CCIE Topic: 1.1c VLAN Technologies - Part 2

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone i'm charles judd and welcome to this part 2 video covering the remainder of blueprint subsection 1.1c vlan technologies in the part 1 video dedicated to this vlan subsection i already discussed access and trunk ports and we looked at the native vlan i also briefly mentioned vtp and the concept of vlan pruning which are a couple of topics that will be covered here among other things in this video we're using the exact same topology and configuration that we ended with in our part one video which by the way you can find a link to in the video description we configured two trunk connections on switch one and by default those trunk links are allowed to carry all of our vlan traffic if we say show interfaces trunk you can see that reflected here you can see that we're allowing all vlan traffic over those trunks by default vlans 1 through 4094 now you can see from our topology that we're only using vlans 10 20 and 30. and in the previous video we changed the native vlan to vlan 100 so we're also using that one now one of the major problems that we need to address with layer 2 architecture is unwanted or excessive traffic on the network not only for performance reasons but because that's a good security practice vlan pruning allows us to effectively prune out or to limit the vlans which are allowed to cross a trunk connection so first let's examine manual vlan pruning this is really easy to implement and there are a couple of options for that so let's go under global configuration mode and let's say interface range gig zero slash zero through zero slash one we'll get both of our trunk links at the same time the first way we can do this is to manually prune a specific vlan from the trunk link so let's say that i want to explicitly disallow vlan 200 we could just simply say switch port trunk allowed vlan and the keyword we want to use here is remove now notice we can do all we can do an exception we can do none we have a lot of options here but if we're wanting to specifically remove a vlan we want to say remove and we want to follow that with the number so i can say 200. now if we break out of here and again say show interfaces trunk notice that the vlans allowed on the trunk have changed to reflect that now we're allowing one through 199 and 201 through 4094 this method works if vtp pruning is not enabled which is another method we'll examine in just a bit we can also explicitly determine the only vlans we want to be allowed over the trunk links so let's go back under interface range gig zero slash zero through zero slash one let's say switch port trunk allowed vlan and we can follow that by the numbers of the vlans that we want to allow so let's say 10 20 30 and 100. so that's all of our active vlans and those are the only ones that's going to be allowed over the trunk link let's again say show interfaces trunk and now you can see the vlans allowed on the trunk are only those that we're actively using let's go ahead and remove all of these manual prunings we can arrow up to that original command we can go to the beginning and pre-pin that with the no keyword to take that out let's also get the manual pruning of vlan 200 as well by adding no on there and we'll just verify that once again we are allowing all of the vlans over our trunk connection now before we examine vtp pruning with vtp let's talk about how we can configure vtp virtual trunking protocol vtp is of course used to distribute any vlans that we create to other switches in a vtp domain and that reduces administration in the network and it allows us to simultaneously configure the same vlan everywhere from a single master switch this is a cisco proprietary protocol and that's available on most of the catalyst series switch models a few necessary guidelines for configuring vtp is first of all all switches must have the same vtp domain name all switches must also run the same version of vtp they must have the same vtp password if you have vtp security configured if you have multiple switches active as vtp servers they should have the same configuration revision number and that number should also be the highest in the domain you also want to know that there are three versions of vtp versions one two and three version two is pretty similar to version 1 with the major difference being that token ring vlan support was added if you aren't using token ring vlans which you probably aren't these days there's really no reason to use vtp version 2. vtp version 3 added support for extended vlans and the ability to create and advertise private vlans which we'll discuss later in the network security section of our blueprints so let's look at both methods for configuring vtp first if you're using an older switch with an older ios you can do that from vlan database mode so we can say vlan database and on my particular version you're going to see that i get a warning telling us that it's recommended to configure this from global configuration mode which is actually what we're going to do but i wanted to let you know about that just in case you're using an older version of ios so what we're going to want to do is go under global configuration mode and first of all we want to set up a vtp domain name now i've already done this if you watched the previous video in part one you'll know i already have vtp configured on these switches so that those vlans are being handed out but i will go through the commands just for completion so that you know how to do that so first let's set up our vtp domain name by saying vtp domain and i will call that ccie i get a message telling me it's already set to ccie again because this has already been configured now we want to set the vtp mode of operation by saying vtp and if we look at contextual help the option we want to do is mode that's going to allow us to configure vtp device mode server mode is the default mode for cisco switches and that allows the switch to create modify and delete vlans client mode is going to mean actually let me look at contextual help so we get those on there so we can see those client mode means that the switch is unable to make any changes to the vlan configuration so if you want to create a master switch that controls everything you would put all other switches in client mode now in this topology switch two and three are in client mode switch one is already a vtp server but again going through these commands for completion so that you can see those and we also have transparent mode where a switch doesn't participate in vtp at all and it will not advertise its vlan configuration or synchronize its vlan database based on any received vtp advertisements but it will still forward vtp advertisements onto other clients and then we also of course have the ability to turn vtp completely off so on this switch i would say vtp mode server to do that very simple and again i'm told that it is already in server mode so that's okay we can also set a password to protect our vtp domain and that would be required on other switches so we would say vtp password followed by the password that we want to do i'm