Scenario 2-2: Configuring VLAN Trunking Protocol (VTP)

The next three scenarios of this chapter (Scenarios 2-2 through 2-4) demonstrate how to configure VLANs for a simple network topology. You learn how to configure VLANs on both Cisco CatOS-based and IOS-based Catalyst switches. VLANs are an effective tool for modern networks, allowing you to restrict Layer 2 communications between devices by placing them into separate VLANs, yet to physically connect the devices to the same switching infrastructure. These VLANs have the effect of increasing security, as access between VLANs must pass through a Layer 3 router that can have access control lists configured. They also can break up large broadcast domains into smaller pieces, reducing the amount of broadcast traffic per LAN, increasing bandwidth and reducing host-processing overheads. Using VLANs also reduces costs, as your switch can service many VLANs simultaneously, meaning you don't have to buy dedicated switching equipment for each LAN.

Figure 2-7 demonstrates a legacy LAN topology for an organization that is to be replaced with Cisco Catalyst switches. In the legacy topology, hubs and bridges are used for three separate LANs.

As you can see in Figure 2-7, dedicated hubs and bridges are used for each LAN, which increases ongoing management and maintenance costs because there are nine network devices in total for the entire network. To reduce ongoing management costs and to increase the performance of the network, new Cisco Catalyst switches are to be installed.

Figure 2-8 illustrates the new topology that is to replace the legacy LAN topology of Figure 2-7.

As you can see in Figure 2-8, two topologies are shownone based upon a CatOS switch (Catalyst 4000) and the other based upon a Cisco IOS switch (Catalyst 3550). Both topologies provide the same functionality; the only difference is the hardware platform and administrative interface that provides that functionality. In each topology of Figure 2-8, a single Cisco Catalyst switch is used to replace the existing LAN topology (the router shown is for descriptive purposes only and is not configured in this scenario). Reducing the number of LAN devices from nine to one has clear benefits in terms of cost, simplicity, ongoing management, and ongoing maintenance.

VLAN Trunking Protocol

Before you can configure VLANs on a switch, you must configure a Cisco proprietary protocol called VLAN Trunking Protocol (VTP). VTP is designed for use in multi-switch, multi-VLAN networks, where administrators wish to configure VLANs centrally, as opposed to on each switch individually. VTP is covered in more depth in Chapter 3, but requires some coverage now because it must be configured before you can configure VLANs.

VTP defines administrative domains, which can be classed as a collection of switches under common administrative control. A switch can be a member of only a single VTP domain, and all switches within a VTP domain share the same VLAN database. All Cisco Catalyst switches use a VLAN database to store VLAN configuration information, such as VLAN ID, VLAN naming, and other related information. VTP allows that VLAN database information to be shared by all Cisco Catalyst switches that belong to the same VTP domain. For example, if you have a VTP domain called cisco.lab and 100 VLANs are configured in that VTP domain, all switches within the VTP domain have a VLAN database that includes all of the 100 VLANs.

The VLAN database can be configured centrally, which means that you can configure all of your VLANs centrally and VTP takes care of distributing the VLAN information to all other switches in the VTP domain. VTP propagates VLAN configuration information via multicast messages, which are sent out any trunks that are connected to the switch. A trunk is a Layer 2 connection to another switch (or other device) that transports data from multiple VLANs. When you connect switches together, you normally use trunks for the interconnections; hence, VTP needs to send VTP messages only out trunks as opposed to all ports on the switch.

Each switch that belongs to a VTP domain is configured with a VTP mode, which defines the role the switch plays in the VTP domain in terms of configuration and distribution of the VLAN database. The following lists the VTP modes that a switch can be configured in:

• Server A switch that is configured as a VTP server can add, modify, and delete VLANs from the VLAN database shared in the VTP domain. A VTP server represents an administrative interface for VLAN configuration, allowing administrators to manage the VLAN configuration of the VTP domain.

• Client A VTP client can read the VLAN database, but cannot modify or delete VLANs. VTP clients receive VTP messages that contain VLAN database information and ensure this information is updated in the local VLAN database.

