Try our training for free.

Gain instant access to our entire IT training library for 1 week. Train anytime on your desktop, tablet, or mobile devices.

Employers know that CCNP-certified job applicants have a real-world knowledge of networking.  They also know that Cisco awards big discounts to companies that hire Cisco-certified staff. 

After watching Jeremy Cioara's new CCNP 642-813 SWITCH training, you'll be a master-level consultant on Cisco switched networks. You'll also have brighter career prospects and be an important step closer to CCNP certification.

Jeremy covers everything you ever wanted to know about switching in this update to his existing BCMSN course.  In no time, you'll be designing your network for maximum uptime and preparing it for advanced services like WiFi, VoIP and Video over IP. 

Jeremy's training maps to Cisco CCNP certification exam 642-813....
Employers know that CCNP-certified job applicants have a real-world knowledge of networking.  They also know that Cisco awards big discounts to companies that hire Cisco-certified staff. 

After watching Jeremy Cioara's new CCNP 642-813 SWITCH training, you'll be a master-level consultant on Cisco switched networks. You'll also have brighter career prospects and be an important step closer to CCNP certification.

Jeremy covers everything you ever wanted to know about switching in this update to his existing BCMSN course.  In no time, you'll be designing your network for maximum uptime and preparing it for advanced services like WiFi, VoIP and Video over IP. 

Jeremy's training maps to Cisco CCNP certification exam 642-813.
1. Welcome to Cisco Switch: Watch Me First! (17 min)
2. The Switches Domain: Core Concepts and Design (42 min)
3. VLANs: Configuration and Verification (13 min)
4. VLANs: In-Depth Trunking (35 min)
5. VLANs: VLAN Trunking Protocol (33 min)
6. STP: Foundation Per-VLAN Spanning Tree Concepts, Part 1 (23 min)
7. STP: Foundation Per-VLAN Spanning Tree Concepts, Part 2 (34 min)
8. STP: Rapid Spanning Tree Concepts and Configuration (24 min)
9. EtherChannel: Aggregating Redundant Links (24 min)
10. L3 Switching: InterVLAN Routing Extraordinaire (28 min)
11. L3 Switching: Understanding CEF Optimization (16 min)
12. Redundancy in the Campus: HSRP, VRRP, and GLBP Part 1 (43 min)
13. Redundancy in the Campus: HSRP, VRRP, and GLBP Part 2 (23 min)
14. Campus Security: Basic Port Security and 802.1x (32 min)
15. Campus Security: VLAN and Spoofing Attacks (31 min)
16. Campus Security: STP Attacks and Other Security Considerations (15 min)
17. Campus VoIP: Overview, Considerations, and AutoQoS (44 min)
18. Wireless LAN: Foundation Concepts and Design Part 1 (26 min)
19. Wireless LAN: Foundation Concepts and Design Part 2 (22 min)
20. Wireless LAN: Frequencies and 802.11 Standards (34 min)
21. Wireless LAN: Understanding the Hardware (30 min)
22. The Switches Domain: Additional Life-Saving Technology (22 min)
23. Monitoring: Your Pulse on the Network (45 min)
24. Campus Security: VACLs (14 min)

Welcome to Cisco Switch: Watch Me First!

The Switches Domain: Core Concepts and Design

VLANs: Configuration and Verification

VLANs: In-Depth Trunking

VLANs: VLAN Trunking Protocol

00:00:00

The VLAN trunking protocol is said by some to be, quote, the best thing sliced bread, end quote. Others claim that VTP, or the VLAN trunking protocol, is, quote, invented by terrorists to destroy networks around the world, end quote. So where are these two bipolar positions coming from

00:00:25

on VTP? That's what we're going to talk about here We'll look at VTP, the good, the bad and the ugly. Then we'll get in depth into what VTP is all about, the modes, what VLAN pruning is, how that comes into play, VTP consideration. We'll set up VTP between our switches. And then we'll wrap up this whole VLAN

00:00:45

subseries by talking about common VLAN issues. Here's the scoop. The goal of the VLAN trunking protocol is very simple. It's to ease your daily administrative burdens of creating VLANs. Now, first thing I've got to say about VTP is it was misnamed. I can't stand the name VLAN trunking protocol. Because it's not

