Catalyst 3550 Multilayer Switch Software Configuration Guide, 12.1(4)EA1
Creating and Maintaining VLANs
Download this chapter
Creating and Maintaining VLANsCreating and Maintaining VLANs
Download the complete book
Catalyst 3550 Multilayer Switch Software Configuration Guide (full book in PDF format)Catalyst 3550 Multilayer Switch Software Configuration Guide (full book in PDF format) (PDF - 12 MB)
give_us_feedback

Table Of Contents

Creating and Maintaining VLANs

Understanding VLANs

Number of Supported VLANs

VLAN Port Membership Modes

Using the VLAN Trunk Protocol

The VTP Domain and VTP Modes

VTP Advertisements

VTP Version 2

VTP Pruning

Configuring VTP

Default VTP Configuration

VTP Configuration Guidelines

Configuring a VTP Server

Configuring a VTP Client

Disabling VTP (VTP Transparent Mode)

Enabling VTP Version 2

Enabling VTP Pruning

Monitoring VTP

VLANs in the VTP Database

Token Ring VLANs

Default VLAN Configuration

VLAN Configuration Guidelines

Configuring VLANs in the VTP Database

Adding an Ethernet VLAN

Modifying an Ethernet VLAN

Deleting a VLAN from the Database

Assigning Static-Access Ports to a VLAN

Displaying VLANs in the VTP Database

Understanding VLAN Trunks

Trunking Overview

Encapsulation Types

802.1Q Configuration Considerations

Default Layer 2 Ethernet Interface VLAN Configuration

Configuring an Ethernet Interface as a Trunk Port

Configuring a Trunk Port

Defining the Allowed VLANs on a Trunk

Changing the Pruning-Eligible List

Configuring the Native VLAN for Untagged Traffic

Load Sharing Using STP

Load Sharing Using STP Port Priorities

Configuring STP Port Priorities and Load Sharing

Load Sharing Using STP Path Cost

Configuring STP Path Costs and Load Sharing

Understanding VMPS

Dynamic Port VLAN Membership

VMPS Database Configuration File

VMPS Configuration Guidelines

Default VMPS Configuration

Configuring an Interface as a Layer 2 Dynamic Access Port

Entering the IP Address of the VMPS

Configuring Dynamic Access Ports on VMPS Clients

Reconfirming VLAN Memberships

Changing the Reconfirmation Interval

Changing the Retry Count

Administering and Monitoring the VMPS

Troubleshooting Dynamic Port VLAN Membership

Dynamic Port VLAN Membership Configuration Example


Creating and Maintaining VLANs

This chapter describes how to create and maintain virtual local-area networks (VLANs). It includes information about VLAN modes, the VLAN Trunk Protocol (VTP) database, and the VLAN Membership Policy Server (VMPS).

Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 3550 Multilayer Switch Command Reference for this release.

The chapter includes these sections:

Understanding VLANs

Using the VLAN Trunk Protocol

VLANs in the VTP Database

Understanding VLAN Trunks

Understanding VMPS

Note When you are configuring VLANs and using the switch only in Layer 2 mode, to allocate system resources to maximize the number of Layer 2 VLANs allowed, you can use the sdm prefer vlan global configuration command to set the Switch Database Management feature to the VLAN template. For more information on the SDM templates, refer to the "Optimizing System Resources for User-Selected Features" section.

Understanding VLANs

A VLAN is a switched network that is logically segmented by function, project team, or application, without regard to the physical locations of the users. VLANs have the same attributes as a physical LAN, but you can group end stations even if they are not located physically on the same LAN segment. Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in the VLAN. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router or bridge as shown in Figure 8-1. Because a VLAN is considered a separate logical network, it contains its own bridge Management Information Base (MIB) information and can support its own implementation of the Spanning Tree Protocol (STP).

Note Before you create VLANs, you must decide whether to use VTP to maintain global VLAN configuration for your network. For more information on VTP, see the "Using the VLAN Trunk Protocol" section.

Figure 8-1 shows an example of VLANs segmented into logically defined networks.

Figure 8-1 VLANs as Logically Defined Networks

VLANs are often associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. Interface VLAN membership on the switch is assigned manually on an interface-by-interface basis. When you assign switch interfaces to VLANs by using this method, it is known as interface-based, or static, VLAN membership.

Traffic between VLANs must be routed. A Catalyst 3550 switch with the enhanced mutilayer switch image installed can route traffic between VLANs by using switch virtual interfaces (SVIs). An SVI must be explicitly configured and assigned an IP address to route traffic between VLANs. For more information, see the "Switch Virtual Interfaces" section and the "Configuring Layer 3 Interfaces" section.

