0% found this document useful (0 votes)

8 views129 pages

Chapter 0 Part2 VLANs-Part2

Uploaded by

Dao Tran Minh Quan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

8 views129 pages

Chapter 0 Part2 VLANs-Part2

Uploaded by

Dao Tran Minh Quan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 129

VLANs, Trunking,

VTP, Port Aggregation

Part 2

ROUTE v7 Chapter 4
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 1
Storing VLAN information
DLS1(config)# vtp domain West
DLS1(config)# vlan 10
DLS1(config-vlan)# name WestSales
DLS1(config-vlan)# vlan 11
DLS1(config-vlan)# name WestEng

vlan.dat

▪ Storage of VLAN information is model dependent.

• Cisco: “The memory location name where the vlan.dat file is stored varies
from device to device. Refer to the respective product documentation before
you issue the copy command.”
▪ VLAN information for 29xx and 35xx switches is automatically stored in
vlan.dat file in flash.
• VTP information: Domain Name, Configuration Revision Number
• VLAN information (configured or via VTP): VLAN Number, VLAN
2 Name
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 2
Storing VLAN information
DLS1(config)# inter fa 0/1
DLS1(config-if)#switchport mode access
DLS1(config-if)# switchport access vlan 10
DLS1(config-if)# copy running-config startup-config

running- startup-
config config vlan.dat

▪ Interface commands are stored in running-config and

will need to be saved to startup-config in NVRAM

3
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 3
Storing VLAN information - No longer recommended
DLS1# vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.

DLS1(vlan)# exit
APPLY completed.
Exiting....
DLS1#

⚫ Note: The vlan database command is no longer recommended by

Cisco.
⚫ One less thing we need to remember!

4
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 4
VLAN Trunking
Protocol

▪ Cisco-proprietary protocol
▪ Automates the propagation of VLAN information between switches via
trunk links.
▪ Minimizes misconfigurations and configuration inconsistencies.
▪ VTP domains define sets of interconnected switches sharing the same
VTP configuration.

© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 6
VTP Modes
Mode Description
Client • Cannot create, change, or delete VLANs on command-line interface
(CLI).
• Forwards advertisements to other switches.
• Synchronizes VLAN configuration with latest information received from
other switches in the management domain.
• Does not save VLAN configuration in nonvolatile RAM (NVRAM).

Server • Can create, modify, and delete VLANs.

• Sends and forwards advertisements to other switches.
• Synchronizes VLAN configuration with latest information received from
other switches in the management domain.
• Saves VLAN configuration in NVRAM.
Transparent • Can create, modify, and delete VLANs only on the local switch.
• Forwards VTP advertisements received from other switches in the same
management domain.
• Does not synchronize its VLAN configuration with information received
from other switches in the management domain.
• Saves VLAN configuration in NVRAM.

▪ Three VTP versions: V1, V2, V3.

▪ Versions are not interoperable
• V2 supports token ring VLANs but V1 does not

▪ Not part of CCNP SWITCH

▪ Only available on CatOS no IOS
▪ “With 12.2(33)SXI VTP version 3 will be supported by IOS,
closing the feature gap in this area compared to CAT OS. VTP
version 3 will be available within all IOS feature sets. “
▪ Features:
• Supports ISL VLAN range from 1 to 1001,
• Supports 802.1Q VLAN range up to 4095.
• Can transfer information regarding Private VLAN (PVLAN) structures.
▪ http://www.cisco.com/en/US/prod/collateral/switches/ps5718/p
s708/solution_guide_c78_508010.html
9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 9
VTP Messages

ROUTE v7 Chapter 4
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 10
VTP Message Types

▪ Summary Advertisements
▪ Subset Advertisements
▪ Advertisement Requests

▪ By default, Catalyst switches issue summary advertisements in 5-minute

increments.
▪ Informs adjacent switches of:
• VTP domain name
• Configuration revision number
▪ When the switch receives a summary advertisement packet, the switch
compares the VTP domain name to its own VTP domain name.
• If the name is different, the switch ignores the packet.
• If the name is the same, the switch then compares the configuration
revision to its own revision.
• If its own configuration revision is higher or equal, the packet is ignored.
• If it is lower, an advertisement request is sent.
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 12
VTP Subset Advertisements

▪ When you add, delete, or change a VLAN:

▪ The VTP server where the changes are made increments the configuration
revision and issues a summary advertisement.
▪ One or more subset advertisements follow the summary advertisement.
• Contains a list of VLAN information.

▪ A switch issues a VTP advertisement request in these

situations:
• The switch has been reset.
• The VTP domain name has been changed.
• The switch has received a VTP summary advertisement with a
higher configuration revision than its own.
▪ Upon receipt of an advertisement request, a VTP device
sends a summary advertisement.
▪ One or more subset advertisements follow the summary
advertisement.
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 14
NOTE: Whenever you add, delete, or
change (name) a VLAN on a VTP server,
VTP Messages it increments the configuration revision
VTP Domain = Cisco number and
VTP a summary
Domain = Ciscoadvertisement is
sent.
VTP Mode = Server VTP Mode = Server
Config Rev = 2 Config Rev = 0
VLANs = 1, 2, 3 VLANs = 1

Summary
Subset
▪ VTP Summary advertisements
• By default, sent every five-minutes.
• Inform adjacent switches of the current VTP domain name and the configuration
revision number.
• Receiving switch compares the VTP domain name to its own VTP domain name.
• If the name is different, the switch simply ignores the packet.
• Same or Different? Same
• If the name is the same, the switch then compares the configuration revision to its
own revision.
• If its own configuration revision is higher or equal, the packet is ignored.
• Own Config Rev higher or equal than sender’s? No, it is lower
• Otherwise, it is lower and a VTP Advertisement Request is sent.15
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 15
VTP Messages
VTP Domain = Cisco VTP Domain = Cisco
VTP Mode = Server VTP Mode = Server
Config Rev = 02 Config Rev = 02
VLANs = 1 2, 3 VLANs = 1 2, 3

Summary

Subset

▪ VTP Subset advertisements

• Sent in response to a VTP Advertisement Request
• Also, sent whenever there is a change to VLAN information on a VTP
server.
• First the server sends a VTP Summary Advertisement
• Then the server sends a VTP Subset Advertisement
• One or several subset advertisements follow the summary advertisement.
• A subset advertisement contains a list of VLAN information.
16
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 16
VTP Domain = null VTP Domain = null
VTP Mode = Server VTP Mode = Server
Config Rev = 0 Config Rev = 0
VLANs = 1 VLANs = 1

No Trunks
Configured
⚫ Let’s take a look at VTP
Messages and Server, Client and
Transparent Switches.
⚫ By default all switches are VTP
VTP Domain = null
Servers.
VTP Mode = Server
Config Rev = 0
VLANs = 1

17
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 17
VTP Domain = null VTP Domain = null
VTP Mode = Server VTP Mode = Transparent
Config Rev = 0 Config Rev = 0
VLANs = 1 VLANs = 1

⚫ Switch B is now a Client

⚫ Switch C is now Transparent
⚫ VLAN servers maintain a list of all
VLANs in NVRAM.
VTP Domain = null ⚫ Client cannot add, delete or
VTP Mode = Client rename VLANs.
Config Rev = 0 ⚫ Client does not store VLAN
VLANs = 1 information in NVRAM.
⚫ If a client reboots it loses VLAN
information and relying on a VTP
server to restore the18information. 18
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public
VTP Domain = null VTP Domain = null
VTP Mode = Server VTP Mode = Transparent
Config Rev = 0 Config Rev = 0
VLANs = 1 VLANs = 1

⚫ Transparent mode switches must

have their VLANs configured
manually.
⚫ Does not participate in VTP or
VTP Domain = null
advertise their VLANs.
VTP Mode = Client ⚫ Ideal for switches with VLANs
Config Rev = 0 which should be local to that
VLANs = 1 switch.

19
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 19
VTP Domain = null
Cisco VTP Domain = null
VTP Mode = Server VTP Mode = Transparent
Config Rev = 02 Config Rev = 0
VLANs = 1 2, 3 VLANs = 1

⚫ VTP server:
 Domain Name configured as
Cisco
 VLANs 2 and 3 added
VTP Domain = null  Config Rev increased to 2
VTP Mode = Client (one for each VLAN added)
Config Rev = 0
VLANs = 1

20
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 20
VTP Domain = Cisco VTP Domain = null
VTP Mode = Server VTP Mode = Transparent
Config Rev = 2 Config Rev = 0
VLANs = 1, 2, 3 VLANs = 1

⚫ VTP works only over trunk links.

⚫ Switch A (Server) sends summary
advertisement over trunk links on VLAN 1
 Includes Domain and Revision Number
 Multicast 01-00-0C-CC-CC-CC
⚫ Switch B updates its Domain
 Because of the higher revision number in
VTP Domain = Cisco
null the Summary, B replies with Advertisement
VTP Mode = Client Request
Config Rev = 02 ⚫ Switch A sends a VTP Subset advertisement
VLANs = 11, 2, 3 Switch B updates its VLAN configuration
revision number and VLANs. (May be
preceeded by another Summary
advertisement.)
21
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 21
VTP Domain = Cisco VTP Domain = null
Cisco
VTP Mode = Server VTP Mode = Transparent
Config Rev = 2 Config Rev = 0
VLANs = 1, 2, 3 VLANs = 1 1, 2, 3, 4, 5, 6

⚫ VTP advertisements sent to Transparent switch.

