VLANs, and Trunks, and Switches, Oh My!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

you remember when we left off I was setting you up for the fact that we needed to move this VLAN traffic from device to device and what we're going to use to do that is our trunk links by the way the name trunk comes from the public switched telephone network type technology where we take multiple phone conversations and we send those over the same media so that trunking concept we borrow from The Voice world notice here in this illustration we've got all of these multiple VLAN participants and all that traffic can be trumped to this central switch and this will allow for communications between these different VLANs so trunk links are a critical critical component that's going to allow that traffic of one VLAN to be carried from Cisco device to Cisco device the way in which the world is settling on how to trunk in Ethernet now is with the standards-based technology called 802 dot1q that's right 802 dot 1q this is really the standard way to do it now and it wasn't always that way you see Cisco originally invented their own trunking protocol called ISL inter switch link in this approach the original Ethernet frame would be encapsulated it would get a new header and a new footer and inside the new header would be the VLAN identification information well in 802 dot 1qs approach they don't rien capsulate the frame instead they insert that tag field that third field that you see there the tag and then they compute a new frame check sequence at the end of the frame since they did manipulate the frame so the 802 dot1q approach inserts a tag value because let's face it when it comes to identifying the traffic as belonging to a particular VLAN we need some kind of VLAN tag associated with the traffic if you expand and look at that tag in greater detail you'll see that sure enough there is as I promised an area that holds the VLAN identification so notice there's our VLAN identification field and notice the PRI what's that field all about priority that's right this is used in quality of service to show that the layer to frame might be something very important like voice traffic now 802 dot1q trunk links have a very important concept associated that with them that for some reason tends to drive students crazy but it's not going to drive you crazy because I'm going to clearly explain what this is all about it's called the native VLAN you see in an 802 dot1q trunk world every single trunk link receives a VLAN tag for all the VLANs except one VLAN that's right in your environment there's going to be one and only one VLAN that does not get a tag ID for identification of the traffic for that native VLAN let me repeat it all your VLANs are going to get that tag for VLAN ID except one special VLAN this one special VLAN will not have its frames tagged and this is called the native VLAN the idea behind this was let's take VLAN one for instance and let's not tag it so that if we ever had a failure of the getting or any kind of failure that traffic would still flow it won't possess that VLAN modification the idea here was you would put your management traffic in that VLAN that important traffic that you need to be able to flow to your devices now let me let you in on a little secret here folks the native VLAN it actually can end up being exploited by computer criminals so cisco is shying away from you using this protect particular technique cisco saying you know what eliminate the use of a native VLAN in your environment by setting the native VLAN to something like VLAN 1 which it's set to by default anyways and then not putting any traffic in VLAN 1 that's what goes on in production networks that are concerned about security from an IC and D 2 perspective you just have to understand what the native VLAN is it's a VLAN that's not tagged with an identifier for the network so don't stress out about the production aspects too much but for passing the exam just know what that native VLAN is but again I'm not here just to teach you the exam I'm here to teach you what goes on in production networks and because there are security concerns with data VLAN it's often not used today we set it to a VLAN and then we don't put any traffic in that particular VLAN effectively not using the native VLAN concept now we'll go ahead and create some VLANs and create some trunk links coming up but there's some more technologies that we want to talk to you about before we get on our switch and actually start creating this stuff let's think about this for a minute folks if I go over to this device right here and I create some VLANs I would love it if those VLANs would automatically go and get created on all the other devices that would be great otherwise I'm going to have to create my Veen ends here and then come over here and create them and then come over here and create them and then create them up there that's a little work in production that's often how it's done believe it or not what the administrator will do is they will create the VLANs here copy that out to notepad that config and then create them there there there there pasting them in from notepad but if you want a protocol to help you out with this there is one from Cisco available it's called the VTP protocol the VLAN trunking protocol and it's got a terrible name doesn't it the VLAN trunking protocol it would be better called VLAN