Cisco CCNA ICND2 640-816

Switch VLANs: Configuring VLANs and VTP, Part 1

by Jeremy Cioara

Start your 7-day free trial today.

This video is only available to subscribers.

A free trial includes:

  • Unlimited 24/7 access to our entire IT training video library.
  • Ability to train on the go with our mobile website and iOS/Android apps.
  • Note-taking, bookmarking, speed control, and closed captioning features.
Video Title Duration

Review: Rebuilding the Small Office Network, Part 1

Review: Rebuilding the Small Office Network, Part 2

Review: Rebuilding the Small Office Network, Part 3

Switch VLANs: Understanding VLANs

Switch VLANs: Understanding Trunks and VTP

Switch VLANs: Configuring VLANs and VTP, Part 1

00:00:00 - All right, we've talked a lot about the concepts. Let's hit the
00:00:03 - configuration. We're now going to walk through the configuration
00:00:07 - of VLANs and VTP. First off, looking at the network diagram
00:00:11 - enhancements because we have added some switches to the network,
00:00:14 - and then we'll walk through step-by-step setting up trunk, setting
00:00:17 - up VTP, getting the replication happening between our
00:00:20 - switches, adding VLANs and assigning the ports to the VLANs.
00:00:26 - Before we jump into the configuration, let me just go over some of
00:00:29 - the changes to the network diagram that we've been making as
00:00:31 - our office has grown. You can see our corporate office, which is connected
00:00:35 - to router 1 and router 2 here has grown to three switches. We
00:00:39 - have more computers than our single switch can handle, so we expanded.
00:00:43 - Now as of right now switch 1, which was the switch we've been
00:00:46 - using all along, has become the core switch -- essentially everything
00:00:50 - connects to that. It's the core of our network. Now that switch configuration
00:00:55 - hasn't really changed. I've noted the new interface connections
00:00:58 - here that will go down to our two new switches -- switch 2 and switch
00:01:02 - 3. Now the IP addressing for a corporate office -- I went ahead and tried
00:01:07 - to shorten that a little bit. So you can see that the corporate
00:01:10 - office is represented as everything 192.168.1.0/24.
00:01:14 - This is the.10 of that range. This is the.11
00:01:18 - of that range and so on. You'll see a lot of network diagrams drawn
00:01:21 - like that just because it takes up a lot of space to write in
00:01:23 - the full IP address. Now some of the devices still have
00:01:26 - their full IP addresses like the host in this router right here because
00:01:29 - I have some special uses that I'm gonna use those for. I'm going to be changing
00:01:34 - those as we work through this and the following videos. So that's
00:01:38 - what the landscape looks like. Now on switch number 2 and
00:01:40 - 3, all I've done so far is just given them host names, set
00:01:44 - up some basic console port settings so that I am able to you
00:01:49 - know, have logging synchronous, no exec timeout, no IP domain
00:01:52 - look up.
00:01:54 - Some of the initial optimization commands we talked about in
00:01:57 - the series. So, what I still need to do is assign them IP
00:02:01 - addresses from this range and bring up their VLAN interface. Let's
00:02:05 - go in and do that just as a good review and get our blood flowing
00:02:07 - before we jump into the new stuff. So -- wrong window, bring up this one. I'm
00:02:12 - attached to the serial -- or the console port of switch number
00:02:16 - 2, gonna get into privileged mode and just do a show run.
00:02:21 - You can see as I space through this, nothing really out of the norm
00:02:25 - you know, everything is looking pretty much the same as a brand
00:02:28 - new switch, no config modifications. I can do show IP interface
00:02:33 - brief. I see some of my interfaces are up, which represents devices
00:02:36 - plugged in, but my VLAN 1 interface, which is -- I'm going
00:02:39 - to be using for management is currently shut down. So let's
00:02:43 - configure that. I get into global config mode and get under the interface
00:02:47 - VLAN 1 and we'll give it the IP address I have on
00:02:50 - my network diagram for switch 2. Look back; switch two is 192.168.1.11/24.
00:02:54 - Good.
00:03:04 - So I'll do a no shut down and bring up that interface, switch
00:03:09 - 2 is now configured. Now with that in mind, I still need to
00:03:13 - give that switch a default gateway in order to be able to manage
00:03:17 - it remotely. I do that from global configuration mode.
00:03:20 - But I'm going to hold off on doing that and the reason why is
00:03:23 - when we get to routing between VLANs; that's in a --
00:03:26 - in a video or two later, you're going to be able to see
00:03:29 - some of the changes that we've made and how that may affect
00:03:32 - the routing of our network. So hold off on the default gateway. Let's hop
00:03:35 - over to switch
00:03:38 - 3; switch 3 global config mode. By the way no config on this
00:03:42 - one as well. So I'll get under interface VLAN 1.
00:03:45 - IP address on that is 192.168.1.12.
00:03:49 - You can see that right here.
00:03:57 - Power that on and we're good to go. So at this point, I
00:04:03 - should be able to ping between my switches, just saying ping 192.168.1.10.
00:04:07 - That would be pinging from
00:04:10 - switch 3 to switch 1. Hold
00:04:12 - our breath and poof, it's working. It's that first ping takes
00:04:16 - a moment. Let's try pinging switch number 2, which we've just configured. 1.11.
00:04:19 - There we go -- success. We're now able to ping through. So we're
