Table Of Contents
Configuring VTP and Virtual LANs
VTP Modes and VTP Mode Transitions
Deleting a VLAN from the Database
Assigning Static-Access Ports to a VLAN
Setting the Port Priority for CoS Values
Displaying Port Priority Information
Configuring VTP and Virtual LANs
This chapter describes how Virtual Trunk Protocol (VTP) works, how you configure it, and how you add VLANs to a VLAN network managed by VTP. For complete syntax and usage information on the commands described in this chapter, refer to the Cisco IOS Desktop Switching Command Reference (online only).
Note
Different switches can support different numbers of VLANs. See in
"," for a complete list of the switches and their VLAN support.These sections describe how to configure VTP and VLANs:
•
How VTP Works
Before you create VLANs, you must decide whether to use VTP in your network. Using VTP, you can make configuration changes centrally on a single switch, such as a
2900 XL switch, and have those changes automatically communicated to all the other switches in the network. Without VTP, you cannot send information about VLANs to other switches.VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.
The VTP Domain
A VTP domain (also called a VLAN management domain) is one switch or several interconnected switches sharing the same VTP domain. A switch is configured to be in only one VTP domain. You make global VLAN configuration changes for the domain by using the CLI, Cisco Visual Switch Manager (CVSM) software, or Simple Network Management Protocol (SNMP).
By default, a 2900 or 3500 XL switch is in the no-management-domain state until it receives an advertisement for a domain over a trunk link or you configure a management domain. The default VTP mode is server mode, but VLANs are not propagated over the network until a management domain name is specified or learned.
If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and configuration revision number. The switch then ignores advertisements with a different management domain name or an earlier configuration revision number.
When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP advertisements are sent over all trunk connections, including Inter-Switch Link (ISL), IEEE 802.1Q, IEEE 802.10, and Asynchronous Transfer Mode (ATM) LAN Emulation (LANE).
If you configure a switch from VTP transparent mode, you can create and modify VLANs, but the changes are not transmitted to other switches in the domain, and they affect only the individual switch.
Upgrading the Switch Software
When you upgrade from a software version that supports VLANs but does not support VTP, such as Cisco IOS Release 11.2(8)SA3, to a version that does support VTP, ports that belong to a VLAN retain their VLAN membership, and VTP enters transparent mode. The domain name becomes UPGRADE, and VTP does not propagate the VLAN configuration to other switches.
If you want to propagate the VLAN configuration to other switches, configure the switch to operate as a VTP server, and change the domain name.
VTP Modes and VTP Mode Transitions
You can configure a supported switch to be in one of the following VTP modes:
•
In VTP server mode, VLAN configurations are saved in nonvolatile memory. VTP server is the default mode.
•
In VTP client mode, VLAN configurations are not saved in nonvolatile memory.
•
In VTP transparent mode, VLAN configurations are saved in nonvolatile memory, but they are not advertised to other switches.
Two configurations can cause a switch running this version of software to automatically change VTP mode:
•
•
The "VTP Configuration Guidelines" section provides tips and caveats for configuring VTP.
VTP Advertisements
Each switch in the VTP domain sends these periodic global configuration advertisements from each trunk port to a reserved multicast address. Neighboring switches receive these advertisements and update their VTP and VLAN configurations as necessary.
The following global domain information is distributed in VTP advertisements:
•
•
•
•
The following VLAN information is distributed in VTP advertisements for each configured VLAN:
•
•
•
•
•
VTP Version 2
If you use VTP in your network, you must decide whether to use VTP version 1 or version 2. If your environment has Token Ring networks, you must use version 2.
VTP version 2 supports the following features not supported in version 1:
•
•
•
•
VTP Pruning
Although switches supported by this IOS release are never eligible for VTP pruning, a supported switch does propagate VTP pruning messages. This section describes the role that a supported switch can play in a VTP pruning network.
VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. When VTP pruning is enabled, it can block flooded traffic to VLANs that are included in the pruning-eligible list. Switches supported by this IOS release are never in the pruning-eligible list, and no switch traffic is pruned. Flooding occurs as usual, and switches connected to the
supported switch do not benefit from pruning.shows a switched network with VTP pruning enabled. The broadcast traffic from Switch 1 is not forwarded to Switches 5 and 6 because traffic for the Red VLAN has been pruned on the links indicated (Port 4 on Switch 4). Switch 2 does not prune the traffic destined for Switch 4 or Switch 3.
