Implementing of VLANs

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 1
Virtual Local Area Network (VLAN)
➢ A VLAN is a logical group of end devices.
➢ Broadcasts are contained within VLANs.
➢ Modern design has 1 VLAN = 1 IP subnet.
➢ Trunks connect switches so as to transport multiple VLANs.
➢ Layer 3 devices interconnect VLANs.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 2
Local VLANs
➢ Create local VLANs with physical boundaries in mind rather than job functions of the users.
➢ Local VLANs exist between the access and distribution layers.
➢ Traffic from a local VLAN is routed at the distribution and core levels.
➢ Switches are configured in VTP transparent mode.
➢ Spanning tree is used only to prevent inadvertent loops in the wiring closet.
➢ One to three VLANs per access layer switch recommended.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 3
End-to-End VLANs
➢ Each VLAN is distributed geographically throughout the network.
➢ Users are grouped into each VLAN regardless of the physical location, theoretically easing
network management.
➢ As a user moves throughout a campus, the VLAN membership for that user remains the same.
➢ Switches are configured for VTP server or client mode.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 4
VLANs in Enterprise Campus Design
➢ VLANs used at access layer should extend no further than their associated distribution switch.
➢ Traffic is routed from the local VLAN as it is passed from the distribution layer into the core.
➢ Blocks can contain one to three VLANs each.
➢ STP is limited to access and distribution switches.
➢ DHCP is used to assign IP addresses to users.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 5
 VLAN Ranges on Catalyst Switches
VLAN Range Range Usage Popagated via VTP?

0, 4095 Reserved For system use only. You cannot see n/a
or use these.
1 Normal Cisco default. You can use this Yes
VLAN, but you cannot delete it.
2 – 1001 Normal For Ethernet VLANs. You can create, Yes
use, and delete these.
1002 – 1005 Normal Cisco defaults for FDDI and Token Yes
Ring. You cannot delete these.
1006 – 1024 Reserved For system use only. You cannot see n/a
or use these. (some switches)
1025 - 4094 Reserved For Ethernet VLANs only. VTP v 3 only. Not
supported in VTP v1 or
v2. Requires VTP
transparent mode for
configuration.
Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 6
Best Practices for VLAN Design
➢ One to three VLANs per access module and limit those VLANs to a couple of access switches
and the distribution switches.
➢ Avoid using VLAN 1 as the "blackhole" for all unused ports. Use a dedicated VLAN separate
from VLAN 1 to assign all the unused ports.
➢ Separate the voice VLANs, data VLANs, the management VLAN, the native VLAN, blackhole
VLANs, and the default VLAN (VLAN 1).
➢ Avoid VTP when using local VLANs; use manually allowed VLANs on trunks.
➢ For trunk ports, turn off Dynamic Trunking Protocol (DTP) and configure trunking. Use IEEE
802.1Q rather than ISL because it has better support for QoS and is a standard protocol.
➢ Manually configure access ports that are not specifically intended for a trunk link.
➢ Prevent all data traffic from VLAN 1; only permit control protocols to run on VLAN 1 (DTP, VTP,
STP BPDUs, PAgP, LACP, CDP, etc.).
➢ Avoid using Telnet because of security risks; enable SSH support on management VLANs.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 7
Configuration: Create a VLAN
➢ To create a new VLAN in global configuration mode.
Switch(config)# vlan vlan-id
➢ vlan-id is 2-1001 or 1025-4094

Configuration: Name a VLAN

➢ To name a VLAN in VLAN configuration mode.
Switch(config-vlan)# name vlan-name
➢ vlan-name is a descriptor for the VLAN.
➢ Naming a VLAN is optional.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 8
Example: Creating and Naming a VLAN
➢ Enter global configuration mode:
Switch# configure terminal
➢ Create a new VLAN with a particular ID number:
Switch(config)# vlan vlan-id
➢ (Optional.) Name the VLAN:
Switch(config-vlan)# name vlan-name

Switch# configure terminal

Switch(config)# vlan 5
Switch(config-vlan)# name Engineering
Switch(config-vlan)# exit

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 9
Configuration: Disable Trunk Negotiation on a Port
➢ To disable trunk negotiation on a switch port.
Switch(config-if)# switchport mode access
➢ This command is optional but is recommended for security purposes. An access port does not
need to negotiate trunk formation.

Configuration: Macro for Access Port

➢ To configure an optional macro for switch access ports.
Switch(config-if)# switchport host
➢ This command optimizes a Layer 2 port for a host connection.
➢ This macro sets the port mode to access, enables spanning-tree portfast, and disables
EtherChannel.

Configuration: Assign Port to VLAN

➢ To assign a port to a VLAN in interface configuration mode.
Switch(config-if)# switchport access vlan vlan-id
➢ vlan-id is a previously created VLAN.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 10
Configuration: Assigning a Port to a VLAN
Switch(config)# interface FastEthernet 5/6
Switch(config-if)# description PC A
Switch(config-if)# switchport host
switchport mode will be set to access
spanning-tree portfast will be enabled
channel group will be disabled
Switch(config-if)# switchport access vlan 200
Switch(config-if)# no shutdown
Switch(config-if)# end

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 11
Verification: VLAN Configuration
➢ The show vlan command and its derivatives are the most useful commands for displaying
information related to VLANs. The following two forms have the same output.