00:01:10

a trunking protocol. What are the two protocols we have? ISL, 80.21Q. That's it. Period. And ISL is going away. So there really is only one trunking protocol we use today. VLAN trunking protocol is not a trunking protocol, but what it is is a VLAN replication protocol. That's what it should have been called, VRP. Maybe

00:01:33

that was taken. The way it works is all of your switches, when you pull them out of the box and get them connected up, start with this very simple system of VTP revision numbers. And that is the double edged sword of VTP. Its simplicity is what can kill it. Let me give you a demonstration. When you pull your

00:01:52

switches out of the box, they only have one VLAN, and that is VLAN 1. Everybody's at VTP REV 0. So you log into this switch up here. Let me get my pen going. You log into this switch up here and type in: I want to create VLAN 10. So you type in VLAN 10. Enter. All of a sudden your switch goes, okay, VLAN changed, clink, VTP REV 1. Let me send a VTP update. Goes down to this one. Says, oh, VTP REV 1, REV 1, REV 1. They all flip on over to VTP REV 1 and suddenly VLAN 10 magically appears on all these switches. We add VLAN 20 up here. Add VLAN 20. VTP REV 2, REV 2, REV 2. Goes down to all of these different switches and they get revision 2 and add VLAN 20 to their database. Now, that's the end result of what we see. We actually see that

00:02:51

taking place on our switches, but what we don't see is the technical details of how that happens behind the scenes. The switches replicate their VLAN database to each other, and anytime somebody has a later revision number, they're like, oh, great, new database.

00:03:08

Totally better than mine. I will flush my database, everything that I know about, and replace it with yours. So swoosh, those two VLANs show up. This database gets flushed and replaced with this one. So if I delete VLAN 10, deleted, VTP REV 3, REV 3, REV 3, everybody flushes their databases and replaces it with the latest and greatest one. So that's the basics of how VTP

00:03:32

works. Now, let me show you by the way, let me stop right there and emphasize the good before I get to the bad. The good side of VTP is, think of your organization, or if you have a very small company, think of a big one. How many switches do you think exist in, say, an enterprise organization? A campus network? Maybe 20 on the very low end. Maybe 50. Maybe 100 different switches in all these different locations around the campus. And that's just

00:04:04

getting started. Now, if I were to have to add a VLAN to all 100 switches, without VTP, what that means is I'm going to every single switch, sure it's via telenet, but who wants to telenet to 100 switches and adding VLAN 100 or whatever it is to every single switch in my organization. It can be painful. So VTP eases

00:04:24

that load for me by just creating it once and it replicates it everywhere. That's the good side. The bad side is this: Let's say you finish watching the BCMSN series here and you're thinking this is awesome; I want to I'm getting into this. I'm going to

00:04:44

build my own home lab. So you go on eBay and you're searching around and you're thinking: You know what, I can see a switch here. It says Cisco 2900 XL switch, buy it now price for $20. You're like, wow, and you look at the description and it says reputable seller used for years in dotcom companies, their loss, your gain and you know the eBay lingo. You're like, great, buy

00:05:08

it now and you make your PayPal payment and it doesn't take long and all of a sudden this little switch shows up in the mail. And I'm telling you, it's an exciting time. You unbox the switch and you get into the switch, and one of my favorite things to do when I get stuff off of eBay is to do password recovery, because most of the time the people that sell stuff on eBay they don't even know what it is. They just like, hey, this looks cool, let's

00:05:32

sell it on eBay. You log into the switch. It's got a password. That immediately should tell you there's a config on this from a company. So you do a password recovery on the switch and you start looking at their old config. I've done this a few times. I'm telling you, if you haven't done

00:05:48

it, it's great. So you're scanning the config, and you actually see how the company's set up and you're all excited. So, anyway, you've got this switch at home and you're practicing on some labs and maybe it's VTP REV 1302. That's just, it's been a dotcom company for years. That's what

00:06:07

it's at. And before long you're sitting there at home and you're like, oh, I gotta go to work. Like, well, I don't really do much at work anyway. And you know maybe I could take some of the downtime at the office to study and go after my Cisco certification. I'm

00:06:24

going to bring the switch to work. You're bringing it to work and playing with it and creating VLANs and messing with spanning tree and learning all kinds of stuff. This story is going somewhere, by the way. And all of a sudden you have this brilliant idea.

