Monday 22 May 2017

CISCO - VLAN TRUNKING PROTOCOL (VTP):

This Article Describes VLAN TRUNKING PROTOCOL (VTP) On Your CISCO Switches. VLAN Trunking Protocol (VTP) Is A Cisco Proprietary Protocol That Propagates The Definition Of Virtual Local Area Networks (VLAN) On The Whole Local Area Network. 

VTP Carries VLAN Information To All The Switches In A VTP Domain. VTP Advertisements Can Be Sent Over ISL, 802.1q, IEEE 802.10 And Lane Trunks. VTP Is Available On Most Of The Cisco Catalyst Family Products.


BEFORE GOTO VTP, FIRST UNDERSTAND VLANS



WHY VLANS?


• Layer 2: Devices On One VLAN Cannot Communicate With Users On Another VLAN Without The Use Of Routers And Network Layer Addresses. 

• VLAN Configuration Issues: 

• A Switch Creates A Broadcast Domain. 
• VLANS Help Manage Broadcast Domains. 
• VLANS Can Be Defined On Port Groups, Users Or Protocols. 
• LAN Switches And Network Management Software Provide A Mechanism To Create VLANS. 

• VLANS Help Control The Size Of Broadcast Domains And Localize Traffic. 

• VLANS Are Associated With Individual Networks. 

• Devices In Different VLANS Cannot Directly Communicate Without The Intervention Of A Layer 3 Routing Device. 

WHAT IS A TRUNK?


• A Trunk Is A Point-To-Point Link That Transmit And Receive Traffic Between Switches Or Switch And Routers. 

• Trunks Carry The Traffic Of Multiple VLANS And Can Extend VLANS Across An Entire Network. 

WHAT IS VLAN TRUNKING?


• Conserve Ports When Creating A Link Between Two Devices Implementing VLANS. 

• Trunking Will Bundle Multiple Virtual Links Over One Physical Link By Allowing The Traffic For Several VLANS To Travel Over A Single Cable Between The Switches. 

VLAN TRUNKING PROTOCOL :


• VLAN TRUNKING: Many VLANS Throughout An Organization By Adding Special Tags To Frames To Identify The VLAN To Which They Belong. 

• This Tagging Allows Many VLANS To Be Carried Across A Common Backbone, Or Trunk. 

• IEEE 802.1q Trunking Protocol Is The Standard, Widely Implemented Trunking Protocol. 

VLANS AND TRUNKING :



• VLAN Frame Tagging Is An Approach That Has Been Specifically Developed For Switched Communications. 

• Frame Tagging Places A Unique Identifier In The Header Of Each Frame As It Is Forwarded Throughout The Network Backbone. 

• The Identifier Is Understood And Examined By Each Switch Before Any Broadcasts Or Transmissions Are Made To Other Switches, Routers, Or End-Station Devices. 

• When The Frame Exits The Network Backbone, The Switch Removes The Identifier Before The Frame Is Transmitted To The Target End Station. 

• Frame Tagging Functions At Layer 2 And Requires Little Processing Or Administrative Overhead. 


BRIEF UNDERSTANDING OF VLAN TRUNKING PROTOCOL (VTP)



UNDERSTANDING VTP :


• Conserve Ports When Creating A Link Between Two Devices Implementing VLANS.

• Trunking Will Bundle Multiple Virtual Links Over One Physical Link By Allowing The Traffic For Several VLANs To Travel Over A Single Cable Between The Switches. 

• VTP Is Used To Distribute VLAN Configuration Information Between Switches.

• VTP Is Cisco Proprietary And Can Only Be Used On Cisco Switches.

• By Using VTP, You Can Also Prune Your VLANS, Saving Bandwidth.

VLAN Trunking Protocol (VTP) Is A Cisco Proprietary Protocol That Propagates The Definition Of Virtual Local Area Networks (VLAN) On The Whole Local Area Network. 

VTP Is A Layer 2 Messaging Protocol That Maintains VLAN Configuration Consistency By Managing The Addition, Deletion, And Renaming Of VLANS On A Network-Wide Basis. VTP Minimizes Misconfigurations And Configuration Inconsistencies That Can Cause Several Problems, Such As Duplicate VLAN Names, Incorrect VLAN-Type Specifications, And Security Violations. 

Before You Create VLANS, You Must Decide Whether To Use VTP In Your Network. Using VTP, You Can Make Configuration Changes Centrally On One Or More Switches And Have Those Changes Automatically Communicated To All The Other Switches In The Network. Without VTP, You Cannot Send Information About VLANS To Other Switches. VTP Configuration Information Is Saved In The VTP VLAN Database. 

VTP Only Learns About Normal-Range (VLAN Ids 1 To 1005). Extended-Range VLANs (VLAN Ids Greater Than 1005) Are Not Supported By VTP Or Stored In The VTP VLAN Database. 

VTP Allows A Network Manager To Configure A Switch So That It Will Propagate Vlan Configurations To Other Switches In The Network. The Switch Can Be Configured In The Role Of A VTP Server Or A VTP Client.