Number of Supported VLANs

The Catalyst 3550 switch supports 1005 VLANs in VTP client, server, and transparent modes. VLANs are identified with a number between 1 and 1001. VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs. The switch supports per-VLAN spanning tree (PVST) with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.

Note In its default state, the switch supports up to 1005 VLANs, but we recommend a maximum of 256 simultaneously active VLANs to ensure sufficient system memory resources to support features enabled in the VLANs. However, there are four available switch database management (SDM) templates that you can use to reallocate system resources, depending on your application. Refer to the "Optimizing System Resources for User-Selected Features" section for more information about the templates.

The switch supports both Inter-Switch Link (ISL) and IEEE 802.1Q trunking methods for transmitting VLAN traffic over Ethernet ports.

VLAN Port Membership Modes

You configure a port to belong to a VLAN by assigning a membership mode that determines the kind of traffic the port carries and the number of VLANs to which it can belong. Table 8-1 lists the membership modes and characteristics.

Table 8-1 Port Membership Modes 

Membership Mode
VLAN Membership Characteristics

Static-access

A static-access port can belong to one VLAN and is manually assigned by using the switchport mode access command.

For more information, see the "Assigning Static-Access Ports to a VLAN" section.

Trunk (ISL or
IEEE 802.1Q)

A trunk is a member of all VLANs in the VLAN database by default, but membership can be limited by configuring the allowed-VLAN list. You can also modify the pruning-eligible list to block flooded traffic to VLANs on trunk ports that are included in the list.

VTP maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP exchanges VLAN configuration messages with other switches over trunk links.

Configure VLAN trunks using the switchport mode trunk command. For more information, see the "Configuring an Ethernet Interface as a Trunk Port" section.

Dynamic access

A dynamic-access port can belong to one VLAN and is dynamically assigned by a VMPS. The VMPS can be a Catalyst 5000 or Catalyst 6000 series switch, for example, but never a Catalyst 3550 switch.

You begin configuration by using the switchport mode access command.

For more information, see the "Configuring an Interface as a Layer 2 Dynamic Access Port" section.


For more detailed definitions of the modes and their functions, see Table 8-5.

When a port belongs to a VLAN, the switch learns and manages the addresses associated with the port on a per-VLAN basis. For more information, see the "Managing the MAC Address Table" section.

Using the VLAN Trunk Protocol

VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.

Before you create VLANs, you must decide whether to use VTP in your network. Using VTP, you can make configuration changes centrally on one or more switches and have those changes automatically communicated to all the other switches in the network. Without VTP, you cannot send information about VLANs to other switches.

The VTP Domain and VTP Modes

A VTP domain (also called a VLAN management domain) consists of one switch or several interconnected switches under the same administrative responsibility sharing the same VTP domain name. A switch can be in only one VTP domain.You make global VLAN configuration changes for the domain by using the command-line interface (CLI), Cluster Management software, or Simple Network Management Protocol (SNMP).

You can configure a supported switch to be in one of the VTP modes listed in Table 8-2.

Table 8-2 VTP Modes 

VTP Mode
Description

VTP server

In this mode, you can create, modify, and delete VLANs and specify other configuration parameters (such as VTP version) for the entire VTP domain. VTP servers advertise their VLAN configurations to other switches in the same VTP domain and synchronize their VLAN configurations with other switches based on advertisements received over trunk links.

In VTP server mode, VLAN configurations are saved in nonvolatile RAM (NVRAM). VTP server is the default mode.

VTP client

A VTP client behaves like a VTP server, but you cannot create, change, or delete VLANs on a VTP client.

In VTP client mode, VLAN configurations are not saved in NVRAM.

VTP transparent

VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. However, in VTP version 2, transparent switches do forward VTP advertisements that they receive from other switches from their trunk interfaces. You can create, modify, and delete VLANs on a switch in VTP transparent mode.

In VTP transparent mode, VLAN configurations are saved in NVRAM, but they are not advertised to other switches.


By default, the switch is in VTP server mode and in the no-management-domain state until it receives an advertisement for a domain over a trunk link (a link that carries the traffic of multiple VLANs) or until you configure a domain name. Until the management domain name is specified or learned, you cannot create or modify VLANs on a VTP server, and VLAN information is not propagated over the network.

If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and the VTP configuration revision number. The switch then ignores advertisements with a different domain name or an earlier configuration revision number.

When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP advertisements are sent over all trunk connections, including Inter-Switch Link (ISL) and IEEE 802.1Q.

VTP maps VLANs dynamically across multiple LAN types with unique names and internal index associates. Mapping eliminates excessive device administration required from network administrators.