00:06:38

You think, you know what, I can make a real network here in my cubicle. I can take my switch, plug in a couple of laptops here into my switch or my desktop and my laptop or whatever the case is, and I can just grab a crossover cable and plug it right there into the port in my wall and have a real working network. So

00:07:00

you do, you plug in that crossover cable and like this is going to be great. And all of a sudden you see Bob down the hall kind of stick his head up above the cubicle and Bob is like, hey, Jim, you able to get on the Internet? And Jim's like no, no, I can't. My e mail isn't even working. And as a side note, little

00:07:21

side bar here, isn't it funny how in just about every business around the world, if the Internet goes down, immediately everybody knows and everybody panics. But like major servers, accounting databases, they can all go away and at least take them a little time to know. The moral of the story there, in the Cisco network

00:07:40

you can hose up anything productive but just don't down the Internet access, and at least you've got some time before people start whining. So anyway, back to the story. Bob and Jim are above yeah, nothing's going on. Meanwhile, you're kind of unplugging

00:07:54

your crossover cable and shoving everything in a file cabinet. Here's what happened. When you connected that crossover cable to the port in the wall, this switch, if it was able to negotiate a trunk with the other side, sent a VTP update and says, hey, everybody, I've got VTP REV 1302. And maybe on this switch you've got VLAN 100 and 200 that you've created. And this switch is sitting there and it goes: That's

00:08:22

great. We're on VTP 3. It's like give me your database. So it takes that REV 1302, flushes its old database along with all its old VLANs. They all go away. All gone. And replace them with VLANs 100 and 200. It takes less than a second. It's very fast. And wham all the switches in the network lose their existing VLANs 10 and 20, and replace them with 100 and 200. Now, the problem is all of the ports in your company or this little scenario here were assigned to VLAN 10 and VLAN 20. And if a port is assigned to a VLAN, and that VLAN just disappears, the port is like, wow, where am I? I'm lost. I can't talk to anybody. It literally cannot

00:09:10

talk to anything. The ports just disappear from the switch. If you do a show VLAN to see where the ports are assigned, you won't see anything. They're all just gone. All communication goes down. So less than a second, the entire network collapses. Now, the

00:09:26

administrator over here, you know, is in a panic at this point. Cell phones ringing and nightmare's going on, and the administrator is like what's going on? And it takes a while to figure out, because nobody thinks all the VLANs disappear. Oh, by the way,

00:09:39

as soon as that happened, all of the ports on all of the switches turn amber. That's your clue right there that this has happened. If a port isn't assigned to a VLAN and it just disappears, it goes amber. So if you're looking at a rack of switches and all

00:09:55

of a sudden everything goes orange, panic. Because that just happened, all the VLANs disappeared. So the administrator figures out, it's like, oh, no. So he pulls the switch off and restores the config from back up and plugs the switch back in. But as soon as he does, what happens? Replication down, we are VTP REV 1302, you are VTP REV 2 or 3 and wham complete VTP flush again. The only way the administrator can fix the VTP database is manually recreate it on one of those switches and add all those VLANs back in. Now I've been referring just because I didn't have I

00:10:34

don't want to draw up a huge pen dot scenario, I've been talking about two VLANs here. A company may have 10, 20, 30 different VLANs they have that's spread across the organization, so the administrator has to manually enter those back in and recreate them. By this point in time, in terms of downtime, you're typically

00:10:52

talking about 30 minutes to maybe an hour of complete network outage. Now, you can see the double edged sword of VTP. Now, this scenario, if you know a little bit about VTP, is not as easy to stumble into as maybe I've shown it right here. For instance, the eBay

00:11:15

switch isn't going to typically have the same VTP domain name as your organization. We'll see this in just a moment. All the switches in order for them to talk have to be assigned to the same VTP domain. Where this sort of scenario usually happens is a lab environment. A company has a lab environment that they

00:11:34

have set up for testing and stuff like that. And the goal of a lab is to mirror the corporate network as close as possible to run some tests before you release things in production. And what would typically cause this is a simple problem in the network.