VTP SERVER Distributes And Synchronizes VLAN Information To VTP-Enabled Switches Throughout The Switched Network, Which Minimizes The Problems Caused By Incorrect Configurations And Configuration Inconsistencies. VTP Stores VLAN Configurations In The VLAN Database Called VLAN.DAT.

TRUNKING OPERATION :


  • Manages The Transfer Of Frames From Different VLANS On A Single Physical Line.
  • Trunking Protocols Establish Agreement For The Distribution Of Frames To The Associated Ports At Both Ends Of The Trunk.
  • TWO MECHANISMS:

    – Frame Filtering

    – Frame Tagging

    FRAME TAGGING:


  • A Frame Tagging Mechanism Assigns An Identifier, VLAN ID, To The Frames.

    – Easier Management.

    – Faster Delivery Of Frames.
  • Each Frame Sent On The Link Is Tagged To Identify Which VLAN It Belongs To.
  • Different Tagging Schemes Exist.
  • Two Common Schemes For Ethernet Frames.

    – 802.1Q: IEEE Standard.
    • Encapsulates Packet In An Additional 4-Byte Header

    – ISL – Cisco Proprietary Inter-Switch Link Protocol
    • Tagging Occurs Within The Frame Itself

    FRAME FILTERING :




    DIFFERENT VERSION OF VLAN TRUNKING PROTOCOL (VTP)



    TYPES OF VTP :


    There Are Three Version Of VTP So Far. VTP Version 2 (V2) Is Not Much Different Than VTP Version 1 (V1). The Major Difference Is That VTP V2 Introduces The Support For Token Ring VLANS. If You Are Using Token Ring VLANS, You Need To Enable VTP V2.

    Otherwise, There Is No Reason To Use VTP V2. VTP Version 3 Differs From Earlier VTP Versions In That It Does Not Directly Handle VLANS. VTP Version 3 Is A Protocol That Is Only Responsible For Distributing A List Of Opaque Databases Over An Administrative Domain When Enabled, Cisco Has Introduced New 12.2(50) SG For Cisco Catalyst 4500 Series And 4900 Series.

    UNDERSTANDING HOW VTP VERSION 1 AND VERSION 2 WORK


    VTP Is A Layer 2 Messaging Protocol That Maintains VLAN Configuration Consistency By Managing The Addition, Deletion, And Renaming Of VLANS On A Network-Wide Basis. VTP Minimizes Misconfigurations And Configuration Inconsistencies That Can Result In A Number Of Problems, Such As Duplicate VLAN Names, Incorrect VLAN-Type Specifications, And Security Violations.

    You Can Use VTP To Manage VLANS 1-1005 In Your Network. (VTP Version 1 And VTP Version 2 Do Not Support VLANS 1025-4094.) With VTP, You Can Make Configuration Changes Centrally On One Switch And Have Those Changes Automatically Communicated To All The Other Switches In The Network.

    VTP VERSION 2:


    If We Use VTP In Your Network, We Must Decide Whether To Use Version 1 Or Version 2. By Default, VTP Operates In Version 1.

    VTP Version 2 Supports These Features Not Supported In Version 1:


    •Token Ring Support : VTP Version 2 Supports Token Ring Bridge Relay Function (Trbrf) And Token Ring Concentrator Relay Function (TRCRF) VLANs.

    •Unrecognized Type-Length-Value (TLV) Support: A VTP Server Or Client Propagates Configuration Changes To Its Other Trunks, Even For Tlvs It Is Not Able To Parse. The Unrecognized TLV Is Saved In NVRAM When The Switch Is Operating In VTP Server Mode.

    •Version-Dependent Transparent Mode: In VTP Version 1, A VTP Transparent Switch Inspects VTP Messages For The Domain Name And Version And Forwards A Message Only If The Version And Domain Name Match. Because VTP Version 2 Supports Only One Domain, It Forwards VTP Messages In Transparent Mode Without Inspecting The Version And Domain Name.

    •Consistency Checks: In VTP Version 2, VLAN Consistency Checks (Such As VLAN Names And Values) Are Performed Only When You Enter New Information Through The CLI, The Cluster Management Software (CMS), Or SNMP. Consistency Checks Are Not Performed When New Information Is Obtained From A VTP Message Or When Information Is Read From NVRAM. If The MD5 Digest On A Received VTP Message Is Correct, Its Information Is Accepted.

    VLAN TRUNKING PROTOCOL (VTP VERSION 3) :


    VTP Version 3 Is The Third Version Of The VLAN Trunk Protocol And Enhances Its Initial Functions Well Beyond The Handling Of VLAN Matters.VTP Version 3 Eases And Secures The Administration And The Deployment In The Field.

    VTP Version 3 (VTPv3) Supports The Advertisement Of The Extended Range Of Vlans (4094). Configuration Changes For The Entire 4000 VLAN Range Can Be Made Centrally On One Switch And Automatically Communicated To All Other Switches In The Network. Additionally, VTPv3 Removes The Risk Of Losing Or Overwriting The Domain Configuration When Introducing A Misconfigured Or Unauthorized Server, Provides Hidden Password Support For VTP Update Validation, Multiple Spanning Tree (MST) Database Propagation, And Suspension Of VLAN Or MST Database Propagation Globally Or Per Trunk Port.

