Aut inveniam viam aut faciam

v5 Written and Lab: Trunk and VTP Notes

v5 Written:
2.1.d Implement and troubleshoot trunking
2.1.d [i] VTPv1, VTPv2, VTPv3, VTP pruning
2.1.d [ii] dot1Q
2.1.d [iii] Native VLAN
2.1.d [iv] Manual pruning

v5 Lab:
1.1.d Implement and troubleshoot trunking
1.1.d [i] VTPv1, VTPv2, VTPv3, VTP pruning
1.1.d [ii] dot1Q
1.1.d [iii] Native VLAN
1.1.d [iv] Manual pruning

Documentation:

Catalyst 3750-X and 3560-X Software Configuration Guide, Release 15.0(1)SE,
Chapter 15: Configuring VLANs, pgs. 15-14 to 15-32

Catalyst 3750-X and 3560-X Software Configuration Guide, Release 15.0(1)SE,
Chapter 16: Configuring VTP, pgs. 16-1 to 16-18

Books:

Cisco LAN Switching; Chapter 8: Trunking Technologies and Applications, pgs. 291 – 331

CCIE Routing and Switching Exam Certification Guide 4th Ed; Chapter 2 Virtual LANs and VLAN Trunking, pgs. 42 – 62

INE:

A trunk is a point-to-point link between one or more Ethernet switch interfaces and another network device such as a router or switch.

Trunkinng encapsulations:
– Inter-Switch Link (ISL) – Ciscro proprietary
– IEEE 802.1Q – industry standard

Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP)
– some network devices might forward DTP frames improperly, which could cause some misconfigurations
– for interfaces connected to devices that do not support DTP, disable DTP

If you do not intend to trunk across a link, use:
– switchport mode access

To enable trunking to a device that does not support DTP, use:
– switchport trunk encapsulation {isl|dot1q}
– switchport mode trunk
– switchport nonegotiate

DTP is not supported on private-LAN ports or tunnel por
ts

Layer 2 interface modes:
– switchport mode access
– switchport mode dynamic auto
– switchport mode dynamic desirable
– switchport mode trunk
– switchport nonegotiate
– switchport mode dot1q-tunnel

switchport mode access
– puts the interface into permanet non-trunking mode
– access port

switchport mode dynamic auto
– makes the interface able to convert the linkg to a trunk link
– neighboring interface must be set to:
– trunk mode
– desirable mode

switchport mode dynamic desirable
– makes the interface actively attempt to convert the link to a trunk link
– neighboring interface must be set to:
– trunk mode
– desirable mode
– auto mode

switchport mode trunk
– puts the interface into permanent trunking mode
– negotiates to convert the neighboring interface into a trunk link

switchport nonegotiate
– prevents the interface from generating DTP frames

switchport mode dot1q-tunnel
– configures the interface as a tunnel (nontrunking) port to connect to an asymmetric link with an IEEE 802.1Q trunk port

Ethernet trunk encapsulation types:
– switchport trunk encapsulation isl
– switchport trunk encapsulation dot1q
– switchport trunk encapsulation negotiate

switchport trunk encapsulation negotiate
– the interface negotiates with the neighboring interface to become:
– ISL (preferred)
– dot1q

The switch does not support Layer 3 trunks

802.1Q trunks
– Cisco switches maintain one STP instance for each VLAN
– non-Cisco devices may support one STP instance for all VLANs

If the Native VLAN for one end of a trunk link is different from the Native VLAN on the other end, spanning-tree loops might result

Disabling STP on the Native VLAN can potentially cause spanning-tree loops

By default, an interface on a switch is in Layer 2 mode

Default Layer 2 Ethernet Interface VLAN Configuration:
– switchport mode dynamic auto
– switchport trunk encapsulation negotiate
– Allowed VLANs: 1 – 4094
– VLANs eligible for pruning: 2 – 1001
– Default VLAN (access ports): 1
– Native VLAN (for dot1q trunks): 1

To use VTP, at least one trunk port is configured on the switch has to be connected to a trunk port on a second switch

Trunk ports:
– cannot be a secure port
– cannot be a tunnel port
– for EtherChannel port groups, all interfaces must have the same configuration
– recommended that no more than 24 trunk ports in PVST mode
– recommended that no more than 40 trunk ports in MST mode
– switchport access vlan – specifies a default VLAN to be used if the interface stops trunking
– for 8021q, can received tagged and untagged (native VLAN) traffic

conf t
int fa0/1
switchport trunk encapsulation {ils|dot1q|negotiate}
switchport mode {dynamic {auto|desirable} | trunk}
switchport access vlan

show int fa0/1 switchport
show int fa0/1 trunk
show int trunk

By default, a trunk port sends traffic to and receives traffic from all VLANs, 1 – 4094
– to restrict the traffic a trunk carries:
– switchport trunk allowed vlan remove

conf t
int fa0/1
switchport trunk allowed vlan remove 2

Cisco use to have a requirement that VLAN 1 always be enabled on every trunk link

To reduce the risk of spanning-tree loops or storms, you can disable VLAN 1 on any individual trunk port by removing VLAN 1 from the allowed list
– the interface continues to send and receive management traffic
– CDP
– PAgP
– LACP
– DTP
– VTP

