© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Implementing VLAN Trunks.

Slides:



Advertisements
Similar presentations
Virtual Trunk Protocol
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Part 2: Preventing Loops in the Network
Virtual LANs.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
VLANs Module 2. 2 VLANs  VLANs  Trunking  VLAN Trunking Protocol (VTP)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement VTP LAN Switching and Wireless – Chapter 4.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—3-1 Implementing Spanning Tree Spanning Tree Protocol Enhancements.
Virtual LANs. VLAN Overview Segmentation Flexibility Security 3rd floor 2nd floor 1st floor SALESHRENG A VLAN = A broadcast domain = Logical network (subnet)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs.
LOGO Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Chapter 6.
Layer 2 Switch  Layer 2 Switching is hardware based.  Uses the host's Media Access Control (MAC) address.  Uses Application Specific Integrated Circuits.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Applying Best Practices for VLAN Topologies.
VLAN Trunking Protocol (VTP) W.lilakiatsakun. VLAN Management Challenge (1) It is not difficult to add new VLAN for a small network.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.
VLAN Trunking Protocol
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 7 Spanning-Tree Protocol Cisco Networking Academy.
Switching in an Enterprise Network
VLAN Trunking Protocol (VTP)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Spanning Tree Protocols LAN Switching and Wireless – Chapter 5 Part.
CN2668 Routers and Switches (V2) Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Building Cisco Multilayer Switched Networks (BCMSN)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN BCMSN v3.0—2-1 Correcting Common VLAN Configuration Errors BSMSN Module.
© 1999, Cisco Systems, Inc. 7-1 Chapter 7 Extending Switched Networks with Virtual LANs.
Chapter 9 Virtual LANs (VLANs). Setup 1 Setup 2.
© 2002, Cisco Systems, Inc. All rights reserved..
LOGO Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Chapter 6.
Medium-Sized Switched Network Construction NetPro-ITI Implementing VLANs and Trunks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.
VTP VLAN Trunking Protocol Create once and send to the other switches.
Switching Basics and Intermediate Routing CCNA 3 Chapter 8.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs Cisco Networking Academy.
Switching Topic 2 VLANs.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Switching in an Enterprise Network Introducing Routing and Switching in the.
Switching Topic 3 VTP. Agenda VTP basics Components Frames and advertisements Domains and revision numbers VTP operations VTP pruning VTP issues.
Configuring VLAN Chapter 14 powered by DJ 1. Chapter Objectives At the end of this Chapter you will be able to:  Understand basic concept of VLAN  Configure.
Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.
Topic 5 Spanning tree protocol
CO5023 LAN Redundancy.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Cisco 3 - Switch Perrine. J Page 12/4/2016 Chapter 9 Which protocol is Cisco proprietary and designed to carry traffic from multiple VLANs? A Q.
1 15-Mar-16 VLAN Trunking protocol CCNA Exploration Semester 3 Chapter 4.
Chapter-5 STP. Introduction Examine a redundant design In a hierarchical design, redundancy is achieved at the distribution and core layers through additional.
VTP VLAN Trunking Protocol Create once and send to the other switches. VTP is a messaging protocol that uses Layer 2 trunk frames to manage the addition,
+ Lecture#8: VLAN Asma AlOsaimi Topics VLAN Segmentation VLAN Implementation VLAN Security and Design 3.0.
© 2003, Cisco Systems, Inc. All rights reserved. 2-1 VLANs.
LAN Switching Virtual LANs. Virtual LAN Concepts A LAN includes all devices in the same broadcast domain. A broadcast domain includes the set of all LAN-connected.
Exploration 3 Chapter 4. What is VTP? VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches.
Instructor Materials Chapter 2: Scaling VLANs
Chap 4 – Implement VTP Learning Objectives
Instructor Materials Chapter 3: STP
Switching and VLANs.
© 2002, Cisco Systems, Inc. All rights reserved.
Spanning Tree Protocol
Instructor Materials Chapter 6: VLANs
Extending Switched Networks with Virtual LANs
VLAN Trunking Protocol
Chapter 2: Scaling VLANs
Spanning Tree Protocol
Spanning Tree Protocol
VLAN Trunking Protocol
Routing and Switching Essentials v6.0
Switching and VLANs.
Chapter 3: Implementing VLAN Security
Implementing VLAN Trunks
Cisco networking CNET-448
Chapter 2: Scaling VLANs
Presentation transcript:

© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Implementing VLAN Trunks

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-2 Maintaining Specific VLAN Identification Specifically developed for multi-VLAN interswitch communications Places a unique identifier in each frame Functions at Layer 2

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-3 VLAN Trunking

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-4 Comparing ISL and 802.1Q ISL802.1Q ProprietaryNonproprietary EncapsulatedTagged Protocol independentProtocol dependent Encapsulates the old frame in a new frame Adds a field to the frame header

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-5 Trunking with ISL Is a Cisco proprietary protocol Supports PVST Uses an encapsulation process Does not modify the original frame

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-6 Performed with ASIC Not intrusive to client stations; client does not see the header Effective between switches, and between routers and switches ISL Encapsulation

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-7 ISL Encapsulation

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-8 Trunking with 802.1Q An IEEE standard Adds a 4-byte tag to the original frame Additional tag includes a priority field Does not tag frames that belong to the native VLAN Supports Cisco IP telephony

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-9 The 802.1Q Tagging Process

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0— Q Native VLAN Native VLAN frames are carried over the trunk link untagged.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-11 VLAN Ranges and Mappings VLAN Range Range Usage Reserved For system use only 0, 4095 Normal Cisco default 1 1 Normal For Ethernet VLANs Normal Cisco defaults for FDDI and Token Ring Extended For Ethernet VLANs only

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-12 Trunking Configuration Commands Configuring a Trunk switchport trunk switchport mode switchport nonegotiate Trunks can be configured statically or via DTP. DTP provides the ability to negotiate the trunking method.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-13 Switch Ports and Trunk Ports Function switchport mode trunk Trunk port switchport mode trunk Trunk port switchport mode dynamic Dynamic port switchport mode dynamic Dynamic port Sets the switch port to dynamically negotiate the status (access or trunk) Sets the switch port to unconditionally become a trunk port switchport mode access Access port switchport mode access Access port Sets the switch port to unconditionally be an access port Command

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-14 Switch Port DTP Modes Function trunk dynamic auto dynamic desirable Sets the switch port to actively send and respond to DTP negotiation frames. Default for Ethernet access Sets the switch port to unconditional trunking mode and negotiates to become a trunk link, regardless of neighbor interface mode Unconditionally sets a switch port to access mode, regardless of other DTP functions Sets the switch port to respond but not to actively send DTP negotiation frames nonegotiate Specifies that DTP negotiation packets are not sent on the Layer 2 interface Mode

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-15 Switchport Mode Interactions Dynamic Auto Dynamic Desirable TrunkAccess Dynamic Auto AccessTrunk Access Dynamic Desirable Trunk Access Trunk Not recommended Access Not recommended Access Note: Table assumes DTP is enabled at both ends. show dtp interface – to determine current setting

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-16 How to Configure Trunking 1.Enter interface configuration mode. 2.Shut down interface. 3.Select the encapsulation (802.1Q or ISL). 4.Configure the interface as a Layer 2 trunk. 5.Specify the trunking native VLAN (for 802.1Q). 6.Configure the allowable VLANs for this trunk. 7.Use the no shutdown command on the interface to activate the trunking process. 8.Verify the trunk configuration.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0— Q Trunk Configuration Switch(config)#interface fastethernet 5/8 Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport trunk allowed vlan 1,5,11, Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk native vlan 99 Switch(config-if)#switchport nonegotiate Switch(config-if)#no shutdown

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-18 Verifying the 802.1Q Configuration Switch#show running-config interface {fastethernet | gigabitethernet} slot/port Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ] Switch#show interfaces fastEthernet 5/8 switchport Name: fa5/8 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Off Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 99 (trunk_only) Trunking VLANs Enabled: 1,5,11, Pruning VLANs Enabled:

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-19 Verifying a 802.1Q Dynamic Trunk Link Switch#show running-config interface fastethernet 5/8 Building configuration... Current configuration: ! interface FastEthernet5/8 switchport mode dynamic desirable switchport trunk encapsulation dot1q Switch#show interfaces fastethernet 5/8 trunk Port Mode Encapsulation Status Native vlan Fa5/8 desirable 802.1q trunking 99 Port Vlans allowed on trunk Fa5/8 1,5,11, Port Vlans allowed and active in management domain Fa5/8 1,5, Port Vlans in spanning tree forwarding state and not pruned Fa5/8 1,5,

