Switching in an
Enterprise Network
Introducing Routing and Switching in the Enterprise –
Chapter 3
Version 4.0
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
1
Objectives

Compare the types of switches used in an enterprise
network.

Explain how Spanning Tree Protocol prevents
switching loops.

Describe and configure VLANs on a Cisco switch.

Describe and configure trunking and Inter-VLAN
routing.

Maintain VLANs in an enterprise network.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
2
Introducing switching and network
segmentation
•Topics:
The reliance on switches in network design
The switch as an adaptable Layer 2 device that moves traffic
based on MAC addresses
Content addressable memory (CAM) as the technology for
maintaining the MAC address table
The role of switches in micro-segmenting domains to a single
port
Multilayer switching that combines hardware-based switching
and routing in the same device
The two major methods for switching: store and forward, and
cut-through
The need for securing switches
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
3
Compare the Types of Switches Used in an
Enterprise Network
 Switching and network segmentation
 Content addressable memory (CAM)
 Virtual circuits
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
4
Discussion 01
 You have probably seen the advertisements for Internet
service, “with up to a blazing-fast 12 Mbps” and then
the fine print “Many factors affect speeds. Actual
speeds may vary and are not guaranteed.”2 Advertised
network speeds reflect a “best case scenario”.
 Under some circumstances, wire speed represents the
best-case scenario for a switched network. Wire speed
represents the hypothetical maximum data
transmission rate of a cable or other transmission
medium. Wire speed is rarely achieved outside of a
network device. CPU limitations, disk read/write
overhead, or contention for resources can reduce the
speed of transmission over a network.3
2) Comcast. (2007). Comcast High Speed Internet. Retrieved on September 10, 2007 from
http://www.comcast.com/highspeedoffer-s/?CMP=KNC
1TO1Q3GOOGLE30&s_kwcid=comcast%20internet|751518367.
3) http://en.wikipedia.org/wiki/Wire_speed
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
5
How do you find a MAC address?
 What other devices in this room also have MAC
addresses?
 How do we discover the MAC addresses of other
devices on the network?
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
6
What about CAM?
 DEF: A switch moves traffic based on MAC addresses.
Each switch maintains a MAC address table in highspeed memory, called content addressable memory
 What makes CAM different from RAM?
In RAM, the user (application) supplies a memory address and
the RAM returns the data word stored at that address.
 CAM functions as the reverse of RAM.
In CAM, the user supplies the data word and the CAM searches
its memory to see if it has the data word.
 Thinking about network hardware, what kind of device
might have CAM and what data might it contain?”
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
7
Investigations into CAM
 Why does it make sense
to remove (delete) entries
from the MAC address
table if they are not used
within a certain period of
time?
 How does a switch
handle a broadcast
frame?
Reflection #1, Investigations into CAM
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
8
Forward or Flood
 The larger the collision
and broadcast domains
the more likely that
network traffic will be
affected.
 Simply put – the more
devices participating in a
collision domain the more
collisions occur.
 This is similar to what
happens to drivers at a
rotary or roundabout
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
9
Microsegmentation
 How does a switch
process traffic
differently than a
hub?
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
10
ASICs
 Application-Specific
Integrated Circuit
 Taking A Look At The
Basics Of ASICs
 Smith, Michael. (June
1997) ApplicationSpecific Integrated
Circuits. Retrieved on
September 16, 2007
from.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
ASICs can consolidate the work of many
chips into a single, smaller, faster package,
reducing manufacturing and support costs
while boosting the speed of the device built
with them. ASIC technology is now so
advanced that many functions traditionally
implemented in software can be migrated
to ASICs.
11
Routing with a Level 3 Switch
 A Layer 3 switch is a highperformance device for
network routing.
 Layer 3 switches actually differ
very little from routers.
 A Layer 3 switch can support
the same routing protocols as
network routers do. Both
inspect incoming packets and
make dynamic routing
decisions based on the source
and destination addresses
inside. Both types of boxes
share a similar appearance
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
12
Complete Activity 3.1.1.5
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
13
Compare the Types of Switches Used in an
Enterprise Network
 Hardware-based Layer 2 switching
 Software-based Layer-3 (multilayer) switching
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
14
Which is faster?
