|
|
This chapter describes how to configure the following features:
For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 5000 Series Command Reference publication.
Before you create VLANs, you must decide whether to use VTP in your network. If you choose to use VTP, you must decide whether the switch will be a VTP server or a VTP client. If you choose not to use VTP, you must set the switch to transparent mode. If you use VTP, you must decide whether to use VTP version 1 or version 2. If you are using VTP in a Token Ring environment, you must use version 2.
After you decide which version of VTP to run, you must create a VTP domain (also called a VLAN management domain) before you create the desired VLANs. In a VTP domain, VLANs can only be created, changed, and deleted if the switch is in VTP server mode (the default). The VLAN configuration cannot be changed if the switch is in VTP client mode. Both clients and servers update their VTP and VLAN configuration based on the advertisements they receive over their trunk links.
VTP version 1 is supported in Catalyst 5000 series supervisor engine software release 2.1 or later and ATM software release 3.1 or later. VTP version 2, an extension to VTP that supports Token Ring LAN switching and other features, is supported in Catalyst 5000 series software release 3.1(1) and later.
For more information on VTP, see the "Understanding VTP" section in this chapter.
These guidelines apply to switches within the same VTP domain:
A VTP version 2-capable switch will not run version 2 unless you manually enable it on at least one switch in the VTP domain. To enable VTP version 2, perform this task in privileged mode:
| Task | Command |
|---|---|
To configure the switch as a VTP server, perform these tasks in privileged mode:
This example shows how to configure the switch as a VTP server:
To configure the switch as a VTP client, perform these tasks in privileged mode:
The VTP client switch receives VTP updates from VTP servers and updates its configuration accordingly. The following example shows how to configure the switch as a VTP client:
To configure the switch as VTP transparent (effectively disabling VTP on the switch), perform this task in privileged mode:
A VTP transparent switch does not send VTP updates, and ignores VTP updates from VTP servers. This example shows how to configure the switch as VTP transparent:
To verify the VTP configuration, perform these tasks:
This example shows the output of the show vtp domain command indicating that the switch is VTP version 2-capable and that VTP version 2 is enabled:
This example shows the output for a switch configured as a VTP server:
This example shows the output for a switch configured as a VTP client:
This example shows the output for a switch configured as VTP transparent:
To show VTP statistics, such as VTP advertisements sent and received and VTP errors, enter the show vtp statistics command:
VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency throughout the network. VTP manages the addition, deletion, and renaming of VLANs on a network-wide basis, and allows you to make central changes that are automatically communicated to all the other switches in the network.
VTP minimizes possible configuration inconsistencies that arise when changes are made. These inconsistencies can result in security violations because VLANs cross connect when duplicate names are used and internally disconnect when VLANs are incorrectly mapped between one LAN type and another.
Using VTP, each Catalyst 5000 series switch advertises its management domain on its trunk ports, its configuration revision number, and its known VLANs and their specific parameters. A VTP domain is made up of one or more interconnected devices that share the same VTP domain name. A switch can be configured to be in one and only one VTP domain.
VTP servers and clients maintain all VLANs everywhere within the VTP domain. A VTP domain defines the boundary of a particular VLAN. Servers and clients transmit information through trunks to other attached switches and receive updates from those trunks.
VTP servers either maintain information in nonvolatile memory or access it using TFTP. Using VTP servers, you can modify the global VLAN information with either the VTP MIB via the SNMP or using the CLI. When you add or advertise VLANs, both servers and clients are notified that they should be prepared to receive traffic on their trunk ports. A VTP server can also instruct a switch to delete a VLAN and disable all ports assigned to it.
Advertisement frames are sent to a multicast address so that they can be received by all neighboring devices, but they are not forwarded by normal bridging procedures. All devices in the same management domain learn about any new VLANs configured in the transmitting device. Because of this process, you need to configure a new VLAN only on one device in the management domain. All other devices in the same management domain learn the configured information automatically. VTP is transmitted on all trunk connections, including ISL, 802.1Q, 802.10, and LANE.
A new VLAN is indicated by a VTP advertisement received by a device running VTP. Devices accept the traffic of the new VLAN and propagate it to their trunks after adding the VTP-learned VLANs to their trunks.
Using periodic advertisements, VTP tracks configuration changes and communicates them to other switches in the network. When a new switch is added to the network, the added devices receive updates from VTP and automatically configure existing VLANs within the network.
VTP also maps VLANs dynamically across multiple LAN types with unique names and internal index associations. Mapping eliminates excessive device administration required from network administrators.