management protocol because what it's really doing is its allowing you to manage your VLANs there is one thing I like about the name VLAN trunking protocol it reminds us that it will only work over trunk links yeah this technology is only going to function over bonafide 802 dot1q for example trunk links this technology is not going to function over non-trump links so that's one good thing about the name VLAN trunking protocol but a much better name would be the VLAN management protocol well let's hear a little bit more about this magic protocol that allows us to share our VLAN information and to help us out with this it's our good friend and CC CIE his name is Edie Nez and he's one of our guest experts here at Stormwind live we're going to go ahead and bring in AD to talk to us a bit more about this VLAN trunking protocol you want redundancy for critical parts of your network whether it be in the core distribution or access layer we I'm sorry I had to cut ed off there and Ed was speaking about something that we're not ready to talk about yet that's redundancy in our switched infrastructures it's actually our guest expert Mike Vasquez that is going to come in yeah now I've got it right and speak to us about the VLAN trunking protocol so let me go ahead and dial in I think all of us have one thing in common we'd rather make our jobs easier than harder right that's for a VLAN trunking protocol or VTP comes into play it's a Cisco proprietary solution designed to lessen administrative overhead to VLANs across the network if your background is with another vendor you may be familiar with other similar solutions such as G V RP or M V RP v TP operates at layer to answer all Aston travillian configuration consistency so VLAN editions covered deletions name changes covered and by managing this common problems like miss configurations and inconsistencies which can create huge headaches are avoided things like duplicate VLAN names or incorrect VLAN type specifications these problems become a thing of the past now let's consider the catalyst which by default is initially in a no management domain kind of like a blank slate it remains in this state until one of two events occurs if it receives an advertisement for a domain over a trunk link or you go in and actually configure a management domain on your VT P server when there are configuration changes these are them sent across all the trunk links to all the switches in your network and the modifications are propagated maintaining that consistency we strive for and avoiding the configuration errors we mentioned previously and that's what's great all of this is done automatically your domains are synced Avilan configures are consistent is there a gotcha well you bet and this is a big one since its automatic well be careful because you want to ensure that switches you add are in their default btp configuration why well if they aren't guess what that switches settings make inflict and supersede your existing VT P configurations yeah that's a nightmare and a huge effort to fix so before adding a switch you must ensure it's in the default VT P configuration well thanks so much Mike Vasquez one of our guest experts here we'll be hearing from Edie little bit later on he's going to help us out with the spanning tree protocol but that was Mike Vasquez helping us out with that VLAN trunking protocol if you decide to use it in your network infrastructures it really can make life pretty simple you're going to configure a VTP server like that device up in the top of this illustration and what's going to happen is you'll go in like add or delete a VLAN to that VTP server and then notice it's got a bunch of devices below that are set up as VTP clients sure enough it will propagate the change out to those VTP clients and they will get that new VLAN then they'll synchronize to that latest change so you can manage your VLAN database from just one device and take advantage of this particular protocols management across the different devices now one of the things that you might notice in this particular simplified example is that there's only one VTP server what happens if that one switch were to fail well now you've got clients that don't have the ability to create or manage VLANs they are acting as slave-like devices to the VTP server and they'll be in a bit of trouble they'll just be stuck with their database that's why in a true production environment that does VTP you would have at least two VTP servers to go ahead and back each other up let's go ahead and take a look at the three different potential VTP modes that we have by default all of your SCAD Allah switches are going to be in what's called server mode they're going to be in a mode where you create and edit and delete VLANs all that you like so by default they're all in the mode of VTP server you can go ahead and go to certain devices and you can give them the role of client when you put a device in the client mode it can no longer create or modify or delete its own VLANs and it's going to be in that slave like operation to your server or servers that are out there on the network all this is pretty easy of course to memorize right makes sense we got a server we got a client now here's where the trouble comes in for students the trouble comes in on a third mode that cisco created called transparent here's the deal with a transparent device it's like a server in that you can