 Routing has become much faster and often finds a
route to an unknown host faster than the techniques
used by standard Layer 2 switches.
 Layer 2 switches have wire speed performance, and
Layer 3 routers have higher latency. It would seem that
switches should always be faster… hint - unknown host
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
15
Compare the Types of Switches Used in an
Enterprise Network
 Store and forward switching
 Cut-through switching
Fast-forward
Fragment-free
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
16
Frame Forwarding Method
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
17
Today, most Cisco LAN switches rely on
the store-and-forward method for
switching.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
18
Compare the Types of Switches Used in an
Enterprise Network
 Switch physical security
 Switch access security
Complete the lab in
packet tracer
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
19
Redundancy in a Switched Network
 Redundancy is crucial in many areas of business and
health care.
 Few people would want to undergo open-heart surgery
if there was only one heart/lung machine keeping them
alive while their heart was stopped, nor would a multinational publicly traded company have only one set of
financial records.
 Skydivers have reserve chutes in case the main chute
does not open; amusement park rides have manual
and automatic seatbelts on the same rides to protect
against human error.
 Think of your favorite sports team. Does every player
on the team get to participate on every play? Why is it
important for a team to have ‘depth’ at certain
positions?
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
20
Redundancy in a Switched Network
 Networks require redundancy as well.
 In the first quarter of 2007, Amazon.com generated a
daily profit of $1.22 million per day, which equals
$50,833 an hour or nearly a $1,000 a minute.¹
 If the network goes down for an hour, once a week
every week for a year, the total loss of profit is
$2,643,316.
 Do you think that Amazon.com has redundant networks
in place?
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
21
E-Bay example
 One company that did not, but now does, is eBay.
 “Prior to June 10, 1999, eBay experienced significant
network failures and has since suffered additional
outages, which together totaled more than 70 hours of
outages in the first seven months of the year.¹
 During the two day June crisis, eBay's stock crashed to
$47 from $135, wiping out $5.7 billion of market
capitalization, and dipped below $80 in early August
before rising again to the $130 range.¹
 Experts assessing the cause of the disaster cite eBay's
failure to build redundant, scalable web architecture.”²
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
22
E-Bay example - references
 1) CNN Money.com. (September 14, 2007).
Amazon.com Inc. Retrieved on September 8, 2007
from
http://money.cnn.com/quote/financials/financials.html?s
ymb=AMZN.
 2) Cuomo, Andrew. (n.d.). Online Brokerage Industry
Report. Retrieved on September 8, 2007 from
http://www.oag.state.ny.us/investors/1999_online_brok
ers/points_reference.html.
Reflection #2, Redundancy Failures
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
23
Explain How Spanning Tree Protocol Prevents
Switching Loops
 Redundancy in network equipment
 Redundant network links
 Dangers of switching loops
 Broadcast storms
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
24
Lets get paid double-checks
 The module mentions the problems within the network
caused by multiple frame transmissions.
 Imagine the real world problems caused by multiple
frame transmissions – duplicate paychecks, duplicate
invoices for the same purchase, online banking with
duplicate deposits or withdrawals, stock market
transactions, etc. It is not only wasted bandwidth or
CPU time we have to be concerned with – it is the very
real chance that important transactions may be
duplicated if multiple frames are sent.”
 MAC database instability can also result from a
switched loop network. Ask students, "What are the
results of the MAC database being incorrect?"
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
25
Multiple transmissions
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
26
MAC Database Instability
If two switches on the same
network can cause so many
problems is there any way to
support redundancy?
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
27
Explain How Spanning Tree Protocol Prevents
Switching Loops
 Create a loop-free logical topology
 Potential loop detection and port blocking
 Redundancy without switching loops
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
28
Explain How Spanning Tree Protocol Prevents
Switching Loops
 Determining a root bridge
 Bridge ID (BID)
 Root ports, designated ports, and blocked ports
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
29
BPDUs
 BPDUs are frames that multicast every 2 seconds to all
other switches. BPDUs contain information such as:
Identity of the source switch
Identity of the source port
Cumulative cost of path to root bridge
Value of aging timers
Value of the hello timer
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
30
STP port states – 1- Blocking
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
31
STP port states – 2 - Listening
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
32
STP port states – 3 – Learning
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
33
STP port states – 4 - Forwarding
A fifth state, disabled, indicates that the administrator
has shut down the switch port.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
34
Activity
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
35
Activity
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
36
Root Bridges
 Determining a root bridge
 Bridge ID (BID)
 Root ports, designated ports, and blocked ports
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
37
Selection of root bridge
 The root bridge does
not need to be the
most “powerful”;
rather, it needs to be
centrally located
 The root bridge is
based on the lowest
BID value.
