C H A P T E R
5-1
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-01
5
Creating and Maintaining VLANs
A virtual LAN (VLAN) is a switched network that is logically segmented by
function, project team, or application, without regard to the physical locations of
the users. Any switch port can belong to a VLAN, and unicast, broadcast, and
multicast packets are forwarded and flooded only to stations in the VLAN. Each
VLAN is considered a logical network, and packets destined for stations that do
not belong to the VLAN must be forwarded through a router or bridge as shown
in Figure 5-1. Because a VLAN is considered a separate logical network, it
contains its own bridge Management Information Base (MIB) information and
can support its own implementation of the Spanning Tree Protocol (STP).
This chapter describes how to create and maintain VLANs through the Cluster
Management software and the command-line interface (CLI). It contains the
following information:
• How to configure static-access ports without having the VLAN Trunk
Protocol (VTP) database globally propagate VLAN configuration
information.
• How VTP works and how to configure its domain name, modes, and version.
• How to add, modify, and remove VLANs with different media characteristics
to and from the VTP database.
• How to configure Fast Ethernet and Gigabit Ethernet VLAN trunks on a
switch. The switch supports IEEE 802.1Q trunking standards for transmitting
VLAN traffic. This section describes how to configure the allowed-VLAN
list, the native VLAN for untagged traffic, and two methods of load sharing.
• How to configure IEEE 802.1p class of service (CoS) port priorities for port
forwarding untagged frames. You assign CoS to certain types of traffic to give
them priority over other traffic.
Chapter 5 Creating and Maintaining VLANs
Number of Supported VLANs
5-2
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-01
Figure 5-1 VLANs as Logically Defined Networks
Number of Supported VLANs
Table 5-1 lists the number of supported VLANs on Catalyst 2950 switches.
VLANs are identified with a number between 1 and 1001. Regardless of the
switch model, only 64 STP instances are supported.
Floor 1
Floor 2
Engineering
VLAN
Cisco router
Fast
Ethernet
Catalyst 2900
series XL
Catalyst 3500
series XL
Floor 3
Marketing
VLAN
Accounting
VLAN
44961
Catalyst 2950
series
Table 5-1 Number of Supported VLANs
Catalyst Switch
Number of Supported
VLANs
Trunking
Supported?
2950 switches with 16 MB of DRAM 64 Yes
5-3
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-01
Chapter 5 Creating and Maintaining VLANs
VLAN Port Membership Modes
The switches in Table 5-1 support IEEE 802.1Q trunking methods for
transmitting VLAN traffic over 100BaseT, 100BaseFX, and Gigabit Ethernet
ports.
VLAN Port Membership Modes
You configure a port to belong to a VLAN by assigning a membership mode that
determines the kind of traffic the port carries and the number of VLANs it can
belong to. Table 5-2 lists the membership modes and characteristics.
When a port belongs to a VLAN, the switch learns and manages the addresses
associated with the port on a per-VLAN basis. For more information, see the
“Managing the MAC Address Tables” section on page 4-49.
VLAN Membership Combinations
You can configure your switch ports in various VLAN membership combinations
as listed in Table 5-3.
Table 5-2 Port Membership Modes
Membership Mode VLAN Membership Characteristics
Static-access A static-access port can belong to one VLAN and is manually assigned. By
default, all ports are static-access ports assigned to VLAN 1.
Trunk (IEEE
802.1Q)
A trunk is a member of all VLANs in the VLAN database by default, but
membership can be limited by configuring the allowed-VLAN list.
VTP maintains VLAN configuration consistency by managing the addition,
deletion, and renaming of VLANs on a network-wide basis. VTP exchanges
VLAN configuration messages with other switches over trunk links.
Chapter 5 Creating and Maintaining VLANs
VLAN Port Membership Modes
5-4
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-01
Clusters, VLAN Membership, and the Management VLAN
This software release supports the grouping of switches into a cluster that can be
managed as a single entity. The command switch is the single point of
management for the cluster and cluster members.