(Shown together)
⚫ Switch C does not make any changes based on
these advertisements.
⚫ Now, lets say Switch C is configured with:
 Domain name Cisco
 VLANs 2, 3, 4, 5, 6
VTP Domain = Cisco ⚫ Even though in same domain, Switch C does
VTP Mode = Client not advertise these VLANs to other switches.
Config Rev = 2 ⚫ The Configuration Revision number remains at
VLANs = 1, 2, 3 0 even when VLAN configuration is changed.
⚫ Transparent switches will relay VTP messages
it receives to other switches if it is in the same
domain or in a null domain (let take a look…).
22
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 22
Relays VTP Advertisements
VTP Domain = Cisco VTP Domain = Cisco
VTP Mode = Server VTP Mode = Transparent
Config Rev = 2 Config Rev = 0 No changes to
VLANs = 1, 2, 3 VLANs = 1, 2, 3, 4, 5, 6 Rev or VLANs

VTP Domain = Cisco

null
VTP Mode = Client
Config Rev = 20
VLANs = 11, 2, 3

VTP Domain = Cisco ⚫ VTP Client Switch D added to the network.

VTP Mode = Client ⚫ Switch A (Server) sends summary advertisement
over trunk links on VLAN 1
Config Rev = 2
⚫ Switch D updates its Domain
VLANs = 1, 2, 3
 Replies with Advertisement Request
⚫ Switch A sends a VTP Subset advertisement Switch
D updates its VLAN configuration revision number
and VLANs
23
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 23
Understanding and
Troubleshooting Common
VTP Issues

ROUTE v7 Chapter 4
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 24
Both switches are VTP Servers and in the same Domain, but different VLAN
information. Let’s see what happens when trunking is enabled between the
switches…
VTP Domain = West VTP Domain = West
VTP Mode = Server VTP Mode = Server
Config Rev = 34 Config Rev = 34
VLANs = 1, 10, 11, 12 , 30 VLANs = 1, 20, 21, 22 10, 11, 12, 30

We both have the same We both have the same

Config Rev number so no Config Rev number so no
changes changes

⚫ When two switches with same Domain Name and same Configuration
Revision Numbers exchange VTP information:
 No change
⚫ If Switch A adds a new VLAN, VLAN 30, Config Rev is increased by 1.
⚫ Switch A will send VTP information to Switch B who will synchronize
25
its
VLAN information with Switch A, losing current “local” VLANs 25
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public
Example: Using DLS1 (Switch A) and DLS2 (Switch B)
DLS1(config)# inter range fa 0/1 - 24
DLS1(config-if-range)# switchport mode dynamic auto

DLS2(config)# inter range fa 0/1 - 24

DLS2(config-if-range)# switchport mode dynamic auto
DLS1# show inter trunk

DLS1#

⚫ Note: Because Pod2 2690’s and 3560’s are incorrectly defaulting to dynamic
desirable they will trunk by default, which we do not want in this example.
⚫ This was also done on ALS1 and ALS2 to prevent any trunking.

26
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 26
When DLS1 gets a higher Config Rev Number…

DLS1# show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/9, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gi0/1
Gi0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

⚫ Default VLANs

27
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 27
When DLS1 gets a higher Config Rev Number…

DLS1#show vtp status

VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
DLS1#

⚫ Default VTP information:

 Configuration Revision Number = 0
 Increased by 1 whenever VLAN is added or deleted
 VTP Mode = Server
 VTP Domain Name = <blank> (null) 28
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 28
When DLS1 gets a higher Config Rev Number…
DLS2# show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Gi0/1, Gi0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

DLS2# show vtp status

VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name :
<output omitted>

⚫ Same on DLS2. 29
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 29
When DLS1 gets a higher Config Rev Number…

DLS1(config)# vtp domain West

DLS1(config)# vlan 10
DLS1(config-vlan)# name WestSales
DLS1(config-vlan)# vlan 11
DLS1(config-vlan)# name WestEng
DLS1(config-vlan)# vlan 12
DLS1(config-vlan)# name WestAdmin

DLS1# show vtp status

VTP Version : 2
Configuration Revision : 3
Maximum VLANs supported locally : 1005
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : West
<output omitted>

⚫ Add VTP Domain Name and configure VLANs

⚫ Configuration Revision changed to 3 (one for each VLAN)
⚫ Remember, no trunking (yet)
30
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 30
When DLS1 gets a higher Config Rev Number…

DLS1# show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Gi0/1, Gi0/2
10 WestSales active
11 WestEng active
12 WestAdmin active

⚫ Verified.

31
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 31
When DLS1 gets a higher Config Rev Number…

DLS2(config)# vtp domain West

DLS2(config)# vlan 20
DLS2(config-vlan)# name WestAcct
DLS2(config-vlan)# vlan 21
DLS2(config-vlan)# WestMngt
DLS2(config-vlan)# name WestMngt
DLS2(config-vlan)# vlan 22
DLS2(config-vlan)# name WestManuf

DLS2# show vtp status

VTP Version : 2
Configuration Revision : 3
Maximum VLANs supported locally : 1005
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : West
<output omitted>

⚫ Now on DLS2: Add VTP Domain Name and configure different VLANs
⚫ Configuration Revision changed to 3
⚫ Still no trunking
32
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 32
When DLS1 gets a higher Config Rev Number…

DLS2# show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Gi0/1, Gi0/2
20 WestAcct active
21 WestMngt active
22 WestManuf active

⚫ Verified.
33
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 33
When DLS1 gets a higher Config Rev Number…

DLS1(config)# inter range fa 0/11 - 12

DLS1(config-if-range)# switchport trunk encap dot1q
DLS1(config-if-range)# switchport mode trunk

DLS1# show inter trunk

Port Mode Encapsulation Status Native vlan

Fa0/11 on 802.1q trunking 1
Fa0/12 on 802.1q trunking 1

⚫ Trunking configured between DLS1 and DLS2.

⚫ VTP messages can now be sent but no changes because
Configuration Revision numbers are the same.
34
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 34
When DLS1 gets a higher Config Rev Number…

DLS1# show vtp status

VTP Version : 2
Configuration Revision : 3
Maximum VLANs supported locally : 1005
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : West
<output omitted>

DLS2# show vtp status

VTP Version : 2
Configuration Revision : 3
Maximum VLANs supported locally : 1005
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : West
<output omitted>

⚫ Configuration Revision still 3

⚫ Number of existing VLANs (known by each switch) still 8 35
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 35
When DLS1 gets a higher Config Rev Number…
DLS1# show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 WestSales active
11 WestEng active
12 WestAdmin active

DLS2# show vlan

⚫ Verify that there are no DLS2 VLANs on DLS1.

36
⚫ Verify that there are no DLS1 VLANs on DLS2.
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 36
When DLS1 gets a higher Config Rev Number…

DLS1(config)# vlan 30
DLS1(config-vlan)# name Guest

DLS1# show vtp status

VTP Version : 2
Configuration Revision : 4
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name : West
<output omitted>

⚫ VLAN 30 added on DLS1.

⚫ Configuration Revision increased by 1 to 4.
⚫ DLS1 now has the higher Configuration Revision number37between the
two servers (the highest in the Domain). 37
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public
When DLS1 gets a higher Config Rev Number…

DLS1# show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 WestSales active
11 WestEng active
12 WestAdmin active
30 Guest active

⚫ Verified. 38
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 38
When DLS1 gets a higher Config Rev Number…

DLS2# show vtp status

VTP Version : 2
Configuration Revision : 4
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name : West
<output omitted>

⚫ DLS2 receives VTP update from DLS1 with higher Configuration

Revision Number.
⚫ DLS2 synchronizes its VLAN database with DLS1’s information
39
including Configuration Revision Number and VLAN information.
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 39
When DLS1 gets a higher Config Rev Number…

DLS2# show vlan

⚫ DLS2 lost previous VLANs 20, 21, and 22.

⚫ DLS2’s VLAN database overwritten with DLS1’s information.
⚫ Good news: Both Servers both in sync (identical) so any changes will mean
40 the VLAN
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 40
When DLS1 gets a higher Config Rev Number…

DLS2(config)# vlan 20
DLS2(config-vlan)# name WestAcct
DLS2(config-vlan)# vlan 21
DLS2(config-vlan)# name WestMngt
DLS2(config-vlan)# vlan 22
DLS2(config-vlan)# name WestManuf

DLS2# show vtp status

VTP Version : 2
Configuration Revision : 7
Maximum VLANs supported locally : 1005
Number of existing VLANs : 12
VTP Operating Mode : Server
VTP Domain Name : West

⚫ To correct this we need to add the VLANs back to DLS2.

⚫ DLS2 will send VTP update to DLS1 so VLAN information will be the
same.
41
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 41
When DLS1 gets a higher Config Rev Number…

DLS2# show vlan

VLAN Name Status Ports

⚫ Verified.
42
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 42
When DLS1 gets a higher Config Rev Number…
DLS1# show vtp status
⚫ DLS1 receives VTP update
VTP Version : 2
Configuration Revision : 7
and updates VLAN
Maximum VLANs supported locally : 1005 information including
Number of existing VLANs : 12 Configuration Revision
VTP Operating Mode : Server number.
VTP Domain Name : West
<output omittd> ⚫ Domain is still in sync.