Figure 2-1 Flooding Traffic with VTP Pruning
VTP Configuration Guidelines
Follow these guidelines when implementing VTP in your network:
•
•
Caution
function properly if you do not assign the management domain password to each
switch in the domain.
•
•
•
•
Default VTP Configuration
shows the default VTP configuration.
Table 2-1 VTP Default Configuration
VTP domain name
Null.
VTP mode
Server.
VTP version 2 enable state
Version 2 is disabled.
VTP password
None.
VTP pruning
Disabled.
Configuring VTP
You configure VTP by entering commands from the VLAN database configuration command mode. You display the status of VTP by entering the privileged EXEC mode show vtp status command.
When you enter the exit command in VLAN database mode, it applies to all the commands that you entered. VTP messages are sent to other switches in the management domain, and you are returned to privileged EXEC mode.
For more information about these commands, refer to the Cisco IOS Desktop Switching Command Reference.
Note
Configuring a VTP Server
When a switch is in VTP server mode, you can change the VLAN configuration and have it propagate throughout the network. To configure the switch as a VTP server, perform this task from privileged EXEC mode:
This example shows how to enter a VTP domain name and configure the switch as a VTP server:
Switch# vlan databaseSwitch(vlan)# vtp domain Building_ASetting VTP domain name to Building_ASwitch(vlan)# vtp domain Building_A password LAVADomain name already set to Building_A .Setting device VLAN database password to LAVA.Switch(vlan)# vtp serverSetting device to VTP SERVER mode.Switch(vlan)# exitAPPLY completed.Exiting....Switch# show vtp statusVTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 68Number of existing VLANs : 6VTP Operating Mode : Server
VTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x09 0xF6 0x57 0x1C 0xC9 0x6F 0x75 0x16Configuring a VTP Client
When a switch is in VTP client mode, you cannot change its VLAN configuration. The client switch receives VTP updates from a VTP server in the management domain and then modifies its configuration accordingly.
To configure the switch as a VTP client, perform this task from privileged EXEC mode:
This example shows how to configure the switch as a VTP client and verify the configuration:
Switch# vlan databaseSwitch(vlan)# vtp clientSetting device to VTP CLIENT mode.Switch(vlan)# exitIn CLIENT state, no apply attempted.Exiting....Switch# show vtp statusVTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 68Number of existing VLANs : 6VTP Domain Name : Building_AVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x09 0xF6 0x57 0x1C 0xC9 0x6F 0x75 0x16Configuration last modified by 172.20.130.40 at 3-5-93 22:15:25Disabling VTP
When you configure the switch as VTP transparent, you disable VTP on the switch. The switch then does not send VTP updates and does not act on VTP updates received from other switches. However, a VTP transparent switch does forward received VTP advertisements on all of its trunk links.
To put the switch in VTP transparent mode, perform this task from privileged EXEC mode:
This example shows how to configure the switch as VTP transparent and verify the configuration:
Switch# vlan databaseSwitch(vlan)# vtp transparentSetting device to VTP TRANSPARENT mode.Switch(vlan)# exitAPPLY completed.Exiting....Switch# show vtp statusVTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 68Number of existing VLANs : 6VTP Domain Name : Building_AVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x09 0xF6 0x57 0x1C 0xC9 0x6F 0x75 0x16Configuration last modified by 172.20.130.40 at 3-5-93 22:15:25Enabling VTP Version 2
VTP version 2 is disabled by default on VTP version 2-capable switches. When you enable VTP version 2 on a switch, every VTP version 2-capable switch in the VTP domain enables version 2.
