure that all devices in the management domain support VTP pruning before enabling it (using
the set vtp pruning enable command). VTP pruning is supported in Catalyst 5000 series software
release 2.3 and later. Enabling VTP pruning on a VTP server enables pruning for the entire
management domain. VTP pruning takes effect several seconds after configuration.
9-6 Catalyst 5000 Series Software Configuration Guide
Configuration Guidelines
When enabled, VTP pruning does not prune traffic from VLANs that are not pruning-eligible. By
default, VLANs 2 through 1000 are pruning-eligible. VLAN 1 is always pruning-ineligible; traffic
from VLAN 1 cannot be pruned.
To make a VLAN pruning ineligible, enter the clear vtp pruneeligible command. To make a VLAN
pruning eligible again, enter the set vtp pruneeligible command. You can issue these commands
regardless of whether VTP pruning is enabled or disabled. Pruning eligibility resides on the local
device only.
Configuration Guidelines
These guidelines apply to switches within the same VTP domain:
• Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for the
entire management domain.
• Making VLANs pruning-eligible or pruning-ineligible on a switch affects pruning-eligibility for
those VLANs on that device only (not for the entire management domain).
Procedures
To configure VTP pruning, perform these tasks in privileged mode:
Task Command
Step 1 Enable VTP pruning in the management set vtp pruning enable
domain.
Step 2 (Optional) Make specific VLANs clear vtp pruneeligible vlan_range
pruning-ineligible on the device. (By
default, VLANs 2–1000 are
pruning-eligible.)
Step 3 (Optional) If necessary, make specific set vtp pruneeligible vlan_range
VLANs pruning-eligible on the device.
This example shows how to enable VTP pruning in the management domain and how to make
VLANs 2–99, 250–255, and 501–1000 pruning-eligible on the particular device:
Console> (enable) set vtp pruning enable
This command will enable the pruning function in the entire management domain.
All devices in the management domain should be pruning-capable before enabling.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Network modified
Console> (enable) clear vtp pruneeligible 100-500
Vlans 1,100-500,1001-1005 will not be pruned on this device.
VTP domain Lab_Network modified.
Console> (enable) set vtp pruneeligible 250-255
Vlans 2-99,250-255,501-1000 eligible for pruning on this device.
VTP domain Lab_Network modified.
Console> (enable)
To disable VTP pruning, perform this task in privileged mode:
Task Command
Disable VTP pruning in the management domain. set vtp pruning disable
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-7
Configuring VTP Pruning
This example shows how to disable VTP pruning in the management domain:
Console> (enable) set vtp pruning disable
This command will disable the pruning function in the entire management domain.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Network modified
Console> (enable)
Verification
To verify the VTP pruning configuration, perform these tasks:
Task Command
Step 1 Verify the VTP pruning show vtp domain
configuration.
Step 2 Check whether VLANs are being show trunk
pruned on trunk ports.
This example shows how to verify the VTP pruning configuration using the show vtp domain
command. The arrow shows that VTP pruning is enabled, and that VLANs 2–99, 250–255, and
501–1000 are pruning-eligible:
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Lab_Network 1 2 server -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
8 1023 16 disabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.2 disabled enabled 2-99,250-255,501-1000
Console> (enable)
This example shows how to verify the VTP pruning configuration using the show trunk command.
The arrow shows that VLANs 1 and 522–524 are in spanning-tree forwarding state and are not
pruned on the trunk:
Console> (enable) show trunk
Port Mode Encapsulation Status Native vlan
-------- ----------- ------------- ------------ -----------
1/1 auto isl trunking 523
3/1 on lane trunking 1
4/1-2 on lane trunking 1
Port Vlans allowed on trunk
-------- ---------------------------------------------------------------------
1/1 1-1005
3/1 1-1005
4/1-2 1-1005
Port Vlans allowed and active in management domain
-------- ---------------------------------------------------------------------
1/1 1,522-524
3/1
4/1-2
Port Vlans in spanning tree forwarding state and not pruned
9-8 Catalyst 5000 Series Software Configuration Guide
Understanding VTP Pruning
-------- ---------------------------------------------------------------------
1/1 1,522-524
3/1
4/1-2
Console> (enable)
Understanding VTP Pruning
VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as
broadcast, multicast, unknown, and flooded unicast packets. VTP pruning increases available
bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the
appropriate network devices.
Figure 9-1 shows a switched network without VTP pruning enabled. Port 1 on Switch 1 and port 2
on Switch 4 are assigned to the Red VLAN. A broadcast is sent from the host connected to switch 1.
Switch 1 floods the broadcast and every switch in the network receives it, even though Switches 3,
5, and 6 have no ports in the Red VLAN.
Figure 9-1 Nonoptimal Flooding Traffic without VTP Pruning
Switch 4
Port 2
Switch 5 Switch 2
Red
VLAN
Port 1
S5812
Switch 6 Switch 3 Switch 1
Figure 9-2 shows the same switched network with VTP pruning enabled. The broadcast traffic from
Switch 1 is not forwarded to Switches 3, 5, and 6 because traffic from the Red VLAN has been
pruned on the links indicated (port 5 on Switch 2 and port 4 on Switch 4).
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-9
Configuring VLANs
Figure 9-2 Optimized Flooding Traffic with VTP Pruning
Switch 4
Port 2
Flooded traffic
is pruned Port
4 Switch 2
Red
VLAN
Switch 5
Port
5
Port 1
S5813
Switch 6 Switch 3 Switch 1
Configuring VLANs
Two main tasks are involved with configuring VLANs:
• Creating the VLAN and setting its parameters
• Assigning one or more Catalyst 5000 series switch ports to the VLAN
If you are configuring Token Ring VLANs, see the section “Creating Token Ring VLANs (TrBRFs)”
later in this chapter.
Creating a VLAN
Enter the set vlan command to create a VLAN and enter the clear vlan command to delete a VLAN.
If the switch is a VTP server, changes to the VLAN configuration are propagated to other switches
in the VTP domain. If the switch is a VTP client, you cannot create or delete VLANs; you must
change the VTP mode of the switch or perform the VLAN configuration on a VTP server. If the
switch is in VTP transparent mode, the VLAN configuration affects the particular switch only and
is not propagated to other switches in the network.
VLANs support a number of parameters, only a few of which are discussed in this section. For
complete information on the set vlan command and its parameters, refer to the Catalyst 5000 Series
Command Reference publication.
Configuration Guidelines
Before you can create a VLAN on the switch, you must do one of the following:
• Define a VTP domain and place the switch in VTP server mode
• Place the switch in VTP transparent mode (effectively disabling VTP on the switch)
For information on configuring VTP, see the section “Configuring VTP” earlier in this chapter.
9-10 Catalyst 5000 Series Software Configuration Guide
Creating a VLAN
Procedures
To create a VLAN on the switch, perform this task in privileged mode:
Task Command
Create a VLAN. If desired, assign it a set vlan vlan_num [name name]
name (the VLAN number is used as the
name if no name is specified).
This example shows how to create a VLAN on the switch:
Console> (enable) set vlan 100 name Writers
Vlan 100 configuration successful
Console> (enable)
To delete a VLAN on the switch, perform this task in privileged mode:
Task Command
Delete a VLAN. clear vlan vlan_num
This example shows how to delete a VLAN (in this case, the switch is a VTP server):
Console> (enable) clear vlan 100
This command will deactivate all ports on vlan 100
in the entire management domain
Do you want to continue(y/n) [n]?y
Vlan 100 deleted
Console> (enable)
Verification
To verify the VLAN configuration, perform this task:
Task Command
Verify the VLAN configuration. show vlan
This example shows how to verify the VLAN configuration:
Console> (enable) show vlan
VLAN Name Status Mod/Ports, Vlans
---- -------------------------------- --------- ----------------------------
1 default active 1/1-2
3/1-24
5/1-2
10 VLAN0010 active
100 Writers active
200 Editors active
300 Production active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-11
Configuring VLANs
100 enet 100100 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
300 enet 100300 1500 - - - - - 0 0
1002 fddi 101002 1500 - 0x0 - - - 0 0
1003 trcrf 101003 1500 0 0x0 - - - 0 0
1004 fdnet 101004 1500 - - 0x0 ieee - 0 0
1005 trbrf 101005 1500 - - 0x0 ibm - 0 0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off
Console> (enable)
Assigning Switch Ports to a VLAN
You can assign one or more ports to a VLAN using the set vlan command. By default, all switched
Ethernet and Fast Ethernet ports belong to VLAN 1.
Procedure
To assign one or more switch ports to a VLAN, perform this task in privileged mode:
Task Command
Assign one or more switch ports set vlan vlan_num mod_num/port_num
to a VLAN.
Note If you specify a VLAN that does not exist, the VLAN is created and the specified ports are
assigned to it.
This example shows how to assign switch ports to a VLAN:
Console> (enable) set vlan 100 3/1-8
VLAN 100 modified.
VLAN 350 modified.
VLAN Mod/Ports
---- -----------------------
100 3/1-8
4/1
7/1
Console> (enable) set vlan 200 3/9-16
VLAN 200 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
200 3/9-16
4/1
7/1
Console> (enable)
9-12 Catalyst 5000 Series Software Configuration Guide
Assigning Switch Ports to a VLAN
Figure 9-3 shows a switch that has ports 1 through 4 assigned to VLAN 10 (Engineering) and ports
5 through 12 assigned to VLAN 20 (Accounting).
Figure 9-3 Assigning Switch Ports to VLANs
1 2 3 4 5 6 7 8 9 10 11 12
Host A
H3065
VLAN 10 VLAN 20
Engineering Accounting
Verification
To verify the port VLAN assignments, perform either of these tasks:
Task Command
• Verify the port VLAN assignments. show vlan
• Verify the port VLAN assignments. show port
This example shows how to verify the port VLAN assignments using the show vlan command:
Console> (enable) show vlan
VLAN Name Status Mod/Ports, Vlans
---- -------------------------------- --------- ----------------------------
1 default active 1/2
2/1-12
5/1-2
522 VLAN0522 active
523 VLAN0523 active
524 VLAN0524 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
522 enet 100522 1500 - - - - - 0 0
523 enet 100523 1500 - - - - - 0 0
524 enet 100524 1500 - - - - - 0 0
1002 fddi 101002 1500 - 0x0 - - - 0 0
1003 trcrf 101003 1500 0 0x0 - - - 0 0
1004 fdnet 101004 1500 - - 0x0 ieee - 0 0
1005 trbrf 101005 1500 - - 0x0 ibm - 0 0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 0 0 off
Console> (enable)
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-13
Configuring VLANs
This example shows how to verify the port VLAN assignments using the show port command:
Console> (enable) show port
Port Name Status Vlan Level Duplex Speed Type
----- ------------------ ---------- ---------- ------ ------ ----- ------------
1/1 connected trunk normal half 100 100BaseTX
1/2 notconnect 1 normal half 100 100BaseTX
2/1 connected 1 normal half 100 100BaseTX
2/2 notconnect 1 normal half 100 100BaseTX
2/3 notconnect 1 normal half 100 100BaseTX
2/4 notconnect 1 normal half 100 100BaseTX
2/5 notconnect 1 normal half 100 100BaseTX
2/6 notconnect 1 normal half 100 100BaseTX
2/7 notconnect 1 normal half 100 100BaseTX
2/8 notconnect 1 normal half 100 100BaseTX
2/9 notconnect 1 normal half 100 100BaseTX
2/10 notconnect 1 normal half 100 100BaseTX
2/11 notconnect 1 normal half 100 100BaseTX
2/12 notconnect 1 normal half 100 100BaseTX
3/1 notconnect trunk normal full 155 OC3 MMF ATM
4/1 notconnect trunk normal full 45 DS3 ATM
4/2 notconnect trunk normal full 45 DS3 ATM
5/1 notconnect 1 normal half 100 FDDI
5/2 notconnect 1 normal half 100 FDDI
<... output truncated ...>
Console> (enable)
Creating Token Ring VLANs (TrBRFs)
You must enable VTP version 2 to create Token Ring VLANs. For information on enabling VTP
version 2, see the section “Configuring VTP” earlier in this chapter.