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-20 ISL Trunk Configuration Switch(config)#interface fastethernet 2/1 Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation isl Switch(config-if)#switchport trunk allowed vlan 1-5, Switch(config-if)#switchport mode trunk Switch(config-if)#switchport nonegotiate Switch(config-if)#no shutdown

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-21 Verifying ISL Trunking Switch#show running-config interface {fastethernet | gigabitethernet} slot/port Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ] Switch#show interfaces fastethernet 2/1 trunk Port Mode Encapsulation Status Native VLAN Fa2/1 trunk isl trunking 99 Port VLANs allowed on trunk Fa2/1 1-5, Port VLANs allowed and active in management domain Fa2/1 1-2, Port VLANs in spanning tree forwarding state and not pruned Fa2/1 1-2,

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-22 Problem: A Device Cannot Establish a Connection Across a Trunk Link Make sure: The Layer 2 interface mode configured on both ends of the link is valid. The trunk encapsulation type configured on both ends of the link is valid. The native VLAN is the same on both ends of the trunk (802.1Q trunks).

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-23 Summary Trunk links carry traffic from multiple VLANs. ISL is Cisco proprietary and encapsulates the Layer 2 frames Q is an IEEE standard for trunking, which implements a 4-byte tag. The 802.1Q native VLANs forward frames without the tag. VLAN numbers have specific ranges and purposes. Various commands are used to configure and verify ISL and 802.1Q trunk links. Allow only required VLANs over the trunk.

© 2003, Cisco Systems, Inc. All rights reserved Implementing VLAN Trunk Protocol © 2003, Cisco Systems, Inc. All rights reserved. BCMSN 2.0—2-24

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-25 Objectives Upon completing this lesson, you will be able to: Define VTP and explain where to use it on a switched network Describe how VTP versions 1 and 2 operate including domains, modes, advertisements, and pruning Configure VTP domains in server, client, and transparent modes Verify the VTP configuration Troubleshoot the VTP configuration

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-26 Advertises VLAN configuration information Maintains VLAN configuration consistency throughout a common administrative domain Sends advertisements on trunk ports only VTP Protocol Features

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-27 Cannot create, change, or delete VLANs Forwards advertisements Synchronizes VLAN configurations Does not save in NVRAM Creates, modifies, and deletes VLANs Sends and forwards advertisements Synchronizes VLAN configurations Saves configuration in NVRAM Creates, modifies, and deletes VLANs locally only Forwards advertisements Does not synchronize VLAN configurations Saves configuration in NVRAM VTP Modes

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-28 VTP Operation VTP advertisements are sent as multicast frames. VTP servers and clients are synchronized to the latest revision number. VTP advertisements are sent every 5 minutes or when there is a change.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-29 Increases available bandwidth by reducing unnecessary flooded traffic Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN. VTP Pruning

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-30 VTP Versions All switches in a management domain must run the same version.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-31 VTP Configuration Guidelines Configure the following: –VTP domain name –VTP mode (server mode is the default) –VTP pruning –VTP password –VTP trap Use caution when adding a new switch into an existing domain. Add a new switch in client mode to prevent the new switch from propagating incorrect VLAN information.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-32 Configuring a VTP Server Switch(config)#vtp server Configures VTP server mode Switch(config)#vtp domain domain-name Specifies a domain name Switch(config)#vtp password password Sets a VTP password Switch(config)#vtp pruning Enables VTP pruning in the domain

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-33 Configuring a VTP Server (Cont.) Switch#configure terminal Switch(config)#vtp server Setting device to VTP SERVER mode. Switch(config)#vtp domain Lab_Network Setting VTP domain name to Lab_Network Switch(config)#end

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-34 Verifying the VTP Configuration Switch#show vtp status VTP Version : 2 Configuration Revision : 247 Maximum VLANs supported locally : 1005 Number of existing VLANs : 33 VTP Operating Mode : Client VTP Domain Name : Lab_Network VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80 Configuration last modified by at :04:49 Switch#