DLS1# show vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 WestSales active
11 WestEng active
12 WestAdmin active
20 WestAcct active
21 WestMngt active
22 WestManuf active
30 Guest active
43
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 43
What happens when Client/Server enters with higher
Configuration Revision number?
VTP Domain = West VTP Domain = West
VTP Mode = Server VTP Mode = Client (or Server)
13
Config Rev = 10 Config Rev = 13
VLANs = 1, 10, 11, 12, 20, 21, 22, 30 VLANs = 1, 20, 21, 22, 30

⚫ Both switches are in the same domain.

⚫ Switch C can be Client OR Server
⚫ Switch C has Higher Configuration Revision number
⚫ Even if Switch C is a Client when enters VTP domain it will overwrite
DLS1’s VLAN information because it has higher Configuration Revision
number.
44
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 44
Client/Server enters with Higher Revision
DLS1(config)# inter fa 0/1
DLS1(config-if)# switchport mode access
DLS1(config-if)# switchport access vlan 10
DLS1(config-if)# exit
DLS1(config)# inter fa 0/2
DLS1(config-if)# switchport mode access
DLS1(config-if)# switchport access vlan 11
DLS1# show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
<output omitted>
Gi0/1, Gi0/2
10 WestSales active Fa0/1
11 WestEng active Fa0/2
12 WestAdmin active
20 WestAcct active
21 WestMngt active
22 WestManuf active
30 Guest active

⚫ Assign VLANs to interfaces. (no specific reason)

DLS1(config)# inter range fa 0/11 -12

DLS1(config-if-range)# shutdown

⚫ Shutdown interface so we can modify DLS2 (Switch B)

⚫ We will adding the trunk back to simulate a switch being entered into
the network.

46
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 46
Client/Server enters with Higher Revision

DLS1# show vtp status

VTP Version : 2
Configuration Revision : 10
Maximum VLANs supported locally : 1005
Number of existing VLANs : 12
VTP Operating Mode : Server
VTP Domain Name : West
<output omitted>

DLS2#show vtp status

VTP Version : 2
Configuration Revision : 10
Maximum VLANs supported locally : 1005
Number of existing VLANs : 12
VTP Operating Mode : Server
VTP Domain Name : West

⚫ Right now both switches have same Configuration Revision number,

let’s change that.
⚫ Note: Configuration Revision numbers not necessarily the47same as
previous example due to this was done in a different session.
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 47
Client/Server enters with Higher Revision

DLS2#show vlan

VLAN Name Status Ports

⚫ We are going to remove these three VLANs on DLS2 so it has different

VLANs and a higher Configuration Revision Number.
⚫ Remember, DLS1 has same VLAN information and also has:
 Fa0/1 in VLAN 10
 Fa0/2 in VLAN 11 48
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 48
Client/Server enters with Higher Revision

DLS2(config)# no vlan 10
DLS2(config)# no vlan 11
DLS2(config)# no vlan 12

DLS2(config)# vtp mode client

Setting device to VTP CLIENT mode.

DLS2# show vtp status

VTP Version : 2
Configuration Revision : 13
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Client
VTP Domain Name : West
<output omitted>

⚫ Three VLANs deleted.

⚫ Change VTP mode to Client
⚫ Configuration Revision updated from 10 to 13 49
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 49
Client/Server enters with Higher Revision

DLS2# show vlan

VLAN Name Status Ports

⚫ Verify VLANs 10, 11, and 12 were deleted.

50
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 50
Client/Server enters with Higher Revision

DLS1# show vtp status

VTP Version : 2
Configuration Revision : 10
Maximum VLANs supported locally : 1005
Number of existing VLANs : 12
VTP Operating Mode : Server
VTP Domain Name : West
<output omitted>

⚫ DLS1 has a lower Configuration Revision number 10.

⚫ DLS2’s Configuration Revision number is 13. 51
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 51
DLS1(config)# inter range fa 0/11 -12
⚫ DLS2 (Switch B) is
DLS1(config-if-range)# no shutdown
brought online (no
DLS1# show vtp status shutdown on DLS1).
VTP Version : 2 ⚫ DLS2 (Client) has
Configuration Revision : 13
Maximum VLANs supported locally : 1005
higher Configuration
Number of existing VLANs : 9 Revision number 13.
VTP Operating Mode : Server ⚫ DLS1 (Switch A)
VTP Domain Name : West
with lower revision
<output omitted>
number (10) updates
DLS2# show vtp status its VLAN information
VTP Version : 2 to be in sync with
Configuration Revision : 13 DLS2 including its
Maximum VLANs supported locally : 1005
Configuration
Number of existing VLANs : 9
VTP Operating Mode : Client
Revision number to
VTP Domain Name : West 13.
<output omitted>
52
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 52
VTP Revision Number
DLS1# show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
<output omitted>
Gi0/1, Gi0/2
10 WestSales active Fa0/1
11 WestEng active Fa0/2
12 WestAdmin active
20 WestAcct active Previous VLANS
21 WestMngt active
22 WestManuf active
30 Guest active

DLS1# show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
<output omitted>
Gi0/1, Gi0/2
20 WestAcct active
21 WestMngt active Current VLANS
22 WestManuf active sync’d with DLS2
30 Guest active
53
⚫ Missing VLANs 10, 11, and 12. © 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 53
Fix it
DLS1(config)# vlan 10
DLS1(config-vlan)# name WestSales
DLS1(config-vlan)# vlan 11
DLS1(config-vlan)# name WestEng
DLS1(config-vlan)# vlan 12
DLS1(config-vlan)# name WestAdmin

DLS1# show vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
<output omitted>
Gi0/1, Gi0/2
10 WestSales active Fa0/1
11 WestEng active Fa0/2
12 WestAdmin active
20 WestAcct active
21 WestMngt active
22 WestManuf active
30 Guest active

⚫ To fix it must reconfigure VLANs on DLS1.

54
⚫ Interfaces Fa0/1 and Fa0/2 brought from inactive to active
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 54
DLS2# show vlan

VLAN Name Status Ports

DLS2(config)# no vlan 10
VTP VLAN configuration not allowed when device is in CLIENT mode.
DLS2(config)#

⚫ DLS2 gets VLANS 10, 11, 12 in VTP update from DLS1.

⚫ DLS2 is a Client and can no longer delete (or add) VLANs.
55
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 55
VTP Domain = West VTP Domain = West
VTP Mode = Server VTP Mode = Client (or Server)
Config Rev = 16 Config Rev = 16
VLANs = 1, 10, 11, 12, 20, 21, 22, 30 VLANs = 1, 10, 11, 12, 20, 21, 22, 30

DLS1# show vtp status

VTP Version : 2
Configuration Revision : 16
Maximum VLANs supported locally : 1005
Number of existing VLANs : 12
VTP Operating Mode : Server
VTP Domain Name : West

DLS2# show vtp status

VTP Version : 2
Configuration Revision : 16
Maximum VLANs supported locally : 1005
Number of existing VLANs : 12
VTP Operating Mode : Client
VTP Domain Name : West

56
⚫ Still in sync! © 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 56
How to make sure switch has Lower Config Rev: VTP Mode

VTP Domain = West VTP Domain = West

VTP Mode = Server VTP Mode = Client
Transparent
Client
Config Rev = 10 Config Rev = 16
010
VLANs = 1, 10, 11, 12, 20, 21, 22, 30 VLANs = 11, 10, 11, 12, 20, 21, 22, 30

Not all VTP Messages shown

▪ Setting a switch to Transparent mode reset the configuration to 0.

▪ Then set it back to Client or Server.
DLS2(config)# vtp mode ?
client Set the device to client mode.
server Set the device to server mode.
transparent Set the device to transparent mode.
DLS2(config)#
57
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 57
How to make sure switch has Lower Config Rev: VTP Domain

VTP Domain = West VTP Domain = West

West
East
VTP Mode = Server VTP Mode = Client
Config Rev = 16 Config Rev = 16
016
VLANs = 1, 10, 11, 12, 20, 21, 22, 30 VLANs = 11, 10, 11, 12, 20, 21, 22, 30

Not all VTP Messages shown

▪ Changing the Domain Name on a switch will reset the configuration to 0.

▪ Then set it back to the correct Domain Name.

DLS2(config)# vtp domain West

Changing VTP domain name from East to West

58
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 58
VTP Pruning

ROUTE v7 Chapter 4
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 59
VTP Pruning

▪ Prevents flooded traffic from propagating to switches that do not have members
in specific VLANs.
▪ VTP pruning uses VLAN advertisements to determine when a trunk connection
is flooding traffic needlessly.

© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 60
VTP Pruning
No access ports No access ports
on VLAN 120 on VLAN 120

X X

⚫ How would VLANs affect the ARP broadcast?