Links among a command switch, cluster members, and candidate switches must
be through ports that belong to the management VLAN. By default, the
management VLAN is VLAN 1. If you are using SNMP or the Cluster
Management Suite (CMS) to manage the switch, ensure that the port through
Table 5-3 VLAN Combinations
Port Mode VTP Required? Configuration Procedure Comments
Static-access ports No “Assigning Static-Access
Ports to a VLAN” section
on page 5-5
If you do not want to use VTP to
globally propagate the VLAN
configuration information, you can
assign a static-access port to a
VLAN and set the VTP mode to
transparent to disable VTP.
Static-access and
trunk ports
Recommended “CLI: Configuring VTP
Server Mode” section on
page 5-14
Add, modify, or remove
VLANs in the database as
described in the
“Configuring VLANs in
the VTP Database” section
on page 5-24
“CLI: Assigning
Static-Access Ports to a
VLAN” section on
page 5-28
“Configuring a Trunk
Port” section on page 5-31
Make sure to configure at least one
trunk port on the switch and that
this trunk port is connected to the
trunk port of a second switch.
Some restrictions apply to trunk
ports. For more information, see
the “Trunks Interacting with Other
Features” section on page 5-30.
You can change the VTP version on
the switch.
You can define the allowed-VLAN
list and configure the native VLAN
for untagged traffic on the trunk
port.
5-5
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-01
Chapter 5 Creating and Maintaining VLANs
Assigning Static-Access Ports to a VLAN
which you are connected to a switch is in the management VLAN. For
information on configuring the management VLAN, see the “Changing the
Management VLAN” section on page 3-34.
If you are configuring VLANs on a member switch, you might need to enter an
extra command from the command-switch CLI to access the member switch.
When configuring port parameters, for example, you can use the privileged EXEC
rcommand command and the number of the member switch to display the
member-switch CLI. Once you have accessed the member switch, command mode
changes, and IOS commands operate as usual. Enter exit on the member switch
in privileged EXEC mode to return to the command-switch CLI.
For more information about the rcommand command, refer to the Catalyst 2950
Desktop Switch Command Reference.
Assigning Static-Access Ports to a VLAN
By default, all ports are static-access ports assigned to the management VLAN,
VLAN 1.
You can assign a static-access port to a VLAN without having VTP globally
propagate VLAN configuration information (VTP is disabled). To assign a
VLAN, you access the VLAN Membership window (Figure 5-2) by selecting
VLAN > VLAN Membership from the menu bar and clicking the Assign
VLANs tab.
Chapter 5 Creating and Maintaining VLANs
Using the VLAN Trunk Protocol
5-6
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-01
Figure 5-2 VLAN Membership: Assign VLANs Tab
You configure the switch for VTP transparent mode, which disables VTP, by
selecting VLAN > VTP Management from the menu bar and clicking the VTP
Configuration tab (Figure 5-3).
You can also assign the port through the CLI on standalone, command, and
member switches. If you are assigning a port on a cluster member to a VLAN, first
log in to the member switch by using the privileged EXEC rcommand command.
For more information on how to use this command, refer to the Catalyst 2950
Desktop Switch Command Reference.
Using the VLAN Trunk Protocol
VTP is a Layer 2 messaging protocol that maintains VLAN configuration
consistency by managing the addition, deletion, and renaming of VLANs on a
network-wide basis. VTP minimizes misconfigurations and configuration
inconsistencies that can cause several problems, such as duplicate VLAN names,
incorrect VLAN-type specifications, and security violations.
Before you create VLANs, you must decide whether to use VTP in your network.
Using VTP, you can make configuration changes centrally on a single switch,
such as a Catalyst 2950, 2900 XL, or 3500 XL switch, and have those changes
automatically communicated to all the other switches in the network. Without
VTP, you cannot send information about VLANs to other switches.
29678
Display the VLANs
configured on a
switch and the ports
and membership
mode of a given
VLAN.
5-7
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-01
Chapter 5 Creating and Maintaining VLANs
Using the VLAN Trunk Protocol
The VTP Domain
A VTP domain (also called a VLAN management domain) consists of one switch
or several interconnected switches under the same administrative responsibility.
A switch can be in only one VTP domain. You make global VLAN configuration
changes for the domain by using the CLI, Cluster Management software, or
Simple Network Management Protocol (SNMP).
