As your network grows one of the first problems you will encounter is the maintenance and administration of switches.
Imagine that you have 20 switches capable of accommodating 900 users (medium size business), if you add one VLAN and it needs to have access across the entire network then you will need to add it to all 20 switches.
VTP (VLAN Trunking Protocol) was designed to make this more manageable across large and small networks alike.
VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches in the network.
VTP is a Cisco-proprietary L2 protocol and is available on most of the Cisco switches.
The comparable IEEE standard in use by other manufacturers is GVRP or the more recent MVRP.
Cisco does support MVRP (link here), as well as Juniper (link here), but I suspect on particular models only.
VTP supports normal-range VLANs (1-1005) it does not support extended-range.
Remember that all VTP is off by default.
When you enable VTP, it will run as Version 1 unless you configure:
NOTE: VTP Versions 1 and 2 are not interoperable.vtp version 2 | 3
All switches must use the same version.
The biggest difference between Versions 1 and 2 is that Version 2 has support for Token Ring VLANs.
A switch can be in one of the following modes:
1. VTP Server
2. VTP Client
3. VTP Transparent
For two switches to share VTP advertisements they must have their trunk lines configured and enabled.
VTP Benefits
• VLAN configuration consistency across the network
• Accurate tracking and monitoring of VLANs
• Dynamic reporting of added VLANs across a network
• Dynamic trunk configuration when VLANs are added to the network
VTP Components
To maintain domain consistency, only one switch should be allowed to create (or delete, modify) new VLAN. This switch is like the “master” of the whole VTP domain and it is operated in Server mode. This is also the default mode.
Other switches are only allowed to receive and forward updates from the “server” switch. They are operated in Client mode. Configuration is stored in RAM.
- When swithes in VTP client mode are rebooted, they send a VTP advertisement request to the VTP server.
- The local VLAN configuration is updated only when an update tha has a higher configuration revision number is received.
In some cases, the network manager doesn’t want a switch to learn VTP information from other switches. He can set it to Transparent mode. In this mode, a switch maintains its own VLAN database and never learn VTP information from other switches (even the server). However, it still forwards VTP advertisements from the server to other switches (but doesn’t read that update). A transparent switch can add, delete and modify VLAN database locally.
• VTP Domain – all switches, they share VTP configuration using VTP advertisements. A router or Layer 3 switch defines the boundary.
• VTP Advertisements - VTP uses a hierarchy of advertisements to distribute and synchronize VLAN configurations across the network.
• VTP Modes: Server, Client, Transparent
• VTP Server: Advertises VLAN configurations. All changes to VLANs need to be made on server.
• VTP Client: Cannot add, delete, or manage VLANs. When shutdown and comes back up it request updated VLAN information from the server.
• VTP Transparent: Will forward advertisements but does not participate further in VTP, VLANs add are local to switch.
• VTP Pruning – Intelligent broadcasting (restricting flooded traffic to those trunk links that the traffic must use to reach the destination devices).
VTP pruning makes more efficient use of trunk bandwidth by reducing unnecessary flooded traffic. Broadcast and unknown unicast frames on a VLAN are forwarded over a trunk link only if the switch on the receiving end of the trunk has ports in that VLAN.
translate: Prune - To reduce; To cut off or remove dead or living parts or branches of (a plant, for example) to improve shape or growth.
When adding a switch to a VTP domain it is very important that you add a default configuration switch.
Anything else you take the risk of deleting information from the VTP server.
There are three versions of VTP available (v 1, 2, 3).
By default all switches are have version 1 enabled.
Version 2 and 3 are beyond the scope of this course.
Switches by default come in as VTP server mode.
Issue show vtp status to learn more.
SW-4500#show vtp statusFor switches to participate in VTP they must be part of the same VTP domain.
VTP Version : 2
Configuration Revision : 82
Maximum VLANs supported locally : 1005
Number of existing VLANs : 40
VTP Operating Mode : Server
VTP Domain Name : example.com
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xB2 0xE7 0x1D 0xCC 0xFF 0xC3 0xF1 0x78
Configuration last modified by 192.168.168.62 at 3-22-10 13:20:25
Local updater ID is 192.168.168.62 on interface Vl168 (lowest numbered VLAN interface found)
A switch cannot be in more than one domain.
VTP Frame Encapsulation
Encapsulated in a 802.1Q (= VLANs on Ethernet) frame and has the following fields.
• Destination MAC address – is a multicast address that VTP listens on. Layer 2 multicast
• SNAP Field
• VTP Header Field (depends on type of message but always has the following)
- Domain name
- Domain name length
- Version
- Configuration revision number
• VTP message field
VTP Revision Number
32-bit number representing the revision version, the default configuration number is 0.
Each time a VLAN is added or removed the revision number is advanced. A VTPdomain name change resets the revision number to 0.
VTP Advertisements
• Summary advertisements – sent every 5 minutes by server or client to inform neighbor switches of current configuration. They are also sent immediately after a configuration change. The information contained is VTP related.