Since switches typically use the same default priority
value <32768>, the switch with the lowest MAC address
becomes the root bridge. We can force selection by
changing the priority value.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
38
Changing the priority to FIX the election
 To set priority:
S3(config)#spanning-tree vlan 1 priority 4096
 To restore priority to default:
S3(config)#no spanning-tree vlan 1 priority
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
39
STP Recalculations take time
 If a link failure occurs,
STP recalculates by:
Changing some
blocked ports to
forwarding ports
Changing some
forwarding ports to
blocked ports
Forming a new STP
tree to maintain the
loop-free integrity of the
network
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
STP is not instantaneous
This calculation and transition period takes
about 30 to 50 seconds on each switch. During
this recalculation, no user data passes through
the recalculating ports.
40
How Spanning Tree Protocol Prevents
Switching Loops
 STP recalculations
 Minimizing downtime
PortFast
UplinkFast
BackboneFast
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
41
STP Enhancements
 STP PortFast causes an access port to enter the
forwarding state immediately, bypassing the listening
and learning states.
Using PortFast on access ports that are connected to a single
workstation or server allows those devices to connect to the
network immediately, instead of waiting for STP to converge.
 STP UplinkFast accelerates the choice of a new root
port when a link or switch fails or when STP
reconfigures itself.
The root port transitions to the forwarding state immediately
without going through the listening and learning states, as it
would do with normal STP procedures.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
42
STP Enhancements
 BackboneFast provides fast convergence after a
spanning tree topology change occurs.
It quickly restores backbone connectivity. BackboneFast is used
at the Distribution and Core Layers, where multiple switches
connect.
 Limitation of all three
All the enhancements are Cisco proprietary.
All the switches in the network must be running Cisco IOS
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
43
Discussion
 What type of host or server would you connect with
PortFast?
 Could every host on a network be connected using
PortFast?
 Could you connect another switch to a network using
PortFast?
 Understanding and Configuring the Cisco Uplink Fast
Feature, http://www.cisco.com/warp/public/473/51.html
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
44
How Spanning Tree Protocol Prevents
Switching Loops
 Spanning-tree verification commands
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
45
Show spanning-tree commands
 show spanning-tree - Displays root ID, bridge ID, and
port states
 show spanning-tree summary - Displays a summary
of port states
 show spanning-tree root - Displays the status and
configuration of the root bridge
 show spanning-tree detail - Displays detailed port
information
 show spanning-tree interface - Displays STP
interface status and configuration
 show spanning-tree blockedports - Displays blocked
ports
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
46
Spanning tree poetry
 Algorhyme
By Radia Perlman
(Adapted from "Trees", by Joyce Kilmer)
I think that I shall never see
A graph more lovely than a tree.
A tree whose crucial property
Is loop-free connectivity.
A tree which must be sure to span
So packets can reach every LAN.
First the Root must be selected
By ID it is elected.
Least cost paths from Root are traced
In the tree these paths are placed.
A mesh is made by folks like me
Then bridges find a spanning tree.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
47
RSTP
 Rapid Spanning Tree Protocol (RSTP), defined in IEEE
802.1w, significantly speeds the recalculation of the
spanning tree. Unlike PortFast, UplinkFast, and
BackboneFast, RSTP is not proprietary.
 RSTP requires a full-duplex, point-to-point connection
between switches to achieve the highest
reconfiguration speed. Reconfiguration of the spanning
tree by RSTP occurs in less than 1 second, as
compared to 50 seconds in STP.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
48
RSTP
 RSTP eliminates the requirements for features such as
PortFast and UplinkFast. RSTP can revert to STP to
provide services for legacy equipment.