Using the set vlan command, you can configure a new TrBRF or change an existing TrBRF.
Configuration Guidelines
When configuring a TrBRF, note these guidelines:
• The VLAN number for the default TrBRF is 1005. Possible bridge number values, in
hexadecimal format, are 00 through 0F. The bridge number for the default bridge is 0F.
• If you set the TrBRF state to suspend, all logical ports associated with the TrBRF are disabled
and shown as inactive.
• You cannot assign a TrCRF to the default TrBRF (1005). The default TrBRF can only be the
parent of the default TrCRF (1003).
• Two TrBRF Spanning-Tree Protocol and TrCRF bridge mode configurations will result in the
logical ports (the connection between the TrBRF and the TrCRF) of the TrBRF being put in a
blocked state:
— The TrBRF is running the IBM Spanning-Tree Protocol and the TrCRF is in SRT mode.
— The TrBRF is running the IEEE Spanning-Tree Protocol and the TrCRF is in SRB mode.
• The default Spanning-Tree Protocol for a TrBRF is IBM.
9-14 Catalyst 5000 Series Software Configuration Guide
Creating Token Ring VLANs (TrBRFs)
Procedures
To configure a new TrBRF, enter this version of the set vlan command in privileged mode:
Task Command
Configure a new TrBRF. set vlan vlan_num [name name] type trbrf [state
{active | suspend}] [mtu mtu]
bridge bridge_number [stp {ieee | ibm}]
After entering the set vlan command, you see this display:
Console> (enable) set vlan 999 name brf-999 type trbrf
Vlan 999 configuration successful
Console> (enable)
To change an existing TrBRF, enter this command in privileged mode, changing the appropriate
parameters as necessary:
Task Command
Change an existing TrBRF. set vlan vlan_num [name name] [state {active |
suspend}] [mtu mtu] [bridge bridge_number]
[stp {ieee | ibm}]
Verification
To verify the configuration of Token Ring VLANs, enter this command:
Task Command
Verify the configuration. show vlan [vlan_num]
After entering the show vlan command and specifying a TrBRF, you see this display:
Console> show vlan 1005
VLAN Name Status Mod/Ports, Vlans
---- -------------------------------- --------- ----------------------------
1005 trbrf-default active 1003
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1005 trbrf 101005 4472 - - 0xf ibm - 0 0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
Console>
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-15
Configuring VLANs
Adding or Changing TrCRF Parameters
Using the set vlan command, you can configure a new TrCRF or change an existing TrCRF. You can
configure two types of TrCRFs in your network: undistributed and backup.
The undistributed TrCRF is located on one switch and has a logical ring number associated with it.
Multiple undistributed TrCRFs on the same or separate switches can be associated with a single
parent TrBRF. The parent TrBRF acts as a multiport bridge, forwarding traffic between the
undistributed TrCRFs. Figure 9-4 illustrates the undistributed TrCRF.
Figure 9-4 Undistributed TrCRFs
Switch A Switch B
ISL
TrBRF 3
TrCRF TrCRF TrCRF
400 350 200
S6813
You cannot distribute TrCRFs across switches as illustrated in Figure 9-5. Ports associated with a
TrCRF must be located within the same Catalyst 5000 series switch. However, one exception to this
rule is the default Token Ring VLAN configuration of the Token Ring module. By default, the Token
Ring VLAN configuration of the Token Ring module has all ports assigned to the default TrCRF
(1003). The default TrCRF is associated with the default TrBRF (1005). If you have not configured
the ports of a Token Ring module to associate with a new TrCRF, traffic is passed between the default
TrCRFs located on separate switches that are connected via ISL.
Note To pass data between rings located on separate switches, you can associate the rings to the
same TrBRF and configure the TrBRF for SRB.
Figure 9-5 Distributed TrCRF
Switch A Switch B
ISL
TrBRF 2
TrCRF TrCRF TrCRF
300 300 300
S6812
The backup TrCRF enables you to configure an alternate route for traffic between undistributed
TrCRFs located on separate switches that are connected by a TrBRF, should the ISL connection
between the switches become inactive. You can configure only one port per switch as part of a
backup TrCRF and only one backup TrCRF for a TrBRF.
To create a backup TrCRF, assign one port on each switch that the TrBRF traverses to the backup
TrCRF. Under normal circumstances, only one port in the backup TrCRF is active. If the ISL
connection between the switches becomes inactive, the port that is a part of the backup TrCRF on
9-16 Catalyst 5000 Series Software Configuration Guide
Adding or Changing TrCRF Parameters
each affected switch automatically becomes active, rerouting traffic between the undistributed
TrCRFs through the backup TrCRF. When the ISL connection is reestablished, all but one port in the
backup TrCRF is disabled. Figure 9-6 illustrates the backup TrCRF.
Figure 9-6 Backup TrCRF
Switch A Switch B
ISL
TrBRF 1
TrCRF TrCRF
600 601
Backup
TrCRF 612
S6811
Configuration Guidelines
When configuring a TrCRF, note these guidelines:
• The VLAN number for the default TrCRF is 1003. Possible ring_number values, in hexadecimal
format, are 01 through FFF.
• You must configure the TrBRF to which you plan to associate the TrCRF before you configure
the TrCRF.
• If you set the TrCRF state to suspend, all ports associated with the TrCRF are disabled and
shown as inactive.
• The default bridge mode of a TrCRF is SRB.
• These two TrBRF Spanning-Tree Protocol and TrCRF bridge mode configurations place the
logical ports (the connection between the TrBRF and the TrCRF) of the TrBRF in a blocked state:
— The TrBRF is running the IBM Spanning-Tree Protocol and the TrCRF is in SRT mode.
— The TrBRF is running the IEEE Spanning-Tree Protocol and the TrCRF is in SRB mode.
• You cannot assign a TrCRF to the default TrBRF (1005). The default TrBRF can only be the
parent of the default TrCRF (1003).
Procedures
To configure a new TrCRF, perform this task in privileged mode, ensuring that you specify each
parameter that applies to the TrCRF type you are configuring:
Task Command
Configure a new TrCRF. set vlan vlan_num [name name] type trcrf [state
{active | suspend}] [mtu mtu]
ring ring_number parent vlan_num [mode {srt |
srb}] [backupcrf {off | on}]
[aremaxhop hopcount] [stemaxhop hopcount]
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-17
Configuring VLANs
After entering the set vlan command, you see this display:
Console> (enable) set vlan 1000 name crf-1000 type trcrf ring 001 parent 999
Vlan 1000 configuration successful
Console> (enable)
To change an existing TrCRF, perform this task in privileged mode, changing the appropriate
parameters as desired:
Task Command
Change an existing TrCRF. set vlan vlan_num [name name] [state {active |
suspend}] [mtu mtu] [ring ring_number]
[parent vlan_num] [mode {srt | srb}] [backupcrf
{off | on}] [aremaxhop hopcount]
[stemaxhop hopcount]
To specify that a TrCRF is a backup TrCRF, perform this task in privileged mode:
Task Command
Specify that a TrCRF is a backup TrCRF. set vlan vlan_num backupcrf on
After entering the set vlan command and specifying on for the backupcrf parameter, you see this
display:
Console> (enable) set vlan 1000 backupcrf on
Vlan 1000 configuration successful.
Caution If the backup TrCRF port is attached to a Token Ring MAU, it does not provide a backup path
unless the ring speed and port mode are set by another device. Therefore, we recommend that you configure
the ring speed and port mode for the backup TrCRF.
You can specify the maximum hop count for All-Routes and Spanning-Tree Explorer frames for
each TrCRF. This limits the maximum number of hops an explorer is allowed to traverse. If a port
determines that the explorer frame it is receiving has traversed more than the number of hops
specified, it does not forward the frame. The TrCRF determines the number of hops an explorer has
traversed based on the number of bridge hops in the route information field.
If you are configuring maximum hop counts for a TrCRF, ensure that you specify values for the
aremaxhop and stemaxhop parameters when entering the set vlan command. Valid values are 1 to
14. The default is 7.
To specify the maximum number of bridge hops to be allowed in explorer packets for a TrCRF,
perform this task in privileged mode:
Task Command
Specify the maximum number of bridge hops to be set vlan vlan_num aremaxhop hopcount
allowed in explorer packets for a TrCRF. stemaxhop hopcount
9-18 Catalyst 5000 Series Software Configuration Guide
Grouping Ports to a TrCRF
After entering the set vlan command and specifying hopcount values, you see this display:
Console> (enable) set vlan 1000 aremaxhop 10 stemaxhop 10
Vlan 1000 configuration successful
Verification
To verify the configuration of Token Ring VLANs, perform this task:
Task Command
Verify the configuration. show vlan [vlan_num]
After entering the show vlan command and specifying a TrCRF, you see this display:
Console> (enable) show vlan 1003
VLAN Name Status Mod/Ports, Vlans
---- -------------------------------- --------- ----------------------------
1003 trcrf-default active 3/1-16
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1003 trcrf 101003 4472 1005 0xccc - - srb 0 0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off
Console> (enable)
Grouping Ports to a TrCRF
A TrCRF created in a management domain remains unused until it is associated with ports on the
Catalyst 5000 series Token Ring module.
Procedure
To group Token Ring module ports to a TrCRF, perform this task:
Task Command
Group Token Ring module ports into a TrCRF. set vlan vlan_num mod/ports...
After entering the set vlan command to group ports to a TrCRF, you see this display:
Console> (enable) set vlan 1000 3/1-3
VLAN 1000 modified.
Console> (enable)
Verification
To verify the configuration of Token Ring VLANs, enter this command:
Task Command
Verify the configuration. show vlan [vlan_num]
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-19
Configuring VLANs
After entering the show vlan command and specifying a TrCRF, you see this display:
Console> (enable) show vlan 1003
VLAN Name Status Mod/Ports, Vlans
---- -------------------------------- --------- ----------------------------
1003 trcrf-default active 3/1-16
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1003 trcrf 101003 4472 1005 0xccc - - srb 0 0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off
Console> (enable)
Deleting a Token Ring VLAN
To clear the definition of a TrCRF or TrBRF, perform this task in privileged mode:
Task Command
Delete the VLAN. clear vlan vlan_num
This example shows how to delete a TrCRF from the management domain:
Console> (enable) clear vlan 1000
This command will deactivate all ports on vlan 1000
in the entire management domain
Do you want to continue(y/n) [n]?y
Vlan 1000 deleted.
Console> (enable)
Caution When clearing a TrCRF, all the ports grouped to the TrCRF become inactive and remain inactive
and associated with the TrCRF number until you assign them to a new TrCRF.
This example shows how to delete a TrBRF from the management domain:
Console> (enable) clear vlan 999
Vlan 999 deleted
Console> (enable)
Note You cannot delete a TrBRF without first reassigning or clearing the TrCRFs to which it is a
parent.
Understanding VLANs
When an end station is physically moved to a new location, its attributes can be reassigned from a
network management station via SNMP or the CLI. When an end station moves within the same
VLAN, it retains its previously assigned attributes in its new location. When an end station moves
to a different VLAN, the attributes of the new VLAN are applied to the end station, according to the
security levels in place.