    KEY BENEFITS OF VTP VERSION 3:


    VTPv3 Was Introduced In Catos 8.1, But Only In Dec2008 Was Included In The C6500 IOS Software. Much Work Has Gone Into Improving The Usability Of VTP Version 3 In Three Major Areas :

    • The New Version Of VTP Offers Better Administrative Control Over Which Device Is Allowed To Update Other Devices' View Of The VLAN Topology. The Chance Of Unintended And Disruptive Changes Is Significantly Reduced, And Availability Is Increased. The Reduced Risk Of Unintended Changes Will Ease The Change Process And Help Speed Deployment.

    • Functionality For The VLAN Environment Has Been Significantly Expanded.

    Two Enhancements Are Most Beneficial For Today's Networks :

    – In Addition To Supporting The Earlier ISL VLAN Range From 1 To 1001, The New Version Supports The Whole IEEE 802.1Q VLAN Range Up To 4095.

    – In Addition To Supporting The Concept Of Normal VLANS, VTP Version 3 Can Transfer Information Regarding Private VLAN (PVLAN) Structures.

    • The Third Area Of Major Improvement Is Support For Databases Other Than VLAN (For Example, MST).

    VTP VERSION 3 PROVIDES THE FOLLOWING ENHANCEMENTS TO PREVIOUS VTP VERSIONS:


    • Support For Extended VLANS.

    • Support For The Creation And Advertising Of Private VLANS.

    • Improved Server Authentication.

    • Protection From The "Wrong" Database Accidentally Being Inserted Into A VTP Domain.

    • Interaction With VTP Version 1 And VTP Version 2.

    • Provides The Ability To Be Configured On A Per-Port Basis.

    • Provides The Ability To Propagate The VLAN Database And Other Databases.


    HOW VTP WORKS



    HOW VTP WORKS :


    Whenever A Change Occurs In The VLAN Database, The VTP Server Increments Its Configuration Revision Number And Then Advertises The New Revision Throughout The VTP Domain. A VTP Domain Is One Or More Interconnected Switches That Share The Same VTP Environment. When A Switch Receives The VTP Advertisement, It Overwrites Its Configuration With The New Information If The New Revision Number Is Higher Than The One It Already Has. If The Revision Number Is The Same, The Switch Ignores The Advertisement. If The Revision Number Is Lower, The Switch Replies With The More Up-To-Date Revision Number. VTP Cannot Cross A Layer 3 Boundary.

    To Make Switches Exchange Their VLAN Information With Each Other, They Need To Be Configured In The Same VTP Domain. Only Switches Belonging To The Same Domain Share Their VLAN Information. When A Change Is Made To The VLAN Database, It Is Propagated To All Switches Via VTP Advertisements.

    To Maintain Domain Consistency, Only One Switch Should Be Allowed To Create (Or Delete, Modify) New VLAN. This Switch Is Like The “Master” Of The Whole VTP Domain And It Is Operated In Server Mode. This Is Also The Default Mode.

    Other Switches Are Only Allowed To Receive And Forward Updates From The “Server” Switch. They Are Operated In Client Mode.

    In Some Cases, The Network Manager Doesn’t Want A Switch To Learn VTP Information From Other Switches. He Can Set It To Transparent Mode. In This Mode, A Switch Maintains Its Own VLAN Database And Never Learn VTP Information From Other Switches (Even The Server). However, It Still Forwards VTP Advertisements From The Server To Other Switches (But Doesn’t Read That Update). A Transparent Switch Can Add, Delete And Modify VLAN Database Locally.

    DESCRIPTION OF VTP MODES :


    VTP Is A Client/Server Protocol That Allows A VTP Server Read-Write Access To The VLAN Database And Allows A VTP Client Read-Only Access To The VLAN Database. A Cisco Catalyst Switch Possesses The Capability To Act As A VTP Server Or Client. The Role That Each Switch Plays In The VTP Network Is Referred To As The VTP Mode.

    The Server Mode Is The Default Mode On Cisco Catalyst Switches, Ensuring That Out Of The Box You Can Create VLANS (After Setting A VTP Domain Name).

    The VTP Client/Server Architecture Means You Can Configure A Centralized VTP Server Switch From Which You Make Any VLAN Adds/Moves Or Changes And All Modifications To The VLAN Database Are Propagated To Each VTP Client Switch.

    VTP SWITCHES CAN BE IN THREE DIFFERENT MODES ARE :


    SERVER : The Default Where All VLAN Adds, Changes, And Removals Are Allowed.

    It Is Always Good Practice To Enable At Least Two VTP Servers In Your Network For Redundancy Purposes. A VTP Server Should Be At Or Near The Center Of Your LAN And Should Be The Highest-Performance Switch Available.
  • In VTP Server Mode, You Can Create, Modify, And Delete VLANS And Specify Other Configuration Parameters (Such As The VTP Version) For The Entire VTP Domain. VTP Servers Advertise Their VLAN Configurations To Other Switches In The Same VTP Domain And Synchronize Their VLAN Configurations With Other Switches Based On Advertisements Received Over Trunk Links.
  • In VTP Server Mode, VLAN Configurations Are Saved In Nonvolatile RAM (NVRAM). VTP Server Is The Default Mode.

