Chapter 09
Chapter 9
Virtual LANs (VLANs)
Setup 1
Setup 2
Setup 3
VLAN Advantages
1- Broadcast Control
2- Security
3- Flexibility and Scalability
Managing VLANs
1- Create VLAN
2- Assign ports to VLANS: Static or Dynamic using VLAN Management
Policy Server (VMPS)
In 1900 Series
Step1 1900A(config)#vlan 2 name Sales
Step2 1900A(config)#int f0/1
1900A(config-if)#vlan-membership static 2
1900A(config-if)#^Z
Step3 1900A#sh vlan
Managing VLANs
In 2950 Series
Step1 2950B#vlan database
2950B(vlan)#vlan 2 name Sales
2950B(vlan)#apply
OR
2950B(config)#vlan 2
2950B(config-vlan)#name Sales
Step2 2950B(config)#int f0/1
2950B(config-if)#switchport mode ?
access dynamic
Set trunking mode to ACCESS unconditionally
Set trunking mode to dynamically negotiate access trunk or trunk mode
Set trunking mode to TRUNK unconditionally
2950B(config-if)#switchport mode access
2950B(config-if)#switchport access vlan 2
2950B(config-if)#^Z
Step3 2950B#sh vlan
2950B#sh vlan brief
Connecting VLANs
1- Access Link
VLAN 2 VLAN 3 VLAN 4 VLAN 2 VLAN 3 VLAN 4
A.L
A.L
A.L
2- Trunk Link
VLAN 2 VLAN 3 VLAN 4 VLAN 2 VLAN 3 VLAN 4
T.L
VLAN Identification in Trunks
Trunk Link
ISL (Inter-Switch Link)
* Cisco proprietary encapsulation method
* 1900 Series
IEEE 802.1q
* Open Standard encapsulation method
* 2950 Series
VLAN ID Frame
Tagging Frames
FCS
Configuring Trunking
In 1900 Series
1900A(config)#int f0/16
1900A(config-if)#trunk on off auto desirable non-negotiate
In 2950 Series
2950B(config)#int f0/24
2950B(config-if)#switchport mode trunk
2950B(config-if)#switchport mode dynamic auto
2950B(config-if)#switchport mode dynamic desirable
2950B(config-if)#switchport nonegotiate
Configuring Trunking
1- Auto: Changes to Trunk if available (default)
2- Desirable: Changes to Trunk if neighbor port is Trunk, Desirable or Auto.
3- Nonegotiate: The neighbor must be either Trunk or Access.
4- Trunk: Makes link Trunk even if neighbor port is Access.
In 3550 Series
3550C(config)#int f0/12
3550C(config-if)#switchport trunk encapsulation ?
dot1q Interface uses only 802.1q trunking encapsulation isl negotiate when trunking
Interface uses only ISL trunking encapsulation when trunking
Device will negotiate trunking encapsulation with peer on interface
3550C(config-if)#switchport trunk encapsulation dot1q
Defining the Allowed VLANs on a Trunk
2950B(config)#int f0/1
2950B(config-if)#switchport trunk ?
allowed Set allowed VLAN characteristics when interface is in trunking mode native pruning
Set trunking native characteristics when interface is in trunking mode
Set pruning VLAN characteristics when interface is in trunking mode
2950B(config-if)#switchport trunk allowed vlan ?
WORD VLAN IDs of the allowed VLANs when this port is in add all trunking mode add VLANs to the current list except all none remove all VLANs
VLANs except the following no VLANs remove VLANs from the current list
2950B(config-if)#switchport trunk allowed vlan remove ?
WORD VLAN IDs of disallowed VLANS when this port is in trunking mode
2950B(config-if)#switchport trunk allowed vlan remove 4
2950B(config-if)#switchport trunk allowed vlan remove 4-8
Modifying the Trunk Native VLAN
2950B(config-if)#switchport trunk native vlan ?
<1-4094> VLAN ID of the native VLAN when this port is in trunking mode
2950B(config-if)#switchport trunk native vlan 40
19:23:29: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/1 (40), with Core FastEthernet0/7 (1).
19:24:29: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/1 (40), with Core FastEthernet0/7 (1).
2950B(config-if)#no switchport trunk native vlan
Routing between VLANs
Router#config t
Router(config)#int f0/0.1
Router(config-subif)#encapsulation ?
dot1Q IEEE 802.1Q Virtual LAN
Router(config-subif)#encapsulation dot1Q ?
