CCNA 3 Module 9

1
CCNA 3 Module 9

• VLAN Trunking Protocol
• Modified by Joanne Wagner,
• CCNA, CCNP, CCAI

2
Switching
In the context of a VLAN switching environment, a
trunk is a point-to-point link that supports
several VLANs. The purpose of a trunk is to
conserve ports when creating a link between
devices implementing VLANs.
3
Wasting
Here, each switch is using two physical links so
that each port carries traffic for a single
VLAN. This is the simplest way of implementing
inter-switch VLAN communication, but it does
not scale well.
4
Trunking
Trunking will bundle multiple virtual links over
one physical link by allowing the traffic for
several VLANs to travel over a single cable
between the switches.
5
Trunking Concepts

• In the context of a VLAN switching environment, a
  trunk is a point-to-point link that supports
  several VLANs.
• The purpose of a trunk is to conserve ports when
  creating a link between two devices implementing
  VLANs

6
Trunking Protocols

• Trunking protocols were developed to effectively
  manage the transfer of frames from different
  VLANs on a single physical line.
• The trunking protocols establish agreement for
  the distribution of frames to the associated
  ports at both ends of the trunk.
• The two types of trunking mechanisms that exist
  are frame filtering and frame tagging.
• Frame tagging has been adopted as the standard
  trunking mechanism by the IEEE.  

7
Frame Filtering

• Switching tables at both ends of the trunk can be
  used to make port forwarding decisions based on
  frame destination MAC addresses.
• As the number of VLANs traveling across the trunk
  increases, the forwarding decisions become slower
  and more difficult to manage.
• The decision process becomes slower because the
  larger switching tables take longer to process.

8
Frame Filtering
9
Frame Tagging
Frame tagging places a unique identifier in the
header of each frame as it is forwarded
throughout the network backbone. The
identifier is understood and examined by each
switch before any broadcasts or transmissions are
made to other switches, routers or end stations.
10
Frame Tagging

• When the frame exits the network backbone, the
  switch removes the identifier before the frame is
  transmitted to the target end station. Frame
  tagging functions at Layer 2 and requires little
  processing or administrative overhead.
• It is important to understand that a trunk link
  does not belong to a specific VLAN. The
  responsibility of a trunk link is to act as a
  conduit for VLANs between switches and routers.

11
Trunk and Access Links
Or dot 1 q
Inter-Switch Link or IEEE 802.1Q
The unique physical link between the two switches
is able to carry traffic for any VLAN.
12
VLANs and Trunking
13
Frame Tagging and Encapsulation
With ISL, an Ethernet frame is encapsulated with
a header that contains a VLAN ID. In IEEE 802.1Q
frames, a 4-byte field is used to tag the frame.
14
Trunking Implementation

• To create or configure a VLAN trunk on a Cisco
  IOS command-based switch
• configure the port as a trunk
• specify the trunk encapsulation
• Before attempting to configure a VLAN trunk on a
  port, determine what encapsulation the port can
  support.
• (config-if)switchport trunk encapsulation ?

15
IOS Based Switches
16
IOS Based Switches
17
IOS Based Switches
18
Trunking Modes
19
Trunking Mode ON

• This mode puts the port into permanent trunking.
• The port becomes a trunk even if the neighboring
  port does not agree to the change.
• The on state does not allow for auto-negotiation
  on encapsulation type.

20
Trunking Mode Off

• This mode puts the port into permanent
  nontrunking mode.
• The neighboring port becomes a non trunk port
  even if the neighboring port does not agree to
  the change.

21
Trunking Mode Desirable

• This mode makes the port actively attempt to
  convert the link to a trunk link.
• The trunk mode makes the port actively attempt to
  convert the link to a trunk link.
• The port becomes a trunk if the neighboring port
  is set to on, desirable, or auto mode
• Because both interfaces by default are in
  desirable mode, this means a link between two
  Cisco switches will automatically become a trunk
  link unless configured otherwise.

22
Trunking Mode Auto

• This mode makes the port willing to convert the
  link to a trunk link.
• The port becomes a trunk if the neighboring port
  is set to on or desirable.
• This is the default mode for Fast and Gigabit
  Ethernet port.
• NOTE If the default setting is set on both sides
  of the trunk link, it will never become a trunk.

23
VTP

• In a domain with several interconnected switches,
  each VLAN must be manually configured on each
  switch. As the organization grows and additional
  switches are added to the network, each new
  switch must be manually configured with VLAN
  information.
• With VTP, VLAN configuration is consistently
  maintained across a common administrative domain.
• Additionally, VTP reduces the complexity of
  managing and monitoring VLAN networks

24
Trunk Links and VTP
While switch ports are normally assigned to only
a single VLAN, trunk ports by default carry
frames from all VLANs.
25
VTP Concepts

• The role of VTP is to maintain VLAN configuration
  consistency across a common network
  administration domain.
• VTP is a messaging protocol that uses Layer 2
  trunk frames to manage the addition, deletion,
  and renaming of VLANs on a single domain.
• VTP allows for centralized changes that are
  communicated to all other switches in the
  network.