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-35 Verifying the VTP Configuration (Cont.) Switch#show vtp counters VTP statistics: Summary advertisements received : 7 Subset advertisements received : 5 Request advertisements received : 0 Summary advertisements transmitted : 997 Subset advertisements transmitted : 13 Request advertisements transmitted : 3 Number of config revision errors : 0 Number of config digest errors : 0 Number of V1 summary errors : 0 VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device Fa5/

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-36 Problem: VTP Not Updating Configuration on Other Switches Make sure switches are connected through trunk links. Make sure the VTP domain name is the same on the appropriate switches. Check that the switch is not in VTP transparent mode. Verify the same password used on all switches in the VTP domain.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-37 Summary VTP is used to distribute and synchronize information about VLANs configured throughout a switched network. If you use VTP in your network, you must decide whether to use VTP version 1 or version 2. Verify the supervisor support for VTP before making your decision. When a network device is in VTP server mode, you can change the VLAN configuration and have it propagate throughout the network. Use show commands to verify the VTP configuration. Problems with VTP configuration can frequently be traced to improperly configured trunk links, domain names, VTP modes, or passwords.

© 2003, Cisco Systems, Inc. All rights reserved Propagating VLAN Configurations with VTP

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-39 The VTP Domain Group of switches that exchange VLAN information VLANs administered centrally at a chosen switch

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-40 The VTP Protocol Advertises VLAN configuration information Maintains VLAN configuration consistency throughout a common administrative domain Sends advertisements on trunk ports only

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-41 VTP Modes Client Cannot create, change, or delete VLANs Forwards advertisements Synchronizes VLAN configurations Does not save in NVRAM Transparent Creates, modifies, and deletes local VLANs Forwards advertisements Does not synchronize VLAN configurations Saves configuration in NVRAM Server (default mode) Creates, modifies, and deletes VLANs Sends and forwards advertisements Synchronizes VLAN configurations Saves configuration in NVRAM

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-42 Pruning DisabledPruning Enabled VTP Pruning Uses bandwidth more efficiently by reducing unnecessary flooded traffic Example: Station A sends broadcast; broadcast flooded only toward any switch with ports assigned to the red VLAN

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-43 VTP Operation VTP advertisements are sent as multicast frames. VTP servers and clients are synchronized to the latest revision number. VTP advertisements are sent every 5 minutes or when there is a change.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-44 VTP Configuration Commands Configuring VTP vtp domain vtp mode vtp password Verifying VTP show vtp status show vtp counters

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-45 Configuring a VTP Management Domain Configure each switch in the following order to avoid dynamic learning of the domain name: VTP password VTP domain name (case sensitive) VTP mode (server mode is the default)

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-46 Configuring and Verifying VTP Switch#show vlan brief Displays a list of current VLANs Switch(config)#vtp mode Sets the VTP mode to server, client, or transparent Switch(config)#vtp domain domain_name Sets the VTP domain name Switch# show vtp status Displays the current settings for VTP Sets the VTP password Switch(config)#vtp password password_string

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-47 Verifying the VTP Configuration Switch#show vtp status VTP Version : 2 Configuration Revision : 28 Maximum VLANs supported locally : 1005 Number of existing VLANs : 17 VTP Operating Mode : Client VTP Domain Name : BCMSN VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80 Configuration last modified by at :04:49 Switch# Switch#show vtp status

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-48 Verifying the VTP Configuration (Cont.) Switch#show vtp counters VTP statistics: Summary advertisements received : 7 Subset advertisements received : 5 Request advertisements received : 0 Summary advertisements transmitted : 997 Subset advertisements transmitted : 13 Request advertisements transmitted : 3 Number of config revision errors : 0 Number of config digest errors : 0 Number of V1 summary errors : 0 VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device Fa5/ Switch#show vtp counters

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-49 Adding a Switch to an Existing VTP Domain Ensure a new switch has VTP revision 0 before adding it to a network.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-50 Summary Switches in a VTP domain share VLAN information. VTP advertises VLAN information. VTP operates in one of three modes: server, client, or transparent. VTP Pruning uses available bandwidth more efficiently. VTP uses a specific process to distribute and synchronize VLAN information between switches. Various commands are used to configure and verify VTP operation on a switch. VTP commands should be applied in a particular order. Specific steps should be followed when adding a new switch to an existing VTP domain.