<1-4094> IEEE 802.1Q VLAN ID
Router(config-subif)#encapsulation dot1Q 2
Router(config-subif)# int f0/0.2
Router(config-subif)#encapsulation dot1Q 3
2950B#config t
2950B(config)#int f0/1
2950B(config-if)#switchport mode trunk
2950B(config-if)#int f0/2
2950B(config-if)#switchport access vlan 1
2950B(config-if)#int f0/3
2950B(config-if)#switchport access vlan 1
2950B(config-if)#int f0/4
2950B(config-if)#switchport access vlan 3
2950B(config-if)#int f0/5
2950B(config-if)#switchport access vlan 3
2950B(config-if)#int f0/6
2950B(config-if)#switchport access vlan 2
Router(config)#int f0/0
Router(config-if)#no ip address
Router(config-if)#no shutdown
Router(config-if)#int f0/0.1
Router(config-subif)#encapsulation dot1q 1
Router(config-subif)#ip address 192.168.10.17 255.255.255.240
Router(config-subif)#int f0/0.2
Router(config-subif)#encapsulation dot1q 2
Router(config-subif)#ip address 192.168.10.33 255.255.255.240
Router(config-subif)#int f0/0.3
Router(config-subif)#encapsulation dot1q 3
Router(config-subif)#ip address 192.168.10.49 255.255.255.240
VLAN Trunking Protocol (VTP)
•Creates VLANs
•Modifies VLANs
•Deletes VLANs
•Sends and forwards advertisements
•Synchronizes
•Saved in NVRAM
•Can not Create, Modify or
Delete VLANs
•Sends and forwards advertisements
•Synchronizes
•Not saved in NVRAM
•Creates local VLANs only
•Modifies local VLANs only
•Deletes local VLANs only
•Sends and forwards advertisements
•Does not Synchronizes
•Saved in NVRAM
2950B#(config)#vtp mode server
Device mode already VTP SERVER.
2950B(config)#vtp domain Cisco
Changing VTP domain name from null to Cisco
2950B(config)#vtp password cisco
Setting device VLAN database password to cisco
2950B(config)#do show vtp password
VTP Password: cisco
2950B(config)#do show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 255
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : Cisco
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x15 0x54 0x88 0xF2 0x50 0xD9 0x03 0x07
Configuration last modified by 192.168.24.6 at 3-14-93 15:47:32
Local updater ID is 192.168.24.6 on interface Vl1 (lowest numbered VLAN interface found)
VTP Pruning
2950B#sh int trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 auto 802.1q trunking 1
Fa0/2 auto 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-4094
Fa0/2 1-4094
Port Vlans allowed and active in management domain
Fa0/1 1
Fa0/2 1
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1
Fa0/2 none
2950B(config-if)#switchport trunk pruning ?
vlan Set VLANs enabled for pruning when interface is in trunking mode
2950B(config-if)#switchport trunk pruning vlan 3-4
Telephony: Configuring Voice VLANs
• IP phone sends voice traffic with layer 3 IP precedence and layer 2 class of service (CoS) values, which are both set to 5 for voice traffic; all other traffic defaults to 0.
• The switch supports quality of service (QoS) based on IEEE 802.1p CoS.
(802.1p provides a mechanism for implementing QoS at the MAC level.)
By using CDP we can deal with:
• Voice VLAN tagged with a layer 2 CoS priority value
• Access VLAN tagged with a layer 2 CoS priority value
• Access VLAN, untagged (no layer 2 CoS priority value)
Consider the following:
1. Use Access Ports.
2. Set Voice VLAN Correctly
3. Enable QoS before enabling Voice VLAN by using the command
2950B(config)#mls qos
4. You must set the port trust state to trust by using the command
2950B(config-if)#mls qos trust cos
5. Enable CDP
6. Portfast is auto enbled when you enable Voice VLAN but not auto disabled when you disable Voice VLAN
7. You can back to default settings by using the command
2950B(config-if)#no switchport voice vlan
2950B#configure t
2950B(config)#mls qos to enable QoS
2950B(config)#interface f0/1
2950B(config-if)#switchport priority extend ?
cos Override 802.1p priority of devices on appliance trust Trust 802.1p priorities of devices on appliance
2950B(config-if)#switchport priority extend trust to define untagged CoS with value = 0
2950B(config-if)#mls qos trust cos setting trust
2950B(config-if)#switchport voice vlan dot1p
2950B(config-if)#switchport mode access
2950B(config-if)#switchport access vlan 3
2950B(config-if)#switchport voice vlan 10