00:04:25 - good to go. As of right now, everything belongs to VLAN
00:04:29 - 1. Meaning all of our ports -- let me just do a show command. I'll do a show
00:04:33 - VLAN.
00:04:35 - And see this is switch number 3. Default or VLAN 1
00:04:38 - -- every single one of those ports belong to the default VLAN.
00:04:43 - Notice fastethernet 0/1 is missing
00:04:46 - from that list. I'll talk about why that is in just a moment. But
00:04:49 - for now let's just go with it, everything is -- is plugged into
00:04:52 - VLAN 1. Now we're moving into the configuration of VLANs
00:04:57 - and VTP. So the first step that we're going to need in all
00:05:01 - of our configurations is to set up our trunk ports between
00:05:04 - our switches. This port right here or that link between those two and
00:05:09 - this port right here between those two switches need to become trunks
00:05:12 - so that they can transmit all the VLAN information across
00:05:15 - them. Likewise, VTP will not work on any interface that
00:05:20 - is not a trunk. Meaning it has to be active in order for the
00:05:23 - VTP updates to replicate across that link. So let's first
00:05:28 - off go and configure our trunks.
00:05:30 - I'm gonna start the configuration on switch number 1 because
00:05:34 - that is our core switch of our network. Now notice the interfaces,
00:05:38 - fastethernet 0/11 and 12 connect down to
00:05:41 - switch 2 and switch 3 respectively. So those are going to
00:05:44 - be configured as my trunk. I'm gonna hop on up to that switch --
00:05:48 - I gotta close that window, there we go -- start off on one and the
00:05:54 - first thing I want to show you
00:05:56 - is that I can type in the password -- there we go. The first thing I want to show you is how
00:06:01 - those ports are configured by default. I'm gonna do a show run
00:06:05 - fast -- or type in interface fast ethernet 0/11; that's
00:06:10 - just the way that you can trim down the running config
00:06:13 - to show just that interface from it. I hit enter and you can see the
00:06:18 - default mode of that port -- it says switch port mode dynamic
00:06:22 - desirable. As a matter of fact, let me just do a show run, scroll down a little bit, look at that.
00:06:29 - 0/2, dynamic desirable, three dynamic -- everything is dynamic
00:06:33 - desirable. That is a horrific default. Let me tell you why. What that
00:06:39 - says is this switch port is in a mode of dynamic. Meaning, let me jump
00:06:44 - back here -- it can either become an access port
00:06:49 - or a trunk port on the fly.
00:06:53 - Now access ports are designed to connect to NPC. Any time you
00:06:57 - have a -- a PC device right here, it needs to be an access port
00:07:01 - which means it's -- it essentially means it's not going to be a
00:07:04 - trunk, meaning I can assign that one VLAN and it will always be on
00:07:08 - one VLAN; we will not negotiate a trunk connection. The
00:07:11 - trunk ports are used between switches and that is the one that
00:07:15 - translates -- transmits all VLAN information between the
00:07:18 - two switches. Now the default again is dynamic desirable
00:07:22 - which means I will dynamically switch between these two modes.
00:07:26 - If I detect another switch plugged in, I'll convert to a trunk
00:07:30 - port. If I detect a PC plugged in, I'll convert to an access port.
00:07:35 - Now it sounds convenient and that's why CISCO designed it that
00:07:37 - way. They wanted it to be convenient so you can just plug
00:07:40 - cables together and be trunking, which is actually what we're
00:07:43 - doing right now on these ports. They are trunk ports because
00:07:46 - we're dynamic -- they're just switching to whatever's plugged in. But the
00:07:49 - reason I say it's horrific is because it's wide open to
00:07:53 - malicious people. Let's say that this person in their cubicle is
00:07:57 - an angry user and he does not like the company at all. So he brings
00:08:01 - in his own switch from home and plugs it into his cubicle wall
00:08:05 - jack. Well, as soon as he does that the switch will notice that, and go, "Oh, well
00:08:10 - hey, let's -- let's negotiate a trunk connection with that other switch.
00:08:13 - VTP updates will be sent down that -- that port; the user can
00:08:16 - actually sabotage your VLAN database. They can -- they can use
00:08:21 - an attack known as VLAN hopping. I'll talk about that a little
00:08:23 - bit more. So it's horrible to have those ports on dynamic.
00:08:28 - Anytime you see anything like dynamic, desirable, auto, negotiate;
00:08:33 - anything like that on a CISCO device, it's usually
00:08:37 - better -- 90 percent of the time it's better that you would hard
00:08:41 - code those modes rather than leave them on dynamic. So dynamic
00:08:45 - desirable means I'll dynamically change and I'm desiring to
00:08:48 - be a trunk port. Meaning I will actively negotiate a trunk, if I see
00:08:52 - another switch attached. So our two ports that we're configuring
00:08:56 - are 11 and 12 and I need to go under those ports.
00:09:01 - I'll do interface fastethernet 0/11 and I need
00:09:04 - to change the switch port mode. Type in switch port mode and I'll do a question
00:09:09 - mark and you can see we have access. We have trunk and we
00:09:14 - have dynamic -- dot1q-tunnel; that's another story for another
00:09:18 - day. That's -- that's actually a CCIE level topic right there.
00:09:22 - But access and trunk are the two we want to use. Right now it's
00:09:25 - set to dynamically negotiate. Now this is a connection between
00:09:29 - a switch, so we can safely say switch port mode trunk. Now this
00:09:35 - is going to give an error. When I do this and it's -- it's saying