 Host C and Host D would not receive the ARP Request.
 But broadcast would be transmitted across all trunk links.
⚫ If VTP pruning is enabled, ALS1 would not send broadcasts for VLAN 120 to
DLS1 or DLS2 (dashed lines).
⚫ VTP pruning increases the available bandwidth by restricting flooded traffic to
those trunk links that traffic must use to access the appropriate61network devices.
61
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public
VTP Pruning is disabled by default

DLS1# show vtp status

VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name : Cabrillo
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xAB 0x0C 0xEB 0xDE 0x6A 0x89
0x0C 0xAD
Configuration last modified by 10.1.1.101 at 3-1-93 00:17:55
Local updater ID is 10.1.1.101 on interface Vl1 (lowest numbered
VLAN interface found)
DLS1#

62
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 62
It is easy to configure

DLS1(config)# vtp pruning

DLS1(config)# end

DLS1# show vtp status

VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name : Cabrillo
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xAB 0x0C 0xEB 0xDE 0x6A 0x89
0x0C 0xAD
Configuration last modified by 10.1.1.101 at 3-1-93 00:17:55
Local updater ID is 10.1.1.101 on interface Vl1 (lowest numbered
VLAN interface found)
DLS1#

⚫ Enable VTP pruning on all switches.

63
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 63
VTP Authentication
Switch(config)# vtp password password_string

▪ VTP domains can be secured by using the VTP password

feature.
▪ Passwords and domain name must be the same
otherwise, a switch will not become a member of the VTP
domain.
▪ Cisco switches use MD5 to encode passwords in 16-byte
words.
• Propagated inside VTP summary advertisements.
• Case-sensitive and can be 8 to 64 characters in length.
▪ VTP authentication is a recommended practice.
▪ Default: No VTP password
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 64
VTP Troubleshooting
▪ Check that switches are interconnected by active trunk
links.
▪ Check that the trunking protocol matches on opposite
ends of a trunk link.
▪ Check VTP domain name (case-sensitive) and password.
▪ Check the VTP mode of the switches.
▪ Check the VTP versions of the switches.

ROUTE v7 Chapter 4
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 66
Extended VLANs

Normal VLANS
1 - 1005

Extended VLANS
1006 – 4095
▪ VLANs are typically from VLAN 1 through VLAN 1005.
▪ The IEEE 802.1Q standard provides for support of up to 4096 VLANs.
• VLANs 0 and 4095 are reserved by the IEEE 802.1Q standard and you
cannot create, delete, or modify them (not displayed).
▪ Beginning with Cisco IOS Release 12.4(15)T, you can configure VLAN IDs in
the range from 1006 to 4094 on specified routers.
• There are some configuration restrictions, for example may only be able to
configure on VTP Transparent and Client switches,
▪ For more information:
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t15/ht_xvlan.html
67
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 67
Native VLAN

VLAN 1
Default VLAN

Native VLAN
Un-tagged (If trunking there is no
802.1Q or ISL encapsulation)
CDP, VTP, PAgP, LACP, DTP

▪ By default all traffic is carried across VLAN 1.

▪ VLAN 1 is:
• The default VLAN (all user traffic)
• Native VLAN: No trunking encapsulation even if configured as a trunk.
• VLAN for CDP, VTP, PAgP (Port Aggregation Protocol), LACP (Link
Aggregation Control Protocol), and DTP
▪ A topic that causes considerable confusion is the native VLAN. 68
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 68
Native VLAN
Common VLAN
configuration

Note: We have not yet

discussed routing
between these VLANS.
(But we will!)

▪ The IEEE committee that defined 802.1Q decided to

support a native VLAN for backwards compatibility:
• Allows 802.1Q capable ports to talk to old 802.3 ports directly by
sending and receiving untagged traffic.
• Loss of identification also means a loss of classification.

• You should avoid using VLAN 1 (or whatever your Native VLAN
is) for data traffic, so it can be classified for QoS.
• We will see examples later with IP Telephony. 69
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 69
Best Practices

▪ Native VLAN
• Can be modified to be a VLAN other than VLAN 1.
• Must be the same on both ends, both switches.
• Should not be used for user VLAN or Management VLAN.
• Control traffic (CDP, VTP, PAgP, DTP) still transmitted over VLAN 1.
• If Native VLAN is other than VLAN 1 then control traffic is sent tagged.
• It is fine to leave VLAN 1 as the Native VLAN but should only carry control traffic
and not user or management traffic.
• Note: Router uses subinterfaces for trunking and the native VLAN is configured
using the native option. (Discussed later) 70
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 70
Best Practices

Switch(config)# hostname DLS2

DLS2(config)# interface vlan 99
DLS2(config-if)# ip address 10.0.99.1 255.255.255.0

▪ Management VLAN
• The Management VLAN is the VLAN used to reach (ping, telnet) devices.

71
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 71
Best Practices

DLS2(config)# interface range fa 0/1 - 24

DLS2(config-if)# switchport mode access
DLS2(config-if)# switchport access vlan 222

▪ Garbage VLAN
• This is the VLAN you can assign to all switch ports until it is assigned to a
user or management VLAN.
• A way of isolating or managing all non-business traffic.
• You may wish to limit this VLAN as an access port and not include this
VLAN across trunk links.
72
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 72
Best Practices

DLS2(config)# interface fa 0/11

DLS2(config-if)# switchport trunk allowed vlan 1, 10-99
DLS2(config-if)# switchport trunk allowed vlan remove 20

▪ Limiting VLANs on a trunk

• You can manually configure which VLANs should be allowed on a trunk.
• If you remove VLAN 1 from a trunk port, the interface continues to send
and receive management traffic, CDP, PAgP, LACP, DTP and VTP in
VLAN 1.
• Sometimes done to reduce the risk of VLAN 1 STP loops or storms
usually due to misconfiguration. (CCIE stuff) 73
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 73
Best Practices

DLS2(config)# interface fa 0/11

DLS2(config-if)# switchport trunk encapsulation dot1q
DLS2(config-if)# switchport mode trunk
DLS2(config-if)# switchport trunk native vlan 2
DLS2(config-if)# switchport trunk allowed vlan 1, 10-99
DLS2(config-if)# switchport trunk allowed vlan remove 20

▪ Looking at a complete configuration for a trunk link

74
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 74
Private VLAN

ROUTE v7 Chapter 4
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 75
Private VLANs

Promiscuous Ports

Community Isolated VLAN

VLAN A Ports C Ports

Community
VLAN B Ports
VTP Transparent

⚫ Private VLANs (pVLAN) provide isolation between ports within the same
VLAN.
⚫ pVLANs require VTP switches to be in transparent mode.
76
⚫ pVLANs can go across trunks. © 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 76
Private VLANs
Promiscuous Ports

Same subnet but

different pVLANs

⚫ pVlans:
 Provide security
 Reduce the number of IP subnets
⚫ Service providers use pVLANs to deploy hosting services and network
access where all devices reside in the same subnet but only
communicate to a default gateway, servers or another network.

77
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 77
Private VLANs
Promiscuous Ports
Primary VLANs

Secondary VLANs

⚫ pVlans consist of two supporting VLANs:

 Primary VLAN
 High-level VLAN
 Can have many secondary VLANs
 Secondary VLANs belong to same subnet as Primary VLAN
 Secondary VLAN
 Child to a Primary
 End devices belong to a secondary VLAN
78
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 78
Private VLANs
Promiscuous Ports

Community VLANs

Isolated
VLANs
⚫ Two types of secondary VLANs
 Community VLANs
 These ports communicate with other ports in the same
community and promiscuous ports
 Isolated VLANs
 These ports can only communicate with promiscuous ports.

79
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 79
Private VLANs

Promiscuous Ports

Community Isolated VLAN

VLAN A Ports C Ports

Community
VLAN B Ports

⚫ Community VLANs ports communicate with other ports in the same community
and promiscuous ports.
 What devices can Community VLAN A PCs communicate with?
 What devices can Community VLAN B PCs communicate with?
⚫ Isolated VLANs ports can only communicate with promiscuous ports.
80
 What devices can Isolated VLAN C PCs communicate with? 80
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public
Configuring pVLANs: Creating the pVLANs

Switch(config)# vlan 100

Primary VLANs
Switch(config-vlan)# private-vlan association 200,201,300 Secondary
VLANs
Switch(config)# interface vlan 100
Switch(config-if)# private-vlan mapping add 200,201,300

⚫ Configure Primary VLAN

⚫ Configure Secondary VLANs (two community, one isolated)
⚫ Associate secondary VLANs to primary VLAN
⚫ Map secondary VLANs to Layer 3 VLAN interface of primary VLAN to
81
allow Layer 3 switching (later). © 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 81
Private VLANs
Promiscuous Ports

VLAN 100
Community Isolated VLAN
VLAN A Ports C Ports
VLAN 200 VLAN 300
VLAN 201
Community
VLAN B Ports

Switch(config)# vlan 100

Switch(config-vlan)# private-vlan primary
Switch(config)# vlan 200
Switch(config-vlan)# private-vlan community
Switch(config)# vlan 201
Switch(config-vlan)# private-vlan community
Switch(config)# vlan 300
Switch(config-vlan)# private-vlan isolated
Switch(config)# vlan 100
Switch(config-vlan)# private-vlan association 200,201,300
Switch(config)# interface vlan 100
82
Switch(config-if)# private-vlan mapping add 200,201,300
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 82
Configuring pVLANs: Port
Association
Switch(config)# interface range fa 0/1 – 5
Switch(config-if)# switchport mode private-vlan promiscuous
Switch(config-if)# switchport private-vlan mapping 100 201,202
Switch(config-if)# exit
Switch(config)# interface range fa 0/10 – 12 Primary Secondary
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 100 200
Switch(config-if)# exit
Switch(config)# interface range fa 0/15 – 18
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 100 201
Switch(config-if)# exit
Switch(config)# interface range fa 0/20 – 25
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 100 300
Switch(config-if)# exit

⚫ Configure access ports for promiscuous mode.