not going to configure that at the moment because i don't have a password on those other switches but that is a good security practice to do so let's exit i'm going to clear off some space here and we'll say show vtp status and you can see our vtp domain name is displayed currently vtp pruning is disabled we can see when the last configuration was modified we can see we're running in server mode and several other things also note that you can see we're using vtp version one that's the default mode when we enable vtp and that's only going to support those normal range vlans if we wanted to support extended range vlans we would need to explicitly enable vtp version 3. in this lab that's just fine i'm not going to bother with that i'm just going to leave that as is now let's jump over to switch 2 just to give you a look at what a switch running in vtp client mode looks like we go under global configuration mode and we try to say vlan 200 we get the message telling us that vtp vlan configuration is not allowed when a device is in client mode that's exactly what we would expect so this is a way we can exercise more control over the vlans in our network if we want to manage those from a central vtp server switch any vlans we create on switch one those are going to be reflected over to switch to and switch three so let's go to back to switch one which is of course our vtp server and let's make some changes using vtp pruning vtp pruning is a way we can protect our network bandwidth by decreasing the amount of flooded traffic over our trunk links now vtp pruning can only be enabled on a switch in vtp server mode once that is enabled on the vtp server it's enabled for the entire vtp domain let me go back to switch 2 momentarily you can see if we look at show vtp status pruning mode is disabled on switch 2 as well once we enable that on switch one it's going to enable it for both of our other switches so what vtp is doing is it's making sure that broadcasts are only sent to the trunk links that actually need the information so for example if we enable this on switch 1 and if switch 2 doesn't have any port configured for let's say vlan 10 then any broadcast traffic destined for vlan 10 would not be sent over to switch to again we only enable this on the vtp server and then the clients are told automatically to enable vtp pruning as well so to do that globally we simply say vtp pruning and we hit enter so we can see that pruning is now switched on if we take a look at our vtp status again we can see this verification here telling us that vtp pruning mode is enabled if we run that on switch 2 notice it enabled it here as well and if we did that on switch 3 we would also see the same thing now only vlans in the pruning eligible list will be pruned if there's a particular vlan that we want to make sure we do not prune from vtp we can also configure an exclusion for that and that's done from interface configuration mode so let's go under interface range gig zero slash zero through one for both of our trunk links and if we say switch port trunk and if we look at contextual help we wanna use the keyword that we see at the bottom for pruning so we'll say pruning and this is maybe a bit confusing but what we're actually indicating is the vlans which should not be pruned not those that we do want pruned so let's just suppose that for some reason we want broadcasts from vlan 20 to go out to all of our switches and we do not want to prune vlan 20 for any reason we want to use vlan remove followed by the vlan number so we could say vlan 20 and now no matter what happens vtp will not prune vlan 20 from any of the trunk links a few final topics to cover here within this subsection first is the vlan database now we've actually already seen that we can view that if we end and say show vlan on a switch this is going to give us a look at the vlan database configurations for vlans 1 through 1005 are written to this file this is the vlan.dat file and that is stored in the flash memory if we have a switch running in vtp transparent mode they are also saved in the running configuration file if we have a switch stack configured the entire stack will use the same vlan.dat file and running configuration we can see this file in the flash memory by looking in that directory we could simply use the command directory flash colon and we would see the vlan.dat file contained there if we say delete flash colon vlan.dat that's a quick way that we can erase the vlan configuration for an entire switch so once we do that and once we reload the switch the vlan database would be rebuilt back to its original default state we also have the concept of standard and extended vlans vlans 1 through 1005 are considered to be standard vlans while 1006 through 4094 are extended vlans extended vlans are not stored in the vlan database those are instead stored in the running configuration if you're using vtp and you try to create extended vlans in vtp versions 1 or 2 you have to be in vtp transparent mode in order to do that and that's because these vlans cannot be sent in vtp updates that's really where we would use vtp version 3 because it does support extended vlans we also have the concept of a voice vlan this is a way for our access ports to carry both voice and normal traffic so for example if we're passing through a cisco ip phone it would still be able to use cdp and by doing this the phones can dynamically be moved and they can also transmit vlan tagged voice data and untagged pc data at the same time without explicit trunk configuration using a voice vlan is only supported on access ports not on trunk ports so really quickly let's jump to switch 2 and clear off some space here let's go under interface gig zero slash one let's pretend we have a cisco ip phone here we would say of course switch port mode access and let's say our normal access port would be vlan 10 we could say switch port access vlan 10 and we can also additionally indicate a voice vlan for this interface we could say switchport voice instead of access and we would say vlan and let's say that's vlan 200. if we break out of here and say show interface gig zero slash one switch port you can see the access mode vlan vlan 10 and the voice vlan of vlan 200. so that wraps up a look at section 1.1c for vlan technologies in the upcoming video i'm going to be taking a look at etherchannel and how we can configure that i hope you found this content useful and i want to thank you for watching i'll see you very soon with another video about the next few topics on the ccie enterprise infrastructure blueprint
Info
Channel: Charles Judd
Views: 989
Rating: undefined out of 5
Keywords: cisco, ccie, cisco enarsi, ccie enterprise infrastructure, cisco enarsi 300-410, cisco encor 350-401, ccie lab, my ccie journey, ccie training, ccie blueprint, 1.1c vlan technologies, access port, trunk port, virtual lan, virtual local area network, vlan configuration, vlan lab, virtual trunking protocol, vtp, vlan pruning, vtp pruning, voice vlan, vlan database
Id: SwiHWEtUTDk
Channel Id: undefined
Length: 16min 17sec (977 seconds)
Published: Fri Jul 31 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.