Caution
Note
To enable VTP version 2, perform this task from privileged EXEC mode:
This example shows how to enable VTP version 2 and verify the configuration:
Switch# vlan databaseSwitch(vlan)# vtp v2-modeV2 mode enabled.Switch(vlan)# exitAPPLY completed.Exiting....Switch# show vtp statusVTP Version : 2Configuration Revision : 2Maximum VLANs supported locally : 68Number of existing VLANs : 14VTP Operating Mode : ServerVTP Domain Name : milanoVTP Pruning Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0xAC 0x23 0x2F 0x75 0x52 0xDC 0x17 0x70Configuration last modified by 172.20.128.178 at 3-6-93 23:46:53Disabling VTP Version 2
To disable VTP version 2, perform this task from privileged EXEC mode:
This example shows how to disable VTP version 2:
Switch# vlan databaseSwitch(vlan)# no vtp v2-modeV2 mode disabled.Switch(vlan)# exitIn CLIENT state, no apply attempted.Exiting....Switch# show vtp statusVTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 68Number of existing VLANs : 59VTP Operating Mode : ClientVTP Domain Name : milanoVTP Pruning Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x53 0x97 0x06 0x02 0xF8 0x6F 0x45 0x85Configuration last modified by 172.20.128.151 at 3-5-93 01:05:21Monitoring VTP
You monitor VTP by displaying its configuration information: the domain name, the current VTP revision, and the number of VLANs. You can also display statistics about the advertisements sent and received by the switch.
To monitor VTP activity, perform this task from privileged EXEC mode:
Step 1
show vtp status
Step 2
show vtp counters
This example shows how to display the switch VTP status:
Switch# show vtp statusVTP Version : 2Configuration Revision : 2Maximum VLANs supported locally : 68Number of existing VLANs : 6VTP Operating Mode : TransparentVTP Domain Name : Building_AVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0xB9 0xC7 0x8D 0xB3 0xD4 0xBA 0x94 0x03Configuration last modified by 172.20.130.40 at 3-9-93 20:12:24This example shows how to display the VTP statistics:
Switch# show vtp countersVTP statistics:Summary advertisements received : 3Subset advertisements received : 2Request advertisements received : 0Summary advertisements transmitted : 10Subset advertisements transmitted : 10Request advertisements transmitted : 1Number of config revision errors : 0Number of config digest errors : 0Number of V1 summary errors : 0VTP pruning statistics:Trunk Join Transmitted Join Received Summary advts received fromnon-pruning-capable device---------------- ---------------- ---------------- ---------------------------Fa1/1 8 6 0Fa1/2 6 0 0Fa1/3 6 0 0Fa1/4 6 0 0How VLANs Work
A VLAN is a group of end stations with a common set of requirements, independent of physical location. VLANs have the same attributes as a physical LAN, but you can group end stations even if they are not physically located on the same LAN segment.
VLANs on supported switches and other supported devices limit unicast, multicast, and broadcast traffic flooding. Flooded traffic originating from a particular VLAN is only flooded out other ports belonging to that VLAN.
Clusters
Cisco IOS Release 12.0(5)XP supports the grouping of switches into clusters. A cluster is up to 16 switches that can be managed as a single entity. The command switch is the single point of management for the cluster. Member switches are managed through the command switch.
Switches in a cluster can be connected through ports that belong to any VLAN that is configured as the management VLAN.
Adding VLANs to a Cluster
If you are configuring VLANs on a member switch, you might need to enter an extra command from the command switch CLI to access the member switch. When configuring port parameters, for example, you can use the privileged EXEC rcommand command and the number of the member switch to display the member switch CLI. Once you have accessed the member switch, command mode changes and IOS commands operate as usual. Enter exit on the member switch in privileged EXEC mode to return to the command switch CLI.
See the Cisco IOS Desktop Switching Software Configuration Guide and the Cisco IOS Desktop Switching Command Reference for more information on managing clusters.
VLAN Membership
Ports that belong to VLANs are configured with a membership mode that determines what kind of traffic each port carries and how many VLANs it can belong to. lists the membership modes and characteristics.
Table 2-2 Port Membership Modes
VLANs in a VTP Domain
Before you create VLANs, you must decide whether to use VTP to maintain global VLAN configuration information for your network. For complete information on VTP, refer to the "How VTP Works" section.
Figure 2-2 shows an example of VLANs segmented into logically defined networks.
VLANs are often associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. Traffic between VLANs must be routed. Port VLAN membership on the switch is assigned manually on a port-by-port basis. Ports assigned to a VLAN by this method are said to have port-based, or static, VLAN membership.
Figure 2-2 VLANs as Logically Defined Networks
You can set the following parameters when you add a VLAN to a VTP database:
•
•
•
•
•
•
•
•
•
•
•
The "Default VLAN Configurations" section lists the default values and possible ranges for each VLAN media type.