VTP establishes global configuration values and distributes the following global configuration information:
VTP version 2 supports Token Ring LAN switching and the following features:
VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown, and flooded unicast packets. VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled in a management domain.
Make sure that all devices in the management domain support VTP pruning before enabling it (using the set vtp pruning enable command). VTP pruning is supported in Catalyst 5000 series software release 2.3 and later. Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP pruning takes effect several seconds after configuration.
When enabled, VTP pruning does not prune traffic from VLANs that are not pruning-eligible. By default, VLANs 2 through 1000 are pruning-eligible. VLAN 1 is always pruning-ineligible; traffic from VLAN 1 cannot be pruned.
To make a VLAN pruning ineligible, enter the clear vtp pruneeligible command. To make a VLAN pruning eligible again, enter the set vtp pruneeligible command. You can issue these commands regardless of whether VTP pruning is enabled or disabled. Pruning eligibility resides on the local device only.
These guidelines apply to switches within the same VTP domain:
To configure VTP pruning, perform these tasks in privileged mode:
This example shows how to enable VTP pruning in the management domain and how to make VLANs 2-99, 250-255, and 501-1000 pruning-eligible on the particular device:
To disable VTP pruning, perform this task in privileged mode:
This example shows how to disable VTP pruning in the management domain:
To verify the VTP pruning configuration, perform these tasks:
| Task | Command |
|---|---|
| Step 1. Verify the VTP pruning configuration. | |
| Step 2. Check whether VLANs are being pruned on trunk ports. |
This example shows how to verify the VTP pruning configuration using the show vtp domain command. The arrow shows that VTP pruning is enabled, and that VLANs 2-99, 250-255, and 501-1000 are pruning-eligible:
This example shows how to verify the VTP pruning configuration using the show trunk command. The arrow shows that VLANs 1 and 522-524 are in spanning-tree forwarding state and are not pruned on the trunk:
VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown, and flooded unicast packets. VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices.
Figure 9-1 shows a switched network without VTP pruning enabled. Port 1 on Switch 1 and port 2 on Switch 4 are assigned to the Red VLAN. A broadcast is sent from the host connected to switch 1. Switch 1 floods the broadcast and every switch in the network receives it, even though Switches 3, 5, and 6 have no ports in the Red VLAN.
Figure 9-2 shows the same switched network with VTP pruning enabled. The broadcast traffic from Switch 1 is not forwarded to Switches 3, 5, and 6 because traffic from the Red VLAN has been pruned on the links indicated (port 5 on Switch 2 and port 4 on Switch 4).
Two main tasks are involved with configuring VLANs:
If you are configuring Token Ring VLANs, see the section "Creating Token Ring VLANs (TrBRFs) " later in this chapter.
Enter the set vlan command to create a VLAN and enter the clear vlan command to delete a VLAN. If the switch is a VTP server, changes to the VLAN configuration are propagated to other switches in the VTP domain. If the switch is a VTP client, you cannot create or delete VLANs; you must change the VTP mode of the switch or perform the VLAN configuration on a VTP server. If the switch is in VTP transparent mode, the VLAN configuration affects the particular switch only and is not propagated to other switches in the network.
VLANs support a number of parameters, only a few of which are discussed in this section. For complete information on the set vlan command and its parameters, refer to the Catalyst 5000 Series Command Reference publication.
Before you can create a VLAN on the switch, you must do one of the following:
For information on configuring VTP, see the section "Configuring VTP" earlier in this chapter.
To create a VLAN on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Create a VLAN. If desired, assign it a name (the VLAN number is used as the name if no name is specified). |
This example shows how to create a VLAN on the switch:
To delete a VLAN on the switch, perform this task in privileged mode:
This example shows how to delete a VLAN (in this case, the switch is a VTP server):
To verify the VLAN configuration, perform this task:
This example shows how to verify the VLAN configuration:
You can assign one or more ports to a VLAN using the set vlan command. By default, all switched Ethernet and Fast Ethernet ports belong to VLAN 1.
To assign one or more switch ports to a VLAN, perform this task in privileged mode:
Note If you specify a VLAN that does not exist, the VLAN is created and the specified ports are assigned to it.
This example shows how to assign switch ports to a VLAN:
Figure 9-3 shows a switch that has ports 1 through 4 assigned to VLAN 10 (Engineering) and ports 5 through 12 assigned to VLAN 20 (Accounting).
To verify the port VLAN assignments, perform either of these tasks:
| Task | Command |
|---|---|
This example shows how to verify the port VLAN assignments using the show vlan command:
