Try our training for free.

Gain instant access to our entire IT training library for 1 week. Train anytime on your desktop, tablet, or mobile devices.

Cisco CCNA certification proves your professional worth. It tells prospective employers that you can handle the day-to-day work of running a mid- to large-sized Cisco network....
Cisco CCNA certification proves your professional worth. It tells prospective employers that you can handle the day-to-day work of running a mid- to large-sized Cisco network.

The two-exam CCNA process covers lots of innovative features, which better reflect the skills and knowledge you'll need on the job. Passing both exams is your first step towards higher-level Cisco certification, and trainer Jeremy Cioara has mapped these CCNA training videos to the 640-816 test. This CCNA training is not to be missed.

Here's how one user described Jeremy's training: "By the way, Jeremy Cioara has to be by far one of the BEST Cisco trainers I have ever had the privilege to learn from overall. He not only keeps your attention but his energy is contagious and he provides the information at a level where you grasp it rather easily."

The last day to take the 640-816 exam is Sept. 30, 2013. After that date, the only ICND2 exam available will be 200-101. CBT Nuggets has a training course for the 200-101 exam here.

All trademarks and copyrights are the property of their respective holders.
1. Review: Rebuilding the Small Office Network, Part 1 (33 min)
2. Review: Rebuilding the Small Office Network, Part 2 (28 min)
3. Review: Rebuilding the Small Office Network, Part 3 (23 min)
4. Switch VLANs: Understanding VLANs (16 min)
5. Switch VLANs: Understanding Trunks and VTP (39 min)
6. Switch VLANs: Configuring VLANs and VTP, Part 1 (35 min)
7. Switch VLANs: Configuring VLANs and VTP, Part 2 (39 min)
8. Switch STP: Understanding the Spanning-Tree Protocol (28 min)
9. Switch STP: Configuring Basic STP (21 min)
10. Switch STP: Enhancements to STP (29 min)
11. General Switching: Troubleshooting and Security Best Practices (29 min)
12. Subnetting: Understanding VLSM (18 min)
13. Routing Protocols: Distance Vector vs. Link State (26 min)
14. Routing Protocols: OSPF Concepts (30 min)
15. Routing Protocols: OSPF Configuration and Troubleshooting (39 min)
16. Routing Protocols: EIGRP Concepts and Configuration (32 min)
17. Access-Lists: The Rules of the ACL (27 min)
18. Access-Lists: Configuring ACLs (34 min)
19. Access-Lists: Configuring ACLs, Part 2 (48 min)
20. NAT: Understanding the Three Styles of NAT (20 min)
21. NAT: Command-line NAT Configuration (35 min)
22. WAN Connections: Concepts of VPN Technology (33 min)
23. WAN Connections: Implementing PPP Authentication (34 min)
24. WAN Connections: Understanding Frame Relay (28 min)
25. WAN Connections: Configuring Frame Relay (30 min)
26. IPv6: Understanding Basic Concepts and Addressing (34 min)
27. IPv6: Configuring, Routing, and Interoperating (23 min)
28. Certification: Some Last Words for Test Takers (13 min)
29. Advanced TCP/IP: Working with Binary (25 min)
30. Advanced TCP/IP: IP Subnetting, Part 1 (55 min)
31. Advanced TCP/IP: IP Subnetting, Part 2 (22 min)
32. Advanced TCP/IP: IP Subnetting, Part 3 (19 min)

Review: Rebuilding the Small Office Network, Part 1

Review: Rebuilding the Small Office Network, Part 2

Review: Rebuilding the Small Office Network, Part 3

Switch VLANs: Understanding VLANs

Switch VLANs: Understanding Trunks and VTP

00:00:00

We're going deeper. In the last video, we talked about VLANS and it's kind of a like looking at shiny car and going, "Wow that's very glossy, I like it." But what we're going to do now is open up the hood of the car and take a look at what actually runs it and some of the technical details behind it. We're going

00:00:19

to look at how trunks really work. We talked about them in the previous video as something that allows VLANS to move between switches but we're going to see how it happens, the technical details behind it and a lot of that focuses around the 802.1 Q protocol. It's known as the tagging protocol. The last one

00:00:38

will be a fun one. I like this concept. How VTP can help; it's great help, or completely annihilate your network all at one time. So that is the fun conversation because VTP is something that is CISCO proprietary. Only CISCO switches support it. It can be a great assistance but it can also be very devastating.

00:00:58

Let's get going. As we discussed in the previous video, trunking allows the switches to pass multi VLAN information between each other. So for example you see the picture right here, we've got three VLANS; the red, purple and green VLAN or officially called VLAN two, three and four down below. Now when this green computer, the green VLANs

00:01:19

sends a broadcast, it comes up to the switch. Switch it looks like say this, Oh, well I don't have any other ports that are a member of that green VLAN so I'll just send that across the trunk." Reach over-reaches switch P over here, this is the trunk. And switch B senses out all the port that belong to the V-green VLAN. Same thing happens if somebody in the purple VLAN sends

00:01:38

a broadcast, it crosses the trunks because the trunks sends all VLANs traffic and comes out the other side. Now you see my first note that I have here, that says trunking also known as tagging passes multi VLAN information between switches. First thing I

00:01:55

want to mention on that is that trunking is a CISCO term. CISCO came up with that term to describe ports that pass all VLAN information. Other vendors like HP, like 3Com, like every other vendor in the world except CISCO calls trunklings, tag links. Now why do

00:02:14

they do that? Well it's because how the trunk really functions. When you send a packet, say this VLAN 4 sends a broadcast to the green VLAN, it crosses at trunk. The switch has to have some way of telling the other switch what VLAN that it belongs to. So if we were to zoom on that packet, you would see that before the switch actually passes it to the other side, it grabs its little marker and says, "Shoooom, you are now green, you are a green VLAN packet." So when this

00:02:46

switch in the other side receives, it goes "Oh green packet, great!" So it strips that color off, because the computer don't actually know what VLAN there in. They-if they got a colored packet, they dropped it because they think there's something is wrong with it. So this is just the language that happens between

00:03:02

the switches. A tagging language so the switches know what VLAN things belong to. The red computer sends a broadcast that will cross that trunk, and as it goes across the trunk link, the switch will color it and say, "You are now-darn it! I thought it was fast enough to switch colors-- "you are now a part of the red VLAN". So in this switch over here receives

00:03:24

it, the switch will be able to say, "Oh you're going to go out all the red ports", so it de-colors the packet or de-tags it, sends it out all the red ports to the red pc's or VLAN2. So that puts the VLAN information into each frame. This is a layer two feature. Meaning that tag that colors the packet is put inside

00:03:46

of the layer 2 header. Now let's get into the technical detail I promised you on how that happens. The trunking language of love is called 802.1 Q. This is actually the trunking protocol. Lot of people call it the "trunking protocol" that allows your switches to communicate.

00:04:08

Just like we have protocols like TCPIP and so on, the switches pass information between each other using the official language of 802.1 Q. Now, the good news is that that protocol is industry standard. So this could be a CISCO switch over here and this could be a 3Com switch over here and that's no worries at all. They both understand that tagging language that they're using. Now

00:04:31

let's say I kind of shrunk our diagram here, we have the red and blue VLANs. Let's say the red VLANs sends a broadcast, the broadcast will come into the switch, the switch inspects itself and says, "Do I have any other red ports?" Nope let me go ahead and send it across my trunk. But before it actually sends that

00:04:49

packet across the trunk, this is a zoom in view of it, we have the official frame right here, here's its destination Mac address, the source Mac address and since it's a broadcast, the destination Mac address will be all Fs, you know that's a broadcast. The

00:05:03

source Mac address will be whatever Mac address this PC has right here. Now before it sends it across that trunk link, the switch sticks a little tag inside of that. Actually whenever I see that, I always think of this as like a shim. Have you ever been to

00:05:21

the hardware store? And they sell those packs of shims. They're like a how do I describe them? They're like a piece of wood that looks like this. They're just called a shim and you can stick it like if your refrigerator right here, you've got your refrigerator and it kind of rocks because one side not, you know, taller than the other or you know uneven surface, you can just shove that shim under the fridge and it stops rocking. I have shims under

00:05:48

everything in my house, my couches, my refrigerator; my house is like the most uneven house in the world. I kind of slide shims under everything. So the shims kind of just squeeze in there and that's kind of what I think of. Think of this is like your little shim that you stick inside of that header before it goes across the trunk and then inside of that shim is two pieces.

00:06:08

One is a priority field. You actually talk about that if you ever get in to the world of voice over IP and quality of service, we're not going to talk about that here. The other piece, the one that we're concern with is the VLAN numbers. Now I've been using colors all along that represent the VLAN but I've also eluded the fact but VLANs are actually known as numbers, so the red VLAN might VLAN10 and the blue VLAN might VLAN20, so 10 and 20 over here. This tag will tell what VLAN number that belongs to. So since

00:06:44

the red computer sent it, it will have the number 10 in that VLAN field. Shoos! It flies across the other side. The other switch receives it and when it receives that packet, it's going to look at it and look at the shim and go, "Oh, you belong to VLAN10." Immediately, as soon as it recognizes that, it strips that shim out. It takes the tag off because computers don't like

00:07:06

tags. They'll drop the packets if it has done there and sends out to all the red VLANs with just the destination and source Mac address. The computers or the PCs never know that they actually belong to a VLAN. VLANs are a switching technology. Now let's talk about one more advance trunking concept and that is the idea of the native VLAN. The native VLAN is designed for

00:07:34

packets that are received on the trunk that are not tagged. Let me explain what that means. When you have switches that are connected together, let me just draw a couple right here, typically, everything that sent across that trunk will be considered tagged.

00:07:48

Meaning it will be colored just like what I've been talking about all along. But what if you have this kind of environment down here, where we have a switch over here and this is a hub; that's my little icon for a hub, in the middle of them and a switch over on the other side and you want to establish the trunk between them. Now, I know that's not that common of a topology that you

00:08:11

would have a hub sitting in between two switches but back when trunking was created it was little more common because hubs were out there and sometimes you might have long cable distances as spanning to switches which were very expensive at that time. So you would have a hub sitting in between with the couple devices attached. Well, the concept of a native VLAN comes in when these

00:08:31

devices right here want to communicate with the rest of the network. A native VLAN will take their traffic that comes in un-tagged. Meaning it's not colored in someway by one of the switches and places them on the VLAN. Whatever VLAN you decide to assign as

00:08:49

the native VLAN will be the native VLAN for that network. So for example, we have VLAN 15 people and VLAN 1 people over here, that when somebody in VLAN 1 send a broadcast, it goes out all the VLAN 1 ports on the switch. Should it cross the trunk and tag, reaches over here and goes out all of the VLAN 1 ports on that switch. Now, I just send it out to that VLAN 15 ports, I meant, this port, I'm telling you, the VLAN 1 port. Same thing happens with VLAN 15. So if these PCs send a broadcast or some kind of communication, it will be received by the switch right here and that this you know, well, what VLAN are these people on. I mean I see a trunk link as right here so what VLAN do I

00:09:32

put them on. That will be the native VLAN. Maybe you make the native VLAN 15. So they are part of this VLAN appearing. When they send a broadcast, these two hosts get it as well and VLAN 1 is left isolated. So, that's what the native VLAN is. Now, because this is not that common of a network diagram nowadays, you'll, most of time, see problems with something called a native VLAN mismatch. Now, I'm getting into some of the troubleshooting

00:10:01

topics that I actually have planned for later on the series but this is such a common problem. Let me tell you about it. It happens when you mis-configure one of the sides of the trunk let me just clear off all my notes right there. It normally would be when

00:10:19

you have two switches directly connected together like this with the trunk and you configure a native VLAN of say 10 over here and you leave it at the default of 1 over here. What you'll get is that all of this messages flooding your switch, "Native VLAN mismatch". Whew I just threw my pen. "Native VLAN mismatch, Native

00:10:35

VLAN mismatch", you know, the computers will or the switches will constantly notify you of that. Now, when that happens, the reason that it is flagging you so much is you've actually bridge VLAN 1 and VLAN 10 together. Meaning the broadcast in VLAN 10 will actually end up coming out VLAN 1 because if you've, kind of, if you were look it logically, connected to port in VLAN 10 to a port in VLAN 1 and now those two are combined into one big VLAN. They actually called that VLAN seepage or VLAN leaking.

00:11:07

It's some of the terms that you'll hear and thrown around with that. So the goal is to always make sure you native VLANs match. Most of people, I'll tell you this, just leave them at one all the time. That's the default and most of-mostly don't even know

00:11:22

what the native VLAN is. So what do they say well let just keep it the default which is one which is great. It doesn't cause any problems at all. So in one side gets changed that end up in a mismatch. And you noticed down here, I have a second network diagram because I want to show you how the native VLAN is being used in modern times. We have these new devices that are coming

00:11:43

out in our networks called IP phones. It's where people are combining the voice network meaning the phone system with the data system all on one network, all in one system, and all in one management authority. You get some really cool features on these phones

00:11:59

like they have, you know, full internet access if you want them to, you can-there's a lot you can do on this phone. And I don't wan to get fully into it- ah -- on the capabilities of those but one of the security ramification of running your voice network along with the data devices is the computers can actually begin hacking the IP phones. Wow,

00:12:26

I know that sounds kind of weird. But you can actually set it up. There are programs out there, one of them that's becomes well known, it's actually Vomit, V-O-M-I-T, that's the name of the program. I think it stands for Voice Over Mis-configured IP Telephony or something of that affect, that's what it stands for. What it does is it actually taps the phone and can record

00:12:48

phone calls from the phone and convert them into wave files. Yaiks! Now, if this person is good enough, they cannot only tap their phone but they could tap other people's phones in the networks. Double yaiks, because that's a huge security violation, so one of the things that we need to do is actually separate the phones from the PCs. Now CISCO has a fantastic feature that these phones

00:13:16

actually have switch ports on the back so you can daisy chain the computer from the phone itself. But if that's possible, how on earth do you put them on different VLANs. I mean, because if you look at this picture right here, every port is assigned to a VLAN. Now here's the concept and I don't mean to blow your

00:13:34

mind too early because I know we just finished talking about trunks and I'm about to dump something really heavy on you here. What you can do in the voice over IP world is set this up as a trunk port or a type of trunk port to where the switch actually trunks to this phone because the CISCO IP phone that you have sitting right here can tag its packets. Let me say it again,

00:13:59

the CISCO IP phone can tag its packets meaning I can-the phone itself can put little colors on these packets that it sends that says it's a part of VLAN 50. So, I'm talking on the phone. I lift up the handset. I've got to the ex-mayor and say, "Hey Bob!

00:14:14

You know I'm going to down in the office today, things are going great". Behind the scenes; I actually picked up a phone to do that. Behind the scenes the phone is taking the words that are coming out of my mouth, converting them into packets and putting a little tag on them that says this is apart of VLAN 50. That's received by the switch and since this is a trunk port, the switch goes "Great! VLAN 50 that's fantastic. I'll assign it to that VLAN". Now, computers have no idea what VLANs are. They don't

00:14:42

have a capability of tagging the wrong packets. It's-that's a switch function. It's not a computer function. So these are sending untagged. I'll just put unT right there. Just like this were. When they were connected up here to the trunk, they were sending things that are untagged and we would assign that this port just like we did up here, to a native VLAN. So maybe we wanted this

00:15:08

computer to be on VLAN, oh I don't know, 10. I could set the native VLAN on that port to be 10 so any untagged packets that travel through that phone, the phone doesn't tag them and travel into the switch, will end up on VLAN 10. Now I-the big picture of this is I can set up the security parameters on the switch to say VLAN 50 is completely isolated from VLAN 10. Nothing is allowed to cross so if somebody opens this utility and starts trying to sniff conversation, they will be blocked from doing that because it's isolated even though they're plugged in to the same switch port. That's a powerful

00:15:48

concept and it's a big concept, very deep concept this early on. But that's one of the things that you are able to accomplish with the native VLAN. That's the big idea about trunking. So we've talked about what trunks are. We've talked about the protocol

00:16:03

of trunking. 802.1 Q. And we talked about the native VLAN and how that combines with trunking. Now, let's move on to the next major concept here which is the worst possible acronym ever, ever. It stands for the VLAN Trunking Protocol or VTP. Now, if you remember, think back about 10 minutes, I talked about the VLANs trunking protocol which was the language of love between switches, what was it? 802.1 Q. That is the only VLAN trunking protocol that is out there and that is used. Now,

00:16:42

I will, you know, add a side note to that. CISCO had a proprietary one called ISL or inter switch link but that was discontinued. It's not used anymore. It was just something that was created to meet the need many years ago and that it is no longer used because you could only use it on CISCO switches. So there's only

00:17:01

one VLAN trunking protocol and that's 802.1 Q. So, what's the concept here? What's the VTP? Well VTP should've been called in my opinion, VRP, the VLAN Replication Protocol, because here's what it does. When you are in a large organization, VLANs starts to multiply and so as your switches. I mean more people get hired and another switches added.

00:17:29

You have you know, you have hundred of switches sometimes in large organization and anytime you want to add a VLAN, it becomes painful because let's say you know, let's say right now we've got you know, VLAN 10 and 20 and I want to add 30 to the list so I can add some people to a new VLAN. Well, I would have to

00:17:47

telnet them in to each one of these switches here and add a VLAN one by one. Say add VLAN 30, add VLAN30, add VLAN, you know on every single switch. In an enterprise organization of hundreds of switches, that can be a huge task. So here's what VTP does. VTP says, "Let me replicate the VLANs for you". So

00:18:09

I can go to one switch in my network and say "I would like say VLAN 10." VTP does the rest. It sends out a message out to its trunklings and says, "Hey, I've got an update, we've added VLAN 10. VLAN 10, VLAN10". And it shows up in all the other switches in your organization even though you only added it to one switch. Now

00:18:30

inaudible 18:19 still have to go and assign the ports that you want to that VLAN. It doesn't do that for because it doesn't know which ports are going to be in that VLAN. But at least you don't have to create the VLAN on every single one of those hundred switches in your organization. So that's what VTP does. The VLAN