© 2003, Cisco Systems, Inc. All rights reserved Correcting Common VLAN Configuration Errors

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-52 Issues with 802.1Q Native VLAN Native VLAN frames are carried over the trunk link untagged. A native VLAN mismatch will merge traffic between VLANs.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0— Q Native VLAN Considerations Native VLAN must match at ends of trunk; otherwise, frames will “leak” from one VLAN to another. By default, the native VLAN will be VLAN1. –Avoid using VLAN1 for management purposes. Eliminate native VLANs from 802.1Q trunks by making the native VLAN an “unused” VLAN.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-54 Explaining Trunk Link Problems Trunks can be configured statically or autonegotiated with DTP. For trunking to be autonegotiated, the switches must be in the same VTP domain. Some trunk configuration combinations will successfully configure a trunk, some will not. Will any of the above combinations result in an operational trunk?

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-55 Resolving Trunk Link Problems When using DTP, ensure that both ends of the link are in the same VTP domain. Ensure that the trunk encapsulation type configured on both ends of the link is valid. On links where trunking is not required, DTP should be turned off. Best practice is to configure trunk and nonegotiate where trunks are required.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-56 Common Problems with VTP Configuration Updates not received as expected –VTP domain and password must match. Missing VLANs –Configuration has been overwritten by another VTP device. Too many VLANs –Consider making VTP domain smaller.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-57 Example of New Switch Overwriting an Existing VTP Domain VTP Version : 2 Configuration Revision : 1 Maximum VLANs supported locally : 1005 Number of existing VLANs : 6 VTP Operating Mode : Server VTP Domain Name : building1 VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 1005 Number of existing VLANs : 7 VTP Operating Mode : Client VTP Domain Name : building1 New switch not connected

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-58 Example of New Switch Overwriting an Existing VTP Domain (Cont.) VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 1005 Number of existing VLANs : 7 VTP Operating Mode : Server VTP Domain Name : building1 VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 1005 Number of existing VLANs : 7 VTP Operating Mode : Client VTP Domain Name : building1 New switch connected

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-59 Implementing VTP in the ECNM Plan VTP domain boundaries. Have only one or two VTP servers. Configure a VTP password. Manually configure the VTP domain name on all devices. When setting up a new domain: –Configure VTP client switches first so that they participate passively. When cleaning up an existing VTP domain: –Configure passwords on servers first because clients may need to maintain current VLAN information until the server is verified as complete.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-60 Summary 802.1Q native VLAN can cause security issues. Configure the native VLAN to be an “unused” VLAN. Some trunk link configuration combinations can result in problems on the link. Best practice is to configure trunks statically rather than with DTP. Misconfiguration of VTP can give unexpected results. Make only one or two VTP servers; keep the remainder as clients.

© 2003, Cisco Systems, Inc. All rights reserved Implementing Spanning Tree Protocol

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-62 Transparent Bridging A switch has the same characteristics as a transparent bridge.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-63 Redundant Topology Redundant topology eliminates single points of failure Redundant topology causes broadcast storms, multiple frame copies, and MAC address table instability problems Segment 1 Segment 2 Server/host X Router Y

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-64 Broadcast Storms Segment 1 Segment 2 Server/host X Router Y Broadcast Switch A Switch B Host X sends a Broadcast

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-65 Broadcast Storms Segment 1 Segment 2 Server/host X Router Y Broadcast Switch ASwitch B Host X sends a Broadcast

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-66 Broadcast Storms Segment 1 Segment 2 Server/host X Router Y Broadcast Switches continue to propagate broadcast traffic over and over Switch ASwitch B

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-67 Multiple Frame Copies Segment 1 Segment 2 Server/host X Router Y Unicast Switch A Switch B Host X sends an unicast frame to router Y Router Y MAC address has not been learned by either switch yet

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-68 Multiple Frame Copies Segment 1 Segment 2 Server/host X Router Y Unicast Switch A Switch B Host X sends an unicast frame to Router Y Router Y MAC Address has not been learned by either Switch yet Router Y will receive two copies of the same frame Unicast

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-69 MAC Database Instability Segment 1 Segment 2 Server/host X Router Y Unicast Switch A Switch B Host X sends an unicast frame to Router Y Router Y MAC Address has not been learned by either Switch yet Switch A and B learn Host X MAC address on port 0 Port 0 Port 1 Port 0 Port 1