• Subset advertisements – are sent when changes to VLANs occur. They contain VLAN information and may require more than one subset to be sent.
• Request advertisements – sent to the server when a client realizes it needs information. The server responds with a summary advertisement and then subset.
VTP Pruning (сокращение)
VTP Pruning is not enabled by default. It prevents broadcasts being sent to switches that do not have a specific VLAN connected to it. For example you have two switches with VLANs 10, 20, and 30 configured. Switch 1 only has the following VLANs actively used on it 10 and 20. There is no need for a broadcast message from VLAN 30 to be sent to switch 1 and pruning will prevent that from happening.
Pruning can only be configured on VTP servers. (from CCNA3.4 test)
Configuration Steps
1. All switches set to default settings.
2. Reset configuration revision number on all switches being added.
3. Configure at least two VTP server switches for potential backup.
4. Configure VTP domain (this enables advertising).
5. VTP domains are case sensitive.
6. Ensure all switches are using same VTP password or information will be rejected.
7. Make sure VTP version is the same on all switches.
8. Create a VLAN, all VLANs created before turning on VTP are removed.
Also make sure trunk ports are previously configured because VTP info is shared via trunk ports.
Unconfigure VTP
To reset VTP management domain name of the switch to a NULL value:
# delete vlan.dat
# reload
Configuration Steps for Client
1. Confirm default settings.
2. Configure VTP client mode.
3. Configure trunks.
4. Connect to a VTP server.
5. Verify VTP status.
6. Configure access ports.
Commands
show vtp status* VTP info will NOT show up in the running config, unless you have set the switch to “transparent.”
config t
vtp mode {server, client, transparent}
vtp domain name
vtp password password
vtp version 1
* It saves the configuration in the vlan.dat file.
* The VTP password never shows in configuration regardless of VTP mode. You can only view it with “show vtp password”.
* You can only configure extended-range VLANs (1025 through 4094) in VTP transparent switches.
SW-4500# show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 56
VTP Operating Mode : Transparent
VTP Domain Name : example.com
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x9E 0xC4 0xA0 0x0F 0x42 0x23 0xAC 0xB2
Configuration last modified by 192.168.4.62 at 11-8-12 10:42:55
Show MAC Table
SW-4500#shShow Trunk interfaces
mac address-table MAC forwarding table
mac-address-table MAC forwarding table
Use the show interface trunk command to determine the trunking status of a link and VLAN status. This command lists port, its mode, encapsulation and whether it is trunking.
Sw-Ac3#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/3 on 802.1q trunking 1
Fa0/9 on 802.1q trunking 1
Fa0/12 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/3 1-1005
Fa0/9 1-1005
Fa0/12 1-1005
Port Vlans allowed and active in management domain
Fa0/3 1,22,33,44,99
Fa0/9 1,22,33,44,99
Fa0/12 1,22,33,44,99
Port Vlans in spanning tree forwarding state and not pruned
Fa0/3 1,22,33,44,99
Fa0/9 1,22,33,44,99
Fa0/12 1,22,33,44,99
Show STP
SW-4500#show spanning-tree vlan 1Show CDP
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 4096
Address 001e.f741.8d00
Cost 60004
Port 390 (GigabitEthernet7/6)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0012.daa3.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi5/1 Desg FWD 4 128.257 P2p
Gi6/42 Desg FWD 4 128.362 P2p
Gi7/6 Root FWD 4 128.390 P2p
Router#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
lab-7206 Eth 0 157 R 7206VXR Fas 0/0/0
lab-as5300-1 Eth 0 163 R AS5300 Fas 0
lab-as5300-2 Eth 0 159 R AS5300 Eth 0
lab-as5300-3 Eth 0 122 R AS5300 Eth 0
lab-as5300-4 Eth 0 132 R AS5300 Fas 0/0
lab-3621 Eth 0 140 R S 3631-telcoFas 0/0
008024 2758E0 Eth 0 132 T CAT3000 1/2
Common VTP Configuration Issues
• Incompatible VTP Versions
• VTP Password Issues
• Incorrect VTP Mode Name
• All Switches set to VTP Client Mode.
One important thing you must know is when a
switch receives a better VTP advertisement, it deletes its whole VTP
information and copy the new information from the better VTP
advertisement to its VLAN database.
A switch does not try to compare
its own VLAN database with information from the received VTP
advertisements to find out and update the difference!
Note: VTP advertisements are sent as multicast frames and all neighbors in that domain receive the frames.
Note: If a switch is in client mode and has a higher Revision number, it can still update other Server switches (with lower Revision numbers).
Note: If a switch is in client mode and has a higher Revision number, it can still update other Server switches (with lower Revision numbers).
PS:
To remember - the large amount of posts on internet say that VTP and similar protocols are evil, especially in the data centres, as the whole VLAN database can be incidentally wiped out by some junior engineer placing new top-of-the-rack switch.
No comments :
Post a Comment