If you configure a switch for VTP transparent mode, you can create and modify VLANs, but the changes are not transmitted to other switches in the domain, and they affect only the individual switch.

The "Configuring VTP" section provides tips and caveats for configuring VTP.

VTP Advertisements

Each switch in the VTP domain sends periodic global configuration advertisements from each trunk port to a reserved multicast address. Neighboring switches receive these advertisements and update their VTP and VLAN configurations as necessary.

Note Because trunk ports send and receive VTP advertisements, you must ensure that at least one trunk port is configured on the switch and that this trunk port is connected to the trunk port of a second switch. Otherwise, the switch cannot receive any VTP advertisements. For more information on trunk ports, see the "Understanding VLAN Trunks" section.

VTP advertisements distribute this global domain information:

VTP domain name

VTP configuration revision number

Update identity and update timestamp

MD5 digest VLAN configuration, including maximum transmission unit (MTU) size for each VLAN.

Frame format

VTP advertisements distribute this VLAN information for each configured VLAN:

VLAN IDs (ISL and 802.1Q)

VLAN name

VLAN type

VLAN state

Additional VLAN configuration information specific to the VLAN type

VTP Version 2

If you use VTP in your network, you must decide whether to use version 1 or version 2.

VTP version 2 supports these features not supported in version 1:

Token Ring support—VTP version 2 supports Token Ring Bridge Relay Function (TrBRF) and Token Ring Concentrator Relay Function (TrCRF) VLANs. For more information about Token Ring VLANs, see the "VLANs in the VTP Database" section.

Unrecognized Type-Length-Value (TLV) support—A VTP server or client propagates configuration changes to its other trunks, even for TLVs it is not able to parse. The unrecognized TLV is saved in NVRAM when the switch is operating in VTP server mode.

Version-Dependent Transparent Mode—In VTP version 1, a VTP transparent switch inspects VTP messages for the domain name and version and forwards a message only if the version and domain name match. Because only one domain is supported, VTP version 2 forwards VTP messages in transparent mode without checking the version and domain name.

Consistency Checks—In VTP version 2, VLAN consistency checks (such as VLAN names and values) are performed only when you enter new information through the CLI, the Cluster Management Software (CMS), or SNMP. Consistency checks are not performed when new information is obtained from a VTP message or when information is read from NVRAM. If the MD5 digest on a received VTP message is correct, its information is accepted.

VTP Pruning

VTP pruning increases network available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to reach the destination devices. Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them. VTP pruning is disabled by default.

VTP pruning blocks unneeded flooded traffic to VLANs on trunk ports that are included in the pruning-eligible list. Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are pruning eligible on Catalyst 3550 trunk ports. If the VLANs are configured as pruning-ineligible, the flooding continues. VTP pruning is supported with VTP version 1 and version 2.

Figure 8-2 shows a switched network without VTP pruning enabled. Port 1 on Switch 1 and Port 2 on Switch 4 are assigned to the Red VLAN. If a broadcast is sent from the host connected to Switch 1, Switch 1 floods the broadcast and every switch in the network receives it, even though Switches 3, 5, and 6 have no ports in the Red VLAN.

Figure 8-2 Flooding Traffic without VTP Pruning

Figure 8-3 shows a switched network with VTP pruning enabled. The broadcast traffic from Switch 1 is not forwarded to Switches 3, 5, and 6 because traffic for the Red VLAN has been pruned on the links shown (Port 5 on Switch 2 and Port 4 on Switch 4).

Figure 8-3 Optimized Flooded Traffic with VTP Pruning

Enabling VTP pruning on a VTP server enables pruning for the entire management domain. Refer to the "Enabling VTP Pruning" section. VTP pruning takes effect several seconds after you enable it. VTP pruning does not prune traffic from VLANs that are pruning-ineligible. VLAN 1 is always pruning-ineligible; traffic from VLAN 1 cannot be pruned.

VTP pruning is not designed to function in VTP transparent mode. If one or more switches in the network are in VTP transparent mode, you should do one of these:

Turn off VTP pruning in the entire network.

Turn off VTP pruning by making all VLANs on the trunk of the switch upstream to the VTP transparent switch pruning ineligible.

To configure VTP pruning on an interface, use the switchport trunk pruning vlan command (see the "Changing the Pruning-Eligible List" section). VTP pruning operates when an interface is trunking. You can set VLAN pruning-eligibility, whether or not VTP pruning is enabled for the VTP domain, whether or not any given VLAN exists, and whether or not the interface is currently trunking.