26
VTP Operation

• When transmitting VTP messages to other switches
  in the network, the VTP message is encapsulated
  in either ISL or IEEE 802.1Q.
• The VTP header varies, depending upon the type of
  VTP message, but generally, four items are found
  in all VTP messages
• VTP protocol version (either version 1 or 2)
• VTP message type
• Management domain name length
• Management domain name

27
ISL Frame
28
(No Transcript)
29
VTP Modes

• VTP switches operate in one of three modes,
  Server, Client, Transparent
• VTP servers can create, modify, and delete VLAN
  and VLAN configuration parameters for the entire
  domain. VTP servers save VLAN configuration
  information in the switch NVRAM. VTP servers send
  VTP messages out to all trunk ports.
• VTP clients cannot create, modify, or delete VLAN
  information. This mode is useful for switches
  lacking memory to store large tables of VLAN
  information. The only role of VTP clients is to
  process VLAN changes and send VTP messages out
  all trunk ports

30
VTP Transparent Mode

• Switches in VTP transparent mode forward VTP
  advertisements but ignore information contained
  in the message.
• A transparent switch will not modify its
  database when updates are received, nor will the
  switch send out an update indicating a change in
  its VLAN status.
• Except for forwarding VTP advertisements, VTP is
  disabled on a transparent switch

31
VTP Domains
A VTP domain is made up of one or more
interconnected devices that share the same VTP
domain name. A switch can be in one VTP domain
only.
32
VTP Database

• In the previous slide, Switch C transmits a VTP
  database entry with additions or deletions to
  Switch A and Switch B.
• The configuration database has a revision number
  that is incremented by one.
• A higher configuration revision number indicates
  that the VLAN information that is being sent is
  more current then the stored copy.
• Any time a switch receives an update that has a
  higher configuration revision number the switch
  will overwrite the stored information with the
  new information being sent in the VTP update.
• Switch F will not process the update because it
  is in a different domain.

33
Configuration Revision

• This overwrite process means that if the VLAN
  does not exist in the new database, it is deleted
  from the switch.
• In addition, VTP maintains its own NVRAM. An
  erase startup-configuration clears the NVRAM of
  configuration commands, but not the VTP database
  revision number.
• To set the configuration revision number back to
  zero, the switch must be rebooted.

34
Security

• By default, management domains are set to a
  nonsecure mode, meaning that the switches
  interact without using a password.
• Adding a password automatically sets the
  management domain to secure mode.
• The same password must be configured on every
  switch in the management domain to use secure
  mode.

35
VTP Messages

• There are three types of VTP messages
• Advertisement requests
• Summary advertisements
• Subset advertisements
• With advertisement requests, clients request VLAN
  information and the server responds with summary
  and subset advertisements.

36
Summary Advertisement

• By default, server and client Catalyst switches
  issue summary advertisements every five minutes.
• Servers inform neighbor switches what they
  believe to be the current VTP revision number.
• Assuming the domain names match, the receiving
  server or client compares the configuration
  revision number.
• If the revision number in the advertisement is
  higher than the current revision number in the
  receiving switch, the receiving switch then
  issues an advertisement request for new VLAN
  information

37
Subset Advertisments

• Subset advertisements contain detailed
  information about VLANs such as VTP version type,
  domain name and related fields, and the
  configuration revision number.
• The following can trigger these advertisements
• Creating or deleting a VLAN
• Suspending or activating a VLAN
• Changing the name of a VLAN
• Changing the maximum transmission unit (MTU) of a
  VLAN

38
VTP Configuration Steps
39
VTP Configuration

• The following tasks need to be considered before
  configuring VTP
• Determine the version number of VTP that will be
  utilized.
• Decide if this switch is to be a member of an
  existing management domain or if a new domain
  should be created. If a management domain exists,
  determine the name and password of the domain
• Choose a VTP mode for the switch

40
VTP Versions

• Two different versions of VTP are available,
  Version 1 and Version 2.
• The two versions are not interoperable. If a
  switch is configured in a domain for VTP Version
  2, all switches in the management domain must be
  configured for VTP Version 2.
• VTP Version 1 is the default. VTP Version 2 may
  be implemented if some of the specific features
  that VTP Version 2 offers are not offered in VTP
  Version 1.
• The most common feature that is needed is Token
  Ring VLAN support.

41
VTP Configuration

• !Enter the Vlan database
• Switchvlan database! Change the VTP version
• Switch(vlan)vtp v2-mode
• !Assign the VTP domain
• Switch(vlan)vtp domain cisco
• !Configure the VTP mode
• Switch(vlan)vtp client server transparent

42
(No Transcript)
43
(No Transcript)
44
(No Transcript)
45
(No Transcript)
46
(No Transcript)
47
Inter-VLAN Routing
48
(No Transcript)
49
(No Transcript)
50
One Link Per VLAN
What if you had ten VLANs?
51
router-on-a-stick design
52
Using Router-on-a-Stick
53
(No Transcript)
54
(No Transcript)
55
(No Transcript)
56
(No Transcript)
57
(No Transcript)
58
(No Transcript)
59
Inter-VLAN Routing

• Your router needs to have a FastEthernet
  interface in order to be able to support
  trunking.
• The 1700 series routers have FastEthernet
  inerfaces, but do not support trunking.
• If you put an IP address on the physical
  interface, you will not be able to configure
  encapsulation.
• Check which encapsulation is supported by your
  switch first.

60
VLAN Types

• There are various types of VLANs
• VLAN 1
• The default VLAN
• The user VLAN
• The Native VLAN
• The Management VLAN

61
VLAN 1

• The reason VLAN 1 became a special VLAN is that
  Layer 2 devices needed to have a default VLAN to
  assign to their ports, including their management
  port(s).
• In addition to that, many Layer 2 protocols such
  as CDP, DTP, and VTP needed to be sent on a
  specific VLAN on trunk links. For all these
  purposes VLAN 1 was chosen.
• CDP, VTP, and DTP are always transmitted over
  VLAN 1. This is always the case and cannot be
  changed. Cisco recommends that VLAN 1 be used
  only for these protocols.
• The management VLAN and user VLANs should all be
  configured to use VLANs other than VLAN 1.

62
Default VLAN

• By default, all switch interfaces are assigned to
  VLAN 1, unless configured otherwise.
• VLAN 1 is also known as the default VLAN.
  Because it is the default, all other types of
  VLANs, the native VLAN, the management VLAN and
  the user VLANs, are all automatically members of
  VLAN 1.
• All Ethernet interfaces on Catalyst switches
  default to VLAN 1. Any device connected to an
  interface on a switch will be a member of VLAN 1
  unless that interface is configured to use a
  different VLAN with the switchport access vlan
  interface command.

63
User VLAN

• User VLANs are what is normally thought of when
  we think of VLANs.
• A user VLAN is a VLAN that is created to segment
  a group of users, either geographically or
  logically, from the rest of the network.
• The switchport access vlan interface command is
  used to assign interfaces to these various user
  VLANs.

64
Native VLAN

• The native VLAN is a term used with interfaces
  that are configured as VLAN trunks.
• When a switch port is configured as a trunk, it
  tags frames with the appropriate VLAN number.
• Frames from all VLANs are carried across the
  trunk link containing the 802.1Q tag, except for
  frames belonging to VLAN 1. By default, frames
  from VLAN 1 belong to the native VLAN, and are
  carried across the trunk untagged.
• This VLAN is implicitly used for all the untagged
  traffic received on an 802.1Q capable port.
•  

65
Modifying the Native VLAN

• This capability is desirable because it allows
  802.1Q capable ports to talk to old 802.3 ports
  directly by sending and receiving untagged
  traffic.
• The use of the native VLAN should be avoided for
  data traffic.
• The native VLAN can be modified to a VLAN other
  than VLAN 1 with the following interface command
•  Switch(config-if)switchport trunk native vlan
  vlan-id

66
Modifying the Native VLAN

• It is recommended that the native VLAN should
  never be used as a user VLAN or the management
  VLAN.
• Control traffic such as CDP, VTP, and DTP, is
  transmitted over VLAN 1, the default native VLAN.
  
• If the native VLAN is changed to something other
  than VLAN 1, then the control traffic would then
  be transmitted on VLAN 1 as tagged traffic. This
  will have no ill affects on the control traffic.
• It is fine to leave VLAN 1 as the (default)
  native VLAN, as long as VLAN 1 is not used as a
  user VLAN or as the management VLAN. Control
  traffic should be the only information carried
  across VLAN 1. However, it is also common
  practice to change the native VLAN to some dummy
  VLAN (other than VLAN 1) that is not used for any
  data or management traffic.
•  

67
Native VLAN Consistency

• It is also important to ensure that both ends of
  a switch-to-switch link have consistent native
  VLANs configured.
• If the native VLANs on both ends of a link are
  not the same, there will effectively be a bridge
  between the two VLANs and they will no longer be
  independent broadcast domains. Fortunately,
  recent versions of the IOS alert the user when
  mismatches in the native VLAN occur.

68
(No Transcript)
69
(No Transcript)