⚫ Configure access ports for community pVLANs.
⚫ Configure access ports for isolated pVLANs.
83
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 83
Configuring pVLANs
- Review

Switch(config)# vlan 100

VLAN 201

Switch(config)# interface range fa 0/1 – 5

Switch(config-if)# switchport mode private-vlan promiscuous
Switch(config-if)# exit
Switch(config)# interface range fa 0/10 – 12 Primary Secondary
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 100 200
Switch(config-if)# exit
Switch(config)# interface range fa 0/15 – 18
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 100 201
Switch(config-if)# exit
Switch(config)# interface range fa 0/20 – 25
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 100 300
Switch(config-if)# exit 85
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 85
Port Aggregation (EtherChannel)

CIS 187 Multilayer Switched Networks

CCNP SWITCH
Rick Graziani
Spring 2010

© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 87
Spanning Tree and EtherChannel
▪ Spanning Tree only allows a single link between switches to
prevent bridging loops.
▪ Cisco’s EtherChannel technology allows for the scaling of
link bandwidth by aggregating or bundling parallel links.
• Treated as a single, logical link.
Etherchannel Bundle
• Access or Trunk link
• Allows you to expand the link’s capacity without having to purchase
new hardware (modules, devices).

▪ EtherChannel allows for two to eight links.

• Fast Ethernet (FE) → Fast EtherChannel → Up to 1600 Mbps
• Gigabit Ethernet (GE) → Gigabit EtherChannel → Up to 16 Gbps
• 10-Gigabit Ethernet (10GE) → 10 Gigabit EtherChannel → Up to 160
Gbps

▪ This does not mean the total bandwidth of the bundle equals
the sum of the links.
89
• The load is not always distributed evenly (coming).
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 89
EtherChannel

▪ The Cisco Catalyst family of switches supports two types of

link aggregation:
• Port Aggregation Protocol (PAgP) - Cisco proprietary
• Default when port channel is created (coming)
• Link Aggregation Control Protocol (LACP) - Industry standard 802.3ad-
based protocol
▪ EtherChannel provides redundancy.
• If one link fails traffic is automatically moved to an active link.
• Transparent to end user.
• LACP (coming) also allows for standby links (coming). 90
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 90
Fast Ethernet Fast Ethernet
Full duplex Full duplex
Dot1q auto Dot1q auto
Native = VLAN 2 Native = VLAN 2
VLANs 1 thru 100 VLANs 1 thru 100

▪ The key is consistency for all links in the bundle:

• Media
• Same media type and speed
• Same duplex
• VLANs – All ports within the bundle must be configure with:
• Same VLAN (if access)
• Same trunking encapsulation and mode (if trunk)
• Mode on opposite switches do not have to be the same as long as it still
forms a trunk.
• Same Native VLAN
• Pass the same set of VLANs 91
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 91
Distribution of Traffic and Load Balancing

▪ Load is not balanced equally across links.

▪ EtherChannel uses a hashing algorithm.
• Single input is used (such as Source IP address), the hash will only
look at the bits associated with this input. (coming)
• Two inputs are used (such as Source IP address and Destination
IP address), the hash will perform an exclusive OR (XOR)
operation on both inputs. (coming!)
▪ Both of these will compute a binary number that selects a
link number in the bundle to carry the frame. (coming!!!)
92
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 92
Load Balancing

▪ Let’s take a brief look at how this works.

▪ We will focus on the 2, 4 and 8 link possibilities as this is easier to
understand and the only options that provide more ideal load balancing.
▪ A 2 link EtherChannel bundle requires a 1-bit index using an XOR.
• If the index is 0, link 0 is selected
• If the index is 1, link 1 is selected
▪ A 4 link EtherChannel bundle requires a 2-bit index using an XOR.
• 4 possible links: 00, 01, 10, 11
▪ An 8 link EtherChannel bundle requires a 3-bit index using an XOR.
• 8 possible links: 000, 001, 010, 011, 100, 101, 110, 111
93
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 93
Boolean Operations - XOR
TRUE XOR False = TRUE

▪ XOR (Exclusive OR) operation

• 0 = FALSE 1 = TRUE
• If both bits have the same value (both 0, both 1), the XOR will result in a 0
• Otherwise, if they differ (one is a 0 and the other a 1) the result will be 1.
• One and ONLY one input value can be TRUE for output to be TRUE
• Rick is going to surf the Hook XOR Liquor Stores at noon
• I cannot surf BOTH spots. If I did this would not be TRUE.
94
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 94
Boolean Operations – XOR Gate
0 Truth Table
0
0 Inputs Output
0 0 0
0
1 0 1 1
1 1 0 1
1 1 0
1
1
0
0 = FALSE
1 = TRUE
1
0 XOR operation
1 ▪ Only one input value is
TRUE for output to be TRUE

▪ Example: 2 Link EtherChannel.

• Packet sent from 172.16.1.1 to 10.10.10.16
• The chosen hash uses Source IP and Destination IP address
▪ At most there can only be 8 links in bundle, so only the last 3
rightmost bits (least-significant) of the addresses will ever
need to be indexed or examined.
• 3 bits will give us 8 choices (8 links max in a bundle)
• 172.16.1.1 => 00000001 10.10.10.46 => 00101110
▪ In our example we have 2 links in the EtherChannel (1 bit
index):
• The XOR is performed only on the rightmost bit 1 XOR 0
• 1 XOR 0 = 1
96
• Link 1 is used © 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 96
Load Balancing
0
1

▪ Example: 2 Link EtherChannel.

• Our hash used the Source IP and Destination IP address
▪ The XOR on the rightmost bit of our Source IP and
Destination IP address could result in Link 0 or Link 1
being used.
• Depends on the last bit of each address!
• 172.16.1.1 => 00000001 10.10.10.46 => 00101110
▪ If XOR of the two bits result in 0, then link 0 is used.
▪ If XOR of the two bits result in 1, then link 1 is used.
97
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 97
Load Balancing
0

▪ Example: 4 Link EtherChannel

• Packet sent from 172.16.1.1 to 10.10.10.16
• Our hash used the Source IP and Destination IP address
• 172.16.1.1 => 00000001 10.10.10.46 => 00101110
▪ If there are 4 links in the EtherChannel (2 bit index):
• The XOR is performed only on 2 rightmost bits 01 XOR 10
• Each bit is computed separately
• 01 XOR 10 = 11
1 XOR 0 = 1
0 XOR 1 = 1 98
• Link 3 (112) is used © 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 98
Load Balancing
0

▪ Example: 8 Link EtherChannel

• Packet sent from 172.16.1.1 to 10.10.10.16
• Our hash used the Source IP and Destination IP address
• 172.16.1.1 => 00000001 10.10.10.46 => 00101110
▪ If there are 8 links in the EtherChannel (3 bit index):
• The XOR is performed only on the 3 rightmost bits 001 XOR 110
• Each bit is computed separately
• 001 XOR 110 = 111
1 XOR 0 = 1
0 XOR 1 = 1
0 XOR 1 = 1
• Link 7 (1112) is used 99
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 99
For more information
▪ For information about load balancing the number of links
other than 2, 4 or 8:
• Understanding EtherChannel Load Balancing and Redundancy
on Catalyst Switches
• http://www.cisco.com/en/US/tech/tk389/tk213/technologies_tech_note
09186a0080094714.shtml

Switch(config)# port-channel load-balance method

⚫ The load balancing method is configured in global configuration

mode.

