VLAN Block Configuration
By default, all about-face ports are non-trunking and accomplish as admission links until some intervention
changes the mode. The sections that chase authenticate the commands all-important to configure
VLAN trunks on both an IOS-based and CLI-based switch.
112 Chapter 4: VLANs and Trunking
VLAN Block Agreement on an IOS-Based Switch
Use the afterward commands to actualize a VLAN block articulation on an IOS-based switch:
Switch(config)# interface interface mod/port
Switch(config-if)# switchport approach trunk
Switch(config-if)# switchport block encapsulation {isl | dot1q}
Switch(config-if)# switchport block accustomed vlan abolish vlan-list
Switch(config-if)# switchport block accustomed vlan add vlan-list
Individually, these commands abode the about-face anchorage into trunking mode, application the encapsulation
specified as either isl or dot1q. The aftermost two commands ascertain which VLANs can be trunked
over the link. A account of VLANs is aboriginal removed from the block because all VLANs (1–1005) are
trunked by default. Then, a account of VLANs can be added aback into the trunk.
To appearance the trunking cachet on a about-face port, use the appearance interface int mod/port switchport
command.
VLAN Block Agreement on a CLI-Based Switch
To actualize a VLAN block link, use the set block CLI-based command. This command sets the
trunking approach and any approach negotiation. The set block command additionally identifies the VLANs
that will be transported over the block link. Block agreement uses the afterward command
syntax:
Switch(enable) set block module/port [on | off | adorable | auto | nonegotiate]
vlan-range [isl | dot1q | dot10 | lane | negotiate]
Here, the block articulation is articular by its concrete area as the about-face bore cardinal and port
number. The trunking approach can be set to any of the following:
• on—This ambience places the anchorage in abiding trunking mode. The agnate switch
port at the added end of the block should be analogously configured because agreement is not
allowed. The encapsulation or identification approach should additionally be manually configured.
• off—This ambience places the anchorage in abiding non-trunking mode. The anchorage will attempt
to catechumen the articulation to non-trunking mode.
• desirable—Selecting this anchorage will actively attack to catechumen the articulation into trunking
mode. If the far end about-face anchorage is configured to on, desirable, or auto mode, trunking
will be auspiciously negotiated.
• auto—The anchorage will be accommodating to catechumen the articulation into trunking mode. If the far end switch
port is configured to on or desirable, trunking will be negotiated. By default, all Fast
Ethernet and Gigabit Ethernet links that are able of negotiating application DTP are
configured to this mode. Because of the acquiescent agreement behavior, the articulation will never
become a trunk, if both ends of the articulation are larboard to the auto default.
• nonegotiate—The anchorage is placed in abiding trunking mode, but no DTP frames are
generated for negotiation. The far end about-face anchorage charge be manually configured for
trunking mode.
VLAN Block Agreement 113
NOTE Note that in all modes except nonegotiate, DTP frames are beatific out every 30 abnormal to keep
neighboring about-face ports abreast of the link’s mode. On analytical block links in a network,
manually configuring the trunking approach on both ends is best so that the articulation can never be
negotiated to any added state.
By default, a about-face will carriage all VLANs (1–1000) over a block link, alike if a VLAN range
is defined in the set block command. There ability be times aback the block articulation should not
carry all VLANs. For example, broadcasts are forwarded to every about-face anchorage on a VLAN—
including the block articulation because it, too, is a affiliate of the VLAN. If the VLAN doesn’t extend
past the far end of the block link, breeding broadcasts beyond the block makes no sense.
Therefore, to abolish VLANs from a block link, use the afterward command:
Switch(enable) bright block module/port vlan-range
Then, if VLANs charge to be added aback to the trunk, they can be defined as the vlan-range in
the set block command.
Lastly, the block encapsulation or identification approach is defined at the end of the set trunk
command. These ethics are
• isl—VLANs are tagged by encapsulating anniversary anatomy application the Cisco ISL protocol. This
protocol is the default, if no amount is specified.
• dot1q—VLANs are tagged in anniversary anatomy application the IEEE 802.1Q accepted protocol.
• dot10—VLANs are tagged on an FDDI about-face anchorage application the IEEE 802.10 protocol.
• lane—VLANs are articular on an ATM articulation application LAN Emulation.
• negotiate—On Fast and Gigabit Ethernet ports, the approach will be adjourned to select
either ISL or IEEE 802.1Q. ISL is preferred, unless one end of the articulation is configured for
dot1q.