By default, a Catalyst 2950, 2900 XL, or 3500 XL switch is in the
no-management-domain state until it receives an advertisement for a domain over
a trunk link (a link that carries the traffic of multiple VLANs) or until you
configure a domain name. The default VTP mode is server mode, but VLAN
information is not propagated over the network until a domain name is specified
or learned.
If the switch receives a VTP advertisement over a trunk link, it inherits the domain
name and configuration revision number. The switch then ignores advertisements
with a different domain name or an earlier configuration revision number.
When you make a change to the VLAN configuration on a VTP server, the change
is propagated to all switches in the VTP domain. VTP advertisements are sent
over all trunk connections, including IEEE 802.1Q.
If you configure a switch for VTP transparent mode, you can create and modify
VLANs, but the changes are not transmitted to other switches in the domain, and
they affect only the individual switch.
For domain name and password configuration guidelines, see the “Domain
Names” section on page 5-10.
Chapter 5 Creating and Maintaining VLANs
Using the VLAN Trunk Protocol
5-8
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-01
VTP Modes and VTP Mode Transitions
You can configure a supported switch to be in one of the VTP modes listed in
Table 5-4:
The “VTP Configuration Guidelines” section on page 5-10 provides tips and
caveats for configuring VTP.
Table 5-4 VTP Modes
VTP Mode Description
VTP
server
In this mode, you can create, modify, and delete VLANs and
specify other configuration parameters (such as VTP version) for
the entire VTP domain. VTP servers advertise their VLAN
configurations to other switches in the same VTP domain and
synchronize their VLAN configurations with other switches based
on advertisements received over trunk links.
In VTP server mode, VLAN configurations are saved in nonvolatile
RAM. VTP server is the default mode.
VTP client In this mode, a VTP client behaves like a VTP server, but you
cannot create, change, or delete VLANs on a VTP client.
In VTP client mode, VLAN configurations are saved in nonvolatile
RAM.
VTP
transparent
In this mode, VTP transparent switches do not participate in VTP.
A VTP transparent switch does not advertise its VLAN
configuration and does not synchronize its VLAN configuration
based on received advertisements. However, transparent switches
do forward VTP advertisements that they receive from other
switches. You can create, modify, and delete VLANs on a switch in
VTP transparent mode.
In VTP transparent mode, VLAN configurations are saved in
nonvolatile RAM, but they are not advertised to other switches.
5-9
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-01
Chapter 5 Creating and Maintaining VLANs
Using the VLAN Trunk Protocol
VTP Advertisements
Each switch in the VTP domain sends periodic global configuration
advertisements from each trunk port to a reserved multicast address. Neighboring
switches receive these advertisements and update their VTP and VLAN
configurations as necessary.
Note Because trunk ports send and receive VTP advertisements, you must ensure
that at least one trunk port is configured on the switch and that this trunk port
is connected to the trunk port of a second switch. Otherwise, the switch cannot
receive any VTP advertisements.
VTP advertisements distribute the following global domain information in VTP
advertisements:
• VTP domain name
• VTP configuration revision number
• Update identity and update timestamp
• MD5 digest
VTP advertisements distribute the following VLAN information for each
configured VLAN:
• VLAN ID
• VLAN name
• VLAN type
• VLAN state
• Additional VLAN configuration information specific to the VLAN type
Chapter 5 Creating and Maintaining VLANs
Using the VLAN Trunk Protocol
5-10
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-01
VTP Version 2
VTP version 2 supports the following features not supported in version 1:
• Token Ring support—VTP version 2 supports Token Ring LAN switching
and VLANs (Token Ring Bridge Relay Function [TrBRF] and Token Ring
Concentrator Relay Function [TrCRF]). For more information about Token
Ring VLANs, see the “VLANs in the VTP Database” section on page 5-19.
• Unrecognized Type-Length-Value (TLV) support—A VTP server or client
propagates configuration changes to its other trunks, even for TLVs it is not
able to parse. The unrecognized TLV is saved in nonvolatile RAM when the
switch is operating in VTP server mode.
• Version-Dependent Transparent Mode—In VTP version 1, a VTP transparent
switch inspects VTP messages for the domain name and version and forwards
a message only if the version and domain name match. Because only one
domain is supported, VTP version 2 forwards VTP messages in transparent
mode without checking the version and domain name.