102
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 102
Load Balancing
Switch(config)# port-channel load-balance ?
dst-ip Dst IP Addr bits Hash
dst-mac Dst Mac Addr bits Operation
src-dst-ip Src XOR Dst IP Addr XOR
src-dst-mac Src XOR Dst Mac Addr XOR
default
src-ip Src IP Addr bits
src-mac Src Mac Addr bits

⚫ 6500 and 4500 switches also allow hash input to be based on:
 dst-port (destination port)
 src-dst-port (source and destination ports)
⚫ Dafaults for 29xx and 35xx (this may vary so check documentation)
 Layer 2 switching (switched port) is src-mac (coming)
 Layer 3 switching (routed port) is src-dst-ip (coming)
⚫ For non-IP traffic the switch will distribute frames based on MAC
addresses.
⚫ Multicasts and broadcasts sent over one link in the EtherChannel are not
103
sent back over other links in the EtherChannel.
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 103
Switch(config)# port-channel load-balance ?
dst-ip Dst IP Addr bits
dst-mac Dst Mac Addr bits
Load Balancing src-dst-ip Src XOR Dst IP Addr XOR
src-dst-mac Src XOR Dst Mac Addr XOR
src-ip Src IP Addr bits
src-mac Src Mac Addr bits

Switch(config)# port-channel load-balance src-dst-ip

⚫ Normally, the default Source IP and Destination IP addresses will result in a

fair statistical distribution of frames.
⚫ This is because of the random nature of multiple Source and Destination IP
addresses.
⚫ However, if a single server’s destination IP address is receiving most of
the traffic this may cause one link to be overused in a two link
EtherChannel.
 Two links in a four link EtherChannel
 Four links in an eight link EtherChannel.
⚫ Use only Source IP address or include MAC addresses to create a more
104
balanced load across the bundle. © 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 104
EtherChannel Protocols

PAgP
LACP PAgP
LACP

▪ The Cisco Catalyst family of switches supports both:

• Port Aggregation Protocol (PAgP) - Cisco proprietary
• Default when port channel is created (coming)
• Link Aggregation Control Protocol (LACP) - Industry standard
802.3ad-based protocol
▪ Not many differences.
▪ When a Cisco switch is connected to a non-Cisco switch
use LACP.
▪ Must be the same on both ends! 105
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 105
EtherChannel Protocols
Fa0/1

Fa0/4

DLS1(config)# interface range fa 0/1 - 4

DLS1(config-if-range)# channel-protocol ?
lacp Prepare interface for LACP protocol
pagp Prepare interface for PAgP protocol
DLS1(config-if-range)# channel-protocol pagp

⚫ PAgP requres identical static VLANs or trunking encapsulation with

same allowed VLANs.
⚫ If the VLAN, speed or duplex on a port in the bundle is changed
PAgP automatically reconfigures the rest of the ports in that bundle.

Fa0/4

DLS1(config)# interface range fa 0/1 - 4

DLS1(config-if-range)# channel-protocol ?
lacp Prepare interface for LACP protocol
pagp Prepare interface for PAgP protocol
DLS1(config-if-range)# channel-group number mode {active | on |
{auto [non-silent]} | {desirable [non-silent]} | passive}

⚫ Channel-group number: 1 – 64
⚫ Does not need to be the same on both switches but its
recommended that it usually is.

on on

DLS1(config)# interface range fa 0/1 - 4

DLS1(config-if-range)# channel-protocol pagp
DLS1(config-if-range)# channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected

⚫ on – Forces port to channel without PAgP negotiation.

 Both ends must be on.
 All ports channeling
⚫ You can use channel-group # mode on when the connecting device does
not support PAgP and you need to set up the channel unconditionally.
108
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 108
PAgP modes
EtherChannel
desirable
desirable
auto

DLS1(config)# interface range fa 0/1 - 4

⚫ An interface in desirable mode can form an EtherChannel with another

interface that is in desirable or auto mode.
 Desirable (Active) - Actively asks to form a channel

auto desirable

DLS1(config)# interface range fa 0/1 - 4

⚫ An interface in auto mode can form an EtherChannel with another interface

in desirable mode.
 Auto (default, passive) - Waits to be asked to form a channel.
⚫ An interface in auto mode cannot form an EtherChannel with another
interface that is also in auto mode because neither interface starts PAgP
negotiation. 110
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 110
PAgP EtherChannel
Silent FYI
DLS1(config)# interface range fa 0/1 - 4
DLS1(config-if-range)# channel-protocol pagp
DLS1(config-if-range)# channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
DLS1(config-if-range)# channel-group 1 mode auto ?
non-silent Start negotiation only after data packets received

⚫ By default PAgP uses the silent submode for desirable and auto.
⚫ If you expect a switch to be on the other end you should use non-silent.
⚫ “Use the non-silent keyword when you connect to a device that transmits bridge protocol data units
(BPDUs) or other traffic.”
⚫ “Use the silent keyword when you connect to a silent partner (which is a device that does not generate
BPDUs or other traffic).”
⚫ Either will work between switches.
⚫ For more information on when to use silent or non-silent:
111
⚫ http://www.cisco.com/en/US/tech/tk389/tk213/technologies_configuration_example09186a0080094953.s
html © 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 111
LACP modes
EtherChannel
active
active
passive

DLS1(config)# interface range fa 0/1 - 4

DLS1(config-if-range)# channel-protocol lacp
DLS1(config-if-range)# channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected

⚫ An interface in the active mode can form an EtherChannel with another

interface that is in the active or passive mode.

passive active

DLS1(config)# interface range fa 0/1 - 4

⚫ An interface in the passive mode can form an EtherChannel with another

interface that is in the active mode.
⚫ An interface in the passive mode cannot form an EtherChannel with
another interface that is also in the passive mode because neither interface
starts LACP negotiation.
113
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 113
Forming EtherChannels
EtherChannel

on on

PAgP Negotiated EtherChannel

desirable desirable

auto

LACP Negotiated EtherChannel

active active

passive

114
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 114
Configuring PAgP
DLS1(config)# port-channel load-balance dst-ip
DLS1(config)# interface range fa 0/11 - 12
DLS1(config-if-range)# switchport trunk encapsulation dot1q
DLS1(config-if-range)# switchport mode trunk
DLS1(config-if-range)# channel-protocol pagp
DLS1(config-if-range)# channel-group 1 mode desirable

DLS2(config)# port-channel load-balance src-dst-ip

DLS2(config)# interface range fa 0/11 - 12
DLS2(config-if-range)# switchport trunk encapsulation dot1q
DLS2(config-if-range)# channel-protocol pagp
DLS2(config-if-range)# channel-group 1 mode auto

⚫ Notice:
 Load balancing does not have to match but usually it does.
 DTP on DLS2 is dyanmic auto (result is trunk with DLS1)
 PAgP configured on both ends
115
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 115
Verifying We will discuss the significance of the Port-channel
interface with MLS.
DLS1#show run DLS2#show run
! !
port-channel load-balance dst-ip port-channel load-balance src-dst-ip
!
!
interface Port-channel1
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk encapsulation dot1q
!
switchport mode trunk !
! interface FastEthernet0/1
interface FastEthernet0/1 ! ...
! ... interface FastEthernet0/11
interface FastEthernet0/11 switchport trunk encapsulation dot1q
channel-group 1 mode auto
switchport trunk encapsulation dot1q
!
switchport mode trunk
!
channel-group 1 mode desirable interface FastEthernet0/12
! switchport trunk encapsulation dot1q
interface FastEthernet0/12 channel-group 1 mode auto
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode desirable
116
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 116
Verifying
DLS1# show etherchannel protocol

Group: 1
----------
Protocol: PAgP

DLS1# show etherchannel load-balance

117
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 117
DLS1# show etherchannel summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port

Number of channel-groups in use: 1

Number of aggregators: 1

Group Port-channel Protocol Ports

------+-------------+-----------+-------------------------------
1 Po1(SU) PAgP
DLS1(config)#Fa0/11(P) Fa0/12(P)
port-channel load-balance dst-ip
DLS1(config)# interface range fa 0/11 - 12
DLS1# DLS1(config-if-range)# channel-protocol pagp
DLS1(config-if-range)# channel-group 1 mode desirable

118
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 118
DLS1# show etherchannel port
DLS1(config)# port-channel load-balance dst-ip
Group: 1 DLS1(config)# interface range fa 0/11 - 12
----------
DLS1(config-if-range)# channel-protocol pagp
Port: Fa0/11 DLS1(config-if-range)# channel-group 1 mode desirable
------------

Port state = Up Mstr In-Bndl

Channel group = 1 Mode = Desirable-Sl Gcchange = 0
Port-channel = Po1 GC = 0x00010001 Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = PAgP

Flags: S - Device is sending Slow hello. C - Device is in Consistent state.

<output omitted>
Timers: H - Hello timer is running. Q - Quit timer is running.
<output omitted>

Local information:
Can help determine if the load balancing is being
distributed
Hello equally
Partner PAgPacross the links
Learning Group
Port Flags State Timers Interval Count Priority Method Ifindex
Fa0/11 SC

Partner's information:

Partner Partner Partner Partner Group

Port Name Device ID Port Age Flags Cap.
Fa0/11 DLS2 001b.8fc8.0080

Age of the port in the current state: 00d:00h:35m:29s

Port: Fa0/12
------------
...
119
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 119
Configuring LACP
DLS1(config)# port-channel load-balance dst-ip
DLS1(config)# lacp system-priority 11111
Fa0/13-14 has a
DLS1(config)# interface range fa 0/11 - 12
DLS1(config-if-range)# switchport trunk encapsulation dot1q
higher port priority
DLS1(config-if-range)# switchport mode trunk so these will
DLS1(config-if-range)# channel-protocol lacp become the
DLS1(config-if-range)# channel-group 1 mode active standby links
DLS1(config-if-range)# lacp port-priority 99 should something
happen to any of
DLS1(config)# interface range fa 0/13 - 14
DLS1(config-if-range)# switchport trunk encapsulation dot1q
the active links.
DLS1(config-if-range)# switchport mode trunk
DLS1(config-if-range)# channel-protocol lacp
Default port-priority = 32,768
DLS1(config-if-range)# channel-group 1 mode active

⚫ Port Priority - (Optional for LACP)