00:09:38 - the command is rejected. An interface whose trunking encapsulation
00:09:42 - is auto cannot be configured to trunk mode. Here's what that means.
00:09:48 - Remember I said there was the language of love -- that was in
00:09:50 - the previous video -- the language of love of trunking was
00:09:53 - 802.1Q. That is the official trunking language
00:09:58 - that everybody in the world now uses between their switches.
00:10:01 - But long ago when VLANs, the concept of VLANs were first
00:10:05 - created, CISCO created their own trunking language. It was actually
00:10:09 - known as ISL -- InnerSwitchLink. It was before the
00:10:13 - 802.1Q standard was really standardize and really was
00:10:16 - a good standard to use anyway. So CISCO said we're going
00:10:18 - to create our own and you can use that between CISCO switches
00:10:22 - for more efficient trunking. Well, times have changed, the industry has progressed
00:10:27 - and ISL is being faded out
00:10:30 - And what I mean by that is it's going away. They're -- they're trying
00:10:33 - to phase it out of all switches. A lot of the brand new switches
00:10:35 - they create don't even support ISL. However, this switch, switch
00:10:39 - number 1 is actually a 3550, which is a little
00:10:43 - higher end switch, supports a lot more features. So it has the
00:10:47 - ability of using ISL or 802.1Q
00:10:54 - on its interface. So what it's saying is that trunking encapsulation
00:10:58 - right now is auto. It's going to try and negotiate between the
00:11:00 - two, which kind of integrates with this dynamic system. But since
00:11:03 - we're hard coding everything, we have to add an extra command
00:11:06 - to the upper end switches in CISCO's world. And we type in switch
00:11:10 - port trunk encapsulation and then we choose: 802.1Q
00:11:16 - where they write it.1Q, ISL or negotiate. Now, remember anytime you
00:11:22 - see negotiate, dynamic, auto -- don't use it. We're going to hard
00:11:26 - code.1Q. Now -- now that we've hard coded what language
00:11:31 - it's going to speak -- the language between the switches, I can
00:11:34 - just type in switch port mode trunk enter. And now you can see
00:11:38 - the same command as before but now it's not popping up that
00:11:40 - error message between the two switches. So we have on the 3550
00:11:44 - fastethernet 0/11 is configured as
00:11:48 - a trunk port. Good, now let's move or fastethernet 0/12
00:11:52 - and this should be pretty simple. I'll just type in a
00:11:57 - switch port trunk encapsulation.1Q, enter. And then
00:12:02 - switch port mode trunk. Good. So now fastethernet 11 and
00:12:07 - 12 are both configured as trunk ports and let me show you
00:12:10 - a massive security step forward in your world. Now that
00:12:15 - you know which ones are trunks set all the rest of them to
00:12:20 - access ports. Meaning right now everything; these are hard
00:12:23 - coded trunks, but everything else is still set to dynamic. So
00:12:26 - this is 24-port switch, so we can safely say 1 through
00:12:31 - 10, you know, up to 11 is considered an access port and then
00:12:35 - 13 through 20; hmm,
00:12:40 - let's do 23. There's something in this picture I'm not
00:12:43 - showing you. I'll show you a little bit later. 13 through
00:12:46 - 23 will be considered access ports. So here's what we
00:12:50 - do. You can type in interface range fastethernet and then you
00:12:55 - type in your -- your module and port, 0/1 through
00:13:00 - 10. I'll do that first group and I'll say switch port mode
00:13:04 - access or full command access. I'll then type in, hit the upper arrow and then do
00:13:09 - interface range fastethernet 0/ and then what was
00:13:12 - the next range? 13 through 23. 13 through 23.
00:13:17 - Switch port mode access hard coded access ports.
00:13:24 - Good. Now if I go back and do a show run,
00:13:28 - you can see that all of the modes have gone over to access
00:13:31 - you know, this is our internet router connection. We labeled that in
00:13:34 - the first video, but fastethernet 2 access, access, good. All these
00:13:39 - are great. Oop, there's our trunk ports, trunk and.1Q encapsulation.
00:13:43 - Everything else -- access, access, access, because we want to make
00:13:46 - sure that they don't negotiate trunk ports on the fly. Good.
00:13:49 - So we've got the core switched, 3550 configured. Let's
00:13:52 - go down and do switch 2 and switch 3. I'll do these a little bit
00:13:56 - faster. Jump over to switch 2. Now switch 2 and switch 3 -- I'll do a
00:14:02 - show version are actually CISCO 2950 switches. They
00:14:06 - don't have as many features as the 3550 and one
00:14:09 - of the features they're missing is the ability to support ISL
00:14:12 - encapsulation. That's not even an option on the 2950.
00:14:15 - It's been phased out. They only support 802.1Q.
00:14:18 - So when I configure the trunk ports on switch 2 and
00:14:21 - 3, you can see the trunk ports are fastethernet 0/1 and
00:14:26 - 0/1 on both of those. All I need to do is get underneath
00:14:30 - the interface fastethernet 0/1 and type in switch
00:14:34 - port mode trunk; enter. There is no encapsulation command.
00:14:38 - Look at this -- I'll type in switch port trunk encaps -- oh, oh, oh --
00:14:43 - -- there's no command. Notice I'll hit the question mark; nothing.
00:14:47 - No encapsulation command because since it only supports
00:14:49 - one encapsulation, 802.1Q; what's the point of
00:14:53 - having others? Now on this switch, I can safely exit back out
00:14:57 - and do interface range fastethernet 0/2 through