• Consistency Checks—In VTP version 2, VLAN consistency checks (such as
VLAN names and values) are performed only when you enter new
information through the CLI, the Cluster Management software, or SNMP.
Consistency checks are not performed when new information is obtained
from a VTP message or when information is read from nonvolatile RAM. If
the digest on a received VTP message is correct, its information is accepted
without consistency checks.
VTP Configuration Guidelines
The following sections describe the guidelines you should follow when
configuring the VTP domain name, password, and the VTP version number.
Domain Names
When configuring VTP for the first time, you must always assign a domain name.
In addition, all switches in the VTP domain must be configured with the same
domain name. Switches in VTP transparent mode do not exchange VTP messages
with other switches, and you do not need to configure a VTP domain name for
them.
5-11
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-01
Chapter 5 Creating and Maintaining VLANs
Using the VLAN Trunk Protocol
Caution Do not configure a VTP domain if all switches are operating in VTP client
mode. If you configure the domain, it is impossible to make changes to the
VLAN configuration of that domain. Therefore, make sure you configure at
least one switch in the VTP domain for VTP server mode.
Passwords
You can configure a password for the VTP domain, but it is not required. All
domain switches must share the same password. Switches without a password or
with the wrong password reject VTP advertisements.
Caution The domain does not function properly if you do not assign the same password
to each switch in the domain.
If you configure a VTP password for a domain, a Catalyst 2950, 2900 XL, or
3500 XL switch that is booted without a VTP configuration does not accept VTP
advertisements until you configure it with the correct password. After the
configuration, the switch accepts the next VTP advertisement that uses the same
password and domain name in the advertisement.
If you are adding a new switch to an existing network that has VTP capability, the
new switch learns the domain name only after the applicable password has been
configured on the switch.
VTP Version
Follow these guidelines when deciding which VTP version to implement:
• All switches in a VTP domain must run the same VTP version.
• A VTP version 2-capable switch can operate in the same VTP domain as a
switch running VTP version 1 if version 2 is disabled on the version 2-capable
switch (version 2 is disabled by default).
Chapter 5 Creating and Maintaining VLANs
Using the VLAN Trunk Protocol
5-12
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-01
• Do not enable VTP version 2 on a switch unless all of the switches in the
same VTP domain are version-2-capable. When you enable version 2 on a
switch, all of the version-2-capable switches in the domain enable version 2.
If there is a version 1-only switch, it will not exchange VTP information with
switches with version 2 enabled.
• If there are Token Ring networks in your environment (TrBRF and TrCRF),
you must enable VTP version 2 for Token Ring VLAN switching to function
properly. To run Token Ring and Token Ring-Net, disable VTP version 2.
Default VTP Configuration
Table 5-5 shows the default VTP configuration.
Configuring VTP
You can configure VTP by using the VTP Management window (Figure 5-3).
To display this window, select VLAN > VTP Management from the menu bar,
and click the VTP Configuration tab.
Table 5-5 VTP Default Configuration
Feature Default Value
VTP domain name Null.
VTP mode Server.
VTP version 2 enable
state
Version 2 is disabled.
VTP password None.
5-13
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-01
Chapter 5 Creating and Maintaining VLANs
Using the VLAN Trunk Protocol
Figure 5-3 VTP Management: VTP Configuration Tab
After you configure VTP, you must configure a trunk port so that the switch can
send and receive VTP advertisements. For more information, see the “How VLAN
Trunks Work” section on page 5-29.
You can also configure VTP through the CLI on standalone, command, and
member switches by entering commands in the VLAN database command mode.
If you are configuring VTP on a cluster member switch to a VLAN, first log in to
the member switch by using the privileged EXEC rcommand command. For more
information on how to use this command, refer to the Catalyst 2950 Desktop
Switch Command Reference.
When you enter the exit command in VLAN database mode, it applies all the
commands that you entered. VTP messages are sent to other switches in the VTP
domain, and you are returned to privileged EXEC mode.
47208
Assign a VTP domain name
from 1 to 32 characters. All
switches under the same
administrative responsibility
must be configured with the
same domain name.
Read-only VTP information.
Configures VLAN parameters

billtang0311 發表在 痞客邦 PIXNET 留言(0) 人氣()