Token Ring VLANs
Although the 2900 and 3500 XL switches do not support Token Ring connections, a remote device such as a Catalyst 5000 series switch with Token Ring connections could be managed from one of the supported switches. Switches running this IOS release advertise information about Token Ring VLANs when running VTP
version 2. The following Token Ring VLAN types are supported on the supported switches running VTP version 2:•
•
For more information on configuring Token Ring VLANs, see the Catalyst 5000 Series Software Configuration Guide.
VLAN Configuration Guidelines
Follow these guidelines when creating and modifying VLANs in your network:
•
•
•
Default VLAN Configurations
through shows the default configurations for the different VLAN media types.
Note
Table 2-3 Ethernet VLAN Defaults and Ranges
Table 2-4
FDDI VLAN Defaults and Ranges
Table 2-5
FDDI-Net VLAN Defaults and Ranges
Table 2-6 Token Ring (TrBRF) VLAN Defaults and Ranges
Table 2-7
Token Ring (TrCRF) VLAN Defaults and Ranges
Configuring VLANs
You use the VLAN database command mode to add, change, and delete VLANs. In VTP server or transparent mode, commands to add, change, and delete VLANs are written to the file vlan.dat, and you can display them by entering the privileged EXEC mode show vlan command. The vlan.dat file is stored in nonvolatile memory. The vlan.dat file is upgraded automatically, but you cannot go back to an earlier version of Cisco IOS after you upgrade to this release.
Caution
You use the interface configuration command mode to define the port membership mode and add and remove ports from VLAN. The results of these commands are written to the running-configuration file, and you can display the file by entering the privileged EXEC mode show running-config command.
Note
Adding an Ethernet VLAN
Each VLAN has a unique, 4-digit ID that can be a number from 1 to 1001. To add a VLAN to the VLAN database, assign a number and name to the VLAN. See the "Default VLAN Configurations" section for the list of default parameters that are assigned when you add a VLAN.
If you do not specify the VLAN type, the VLAN is an Ethernet VLAN. To add a VLAN, perform this task from privileged EXEC mode:
This example shows how to create an Ethernet VLAN and verify the configuration:
Switch# vlan databaseSwitch(vlan)# vlan 0003 name marketingVLAN 3 added:Name: marketingSwitch(vlan)# exitAPPLY completed.Exiting....Switch# show vlan name marketingVLAN Name Status Ports---- -------------------------------- --------- ---------------------3 marketing activeVLAN Type SAID MTU Parent RingNo BridgeNo Stp Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- ------ ------3 enet 100003 1500 - - - - 0 0Modifying an Ethernet VLAN
The following task table illustrates how to modify VLAN parameters. You must perform this task from privileged EXEC mode:
This example shows how to modify an Ethernet VLAN and verify the configuration:
Switch# vlan databaseSwitch(vlan)# vlan 0003 mtu 4000VLAN 3 modified:MTU 4000Switch(vlan)# exitAPPLY completed.Exiting....Switch# show vlan 0003VLAN Type SAID MTU Parent RingNo BridgeNo Stp Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- ------ ------3 enet 100003 4000 - - - - 0 0Deleting a VLAN from the Database
When you delete a VLAN from a switch that is in VTP server mode, the VLAN is removed from all switches in the VTP domain. When you delete a VLAN from a switch that is in VTP transparent mode, the VLAN is deleted only on that specific switch.
You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005.
Caution
To delete a VLAN on the switch, perform this task from privileged EXEC mode:
This example shows how to delete a VLAN:
Switch# vlan databaseSwitch(vlan)# no vlan 3Deleting VLAN 3...Switch(vlan)# exitAPPLY completed.Exiting....Switch# show vlan briefVLAN Name Status Ports---- -------------------------------- --------- ---------------------1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5,Fa0/6, Fa0/7, Fa0/8, Fa0/9,Fa0/10, Fa0/11, Fa0/12, Fa0/13,Fa0/14, Fa0/15, Fa0/162 VLAN0002 active4 VLAN0004 active1002 fddi-default active1003 token-ring-default active1004 fddinet-default active1005 trnet-default activeAssigning Static-Access Ports to a VLAN
A static-access port belongs to one VLAN. To assign a port to a VLAN, perform this task from privileged EXEC mode:
Note
This example shows how to assign switch ports to a VLAN and verify the assignment:
Switch# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Switch(config)# interface fa0/1Switch(config-if)# switchport mode accessSwitch(config-if)# switchport access vlan 0003Switch(config-if)# endSwitch# show interface fa0/1 switchportName: Fa0/1Switchport: EnabledAdministrative mode: static accessAdministrative Trunking Encapsulation: islOperational Trunking Encapsulation: islNegotiation of Trunking: DisabledTrunking Native Mode VLAN: 1 (default)Trunking VLANs Enabled: NONEPruning VLANs Enabled: NONEHow QoS Works
The 2900 XL and 3500 XL switches provide QoS based on IEEE 802.1p class of service (CoS) values.