Configuring VTP

This section includes procedures for configuring VTP. These sections are included:

Default VTP Configuration

VTP Configuration Guidelines

Configuring a VTP Server

Configuring a VTP Client

Disabling VTP (VTP Transparent Mode)

Enabling VTP Version 2

Enabling VTP Pruning

Monitoring VTP

Default VTP Configuration

Table 8-3 shows the default VTP configuration.

Table 8-3 Default VTP Configuration 

Feature
Default Setting

VTP domain name

Null.

VTP mode

Server.

VTP version 2 enable state

Version 2 is disabled.

VTP password

None.

VTP pruning

Disabled.


VTP Configuration Guidelines

These sections describe guidelines you should follow when implementing VTP in your network.

Domain Names

When configuring VTP for the first time, you must always assign a domain name. All switches in the VTP domain must be configured with the same domain name. Switches in VTP transparent mode do not exchange VTP messages with other switches, and you do not need to configure a VTP domain name for them.

Caution If NVRAM and DRAM storage is sufficient, all switches in a VTP domain should be in VTP server mode.

Passwords

You can configure a password for the VTP domain, but it is not required. If you do configure a domain password, all domain switches must share the same password and you must configure the password on each switch in the management domain. Switches without a password or with the wrong password reject VTP advertisements.

If you configure a VTP password for a domain, a switch that is booted without a VTP configuration does not accept VTP advertisements until you configure it with the correct password. After the configuration, the switch accepts the next VTP advertisement that uses the same password and domain name in the advertisement.

If you are adding a new switch to an existing network that has VTP capability, the new switch learns the domain name only after the applicable password has been configured on the switch.

Caution When you configure a VTP domain password, the management domain does not function properly if you do not assign a management domain password to each switch in the domain.

VTP Version

Follow these guidelines when deciding which VTP version to implement:

All switches in a VTP domain must run the same VTP version.

A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTP version 1 if version 2 is disabled on the version 2-capable switch (version 2 is disabled by default).

Do not enable VTP version 2 on a switch unless all of the switches in the same VTP domain are version-2-capable. When you enable version 2 on a switch, all of the version-2-capable switches in the domain enable version 2. If there is a version 1-only switch, it does not exchange VTP information with switches with version 2 enabled.

If there are TrBRF and TrCRF Token Ring networks in your environment, you must enable VTP version 2 for Token Ring VLAN switching to function properly. To run Token Ring and Token Ring-Net, disable VTP version 2.

Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for the entire VTP domain.

Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that device only (not on all switches in the VTP domain.)

Configuration Requirements

After you configure VTP, you must configure a trunk port so that the switch can send and receive VTP advertisements. For more information, see the "Understanding VLAN Trunks" section.

You can configure VTP by entering commands in the VLAN configuration mode. When you enter the exit command in VLAN configuration mode, it applies all the commands that you entered. VTP messages are sent to other switches in the VTP domain, and the privileged EXEC mode prompt appears.

Note The Cisco IOS end and Ctrl-Z commands are not supported in VLAN configuration mode.

Configuring a VTP Server

When a switch is in VTP server mode, you can change the VLAN configuration and have it propagated throughout the network.

Beginning in privileged EXEC mode, follow these steps to configure the switch as a VTP server:

 
Command
Purpose

Step 1 

vlan database

Enter VLAN configuration mode.

Step 2 

vtp server

Configure the switch for VTP server mode (the default).

Step 3 

vtp domain domain-name

Configure a VTP administrative-domain name.

The name can be from 1 to 32 characters.

All switches operating in VTP server or client mode under the same administrative responsibility must be configured with the same domain name.

Step 4 

vtp password password-value

(Optional) Set a password for the VTP domain. The password can be from 8 to 64 characters.

If you configure a VTP password, the VTP domain does not function properly if you do not assign the same password to each switch in the domain.

Step 5 

exit

Return to privileged EXEC mode.

Step 6 

show vtp status

Verify the VTP configuration.

In the display, check the VTP Operating Mode and the VTP Domain Name fields.

This example shows how to verify the configuration: 

Switch# show vtp status

VTP Version                     : 2

Configuration Revision          : 5

Maximum VLANs supported locally : 1005

Number of existing VLANs        : 69

VTP Operating Mode              : Server

VTP Domain Name                 : test

VTP Pruning Mode                : Disabled

VTP V2 Mode                     : Disabled

VTP Traps Generation            : Disabled

MD5 digest                      : 0x59 0xBA 0x92 0xA4 0x74 0xD5 0x42 0x29

Configuration last modified by 0.0.0.0 at 3-1-93 00:18:42

Local updater ID is 10.1.1.59 on interface Vl1 (lowest numbered VLAN interface found)

Configuring a VTP Client

When a switch is in VTP client mode, you cannot change its VLAN configuration. The client switch receives VTP updates from a VTP server in the VTP domain and then modifies its configuration accordingly.