9-20 Catalyst 5000 Series Software Configuration Guide
Understanding VLANs
You can assign the IP address of a Catalyst 5000 series switch supervisor engine module to any
VLAN. This mobility allows a network management station and workstations on any Catalyst 5000
VLAN to access directly another Catalyst 5000 series switch on the same VLAN without a router.
Only one IP address can be assigned to a Catalyst 5000 series switch; if you reassign the IP address
to a different VLAN, the previous IP address assignment to a VLAN is invalid.
VLANs allow ports on the same or different switches to be grouped so that traffic is confined to
members of that group only. This feature restricts broadcast, unicast, and multicast traffic (flooding)
to ports only included in a certain VLAN. Traffic between VLANs must be routed. You can set up
VLANs for an entire management domain from a single Catalyst 5000 series switch. A maximum
of 250 VLANs can be active at any time.
Figure 9-7 shows an example of VLANs segmented into logically defined networks.
Figure 9-7 VLANs as Logically Defined Networks
Engineering Marketing Accounting
VLAN VLAN VLAN
Catalyst 5000
Cisco router
Floor 3
Catalyst 5000
Fast
Ethernet
Floor 2
Catalyst 5000
Floor 1
S5071
Token Ring VLANs
Two Token Ring VLAN types are defined in VTP version 2:
• TrCRF—The default TrCRF VLAN name is trcrf-default; the default VLAN number is 1003.
The default maximum transmission unit (MTU) is 4472 bytes.
• TrBRF—The default TrBRF VLAN name is trbrf-default; the default VLAN number is 1005.
The default MTU is 4472 bytes.
Within a Token Ring VLAN, you can form logical rings by defining groups of ports that have the
same ring number. In general, a TrCRF is limited to the ports in a Catalyst 5000 series switch. For
an exception to this rule, see the “Adding or Changing TrCRF Parameters” section. Within the
TrCRF, source-route switching is used for forwarding based on either MAC addresses or route
descriptors. Frames can be switched between ports within a single TrCRF.
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-21
Configuring VLANs
Multiple TrCRFs can be interconnected using a single TrBRF. The connection between the TrCRF
and the TrBRF is referred to as a logical port. For source routing, the switch appears as a single
bridge between the logical rings. The TrBRF can function as an SRB or SRT bridge running either
the IBM or IEEE Spanning-Tree Protocol. If SRB is used, you can define duplicate MAC addresses
on different logical rings.
Traditionally, one instance of Spanning-Tree Protocol is run for each VLAN to prevent loops in the
bridge topology. However, Token Ring runs an instance of Spanning-Tree Protocol both at the
TrCRF level and the TrBRF level. The Spanning-Tree Protocol at the TrCRF level removes loops in
the logical ring. The TrBRF Spanning-Tree Protocol is similar to the Ethernet Spanning-Tree
Protocol; it interacts with external bridges to remove loops from the bridge topology.
Caution Certain parent TrBRF Spanning-Tree Protocol and TrCRF bridge mode configurations can place
the logical ports (the connection between the TrBRF and the TrCRF) of the TrBRF in a blocked state.
Within a Token Ring VLAN, logical rings can define port groups that have the same ring number.
The IEEE calls this port group a TrCRF. A TrCRF is limited to the ports in a single Token Ring
module on the Catalyst 5000 series switch. However, one exception to this rule that is discussed in
the “Adding or Changing TrCRF Parameters” section.
Within the TrCRF, source-route switching is used for forwarding based on either MAC addresses or
route descriptors. If desired, the entire VLAN can operate as a single ring. Frames can be switched
between ports within a single TrCRF.
As shown in Figure 9-8, multiple TrCRFs can be interconnected using a single TrBRF.
Figure 9-8 Token Ring VLANs
SRB or SRT
BRF
CRF
SRS SRS SRS
Token Token Token Token Token Token
S6624
Ring Ring Ring Ring Ring Ring
001 001 011 002 002 002
For source routing, the switch appears as a single bridge between the logical rings. The TrBRF can
function as an SRB or SRT bridge running either the IBM or IEEE Spanning-Tree Protocol. If SRB
is used, duplicate MAC addresses can be defined on different logical rings.
To accommodate SNA traffic, you can use a combination of SRT and SRB modes. In a mixed mode,
the TrBRF considers some ports (logical ports connected to TrCRFs) to be operating in SRB mode
while others are operating in SRT mode.
The TrBRF can be extended across a network of switches via high-speed uplinks between the
switches. These links must be able to multiplex multiple VLANs and provide the necessary
information to support logical rings.
9-22 Catalyst 5000 Series Software Configuration Guide
Understanding VLANs
VLANs in a Management Domain
By default, the Catalyst 5000 series switch is in the no-management domain state until it is
configured with a management domain or receives an advertisement for a domain over a trunk link.
If a switch receives an advertisement, it inherits the management domain name and configuration
revision number. A switch ignores advertisements with a different management domain or an earlier
configuration revision number and checks all received advertisements with the same domain for
consistency. While a Catalyst 5000 series switch is in the no-management domain state, it is a VTP
server; that is, it learns from received advertisements.
The set vtp command sets up the management domain, including establishing the management
domain name, the VTP operation mode (server, client, or transparent), the interval between VLAN
advertisements, and the password value. There is no default domain name (the value is set to null).
The default VTP operation mode is set to server.
By default, the management domain is set to nonsecure mode without a password. A password sets
the management domain to secure mode. You must configure a password on each Catalyst 5000
series switch in the management domain when in secure mode.
Caution A management domain does not function properly if you do not assign a management domain
password to each Catalyst 5000 series switch in the domain.
The set vlan command uses the following parameters to create a VLAN in the management domain:
• VLAN number
• VLAN name
• VLAN type (Ethernet, FDDI, FDDI network entity title [NET], or TR NET)
• Maximum transmission unit (packet size, in bytes) that the VLAN can use
• Security association identifier (SAID)
• VLAN state (active or suspended)
• Ring number for FDDI and Token Ring VLANs
• Bridge identification number
• Parent VLAN number
• Spanning-Tree Protocol type
• VLAN number to use when translating from one VLAN type to another
The Catalyst 5000 series switch uses the SAID parameter of the set vlan command to identify each
VLAN on an 802.10 trunk. The default SAID for VLAN 1 is 100001, for VLAN 2 is 100002, for
VLAN 3 is 100003, and so on. The default MTU is 1500 bytes. The default state is active on an
802.10 trunk.
When translating from one VLAN type (Ethernet, FDDI, FDDI NET, or TR NET) to another, the
Catalyst 5000 series switch requires a different VLAN number for each media type.
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-23
Configuring VLANs
VLAN Components
VLANs consist of the following components:
• Switches that logically segment connected end stations
Switches are the entry point for end-station devices into the switched fabric and provide the
intelligence to group users, ports, or logical addresses into common communities of interest.
LAN switches increase performance and dedicated bandwidth across the network.
You can group ports and users into communities using a single switch or connected switches. By
grouping ports and users across multiple switches, VLANs can span single-building
infrastructures, interconnected buildings, or campus networks. Each switch can make filtering
and forwarding decisions by packet and communicate this information to other switches and
routers within the network.
Frame identification or tagging logically groups users into administratively defined VLANs.
Tagging places a unique identifier in the header of each frame as it is forwarded throughout the
switch fabric. Each switch understands and examines the identifier prior to any broadcasts or
transmissions to other switches, routers, or end-station devices. When the frame exits the switch
fabric, the switch removes the identifier before the frame is transmitted to the target end station.
Based on rules defined by the administrator, tagging determines where the frame is to be sent or
broadcast.
• Routers that extend VLAN communications between workgroups
Routers provide policy-based control, broadcast management, and route processing and
distribution. They also provide the communication between VLANs and VLAN access to shared
resources such as servers and hosts. Routers connect to other parts of the network that are either
logically segmented into subnets or require access to remote sites across wide area links. Routers
use high-speed backbone connections over Fast Ethernet, FDDI, or ATM for higher throughput
between switches and routers.
• Interoperability with previously installed LAN systems
VLANs provide system compatibility with previously installed systems, such as shared hubs and
stackable devices. With VLANs, you can configure devices such as shared hubs as a part of the
VLAN architecture and can share traffic and network resources that directly attach to switching
ports with VLAN designations.
• Transport protocols that carry VLAN traffic across shared LAN and ATM backbones
The VLAN transport enables information exchange between interconnected switches and routers
on the corporate backbone. The backbone acts as the aggregation point for large volumes of
traffic. It also carries end-user VLAN information and identification between switches, routers,
and directly attached servers. Within the backbone, high-bandwidth, high-capacity links carry the
traffic throughout the enterprise. Three high-bandwidth options include Fast Ethernet,
FDDI/CDDI, and ATM.
• VLAN management
Network management solutions offer centralized control, configuration, and traffic management
functions.
9-24 Catalyst 5000 Series Software Configuration Guide
Configuring Fast Ethernet VLAN Trunks
Configuring Fast Ethernet VLAN Trunks
A trunk is a point-to-point link between two Catalyst 5000 series switch ports or between a
Catalyst 5000 series switch and a router. Trunks carry the traffic of multiple VLANs and allow you
to extend VLANs from one Catalyst 5000 series switch to another. The Catalyst 5000 series
switches support the following trunking methods for communicating VLAN information across
high-performance backbones:
• Inter-Switch Link (ISL) trunks and IEEE 802.1Q trunks for Fast Ethernet ports—IEEE 802.1Q,
an industry-standard VLAN-trunking protocol, is supported in Catalyst 5000 series software
release 4.1(1) and later with 802.1Q-capable hardware. Information on configuring ISL and
802.1Q trunks is contained in this section.
• IEEE 802.10 trunks for FDDI/CDDI ports—For information on configuring a FDDI 802.10
trunk, see “Setting Up an FDDI 802.10 Trunk Configuration” in “Configuring FDDI/CDDI
Modules.”
• LAN Emulation (LANE) trunks for ATM ports—For information on configuring LANE, see the
“Configuring ATM Modules” chapter.
You can use any combination of these trunk technologies to form enterprise-wide VLANs and
choose between low-cost copper and long-distance fiber connections for your trunks.
To create a VLAN trunk, enter the set trunk command to configure the port on each end of the link
as a trunk port. You can also enter the set trunk command to change the mode of a trunk.
By default, the Dynamic ISL (DISL) protocol, which is used to negotiate ISL trunk links, is set to
auto mode for all ports. In this mode, if the port is connected to another port that is either on or in
desirable mode, it becomes a trunk port. Table 9-1 shows the different trunking modes and their
functions.
Note Only the nonegotiate and off modes function with IEEE 802.1Q trunks.
Table 9-1 Trunking Modes
Mode Function
on Puts the port into permanent trunking mode and negotiates to convert the link into a trunk port.
The port becomes a trunk port even if the other end of the link does not agree to the change.
This mode is not allowed on IEEE 802.1Q ports.
off Negotiates to convert the link into a nontrunk port. The port converts to a nontrunk port even if
the other end of the link does not agree to the change. This is the default mode for FDDI trunks.
This option is not allowed for ATM ports.
desirable Makes the port actively attempt to become a trunk port. The port becomes a trunk if the port it
is connected to allows trunking and is set to on, desirable, or auto mode. This mode is not
allowed on IEEE 802.1Q, FDDI, and ATM ports.
auto Makes the port willing to become a trunk port. The port becomes a trunk if the port it is
connected to is set to on or desirable mode. This mode is not allowed on IEEE 802.1Q, FDDI,
and ATM ports. This is the default mode for Fast Ethernet ports.
nonegotiate Makes the port a trunk port but prevents the port from generating DISL frames used with ISL
and IEEE 802.1Q Fast Ethernet trunks.