00:18:48

Trunking Protocol is not a trunking protocol at all. It just works over trunklings to replicate VLANs. Now, you noticed that I have the double edge sword. Why am I saying that? Well that is because VTP as you might remember from my intro slide can either save and help your network or annihilate it all with one slight mistake. Here's the idea of how VTP works. When I add

00:19:17

a VLAN in my organization, it has a very simple way of keeping track of who has the latest list of what VLAN are out there. So let's say I add VLAN 10. I type in VLAN 10 is created. VTP has a little database counter in the background says, "Okay we just moved from revision 0 of our database to revision 1" "ting!" Revision 1. It sends out a message, "Hey I got revision 1". Switch is like that, we've got-I've got 0. Let me upgrade. So it takes revision 1 database and replaces it's own and replicate the down town, "I'm revision 1" it goes, "Oh great!, you know, I'm 0 and I'm1" and everybody changes over. Poof! You know and that you know takes me a little longer to explain, that all happens in probably in less than a second so I think "Oh that was easy.

00:19:59

That was fun. Let me add in VLAN 20. VLAN 20, rep 2 tink!, rep 2 tink! rep 2 tink!". And everybody gets VLAN 20. It's just that very simple revision of it. And the reason that it's been official is that means I can go to any VTP switch I want in my organization.

00:20:16

And say, "Well I add in VLAN 30. VLAN 30 tink! rep 3 tink rep 3 tink! rep 3. I loose it as I go. So you know VLAN 30, you know, passes up this way and now everybody got VLAN 10, 20 and 30 in all of their databases. Very simple system for keeping track who has the latest database. Now

00:20:39

here's the problem, you're going to watch the series and you are going to think, "Oh this is great, this is fantastic!" And you're going to go in eBay and by some lot of equipment because you know I highly recommend if you're studying for the CCNA, just to build a small little home lab, I'll talk more about that later on but it's very beneficial and you're in eBay and you're looking at the switches and you see the switch and it says, you know, "CISCO 2900 excel, buy it now price for $20." You know, "$20! That's a great deal." And you click on it and you know the well first we're all good eBayers here right so you would email the seller and say you know, "$20! It's seems like a very low price! What's the deal?" And the seller would reply, "Oh well, you know the-I just you know surplus from this company that went out of business, I've got many of this switches" you know their lost your gain, you know, all about marketing stuffs they're trying to --.

00:21:33

So they say $20 and you'll go, "Great $20" "Buy it now!" You use the pay pal. You buy the switch, you know, two weeks later it's the best day, you get the box in the mail. And you opened it up. And you looked at it like, "Oh!" It's a switch you know and you plugged it in and it works and you're like "I didn't get ripped off. This is great". And you looked at it and you

00:21:53

find out it's got an existing config on it. I'm telling you when you get into CISCO that is like the dream days. I love when I buy stuff out of eBay and it has old company configurations on it because when I do that, when I get their old configuration I kind of-I do a password recovery which is really easy. I'll

00:22:12

show you how to do that later too. Break into the device and I can actually see how their network was set up. I love looking at configurations because I can see what people are thinking. I'm like, "Oh that's a good idea". You know, way to go. I kind of save their config as model configs that I can use later on.

00:22:28

So my point is you've got the switch and it's great. So you're using it in your home network, you know using it in the lab environment. Trying stuff how creating VLANSs, doing VLANs and then, then you think, "Ah I got to go to work." But then the thought hits

00:22:41

you. You think, "I don't really do all that much work anyway. I mean, come on, do any of this really". You know, I could be studying from my CCNA at the office." So you bring the switch in your cubicle and you know, during the slow times of day, when not much is going on, you're just practicing creating stuff and I'm telling you the bugle bites you! You'll be sitting there and that all of a sudden the thought will hit you like, "Ha! I've been creating this lab environments for a long time but I bet, I bet what I could do is I could make this thing real.

00:23:17

Meaning I could, you know, in my cubicle wall, you know, I've got this little wall jack right here. I could run across cable from that to my switch and plug in a couple of laptops computer something like that and actually I have a real switch VLAN network world." You know of course we use our cross over cable to make

00:23:36

that happen; a little concept review there. And we could have this live working environment and I'm telling you. This sound crazy but it happens more than you may know. And you build this little mini network in your cubicle and then you connect that cross over cable. All of a sudden, Bob from a couple of cubicles

00:23:56

down kind of pokes his head out, he say, "Hey! Hey Jim! Can you get on the internet?" You know, It's kind of funny that the first every notice is going down. It's not the accounting server. It's not the inventory log or anything. It's the internet you know.