 To speed up the recalculation process, RSTP reduces
the number of port states to three: discarding, learning
and forwarding. The discarding state is similar to three
of the original STP states: blocking, listening, and
disabled.
 RSTP also introduces the concept of active topology.
All ports that are not discarding are part of the active
topology and will immediately transition to the
forwarding state.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
49
Explain How Spanning Tree Protocol Prevents
Switching Loops
 Rapid Spanning Tree Protocol
 Discarding
 Active topology
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
50
Introducing VLANs
 Many of us belong to clubs in our schools, civic and/or
religious organizations in our communities each of
which has a need to be able to communicate with only
'their' members.
 Imagine that you are the Editor-in-Chief of the
yearbook. You need to be able to communicate with the
other members of the yearbook committee about an
upcoming meeting. Would you rather send an email to
every student in the school about this meeting, or be
able to target just those members of the yearbook
committee? The obvious answer, of course, is just
those members of the yearbook committee.”
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
51
Introducing VLANs
 In schools where email is not used for communication
with students, the usual default for notifying students
about club meetings is “morning announcements.”
Students tend to sit there, half listening, until an
organization in which they are involved makes an
announcement.
 This type of broadcast message can consume
unnecessary time in the morning, while overloading
students with too many broadcast messages, so many
in fact that students may miss their own.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
52
Introducing VLANs
 Networks function in much the same way. As networks
grow and more devices are connected to a switch,
more broadcast traffic is generated and more
bandwidth is wasted on messages that are not relevant
to all members of the organization.
 The solution is to create virtual local area networks
(VLANs) that contain broadcasts and group hosts
together in communities of interest.
 The result is that traffic is logically grouped, minimizing
broadcast traffic and saving bandwidth.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
53
Relection 3
 Take a look at the way our school is organized.
What departments, subjects, groups, or users should be
together in a VLAN?
Remember, one way to answer this question is to think about
'communities of interest’.
Reflection #3, Communities of Interest
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
54
Describe and Configure VLANs on a Cisco
Switch
 Virtual LANs
It allows an administrator to group
together stations by logical function, by
project teams, or by applications,
without regard to physical location of
the users.
 Logical networks
 Broadcast control
 Transparent to end-users
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
55
Describe and Configure VLANs on a Cisco
Switch
 VLAN functions
 VLAN membership
Static (also called port based - widely deployed)
Dynamic ( MAC based )
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
56
VMPS (VLAN Management Policy Server)
Return to the VLAN network diagram for the four
communities of interest, and prepare a table in Word that
maps the MAC addresses to the appropriate VLAN. This
table would be used if we were to use dynamic VLANs
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
57
Configure VLANs on a Cisco Switch
 VLAN 1: management VLAN
 VLAN numbers and names
 Port assignment
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
58
Configure VLANs on a Cisco Switch
 VLAN verification commands
 Deleting a VLAN
 Removing a port from a VLAN
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
59
This is a good place to take a break
Introducing
VLANs
Creating
VLANs
Monitoring
VLANs
That was a Ton of new
information!
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
60
Basic Switch Configuration
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
61
Config the Management Interface
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
62
Config the default gateway
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
63
Verify the configuration
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
64
Configure Duplex and Speed
You used to be required to use certain cable types (cross-over,
straight-through) when connecting between specific devices, switch-toswitch or switch-to-router. Instead, you can now use the mdix auto
interface configuration command in the CLI to enable the automatic
medium-dependent interface crossover (auto-MDIX) feature.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
65
Configure SDM and Web Access
Modern Cisco switches have a number
of web-based configuration tools that
require that the switch is configured as
an HTTP server
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
66
Review
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
67
Review
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
68
The benefits of Vlans
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
69
The management VLAN
 What is the default value for the management LAN?
 What does the administrator use the management
VLAN for?”
The IP address of the switch
VLAN configuration and maintenance
Cisco Discovery Protocol (CDP) and VLAN Trunking
Protocol (VTP) traffic
 When creating a VLAN give it a number and a name –
other than the reserved number of VLAN 1.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
70
Configuring Vlans
 The next three sections of this chapter include the
commands to configure, verify, maintain, and
troubleshoot VLANs.