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-25
Configuring Fast Ethernet VLAN Trunks
Note DISL is a point-to-point protocol. However, some internetworking devices may forward
DISL frames improperly. To avoid this problem, ensure that trunking is turned off on ports connected
to non-Catalyst 5000 series devices if you do not intend to trunk across those links. When manually
enabling trunking on a link to a Cisco router, use the nonegotiate keyword to cause the port to
become a trunk but not generate DISL frames. The nonegotiate keyword is available in
Catalyst 5000 series software release 2.4(3) and later.
For more information about the set trunk command, refer to the Catalyst 5000 Series Command
Reference publication.
Procedures
To configure a port as an ISL trunk (the default for Fast Ethernet ports), perform this task in
privileged mode:
Task Command
Configure a port as an ISL trunk. set trunk mod_num/port_num [on | desirable | auto | nonegotiate]
[vlans]
After entering the set trunk command, you see this display:
Console> (enable) set trunk 1/1 on
Port(s) 1/1 trunk mode set to on.
Console> (enable) 2/20/1998,23:38:35:DISL-5:Port 1/1 has become trunk
To configure a port as an IEEE 802.1Q trunk, perform this task in privileged mode (requires
Catalyst 5000 series software release 4.1(1) or later and 802.1Q-capable hardware):
Task Command
Configure a port as an 802.1Q trunk. set trunk mod_num/port_num nonegotiate [vlans] dot1q
Caution DISL negotiation does not occur on IEEE 802.1Q trunks. You must configure the ports on both
ends of the trunk link as 802.1Q trunks using the set trunk command with the nonegotiate and dot1q
keywords. Expect spanning tree to block the port on the other end of the trunk link until you configure that
end of the link as an 802.1Q trunk as well. Do not configure one end of a trunk as an 802.1Q trunk and the
other end as an ISL trunk or a nontrunk port. Errors will occur and no traffic can pass over the link.
After entering the set trunk nonegotiate dot1q command, you see this display:
Console> (enable) set trunk 4/5 nonegotiate dot1q
Port(s) 4/5 trunk mode set to nonegotiate.
Port(s) 4/5 trunk type set to dot1q.
Console> (enable) 2/20/1998,23:38:35:DISL-5:Port 1/1 has become dot1q trunk
Note For an example on how to configure an 802.1Q trunk, see the section “IEEE 802.1Q Trunks
on Fast Ethernet Ports.”
9-26 Catalyst 5000 Series Software Configuration Guide
Configuring Fast Ethernet VLAN Trunks
By default, all VLANs are added to the allowed VLANs list for the trunk. If you want to remove
VLANs from the allowed list, enter the clear trunk command. This prevents traffic for those
VLANs from passing over the trunk. You cannot remove VLAN 1, the default VLAN, from the
allowed list. Entering the clear trunk command without specifying VLANs returns the port to the
default trunk type and mode for that port type.
Task Command
Remove specific VLANs from the allowed clear trunk mod_num/port_num vlans
VLANs list for a trunk.
After entering the clear trunk command, you see this display:
Console> (enable) clear trunk 1/1 2-250
Removing Vlan(s) 2-250 from allowed list.
Port 1/1 allowed vlans modified to 1,251-1005.
Console> (enable)
If you want to add VLANs to the allowed list for a trunk after you removed them using clear trunk,
enter the set trunk command to add the specific VLANs:
Task Command
Add specific VLANs to the allowed VLANs set trunk mod_num/port_num vlans
list for a trunk.
Console> (enable) set trunk 1/1 100-110
Adding vlans 100-110 to allowed list.
Port(s) 1/1 allowed vlans modified to 1,100-110,251-1005.
Console> (enable)
To return a port to the default trunk type and mode for that port type, enter the clear trunk command.
To explicitly turn off trunking on a port, enter the set trunk off command:
Task Command
Return the port to the default trunking type clear trunk mod_num/port_num
and mode for that port type.
Turn off trunking on a port. set trunk mod_num/port_num off
Verification
To verify the trunking configuration, perform this task:
Task Command
Verify the trunking configuration. show trunk [mod/port]
This example shows how to verify the trunk configuration:
Console> (enable) show trunk
Port Mode Encapsulation Status Native vlan
-------- ----------- ------------- ------------ -----------
4/9 auto isl trunking 1
4/10 desirable isl trunking 1
Port Vlans allowed on trunk
-------- ---------------------------------------------------------------------
4/9 1-1005
4/10 1-1005
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-27
Configuring Fast Ethernet VLAN Trunks
Port Vlans allowed and active in management domain
-------- ---------------------------------------------------------------------
4/9 1,4-5,1003,1005
4/10 1,4-5,1003,1005
Port Vlans in spanning tree forwarding state and not pruned
-------- ---------------------------------------------------------------------
4/9 1005
4/10 1005
Console> (enable)
If you configure an IEEE 802.1Q trunk on a port, you will see output similar to the following when
you enter the show trunk command:
Console> (enable) show trunk 4/5
Port Mode Encapsulation Status Native vlan
-------- ----------- ------------- ------------ -----------
4/5 nonegotiate dot1q trunking 1
Port Vlans allowed on trunk
-------- ---------------------------------------------------------------------
4/5 1-1005
Port Vlans allowed and active in management domain
-------- ---------------------------------------------------------------------
4/5 1-3,1003,1005
Port Vlans in spanning tree forwarding state and not pruned
-------- ---------------------------------------------------------------------
4/5 1005
Console> (enable)
VLAN Trunk Examples
This section contains examples of VLAN and VLAN trunk configurations for ISL and IEEE 802.1Q
trunks on Fast Ethernet ports, and an example of load-sharing VLAN traffic over trunk ports using
spanning-tree priorities.
ISL Trunks on Fast Ethernet Ports
You can configure any Fast Ethernet port as an ISL trunk. Trunks use ISL to support multiple
VLANs. An ISL trunk allows the Catalyst 5000 series switch to multiplex up to 1000 VLANs
between switches and routers.
The Dynamic ISL (DISL) protocol negotiates ISL trunk ports between two Catalyst 5000 series Fast
Ethernet switch ports, reducing VLAN trunk configuration procedures because only one end of a
link must be configured as a trunk or nontrunk.
Figure 9-9 shows an example of a Fast Ethernet ISL configuration.
9-28 Catalyst 5000 Series Software Configuration Guide
VLAN Trunk Examples
Figure 9-9 Fast Ethernet ISL Configuration
Catalyst 5000
switch
ISL ISL ISL ISL
Trunk Trunk Trunk Trunk
Catalyst 2820 Catalyst 1900
switch switch
Catalyst 1900 Catalyst 2820
switch switch
VLAN1 VLAN3 VLAN2
VLAN2 VLAN1 VLAN3
70
IEEE 802.1Q Trunks on Fast Ethernet Ports
IEEE 802.1Q trunks are supported in Catalyst 5000 series software release 4.1 and later. 802.1Q
trunks can only be configured on 802.1Q-capable hardware. Check the documentation for your
hardware to see if your hardware is 802.1Q-capable. In software release 4.1, you must manually
configure IEEE 802.1Q trunk ports on both ends of the link. DISL, the protocol used to negotiate
ISL trunks (the default trunk type for Fast Ethernet), does not yet support 802.1Q. To properly
configure an IEEE 802.1Q trunk, the trunk type (encapsulation), trunk mode, and native VLAN must
be the same on both ends of the link.
In this example, an 802.1Q trunk is configured between port 1/1 on Switch 1 and port 4/1 on
Switch 2. The initial network configuration is shown in Figure 9-10. Assume that the native VLAN
is VLAN 1 on both ends of the link.
Figure 9-10 IEEE 802.1Q Trunking: Initial Network Configuration
Port 1/1 Port 4/1
Trunk Type: ISL Trunk Type: ISL
Trunk Mode: auto Trunk Mode: auto
10640
5000 5000
Switch 1 Switch 2
To configure a port as an 802.1Q trunk, enter the set trunk command. You must use the nonegotiate
keyword when configuring a port as an 802.1Q trunk.
Switch 1> (enable) set trunk 1/1 nonegotiate dot1q
Port(s) 1/1 trunk mode set to nonegotiate.
Port(s) 1/1 trunk type set to dot1q.
Switch 1> (enable) 04/15/1998,22:02:17:DISL-5:Port 1/1 has become dot1q trunk
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-29
Configuring Fast Ethernet VLAN Trunks
Switch 2> (enable) 04/15/1998,22:01:42:SPANTREE-2: Rcved 1Q-BPDU on non-1Q-trunk port
4/1 vlan 1.
04/15/1998,22:01:42:SPANTREE-2: Block 4/1 on rcving vlan 1 for inc trunk port.
04/15/1998,22:01:42:SPANTREE-2: Block 4/1 on rcving vlan 1 for inc peer vlan 2.
Switch 2> (enable)
Notice that after the port on Switch 1 is configured as an 802.1Q trunk, syslog messages (indicated
by the arrows) are displayed on the Switch 2 console, and port 4/1 on Switch 2 is blocked. The
Spanning-Tree Protocol blocks the port because there is a port-type inconsistency on the trunk link:
port 1/1 on Switch 1 is configured as an 802.1Q trunk while port 4/1 on Switch 2 is configured as an
ISL trunk (see Figure 9-11). Port 4/1 would also be blocked if it were configured as a nontrunk port.
Figure 9-11 IEEE 802.1Q Trunking: Port-Type Inconsistency
Port 1/1 Port 4/1
Trunk Type: 802.1Q Trunk Type: ISL
Trunk Mode: nonegotiate Trunk Mode: auto
Blocking
10641
5000 X 5000
Switch 1 Port-type Switch 2
inconsistency
Output from the show spantree and show spantree statistics commands on Switch 2 displays the
problem (indicated by the arrows). The configuration mismatch exists until the port on Switch 2 is
properly configured.
Switch 2> (enable) show spantree 1
VLAN 1
Spanning tree enabled
Spanning tree type ieee
Designated Root 00-60-09-79-c3-00
Designated Root Priority 32768
Designated Root Cost 0
Designated Root Port 1/0
Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
Bridge ID MAC ADDR 00-60-09-79-c3-00
Bridge ID Priority 32768
Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
Port Vlan Port-State Cost Priority Fast-Start Group-method
--------- ---- ------------- ----- -------- ---------- ------------
1/1 1 not-connected 4 32 disabled
1/2 1 not-connected 4 32 disabled
4/1 1 type-pvid-inconsistent 100 32 disabled
4/2 1 not-connected 100 32 disabled
<...output truncated...>
Switch 2> (enable) show spantree statistics 4/1
Port 4/1 VLAN 1
SpanningTree enabled for vlanNo = 1
BPDU-related parameters
port spanning tree enabled
state broken
9-30 Catalyst 5000 Series Software Configuration Guide
VLAN Trunk Examples
port_id 0x8142
port number 0x142
path cost 100
message age (port/VLAN) 1(20)
designated_root 00-60-09-79-c3-00
designated_cost 0
designated_bridge 00-60-09-79-c3-00
designated_port 0x8142
top_change_ack FALSE
config_pending FALSE
port_inconsistency port_type & port_vlan
<...output truncated...>
Switch 2> (enable)
The misconfiguration is resolved by completing the 802.1Q configuration on Switch 2:
Switch 2> (enable) set trunk 4/1 nonegotiate dot1q
Port(s) 4/1 trunk mode set to nonegotiate.
Port(s) 4/1 trunk type set to dot1q.
Switch 2> (enable) 2/20/1998,23:41:15:DISL-5:Port 4/1 has become dot1q trunk
Port 4/1 on Switch 2 changes from blocking mode to forwarding mode once the port-type
inconsistency is resolved (see Figure 9-12). (This assumes that there is no wiring loop present that
would cause the port to be blocked normally by spanning tree. In either case, the port state would
change from “type-pvid-inconsistent” to “blocking” in the show spantree output.)