Switch# show vlan id 3

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

3 VLAN0003 active Fa0/1

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

3 enet 100003 1500 - - - - - 0 0

Switch# show vlan name VLAN0003

VLAN Name Status Ports
---- -------------------------------- --------- ---------------------
3 VLAN0003 active Fa0/1

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
3 enet 100003 1500 - - - - - 0 0

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 12
Verification: Interface Configuration
➢ The show running-config command has an interface keyword option to allow for
interface-specific output.
Switch# show running-config interface FastEthernet 5/6
Building configuration...
!
Current configuration :33 bytes
interface FastEthernet 5/6
switchport access vlan 200
switchport mode access
switchport host
end

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 13
Verification: Switch Port Configuration
➢ One of the most useful commands for showing VLAN configuration information specific to a
switch port is the show interfaces interface_id switchport command.

Switch# show interfaces f0/18 switchport

Name: Fa0/18
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 20 (VLAN0020)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 150 (VLAN0150)
<output omitted>
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 14
Implementing Of Trunking

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 15
VLAN Trunking
➢ A port that carry traffic from different VLANs simultaneously.

➢ The host on the left in VLAN 2 can communicate with the host on the right in VLAN 2 via the
trunk link; over the same trunk link, the hosts on VLAN 1 can communicate simultaneously.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 16
VLAN Trunking with Inter-Switch Link (ISL)
➢ ISL is Cisco-proprietary trunking protocol.
➢ ISL is nearly obsolete.
➢ ISL encapsulates Ethernet frames, adding 30 bytes of overhead.
➢ ISL is supported on non-access-layer Cisco switches.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 17
VLAN Trunking with IEEE 802.1Q
➢ 802.1Q is a widely supported industry-standard protocol.
➢ IEEE 802.1Q has smaller frame overhead than ISL. 802.1Q overhead is 4 bytes.
➢ 802.1Q has the 802.1p field for QoS support.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 18
Native VLAN with IEEE 802.1Q
➢ 802.1Q trunks define a native VLAN for frames that are not tagged by default.
➢ Cisco switches, the default native VLAN is VLAN 1, and you can configure any other VLAN as
the native VLAN.
➢ 802.1Q trunk port between two devices have the same native VLAN on both sides of the link.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 19
Dynamic Trunking Protocol (DTP)
➢ DTP is Cisco proprietary point-to-point layer-2 protocol.
➢ DTP negotiates the operational mode of directly connected switch ports to a trunk port and
selects an appropriate trunking protocol.
➢ Switchport nonegotiate – switchport won’t send DTP packets.
➢ Default interface mode is dynamic auto.
➢ Best practice is to configure the static mode and disable DTP.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 20
Design with VLAN Trunks
➢ Trunks interconnect access layer switches.
➢ Trunks connect access layer switches to distribution layer switches.
➢ Layer 3 links interconnect core and distribution layer switches.
➢ Access layer switches are configured in a spanning-tree, loop-free, V-shaped topology. If one
distribution link fails, HSRP or VRRP provide an alternative default gateway.
➢ Recommended: turn off DTP and manually prune VLANs on trunks.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 21
Configuring an Interface for Trunking
➢ Select the encapsulation type:
▪ Switch(config-if)# switchport trunk encapsulation {isl | dot1q |
negotiate}

➢ Configure the interface as a Layer 2 trunk:

▪ Switch(config-if)# switchport mode {dynamic {auto | desirable} |
trunk}

➢ Specify the native VLAN:

▪ Switch(config-if)# switchport trunk native vlan vlan-id

➢ Configure the allowable VLANs for this trunk:

▪ Switch(config-if)# switchport trunk allowed vlan {add | except |
all | remove} vlan-id[,vlan-id[,vlan-id[,...]]]

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 22
Configuring an Interface for Trunking
Switch(config)# interface FastEthernet 5/8
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport nonegotiate optional
Switch(config-if)# switchport trunk allowed vlan 1-100
Switch(config-if)# no shutdown
Switch(config-if)# end

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 23
Verifying Trunk Configuration
Switch# show running-config interface f5/8
Building configuration...
Current configuration:
!
interface FastEthernet5/8
switchport mode dynamic desirable
switchport trunk encapsulation dot1q
end

Switch# show interfaces f5/8 switchport

Name: Fa5/8
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Enabled
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001

Switch# show interfaces f5/8 trunk

Port Mode Encapsulation Status Native vlan
Fa5/8 desirable n-802.1q trunking 1

Port Vlans allowed on trunk

Fa5/8 1-1005

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 24
 Troubleshooting Trunk Links
➢ Ensure that the Layer 2 interface mode configured on both ends of the link is valid. The trunk mode
should be trunk or desirable for at least one side of the trunk.
➢ Ensure that the trunk encapsulation type configured on both ends of the link is valid and compatible.
➢ On IEEE 802.1Q trunks, make sure the native VLAN is the same on both ends of the trunk.
➢ When using DTP, ensure that both ends of the link are in the same VTP domain.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 25
VLAN Trunking Protocol(VTP)