 In this first section, the commands to create and assign
ports to a VLAN are introduced.
 We will stop after each section to review the syntax of
the command and the output.
 You will put all these pieces together in the Hands-On
Lab in the final section.”
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
71
Use the following commands to create
the VLAN
Create the Vlan ID
Name the VLAN
Assign at least one switch port to the VLAN to
make it active
…
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
72
Verify interface assignments
This command shows all VLAN
assignments
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
73
Verify interface assignments
This command limits information for one specific
VLAN
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
74
Deleting a VLAN
When a port is disassociated from a
specific VLAN, it returns to VLAN1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
75
Identifying VLANs on a Cisco Switch
 VLAN ID
 Frame tagging: IEEE 802.1Q
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
76
Describe and Configure Trunking and InterVLAN Routing
 Trunk port characteristics
Point-to-point link
802.1q is now default
tagging protocol on Cisco
switches
Carry multiple-VLAN traffic over single link
 Support for frame tagging
 Trunk modes
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
77
Access Ports versus Trunk Ports
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
78
Configuring Trunks
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
79
Untagged traffic
 Some traffic however, needs to cross the 802.1Q
configured link without VLAN ID.
 Traffic with no VLAN ID is called untagged. Examples
of untagged traffic are Cisco Discovery Protocol (CDP),
VTP, and certain types of voice traffic.
 Untagged traffic minimizes the delays associated with
inspection of the VLAN ID tag.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
80
Trunks and the native VLAN
 Remember, tagging is used by switches… the tag gets
removed.
 Extending VLANs across switches
 Configuring a native VLAN
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
81
Inter-VLAN Routing
 Connectivity between different VLANs
 Subinterfaces
 Router-on-a-stick
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
82
To configure inter-VLAN routing
 To configure inter-VLAN routing, use the following
steps:
 1. Configure a trunk port on the switch.
Switch(config)#interface fa0/2
Switch(config-if)#switchport mode trunk
 2. On the router, configure a FastEthernet interface with
no IP address or subnet mask.
Router(config)#interface fa0/1
Router(config-if)#no ip address
Router(config-if)#no shutdown
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
83
To configure inter-VLAN routing
 3. On the router, configure one subinterface with an IP
address and subnet mask for each VLAN.
 Each subinterface has an 802.1Q encapsulation.
Router(config)#interface fa0/0.10
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.10.1 255.255.255.0
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
84
Maintain VLAN Structure on an Enterprise
Network
 VLAN Trunking Protocol (VTP) purpose and goals
 Management domain
 VTP modes: server, client, transparent
 VLAN database
 Configuration revision number
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
85
VTP modes - Server
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
86
VTP modes - Transparent
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
87
VTP modes - Transparent
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
88
VTP database
 A problem situation
can occur related to
the revision number if
someone inserts a
switch with a higher
revision number into
the network.
Since a switch is a server by
default, this results in new, but
incorrect, information
overwriting the legitimate VLAN
information on all of the other
switches
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
89
Maintain VLAN Structure on an Enterprise
Network
 VTP messages
Summary advertisements
Subset advertisements
Advertisement requests
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
90
Maintain VLAN Structure on an Enterprise
Network
 Configuring VTP
 Verifying VTP configuration
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
91
Show VTP Status
When adding a new switch to an existing VTP
domain, use the following steps:
Step 1: Configure VTP off-line (version 1)
Step 2: Verify the VTP configuration.
Step 3: Reboot the switch
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
92
Maintain VLAN Structure on an Enterprise
Network
 VLANs and IP phones
 VLANs and wireless security
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
93
Maintain VLAN Structure on an Enterprise
Network
 VLAN best practices
 VLAN security
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
94
Summary
 Switches forward traffic using store and forward or cut-through
techniques
 Basic security features should be applied to switches
 A VLAN is a way to group hosts on the same logical network even
though they may be physically separated
 Frame tagging allows a switch to identify the source VLAN of an
Ethernet frame.
 A Layer 3 device is needed to move traffic between different
VLANs.
 Subinterfaces allow router interfaces to support multiple VLANs.
 VLAN Trunking Protocol provides centralized control, distribution
and maintenance of VLANs.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
95
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
96