Figure 9-12 IEEE 802.1Q Trunking: Final Network Configuration
Port 1/1 Port 4/1
Trunk Type: 802.1Q Trunk Type: 802.1Q
Trunk Mode: nonegotiate Trunk Mode: nonegotiate
10642
5000 5000
Switch 1 802.1Q Trunk Switch 2
Verify the 802.1Q configuration on Switch 1 by entering the show trunk and show spantree
commands:
Switch 1> (enable) show trunk 1/1
Port Mode Encapsulation Status Native vlan
-------- ----------- ------------- ------------ -----------
1/1 nonegotiate dot1q trunking 1
Port Vlans allowed on trunk
-------- ---------------------------------------------------------------------
1/1 1-1005
Port Vlans allowed and active in management domain
-------- ---------------------------------------------------------------------
1/1 1-3,1003,1005
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-31
Configuring Fast Ethernet VLAN Trunks
Port Vlans in spanning tree forwarding state and not pruned
-------- ---------------------------------------------------------------------
1/1 1005
Switch 1> (enable) show spantree 1
VLAN 1
Spanning tree enabled
Spanning tree type ieee
Designated Root 00-60-09-79-c3-00
Designated Root Priority 32768
Designated Root Cost 0
Designated Root Port 1/1
Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
Bridge ID MAC ADDR 00-10-29-b5-30-00
Bridge ID Priority 49152
Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
Port Vlan Port-State Cost Priority Fast-Start Group-method
--------- ---- ------------- ----- -------- ---------- ------------
1/1 1 forwarding 4 32 disabled
1/2 1 not-connected 4 32 disabled
<...output truncated...>
Switch 1> (enable)
The output shows that the port 1/1 is an IEEE 802.1Q trunk port, that its status is “trunking,” and that
the port-state is “forwarding” (indicated by the arrows).
Verify the configuration on Switch 2 by entering the show trunk and show spantree commands:
Switch 2> (enable) show trunk 4/1
Port Mode Encapsulation Status Native vlan
-------- ----------- ------------- ------------ -----------
4/1 nonegotiate dot1q trunking 1
Port Vlans allowed on trunk
-------- ---------------------------------------------------------------------
4/1 1-1005
Port Vlans allowed and active in management domain
-------- ---------------------------------------------------------------------
4/1 1-3,1003,1005
Port Vlans in spanning tree forwarding state and not pruned
-------- ---------------------------------------------------------------------
4/1 1005
Switch 2> (enable) show spantree 1
VLAN 1
Spanning tree enabled
Spanning tree type ieee
Designated Root 00-60-09-79-c3-00
Designated Root Priority 32768
Designated Root Cost 0
Designated Root Port 1/0
Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
Bridge ID MAC ADDR 00-60-09-79-c3-00
Bridge ID Priority 32768
Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
9-32 Catalyst 5000 Series Software Configuration Guide
VLAN Trunk Examples
Port Vlan Port-State Cost Priority Fast-Start Group-method
--------- ---- ------------- ----- -------- ---------- ------------
1/1 1 not-connected 4 32 disabled
1/2 1 not-connected 4 32 disabled
4/1 1 forwarding 100 32 disabled
4/2 1 not-connected 100 32 disabled
<...output truncated...>
Switch 2> (enable)
The output shows that port 4/1 is an IEEE 802.1Q trunk port, that its status is “trunking,” and that
the port-state is “forwarding” (indicated by the arrows).
Verify connectivity across the trunk using the ping command:
Switch 1> (enable) ping switch_2
switch_2 is alive
Switch 1> (enable)
VLAN-Traffic Load Sharing Over Parallel Trunk Ports
Using spanning-tree port-VLAN priorities, you can load-share VLAN traffic over parallel trunk
ports so that traffic from some VLANs travels over one trunk, while traffic from other VLANs travels
over the other trunk. This configuration allows traffic to be carried over both trunks simultaneously
(rather than keeping one trunk in blocking mode), which reduces the total traffic carried over each
trunk while still maintaining a fault-tolerant configuration.
Figure 9-13 shows a parallel trunk configuration between two Catalyst 5000 series switches, using
the Fast Ethernet uplink ports on the supervisor engine.
Figure 9-13 Parallel Trunk Configuration Before Configuring VLAN-Traffic Load Sharing
Trunk 2
VLANs 10, 20, 30, 40, 50, and 60: port-VLAN priority 32 (blocking)
Catalyst 5000 Catalyst 5000
Switch 1 Switch 2
1/1 1/1
1/2 1/2
Trunk 1
11743
VLANs 10, 20, 30, 40, 50, and 60: port-VLAN priority 32 (forwarding)
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-33
Configuring Fast Ethernet VLAN Trunks
By default, the port-VLAN priority for both trunks is equal (a value of 32). Therefore, the
Spanning-Tree Protocol blocks port 1/2 (Trunk 2) for each VLAN on Switch 1 to prevent forwarding
loops. Trunk 2 is not used to forward traffic unless Trunk 1 fails.
This example shows how to configure the Catalyst 5000 series switches so that traffic from multiple
VLANs is load-balanced over the parallel trunks.
Step 1 Configure a VTP domain on both Switch 1 and Switch 2 (by entering the set vtp
command) so that the VLAN information configured on Switch 1 is learned by Switch 2.
Make sure Switch 1 is a VTP server. You can configure Switch 2 as a VTP client or as a
VTP server:
Switch_1> (enable) set vtp domain BigCorp mode server
VTP domain BigCorp modified
Switch_1> (enable)
Switch_2> (enable) set vtp domain BigCorp mode server
VTP domain BigCorp modified
Switch_2> (enable)
Step 2 Create the VLANs on Switch 1 by entering the set vlan command. In this example, you
see VLANs 10, 20, 30, 40, 50, and 60, as follows:
Switch_1> (enable) set vlan 10
Vlan 10 configuration successful
Switch_1> (enable) set vlan 20
Vlan 20 configuration successful
Switch_1> (enable) set vlan 30
Vlan 30 configuration successful
Switch_1> (enable) set vlan 40
Vlan 40 configuration successful
Switch_1> (enable) set vlan 50
Vlan 50 configuration successful
Switch_1> (enable) set vlan 60
Vlan 60 configuration successful
Switch_1> (enable)
9-34 Catalyst 5000 Series Software Configuration Guide
VLAN Trunk Examples
Step 3 Verify the VTP and VLAN configuration on Switch 1 by entering the show vtp domain
and show vlan commands as follows:
Switch_1> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
BigCorp 1 2 server -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
11 1023 13 disabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.10 disabled enabled 2-1000
Switch_1> (enable) show vlan
VLAN Name Status Mod/Ports, Vlans
---- -------------------------------- --------- ----------------------------
1 default active 1/1-2
2/1-12
5/1-2
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
40 VLAN0040 active
50 VLAN0050 active
60 VLAN0060 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
<...output truncated...>
Switch_1> (enable)
Step 4 Configure the supervisor engine uplinks on Switch 1 as ISL trunk ports by entering the
set trunk command. Specifying the desirable mode on the Switch 1 ports causes the ports
on Switch 2 to negotiate to become trunk links (assuming that the Switch 2 uplinks are in
the default auto mode).
Switch_1> (enable) set trunk 1/1 desirable
Port(s) 1/1 trunk mode set to desirable.
Switch_1> (enable) 04/21/1998,03:05:05:DISL-5:Port 1/1 has become isl trunk
Switch_1> (enable) set trunk 1/2 desirable
Port(s) 1/2 trunk mode set to desirable.
Switch_1> (enable) 04/21/1998,03:05:13:DISL-5:Port 1/2 has become isl trunk
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-35
Configuring Fast Ethernet VLAN Trunks
Step 5 Verify that the trunk links are up by entering the show trunk command as follows:
Switch_1> (enable) show trunk 1
Port Mode Encapsulation Status Native vlan
-------- ----------- ------------- ------------ -----------
1/1 desirable isl trunking 1
1/2 desirable isl trunking 1
Port Vlans allowed on trunk
-------- ---------------------------------------------------------------------
1/1 1-1005
1/2 1-1005
Port Vlans allowed and active in management domain
-------- ---------------------------------------------------------------------
1/1 1,10,20,30,40,50,60
1/2 1,10,20,30,40,50,60
Port Vlans in spanning tree forwarding state and not pruned
-------- ---------------------------------------------------------------------
1/1
1/2
Switch_1> (enable)
Step 6 When the trunk links come up, VTP passes the VTP and VLAN configuration to
Switch 2. Verify that Switch 2 has learned the VLAN configuration by entering the show
vlan command on Switch 2:
Switch_2> (enable) show vlan
VLAN Name Status Mod/Ports, Vlans
---- -------------------------------- --------- ----------------------------
1 default active
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
40 VLAN0040 active
50 VLAN0050 active
60 VLAN0060 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
<...output truncated...>
Switch_2> (enable)
Step 7 It will take one or two minutes for spanning tree to converge. Once the network stabilizes,
check the spanning-tree state of each trunk port on Switch 1 by entering the show
spantree command.
9-36 Catalyst 5000 Series Software Configuration Guide
VLAN Trunk Examples
Trunk 1 is forwarding for all VLANs. Trunk 2 is blocking for all VLANs. On Switch 2,
both trunks are forwarding for all VLANs, but no traffic passes over Trunk 2 because port
1/2 on Switch 1 is blocking.
Switch_1> (enable) show spantree 1/1
Port Vlan Port-State Cost Priority Fast-Start Group-method
--------- ---- ------------- ----- -------- ---------- ------------
1/1 1 forwarding 19 32 disabled
1/1 10 forwarding 19 32 disabled
1/1 20 forwarding 19 32 disabled
1/1 30 forwarding 19 32 disabled
1/1 40 forwarding 19 32 disabled
1/1 50 forwarding 19 32 disabled
1/1 60 forwarding 19 32 disabled
1/1 1003 not-connected 19 32 disabled
1/1 1005 not-connected 19 4 disabled
Switch_1> (enable) show spantree 1/2
Port Vlan Port-State Cost Priority Fast-Start Group-method
--------- ---- ------------- ----- -------- ---------- ------------
1/2 1 blocking 19 32 disabled
1/2 10 blocking 19 32 disabled
1/2 20 blocking 19 32 disabled
1/2 30 blocking 19 32 disabled
1/2 40 blocking 19 32 disabled
1/2 50 blocking 19 32 disabled
1/2 60 blocking 19 32 disabled
1/2 1003 not-connected 19 32 disabled
1/2 1005 not-connected 19 4 disabled
Switch_1> (enable)
Step 8 Divide the configured VLANs into two groups. You might want traffic from half of the
VLANs to go over one trunk link and half over the other, or if one VLAN has heavier
traffic than the others, you can have traffic from that VLAN go over one trunk and traffic
from the other VLANs go over the other trunk link.
In this example, VLANs 10, 20, and 30 (Group 1) are forwarded over Trunk 1, and
VLANs 40, 50, and 60 (Group 2) are forwarded over Trunk 2.
Step 9 On Switch 1, enter the set spantree portvlanpri command to change the port-VLAN
priority for the Group 1 VLANs on Trunk 1 (port 1/1) to an integer value lower than the
default of 32.
Switch_1> (enable) set spantree portvlanpri 1/1 1 10
Port 1/1 vlans 1-9,11-1004 using portpri 32.
Port 1/1 vlans 10 using portpri 1.
Port 1/1 vlans 1005 using portpri 4.
Switch_1> (enable) set spantree portvlanpri 1/1 1 20
Port 1/1 vlans 1-9,11-19,21-1004 using portpri 32.