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-70 MAC Database Instability Segment 1 Segment 2 Server/host X Router Y Unicast Switch A Switch B Host X sends an unicast frame to Router Y Router Y MAC Address has not been learned by either Switch yet Switch A and B learn Host X MAC address on port 0 Frame to Router Y is flooded Switch A and B incorrectly learn Host X MAC address on port 1 Port 0 Port 1 Port 0 Port 1

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-71 Bridging loops can be prevented by disabling the redundant path. Preventing Bridging Loops

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-72 Spanning Tree Algorithm (STA) Part of 802.1d standard Simple principle: Build a loop-free tree from some identified point known as the root. Redundant paths allowed, but only one active path. Developed by Radia Perlman

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-73 The Spanning Tree Algorhyme by Radia Perlman I think that I shall never see A graph more lovely than a tree. A tree whose crucial property Is loop-free connectivity. A tree that must be sure to span. So packets can reach every LAN. First, the root must be selected. By ID, it is elected. Least cost paths from root are traced. In the tree, these paths are placed. A mesh is made by folks like me, Then bridges find a spanning tree.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-74 Bridge Protocol Data Unit BPDUs provide for the exchange of information between switches.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-75 Root Bridge Selection

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-76 The STP Root Bridge Reference point One root per VLAN Maintains topology Propagates timers

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-77 Extended System ID in Bridge ID Field Bridge ID Without the Extended System ID Bridge ID with the Extended System ID

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0— D 16-bit Bridge Priority Field Using the Extended System ID Only four high-order bits of the 16-bit Bridge Priority field carry actual priority. Therefore, priority can be incremented only in steps of 4096, onto which will be added the VLAN number. Example: For VLAN 11: If the priority is left at default, the 16-bit Priority field will hold = Priority Values (Hex) Priority Values (Dec) (default) F bits12 bits PriorityVLAN Number

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-79 Configuring the Root Bridge Switch(config)#spanning-tree vlan 1 root primary This command forces this switch to be the root. Switch(config)#spanning-tree vlan 1 root secondary This command configures this switch to be the secondary root. Or Switch(config)#spanning-tree vlan 1 priority priority This command statically configures the priority (in increments of 4096).

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-80 Spanning Tree Protocol Root Bridge Selection Which switch has the lowest bridge ID?

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-81 One root bridge per network One root port per nonroot bridge One designated port per segment Nondesignated ports are blocked Spanning-Tree Operation

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-82 Four-Step Spanning-Tree Decision Process Lowest root BID Lowest path cost to root bridge Lowest sender BID Lowest port ID

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-83 Spanning Tree Port States Spanning tree transitions each port through several different states.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-84 Local Switch Root Port Election

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-85 Spanning-Tree Path Cost

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-86 SW X is the root bridge SW Y needs to elect a root port Which port is the root port on SW Y? FastEthernet total cost = Ethernet total cost = Spanning Tree Protocol Root Port Selection Ethernet Fast Ethernet RP

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-87 Spanning Tree Protocol Designated Port Selection Ethernet Fast Ethernet RP DP Switch X is the root bridge. All ports on the root bridge are designated ports. Do all segments have a designated port?

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-88 STP Root Bridge Selection Example Which bridge will be the root bridge?

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-89 STP Root Port Selection Example Which ports will be root ports?

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-90 STP Designated Port Selection Example Which port becomes the designated port on segment 3?

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-91 Example: Layer 2 Topology Negotiation

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-92 Spanning Tree Protocol The Spanning Tree Protocol (IEEE 802.1d) specifies an algorithm to be used to maintain a loop-free spanning tree of links between bridges. To begin, each bridge must have a unique numeric ID. Typically this is the MAC address plus a priority. ID=10 ID=2 0 ID=4 0 ID=7 5 ID=8 0 The spanning tree algorithm finds a spanning tree starting from a root node.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-93 Spanning Tree Algorithm Each node maintains three pieces of information for each port: R = ID of current root node d = distance from root node N = closest upstream node (closer to root node) Denote this as (R, d, N): (Root-ID, dist, NextNode) Initially each node designates itself as the root node! (20,0,-) (10,0,- ) (80,0,- ) (75,0,- ) (40,0,- ) (80,0,- ) (75,0,- ) (40,0,- ) (10,0,- )