00:15:02 - 24, meaning all the rest of the ports except port one
00:15:06 - which is our trunk. And type in switch port mode; access. Slam. All those
00:15:12 - are now access ports. Do a show run and
00:15:16 - you can see there's my trunk, 0,1,2,3,4 and everything
00:15:21 - else is now considered access ports on this switch. Let's go to switch 3.
00:15:27 - Fastethernet 0/1; switch port mode trunk
00:15:31 - and then interface range fastethernet 0/2
00:15:37 - through 24; switch port mode; access. Now if you're following
00:15:42 - along; if you've got your own lab equipment and you're setting up this
00:15:45 - kind of configuration, I do want to make sure I mention the
00:15:48 - interface range command on most IOS versions, except the very newest
00:15:52 - and best IOS versions is really finicky with how you type this in.
00:15:56 - The spacing has to be exact between these two. So if you
00:16:00 - forget a space, no exit back out -- interface range fastethernet 0/1
00:16:05 - through 10, it will say, ugh, I -- I -- I don't know what you're talking
00:16:08 - about. In the new IOS versions they fixed that so it works
00:16:12 - real seamlessly. But I've seen a lot of people that are like, "Oh, no. I can't use
00:16:15 - the range command. My IOS must not support it. Most the time it's
00:16:18 - just looking for a different syntax there. Good. So I would say
00:16:22 - it's safe to save our configuration, if you type it right on all these switches.
00:16:27 - We've got our trunk ports configured that was step one.
00:16:33 - Step one; so let me -- let me clear off all the chicken scratch
00:16:37 - here. I'm going to be updating these diagrams as we go through
00:16:43 - to reflect our changes as we go. Now in this video, I'm
00:16:48 - just gonna be drawing and adding things by hand. But I'll modify it in the
00:16:52 - background later, so it looks much prettier. So the trunks are configured.
00:16:56 - Now let's do the second thing, configuring VTP, the VLAN
00:16:59 - trunking protocol. So all of our VLANs can replicate between
00:17:03 - the two. So
00:17:05 - actually looking at the time I think we're going to do the
00:17:07 - first two steps in this video and then we'll split it and do the last three --
00:17:11 - two steps in the upcoming video. I don't want to make this too long.
00:17:15 - VTP just to hit the highlights, replicates those VLANs
00:17:18 - between our switches. We talked about that in the previous
00:17:21 - video. Now again, let's start up on our core switch -- switch 1.
00:17:27 - And I'm going to type in the command, show VTP status.
00:17:33 - That command will show you everything about VTP. Now I
00:17:37 - will mention that all the things that we type for VTP
00:17:40 - are not stored in the running config. They're actually stored
00:17:43 - in -- in another file. Again, I'll talk about that as we get deeper
00:17:46 - in this, but as of right now you can see everything about VTP.
00:17:49 - It says VTP version is currently running VTP
00:17:53 - version 2. The configuration revision is revision one
00:17:59 - meaning there's been one change made to the switch because they
00:18:01 - start from zero; that's -- that's interesting to me because I
00:18:05 - don't know which change that is. Let me -- let me jump down to switch 2 and do a show
00:18:08 - VTP status down here. Okay, this -- there must be something on on our
00:18:12 - core switch. Oh, I just remembered what it was. I'll tell you about
00:18:16 - that later, too. Let's look at switch number 2, that in
00:18:20 - the changes that we have here. VTP version 2; config rev zero.
00:18:24 - Meaning, there's been no changes made to this switch all. Maximum
00:18:28 - VLANs supported locally is 128; that
00:18:32 - means this switch, this 2950 supports a maximum
00:18:35 - of 128 VLANs passing through it at one time.
00:18:40 - Now the VLAN numbers, you can have up to -- the VLAN numbers go one
00:18:45 - through, I believe it's 4094 maximum VLANs
00:18:49 - that you can have on your switches. But these lower end switches
00:18:53 - only have 24 ports so they're saying why would I have
00:18:55 - 4000 VLANs and support that many active VLANs
00:18:58 - when -- when I only have 24 ports in the first place? So, and
00:19:02 - you can see the bigger you go on the switch, like this is
00:19:04 - a 3550 up here,
00:19:06 - the more VLANs you can support.
00:19:09 - Now down here it shows the number of existing VLANs is
00:19:12 - currently five. Now that means there are currently five active
00:19:17 - VLANs on here at a time. Now, wait a sec, I thought there's only VLAN 1.
00:19:22 - Let's do a show VLAN.
00:19:23 - Now when I do that I see that I have VLAN 1 and then
00:19:26 - look below it, we have VLAN 1002, 1003,
00:19:30 - four and five. Those are considered extended VLANs.
00:19:34 - They were created to support other kinds of networks like you
00:19:38 - can see token ring networks and FDDI; that's an old fiber optic
00:19:42 - standard networks. Now in order for a switch to be considered
00:19:45 - industry compliant or standards compliant, those VLANs
00:19:49 - have to be on there. So it's not like we're actually using em.
00:19:51 - As a matter of fact, you can see the status is that they're active, but
00:19:54 - they're unsupported because this switch doesn't have any token
00:19:57 - ring interfaces or FDDI interfaces. So they're just there because
00:20:01 - the standards say they have to be there. But we're really only
00:20:05 - using VLAN 1. So you add them up one two three four five;
00:20:10 - there's our five VLANs that it's seeing and that show VTP status.