Beginning in privileged EXEC mode, follow these steps to configure the switch for VTP client mode:

 
Command
Purpose

Step 1 

vlan database

Enter VLAN configuration mode.

Step 2 

vtp client

Configure the switch for VTP client mode. The default setting is VTP server.

Step 3 

vtp domain domain-name

Configure a VTP administrative-domain name. The name can be from 1 to 32 characters. This should be the same domain name as the VTP server.

All switches operating in VTP server or client mode under the same administrative responsibility must be configured with the same domain name.

Step 4 

vtp password password-value

(Optional) Assign a password for the VTP domain. The password can be from 8 to 64 characters.

If you configure a VTP password, the VTP domain does not function properly if you do not assign the same password to each switch in the domain.

Step 5 

exit

Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode.

Step 6 

show vtp status

Verify the VTP configuration.

In the display, check the VTP Operating Mode field.

Step 7 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Disabling VTP (VTP Transparent Mode)

When you configure the switch for VTP transparent mode, you disable VTP on the switch. The switch then does not send VTP updates and does not act on VTP updates received from other switches. However, a VTP transparent switch running VTP version 2 does forward received VTP advertisements on all of its trunk links.

Beginning in privileged EXEC mode, follow these steps to configure the switch for VTP transparent mode:

 
Command
Purpose

Step 1 

vlan database

Enter VLAN configuration mode.

Step 2 

vtp transparent

Configure the switch for VTP transparent mode.

The default setting is VTP server.

This step disables VTP on the switch.

Step 3 

exit

Return to privileged EXEC mode.

Step 4 

show vtp status

Verify the VTP configuration.

In the display, check the VTP Operating Mode field.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Enabling VTP Version 2

VTP version 2 is disabled by default on VTP version 2-capable switches. When you enable VTP version 2 on a switch, every VTP version 2-capable switch in the VTP domain enables version 2.

Caution VTP version 1 and VTP version 2 are not interoperable on switches in the same VTP domain. Every switch in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every switch in the VTP domain supports version 2.

Note In TrCRF and TrBRF Token ring environments, you must enable VTP version 2 for Token Ring VLAN switching to function properly. For Token Ring and Token Ring-Net media, VTP version 2 must be disabled.

For more information on VTP version configuration guidelines, see the "VTP Version" section.

Beginning in privileged EXEC mode, follow these steps to enable VTP version 2:

 
Command
Purpose

Step 1 

vlan database

Enter VLAN configuration mode.

Step 2 

vtp v2-mode

Enable VTP version 2 on the switch.

VTP version 2 is disabled by default on VTP version 2-capable switches.

Step 3 

exit

Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode.

Step 4 

show vtp status

Verify that VTP version 2 is enabled.

In the display, check the VTP V2 Mode field.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To disable VTP version 2, use the no vtp v2-mode VLAN configuration command.

Enabling VTP Pruning

Pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the destination devices. You enable VTP pruning on a switch in VTP server mode.

Beginning in privileged EXEC mode, follow these steps to enable VTP pruning in the management domain:

 
Command
Purpose

Step 1 

vlan database

Enter VLAN configuration mode.

Step 2 

vtp pruning

Enable pruning in the VTP administrative domain.

By default, pruning is disabled. You only need to enable pruning on one switch in VTP server mode.

Step 3 

exit

Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode.

Step 4 

show vtp status

Verify your entries.

In the display, check the VTP Pruning Mode field.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Pruning is supported with VTP version 1 and version 2. If you enable pruning on the VTP server, it is enabled for the entire VTP domain.

Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are pruning eligible on trunk ports. To change the pruning-eligible VLANs, see the "Changing the Pruning-Eligible List" section.

To disable VTP pruning, use the no vtp pruning vlan configuration command.

Monitoring VTP

You monitor VTP by displaying VTP configuration information: the domain name, the current VTP revision, and the number of VLANs. You can also display statistics about the advertisements sent and received by the switch.

Beginning in privileged EXEC mode, follow these steps to monitor VTP activity:

 
Command
Purpose

Step 1 

show vtp status

Display the VTP switch configuration information.

Step 2 

show vtp counters

Display counters about VTP messages being sent and received.

