I. Features of VLAN
VLAN has the following features:
Segmented, which can be divided into different network segments by department, function, and project;
Flexibility: users who make up a VLAN do not need to consider the physical location of the thing. The same VLAN can also span multiple switches;
Security: by separating broadcast domains, each logical VLAN is like an independent physical bridge, improving network performance and security, however, communication between different VLANs must be connected through routers.
Ii. Basic VLAN configuration
1. VLAN configuration of a single switch
When the VTP protocol is not used, the switch should be configured to VTP transparent (transparent mode). The VLAN configuration of the switch mainly includes the following content:
· Use global commands to enable the transparent mode of VTP;
· Use global commands to define the numbers required for each VLAN) and the corresponding names (optional );
· Use interface subcommands to allocate each port to the corresponding VLAN.
Assume that there are three VLANs divided by the vswitch as shown in 1. The configuration is as follows:
Switch (config) # vtp transparent domani dummy
Switch (config) # vlan 2 name VLAN2
Switch (config) # vlan 3 name VLAN3
Switch (config) # interface e 0/5
Switch (config-if) # vlan-membership static 2
Switch (config) # interface e 0/6
Switch (config-if) # vlan-membership static 2
Switch (config) # interface e 0/7
Switch (config-if) # vlan-membership static 2
Switch (config) # interface e 0/8
Switch (config-if) # vlan-membership static 2
Switch (config) # interface e 0/9
Switch (config-if) # vlan-membership static3
Switch (config) # interface e 0/10
Switch (config-if) # vlan-membership static3
Switch (config) # interface e 0/11
Switch (config-if) # vlan-membership static3
Switch (config) # interface e 0/12
Switch (config-if) # vlan-membership static3
In the above configuration, it is strange that VLAN1 is not configured. It does not matter because it is automatically configured, in addition, any port with no static VLAN configuration specified is considered to be in VLAN1, And the vswitch address is also considered to be in the broadcast domain of vlan1.
After the configuration is complete, you can use the "show vlan #" command to display a specific vlan information and verify VLAN parameters. For example:
Switch # show vlan 3
2. configuration of multiple switches
To allow a VLAN to span multiple switches, you must configure the trunk (trunk) to connect to these switches. Cisco requires that trunk protocols such as ISL be used on such trunk links, so the command to enable trunk protocols is trunk.
Use the trunk interface configuration command to set a Fast Ethernet interface to the trunk mode. Two Fast Ethernet interfaces fa0/26 and fb0/27 are available on the Cisco Catalyst 1900 switch. When the dynamic switching link protocol (DISL) is ISL, you can enable and define the trunk protocol type statically and dynamically. The syntax of the trunk interface configuration command is as follows:
Switch (config) # trunk [on/off/desirable/auto/nonnegotiate]
· On -- configure the port to the permanent ISL trunk mode and negotiate with the connected device to convert the link to the trunk mode;
· Off -- disable the trunk mode of the port and negotiate with the connected device to convert the path to a non-trunk mode;
· Desirable -- trigger port negotiation to switch the link from non-trunk mode to trunk mode. If the connection device is in the on, desirable, or auto status, the port is negotiated with the trunk, otherwise, this port is not a trunk port;
· Auto -- the port is changed to the trunk only when the connected device is on or desirable;
· Nonnegotiate-configure the port to the permanent trunk mode and negotiate with the other party.
In actual work, you can set the mode according to the Configuration Parameter options.
Figure 2
Figure 2 shows a configuration example with two vswitches and three VLANs. The configuration is as follows:
Switch1 (config) # interface e fa 0/26
Switk (config-if) # trunk on
Switch1 (config-if) # vlan-membership static 1
Switch1 (config-if) # vlan-membership static 2
Switch1 (config-if) # vlan-membership static 3
Switch1 (config) # interface e fb 0/27
Switk (config-if) # trunk on
Switch1 (config-if) # vlan-membership static 1
Switch1 (config-if) # vlan-membership static 2
Switch1 (config-if) # vlan-membership static 3
Note: Two Fast Ethernet ports are not only configured as active and valid, but all three VLANs are statically configured on these ports. By configuring these VLANs at the same time, the vswitch regards the trunk port as a part of these VLANs. Of course, the vro in the network must also be configured to support ISL.
To verify the trunk configuration and VLAN port allocation, you can use "show trunk a/B" and "show vlan-membership ". A/B Represents the Fast Ethernet ports 0/26 and 0/27 respectively.
3. Use VTP to configure VLAN
1. VTP Functions
Vswitches are scheduled to send messages to the same management domain every five minutes through VTP) or when the switch parameters change in real time, the same management domain is used to synchronize the identification information of the configured VLAN (which plays a significant role in a large network) and supports hybrid media (such as FDDI and ATM ), precisely tracks real-time situations such as VLAN addition, subtraction, and renaming. VTP is the second-level information protocol, mainly to maintain Configuration consistency. By default, the vswitch is in the non-management-domain status, and its VLAN information is not advertised. Increase the available bandwidth by setting VTP Pruning (the default is off.
2. Three VTP modes: Server (default), Client, and Transparent
· Server: creates, modifies, and deletes VLANs and other configuration parameters for the entire VTP domain. These messages are sent to VTP customers in the same domain in sequence, and VLAN configuration information is stored in NVRAM.