go ahead and create and modify and delete VLANs on it but guess what all that information is going to stay local it will ignore updates from the server it will pass them through to clients but it won't do anything with the updates the transparent device is very stubborn it'll just look at its own VLAN database and not sink to a servers pretty interesting again a key element of the transparent device is that it will send updates through to the clients it won't listen to the updates but it will pass them along that's why it got its name of transparent by the way so VTP transparent mode don't be confused by it it's just a mode where you can do anything you want there locally with your VLANs and you will not impact anyone else in the topology it's a mode where you might have a lab device and you want it plugged into your network this laboratory equipment but you want it operating with its own localized independent copy of the VLAN database so three modes know'm and well by the way VTP operates with a simple configuration revision number type of approach so what you have here is like the server will have a new VLAN added to it so the configuration revision number will bump from let's say 3 to 4 and then sure enough the server updates the clients with this information and the clients go hey wait a minute I am at revision 3 and I'm seeing information that's revision 4 4 is bigger than 3 so I better go ahead and update based on this information I mean that is the simplicity with how this protocol operates and I'm not kidding it's that simple folks a number called this configuration revision number is what dictates whether we synchronize you can quickly see where this is going to get us into a big potential problem what if you have a Cisco switch with a high configuration revision number let's say it's like 50 and it has an empty VLAN database and you plug this in as a server to that domain yeah all the clients will go whoa configuration revision number of 50 this is new information and the clients will erase their databases Mike Vasquez in our guest expert video a few moments ago actually talked to us about this potential occurrence so we want to be very very careful with this when we introduce a new Cisco switch into our VTP domain we want to be very very careful that that new switch we're introducing doesn't overwrite information thanks to the simple configuration revision number I'll show you how to be careful about this in production environments at our equipment we get to that point in fact we're almost there where we're going to get to configure all this stuff I know you're anxious to see it but one last topic I want to talk to you about before we do that and it's a topic that is really pretty cool if you decide to use VTP in your infrastructure you can take advantage of something called VTP pruning yeah VTP pruning is really pretty neat what VTP pruning will do will dynamically eliminate traffic from going down trunk links where it doesn't need to go down yeah let's take a look at this notice how VLAN three is only here and over there notice where the two PC's let me get out of the way so you can see this notice there's two PC's and VLAN three here so VLAN three broadcasts for example don't need to go down all of the trunk links VTP pruning like we're pruning the leaves off of a flower VTP pruning will dynamically stop the VLAN traffic from going down those other trunk links unnecessarily isn't that cool so it's a it's a protocol built into VTP that really adds to the efficiency of our network communications we don't need to send broadcast down those other trunk links and dynamically they will be pruned off configuring VTP pruning couldn't be easier all you do is you go to your server and you turn on VTP pruning and that setting propagates to all of the clients and other servers in your VTP domain the tough thing about VTB pruning is understanding what it is that's actually pretty easy and once you get that again configuring it is a piece of cake we go to the server device we turn on VTP pruning with the VTP pruning command and then we are ready to go speaking of configuring our lair to environment here's the to-do list I love it it looks like one of our personal data assistants here our graphics team made for us our to-do list for configuring things you could go in and you could give the device's their VTP config and then you better go in and do your trunks because without your trunks you're not going to have VTP working VTP only works over trunks once you got your VTP and your trunking in place you can go ahead and create your VLANs you can then go ahead and assign the appropriate switch ports to the appropriate VLANs and then you could always do any changes that you might need to make and then finally yeah of course you better save everything and you better back up these configurations in case there's a problem on your devices we never want to just go with the configurations on the devices we want to make sure we're backing up these important configurations in our network infrastructures so that's the the list of events there and what's interesting about this is you could actually do them in a different order a lot of administrators like to create their VLANs first on one server and then they create their trunks and then they do their VTP that's another valid order you I guess you could always do your trunks first then do your VTP then do your