Port 1/1 vlans 10,20 using portpri 1.
Port 1/1 vlans 1005 using portpri 4.
Switch_1> (enable) set spantree portvlanpri 1/1 1 30
Port 1/1 vlans 1-9,11-19,21-29,31-1004 using portpri 32.
Port 1/1 vlans 10,20,30 using portpri 1.
Port 1/1 vlans 1005 using portpri 4.
Switch_1> (enable)
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-37
Configuring Fast Ethernet VLAN Trunks
Step 10 On Switch 1, change the port-VLAN priority for the Group 2 VLANs on Trunk 2
(port 1/2) to an integer value lower than the default of 32.
Switch_1> (enable) set spantree portvlanpri 1/2 1 40
Port 1/2 vlans 1-39,41-1004 using portpri 32.
Port 1/2 vlans 40 using portpri 1.
Port 1/2 vlans 1005 using portpri 4.
Switch_1> (enable) set spantree portvlanpri 1/2 1 50
Port 1/2 vlans 1-39,41-49,51-1004 using portpri 32.
Port 1/2 vlans 40,50 using portpri 1.
Port 1/2 vlans 1005 using portpri 4.
Switch_1> (enable) set spantree portvlanpri 1/2 1 60
Port 1/2 vlans 1-39,41-49,51-59,61-1004 using portpri 32.
Port 1/2 vlans 40,50,60 using portpri 1.
Port 1/2 vlans 1005 using portpri 4.
Switch_1> (enable)
Step 11 On Switch 2, change the port-VLAN priority for the Group 1 VLANs on Trunk 1
(port 1/1) to the same value you configured for those VLANs on Switch 1.
Caution The port-VLAN priority for each VLAN must be equal on both ends of the link.
Switch_2> (enable) set spantree portvlanpri 1/1 1 10
Port 1/1 vlans 1-9,11-1004 using portpri 32.
Port 1/1 vlans 10 using portpri 1.
Port 1/1 vlans 1005 using portpri 4.
Switch_2> (enable) set spantree portvlanpri 1/1 1 20
Port 1/1 vlans 1-9,11-19,21-1004 using portpri 32.
Port 1/1 vlans 10,20 using portpri 1.
Port 1/1 vlans 1005 using portpri 4.
Switch_2> (enable) set spantree portvlanpri 1/1 1 30
Port 1/1 vlans 1-9,11-19,21-29,31-1004 using portpri 32.
Port 1/1 vlans 10,20,30 using portpri 1.
Port 1/1 vlans 1005 using portpri 4.
Switch_2> (enable)
Step 12 On Switch 2, change the port-VLAN priority for the Group 2 VLANs on Trunk 2
(port 1/2) to the same value you configured for those VLANs on Switch 1.
Switch_2> (enable) set spantree portvlanpri 1/2 1 40
Port 1/2 vlans 1-39,41-1004 using portpri 32.
Port 1/2 vlans 40 using portpri 1.
Port 1/2 vlans 1005 using portpri 4.
Switch_2> (enable) set spantree portvlanpri 1/2 1 50
Port 1/2 vlans 1-39,41-49,51-1004 using portpri 32.
Port 1/2 vlans 40,50 using portpri 1.
Port 1/2 vlans 1005 using portpri 4.
Switch_2> (enable) set spantree portvlanpri 1/2 1 60
Port 1/2 vlans 1-39,41-49,51-59,61-1004 using portpri 32.
Port 1/2 vlans 40,50,60 using portpri 1.
Port 1/2 vlans 1005 using portpri 4.
Switch_2> (enable)
Step 13 When you have configured the port-VLAN priorities on both ends of the link, the
spanning tree converges to use the new configuration.
9-38 Catalyst 5000 Series Software Configuration Guide
VLAN Trunk Examples
Check the spanning-tree port states on Switch 1 by entering the show spantree
command. The Group 1 VLANs should be forwarding on Trunk 1 and blocking on
Trunk 2. The Group 2 VLANs should be blocking on Trunk 1 and forwarding on Trunk 2.
Switch_1> (enable) show spantree 1/1
Port Vlan Port-State Cost Priority Fast-Start Group-method
--------- ---- ------------- ----- -------- ---------- ------------
1/1 1 forwarding 19 32 disabled
1/1 10 forwarding 19 1 disabled
1/1 20 forwarding 19 1 disabled
1/1 30 forwarding 19 1 disabled
1/1 40 blocking 19 32 disabled
1/1 50 blocking 19 32 disabled
1/1 60 blocking 19 32 disabled
1/1 1003 not-connected 19 32 disabled
1/1 1005 not-connected 19 4 disabled
Switch_1> (enable) show spantree 1/2
Port Vlan Port-State Cost Priority Fast-Start Group-method
--------- ---- ------------- ----- -------- ---------- ------------
1/2 1 blocking 19 32 disabled
1/2 10 blocking 19 32 disabled
1/2 20 blocking 19 32 disabled
1/2 30 blocking 19 32 disabled
1/2 40 forwarding 19 1 disabled
1/2 50 forwarding 19 1 disabled
1/2 60 forwarding 19 1 disabled
1/2 1003 not-connected 19 32 disabled
1/2 1005 not-connected 19 4 disabled
Switch_1> (enable)
Figure 9-14 shows the network after you configure VLAN traffic load-sharing.
Figure 9-14 Parallel Trunk Configuration After Configuring VLAN Traffic Load Sharing
Trunk 2
VLANs 10, 20, and 30: port-VLAN priority 32 (blocking)
VLANs 40, 50, and 60: port-VLAN priority 1 (forwarding)
Catalyst 5000 Catalyst 5000
Switch 1 Switch 2
1/1 1/1
1/2 1/2
Trunk 1
VLANs 10, 20, and 30: port-VLAN priority 1 (forwarding)
11742
VLANs 40, 50, and 60: port-VLAN priority 32 (blocking)
The advantage of the configuration shown in Figure 9-14 is that both trunks are utilized when the
network is operating normally and, if one trunk link fails, the other trunk link acts as an alternate
forwarding path for the traffic previously traveling over the failed link.
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-39
Configuring Dynamic Port VLAN Membership with VMPS
Suppose that Trunk 1 fails in the network shown in Figure 9-14. The Spanning-Tree Protocol
reconverges to use Trunk 2 to forward traffic from all the VLANs, as shown in the following
example:
Switch_1> (enable) 04/21/1998,03:15:40:DISL-5:Port 1/1 has become non-trunk
Switch_1> (enable) show spantree 1/1
Port Vlan Port-State Cost Priority Fast-Start Group-method
--------- ---- ------------- ----- -------- ---------- ------------
1/1 1 not-connected 19 32 disabled
Switch_1> (enable) show spantree 1/2
Port Vlan Port-State Cost Priority Fast-Start Group-method
--------- ---- ------------- ----- -------- ---------- ------------
1/2 1 learning 19 32 disabled
1/2 10 learning 19 32 disabled
1/2 20 learning 19 32 disabled
1/2 30 learning 19 32 disabled
1/2 40 forwarding 19 1 disabled
1/2 50 forwarding 19 1 disabled
1/2 60 forwarding 19 1 disabled
1/2 1003 not-connected 19 32 disabled
1/2 1005 not-connected 19 4 disabled
Switch_1> (enable) show spantree 1/2
Port Vlan Port-State Cost Priority Fast-Start Group-method
--------- ---- ------------- ----- -------- ---------- ------------
1/2 1 forwarding 19 32 disabled
1/2 10 forwarding 19 32 disabled
1/2 20 forwarding 19 32 disabled
1/2 30 forwarding 19 32 disabled
1/2 40 forwarding 19 1 disabled
1/2 50 forwarding 19 1 disabled
1/2 60 forwarding 19 1 disabled
1/2 1003 not-connected 19 32 disabled
1/2 1005 not-connected 19 4 disabled
Switch_1> (enable)
Configuring Dynamic Port VLAN Membership with VMPS
You can assign dynamic ports to a VLAN based on the source MAC address of the hosts connected
to that port. On dynamic ports, you can move a connection from a port on one switch to a port on
another switch in the network. This section describes how to set up dynamic ports, including the
configuration of the VLAN Membership Policy Server (VMPS), which has a MAC
address-to-VLAN mapping database necessary for setting up dynamic ports.
To configure dynamic port VLAN membership, complete these tasks:
• Configuring the VLAN Membership Policy Server
• Configuring Dynamic Ports on Clients
Configuring the VLAN Membership Policy Server
The MAC address-to-VLAN mapping database enables your workstation to be placed into the
correct VLAN. You must configure the VMPS before configuring a port as dynamic.
Prerequisites
Before configuring the VMPS, you must perform these tasks:
• Determine the MAC address-to-VLAN mapping by entering the show cam command.
9-40 Catalyst 5000 Series Software Configuration Guide
Configuring the VLAN Membership Policy Server
• Use the information obtained by displaying the dynamic content-addressable memory (CAM)
entries to build an ASCII file on your workstation or PC.
• Move the ASCII file to the TFTP server so it can be downloaded to the Catalyst 5000 series
switch.
Procedure
When you enable the VMPS, it begins to download the configuration information from the TFTP
server. After a successful download, the VMPS task is started, and it accepts the VMPS requests.
To enable the VMPS, use this procedure:
Task Command
Step 1 Configure the IP address of the TFTP set vmps tftpserver ip_addr [filename]
server on which the ASCII file resides.
Step 2 Enable VMPS. set vmps state {enable | disable}
The set vmps tftpserver ip_addr [filename] command specifies the VMPS database location. The
filename is the name of the ASCII VMPS file.
After entering the set vmps state enable command, you see this display:
Console> (enable) set vmps state enable
Vlan Membership Policy Server enable is in progress.
The set vmps state enable command sets the VMPS state in NVRAM to enable. If it is previously
disabled, this command initiates a background task to begin the database download. After a
successful database download, this command sets the operational status to active.
You can also enter the following VMPS-related commands:
• To download VMPS database information or change the VMPS database, enter the download
vmps command.
Enter this command if you want to change the VMPS database or if a previous download failed.
• To disable VMPS, enter the set vmps state disable command.
When you disable the VMPS, tasks are removed and all configuration information is flushed.
You see this display:
Console> (enable) set vmps state disable
All the VMPS configuration information will be lost and the resources released on
disable.
Do you want to continue (y/n[n]): yes
Vlan Membership Policy Server disabled.
For more information, refer to the Catalyst 5000 Series Command Reference publication.
Verification
Enter these commands to verify the status of port VLAN membership:
• To show current VMPS configuration information, enter the show vmps command. You also can
enter this command to verify the operational status.
• To display MAC-address-to-VLAN mapping, enter the show vmps mac [mac_address]
command. You can also enter the show vmps vlan vlan_name command.
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-41
Configuring Dynamic Port VLAN Membership with VMPS
• To display ports belonging to a restricted VLAN, enter the show vmps vlanports vlan_name
command.
• To display VMPS statistics, enter the show vmps statistics command.
• To clear VMPS statistics, enter the clear vmps statistics command.
For more information, refer to the Catalyst 5000 Series Command Reference publication.
Error Messages
Table 9-2 shows sample error messages and actions you need to take after entering the set vmps
state {enable | disable} command.
Table 9-2 Error Messages for set vmps state enable Command
Error Message Recommended Action
TFTP server IP address is not configured. Enter the set vmps tftpserver ip_addr
[filename] command and configure the TFTP
server address.
Unable to contact the TFTP server 198.4.254.222. Enter the set route command to reach the
TFTP server.
File “vmps_configuration.db” not found on the TFTP Create a configuration file in the file server.
server 198.4.254.222.
Enable failed due to insufficient resources. The Catalyst 5000 series switch does not
have sufficient resources to run the database.