    TRANSPARENT : VTP Also Has Another Mode Called Transparent, In Which The Switch Ignores Any VTP Messages But Propagates The Messages To Ensure Any VTP Servers/Clients Connected To The Switch Receive VTP Information.

    Where Local VLAN Information Can Be Changed But That Information Is Not Sent Out To Other Switches. Transparent Switches Also Do Not Apply Vtp Advertisements From Other Switches But They Do Forward Those Advertisements On.

    A switch operating in VTP transparent mode and running VTP version 1 will not propagate any VTP messages that do not have the same VTP domain name as the locally configured VTP domain name. In VTP version 2, a VTP transparent switch propagates VTP messages, regardless of the VTP domain listed in each.
  • VTP Transparent Switches Do Not Participate In VTP. A VTP Transparent Switch Does Not Advertise Its VLAN Configuration And Does Not Synchronize Its VLAN Configuration Based On Received Advertisements. However, In VTP Version 2, Transparent Switches Do Forward VTP Advertisements That They Receive From Other Switches From Their Trunk Interfaces. You Can Create, Modify, And Delete VLANS On A Switch In VTP Transparent Mode. The Switch Must Be In VTP Transparent Mode When You Create Extended-Range VLANS.
  • When The Switch Is In VTP Transparent Mode, The VTP And VLAN Configurations Are Saved In NVRAM, But They Are Not Advertised To Other Switches. In This Mode, VTP Mode And Domain Name Are Saved In The Switch Running Configuration And You Can Save This Information In The Switch Startup Configuration File By Entering The Copy Running-Config Startup-Config Privileged EXEC Command.

    CLIENT : Where No Changes Can Be Made, Only New Revisions Can Be Received From The VTP Server Switches.
  • A VTP Client Behaves Like A VTP Server, But You Cannot Create, Change, Or Delete VLANS On A VTP Client.
  • In VTP Client Mode, VLAN Configurations Are Not Saved In NVRAM.

    NOTE : Before Adding A VTP Client Switch To A VTP Domain, Always Verify That Its VTP Configuration Revision Number Is Lower Than The Configuration Revision Number Of The Other Switches In The VTP Domain. Switches In A VTP Domain Always Use The VLAN Configuration Of The Switch With The Highest VTP Configuration Revision Number. If You Add A Switch That Has A Revision Number Higher Than The Revision Number In The VTP Domain, It Can Erase All VLAN Information From The VTP Server And VTP Domain.

    When You Make A Change To The VLAN Configuration On A VTP Server, The Change Is Propagated To All Switches In The VTP Domain. VTP Advertisements Are Sent Over All IEEE Trunk Connections, Including Inter-Switch Link (ISL) And IEEE 802.1Q. VTP Maps VLANS Dynamically Across Multiple LAN Types With Unique Names And Internal Index Associates. Mapping Eliminates Excessive Device Administration Required From Network Administrators.

    If You Configure A Switch For VTP Transparent Mode, You Can Create And Modify VLANS, But The Changes Are Not Sent To Other Switches In The Domain, And They Affect Only The Individual Switch. However, Configuration Changes Made When The Switch Is In This Mode Are Saved In The Switch Running Configuration And Can Be Saved To The Switch Startup Configuration File.

    VTP PARAMETERS:


    •VTP Domain.

    • VTP Advertisements.

    • VTP Pruning.

    THE VTP DOMAIN:


    A VTP Domain (Also Called A VLAN Management Domain) Consists Of One Switch Or Several Interconnected Switches Under The Same Administrative Responsibility Sharing The Same VTP Domain Name. A Switch Can Be In Only One VTP Domain.

    The VTP Domain Is Communicated In All VTP Messages, Which Means That All Devices Within The Same VTP Domain Must Be Configured With An Identical VTP Domain Name. If A VTP Message Is Received That Includes A Different VTP Domain Name From The Local Domain Name, The VTP Message Is Ignored. A Cisco Catalyst Switch Can Belong Only To A Single VTP Domain.

    VTP ADVERTISEMENTS :


    VTP Advertisements Are The Messages That Are Sent Between VTP Devices Within A VTP Domain. VTP Advertisements Are Used To Propagate VLAN Database Information. Each Advertisement Contains The Following Fields.

    Each Switch In The VTP Domain Sends Periodic Global Configuration Advertisements From Each Trunk Port To A Reserved Multicast Address. Neighboring Switches Receive These Advertisements And Update Their VTP And VLAN Configurations As Necessary.

    NOTE : Because Trunk Ports Send And Receive VTP Advertisements, You Must Ensure That At Least One Trunk Port Is Configured On The Switch And That This Trunk Port Is Connected To The Trunk Port Of A Second Switch. Otherwise, The Switch Cannot Receive Any VTP Advertisements.