VLANs so you don't have to do it in this rigid order but obviously you do want to build a particular you know well thought through system that you're going to do all this configuration work with let's do it in the order that I C&D to does it so we'll start with VTP then we'll do our trunks then we'll do our VLANs then we'll do our VLAN membership so we will stick to the IC and d2 process here notice the defaults for your VTP you're in a domain of nothingness you're in a VTP domain of null that means VTP isn't working on your equipment okay so by default VTP isn't working your default mode like we talked about is server mode your VT prunings obviously disabled those are the things we really care about so VT P long story short it's not running by default okay folks we're going to go in and configure it if we want to configure it in our network infrastructure so let's jump over to our equipment and let's do just that so we're going to jump over here to switch one now one of the things you've got to watch out for with switches is they may be trunking on their own that's right the switches might be trunking on their own thanks to what we call dynamic trunking protocol we haven't talked about that yet today but there is this DT P not V T P DT PD is in Delta the dynamic trunk protocol has this particular device automatically trunk with another Cisco device let's check this show interface trunk the SHO interface trunk command we use a ton and that is to verify whether or not we have trunk links and look at this we have a whole bunch of trunk links that dynamically occurred between the equipment notice they're using the old-school inter switch link from Cisco yuck so not only did we get all these trunks form without our knowledge of that but we have the trunks form and use a very old look proprietary trunking protocol that we're most like not even going to want to use anymore amazing so one of the things I'll do right now is notice the mode was desirable I'll go to all these ports and we can go ahead and well one easy way to take care of this is to shut them down you ready for this I'll go to interface gigabit 0/1 and I'll shut it down that'll take care of that trunk and then I'll go to interface FA 0/1 will do this interface range F a0 / 1 to 24 and will shut those ports down all right now we are clearly not going to have any automatic trunks formed let me check that with show interface trunk no trunks okay no trunks alright so now we're truly going in the IC and d2 order there are no trunk links on this device and we're going to start with VTP okay so on switch one here will make switch one are VTP server but wait a minute we said all switches are a server by default yeah that's right so actually I don't have anything to do in that regard let's check that it's a server how we check that it's a server is the command show VTP status memorize this command folks show VTP status shows us the VTP configuration on the device it says Anthony you're currently running VTP version 1 although you are capable the new-and-improved VTP version too great your configuration revision number is it zero because you haven't made any changes to the VLAN database you have 1005 VLANs possible you currently have the default five VLANs on the device VLAN number one and then 1001 1002 there's some default VLANs that will always be there look we're in server mode so sure enough all catalyst Cisco switches are servers by default we don't have a domain name because VTP isn't really running right now we're in that null domain that I spoke of VTP pruning is turned off VTP version 2 mode we're not in version 2 and then some other info you don't have to worry about so Wow we are a server already so all we need to do is go in and join a particular VTP domain we go into global configuration mode and we say VTP domain and then we give the case-sensitive domain name for this particular device yep case sensitive domain name so we're going to go in and we're going to say CCNA underscore domain notice how I use all upper case here I use all upper case because the name is case sensitive and I don't want any problems with that so I don't want to have to remember what case I used so when I'm naming things at the command line I always use all upper case so now we're in a CCNA domain here on switch 1 and that's how easy it is we've got our server configured on switch one for the CCNA domain I'll end and I'll copy run star to save so we've saved that config let's go over to switch to alright switch to we're going to go ahead and name it post name SW 2 and I'll go into the console port and I'll say logging sync exact time zero zero and we always want those commands and now I'll go ahead and let's see show interface trunk no dynamic trunk links created great news and now we'll do show V TP status and sure enough it's a server in the null domain what we'll do on switch to you guessed it we'll go ahead and make switch to a client mode v TP system so we're going to go and we're going to say VTP domain whoops is CCNA underscore domain got to match it exactly to what we set on the other device and then we'll say V TP mode first time we've seen this command V TP mode client and now we're in the client mode will end and save so on this device we do V TP mode client and we do VTP domain and our domain name so now we've got a server and we've got a V TP client what's interesting about this is there's no trunking