• Transparent In transparent mode, a switch does not actually participate in VTP but forwards VTP messages received out to other switches, ensuring that other VTP servers and clients connected to the switch receive these messages. The switch does not synchronize its VLAN configuration based upon VTP messages received or advertise its VLAN configuration in VTP messages.

• Off The switch does not participate in VTP whatsoever. The switch operates in a similar fashion to transparent mode, but does not forward any VTP messages whatsoever.

Figure 2-9 illustrates the concept of VTP domains and how switches participate in VTP.

In Figure 2-9, a single switch acts as a VTP server, which means that administrators can use that switch to create, modify, and delete VLANs within the VLAN database. All other switches are VTP clients, which means that they cannot modify the VLAN database directly, and only update the VLAN database based upon VTP messages received from the VTP server. This restriction ensures that a single VLAN database is maintained throughout the VTP domain, with any modifications applied to the VTP server, after which VTP messages are sent to ensure all VLAN databases are synchronized.

Scenario Prerequisites

To successfully commence the configuration tasks required to complete this scenario, Table 2-3 describes the prerequisite configurations required on each device in the scenario topology. Any configurations not listed can be assumed as being the default configuration.

Configuration Tasks

VTP is covered in depth in Chapter 3, so in this scenario you learn how to configure VTP in a single-switch environment. When you have only one switch in your LAN, you have only one VLAN database, and you don't need VTP to synchronize the VLAN database over multiple switches. This means that you can disable VTP by configuring a switch to operate either in transparent mode or in off mode.

NOTE

Off mode is supported on CatOS only at the time of writing.

You use transparent mode where a switch needs the ability to maintain its own VLAN database, but is connected to other switches that participate in a VTP domain and share a common VLAN database. By configuring transparent mode, the switch passes VTP messages through to other switches, but ignores them locally, keeping a separate VLAN database from the VTP domain. You use the off mode when a switch needs the ability to maintain its own VLAN database, and you don't want any VTP messages received to be propagated to other switches. Figure 2-10 demonstrates the difference between VTP transparent mode and VTP off mode in a multi-switch topology.

In transparent mode, you can see that the switch ignores the VTP messages received from the VTP server but does propagate the VTP messages to the VTP client, allowing the VTP server and VTP client to have synchronized VLAN database. In off mode, the switch ignores VTP messages received and also discards them, which cuts off the VTP client from the VTP server.

Disabling VLAN Trunk Protocol on CatOS

To configure the VTP mode on a CatOS switch you use the following command:

 set vtp mode {server | client | transparent | off} 

NOTE

If you choose to configure a mode of server or client, you must first configure a VTP domain using the set vtp domain name command (see Chapter 3 for more details).

In the topology for this scenario, Switch-A is the only switch on the network; hence, VTP should be configured in an off mode because there are no other switches connected that would benefit from configuring transparent mode. Example 2-9 shows an example of disabling VTP totally on Switch-A (i.e., configuring a VTP mode of off):

Example 2-63. Disabling VTP on Switch-A

 Switch-A> (enable) set vtp mode off VTP domain modified 

Once you have completed your configuration of VTP, on CatOS you can use the show vtp domain command to verify your configuration. Example 2-10 demonstrates the use of this command after the configuration of Example 2-9 is applied to Switch-A.

Example 2-64. Verifying VTP Configuration on Switch-A

 Switch-A> (enable) show vtp domain Domain Name                      Domain Index VTP Version Local Mode  Password -------------------------------- ------------ ----------- ----------- ----------                                  1            2           off         - Vlan-count Max-vlan-storage Config Revision Notifications ---------- ---------------- --------------- ------------- 5          1023             0               disabled Last Updater    V2 Mode  Pruning  PruneEligible on Vlans --------------- -------- -------- ------------------------- 0.0.0.0         disabled disabled 2-1000 

The local mode column in the output indicates that the current VTP mode is off. This mode enables administrators to configure and manage VLANs locally on the switch.