    VTP PRUNING



    VTP PRUNING :


    VTP Pruning Is The Process Of Not Sending IP Broadcast Traffic For Certain VLANS To Switches That Do Not Have Any Ports In That VLAN.VTP Pruning Is A Feature Used To Eliminate (Or Prune) This Unnecessary Traffic.

    VTP Pruning Enhances Network Bandwidth Use By Reducing Unnecessary Flooded Traffic, Such As Broadcast, Multicast, Unknown, And Flooded Unicast Packets. VTP Pruning Increases Available Bandwidth By Restricting Flooded Traffic To Those Trunk Links That The Traffic Must Use To Access The Appropriate Network Devices. By Default, VTP Pruning Is Disabled.

    VTP PRUNING Function Use By Reducing Unnecessary Flooded Traffic, Such As Broadcast, Multicast, Unknown, And Flooded Unicast Packets. VTP Pruning Save And Increases Available Bandwidth By Restricting Flooded Traffic To Those Trunk Links That The Traffic Must Use To Access The Appropriate Network Devices. By Default, VTP Pruning Is Disabled. VTP Pruning Does Not Prune Traffic From Vlans That Are Pruning-Ineligible.

    Make Sure That All Devices In The Management Domain Support VTP Pruning Before Enabling It. VTP Pruning Is Supported In Supervisor Engine Software Release 5.1(1) And Later Releases.

    WHAT VTP PRUNING DOES?


    o VLAN 1(Default) Is Always Pruning-Ineligible, Meaning Traffic From VLAN 1 Cannot Be Pruned In Any Situation.

    o Pruning Eligibility Is Based Only On The Vlans That Need The Given Broadcast Information Across The Trunks. It Is Not Related With The Number Of Ports Assigned To That VLAN.

    o VTP Pruning Does Not Change, Add, Or Delete The Vlans In A VTP Domain, It Simply Reduces The Broadcast And Multicast Traffic.

    NOTE : If You Use Routers To Route Between Emulated LANS, You Should Disable VTP Pruning In The VTP Management Domain That Contains The Switches With ATM LANE Modules Installed (VTP Pruning Messages Are Sent Over The ATM LANE Module Because It Is A Trunk).

    VTP Pruning Is Disabled By Default On All Cisco Catalyst Switches And Can Be Enabled By Issuing The "Set Vtp Pruning Enable" Command.

    If This Command Is Issued On The VTP Server(S) Of Your Network, Then Pruning Is Enabled For The Entire Management Domai.

    Enabling VTP Pruning On A VTP Version 3 Switch Enables Pruning Only On The Switch That You Enable It On. VTP Pruning Is Not Propagated As It Is With VTP Version 1 And VTP Version 2.

    To Enabling VTP Pruning On A VTP Server Enables Pruning For The Entire Management Domain. VTP Pruning Takes Effect Several Seconds After You Enable It. By Default, Vlans 2-1000 Are Pruning Eligible. VTP Pruning Does Not Prune Traffic From Vlans That Are Pruning Ineligible. VLAN 1 Is Always Pruning Ineligible; Traffic From VLAN 1 Cannot Be Pruned.

    To Make A VLAN Pruning Ineligible, Enter The Clear VTP Pruneeligible Command. To Make A VLAN Pruning Eligible Again, Enter The Set VTP Pruneeligible Command. You Can Set VLAN Pruning Eligibility Regardless Of Whether VTP Pruning Is Enabled Or Disabled For The Domain. Pruning Eligibility Always Applies To The Local Device Only, Not For The Entire VTP Domain.

    VTP AUTHENTICATION :


    VTP Domains Can Be Secured By Using The VTP Password Feature. It Is Important To Make Sure That All The Switches In The VTP Domain Have The Same Password And Domain Name; Otherwise, A Switch Will Not Become A Member Of The VTP Domain.

    Cisco Switches Use MD5 To Encode Pass Words In 16-Byte Words. These Passwords Propagate Inside VTP Summary Advertisements. In VTP, Passwords are Case-Sensitive And Can Be 8 To 64 Characters In Length. The Use Of VTP Authentication Is A Recommended Practice.

    By Default, A Catalyst Switch Does Not Have A VTP Password. The Switch Does Not Automatically Set The Password Parameter, Unlike Other Parameters That Are Set Automatically When A VTP Advertisement Is Received.

    PHYSICAL AND LOGICAL INTERFACES :


    • The Primary Advantage Of Using A Trunk Link Is A Reduction In The Number Of Router And Switch Ports Used.

    • Not Only Can This Save Money, It Can Also Reduce Configuration Complexity.

    • Consequently, The Trunk-Connected Router Approach Can Scale To A Much Larger Number Of VLANS Than A One-Link-Per-VLAN Design.


    VTP CONFIGURATION GUIDELINES



    VTP CONFIGURATION GUIDELINES :


    o All Switches Have The Same The VTP Domain Name, Unless The Network Design Insists For Different VTP Domains.