This example displays VTP configuration information: 

Switch# show vtp status

VTP Version                     : 2

Configuration Revision          : 5

Maximum VLANs supported locally : 1005

Number of existing VLANs        : 69

VTP Operating Mode              : Server

VTP Domain Name                 : test

VTP Pruning Mode                : Disabled

VTP V2 Mode                     : Disabled

VTP Traps Generation            : Disabled

MD5 digest                      : 0x59 0xBA 0x92 0xA4 0x74 0xD5 0x42 0x29

Configuration last modified by 0.0.0.0 at 3-1-93 00:18:42

Local updater ID is 10.1.1.59 on interface Vl1 (lowest numbered VLAN interface found)

This example displays VTP statistics: 

Switch# show vtp counters 

VTP statistics:

Summary advertisements received    : 0

Subset advertisements received     : 0

Request advertisements received    : 0

Summary advertisements transmitted : 0

Subset advertisements transmitted  : 0

Request advertisements transmitted : 0

Number of config revision errors   : 0

Number of config digest errors     : 0

Number of V1 summary errors        : 0



VTP pruning statistics:


Trunk            Join Transmitted Join Received    Summary advts received from

                                                   non-pruning-capable device

---------------- ---------------- ---------------- ---------------------------

VLANs in the VTP Database

You can set these parameters when you create a new VLAN or modify an existing VLAN in the VTP database:

VLAN ID

VLAN name

VLAN type (Ethernet, Fiber Distributed Data Interface [FDDI], FDDI network entity title [NET], TrBRF, or TrCRF, Token Ring, Token Ring-Net)

VLAN state (active or suspended)

Maximum transmission unit (MTU) for the VLAN

Security Association Identifier (SAID)

Bridge identification number for TrBRF VLANs

Ring number for FDDI and TrCRF VLANs

Parent VLAN number for TrCRF VLANs

Spanning Tree Protocol (STP) type for TrCRF VLANs

VLAN number to use when translating from one VLAN type to another

The "Default VLAN Configuration" section lists the default values and possible ranges for each VLAN media type.

Token Ring VLANs

Although the Catalyst 3550 switches do not support Token Ring connections, a remote device such as a Catalyst 5000 series switch with Token Ring connections could be managed from one of the supported switches. Switches running VTP version 2 advertise information about these Token Ring VLANs when running VTP version 2:

Token Ring TrBRF VLANs

Token Ring TrCRF VLANs

For more information on configuring Token Ring VLANs, see the Catalyst 5000 Series Software Configuration Guide.

Default VLAN Configuration

Table 8-4 shows the default configuration for Ethernet VLANs.

Note The switch supports Ethernet interfaces exclusively. Because FDDI and Token Ring VLANs are not locally supported, you configure FDDI and Token Ring media-specific characteristics only for VTP global advertisements to other switches.

Table 8-4 Ethernet VLAN Defaults and Ranges 

Parameter
Default
Range

VLAN ID

1

1-1005

VLAN name

default

No range

802.10 SAID

101001

1-4294967294

MTU size

1500

1500-18190

Translational bridge 1

1002

0-1005

Translational bridge 2

1003

0-1005

VLAN state

active

active, suspend


VLAN Configuration Guidelines

Follow these guidelines when creating and modifying VLANs in your network:

The Catalyst 3550 switch supports 1005 VLANs in VTP client, server, and transparent modes. VLANs are identified with a number between 1 and 1001. VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs.

Note In its default state, the switch supports up to 1005 VLAN IDs, but we recommend a maximum of 256 simultaneously active VLANs to ensure sufficient system memory resources to support features enabled in the VLANs. However, there are four available switch database management (SDM) templates that you can use to reallocate system resources, depending on your application. Configuring the Layer 2 VLAN template increases the number of supported active VLANs. Refer to the "Optimizing System Resources for User-Selected Features" section for more information about the templates.

Before you can create a VLAN, the switch must be in VTP server mode or VTP transparent mode. If the switch is a VTP server, you must define a VTP domain.

Catalyst 3550 switches do not support Token Ring or FDDI media. The switch does not forward FDDI, FDDI-Net, TrCRF, or TrBRF traffic, but it does propagate the VLAN configuration through VTP.

The switch supports 128 STP instances. If a switch has more active VLANs than supported STP instances, STP can be enabled on 128 VLANs and is disabled on the remaining VLANs. If you have already used up all available STP instances on a switch, adding another VLAN anywhere in the VTP domain creates a VLAN on that switch that is not running STP. If you have the default allowed list on the trunk ports of that switch (which is to allow all VLANs), the new VLAN is carried on all trunk ports. Depending on the topology of the network, this could create a loop in the new VLAN that would not be broken, particularly if there are several adjacent switches that all have run out of STP instances. You can prevent this possibility by setting allowed lists on the trunk ports of switches that have used up their allocation of STP instances.

Configuring VLANs in the VTP Database

You can add, modify or remove VLAN configurations in the VTP database by using the CLI VLAN configuration mode. VTP globally propagates these VLAN changes throughout the VTP domain.