To appearance and verify the block agreement on a switch, use the appearance block [module/port]
command. Archetype 4-1 shows a sample achievement of block information.
Example 4-1 appearance block Verifies Block Agreement on a Switch
Switch> (enable) appearance trunk
Port Approach Encapsulation Cachet Native vlan
-------- ----------- ------------- ------------ -----------
2/1 auto dot1q trunking 1
3/1 auto isl trunking 1
3/2 adorable isl trunking 1
continues
114 Chapter 4: VLANs and Trunking
VLAN Trunking Protocol
As the antecedent sections accept shown, VLAN agreement and trunking on a about-face or a small
group of switches is adequately accessible and straightforward. Campus arrangement environments, however,
are usually fabricated up of abounding commutual switches. Configuring and managing a large
number of switches, VLANs, and VLAN trunks can bound get out of hand.
Cisco has developed a adjustment to administer VLANs beyond the campus network. The VLAN
Trunking Agreement (VTP) uses Layer 2 block frames to acquaint VLAN advice among
a accumulation of switches. VTP manages the addition, deletion, and renaming of VLANs beyond the
network from a axial point of control.
VTP Domains
VTP is organized into administration domains or areas with accepted VLAN requirements. A
switch can accord to alone one VTP domain, in accession to administration VLAN advice with
other switches in the domain. Similar to VLANs, switches in adapted VTP domains do not
share VTP information.
Switches in a VTP area acquaint several attributes to their area neighbors. Each
advertisement contains advice about the VTP administration domain, VTP afterlight number,
known VLANs, and specific VLAN parameters. Aback a VLAN is added to a about-face in a
management domain, added switches are notified of the new VLAN through VTP
advertisements. In this way, all switches in a area can adapt to accept cartage on their trunk
ports application the new VLAN.
Port Vlans accustomed on trunk
-------- ---------------------------------------------------------------------
2/1 1-1000
3/1 1-1000
3/2 1-1000
Port Vlans accustomed and alive in administration domain
-------- ---------------------------------------------------------------------
2/1 1-10,20-35,100,201
3/1 1,11-19,100,201
3/2 1,11,15,100,201
Port Vlans in spanning timberline forwarding accompaniment and not pruned
-------- ---------------------------------------------------------------------
2/1 1-10,20-35,100,201
3/1 1000
3/2 1000
Switch> (enable)
Example 4-1 appearance block Verifies Block Agreement on a About-face (Continued)
VLAN Trunking Agreement 115
VTP Modes
To participate in a VTP administration domain, anniversary about-face charge be configured to accomplish in one
of several modes. The VTP approach will actuate how the about-face processes and advertises VTP
information. The afterward modes can be used:
• Server mode—VTP servers accept abounding ascendancy over VLAN conception and modification for
their domains. All VTP advice is advertised to added switches in the domain, while
all accustomed VTP advice is synchronized with the added switches. By default, a switch
is in VTP server mode. Note that anniversary VTP area charge accept at atomic one server so that
VLANs can be created, modified, or deleted, and so that VLAN advice can be
propagated.
• Applicant mode—VTP audience do not acquiesce the ambassador to create, change, or annul any
VLANs. Instead, they accept to VTP advertisements from added switches and adapt their
VLAN configurations accordingly. In effect, this is a acquiescent alert mode. Received
VTP advice is forwarded out block links to adjoining switches in the domain.
• Cellophane mode—VTP cellophane switches do not participate in VTP. While in
transparent mode, a about-face does not acquaint its own VLAN configuration, and a switch
does not accord its VLAN database with accustomed advertisements. As well, in VTP
version 1, a cellophane approach about-face does not alike broadcast VTP advice it receives to
other switches. In VTP adaptation 2, cellophane switches do advanced accustomed VTP
advertisements out of their block ports, acting as VTP relays.
NOTE While a about-face is in VTP cellophane mode, a about-face can actualize and annul VLANs that are local
to itself. These VLAN changes, however, will not be broadcast to any added switch.
VTP Advertisements
Each about-face accommodating in VTP advertises VLANs, afterlight numbers, and VLAN parameters
on its block ports to acquaint added switches in the administration domain. VTP advertisements are
sent as multicast frames. The about-face intercepts frames beatific to the VTP multicast abode and
processes them with its authoritative processor. VTP frames are forwarded out block links as a
special case.
Because all switches in a administration area apprentice of new VLAN agreement changes, a
VLAN charge alone be created and configured on aloof one VTP server about-face in the domain.
By default, administration domains are set to use non-secure advertisements afterwards a password.