    Note: Trunk Negotiation Does Not Work Across VTP Domains. Refer To The Data Traffic Blocked Between VTP Domains Section Of Troubleshooting VLAN Trunk Protocol (VTP) For More Information.

    o All Switches In A VTP Domain Must Run The Same VTP Version.

    o All Switches In A VTP Domain Has The Same VTP Password, If There Is Any.

    o All VTP Server Switch(Es) Should Have The Same Configuration Revision Number And It Should Also Be The Highest In The Domain.

    o When You Move A VTP Mode Of A Switch From Transparent To Server, VLANs Configured On The VTP Transparent Switch Should Exist On The Server Switch.

    IN GLOBAL CONFIGURATION MODE:


    In Cisco Ios Software Global Configuration Mode, You Can Configure All VTP Parameters With Cisco IOS Software Commands. This Is The Command Format:

    Router(Config)#Vtp ?

    Domain - > Set The Name Of The Vtp Administrative Domain.
    File - > Configure Ifs Filesystem File Where Vtp Configuration Is Stored.
    Interface - > Configure Interface As The Preferred Source For The Vtp Ip Updater Address.

    Mode - > Configure Vtp Device Mode
    Password - > Set The Password For The Vtp Administrative Domain
    Pruning - > Set The Administrative Domain To Permit Pruning
    Version - > Set The Administrative Domain To Vtp Version

    ISSUE THESE COMMANDS IN ORDER TO MONITOR VTP OPERATION AND STATUS :


    Router#Show Vtp Status

    Router#Show Vtp Counters

    Catalyst 4500/4000, 5500/5000, Or 6500/6000 Series Catos

    COMPLETE THESE STEPS:


    1. Issue This Command In Order To Set The Domain Name:
    2. Set Vtp Domain Name

    3.

    Note: When You Configure A New Switch, The Vtp Domain Name Should Be Configured Before You Create Any Non-Default Vlans.

    4. Issue This Command In Order To Set The Mode:
    5. Set Vtp Mode [Server | Client | Transparent]
    6. Issue These Commands In Order To Monitor The Vtp Operation And Status:
    7. Show Vtp Domain
    8. Show Vtp Statistics

    Catalyst 2900xl, 3500xl, 2950, And 3550

    COMPLETE THESE STEPS:


    1. Issue These Commands From The Vlan Database Mode:

    Note: This Is Similar To The Method For Cisco 6500 Series Switches That Run Cisco Ios Software.

    Vtp [Client | Server | Transparent]

    1. Vtp Domain Name

    2.
    3.
    4. From Enable Mode, Issue These Commands In Order To Monitor Vtp Operation:

    5. Show Vtp Counters
    6. Show Vtp Status

    Note: The Catalyst 2900xl Series Switches With Cisco Ios Software Release 11.2(8)Sa4 And Later Support Vtp Protocol. The Cisco Ios Software Release 11.2(8)Sa3 And Earlier Code Do Not Support Vtp Protocol On Catalyst 2900xl Series Switches. Catalyst Express 500 Series Switches

    Catalyst Express 500 Series Switches Support Only Vtp Transparent Mode. There Is Currently No Support For Vtp Client Or Vtp Server Mode. The User Must Manually Configure All Vlans That Are Used On The Switch.


    VTP CONFIGURATION EXAMPLE – 1



    CONFIGURING VTP :


    Step 1:

    Enter Global Configuration Mode:

    Switch#Configure Terminal

    Step 2:

    Configure The VTP Mode As Server:

    Switch(Config)#Vtp Mode Server

    Step 3:

    Configure The Domain Name:

    Switch(Config)#Vtp Domain Domain_Name

    Step 4:

    (Optional.) Enable VTP Version 2:

    Switch(Config)#Vtp Version 2

    Step 5:

    (Optional.) Specify A VTP Password:

    Switch(Config)#Vtp Password PASsw Ord_STring

    Step 6:

    (Optional.) Enable VTP Pruning In The Management Domain:

    Switch(Config)#Vtp Pruning

    VTP CONFIGURATION EXAMPLE :



    This Example Creates A VTP Server With Domain Name Modular Form, Password Prem , And Pruning Enabled.

    Switch#Configure Terminal
    Switch(Config)#Vtp Mode Server

    Setting Device To VTP SERVER Mode.
    Switch(Config)#Vtp Domain Modular_Form
    Switch(Config)#Vtp Password Prem
    Switch(Config)#Vtp Pruning
    Switch(Config)#
    End

    VERIFYING :


    The Most Useful Command For Verifying VTP Configuration Is The SHOW VTP STATUS Command. The Output Displayed includes The VTP Version, The VTP Configuration Revision Number, The Number Of VLANS Supported Locally, The VTP Operating Mode, The VTP Domain Name, And The VTP Pruning Mode.

    Switch#show vtp status

    VERIFYING :


    Use The SHOW VTP COUNTERS Command To Displaystatistics About VTP Operation. If There Are Any Problemsregarding The VTP Operation, This Command Helps Look For VTP Message Type Updates.

