v5 Written and Lab: Trunk and VTP Notes
v5 Written:
2.1.d Implement and troubleshoot trunking
2.1.d [i] VTPv1, VTPv2, VTPv3, VTP pruning
2.1.d [ii] dot1Q
2.1.d [iii] Native VLAN
2.1.d [iv] Manual pruning
v5 Lab:
1.1.d Implement and troubleshoot trunking
1.1.d [i] VTPv1, VTPv2, VTPv3, VTP pruning
1.1.d [ii] dot1Q
1.1.d [iii] Native VLAN
1.1.d [iv] Manual pruning
Documentation:
Catalyst 3750-X and 3560-X Software Configuration Guide, Release 15.0(1)SE,
Chapter 15: Configuring VLANs, pgs. 15-14 to 15-32
Catalyst 3750-X and 3560-X Software Configuration Guide, Release 15.0(1)SE,
Chapter 16: Configuring VTP, pgs. 16-1 to 16-18
Books:
Cisco LAN Switching; Chapter 8: Trunking Technologies and Applications, pgs. 291 – 331
CCIE Routing and Switching Exam Certification Guide 4th Ed; Chapter 2 Virtual LANs and VLAN Trunking, pgs. 42 – 62
INE:
A trunk is a point-to-point link between one or more Ethernet switch interfaces and another network device such as a router or switch.
Trunkinng encapsulations:
– Inter-Switch Link (ISL) – Ciscro proprietary
– IEEE 802.1Q – industry standard
Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP)
– some network devices might forward DTP frames improperly, which could cause some misconfigurations
– for interfaces connected to devices that do not support DTP, disable DTP
If you do not intend to trunk across a link, use:
– switchport mode access
To enable trunking to a device that does not support DTP, use:
– switchport trunk encapsulation {isl|dot1q}
– switchport mode trunk
– switchport nonegotiate
DTP is not supported on private-LAN ports or tunnel por
ts
Layer 2 interface modes:
– switchport mode access
– switchport mode dynamic auto
– switchport mode dynamic desirable
– switchport mode trunk
– switchport nonegotiate
– switchport mode dot1q-tunnel
switchport mode access
– puts the interface into permanet non-trunking mode
– access port
switchport mode dynamic auto
– makes the interface able to convert the linkg to a trunk link
– neighboring interface must be set to:
– trunk mode
– desirable mode
switchport mode dynamic desirable
– makes the interface actively attempt to convert the link to a trunk link
– neighboring interface must be set to:
– trunk mode
– desirable mode
– auto mode
switchport mode trunk
– puts the interface into permanent trunking mode
– negotiates to convert the neighboring interface into a trunk link
switchport nonegotiate
– prevents the interface from generating DTP frames
switchport mode dot1q-tunnel
– configures the interface as a tunnel (nontrunking) port to connect to an asymmetric link with an IEEE 802.1Q trunk port
Ethernet trunk encapsulation types:
– switchport trunk encapsulation isl
– switchport trunk encapsulation dot1q
– switchport trunk encapsulation negotiate
switchport trunk encapsulation negotiate
– the interface negotiates with the neighboring interface to become:
– ISL (preferred)
– dot1q
The switch does not support Layer 3 trunks
802.1Q trunks
– Cisco switches maintain one STP instance for each VLAN
– non-Cisco devices may support one STP instance for all VLANs
If the Native VLAN for one end of a trunk link is different from the Native VLAN on the other end, spanning-tree loops might result
Disabling STP on the Native VLAN can potentially cause spanning-tree loops
By default, an interface on a switch is in Layer 2 mode
Default Layer 2 Ethernet Interface VLAN Configuration:
– switchport mode dynamic auto
– switchport trunk encapsulation negotiate
– Allowed VLANs: 1 – 4094
– VLANs eligible for pruning: 2 – 1001
– Default VLAN (access ports): 1
– Native VLAN (for dot1q trunks): 1
To use VTP, at least one trunk port is configured on the switch has to be connected to a trunk port on a second switch
Trunk ports:
– cannot be a secure port
– cannot be a tunnel port
– for EtherChannel port groups, all interfaces must have the same configuration
– recommended that no more than 24 trunk ports in PVST mode
– recommended that no more than 40 trunk ports in MST mode
– switchport access vlan – specifies a default VLAN to be used if the interface stops trunking
– for 8021q, can received tagged and untagged (native VLAN) traffic
conf t
int fa0/1
switchport trunk encapsulation {ils|dot1q|negotiate}
switchport mode {dynamic {auto|desirable} | trunk}
switchport access vlan
show int fa0/1 switchport
show int fa0/1 trunk
show int trunk
By default, a trunk port sends traffic to and receives traffic from all VLANs, 1 – 4094
– to restrict the traffic a trunk carries:
– switchport trunk allowed vlan remove
conf t
int fa0/1
switchport trunk allowed vlan remove 2
Cisco use to have a requirement that VLAN 1 always be enabled on every trunk link
To reduce the risk of spanning-tree loops or storms, you can disable VLAN 1 on any individual trunk port by removing VLAN 1 from the allowed list
– the interface continues to send and receive management traffic
– CDP
– PAgP
– LACP
– DTP
– VTP
The pruning-eligible list applies only to trunk ports
– each trunk port has its own eligibility list
– VTP pruning must be enabled for this to take effect
– VLANs that are pruning-ineligible receive flooded traffic
– the default VLANs allowed to be pruned are 2 – 1001
conf t
int fa0/1
switchport trunk pruning vlan remove 2
Native VLAN
– untagged traffic
– default VLAN 1
– the switch forwards all untagged traffic to the native VLAN
– can be assigned any VLAN ID