· Client: VLAN configuration information is not stored in NVRAM. When VTP users cannot create, modify, or delete VLANs, they can only synchronize received VLAN information.
· Transparent: When a vswitch does not need or want to join VTP, it is mainly used for local management. It does not share VLAN information with other vswitches, but can still forward VTP announcements to other vswitches.
3. VTP Cropping
Because the ISL Trunk Line carries the traffic of all VLANs, some traffic may not need to be broadcast on the Link without carrying them, VTP cropping uses VLAN announcements to determine when the trunk connection does not require extensive transmission. By default, the trunk connection carries all VLAN traffic in The VTP management domain, in practice, some switches do not need to configure the local port to each VLAN, so enabling VTP configuration becomes necessary.
4. Use VTP to configure VLAN
For a Catalyst 1900 switch, the default VTP configuration parameters are as follows:
· VTP Domain Name: None)
· VTP mode: Server)
· VTP password: None)
· VTP cropping: Disabled)
· VTP trap: Enabled)
The VTP domain name can be specified or learned. It is not set by default. If the default configuration receives a VTP notification with a domain name, it will use this domain name. If the switch has configured a Domain Name and receives another domain name notification, it will be ignored.
You can set a password for the VTP and management domains, but all vswitches in the domain must enter the same password. Otherwise, the VTP will not work properly.
The enabling and disabling of VTP cropping on The vtp server will be propagated to the entire management domain. If VTP cropping is enabled, all VLANs except vlan1.
Assume that there are 3 VLAN connections. The specific configuration is as follows:
· Configuration as vtp server switch 1
Switch1 # configure terminal
Switch1 (cofig) # ip address 10.5.5.11 255.255.255.0
Figure 3
Switch1 (cofig) # ip defaul-gateway 10.5.5.3
Switch1 (cofig) # vtp server domain Hartsfield purning enable
Switch1 (cofig) # vlan 2 name vlan2
Switch1 (cofig) # vlan 3 name vlan3
Switch1 (cofig) # interface e 0/5
Switship (cofig-if) # valn-membership static 2
Switch1 (cofig) # interface e 0/6
Switship (cofig-if) # valn-membership static 2
......
Switch1 (cofig) # interface e 0/9
Switship (cofig-if) # valn-membership static 3
Switch1 (config) # interface e fa 0/26
Switk (config-if) # trunk on
Switch1 (config-if) # vlan-membershi static 1
......
Switch1 (config) # interface e fb 0/27
Switk (config-if) # trunk on
Switch1 (config-if) # vlan-membershi static 1
......
· Configure vswitch 2 as VTP customer
Switch2 # configure terminal
Switch2 (cofig) # ip address 10.5.5.12 255.255.255.0
Switch2 (cofig) # ip defaul-gateway 10.5.5.3
Switch2 (cofig) # vtp client
Switch2 (cofig) # interface e 0/5
Switch2 (cofig-if) # valn-membership static 3
Switch2 (cofig) # interface e 0/6
Switch2 (cofig-if) # valn-membership static 3
Switch2 (cofig) # interface e 0/7
Switch2 (cofig-if) # valn-membership static 3
Switch2 (cofig) # interface e 0/8
Switch2 (cofig-if) # valn-membership static 3
Switch2 (cofig) # interface e 0/9
Switch2 (cofig-if) # valn-membership static 3
......
Switch2 (config) # interface e fa 0/27.
Switch2 (config-if) # trunk on
Switch2 (config-if) # vlan-membershi static 1
Switch2 (config-if) # vlan-membershi static 3
Note: No domain name exists in switch 2 configuration, which may be learned through the first announcement;
No need to define VLAN in vswitch 2 configuration, and cannot be defined in VTP customer mode.
Cropping is enabled in vswitch 1, and VTP is used to crop VLAN2 from vswitch 2 because VLAN2 does not exist in vswitch 2.
To verify new configurations or understand VTP configurations, run the following command:
Switch1 # show vtp
5. VLAN configuration overview
Due to space limitations, the terms and concepts and other specific conditions of VLAN configuration will not be introduced. The following is a summary of VLAN configuration:
1. configuration principles
Maximum number of VLANs and preset VLANs. CDP, VTP, and IP addresses are valid for VLAN1.
2. configuration steps
Enable VTP (optional) => Enable Trunking => Create VLANs => Assign Vlan to ports
3. VTP configuration content and principles
· Passwod: The domain management password is set to the same on all vswitches in the same domain. Otherwise, the VTP will not work normally;
· Configuring the pruning function on the Server will affect the entire VTP domain (the parameters involved in VTP Declaration );
· Trap: enabled by default. An SNMP message is generated when new VTP information is sent;
· Vtp has two versions: V1 only supports Ethernet and V2 also supports Token Ring.
4. VTP configuration command
· Show vtp: confirm the latest configuration changes
· Trunk on/off/disirable/auto/nonegotiate)
· Show trunk
· Vlan #: number range, which can be left unspecified
· Show vlan...
· Vlan rename
· Vlan-membership static vlan # by default, all ports of dynamic belong to VLAN1
· Show vlan-membership
· Show spantree vlan # check whether a VLAN runs STP.