    Switch#show vtp counters


    VTP CONFIGURATION EXAMPLE – 2



    CONFIGURATION TO CONFIGURE AN IOS BASED SWITCH TO BE A VTP SERVER, ISSUE THE FOLLOWING COMMANDS: 

    Switcha# Vlan Database
    Switcha(Vlan)# Vtp Domain Ciscokits
    Switcha(Vlan)# Vtp Server
    Switcha(Vlan)# Exit

    These Commands Configure The Switch To Be A VTP Server In The VTP Domain Ciscokits. The Changes Are Saved And The Revision Number Is Incremented When The Exit Command Is Issued.

    To Configure A VTP Client, Run The Following Commands: 

    Switchb# Vlan Database
    Switchb(Vlan)# Vtp Domain Ciscokits
    Switchb(Vlan)# Vtp Client
    Switchb(Vlan)# Exit

    SET THE VTP MODE TO TRANSPARENT: 

    Switchc# Vlan Database
    Switchc(Vlan)# Vtp Transparent
    Switchc(Vlan)# Exit

    TO MONITOR THE VTP OPERATION AND STATUS, USE EITHER: 

    Switcha# Show Vtp Status

    Or

    Switcha# Show Vtp Counters.



    VTP CONFIGURATION EXAMPLE – 3




    THE CONFIGURATION AS FLLOWS :


    SETUP VTP SERVER ON SWITCH A



    1. SETUP VTP SERVER ON SWITCH A

    SWITCHA#Vlan Database - > (Enter Vlan Configuration Mode)
    SWITCHA(Vlan)#Vtp Server - > (Sets The VTP Mode)
    SWITCHA(Vlan)#Vtp Password MYPASSWORD - > (Optional, Assign A Password To The VTP Domain)
    SWITCHA(Vlan)#Vtp Domian CORP - > (Assigns A Name To The VTP Domain)
    SWITCHA(Vlan)#Exit - > (Exit Vlan Configuration Mode)

    2. CREATE VLANS ON SWITCH A (THE VTP SERVER)

    SWITCHA#Configure Teminal - > (Enter Into Configuration Mode)
    SWITCHA(Config)#Vlan 2 - > (Defines The Vlan, In This Case Vlan 2)
    SWITCHA(Config)#Vlan 2 Name Accounting - > (Assigns A Name To The Vlan For Description)
    SWITCHA(Config)#Exit - > (Exit Configuration Mode)

    SETUP VTP CLIENT ON SWITCH B



    3. SETUP VTP CLIENT ROLE ON SWITCH B

    SWITCHB#Vlan Database - > (Enter Vlan Configuration Mode)
    SWITCHB(Vlan)#Vtp Client - > (Sets The VTP Mode)
    SWITCHB(Vlan)#Vtp Domain CORP - > (Defines The VTP Domain Name)
    SWITCHB(Vlan)#Vtp Password MYPASSWORD - > (The Password For The VTP Domain)
    SWITCHB(Vlan)#Exit - > (Exits VTP Configuration Mode)

    TRUNKING BETWEEN SWITCH A AND SWITCH B



    4. SETUP TRUNKING BETWEEN SWITCH A AND SWITCH B

    SWITCHA(Config)#Configure Terminal - > (Enter The Configuration Mode)
    SWITCHA(Config)#Interface Fastethernet 0/1 - > (Select Ethernet Port 1)
    SWITCHA(Config-If)#Switchport Mode Trunk - > (Set Port 1 As A Trunk Port)
    SWITCHA(Config-If)#Switchport Trunk Encapsulation Dot1q - > (Set The Trunk Type)
    SWITCHA(Config-If)#End - > (Exit Configuration Mode)

    SWITCHB(Config)#Interface Fastethernet 0/1 - > (Select Ethernet Port 1)
    SWITCHB(Config-If)#Switchport Mode Trunk - > (Set Port 1 As A Trunk Port)
    SWITCHA(Config-If)#Switchport Trunk Encapsulation Dot1q - > (Set The Trunk Type)
    SWITCHB(Config-If)#End - > (Exit Configuration Mode)

    ASSIGN VLANS TO PARTICULAR INTERFACES



    5. ASSIGN VLANS TO PARTICULAR INTERFACES

    SWITCHA(Config)#Configure Terminal - > (Enter Configuration Mode)
    SWITCHA(Config)#Interface Fastethernet 0/2 - > (Select The Interface)
    SWITCHA(Config-If)# Switchport Access Vlan2 - > (Assign The VLAN To The Interface)
    SWITCHA(Config-If)#Exit - > (Exit Interface Configuration)

    PLEASE NOTE THIS VTP TABLE :

    FUNCTIONSERVER MODECLIENT MODETRANSPARENT MODE
    ORIGINATES VTP ADVERTISEMENTSYesNoNo
    PROCESSES RECEIVED ADVERTISEMENTS AND SYNCHRONIZES VLAN CONFIGURATION INFORMATION WITH OTHER SWITCHESYesYesNo
    FORWARDS VTP ADVERTISEMENTS RECEIVED IN A TRUNKYesYesYes
    SAVES VLAN CONFIGURATION IN NVRAMYesNoYes
    CAN CREATE, MODIFY, OR DELETE VLANS USING CONFIGURATION COMMANDSYesNoYes



    SUMMARY



    VTP MODES: You Can Configure A Switch To Operate In Any One Of These VTP Modes: A Switch Can Be Configured In One Of Three Modes: Server, Client, Or Transparent.