00:20:14 - Now down below you see the operating mode; it's currently a server
00:20:17 - because everything is a server by default out of the box and the
00:20:21 - domain name is blank. Meaning it -- there is no name for the existing
00:20:26 - company or the replication that's happening between them. So
00:20:30 - let's stop there and jump into our configuration.
00:20:33 - When we're setting up VTP, we need to configure three major aspects.
00:20:39 - One is that VTP domain name -- I'll just put name.
00:20:45 - Two, if we want to, and this one is optional, we can add in a
00:20:49 - password for the VTP domain.
00:20:53 - And three, if we want to do it we can change the VTP mode.
00:20:57 - Remember the three modes: server, client, and transparent. So
00:21:02 - we can choose which mode we would like to create. So let's start
00:21:06 - off with number one, which is configuring the name.
00:21:09 - To set that up, I'm gonna jump back to our main switch in the network which
00:21:12 - is switch number 1. Now before I do that and get the command prompt pulled
00:21:16 - back up, I want to make a mention of something that will happen
00:21:20 - before your very eyes. It's a magic show. On this switch
00:21:25 - when I configure the domain name and let me just come up with
00:21:29 - it, I'll -- I'll use Nugget
00:21:32 - World will be my VTP domain name. When I configure that domain
00:21:38 - name on switch number 1, switch number 2 and 3 will
00:21:43 - automatically pick it up. Meaning, they will automatically join
00:21:47 - the Nugget World domain. Now, the reason that's going to happen
00:21:51 - is because as a right now if you look back, switch number 2
00:21:54 - and switch number 3 -- we didn't do this command and 3 but
00:21:57 - it's there -- do not have a domain name. Meaning they -- they are
00:22:01 - not a part of a domain. And when a switch does not have a domain
00:22:04 - name, it is in the most susceptible state to VTP that it
00:22:08 - ever will become. And that is in a state where it will take whatever
00:22:12 - domain name has first advertised it. When we go on switch number
00:22:16 - 1 and set the domain name to Nugget World, it will send it
00:22:19 - out all trunk ports and say hey I'm Nugget World. Switch 2 and
00:22:23 - 3 since their domain name is blank and let's just jump
00:22:25 - over to switch 3 just to make sure,
00:22:31 - there it is, you can see right there the domain name is currently
00:22:34 - blank. Since it's blank it will adopt whatever domain name first
00:22:38 - comes to it. And it will become part of the Nugget World domain. Now
00:22:42 - once that happens,
00:22:44 - once it is a part of a VTP domain it will not change ever
00:22:48 - again unless you change it manually, like maybe you wanted
00:22:51 - to have switch 2 and 3 a part of a different VTP domain.
00:22:54 - Well, you could go in and manually change them, but that will not affect
00:22:57 - anybody else because they've already have a domain name assigned.
00:23:00 - CISCO set it up that way so you could pull a brand new switch
00:23:03 - of the box, you know, no configuration on it; plug it in; it's
00:23:07 - dynamic mode by default so it negotiates a trunk. Receives an update
00:23:11 - and automatically gets all the VLANs that are in your organization.
00:23:14 - Kinda handy if you like the dynamic way of things. So let's
00:23:19 - jump on to the switch number 1.
00:23:23 - The way that we set our VTP domain is to go into global config
00:23:27 - mode and type in VTP, and I'll do a question mark, domain
00:23:33 - and it says what is the name? Type in Nugget World. Now this
00:23:38 - name is absolutely case-sensitive. So if you use capitals or lower
00:23:42 - case on one switch, make sure you do it on all of them or else it won't
00:23:45 - replicate. So I type in Nugget World, it says I am changing
00:23:50 - the domain from Null to Nugget World. It's changed. So when I go back into
00:23:53 - a show VTP status,
00:23:57 - I can see that Nugget World has popped up here. Now I jump down
00:24:00 - to switch number 2 and 3, let's see if what I said happened.
00:24:04 - You can see right there they adopted Nugget World as their
00:24:08 - VTP domain. Let me just hop over to switch 3.
00:24:12 - Nugget World. Excellent. Now you can even see down below the last
00:24:17 - local updater, you know, who -- who was the last one to update this.
00:24:21 - As of right now, it just says the local updater id was this;
00:24:25 - 192.168.1.12 or this, which is
00:24:29 - 192.168.1.11. All that means is that it was itself;
00:24:33 - the configuration was last modified by itself in 1993.
00:24:37 - Obviously, I need to change the date to make that right. But
00:24:42 - that was the last modification that was made.
00:24:45 - So we've got VLANs -- or sorry the the trunks configured. We've got
00:24:49 - VTP configured. Oh, I said I was going to get this in
00:24:52 - half. I'm not gonna do that. I'm gonna jump down to step number three.
00:24:55 - Maybe I'll divide it after this because VTP without creating
00:24:58 - VLANs is kind of like, "Eh, that's not exciting," So what I want to do is
00:25:02 - I want to set up some VLANs and watch them replicate.
00:25:05 - Oh wait.
00:25:08 - I'm just jumping all over the place. We've got the name set up. We've
00:25:12 - got no password and let me show if we wanted to set up a password,
00:25:15 - how we do that.
00:25:21 - Type in VTP and you can see password is one our options. If we want
00:25:25 - do assign a password, we could. I'm gonna skip that step just because
00:25:28 - you just type in a password up here and then you have to go to switch