00:24:10

If you're going to blow up something in the company, just make sure you don't blow up internet access. But anyway Jim pops up; he's like, "Yeah! No, I can't get on to the internet and I can't even check my email." And you know you kind of going, "Ha! Haha"

00:24:21

Unplugged the crossover cable you know. Shove that little switch in your network. Here's what happens, you brought that switch that home that had the companies old configuration on it that could've been we'll say VTP rev 1302. And when you plug that into the network with a cross over cable, this line in your cubicle wall goes to the ceiling and backed up and eventually connects to some switch somewhere else which if they've left the switching ports by default, will negotiate a trunk port with your switch and this will say "Hey! I'm VTP rev 1302. And this will say, "What? I'm three." You know, three! "It-you're

00:25:07

away ahead of me. Give me your database." Now here's how VTP works and this is why it's double edge sword. If or when a high revision database comes about, it's not like it just combine the existing VLANs that are there with the new database, what it will do is completely flush that whole database and all the VLANS that existed and replace it with whatever VLANs you have on your switch. So maybe you know, on your switch you were using

00:25:35

one, two and three. Now, by the way, there are 0-4096 total VLAN numbers. So there's quite a few numbers that you could choose for your VLAN. But you know, it flushes it and everybody goes to one, two and three, all the switches now have VLANs one, two and three. Now, here's the major problem.

00:25:56

All of the ports in your network, in your whole organization are assigned to what VLANs? 10, 20 and 30 right?, 10,20 and 30 just disappeared. They just vanished into thin air. And when a port is assigned to a VLAN that it doesn't exist, the port just kind of goes, "Ha?" You know. "I'm lost. Help me!

00:26:18

Where am I? I don't know". It can't even communicate with things that are right next to it. The port essentially goes inactive. As a matter of fact, if you look at the switch physically, on the switch, all of the ports will turn yellow. The light above them will turn from green to yellow. And you'll like, "Ah I'm

00:26:35

lost" Because I've lost my VLAN and I can't get there so the whole entire network goes down. It's flushed on that point. Now you know administration panicked, you know this network administrator begins sweating bullets you know, the hair is flying out, molecules everywhere, you know, just because the whole networks down and everybody's like, "What's going on?" Any you know, you don't even think to start looking at the VLAN database. He goes in

00:27:04

there and sees all the switches are orange and goes, "What's going on?" you know, he thinks of worm of virus you know, something is taking out the network. What happening? You know by timely figures it out and figure out that the you know that VLANs are gone, there could be 30, 20 minutes of complete network out that goes by. Now 20, 30 minutes to you and me, you know that's a sitcom show, but 20 and 30 minutes to a production network, that's an eternity, so what he do. He pulls, he goes, and "Oh VLANs

00:27:32

are gone". So he pulls one of these switches of and restores the configuration from back up right. And paste everything back in there. Well as soon as it plugs that back into the network, what happens? Boosh! Toast! You know, because these are all 1306, 1306, this one was resort from back up, it's on three, you know this replicates down and wham! It wipes out all VLAN database again. The only way to fix this is to manually recreate the VLAN

00:28:00

database meaning he has to manually add in, you know VLAN 10 and then it will increment up to red number to 1307 and replicate every of it, you know all of VLANs 10s come back on. He manually adds back in VLAN 20, VLAN 30, manually adds those in and as he add those back in, you'll see the port on at the front of the switch, all are turning green because their VLANS are back and every body is happy again. But by time they figure that out

00:28:24

and three VLANs is a very small network, you usually have many VLANs and recreate all the VLANs and where they should go and you're looking at the network outage, hours if not, you know one of those okay company closed down for the day, you know that, that kind of crisis. There are people,

00:28:42

you will talk to people that have been burn by this before, this VTP system. And they will swear to you that they will never ever use VTP again. If you haven't been burnt by this before, then you'll say, "Ah VTP is the greatest things, it's sliced bread, it does what we needed to do." Now I will mention you know, I

00:29:03

know some of you are thinking "Come on! This is pathetic isn't there a more security than this?" There is, meaning that there's this VTP domain name that has to be the same in order for these replications to happen. For example if I worked for Intel, I might name, my VTP domain Intel and all the switches have to provide that name in order to replicate. Well if somebody brought

00:29:25

one in from home then chances are, they're not going to be using the same VTP name of Intel when they bring them in the company. Where this is normally happens because it did does happen quite frequently. It's in corporate lab environments. The goal of a

00:29:41

corporate lab is to simulate the live environment, to simulate you know, what going on to real network. So a lot of times they'll use the same VTP names and you can assign the password to the VTP update and so on. So they'll use the same password and all

00:29:55

that and they'll have all these lab switches over here; which is lab that is not connected the corporate network, they're doing all their stuff on and you know it's a lab environment. They're trying all kind of crazy stuff in there. Well what-the way that

00:30:07

usually happens is when that you know you run out of switch ports in the corporate network and if there's no spare switch on hand and somebody goes, "Ah we need another switch but another new one will take week to get here. We need it now." And someone is like, "Oh yeah! We got the lab switch." You know and someone

00:30:22

runs in the lab, the happy person runs in the lab grabs the switch and then comes and plugs in into the network and wham! Same kind of system. The whole network goes down. So I will tell you, in my personal experience, if you are careful with VTP, if you set up the network in a right way, VTP is great because I'm going to show you, in the upcoming videos the way to properly set up VTP. If you leave things at default,

00:30:52

meaning you just used VTP as it is out of the box and you don't change them in your switch ports. That is where these nightmares can really begin. Let me hit this last few concepts and then we'll wrap up. VTP modes. There are three modes that you can configure a switch

00:31:07

for when you're getting it ready for VTP. By default, when you pull the switch out of the box and don't change anything, every switch is a server. And what that means is it relates to VTP that switch can create VLANs and delete VLANs and modify VLANs and do whatever you want to the VLAN database of the corporate network and replicate those changes to everybody else just like I showed you in the previous file where it says, "Hey I've got a red VTP number here. Let me give that to you." And we'll also

00:31:37

receive new VTP rev and say, "Oh let me apply that to myself." So every switch by default is a server. Now security wise that can be a little dangerous because that means anyone who has access to a switch can change your VLAN database. So the second mode

00:31:53

that you see there is VTP clients. VTP clients do not have the authority to change the database. You can't add VLANs. You cannot add VLANs. You cannot delete VLANs or change them. You just receive updates from the servers and apply those updates to your configuration. So here's the idea

00:32:13

of how you're suppose to set this up is you're suppose to have one switch that is the server and all the other switches maybe connected to that one and maybe you've got a couple of daisy chain like that and you make all your changes from that server switch and it replicates out to all of these clients which is everywhere. You are not able to add VLANs or delete VLANs from

00:32:33

any one of those client switches. Now, the problem with that theory is just that. It's a theory. It's how you're supposed to set it up to where all of your changes are centralized. Now some people do and I applaud them, that's awesome, but unfortunately, my self included, many IT people are just lazy. Meaning you get

00:32:55

to a point-here's the idea, you telnet to a switch, right? You need to add a VLAN real quick. You're like, "Ah I just seen that VLAN 50." So you telnet into this switch because you forget who the server in your network is. You get in there and say okay,

00:33:08

add VLAN50, enter and a message comes up and says, "Oops Sorry, you can't add a VLAN, you're on a VTP client." And you go, "Oh! Oh yeah!" Okay stop right there. The good idea administrator looks at his documentations and goes, "Let me telnet into the VTP server and make my changes where I'm supposed to." Me, the

00:33:30

lazy IT administrator or, you know, you'll just short on time, it happens to us all. You've got to make a quick change does what? Well you just change that guy over to a server because we have privilege mode access to do it. It's just one command and make our change there and slowly but surely all of our clients come back to server mode because we never quite remember where the servers in our network are. So we have this random spattering

00:33:54

of clients and servers. The third mode of VTP is known as Transparent Mode. Transparent mode is for those people that say I never ever want to use VTP again in my life. What Transparent mode does is essentially turn a switch into a kind of a Harley Davidson switch.

00:34:17

Meaning it can add VLANs, delete VLANs, modify VLANs but it's a rebel. It's a Harley Davidson switch. It's a rebel. It doers not listen to anybody else. Meaning if this switch says, "Hey! Add VLAN 10." The transparent mode switch say, "No way, I've got my own VLAN database, I'm not going to tell you about it because they don't send VTP updates and I'm not going to listen to your updates either because I am my own switch. By changing

00:34:44

all the switches in your network over to a transparent mode, you effectively disabled VTP. Now, one note is that transparent mode switches maybe the Harley Davidson, they maybe rebels but they will pass through VTP updates. What that means is that-you know let me-oh know what have I done-I have-I have hearing things in my ear. Hang on let me, let me

00:35:12

pause our recording. Things are going dark quickly. There we go. Someone must have unleashed VTP update on my network. I don't know what that was. So, here's the idea, if we've got the server sitting in the middle and maybe we plug that into a transparent mode switch which is attached to a client switch.

00:35:31

When it sends out a VTP updates saying, "Hey! Update your database." The Harley Davidson Transparent mode switch will listen to it but it will pass it on to the client does still receive its update. So a transparent mode switch thankfully will not break the chain.

00:35:44

We still want to use VTP through those switches. Now if you decide to use VTP in your network, there is one more benefit that you can benefit from. That sounds right. One more benefit that you'll get and that is VLAN pruning. This keeps unnecessary broadcast traffic from going across your trunk links. Here's the picture of three switches. I've got

00:36:10

trunk links configure between them all. Now, this is obviously a logical diagram because you don't have one cable connecting all three. You know, you've got a crossover going here and then another crossover from another port that will come down here. But logically speaking, all of those would be trunk links configure between them. Now notice we've got the green VLAN, the red VLAN

00:36:29

and the blue VLAN. But also notice that the switch down here does not have any green VLAN ports. Well, the concept of VLAN pruning and the benefit that you get from it is when the green PC sends a broadcast normally that broadcast would go across every trunk link even down to the bottom and it switch on the bottom which is half to drop it with look like, "Ooops! I don't have any green, I don't have any green, you know." Every broadcast

00:36:55

say, "I don't have any green" You'll just have to drop the broadcast. Well, VLAN pruning just like we've got our pruning shears right here can take that broadcast and stop it at the last switch to get it. It uses VTP to do that because these switches can use

00:37:09

VTP. You can see it only works if they're VTP servers. These switches will allow-be able to communicate with each other and say, "Hey! I've been, I've been getting some green broadcast down here and I don't want-I don't have any ports that are member of the green VLAN but thankfully if I decided, I would like to add a port that belongs to the green VLAN you know this first is no longer blue, they're green. When I did that, the switch

00:37:35

would send a notification appear and say, "I've got a green port. Go on and send those down." So it would de-prune the link and make this links much more efficient. So you're not sending broadcast packet where they don't need to go. So VLAN pruning is something

00:37:50

that only get if you use VTP servers everywhere in your organization but also remember you run the risk of changes taking over your network with VTP servers everywhere. So there it is. The deep technical detail about VTP, about trunk, about how all of these VLAN concepts work. So to hit the high

00:38:11

points we did talk about understanding how VTP or-sorry-how trunks really do work. Looking at the tagging protocol or the language of love between them, 802.1 Q. So the 802.1 Q protocol add those shims, those tags to the packets as they cross the trunk that let the switches know what VLAN packet belongs to. Now once the switch processes that, its

00:38:35

strips the shim out so the computer doesn't actually receive it. The PC never knows what VLAN it belongs to. Last thing we look at is how VTP can help or annihilate your network depending on how you have it configured. Now in this upcoming video we're going to talk about how to configure VTP the right way so you don't run or you have or should I say you have very little risk of what happened in some of those scenarios I was talking about, happening in your network. I hope that this had been informative

Switch VLANs: Configuring VLANs and VTP, Part 1

Switch VLANs: Configuring VLANs and VTP, Part 2

Switch STP: Understanding the Spanning-Tree Protocol

Switch STP: Configuring Basic STP

Switch STP: Enhancements to STP

General Switching: Troubleshooting and Security Best Practices

Subnetting: Understanding VLSM

Routing Protocols: Distance Vector vs. Link State

Routing Protocols: OSPF Concepts

Routing Protocols: OSPF Configuration and Troubleshooting

Routing Protocols: EIGRP Concepts and Configuration

Access-Lists: The Rules of the ACL

Access-Lists: Configuring ACLs

Access-Lists: Configuring ACLs, Part 2

NAT: Understanding the Three Styles of NAT

NAT: Command-line NAT Configuration

WAN Connections: Concepts of VPN Technology

WAN Connections: Implementing PPP Authentication

WAN Connections: Understanding Frame Relay

WAN Connections: Configuring Frame Relay

IPv6: Understanding Basic Concepts and Addressing

IPv6: Configuring, Routing, and Interoperating

Certification: Some Last Words for Test Takers

Advanced TCP/IP: Working with Binary

Advanced TCP/IP: IP Subnetting, Part 1

Advanced TCP/IP: IP Subnetting, Part 2

Advanced TCP/IP: IP Subnetting, Part 3

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
16 hrs 32 videos

COURSE RATING

Basic Plan Features


Speed Control
Included in this course
Play videos at a faster or slower pace.

Bookmarks
Included in this course
Pick up where you left off watching a video.

Notes
Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Included in this course
Follow what the trainers are saying with ease.

NuggetLab
Files/materials that supplement the video training

Premium Plan Features


Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Included in this course
Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Included in this course
Develop and maintain a study plan with assistance from coaches.
Jeremy Cioara
Nugget trainer since 2003