Typically, networks operate on a best-effort delivery basis, which means that all traffic has equal priority and an equal chance of being delivered in a timely manner. When congestion occurs, all traffic has an equal chance of being dropped.
QoS uses classification and scheduling to transmit network traffic from the switch in a predictable manner. QoS classifies frames by assigning priority-indexed CoS values to them and gives preference to higher-priority traffic.
Note
CoS Values
CoS values range between zero for low-priority and seven for high-priority.
Inter-Switch Link (ISL) frame headers have a 1-byte User field that carries the CoS value in the three least significant bits. IEEE 802.1Q frame headers have a 2-byte Tag Control Information field that carries the 802.1P CoS value in the three most significant bits, which are called the User Priority bits. Other frame types cannot carry CoS values.
Port Priority
Frames received from users in the administratively-defined VLANs are identified or tagged for transmission to other devices. Based on rules you define, a unique identifier (the tag) is inserted in each frame header before it is forwarded. The tag is examined and understood by each device before any broadcasts or transmissions to other switches, routers, or end stations. When the frame reaches the last switch or router, the tag is removed before the frame is transmitted to the target end station. VLANs that are assigned on trunk or access ports without identification or a tag are called native or untagged frames.
provides information about the types of frames:
For ISL or IEEE 802.1Q frames with tag information, the priority value from the header frame is used. For native frames, the default priority of the ingress port is used.
Ingress Port Scheduling
Each port on the switch has a single receive queue buffer for incoming traffic. This receive queue buffer is called an ingress port. When an untagged frame arrives, it is assigned the value of the port as its port default priority. A tagged frame continues to use its assigned CoS value when it passes through the ingress port.
Egress Port Scheduling
CoS configures each transmit (or egress) port with a low-priority transmit queue and a high-priority transmit queue, depending on the frame tag or the port information. See "Transmit Queues" and "Setting the Port Priority for CoS Values" for more information about egress queue priority.
Transmit Queues
As shown in , the switches have two categories of transmit queues:
Table 2-9 Transmit Queue Information
2900 XL switches, 2900 XL Ethernet modules (802.1p user priority)
2
Frames with a priority value of 0 through 3 are sent to a normal or low-priority queue.
Frames with a priority value of 4 through 7 are sent to a high-priority queue.
3500 XL switches, Gigabit Ethernet modules (802.1p user priority)
2
Frames with a priority value of 0 through 3 are sent to a normal or low-priority queue.
Frames with a priority value of 4 through 7 are sent to a high-priority queue.
1 Legacy switches and modules in this category only have one transmit queue. All frames are sent to a single transmit queue. For a list of devices and corresponding part numbers, see the Release Notes for Catalyst 2900 Series XL and Catalyst 3500 Series XL Cisco IOS Release 12.0(5)XP.
Setting the Port Priority for CoS Values
To set the port priority, perform this task in interface configuration mode:
This example shows how to set the port priority:
Switch> enableSwitch# password <password>Switch# configure terminalSwitch(config)# interface fa0/3Switch(config-if)# switchport priority default 7Switch(config-if)#Displaying Port Priority Information
To display port priority information, perform this task in user EXEC mode:
Show port priority information for an interface.
show interface interface-id switchport
This example shows how to display the port priority:
Switch> show interface fa0/1 switchportName:Fa0/1Switchport:EnabledAdministrative mode:static accessOperational Mode:static accessAdministrative Trunking Encapsulation:islOperational Trunking Encapsulation:islNegotiation of Trunking:DisabledAccess Mode VLAN:1 (default)Trunking Native Mode VLAN:1 (default)Trunking VLANs Enabled:NONEPruning VLANs Enabled:NONE