00:25:31 - 2 and 3 and type the same password. It's pretty self-explanatory.
00:25:34 - But what I do want to show you is changing the mode. When you
00:25:38 - type in VTP mode it gives you those three options that
00:25:41 - we talked about in the previous video; server, client and
00:25:45 - transparent. Now, remember everything is a server by default, so
00:25:50 - anybody can add or delete VLANs and they'll replicate to everybody
00:25:54 - else. You're supposed to only have one or two servers in the network
00:25:57 - and everything else will be clients, which means the client
00:26:00 - can not add or delete VLANs. It just accepts updates from
00:26:04 - from the other switches. VTP transparent mode is the Harley
00:26:07 - Davidson rebel switch that maintains its own list of VLANs and
00:26:11 - does not send them out nor does it accept updates from other
00:26:13 - switches. So switch 1, since that's our core, let's make that the server.
00:26:18 - Let's hop down to switch 2 and I'll type in VTP mode
00:26:22 - client -- do a show VTP status down here.
00:26:28 - And now you can see the operating mode is client. It's still on the
00:26:31 - Nugget World domain. Now ooh -- that's a good point. Notice
00:26:36 - right here it said the configuration last modified by, you
00:26:40 - know, 0, 0, 0, 0. Meaning nobody's last modified the
00:26:42 - configuration. Do you remember when we did this command before. It said
00:26:46 - local updater ID is this: that was -- that was on there before
00:26:50 - because it was in a server mode. And it said I can update myself.
00:26:53 - But as soon as I change it to a client mode, scroll back
00:26:56 - down, you can see local modifier ID is gone -- meaning, I can't
00:27:00 - locally modify the configuration anymore. And let me do switch 3
00:27:04 - and I'll prove that.
00:27:06 - I'm over on switch 3. I'll type in VTP mode client. Boom. It's
00:27:12 - now in client mode.
00:27:15 - And verified right -- there it is. Now let's hit this last piece, which
00:27:20 - is configuring the VLANs. In the next video, I'll assign
00:27:23 - the ports to the VLAN.
00:27:25 - To configure the VLANs, all you need to do -- it's a piece of cake --
00:27:29 - is go into global config mode,
00:27:32 - and type in VLAN and what VLAN number you would like to create.
00:27:36 - So I could say VLAN 10; enter. And that will create the
00:27:40 - VLAN. But I want you to catch this. I'm on a client right now, so when
00:27:44 - I hit enter it says, "Oh, sorry, VLAN configuration is not allowed
00:27:49 - when the device is in client mode." You can't do that from here is
00:27:52 - what it's trying to say. Now, this is where you as an administrator
00:27:56 - have to exercise self-control because this is, you know, this
00:27:59 - is the suggested design. We have clients everywhere in the
00:28:02 - network; one server, one or two server maybe as a backup and
00:28:06 - that's where you make all your changes from. So it's tempting
00:28:09 - when you telnet into the wrong switch and you type; oh just want
00:28:11 - to create this VLAN and it says oh, you're a client. All you have to do is type
00:28:15 - VTP mode server to switch it back and make that change. But
00:28:18 - that's not how it's supposed to work. So let's hop back up to switch
00:28:21 - number 1. I'm already in global config mode. So I'll type in
00:28:25 - VLAN 10; enter. Now it takes me into a VLAN creation
00:28:30 - mode or a VLAN config mode. VLAN 10 is actually created.
00:28:34 - If I go back and do a show VLAN,
00:28:37 - you can see that VLAN 10 has now appeared in my list.
00:28:42 - See that? And then if I want to I can go in and say, you know, go
00:28:47 - back under VLAN 10 creation mode and I want to say the name of that
00:28:50 - VLAN is sales; enter. A lot of people and most people
00:28:56 - will assign names to their VLAN because it's a lot more logical
00:28:59 - to see, oh, that's for sales people or the marketing people or
00:29:02 - the internet router or whatever the case may be. So that
00:29:05 - you can notate what that domain really is about. So I'll
00:29:10 - do a show VLAN again.
00:29:12 - I can see VLAN sales is now on the list. Let's do a show VTP
00:29:16 - status on our server. You can see the configuration
00:29:20 - revision has gone up to three.
00:29:23 - Huh? Let's jump down to switch number 2; show VTP status down
00:29:29 - here,
00:29:32 - and take a look at that. It's hopped up to three as well and notice
00:29:35 - what changed. It says the configuration was last modified by
00:29:39 - 192.168.1.10. So who is that? Let's hop back up to our
00:29:43 - diagram. That's switch number 1.10. So it sent an update that
00:29:48 - modified the configuration on switch number 2. Let's do a show VLAN
00:29:52 - here.
00:29:54 - Ahhh, the power of VTP in action. Let's go over to switch number 3.
00:30:02 - Show VTP status. I can see that the config was last modified
00:30:05 - by switch number 1 right there. Configuration rev, that
00:30:09 - should be the same on all of them because remember the revision
00:30:11 - numbers work, that's -- that's how it finds out that it has the latest copy of
00:30:14 - the database. We talked about that in the previous video. Show VLAN
00:30:17 - and oh, you have to make that noise -- sales. Sales is now shown
00:30:22 - up. So here's what I want to do.
00:30:24 - I want to create three VLANs. So let's head back up to switch
00:30:28 - number 1.
00:30:30 - I'll create VLAN 20, name -- marketing. VLAN 30, name-- Engineering.
00:30:42 - Show VLAN. There we are; we've got the three new VLANs that have
00:30:48 - come up there; nice little status message to make it all jumbled.