    SERVER : In VTP Server Mode, You Can Create, Modify, And Delete VLANS And Specify Other Configuration Parameters, Such As VTP Version And VTP Pruning, For The Entire VTP Domain. VTP Servers Advertise The VTP Domain VLAN Information To Other VTP-Enabled Switches In The Same VTP Domain. VTP Servers Store The VLAN Information For The Entire Domain In NVRAM.

    VTP Servers Advertise Their VLAN Configuration To Other Switches In The Same VTP Domain And Synchronize Their VLAN Configuration With Other Switches Based On Advertisements Received Over Trunk Links. VTP Server Is The Default Mode.
  • The Server Is Where VLAN Can Created, Deleted, Or Renamed For The Domain.

    CLIENT : VTP Clients Behave The Same Way As VTP Servers, But You Cannot Create, Change, Or Delete VLANS On A VTP Client.

    VTP Clients Function The Same Way As VTP Servers, But You Cannot Create, Change, Or Delete VLANS On A VTP Client. A VTP Client Only Stores The VLAN Information For The Entire Domain While The Switch Is On. A Switch Reset Deletes The VLAN Information. You Must Configure VTP Client Mode On A Switch.

    TRANSPARENT : VTP Transparent Switches Do Not Participate In VTP. A VTP Transparent Switch Does Not Advertise Its VLAN Configuration And Does Not Synchronize Its VLAN Configuration Based On Received Advertisements, But Transparent Switches Do Forward VTP Advertisements That They Receive Out Their Trunk Ports In VTP Version 2.

    Transparent Switches Forward VTP Advertisements To VTP Clients And VTP Servers. Transparent Switches Do Not Participate In VTP. VLANS That Are Created, Renamed, Or Deleted On Transparent Switches Are Local To That Switch Only.
  • Off (Configurable Only In CATOs Switches)—In The Three Described Modes, VTP Advertisements Are Received And Transmitted As Soon As The Switch Enters The Management Domain State. In The VTP OFF Mode, Switches Behave The Same As In VTP Transparent Mode With The Exception That VTP Advertisements Are Not Forwarded.

    VTP COMPONENTS : There Are Number Of Key Components That You Need To Be Familiar With When Learning About VTP. Here Is A Brief Description Of The Components, Which Will Be Further Explained As You Go Through The Chapter.

    VTP Domain- Consists Of One Or More Interconnected Switches. All Switches In A Domain Share VLAN Configuration Details Using VTP Advertisements. A Router Or Layer 3 Switch Defines The Boundary Of Each Domain.

    VTP Advertisements- VTP Uses A Hierarchy Of Advertisements To Distribute And Synchronize VLAN Configurations Across The Network.

    VTP Pruning-VTP Pruning Increases Network Available Bandwidth By Restricting Flooded Traffic To Those Trunk Links That The Traffic Must Use To Reach The Destination Devices. Without VTP Pruning, A Switch Floods Broadcast, Multicast, And Unknown Unicast Traffic Across All Trunk Links Within A VTP Domain Even Though Receiving Switches Might Discard Them.

    INTER-VLAN ROUTING :

    • If A VLAN Spans Across Multiple Devices A Trunk Is Used To Interconnect The Devices.

    • A Trunk Carries Traffic For Multiple VLANS.

    • For Example, A Trunk Can Connect A Switch To Another Switch, A Switch To The Inter-VLAN Router, Or A Switch To A Server With A Special Nic Installed That Supports Trunking.

    • Remember That When A Host On One VLAN Wants To Communicate With A Host On Another, A Router Must Be Involved.

    INTER-VLAN ISSUES AND SOLUTIONS :


    • Hosts On Different VLANS Must Communicate .

    • Logical Connectivity: A Single Connection, Or Trunk, From The Switch To The Router.

    – That Trunk Can Support Multiple VLANS

    – This Topology Is Called A Router On A Stick Because There Is A Single Connection To The Router.



    CONCLUSION:


    The Goal Of This Article Is To Give An Easy Way To Understand The “CISCO - VLAN TRUNKING PROTOCOL (VTP)". Hope This Article Will Help Every Beginners Who Are Going To Start Cisco Lab Practice Without Any Doubts.

    Some Topics That You Might Want To Pursue On Your Own That We Did Not Cover In This Article Are Listed Here, Thank You And Best Of Luck.

    This Article Written Author By: Premakumar Thevathasan. CCNA, CCNP, CCIP, MCSE, MCSA, MCSA - MSG, CIW Security Analyst, CompTIA Certified A+. 
  • No comments:

    PAN-OS Supported ciphers

    Following is a list of supported ciphers for PAN-OS 7.1 and later: SSLv3 Ciphers Supported (No change from PAN-OS 7.0) Non-FIPS mod...