 LACP uses the port priority to decide which ports should be put in standby mode.
 Not typically used (more with hardware limitation).
 Ports with lower priority are active, rest are standby. (Default is 32,768)
⚫ System Priority - (Optional for LACP)
 Valid values are 1 through 65535.
 Higher numbers have lower priority. (Default is 32768, switch MAC is tiebreaker)
120
 Recommended only when some ports© 2007 are– 2016,
in Cisco
standby.
Systems, Inc. All rights reserved. Cisco Public 120
Configuring LACP: DLS1 and DLS2
DLS1(config)# port-channel load-balance dst-ip
DLS1(config)# lacp system-priority 11111

DLS1(config)# interface range fa 0/11 - 12

DLS1(config-if-range)# switchport trunk encapsulation dot1q
DLS1(config-if-range)# switchport mode trunk
DLS1(config-if-range)# channel-protocol lacp
DLS1(config-if-range)# channel-group 1 mode active
DLS1(config-if-range)# lacp port-priority 99

DLS1(config)# interface range fa 0/13 - 14

DLS2(config)# port-channel load-balance src-dst-ip

DLS2(config)# interface range fa 0/11 - 12

DLS2(config-if-range)# switchport trunk encapsulation dot1q
DLS2(config-if-range)# channel-protocol lacp
DLS2(config-if-range)# channel-group 1 mode passive

DLS1(config)# interface range fa 0/13 - 14

DLS2(config-if-range)# switchport trunk encapsulation dot1q
DLS2(config-if-range)# switchport mode trunk
DLS2(config-if-range)# channel-protocol lacp
DLS2(config-if-range)# channel-group 1 mode active 121
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 121
Verifying (only showing DLS1)
DLS1#show run interface FastEthernet0/13
! switchport trunk encapsulation dot1q
port-channel load-balance dst-ip switchport mode trunk
! channel-group 1 mode active
interface Port-channel1 !
switchport trunk encapsulation dot1q interface FastEthernet0/14
switchport mode trunk switchport trunk encapsulation dot1q
! switchport mode trunk
interface FastEthernet0/11 channel-group 1 mode active
switchport trunk encapsulation dot1q
switchport mode trunk
lacp port-priority 99
channel-group 1 mode active
!
interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport mode trunk
lacp port-priority 99
channel-group 1 mode active
!
122
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 122
Verifying
DLS1# show etherchannel protocol

Group: 1
----------
Protocol: LACP

DLS1# show etherchannel load-balance

EtherChannel Load-Balancing Operational State (dst-ip):
Non-IP: Destination MAC address
IPv4: Destination IP address
IPv6: Destination IP address
DLS1(config)# port-channel load-balance dst-ip
DLS1(config)# interface range fa 0/11 - 12
DLS1# DLS1(config-if-range)# switchport trunk encapsulation dot1q
DLS1(config-if-range)# switchport mode trunk
DLS1(config-if-range)# channel-protocol lacp
DLS1(config-if-range)# channel-group 1 mode active
DLS1(config-if-range)# lacp port-priority 99
<output imitted>

123
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 123
Verifying
DLS1# show etherchannel summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port

Number of channel-groups in use: 1

Number of aggregators: 1

Group Port-channel Protocol Ports

------+-------------+-----------+-----------------------------------------
1 Po1(SU) LACP Fa0/11(P) Fa0/12(P) Fa0/13(H)
Fa0/14(H)

▪ Trunk ports send and receive PAgP and LACP protocol

data units (PDUs) on the lowest numbered VLAN.
▪ Spanning tree sends packets over the first interface in the
EtherChannel.
▪ For more information on Configuring EtherChannel
• http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/softwa
re/release/12.1_13_ea1/configuration/guide/swethchl.html

▪ Ensure that the Layer 2 interface mode configured on

both ends of the link is valid.
▪ The trunk mode should be trunk or desirable for at least
one side of the trunk.
▪ Ensure that the trunk encapsulation type configured on
both ends of the link is valid and compatible.
▪ On IEEE 802.1Q trunks, make sure the native VLAN is
the same on both ends of the trunk.
▪ When using DTP, ensure that both ends of the link are in
the same VTP domain.

© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 126
Chapter 2 Summary
▪ A VLAN is a logical grouping of switch ports independent of physical location. Local
VLANs are now recommended over end-to-end VLAN implementations.
▪ A trunk is a Layer 2 point-to-point link between networking devices carry the traffic of
multiple VLANs.
▪ ISL and 802.1Q are the two trunking protocols that can connect two switches.
▪ VTP is used to distribute and synchronize information about VLANs configured throughout
a switched network.
▪ VTP pruning helps to stop flooding of unnecessary traffic on trunk links.
▪ Device communication within the same VLAN can be fine-tuned using pVLANs. A pVLAN
is associated to a primary VLAN, and then mapped to one or several ports. A primary
VLAN can map to one isolated and several community VLANs. pVLANs can span across
several switches using regular 802.1q trunks or pVLAN trunks.
▪ Use EtherChannel by aggregating individual, similar links between switches.
EtherChannel can be dynamically configured between switches using either the Cisco-
proprietary PAgP or the IEEE 802.3ad LACP. EtherChannel load balances traffic over all
the links in the bundle. The method that is chosen directly impacts the efficiency of this
load-balancing mechanism.

© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 127
Best Practices for VLAN Design
▪ One to three VLANs per access module and limit those VLANs to a couple of
access switches and the distribution switches.
▪ Avoid using VLAN 1 as the "blackhole" for all unused ports. Use a dedicated
VLAN separate from VLAN 1 to assign all the unused ports.
▪ Separate the voice VLANs, data VLANs, the management VLAN, the native
VLAN, blackhole VLANs, and the default VLAN (VLAN 1).
▪ Avoid VTP when using local VLANs; use manually allowed VLANs on trunks.
▪ For trunk ports, turn off Dynamic Trunking Protocol (DTP) and configure
trunking. Use IEEE 802.1Q rather than ISL because it has better support for
QoS and is a standard protocol.
▪ Manually configure access ports that are not specifically intended for a trunk
link.
▪ Prevent all data traffic from VLAN 1; only permit control protocols to run on
VLAN 1 (DTP, VTP, STP BPDUs, PAgP, LACP, CDP, etc.).
▪ Avoid using Telnet because of security risks; enable SSH support on
management VLANs.