00:30:51 - But the three new VLANs are there. I'll do a show VTP stat.
00:30:55 - You can see our config rev has gone up to five reflecting the two new
00:30:59 - VLANs that we just added. It went from three, four, five. And now
00:31:02 - we can hop down to switch 2; show VLAN;
00:31:06 - uh-huh -- switch 3; show VLAN. Uh-huh or ohhh; so there they all
00:31:14 - are. THEY are all showing up because VTP is working correctly.
00:31:18 - Now keep in mind, this whole time we've been making all these
00:31:22 - changes -- configuring trunks, setting up VTP, configuring the
00:31:25 - VLANs, but nothing on our network has changed. Meaning, we're
00:31:30 - setting up VLANs; I'll just write them up here. VLANs
00:31:33 - 10, 20, and 30, but no ports are actually assigned to
00:31:37 - those VLANs yet. So if I'm looking at my computer, I'm -- I'm
00:31:40 - sitting right here on 192.168.1.50,
00:31:44 - bring up a nice little command prompt; that's my PC
00:31:46 - and I'll ping over to 192.168.1.20.
00:31:51 - I'm still able to ping there because these
00:31:54 - ports are still assigned to VLAN 1. If you look back at
00:31:57 - our config, you know, this shows the VLAN, this shows all the
00:32:00 - ports right there that are assigned to VLAN 1. Yes, we've created
00:32:04 - the VLAN but we're not actually doing anything with them yet.
00:32:07 - So that's what I plan on doing in the next video is assigning
00:32:10 - those ports to the VLAN and then testing the effects of that;
00:32:13 - showing what happens when we do that.
00:32:16 - Now before I do that, before I wrap this one up, I want to talk
00:32:19 - about fastethernet 0/1. Notice it's missing from
00:32:23 - the list. The reason why is because it is configured as a trunk.
00:32:28 - Now I want to show you a new command here.
00:32:31 - Well, first off I'll do a show run interface fastethernet 0/1 just
00:32:35 - to verify that is a trunk. I'm gonna type in show interface fastethernet
00:32:41 - 0/1 and we've seen the show interface command before
00:32:45 - but I want to add another command, which is switch port. Remember
00:32:49 - the commands we used to change the mode from trunk to access
00:32:52 - and all that? It was switch port mode. So this shows the switch
00:32:55 - port mode characteristics and I can see that the switch port
00:32:58 - is enabled. It is administratively set to a trunk. It is operationally
00:33:04 - at a trunk. The administrative encapsulation is that.1Q.
00:33:08 - The actual operational trunk encapsulation is.1Q. Now first off
00:33:12 - let me just explain. What's the difference between administrative
00:33:15 - and operational? You remember when we first got on the switch,
00:33:18 - it said switch port mode dynamic? That was the administrative mode.
00:33:22 - It was dynamic initially, but we changed it. So if it was dynamic
00:33:26 - and it negotiated a trunk, we would see administrative dynamic operational
00:33:31 - trunk. Or we might say administrative dynamic operational access
00:33:35 - that kind of thing. But if you look down this list you can see
00:33:38 - the native mode VLAN, we talked about that in the previous
00:33:41 - video. Administrative -- a lot more information on here on trunking
00:33:45 - VLANs enabled; that's what VLANs it's sending across there. Pruning
00:33:49 - VLANs enabled; if pruning is turned on. And by the
00:33:52 - way, VTP
00:33:56 - pruning; that's how you turn on the pruning aspect. I
00:33:59 - talked about that in the previous video. You just type it in and hit enter.
00:34:02 - So those -- those are all verified by using the show
00:34:07 - interface -- what one you want to look at and switch port to
00:34:11 - see the trunking status. You can also type in show trunk. No we
00:34:17 - can't. Show -- hmm?
00:34:24 - There is a command show interface trunk? Ahh, there
00:34:30 - it is.
00:34:32 - Show interface trunk will show us that we've got fastethernet
00:34:35 - 0/1; mode is on; encapsulation. Status is trunking, native
00:34:39 - VLAN is 1. So you're able to see which
00:34:43 - interfaces are set to trunking by either typing in show interface
00:34:47 - switch port, where you can see them all or you can do just show
00:34:50 - interface trunk for a lot more concise
00:34:53 - view. That's where I want to draw the line for this video. I know
00:34:56 - there's only one more step, which is assigning the switch ports to the VLANs
00:34:58 - but there's a lot of testing I want to show you
00:35:01 - and show you the effects of what happens when we do that. So that
00:35:05 - you can have a full scope of what's going on. We'll -- we'll continue
00:35:07 - that. I'll make a part two to this video. So we walk through
00:35:11 - this and saw the network diagram enhancements. We added three
00:35:14 - switches to our network or two additional switches and
00:35:18 - we assigned IP addresses, too. We then configured VTP and
00:35:23 - in order to do that we had this set the trunk ports between
00:35:26 - the switches; turn on the VTP domain name and -- and set all the
00:35:29 - parameters with VTP. Then we added three VLANs: VLANs 10,
00:35:34 - 20 and 30 and watched them replicate between them. In
00:35:37 - the next video, I know, which is one step, I'm going to show you a
00:35:41 - assigning the switch ports to the VLANs and then the effects of what
00:35:44 - happens when we do that. Also, we'll look at a lot of the administrative
00:35:48 - considerations of when you do create multiple VLANs, how
00:35:52 - you should handle your IP addressing. So I hope this has been
00:35:55 - informative for you and I'd like to thank you for viewing.