in between so V TP is not working between this server in this client because there is no trunk link but obviously one of the things that we're going to be doing here coming up is to create a trunk between the these two devices once again I want you to have memorized how we verify the VTP configuration it is show VTP status we can see now we are indeed in client mode we are indeed in the CC and a underscore domain so show VTP status absolutely critical absolutely critical that particular command well we are now ready to begin our trunking between these two devices VTP isn't going to totally work in fact VTP isn't going to work at all until we get our chunking done until we have valid trump links between these particular devices so with trunking we got to make sure that the same native VLAN assignment is used between the two devices now the great news on the native VLAN setting is that it is going to be the same by default by default Cisco uses VLAN 1 as the native VLAN across all of the devices so by default the native VLAN is going to match just keep in mind that if you change that for any reason if you change the native VLAN on one end of the trunk you better change it on the other end of the trunk you can't do any of that fun port security that we saw in IC and d1 and you're going to use dynamic trunk protocol in order to manage the negotiation of the trunk link between your switches alright let's go in and see how we would try between our switch one and our switch two now what I need to do though before we can do that is I need to just see real quick uh the topology and I'll show you here in a second in fact I can show you right now let's take a look at the topology that is utilized by our Procter Labs folks for the switches we have cat one and we have cat choo and we can see that they're connected utilizing fastethernet 0/1 see it right here so those two switches that we've been playing with are connected using fast ethernet 19 so now we know the board that is connecting those two you might say Anthony why did you have to check on the Proctor lab setup couldn't you just use show CDP neighbors well I have to use the topology diagram in this case because remember what we did we shut down all of the ports on cat one yeah we shut down all those ports so show CDP neighbors in that case isn't going to help us okay so we've determined that FA 0 / 19 is indeed a link between switch 1 and switch two on our equipment great news so now we can go over to the equipment and let's go back over to switch 1 and on switch one will say interface FA 0 / 19 and we'll say switchport trunk encapsulation dot1q the first thing that I do here is I tell this particular interface hey look I want you to trunk and I do not want you to trunk using that old ISL encapsulation I want you to trunk with 802 1q so we say switch port trunk encapsulation dot1q okay now I have to tell it to be a trunk switch port trunk excuse me switch port mode trunk so now we've said okay this is the trunking protocol you're going to use now I want you to actually trunk and then what we do is we could say switch port trunk native VLAN and this is how we could manipulate that untagged VLAN but guess what I'm not going to do that I'm going to erase that I don't want there to be any manipulation of the native VLAN I'm fine with the default native VLAN of VLAN 1 all right I'm going to I'm going to leave it right here so we did switch port trunk encapsulation dot1q we did switch port mode trunk now what we have to do is go to the other side switch to and do the same settings and then we'll bring up the trunk so I'm going to go in to interface fastethernet 0/1 to say switch port trunk encapsulation dot1q and i'm going to say switch port mode trunk and I'm going to go ahead after setting that up I'm going to end and save with copy run star and now we've got both ends of the links set up the same so I'm going to go over to switch one and we got the settings in there all I'm going to do is no shut it we had shut it down now I'll no shut it and we should see it go down and then up good news and now we verify our trunk was created correctly how do we verify show interface trunk and it says all right great job Anthony for Fast Ethernet 0 /name the trunk mode is on because we use the switch port mode trunk command the encapsulation because you told me to do it is 802 1q the status is trunking and the native VLAN assignment is 1 under the VLANs allowed on the trunk all of them are going to be allowed across this trunk but right now only VLAN 1 is actually operating so we can see and really all you need at the CCNA level is this first row we can see that we have indeed created successfully our trunk link but you know we really haven't seen anything come to life yet and that's what we're going to do next if I do show VTP status I remember that this particular device is the VTP server and switch to is the VTP client so let's review now if this is the server and we've got this healthy Trump between it and the client supposedly if I create a VLAN here it will magically propagate to switch to let's try it configure terminal and let's create a new VLAN here's how you create a VLAN folks it's so easy you go VLAN 10 for instance and now you enter VLAN configuration mode and then I can just go ahead and give this thing a name like an optional name like name test so now we have just created a VLAN 10 named test I'll