A countersign can be added to set the area to defended mode. The aforementioned countersign has to be
configured on every about-face in the area so that all switches exchanging VTP advice will
use identical encryption methods.
116 Chapter 4: VLANs and Trunking
The VTP advertisement action starts with agreement afterlight cardinal 0 (zero). When
subsequent changes are made, the afterlight cardinal is incremented afore advertisements are
sent out. Aback alert switches accept an advertisement with a greater afterlight cardinal than
is locally stored, the advertisement will overwrite any stored VLAN information. Because of
this, banishment any anew added arrangement switches to accept afterlight cardinal aught is important. The
VTP afterlight cardinal is stored in NVRAM and is not adapted by a ability aeon of the switch.
Therefore, the afterlight cardinal can alone be initialized to aught application one of the following
methods:
• Change the VTP approach of the about-face to cellophane and again change the approach aback to
server.
• Change the VTP area of the about-face to a artificial name (a non-existent VTP domain) and
then change the VTP area aback to the aboriginal name.
• Issue a bright config all command, which will bright the about-face agreement and the VTP
information stored in NVRAM. Ability aeon the about-face so that it boots up with a nonexistent
VTP area name and a VTP afterlight cardinal of zero. (Use caution. This is the
most desperate adjustment because it will abolish all agreement data.)
If the VTP afterlight cardinal is not displace to zero, a new server about-face ability acquaint VLANs as
non-existent or deleted. If the advertised afterlight cardinal happens to be greater than previous
legitimate advertisements, alert switches would overwrite acceptable VLAN database entries
with absent or deleted VLAN cachet information. This is referred to as a VTP synchronization
problem.
Advertisements can arise as requests from client-mode switches that appetite to apprentice about
the VTP database at boot-up time. As well, advertisements can arise from server-mode
switches as VLAN agreement changes occur.
VTP advertisements can action in three forms:
• Arbitrary advertisements—VTP area servers will accelerate arbitrary advertisements
every 300 abnormal and every time a VLAN cartography change occurs. The summary
advertisement lists advice about the administration domain, including VTP version,
domain name, agreement afterlight number, timestamp, MD5 encryption assortment code, and
the cardinal of subset advertisements to follow. For VLAN agreement changes,
summary advertisements are followed by one or added subset advertisements, with more
specific VLAN agreement data. Figure 4-6 shows the arbitrary advertisement format.
VLAN Trunking Agreement 117
Figure 4-6 VTP Arbitrary Advertisement Format
• Subset advertisements—VTP area servers will accelerate subset advertisements afterwards a
VLAN agreement change occurs. These advertisements account the specific changes that
have been performed, such as conception or abatement of a VLAN, suspending or activating a
VLAN, alteration the name of a VLAN, and alteration the MTU of a VLAN. Subset
advertisements can account the afterward VLAN parameters: cachet of the VLAN, VLAN type
(like Ethernet or Token Ring), MTU, breadth of the VLAN name, VLAN number, SAID
value, and the VLAN name. VLANs are listed alone in consecutive subset
advertisements. Figure 4-7 shows the VTP subset advertisement format.
• Advertisement requests from clients—A VTP applicant can appeal any defective VLAN
information. For example, a applicant about-face ability be displace and accept its VLAN database
cleared, its VTP area associates ability be changed, or it ability apprehend a VTP summary
advertisement with a college afterlight cardinal than it currently has. Afterwards a client
advertisement request, the VTP area servers acknowledge with arbitrary and subset
advertisements. Figure 4-8 shows the advertisement appeal format.
Version
(1 byte)
Type
(Summary Adv)
(1 byte)
Number of subset
advertisements to
follow (1 byte)
Domain name length
(1 byte)
Management Area Name (zero-padded to 32 bytes)
Configuration Afterlight Cardinal (4 bytes)
Updater Identity (orginating IP address: 4 bytes)
Update Timestamp (12 bytes)
MD5 Digest assortment cipher (16 bytes)
118 Chapter 4: VLANs and Trunking
Figure 4-7 VTP Subset Advertisement and VLAN Info Field Formats
Figure 4-8 VTP Advertisement Appeal Format
Catalyst switches in server approach use a abstracted nonvolatile random-access anamnesis (NVRAM)
for VTP, adapted from the agreement NVRAM. All VTP information, including the VTP
configuration afterlight number, is retained alike aback the about-face ability is off. In this manner,
a about-face is able to balance the aftermost accepted VLAN agreement from its VTP database already it
reboots.