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 26
VLAN Trunking Protocol (VTP)
➢ VTP is a Cisco-proprietary protocol that automates the propagation of VLAN information
between switches via trunk links. This minimizes misconfigurations and configuration
inconsistencies.
➢ VTP does not configure switch ports for VLAN membership.
➢ VTP domains define sets of interconnected switches sharing the same VTP configuration.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 27
VTP Modes
Mode Description
Client • Cannot create, change, or delete VLANs on command-line interface (CLI).
• Forwards advertisements to other switches.
• Synchronizes VLAN configuration with latest information received from other
switches in the management domain.
• Does not save VLAN configuration in nonvolatile RAM (NVRAM).

Server • Can create, modify, and delete VLANs.

• Sends and forwards advertisements to other switches.
• Synchronizes VLAN configuration with latest information received from other
switches in the management domain.
• Saves VLAN configuration in NVRAM.
Transparent • Can create, modify, and delete VLANs only on the local switch.
• Forwards VTP advertisements received from other switches in the same
management domain.
• Does not synchronize its VLAN configuration with information received from
other switches in the management domain.
• Saves VLAN configuration in NVRAM.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 28
VTP Operation

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 29
VTP Revision number
➢ Ensure a new switch has VTP revision 0 before adding it to a network by converting its mode to
transparent .
➢ Default VTP mode of Cisco switch is VTP Server.
➢ Recommended : Must be VTP transparent mode in all the switches of production network.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 30
VTP Pruning
➢ VTP pruning prevents flooded traffic from propagating to switches that do not have members
in specific VLANs.
➢ VTP pruning uses VLAN advertisements to determine when a trunk connection is flooding
traffic needlessly. Switches 1 and 4 in the figure support ports statically configured in the Red
VLAN.
➢ The broadcast traffic from Station A is not forwarded to Switches 3, 5, and 6 because traffic
for the Red VLAN has been pruned on the links indicated on Switches 2 and 4.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 31
VTP Versions
➢ Three VTP versions: V1, V2, V3.
➢ Below is the difference between VTP versions

Parameter VTPv1 VTPv2 VTPv3

VLAN range 1-1001 1-1001 1-4095

Private VLANs Not support Not Support Support

Version-
Dependent in Yes No No
Transport Mode
Authentication cleartext and MD5 cleartext and MD5 Hidden protection

Token Ring Not support Support Support

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 32
Configuring VTP
➢ Configure the VTP mode as server:
▪ Switch(config)# vtp mode server

➢ Configure the domain name:

▪ Switch(config)# vtp domain domain_name

➢ (Optional.) Enable VTP version 2:

▪ Switch(config)# vtp version 2

➢ (Optional.) Specify a VTP password:

▪ Switch(config)# vtp password password_string

➢ (Optional.) Enable VTP pruning in the management domain:

▪ Switch(config)# vtp pruning

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 33
VTP Configuration Example
➢ This example creates a VTP server with domain name Modular_Form, password genus, and
pruning enabled.

Switch# configure terminal

Switch(config)# vtp mode server
Setting device to VTP SERVER mode.
Switch(config)# vtp domain Modular_Form
Switch(config)# vtp password genus
Switch(config)# vtp pruning
Switch(config)# end

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 34
Verifying VTP Configuration
➢ The most useful command for verifying VTP configuration is the show vtp status command.

Switch# show vtp status

VTP Version : 2
Configuration Revision : 247
Maximum VLANs supported locally : 1005
Number of existing VLANs : 33
VTP Operating Mode : Server
VTP Domain Name : Modular_Form
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80
Configuration last modified by 0.0.0.0 at 8-12-99
15:04:4

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 35
Verifying VTP Configuration
➢ Use the show vtp counters command to display statistics about VTP operation. If there are
any problems regarding the VTP operation, this command helps look for VTP message type
updates.
Switch# show vtp counters
VTP statistics:
Summary advertisements received : 7
Subset advertisements received : 5
Request advertisements received : 0
Summary advertisements transmitted : 997
Subset advertisements transmitted : 13
Request advertisements transmitted : 3
Number of config revision errors : 0
Number of config digest errors : 0
Number of V1 summary errors : 0

VTP pruning statistics:

Trunk Join Transmitted Join Received Summary advts received from non-
pruning-capable device
------ ---------------- ------------- -----------------
Fa5/8 43071 42766 5

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 36
VTP Troubleshooting
➢ Check that switches are interconnected by active trunk links.
➢ Check that the trunking protocol matches on opposite ends of a trunk link.
➢ Check VTP domain name (case-sensitive) and password.
➢ Check the VTP mode of the switches.
➢ Check the VTP versions of the switches.

Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 37
Slides are created by Cisco Systems, Inc. & updated by BIM Trainings 38