create a VLAN 20 and name it test 2 and finally a VLAN 30 and I'll name it test 3 we'll end we'll save our configuration and that's how easy it is to create our VLANs in global configuration we say VLAN and give the VLAN number and then we can apply an optional name so we just created VLANs on the VTP server we have a trunk link going between the VTP server in the VTP client so drumroll please everyone when I go over to the VTP client switch - we should see these VLANs created there let's do it we go over to switch - and we use a new verification command I haven't shown you yet we're going to do show VLAN brief the show VLAN brief command is how we can verify our VLANs remember we're over on switch - here we didn't create an vlans there we're hoping they propagated magically thanks to the VLAN trunking protocol or VTP here we go folks and it didn't work look at that there are VLANs 1 and 1002 through 1005 but there's no VLANs 10 20 and 30 that we created I'm excited about this because now we get to do some troubleshooting together don't we so interesting let's make sure everything's ok with the trunk link show interface trunk and it says yeah we have a happy healthy trunk link between these two devices let me make sure it's with switch 1 we'll do a show CDP neighbors oh and look we just got an error message ok so first of all we have a connection via fastethernet 0/1 aimed switch so I think we may have enabled the wrong device let's just check that Proctor Labs topology one more time cat 100 thern at 19 doesn't go to switch - oh man it's it's not it's we got to do this on Fast Ethernet 23 I was looking at this labeling and I got it wrong alright no problem no problem at all here we go this is great because it'll give us a chance to do all this over again to review it ok alright so we've got our VLANs created on switch 1 now where we need two trunk is interface 23 let me verify that yep interface 23 is where we need to trunk okay no problem watch this we go over to switch one and we say interface fastethernet 0/0 trunk encapsulation dot1q switch port mode trunk okay that's it set the encapsulation set the correct trump code now we'll go over to switch to and do the same exact commands there under the 23 interface will say switch port trunk encapsulation dot1q I'm going fast because this is review switch port mode trunk will end we'll save the configuration and now we'll go over to switch one and we'll know shut the interface and now we'll make sure the trunk link comes up and this will truly be a trunk between switch 1 and switch to show interface trunk now we see we got two trunks the one over the 19 port that was going to like switch 4 and now we've got the trunk going to switch to cool let's do a show CDP neighbors to prove its going to switch to yep look at that output fastethernet 0/0 to switch to gotta love it so we go over to switch to now and we try show VLAN briefed and holy VLANs Batman look what's happened sure enough now that we do have a true trunk link between switch 1 and switch to the V TP started working its magic and we have VLANs 10 20 and 30 created over here thanks to V TP this is on switch to so this is very very cool stuff now we've got these VLANs over here but the VLANs are doing anything we can tell this by looking at this show VLAN brief output you can see that these VLANs of 10 20 and 30 they're not in any interfaces so sure they're on switch to but they're not doing anything how do we take one of these VLANs and put it on an interface remember we said we can do it statically instead of using a VLAN management policy server so let's see how we do it statically and obviously you're responsible for this as a CCNA well let me do a show interface status this is another one of my favorite commands and notice we've got a bunch of ports we can play with ports 4 5 & 6 for instance we can play with they're not actually connected to anything so we can't mess anything up so let me go into interface 4 and an interface for I'll say switch port mode access we take this interface and we make sure it's not a trunk port that would be switch port mode trunk and instead we make sure it's an access port easy to remember that this port is going to be forgetting people access to your network and then we say switch port access VLAN 10 for example and now we have just placed that switch port into VLAN 10 let's go to interface fastethernet 0/0 mode access switch port access VLAN 20 and then finally interface fastethernet 0/0 access switch port access VLAN 30 and that's how easy it is folks to go into access ports make them access ports with switch port mode access and then assign them to their VLAN using switch port access VLAN those commands I've used so much in my Cisco career that I know them as well as I know my middle name the verification show VLAN brief and when we issue the show VLAN brief command we can now see that the VLANs of 10 20 and 30 are participating in four five and six ports respectively so we love the show VLAN brief it not only allows us to verify our VLANs exist on the device but we can verify our VLAN assignments as well

Info

Channel: StormWind Studios

Views: 636,161

Rating: undefined out of 5

Keywords: cisco, ccna, training, software, management, technology, data, system, educational, software tutorial, information

Id: jHw7OUqcg-g

Channel Id: undefined

Length: 50min 56sec (3056 seconds)

Published: Thu Sep 01 2011