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-94 Spanning Tree Algorithm Nodes send out spanning tree updates on each port. For example, node 40 would send out the updates shown at right (40,0,4 0)

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-95 Spanning Tree Algorithm Other nodes would also send configuration updates. The figure at right shows the updates sent by nodes 10 and (10,0,1 0) (75,0,7 5) (10,0,1 0) (75,0,7 5)

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-96 Spanning Tree Algorithm When a node receives an updates from another node, it updates its own port information if: update identifies a root node with a smaller ID update identifies a root node with same ID but smaller distance root node and distance are same, but sending node has a smaller ID (20,0,-) (10,0,- ) (10,1,10 ) (40,1,4 0) (40,0,- ) (20,1,2 0) (75,1,75 ) (75,0,- ) (10,1,10 ) (10,0,- ) During the first iteration, the links would update their link information like this.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-97 Spanning Tree Algorithm After a node receives configuration updates, it selects the best configuration and discards the others (20,0,-) (10,0,- ) (10,1,10 ) (40,1,4 0) (40,0,- ) (20,1,2 0) (75,1,75 ) (75,0,- ) (10,1,10 ) (10,0,- )

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-98 Spanning Tree Algorithm When a node receives a configuration message which contains a smaller root ID, then it knows that it is not the root node. So, it stops generating its own configuration messages and only forwards received messages (with distance incremented and upstream node modified) (20,0,-) (10,0,- ) (10,1,10 ) (40,1,4 0) (10,1,10 ) (10,0,- ) After 1 iteration, nodes 40, 75, and 80 know that they are not the root node. Node 20 still thinks it is the root.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-99 Spanning Tree Algorithm On the next iteration, nodes that realize they are not the root forward root updates to other nodes (10,1,4 0) (10,0,- ) (10,1,10 ) (10,1,4 0) (10,1,10 ) (10,0,- ) Nodes 40 and 80 forward root updates. Node 75 also forwards an update to node 80, but node 80 discards it. (10,1,80 ) (40,1,7 5)

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-100 Spanning Tree When the updates stabilize, only the root node is generating configuration messages. Other nodes are forwarding messages only over links which are part of the spanning tree -- called a designated bridge. Links not on the spanning tree are not used to forward frames; such links are said to be blocked (10,2,4 0) (10,0,- ) (10,1,10 ) (10,2,4 0) (10,1,10 ) (10,0,- ) When algorithm stabilizes, the active links form a spanning tree. blocked link: not used

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-101 Spanning Tree Properties 1.In a connected network, a loop-free spanning tree always exists. 2. The spanning tree algorithm will always stabilize on a loop-free tree after at most (#nodes) iterations. 3.The spanning tree may not be the most efficient path. 4.Spanning tree cannot route around a congested link The spanning tree may not be the most efficient path between nodes.

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-102 Example

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-103 Example

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-104 Exercise

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-105 Exercise

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-106 Exercise

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-107 Enhancements to STP PortFast Per VLAN Spanning Tree+ (PVST+) Rapid Spanning Tree Protocol (RSTP) Multiple Spanning Tree Protocol (MSTP) –MSTP is also known as Multi-Instance Spanning Tree Protocol (MISTP) on Cisco Catalyst 6500 switches and above Per VLAN Rapid Spanning Tree (PVRST)

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-108 Describing PortFast

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-109 Configuring PortFast Configuring spanning-tree portfast (interface command) or spanning-tree portfast default (global command) –enables PortFast on all nontrunking ports Verifying show running-config interface fastethernet 1/1

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-110 IEEE Documents IEEE 802.1D - Media Access Control (MAC) bridges IEEE 802.1Q- Virtual Bridged Local Area Networks IEEE 802.1w- Rapid Reconfiguration (Supp. to 802.1D) IEEE 802.1s- Multiple Spanning Tree (Supp. to 802.1Q) IEEE 802.1t- Local and Metropolitan Area Network: Common Specifications

© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-111 Summary Transparent bridges require no client configuration. A bridge loop may occur when there are redundant paths between switches. A loop free network eliminates redundant paths between switches. The 802.1D protocol establishes a loop-free network. The root bridge is a reference point for STP. Each STP port will host a specific port role. Enhancements now enable STP to converge more quickly and run more efficiently.