In VTP server or transparent mode, commands to add, change, and delete VLANs are written to the file vlan.dat, and you can display them by entering the show vlan privileged EXEC command. The vlan.dat file is stored in NVRAM.

Caution You can cause inconsistency in the VLAN database if you attempt to manually delete the vlan.dat file. If you want to modify the VLAN configuration or VTP, use the VLAN database commands described in the Catalyst 3550 Multilayer Switch Command Reference for this release.

You use the interface configuration mode to define the port membership mode and to add and remove ports from VLANs. The results of these commands are written to the running-configuration file, and you can display the file by entering the privileged EXEC mode show running-config privileged EXEC command.

Note VLANs can be configured to support a number of parameters that are not discussed in detail in this section. For complete information on the commands and parameters that control VLAN configuration, refer to the Catalyst 3550 Multilayer Switch Command Reference for this release.

Adding an Ethernet VLAN

Each Ethernet VLAN has a unique, 4-digit ID that can be a number from 1 to 1001. To add a VLAN to the VLAN database, assign a number and name to the VLAN. For the list of default parameters that are assigned when you add a VLAN, see the "Default VLAN Configuration" section.

Beginning in privileged EXEC mode, follow these steps to add an Ethernet VLAN:

 
Command
Purpose

Step 1 

vlan database

Enter VLAN configuration mode.

Step 2 

vlan vlan-id name vlan-name

Add an Ethernet VLAN by assigning a number to it. If no name is entered for the VLAN, the default is to append the vlan-id to the word VLAN. For example, VLAN0004 could be a default VLAN name for VLAN 4.

Step 3 

exit

Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode.

Step 4 

show vlan name vlan-name

Verify the VLAN configuration.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

This example shows how to add Ethernet VLAN 20 to the VLAN database: 

Switch# configure terminal 

Enter configuration commands, one per line.  End with CNTL/Z.

Switch(config)# vlan database

Switch(vlan)# vlan 20 name test20

Switch(vlan)# exit

Switch# show vlan name test20


VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

20   test20                         active


VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

20   enet  100020     1500  -      -      -        -    -        0      0

Modifying an Ethernet VLAN

Beginning in privileged EXEC mode, follow these steps to modify an Ethernet VLAN:

 
Command
Purpose

Step 1 

vlan database

Enter VLAN configuration mode.

Step 2 

vlan vlan-id mtu mtu-size

Identify the VLAN, and change the MTU size.

Step 3 

exit

Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode.

Step 4 

show vlan id vlan-id

Verify the VLAN configuration.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

This example shows how to verify configuration of VLAN 27: 

Switch# show vlan id 27


VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

27   VLAN0027                         active


VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

Deleting a VLAN from the Database

When you delete a VLAN from a switch that is in VTP server mode, the VLAN is removed from all switches in the VTP domain. When you delete a VLAN from a switch that is in VTP transparent mode, the VLAN is deleted only on that specific switch.

You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005.

Caution When you delete a VLAN, any ports assigned to that VLAN become inactive. They remain associated with the VLAN (and thus inactive) until you assign them to a new VLAN.

Beginning in privileged EXEC mode, follow these steps to delete a VLAN on the switch:

 
Command
Purpose

Step 1 

vlan database

Enter VLAN configuration mode.

Step 2 

no vlan vlan-id

Remove the VLAN by entering the VLAN ID.

Step 3 

exit

Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode.

Step 4 

show vlan brief

Verify the VLAN removal.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Assigning Static-Access Ports to a VLAN

You can assign a static-access port to a VLAN without having VTP globally propagate VLAN configuration information (VTP is disabled).

Note If you assign an interface to a VLAN that does not exist, the new VLAN is created (see the "Adding an Ethernet VLAN" section).

Beginning in privileged EXEC mode, follow these steps to assign a port to a VLAN in the VTP database:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode

Step 2 

interface interface-id

Enter the interface to be added to the VLAN.

Step 3 

switchport mode access

Define the VLAN membership mode for the port (Layer 2 access port).

Step 4 

switchport access vlan vlan-id

Assign the port to a VLAN.

Step 5 

end

Return to privileged EXEC mode.

Step 6 

show running-config interface interface-id

Display the running configuration of the interface.

Step 7 

show interfaces interface-id switchport

Verify the VLAN configuration.

In the display, verify the Operation Mode, Access Mode VLAN, and the Priority for Untagged Frames fields.

Step 8 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Note Use the default interface interface-id command to return an interface to its default configuration.