Disabling VLAN Trunk Protocol on Cisco IOS

It is important to understand on Cisco IOS that a VLAN database exists (separate from the switch configuration file) that holds all VTP and VLAN configuration information, unlike CatOS where all of this information is held within the switch configuration file.

Traditionally, to configure the VLAN database, you must enter VLAN configuration mode, which is accessed from privileged mode by using the vlan database command. Example 2-11 shows the use of the vlan database command to access VLAN configuration mode.

Example 2-65. Accessing VLAN Configuration Mode

 Switch# vlan database Switch(vlan)# 

In Example 2-11, the (vlan) portion of the prompt indicates you have accessed VLAN configuration mode. From here you can configure VTP parameters and can add, modify, and delete VLANs. In VLAN configuration mode, all configuration commands entered are not applied to the VLAN database until you exit VLAN configuration mode, which you do by typing exit. Once you exit VLAN configuration mode, the switch modifies the binary VLAN database file appropriately, based upon the commands you entered.

TIP

You cannot add ports to a VLAN from VLAN configuration mode. You must add each of these via interface configuration mode for each interface or the range of interfaces that you wish to add to a VLAN.

In older releases of Cisco IOS, you must use VLAN configuration mode, which is a special configuration mode on Cisco IOS that directly modifies the VLAN database, to configure VTP parameters. To configure the VTP mode using VLAN configuration mode, use the following command:

 Switch(vlan)# vtp {server | client | transparent} 

Notice that on Cisco IOS, there is no option to configure a VTP mode of off because this mode is not supported in Cisco IOS. If you wish to disable the use of VTP, you must configure VTP transparent mode.

Once you have configured the VTP mode, you must exit VLAN configuration mode for the configuration to take effect. Example 2-12 demonstrates disabling VTP on Switch-B.

Example 2-66. Disabling VTP on Switch-B

 Switch-B# vlan database Switch-B(vlan)# vtp transparent Setting device to VTP TRANSPARENT mode. Switch-B(vlan)# exit APPLY completed. Exiting.... 

Newer versions of Cisco IOS allow you to alternatively use both EXEC mode and global configuration mode to configure VLANs and, in some instances, store this configuration in the main switch configuration file. The VLAN.DAT database file still exists; however, Cisco IOS simply applies configuration commands to the VLAN database from EXEC or global configuration mode as opposed to VLAN configuration mode.

NOTE

You might be wondering exactly what you can configure from EXEC mode, given that this mode is normally not used for configuration commands. You can configure VTP password, VTP pruning, and VTP version from EXEC mode, with all other VTP and VLAN parameters configured from global configuration mode.

You can configure the VTP mode from global configuration mode by using the following command:

 Switch(config)# vtp mode {server | client | transparent} 

Example 2-13 demonstrates using global configuration mode to disable VTP on Switch-B:

Example 2-67. Disabling VTP on Switch-B

 Switch-B# configure terminal Switch-B(config)# vtp mode transparent Setting device to VTP TRANSPARENT mode. 

NOTE

Using EXEC mode and global configuration mode for VTP and VLAN configuration is supported on the Catalyst 2950/3550 from IOS 12.1(9)EA, on the Catalyst 4000/4500 with Supervisor 3/4 from IOS 12.1(8a)EW, and on the native IOS Catalyst 6000/6500 from 12.1(8b)EX.

Once you have completed your configuration of VTP, you can use the show vtp status command on Cisco IOS to verify your configuration. Example 2-14 demonstrates the use of this command after the configuration of Example 2-4 is applied to Switch-B.

Example 2-68. Verifying VTP Configuration on Switch-B

 Switch-B# show vtp status VTP Version                     : 2 Configuration Revision          : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs        : 5 VTP Operating Mode              : Transparent VTP Domain Name                 : VTP Pruning Mode                : Disabled VTP V2 Mode                     : Disabled VTP Traps Generation            : Disabled MD5 digest                      : 0x9D 0x0E 0x94 0x5C 0xDE 0x33 0x4A 0x9C Configuration last modified by 0.0.0.0 at 3-1-93 00:01:14 

The shaded output indicates that Switch-B is operating in VTP transparent mode.