Physics Project: Water Level Indicator
100% (1)
Physics Project: Water Level Indicator
21 pages
VOLVO EW160B-3 Elec. System, Warning System, Information System, Instruments
83% (6)
VOLVO EW160B-3 Elec. System, Warning System, Information System, Instruments
391 pages
Accounts Receivables
No ratings yet
Accounts Receivables
93 pages
Performance Task No. 1: (Note: Do Not Copy The Instructions Written Inside The Parenthesis)
No ratings yet
Performance Task No. 1: (Note: Do Not Copy The Instructions Written Inside The Parenthesis)
8 pages
Weekly Safety Patrol Checklist
No ratings yet
Weekly Safety Patrol Checklist
1 page
Exploring Decentralised Finance (DeFi) - en
No ratings yet
Exploring Decentralised Finance (DeFi) - en
22 pages
Lecture Notes 5 VLANS
No ratings yet
Lecture Notes 5 VLANS
52 pages
The Right Lubricant For Each Component
No ratings yet
The Right Lubricant For Each Component
28 pages
LAN Switching
No ratings yet
LAN Switching
61 pages
CH - 4 Discrete Fourier Transform
100% (1)
CH - 4 Discrete Fourier Transform
64 pages
Speakout Grammar Extra Intermediate Plus Unit 4
No ratings yet
Speakout Grammar Extra Intermediate Plus Unit 4
2 pages
Conexiones y Diagramas Vectoriales para Transformadores de Potencia y Distribución
No ratings yet
Conexiones y Diagramas Vectoriales para Transformadores de Potencia y Distribución
28 pages
ICND2 v3 Students Lab Manual
No ratings yet
ICND2 v3 Students Lab Manual
141 pages
Vlan Trunking Protocol: Medium-Sized Switched Network Construction
100% (1)
Vlan Trunking Protocol: Medium-Sized Switched Network Construction
17 pages
Chapter 0 Part2 VLANs-Part1
No ratings yet
Chapter 0 Part2 VLANs-Part1
106 pages
The Three Main Pillars of Siebel Architecutre
100% (2)
The Three Main Pillars of Siebel Architecutre
10 pages
Understanding & Configuring VLAN Trunk Protocol
No ratings yet
Understanding & Configuring VLAN Trunk Protocol
34 pages
Understanding and Configuring VLAN Trunk Protocol (VTP) : Document ID: 10558
No ratings yet
Understanding and Configuring VLAN Trunk Protocol (VTP) : Document ID: 10558
36 pages
ITNET02 Module 04 Scaling VLANs
No ratings yet
ITNET02 Module 04 Scaling VLANs
49 pages
Exploration LAN Switching
No ratings yet
Exploration LAN Switching
36 pages
Bridging Content: CCNA Routing & Switching 6.0 Bridging
No ratings yet
Bridging Content: CCNA Routing & Switching 6.0 Bridging
53 pages
VTP Slides
No ratings yet
VTP Slides
72 pages
Chapter 5: Vlan Trunks and Etherchannel Bundles: Instructor Materials
No ratings yet
Chapter 5: Vlan Trunks and Etherchannel Bundles: Instructor Materials
51 pages
Ccna3 Commands
No ratings yet
Ccna3 Commands
54 pages
Vlan 1
No ratings yet
Vlan 1
31 pages
14 - CCNA 200-301 #Vlan Protocols #
No ratings yet
14 - CCNA 200-301 #Vlan Protocols #
25 pages
CCNPv7.1 SWITCH Lab3-1 VLAN-TRUNK-VTP STUDENT PDF
No ratings yet
CCNPv7.1 SWITCH Lab3-1 VLAN-TRUNK-VTP STUDENT PDF
36 pages
Chapter 3 Lab 3-1 - Static VLANS, Trunking, and VTP: Topology
No ratings yet
Chapter 3 Lab 3-1 - Static VLANS, Trunking, and VTP: Topology
30 pages
VTP PDF
No ratings yet
VTP PDF
37 pages
04 - Signaling in MTP
No ratings yet
04 - Signaling in MTP
68 pages
Chapter2 - Scaling VLANS
No ratings yet
Chapter2 - Scaling VLANS
28 pages
Understanding VTP
No ratings yet
Understanding VTP
22 pages
Configuring VTP: Finding Feature Information
No ratings yet
Configuring VTP: Finding Feature Information
26 pages
Instructor Materials Chapter 2: Scaling Vlans: Ccna Routing and Switching Scaling Networks
No ratings yet
Instructor Materials Chapter 2: Scaling Vlans: Ccna Routing and Switching Scaling Networks
23 pages
DTP VTP
No ratings yet
DTP VTP
24 pages
Configuring VTP
No ratings yet
Configuring VTP
18 pages
Ccnpv7 Switch Lab3-1 Vlan-trunk-Vtp
No ratings yet
Ccnpv7 Switch Lab3-1 Vlan-trunk-Vtp
20 pages
Lab 2.9.2 Catalyst 2950T and 3550 Series VTP Domain and VLAN Trunking
No ratings yet
Lab 2.9.2 Catalyst 2950T and 3550 Series VTP Domain and VLAN Trunking
16 pages
VTP and DTP
No ratings yet
VTP and DTP
17 pages
2.3 VTP
No ratings yet
2.3 VTP
9 pages
Summary of VTP VLAN Trunking Protocol 1741004463
No ratings yet
Summary of VTP VLAN Trunking Protocol 1741004463
12 pages
TN 323: Lan Switching: Lecture 07: Implementing VTP
No ratings yet
TN 323: Lan Switching: Lecture 07: Implementing VTP
14 pages
5.2.1 Packet Tracer - Configure VTP and DTP
No ratings yet
5.2.1 Packet Tracer - Configure VTP and DTP
14 pages
5.1.2 Lab - Implement VTP - ILM
No ratings yet
5.1.2 Lab - Implement VTP - ILM
26 pages
4.2.1 Default VTP Configurations
No ratings yet
4.2.1 Default VTP Configurations
9 pages
Chapter 3 Lab 3-1-Static VLANS, Trunking, and VTP: Topology
No ratings yet
Chapter 3 Lab 3-1-Static VLANS, Trunking, and VTP: Topology
33 pages
4 VTP
No ratings yet
4 VTP
45 pages
1.0 VLAN Trunking Protocol (VTP)
No ratings yet
1.0 VLAN Trunking Protocol (VTP)
5 pages
5.2.1 Packet Tracer - Configure VTP and DTP - ITExamAnswers
No ratings yet
5.2.1 Packet Tracer - Configure VTP and DTP - ITExamAnswers
6 pages
Chapter 3 Lab 3-1 - Static VLANS, Trunking, and VTP: Topology
No ratings yet
Chapter 3 Lab 3-1 - Static VLANS, Trunking, and VTP: Topology
33 pages
VTP
No ratings yet
VTP
17 pages
VTP PDF
No ratings yet
VTP PDF
18 pages
(Virtual Trunking Protocol) : Cisco Ccna Bootcamp
No ratings yet
(Virtual Trunking Protocol) : Cisco Ccna Bootcamp
22 pages
Vlan Concepts
No ratings yet
Vlan Concepts
5 pages
5.2.1 Packet Tracer - Configure VTP and DTP
No ratings yet
5.2.1 Packet Tracer - Configure VTP and DTP
5 pages
VTP Questions: 1. What Is VTP and What Is Its Purpose?
No ratings yet
VTP Questions: 1. What Is VTP and What Is Its Purpose?
4 pages
ICND2 v3 Notes
No ratings yet
ICND2 v3 Notes
34 pages
2.1.4.4 Packet Tracer - Configure VLANs, VTP, and DTP
No ratings yet
2.1.4.4 Packet Tracer - Configure VLANs, VTP, and DTP
7 pages
WFP Scope Coda
No ratings yet
WFP Scope Coda
2 pages
5.1.2 Lab - Implement VTP - ILM
No ratings yet
5.1.2 Lab - Implement VTP - ILM
26 pages
5.2.1 Packet Tracer - Configure VTP and DTP - ILM
No ratings yet
5.2.1 Packet Tracer - Configure VTP and DTP - ILM
6 pages
Cisco VTP Notes Part 1 Cheat Sheet Network Walks
No ratings yet
Cisco VTP Notes Part 1 Cheat Sheet Network Walks
1 page
Ccnpv7.1 Switch Lab3-1 Vlan-trunk-Vtp Instructor
No ratings yet
Ccnpv7.1 Switch Lab3-1 Vlan-trunk-Vtp Instructor
33 pages
Understanding and Configuring VLAN Trunk Protocol (VTP)
100% (1)
Understanding and Configuring VLAN Trunk Protocol (VTP)
36 pages
Granulation
No ratings yet
Granulation
16 pages
5.2.1 Packet Tracer - Configure VTP and DTP
No ratings yet
5.2.1 Packet Tracer - Configure VTP and DTP
5 pages
Configure VTP Server and Client in Switch
No ratings yet
Configure VTP Server and Client in Switch
4 pages
Feemtech
No ratings yet
Feemtech
1 page
Ccnav3.3 308
No ratings yet
Ccnav3.3 308
32 pages
School of Management Presidency University Bangalore
No ratings yet
School of Management Presidency University Bangalore
4 pages
PAS 2 Inventories: Problem 1: True or False
No ratings yet
PAS 2 Inventories: Problem 1: True or False
3 pages
US V Carey - 11 - 2 - 14
No ratings yet
US V Carey - 11 - 2 - 14
11 pages
ASUS X541UV Repair Guide
No ratings yet
ASUS X541UV Repair Guide
7 pages
Auctionprofitformula
No ratings yet
Auctionprofitformula
31 pages
Ec3401 Set4
No ratings yet
Ec3401 Set4
2 pages
Informed Consent Form For Telerehabilitation Consultation: English Version
No ratings yet
Informed Consent Form For Telerehabilitation Consultation: English Version
3 pages
Uniswap v3 Liquidity Math
No ratings yet
Uniswap v3 Liquidity Math
8 pages
Inventory List With Highlighting1
No ratings yet
Inventory List With Highlighting1
1 page
Assignment No. 1 (Summer 2022) Subject: Adv. I. C. Engines Course Coordinator: Dr. J. G. Suryawanshi Last Date of Submission: 04/02/2022
No ratings yet
Assignment No. 1 (Summer 2022) Subject: Adv. I. C. Engines Course Coordinator: Dr. J. G. Suryawanshi Last Date of Submission: 04/02/2022
1 page
JD - Evalueserve - FS - Equity Strategy - BASBA
No ratings yet
JD - Evalueserve - FS - Equity Strategy - BASBA
2 pages
Howtocutrefunds
No ratings yet
Howtocutrefunds
13 pages
Last Resume
No ratings yet
Last Resume
1 page
Human Resources Business Partner 2.0
No ratings yet
Human Resources Business Partner 2.0
5 pages
Protecting Inventory
No ratings yet
Protecting Inventory
6 pages
PIMDSEN
No ratings yet
PIMDSEN
2 pages
Col CVT-LSCS SS
No ratings yet
Col CVT-LSCS SS
2 pages
Final Checklist Thesis - Ab 1.03
No ratings yet
Final Checklist Thesis - Ab 1.03
4 pages
Senior Data Engineer
No ratings yet
Senior Data Engineer
4 pages
2.2 Hi-Lo Bid Keyword Research Method
No ratings yet
2.2 Hi-Lo Bid Keyword Research Method
1 page
Network with Practical Labs Configuration: Step by Step configuration of Router and Switch configuration
From Everand
Network with Practical Labs Configuration: Step by Step configuration of Router and Switch configuration
Mulayam Singh
No ratings yet
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
From Everand
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
Ramon Nastase
4.5/5 (2)
CCNA Exam Focus: Study Guide with Practice Tests
From Everand
CCNA Exam Focus: Study Guide with Practice Tests
SUJAN
No ratings yet
CCNA Exam Excellence: Study Guide & Practice Tests
From Everand
CCNA Exam Excellence: Study Guide & Practice Tests
SUJAN
No ratings yet
WAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay Networks
From Everand
WAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay Networks
Mamta Devi
No ratings yet