This example shows how to configure Gigabit Ethernet interface 0/1 as an access port in VLAN 2: 

Switch# configure terminal 

Enter configuration commands, one per line.  End with CNTL/Z.

Switch(config)# interface gigabitethernet0/1 

Switch(config-if)# switchport mode access 

Switch(config-if)# switchport access vlan 2

Switch(config-if)# end 

Switch# exit

These examples show how to verify the configuration: 

Switch# show running-config interface gigabitethernet0/1

Building configuration...


Current configuration : 74 bytes

!

interface GigabitEthernet0/1

 no ip address

 snmp trap link-status

end 


Switch# show interfaces gigabitethernet0/1 switchport 

Name: Gi0/1

Switchport: Enabled

Administrative Mode: dynamic desirable

Operational Mode: static access

Administrative Trunking Encapsulation: negotiate

Operational Trunking Encapsulation: native

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001


Protected: false

Unknown unicast blocked: false

Unknown multicast blocked: false


Broadcast Suppression Level: 100

Multicast Suppression Level: 100

Unicast Suppression Level: 100

Displaying VLANs in the VTP Database

Use the show vlan privileged EXEC command to display a list of VLANs in the database, including status, ports, and configuration: 

Switch# show vlan


VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Gi0/1, Gi0/2, Gi0/3, Gi0/4

                                                Gi0/7, Gi0/8, Gi0/9, Gi0/11

                                                Gi0/12

20   VLAN0020                         active

21   VLAN0021                         active

22   VLAN0022                         active

27   VLAN0027                         active

31   VLAN0031                         active

35   vlan0035                         active

36   VLAN0036                         active

1002 fddi-default                     active

1003 trcrf-default                    active

1004 fddinet-default                  active

1005 trbrf-default                    active


VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1    enet  100001     1500  -      -      -        -    -        1002   1003

20   enet  100020     1500  -      -      -        -    -        0      0

21   enet  100021     1500  -      -      -        -    -        0      0


VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

22   enet  100022     1500  -      -      -        -    -        0      0

27   enet  100027     1500  -      -      -        -    -        0      0

31   enet  100031     1500  -      -      -        -    -        0      0

35   enet  10000      1500  -      -      -        -    -        0      0

36   enet  100036     1500  -      -      -        -    -        0      0

1002 fddi  101002     1500  -      -      -        -    -        1      1003

1003 trcrf 101003     4472  1005   3276   -        -    srb      1      1002

1004 fdnet 101004     1500  -      -      1        ibm  -        0      0

1005 trbrf 101005     4472  -      -      15       ibm  -        0      0


VLAN AREHops STEHops Backup CRF

---- ------- ------- ----------

1003 7       7       off

Use the EXEC command show vlan brief to display a list of VLANs in the database with status and ports but without configuration information: 

Switch# show vlan brief


VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Gi0/1, Gi0/2, Gi0/3, Gi0/4

                                                Gi0/7, Gi0/8, Gi0/9, Gi0/11

                                                Gi0/12

20   VLAN0020                         active

21   VLAN0021                         active

22   VLAN0022                         active

27   VLAN0027                         active

31   VLAN0031                         active

35   VLAN0035                         active

36   VLAN0036                         active

1002 fddi-default                     active

1003 trcrf-default                    active

1004 fddinet-default                  active

1005 trbrf-default                    active

Understanding VLAN Trunks

These sections describe how VLAN trunks function on the switch:

Trunking Overview

Encapsulation Types

Default Layer 2 Ethernet Interface VLAN Configuration

Trunking Overview

A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device such as a router or a switch. Trunks carry the traffic of multiple VLANs over a single link, and you can extend VLANs across an entire network. Gigabit Ethernet trunks carry traffic for multiple VLANs over a single link.

Two trunking encapsulations are available on all Ethernet interfaces:

Inter-Switch Link (ISL)—ISL is Cisco-proprietary trunking encapsulation.

802.1Q—802.1Q is industry-standard trunking encapsulation.

Figure 8-4 shows a network of switches that are connected by ISL trunks.

Figure 8-4 Switches in an ISL Trunking Environment

You can configure a trunk on a single Ethernet interface or on an EtherChannel bundle. For more information about EtherChannel, see "Configuring EtherChannel."

Ethernet trunk interfaces support different trunking modes (see Table 8-5). You can specify whether the trunk uses ISL or 802.1Q encapsulation or if the encapsulation type is autonegotiated. To autonegotiate trunking, the interfaces must be in the same VTP domain. Use the trunk or nonegotiate keywords to force interfaces in different domains to trunk. Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which supports autonegotiation of both ISL and 802.1Q trunks.

Note DTP is a point-to-point protocol. However, some internetworking devices might forward DTP frames improp