The pruning-eligible list applies only to trunk ports
– each trunk port has its own eligibility list
– VTP pruning must be enabled for this to take effect
– VLANs that are pruning-ineligible receive flooded traffic
– the default VLANs allowed to be pruned are 2 – 1001

conf t
int fa0/1
switchport trunk pruning vlan remove 2

Native VLAN
– untagged traffic
– default VLAN 1
– the switch forwards all untagged traffic to the native VLAN
– can be assigned any VLAN ID

conf t
int fa0/1
switchport trunk native vlan 2

show int fa0/1 switchport

Load sharing divides the bandwidth between parallel trunks connecting switches
– use STP port priorities
– for links connected to the same switch
– use STP path costs
– for linkgs connected to the same switch or two different switches

conf t
int fa0/1
spanning-tree vlan 8-10 port-priority 16
int fa0/2
spanning-tree vlan 3-6 port-priority 16

conf t
int fa0/1
spanning-tree vlan 2-4 cost 30
int fa0/2
spanning-tree vlan 8-9 cost 30

VLAN Trunking Protocol (VTP)
– Layer 2 protocol
– maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis
– default version is 1

Cisco IOS 12.2(52)SE and later support VTPv3

A VTP domain consists of one switch or several interconnected switches or switch stacks under the same administrative responsibility sharing the same VTP domain name

By default, a switch is in the VTP no-management-domain state
– no VTP domain name is configured

If a switch receives a VTP advertisement over a trunk line, it inherits the management domain name and the VTP configuration revision number

Before adding a VTP client to a VTP domain, ALWAYS verify that its VTP configuration number is lower than the configuration revision number of the other switches in the VTP domain
– if you add a switch that has a higher revision numbeer, it can erase all VLAN information from the VTP server and VTP domain

VTP modes:
– VTP server
– VTP client
– VTP transparent
– VTP off

VTP server
– can create modify, and delete VLANS
– specify configuration parameters for the entire VTP domain
– advertise and synchronize VLAN configuration
– default mode for switches
– VLAN configuration is saved in NVRAM
– in version 1 and 2, cannot create private VLANs

If a switch detects a failure while writing to NVRAM, the VTP mode automatically changes to client mode

VTP client
– transmits and receives VTP updates on trunk links
– cannot create, modify, or delete VLANs
– in version 1 or 2, the VLAN configuration is not saved in NVRAM
– in version 3, the VLAN configuration is saved in NVRAM

VTP transparent
– does not participate in VTP
– does not advertise VLAN configuration
– does not synchronize VLAN configuration based on received advertisements
– in version 2 and 3, VTP advertisements are forwarded through trunk links
– can create, modify, delete VLANs
– can create private VLANs
– VTP and VLAN configurations are saved to NVRAM and running-config

VTP off
– functions in the same manner as a VTP transparent switch
– does not forward VTP advertisements on trunk links

VTP adversitements
– sent periodically from each trunk line
– sent to a reserved multicast address

VTP advertisements distribute the following information
– VTP domain name
– VTP configuration revision number
– update identity and update timestamp
– MD5 digest of VLAN configuration
– MTU for each VLAN
– Frame format
– VLAN IDs
– VLAN names
– VLAN types
– VLAN states
– additional VLAN configuration information
– in version 3, primary server ID, instance number, start index

VTP version 2 features not in version 1:
– Token Ring support
– Unrecognized Type-Length-Value (TLV) support
– Version-Dependent Transparent Mode
– Consistency Checks

VTP version 3 features not in version 1 or 2:
– enhanced authentication
– support for extended range VLAN (1006 – 4094) database propagation
– VTP pruning still applies only to VLANs 1 – 1005
– VLANs 1002 – 1005 are still reserved and cannot be modified
– support for private VLANs
– can propagate Multiple Spanning Tree (MST) protocol database information
– VTP primary server and VTP secondary servers
– in version 3 by default, all devices are secondary servers
– turn VTP on or off on a per-trunk

VTP pruning increases the available network bandwidth by restricting flooded traffic
– disabled by default
– blocked unneeded flooded traffic to VLANs on trunk ports
– only VLANs included in the pruning-eligible list can be pruned, 2 – 1001 by default
– VLANs 1002 – 1005 and extended-range VLANs are pruning-ineligible
– if a VLAN is configured as pruning-ineligible, flooded traffic continues
– supported in all VTP versions

Enabling VTP pruning on a VTP server enables pruning for the entire management domain

VTP pruning is not designed to function in VTP transparent mode

Default VTP configuration:
– VTP domain name: null
– VTP mode: server
– VTP version: 1
– MST database mode: transparent
– VTP version 3 server type: secondary
– VTP password: none
– VTP pruning: disabled

conf t
vtp domain
vtp mode { client | server | transparent | off } { vlan | mst | unkown }
vtp password

show vtp status

conf t
vtp password [ hidden | secret ]
vtp primary-server [ vlan | mst | force ]
vtp version { 1 | 2 | 3 }
vtp pruning

show vtp password
show vtp status
show vtp counters
show vtp devices [ conflict ]
shot vtp interface fa0/1

When the VTP primary server is configured, it starts a takeover operation

When you enable VTP version on a switch, every VTP version 2 capable switch in the VTP domain enables version 2
– VTP version 3 must be manually configured on each switch
– VTP version 1 and VTP version 2 are not interoperable in the same VTP domain

Configuring VTP version 3 on a per-port basis:

conf t
int fa0/1
vtp

show vtp status

To reset the configuration revision number, change the VTP domain name to something else and then change it back to the original VTP domain name

Comments are closed.

This entry was posted on Monday, June 23rd, 2014 at 11:32 am and is filed under CCIE. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.