Switch VLANs: Configuring VLANs and VTP, Part 2

Switch STP: Understanding the Spanning-Tree Protocol

Switch STP: Configuring Basic STP

Switch STP: Enhancements to STP

General Switching: Troubleshooting and Security Best Practices

Subnetting: Understanding VLSM

Routing Protocols: Distance Vector vs. Link State

Routing Protocols: OSPF Concepts

Routing Protocols: OSPF Configuration and Troubleshooting

Routing Protocols: EIGRP Concepts and Configuration

Access-Lists: The Rules of the ACL

Access-Lists: Configuring ACLs

Access-Lists: Configuring ACLs, Part 2

NAT: Understanding the Three Styles of NAT

NAT: Command-line NAT Configuration

WAN Connections: Concepts of VPN Technology

WAN Connections: Implementing PPP Authentication

WAN Connections: Understanding Frame Relay

WAN Connections: Configuring Frame Relay

IPv6: Understanding Basic Concepts and Addressing

IPv6: Configuring, Routing, and Interoperating

Certification: Some Last Words for Test Takers

Advanced TCP/IP: Working with Binary

Advanced TCP/IP: IP Subnetting, Part 1

Advanced TCP/IP: IP Subnetting, Part 2

Advanced TCP/IP: IP Subnetting, Part 3

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus

Course Features

Speed Control

Play videos at a faster or slower pace.

Bookmarks

Pick up where you left off watching a video.

Notes

Jot down information to refer back to at a later time.

Closed Captions

Follow what the trainers are saying with ease.
Jeremy Cioara

Jeremy Cioara

CBT Nuggets Trainer

Certifications:
Cisco CCNA, CCDA, CCNA Security, CCNA Voice, CCNP, CCSP, CCVP, CCDP, CCIE R&S; Amazon Web Services CSA; Microsoft MCP, MCSE, Novell CNA, CNE; CompTIA A+, Network+, iNet+

Area Of Expertise:
Cisco network administration and development. Author or coauthor of numerous books, including: CCNA Voice 640-461 Official Cert Guide; CCNA Voice Official Exam Certification Guide (640-460 IIUC); CCENT Exam Prep (Exam 640-822); CCNA Exam Cram (Exam 640-802) 3rd Edition; and CCNA Voice 640-461 Official Cert Guide.


Stay Connected

Get the latest updates on the subjects you choose.


  © 2014 CBT Nuggets. All rights reserved. Licensing Agreement | Billing Agreement | Privacy Policy | RSS