You can fix this problem by increasing the
dynamic random-access memory (DRAM).
Table 9-3 shows sample error messages and actions you need to take after entering the download
vmps command.
Table 9-3 Error Messages for download vmps Command
Error Message Recommended Action
TFTP server IP address is not configured. Enter the set vmps tftpserver ip_addr
[filename] command and configure the TFTP
server address.
Unable to contact the TFTP server 198.4.254.222. Enter the set route command to reach the
TFTP server. This message is printed to the
syslog server.
File “vmps_configuration.db” not found on the TFTP Create a configuration file in the file server.
server 198.4.254.222. This message is printed to the syslog server.
Troubleshooting
After the VMPS successfully downloads the ASCII configuration file, it parses the file and builds a
database. The VMPS outputs the statistics about the total number of lines parsed and the number of
parsing errors. Set the syslog level for VMPS to 3 to obtain more information on the errors.
9-42 Catalyst 5000 Series Software Configuration Guide
Configuring the VLAN Membership Policy Server
Example VMPS Configuration File
The following describes the parameters in the configuration file:
• You must define the VMPS domain in the file. It corresponds to the VTP domain name of the
switch. The mode defines the VMPS to be either in open or secure mode. The fallback VLAN is
assigned to the MAC addresses not defined in the database.
• “MAC Addresses” define the MAC address and the corresponding VLAN table. The keyword
--NONE-- specifies that the MAC address should be denied connectivity. A port is identified by
the IP address of the switch and the module/port number of the port, in the form
mod_num/port_num.
• “Port Group” defines a logical group of ports. The keyword all-ports specifies all the ports in the
specified switch.
• “VLAN Group” defines a logical group of VLANs. These logical groups define the VLAN port
policies in the following section.
• “VLAN Port Policies” define the ports associated with a restricted VLAN. You can configure a
restricted VLAN by defining the set of dynamic ports on which it can exist.
• The VMPS parser is a line-based parser. Start each entry in the file on a new line. Ranges are not
allowed for the port numbers.
Example
A sample VMPS configuration file is shown below.
!vmps domain <domain-name>
! The VMPS domain must be defined.
!vmps mode { open | secure }
! The default mode is open.
!vmps fallback <vlan-name>
!vmps no-domain-req { allow | deny }
!
! The default value is allow.
vmps domain WBU
vmps mode open
vmps fallback default
vmps no-domain-req deny
!
!
!MAC Addresses
!
vmps-mac-addrs
!
! address <addr> vlan-name <vlan_name>
!
address 0012.2233.4455 vlan-name hardware
address 0000.6509.a080 vlan-name hardware
address aabb.ccdd.eeff vlan-name Green
address 1223.5678.9abc vlan-name ExecStaff
address fedc.ba98.7654 vlan-name --NONE--
address fedc.ba23.1245 vlan-name Purple
!
!Port Groups
!
!vmps-port-group <group-name>
! device <device-id> { port <port-name> | all-ports }
!
vmps-port-group WiringCloset1
device 198.92.30.32 port 3/2
device 172.20.26.141 port 2/8
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-43
Configuring Dynamic Port VLAN Membership with VMPS
vmps-port-group "Executive Row"
device 198.4.254.222 port 1/2
device 198.4.254.222 port 1/3
device 198.4.254.223 all-ports
!
!
!VLAN groups
!
!vmps-vlan-group <group-name>
! vlan-name <vlan-name>
!
vmps-vlan-group Engineering
vlan-name hardware
vlan-name software
!
!
!VLAN port Policies
!
!vmps-port-policies {vlan-name <vlan_name> | vlan-group <group-name> }
! { port-group <group-name> | device <device-id> port <port-name> }
!
vmps-port-policies vlan-group Engineering
port-group WiringCloset1
vmps-port-policies vlan-name Green
device 198.92.30.32 port 4/8
vmps-port-policies vlan-name Purple
device 198.4.254.22 port 1/2
port-group "Executive Row"
Understanding the VMPS
After you enable VMPS by entering the set vmps state {enable | disable} command, the
configuration information downloads from a TFTP server, and the VMPS begins to accept requests
from clients. Upon subsequent resets of the Catalyst 5000 series switch, the configuration
information downloads automatically from a TFTP server, and the VMPS is enabled.
The VMPS opens a UDP socket to communicate with clients and listen to client requests. Upon
receiving a valid request from a client, the VMPS searches its database for a MAC address-to-VLAN
mapping.
If the assigned VLAN is restricted to a group of ports, the VMPS verifies the requesting port against
this group. If the VLAN is legal on this port, the VLAN name is passed in the response. If the VLAN
is illegal on that port and the VMPS is not in secure mode, it sends an access denied response. If the
VMPS is in secure mode, it sends a port shutdown response.
If the VLAN from the table does not match the current VLAN on the port and there are active hosts
on the port, the VMPS sends an access denied or a port shutdown response based on the secure mode
of the VMPS.
You can configure a fallback VLAN name into the VMPS. If the requested MAC address is not in
the table, the VMPS sends the fallback VLAN name in response. If you do not configure a fallback
VLAN and the MAC address does not exist in the table, the VMPS sends an access denied response.
If the VMPS is in secure mode, it sends a port shutdown response.
You can also make an explicit entry in the configuration table to deny access to specific MAC
addresses for security reasons by specifying a --NONE-- keyword for the VLAN name. In this case,
the VMPS sends an access denied or port shutdown response.
9-44 Catalyst 5000 Series Software Configuration Guide
Configuring Dynamic Ports on Clients
Configuring Dynamic Ports on Clients
To configure dynamic port VLAN membership on a client, use the procedure shown in this section.
Prerequisites
These prerequisites apply to configuring dynamic ports:
• You must configure the VMPS before configuring dynamic ports.
• The VMPS must be active and accessible to the Catalyst 5000 series switch.
Procedure
To configure dynamic ports on clients, perform these steps:
Task Command
Step 1 Configure the VMPS IP address to be set vmps server ip_addr [primary]
queried on the client.
Step 2 Configure the VLAN membership set port membership mod_num /port_num
assignment to a port. {dynamic | static}
Verification
To verify the status of the VMPS IP address, enter these commands:
• Enter the show vmps server command to display the VMPS addresses after clearing a VMPS.
After entering the show vmps server command, you see this display:
Console> (enable) show vmps server
VMPS domain server VMPS Status
---------------------------------------
192.0.0.6
192.0.0.1 primary
192.0.0.9
• Enter the clear vmps server ip_addr command to clear the VMPS IP address.
To verify the status of port VLAN membership, enter these commands:
• To display the port status, enter the show port command. If a dynamic port is shut down, its status
on the display is shown as shutdown. The default port membership setting is static.
Console> (enable) set port membership help
Usage: set port membership < mod_num / port_num..> < dynamic | static >
Console> (enable) set port membership 3/1-3 dynamic
Ports 3/1-3 vlan assignment set to dynamic.
Spantree port fast start option enabled for ports 3/1-3.
Console> (enable) set port membership 1/2 dynamic
Trunking port 1/2 vlan assignment cannot be set to dynamic.
Console> (enable) set port membership 2/1 dynamic
ATM LANE port 2/1 vlan assignment can not be set to dynamic.
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-45
Configuring Dynamic Port VLAN Membership with VMPS
After entering the set port membership and the show port commands, you see this display:
Console> show port
Port Name Status Vlan Level Duplex Speed Type
1/1 connect dyn-3 normal full 100 100 BASE-TX
1/2 connect trunk normal half 100 100 BASE-TX
2/1 connect trunk normal full 155 OC3 MMF ATM
3/1 connect dyn-5 normal half 10 10 BASE-T
3/2 connect dyn-5 normal half 10 10 BASE-T
3/3 connect dyn-5 normal half 10 10 BASE-T
Note The show port command displays dyn- under the Vlan column of the display when it has
not yet been assigned a VLAN for a port.
• To reconfirm the current dynamic port VLAN membership with VMPS, enter the reconfirm
vmps command. The VMPS database changes are not automatically conveyed to dynamic port
entities. After making a VMPS database change, you can apply the change to the dynamic port
entity on a device. After entering the command, you see this display:
Console> (enable) reconfirm vmps
reconfirm process started
Use 'show dvlan statistics' to see reconfirm status
Console> (enable)
Troubleshooting
A port might shut down under the following circumstances:
• The VMPS is in secure mode and it is illegal for the host to be on the port. The port shuts down
to remove the host.
• More than 50 active hosts reside on a dynamic port.
If a dynamic port shuts down, enter the set port enable mod_num/port_num to reenable the port.
Example
Figure 9-15 shows an example of a dynamic port configuration.
Example Configuration Assumptions
Refer to Figure 9-15. For this example, the following assumptions apply:
• You can configure the VMPS and the client on separate switches.
• The Catalyst 5000 series Switch 1 is the primary VMPS server.
• The Catalyst 5000 series Switch 3 and Switch 10 are the secondary VMPS servers.
• End stations are connected to these clients:
— Catalyst 5000 series Switch 2
— Catalyst 5000 series Switch 9
• The database file is called Bldg-G.db, which resides in TFTP server 172.20.22.7.
9-46 Catalyst 5000 Series Software Configuration Guide
Configuring Dynamic Ports on Clients
Figure 9-15 Dynamic Port VLAN Membership Configuration
TFTP server
Catalyst 5000
Primary VMPS Router
Server 1 Switch 1
172.20.22.7
172.20.26.150
3/1 Client
Switch 2
End station 1 172.20.26.151
Secondary VMPS
Server 2 Switch 3
172.20.26.152
Switch 4
172.20.26.153 Ethernet segment
Switch 5
172.20.26.154
Switch 6
172.20.26.155
Switch 7
172.20.26.156
Switch 8
172.20.26.157
Client
Switch 9
End station 2 172.20.26.158
S5697
Secondary VMPS
Server 3 Switch 10
172.20.26.159
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-47
Configuring Dynamic Port VLAN Membership with VMPS
Example Configuration Procedure
Use this procedure to configure the VMPS and dynamic ports:
Step 1 Configure Switch 1 as the primary VMPS, by performing these tasks on Switch 1:
(a) Configure the IP address of the TFTP server on which the ASCII file resides as
follows:
Console> (enable) set vmps tftpserver 172.20.22.7 Bldg-G.db
(b) Enable the VMPS as follows:
Console> (enable) set vmps enable
After entering these commands, the file Bldg-G.db is downloaded to Switch 1. Switch 1
becomes the VMPS server.
Step 2 Configure dynamic ports on the clients, Switch 2, and Switch 9, by performing these
tasks:
(a) Configure the primary VMPS IP address on Switch 2 as follows:
Console> (enable) set vmps server 172.20.26.150 primary
Entering this command on Switch 2 designates the VMPS switch to be queried. The
primary switch option configures Switch 1 as the primary VMPS.
Note If you use the local switch as the VMPS server, you should configure the IP
address of the local switch as the VMPS server.
(b) Configure the secondary VMPS IP addresses on Switch 2 as follows:
Console> (enable) set vmps server 172.20.26.152
Console> (enable) set vmps server 172.20.26.159
(c) Verify the VMPS IP addresses as follows:
Console> (enable) show vmps server
Switches 1, 3, and 10 are configured as VMPSs. Switch 1 is the primary VMPS.
Switches 3 and 10 are secondary servers. All the switches are clients.
(d) Configure port 3/1 on Switch 2 as dynamic as follows:
Console> (enable) set port membership 3/1 dynamic
Suppose you connect End Station 2 on port 3/1. When End Station 2 sends a packet,
Switch 2 sends a query to the primary VMPS, Switch 1. Switch 1 responds with a VLAN
that is assigned to port 3/1. Because Spanning-Tree Protocol (Portfast mode) is enabled
by default for dynamic ports, port 3/1 is immediately connected and enters forwarding
mode.