conf t
int fa0/1
switchport trunk native vlan 2
show int fa0/1 switchport
Load sharing divides the bandwidth between parallel trunks connecting switches
– use STP port priorities
– for links connected to the same switch
– use STP path costs
– for linkgs connected to the same switch or two different switches
conf t
int fa0/1
spanning-tree vlan 8-10 port-priority 16
int fa0/2
spanning-tree vlan 3-6 port-priority 16
conf t
int fa0/1
spanning-tree vlan 2-4 cost 30
int fa0/2
spanning-tree vlan 8-9 cost 30
VLAN Trunking Protocol (VTP)
– Layer 2 protocol
– maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis
– default version is 1
Cisco IOS 12.2(52)SE and later support VTPv3
A VTP domain consists of one switch or several interconnected switches or switch stacks under the same administrative responsibility sharing the same VTP domain name
By default, a switch is in the VTP no-management-domain state
– no VTP domain name is configured
If a switch receives a VTP advertisement over a trunk line, it inherits the management domain name and the VTP configuration revision number
Before adding a VTP client to a VTP domain, ALWAYS verify that its VTP configuration number is lower than the configuration revision number of the other switches in the VTP domain
– if you add a switch that has a higher revision numbeer, it can erase all VLAN information from the VTP server and VTP domain
VTP modes:
– VTP server
– VTP client
– VTP transparent
– VTP off
VTP server
– can create modify, and delete VLANS
– specify configuration parameters for the entire VTP domain
– advertise and synchronize VLAN configuration
– default mode for switches
– VLAN configuration is saved in NVRAM
– in version 1 and 2, cannot create private VLANs
If a switch detects a failure while writing to NVRAM, the VTP mode automatically changes to client mode
VTP client
– transmits and receives VTP updates on trunk links
– cannot create, modify, or delete VLANs
– in version 1 or 2, the VLAN configuration is not saved in NVRAM
– in version 3, the VLAN configuration is saved in NVRAM
VTP transparent
– does not participate in VTP
– does not advertise VLAN configuration
– does not synchronize VLAN configuration based on received advertisements
– in version 2 and 3, VTP advertisements are forwarded through trunk links
– can create, modify, delete VLANs
– can create private VLANs
– VTP and VLAN configurations are saved to NVRAM and running-config
VTP off
– functions in the same manner as a VTP transparent switch
– does not forward VTP advertisements on trunk links
VTP adversitements
– sent periodically from each trunk line
– sent to a reserved multicast address
VTP advertisements distribute the following information
– VTP domain name
– VTP configuration revision number
– update identity and update timestamp
– MD5 digest of VLAN configuration
– MTU for each VLAN
– Frame format
– VLAN IDs
– VLAN names
– VLAN types
– VLAN states
– additional VLAN configuration information
– in version 3, primary server ID, instance number, start index
VTP version 2 features not in version 1:
– Token Ring support
– Unrecognized Type-Length-Value (TLV) support
– Version-Dependent Transparent Mode
– Consistency Checks
VTP version 3 features not in version 1 or 2:
– enhanced authentication
– support for extended range VLAN (1006 – 4094) database propagation
– VTP pruning still applies only to VLANs 1 – 1005
– VLANs 1002 – 1005 are still reserved and cannot be modified
– support for private VLANs
– can propagate Multiple Spanning Tree (MST) protocol database information
– VTP primary server and VTP secondary servers
– in version 3 by default, all devices are secondary servers
– turn VTP on or off on a per-trunk
VTP pruning increases the available network bandwidth by restricting flooded traffic
– disabled by default
– blocked unneeded flooded traffic to VLANs on trunk ports
– only VLANs included in the pruning-eligible list can be pruned, 2 – 1001 by default
– VLANs 1002 – 1005 and extended-range VLANs are pruning-ineligible
– if a VLAN is configured as pruning-ineligible, flooded traffic continues
– supported in all VTP versions
Enabling VTP pruning on a VTP server enables pruning for the entire management domain
VTP pruning is not designed to function in VTP transparent mode
Default VTP configuration:
– VTP domain name: null
– VTP mode: server
– VTP version: 1
– MST database mode: transparent
– VTP version 3 server type: secondary
– VTP password: none
– VTP pruning: disabled
conf t
vtp domain
vtp mode { client | server | transparent | off } { vlan | mst | unkown }
vtp password
show vtp status
conf t
vtp password [ hidden | secret ]
vtp primary-server [ vlan | mst | force ]
vtp version { 1 | 2 | 3 }
vtp pruning
show vtp password
show vtp status
show vtp counters
show vtp devices [ conflict ]
shot vtp interface fa0/1
When the VTP primary server is configured, it starts a takeover operation
When you enable VTP version on a switch, every VTP version 2 capable switch in the VTP domain enables version 2
– VTP version 3 must be manually configured on each switch
– VTP version 1 and VTP version 2 are not interoperable in the same VTP domain
Configuring VTP version 3 on a per-port basis:
conf t
int fa0/1
vtp
show vtp status
To reset the configuration revision number, change the VTP domain name to something else and then change it back to the original VTP domain name