Step 3 Configure dynamic ports on Switch 9 by repeating Step 2 for Switch 9.
9-48 Catalyst 5000 Series Software Configuration Guide
Understanding Dynamic Port VLAN Membership
Understanding Dynamic Port VLAN Membership
Dynamic ports work in conjunction with the VMPS, which holds a database of MAC
address-to-VLAN mappings.
On the Catalyst 5000 series switch hardware platform, a dynamic (nontrunking) port can belong to
only one VLAN at a time. Upon link-up, a dynamic port is isolated from its static VLAN. The source
MAC address from the first packet of a new host on the dynamic port is sent to the VMPS, which
provides the VLAN number to which this port must be assigned. When a new host sends a packet
on a dynamic port, the Network Management Processor (NMP) detects the packet. The NMP, using
status information from the host packet, sends a query to the VMPS, and then the VMPS responds
with options. For example, suppose the NMP sends a query to the VMPS, and the VMPS response
is “Place port in VLAN X.” The port is then placed in VLAN X if the response is valid. At this point,
the host is connected to VLAN X through the switch fabric.
Multiple hosts (MAC addresses) can be active on a dynamic port, provided they are all in the same
VLAN. Upon link-down, a dynamic port moves back to a state in which it is isolated from other
VLANs, and the port ends in its initial state. Any hosts that come online through this port are
detected by the NMP and checked with the VMPS before these hosts are allowed network VLAN
connectivity.
Dynamic port VLAN membership interacts with the following features:
• Spanning Tree
When a port becomes dynamic, spanning-tree portfast is automatically enabled for that port.
Portfast-enabled dynamic ports that are moved to a new VLAN are placed in forwarding mode
and participate in spanning tree. Automatic enabling of spanning tree allows you to connect to
the network quickly. In addition, spanning tree prevents applications on the host from timing out
and entering loops caused by incorrect configurations. If desired, you can disable spanning-tree
Portfast mode on a dynamic port.
• Static Ports
A host can move from a dynamic port to a static port on the same VLAN. When a host moves
from a static port to an operational dynamic port on the same VLAN in less than five minutes, it
immediately connects to that VLAN. When the NMP detects this event at a later time, it checks
with the VMPS about the legality of the specific host on the dynamic port.
• Static Secure Ports
Static secure ports cannot become dynamic ports. You must turn off security on the static secure
port before it can become dynamic.
• Trunk Ports
Static ports that are trunking cannot become dynamic ports. You must first turn off trunking on
the trunk port before changing it from static to dynamic.
Note The management domain and the management VLAN of the client and the server must be the
same.
Configuring VTP, VLANs, VLAN Trunks, and VMPS 9-49
Configuring Dynamic Port VLAN Membership with VMPS
9-50 Catalyst 5000 Series Software Configuration Guide
You might also like
- Audio Book Kevin Trudeau - Mega Memory WorkbookNo ratings yetAudio Book Kevin Trudeau - Mega Memory Workbook47 pages
- 4.manual ETR300S DNP3.0 Remote Communication V1.0 EngNo ratings yet4.manual ETR300S DNP3.0 Remote Communication V1.0 Eng64 pages
- SJ-20110624091725-016 ZXR10 8900&8900E (V3.00.01) Series Switch Configuration Guide (Interface Configuration)No ratings yetSJ-20110624091725-016 ZXR10 8900&8900E (V3.00.01) Series Switch Configuration Guide (Interface Configuration)59 pages
- VDCT - CCNAX20S05 - Building A Medium-Sized NetworkNo ratings yetVDCT - CCNAX20S05 - Building A Medium-Sized Network131 pages
- Configuring Nonstop Forwarding With Stateful SwitchoverNo ratings yetConfiguring Nonstop Forwarding With Stateful Switchover10 pages
- Information Ethics - Privacy and Intellectual Property (Idea Group Publishing) PDFNo ratings yetInformation Ethics - Privacy and Intellectual Property (Idea Group Publishing) PDF297 pages
- PCNSE - Ppwy.premium - Exam.173q Oct 16 2021No ratings yetPCNSE - Ppwy.premium - Exam.173q Oct 16 202167 pages
- Configuring IP Routing Protocols For Nortel Ethernet Routing Switch 5500 Series, Software Release 4.2No ratings yetConfiguring IP Routing Protocols For Nortel Ethernet Routing Switch 5500 Series, Software Release 4.286 pages
- Summary of VTP VLAN Trunking Protocol 1741004463No ratings yetSummary of VTP VLAN Trunking Protocol 174100446312 pages
- UNIT V - Intrusion Detection and FirewallNo ratings yetUNIT V - Intrusion Detection and Firewall15 pages
- Assignment4 - Taha Ben Amor - 300172759No ratings yetAssignment4 - Taha Ben Amor - 30017275917 pages
- U L T R A: Ultimate Long-Term Resistance and Aerobic System100% (2)U L T R A: Ultimate Long-Term Resistance and Aerobic System11 pages
- Newps401 Switching: LU5: Perform VTP ConfigurationsNo ratings yetNewps401 Switching: LU5: Perform VTP Configurations37 pages
- CCNPv7.1 SWITCH Lab3-1 VLAN-TRUNK-VTP STUDENT PDFNo ratings yetCCNPv7.1 SWITCH Lab3-1 VLAN-TRUNK-VTP STUDENT PDF36 pages
- Q3 Module1 G11 CSS-NCII Sison-Central-IsNo ratings yetQ3 Module1 G11 CSS-NCII Sison-Central-Is10 pages
- Configuring STP: Understanding Basic STP FeaturesNo ratings yetConfiguring STP: Understanding Basic STP Features34 pages
- Synergetic Server Installation QuestionnaireNo ratings yetSynergetic Server Installation Questionnaire9 pages
- Configuring VTP: Finding Feature InformationNo ratings yetConfiguring VTP: Finding Feature Information26 pages
- Understanding & Configuring VLAN Trunk ProtocolNo ratings yetUnderstanding & Configuring VLAN Trunk Protocol34 pages
- Propagating Vlan Configurations With VTP: Defining VlansNo ratings yetPropagating Vlan Configurations With VTP: Defining Vlans14 pages
- CCIE RNS v5 - Configuration - Question - Lab 1.1 - Final Release - 01-Jul-2018No ratings yetCCIE RNS v5 - Configuration - Question - Lab 1.1 - Final Release - 01-Jul-201833 pages
- By Eric Litwin Felt Board: Pete The Cat and His Four Groovy ButtonsNo ratings yetBy Eric Litwin Felt Board: Pete The Cat and His Four Groovy Buttons3 pages
- Lab 2.9.2 Catalyst 2950T and 3550 Series VTP Domain and VLAN TrunkingNo ratings yetLab 2.9.2 Catalyst 2950T and 3550 Series VTP Domain and VLAN Trunking16 pages
- 2.1 Lab - Setting Up The Lab Environment - ILMNo ratings yet2.1 Lab - Setting Up The Lab Environment - ILM5 pages
- Sniffing: Passive Sniffing Active SniffingNo ratings yetSniffing: Passive Sniffing Active Sniffing17 pages
- Networking Interview Question With AnswerNo ratings yetNetworking Interview Question With Answer35 pages
- (Virtual Trunking Protocol) : Cisco Ccna BootcampNo ratings yet(Virtual Trunking Protocol) : Cisco Ccna Bootcamp22 pages
- Technical Integration Guide For Entrust Identityguard 7.2 and Cisco VPN 3000 Series Concentrator/Cisco Secure Acs Radius ServerNo ratings yetTechnical Integration Guide For Entrust Identityguard 7.2 and Cisco VPN 3000 Series Concentrator/Cisco Secure Acs Radius Server26 pages
- Creating Ethernet Vlans On Catalyst Switches............................................................................................. 1No ratings yetCreating Ethernet Vlans On Catalyst Switches............................................................................................. 124 pages
- CCNA 2 RSE Practice Skills Assessment v5No ratings yetCCNA 2 RSE Practice Skills Assessment v511 pages
- Welcome To Office 365: Awareness Event ForNo ratings yetWelcome To Office 365: Awareness Event For15 pages
- Our Next Move: Choosing A Neighbourhood With Sustainable FeaturesNo ratings yetOur Next Move: Choosing A Neighbourhood With Sustainable Features12 pages
- Configuring Intervlan Routing Using An Internal Router (Layer 3 Card) On Catalyst 5500/5000 and 6500/6000 Switches That Run Catos System SoftwareNo ratings yetConfiguring Intervlan Routing Using An Internal Router (Layer 3 Card) On Catalyst 5500/5000 and 6500/6000 Switches That Run Catos System Software14 pages
- VLAN Trunking Protocol: CCNA Exploration Semester 3No ratings yetVLAN Trunking Protocol: CCNA Exploration Semester 330 pages
- Virtual Trunking Protocol: Compiled By: Miss Kiran AyubNo ratings yetVirtual Trunking Protocol: Compiled By: Miss Kiran Ayub13 pages
- Configuring VTP: Understanding How VTP WorksNo ratings yetConfiguring VTP: Understanding How VTP Works12 pages
- Understanding VLAN Trunk Protocol (VTP) : Document ID: 10558 This Document Contains Flash AnimationNo ratings yetUnderstanding VLAN Trunk Protocol (VTP) : Document ID: 10558 This Document Contains Flash Animation8 pages
- Configuring Virtual Lans: Configure Vlan Trunk Protocol100% (2)Configuring Virtual Lans: Configure Vlan Trunk Protocol10 pages
- Computer Networks 2 - Labs: Faculty of Computer Science and Engineering - Ho Chi Minh City University of TechnologyNo ratings yetComputer Networks 2 - Labs: Faculty of Computer Science and Engineering - Ho Chi Minh City University of Technology14 pages
- Computer Network Lab - 1 (Cisco Packet Tracer) 1. Build A Peer To Peer Network Between Two PcsNo ratings yetComputer Network Lab - 1 (Cisco Packet Tracer) 1. Build A Peer To Peer Network Between Two Pcs11 pages
- Quick Start To Office 365: Tips and Best Practices For Small To Medium BusinessesNo ratings yetQuick Start To Office 365: Tips and Best Practices For Small To Medium Businesses2 pages
- PT Activity 4.4.1: Basic VTP Configuration: Topology DiagramNo ratings yetPT Activity 4.4.1: Basic VTP Configuration: Topology Diagram8 pages
- Secure Shell (SSH) Protocol: Notes For Lecture-36 MCA 206: Advanced Computer NetworksNo ratings yetSecure Shell (SSH) Protocol: Notes For Lecture-36 MCA 206: Advanced Computer Networks4 pages
- Configure VTP Server and Client in SwitchNo ratings yetConfigure VTP Server and Client in Switch4 pages
- Study Guide Cisco 300-515 SPVI Implementing Cisco Service Provider VPN Services Certification ExamFrom EverandStudy Guide Cisco 300-515 SPVI Implementing Cisco Service Provider VPN Services Certification ExamNo ratings yet
- LEARN MPLS FROM SCRATCH PART-B: A Beginners guide to next level of networkingFrom EverandLEARN MPLS FROM SCRATCH PART-B: A Beginners guide to next level of networkingNo ratings yet
- Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3From EverandCisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #34.5/5 (2)
- Network with Practical Labs Configuration: Step by Step configuration of Router and Switch configurationFrom EverandNetwork with Practical Labs Configuration: Step by Step configuration of Router and Switch configurationNo ratings yet
- WAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay NetworksFrom EverandWAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay NetworksNo ratings yet