00:11:49

Hey, we just got ten more employees. You got another switch. You look at the inventory, we're like we're out of switch, and somebody's like there's one in the lab, go grab the one in the lab. Oh, yeah, the one in the lab. And dadum. This scenario happens

00:12:02

right here, because the lab switch had the existing previous configuration on there. So VTP can be your best friend if used wisely. Let's look at the details. The first thing to understand about VTP is the three different modes that it supports. Server, client and transparent.

00:12:23

If you set up VTP servers which are the default, they have the power to change any of the VLAN information and replicate those changes to all the other switches in your domain. That's where the VTP REV number comes in handy because that helps all the switches discover who has the latest copy of the VLAN database since it is a multi server environment. The theory goes something

00:12:45

like this. You should only have one server in your network and all the rest of the switches should be, wow, that's a non Cisco switch obviously, the rest of them should all be client mode switches. You can see that the clients cannot change VLAN information.

00:13:03

They are locked. If you log into a client and type in I want to create VLAN 20, that means that well, I should say it's just going to reject you and say sorry this is in VTP client mode, you cannot make changes from here. Likewise, the VTP clients do not save the VLAN configuration. The servers save that config

00:13:24

in a file and flash called VLAN.dat. Clients keep it in RAM. So every time they reboot they have no VLAN database file and they have to rely on the replication from the server to get the latest copy of the database. Now, the reason I said the theory goes something like this is because unfortunately most of the time it remains a theory. As in everybody starts

00:13:48

off having a great config like this where you've got the one server and many clients in your network, but the problem is that IT people are lazy. I'll be the first to throw myself under the bus with that group. You telenet into a switch. Somebody just said hey I need a new VLAN, you go into the switch you type in VLAN 100. It says oh, sorry this switch is client mode. You can't make that change here. What do you do? You changed over the client

00:14:15

to the server mode because you're lazy and you don't remember where the server is in the network and eventually go back to a multi master server model anyway. So the client mode is supposed to be good as long as it's backed up by specific company policy saying you don't make changes from clients and you don't change clients back into servers. The VTP transparent mode you see at

00:14:39

the bottom there is if you don't want to use VTP. That's one of those ones you've been burned. You don't want to use VTP ever again. Change all your switches to transparent mode. They become essentially rebel switches at that point to where if they receive updates from VTP they will say I am not going to listen to this. Now, they'll pass it through.

00:15:01

You can see that second bullet there. It says it passes through the VTP updates in VTP version 2 which all Cisco switches support. So if you had a situation like let's say this is a transparent mode switch and then you had another client down here, it could pass the updates through to the client, but it won't listen to the updates themselves. You

00:15:21

can create and delete VLANs and it saves those configurations in the VLAN database file in flash, but those VLANs are never sent to anybody else. So every switch becomes its own independent authority once you move over to transparent mode. VTP also has a bonus feature called

00:15:42

VTP pruning. What this feature does is it allows the switches to do some of the work for you in a trimming down where broadcast traffic goes. In this example you can see we have three switches connected to that middle magic port, which is able to handle two switch connections per port, and the top two switches are the only ones that have devices in the green VLAN. The bottom

00:16:06

switch does not. Now, just with the definition of a trunk, the trunk passes all VLAN traffic. So if somebody sends a broadcast on the green VLAN, the bottom switch gets it even though it doesn't have any clients in the green VLAN. VTP pruning uses the VTP

00:16:23

technology to allow the switches to notify each other if they do not have any ports in a specific VLAN. Now, we saw early on, I believe in the previous Nugget, when we talked about trunking one of the things I mentioned was that you can manually go in there and type in these are the allowed VLANs on the ports, whereas VTP pruning is an automatic way to do that for you. Now, you

00:16:48

know my thoughts on things being auto. But at the same time I have never run into a problem with VTP pruning other than the fact that it has to be run on VTP capable devices. Meaning if you go VTP transparent mode you obviously can't use that. Likewise,

00:17:06

here's another thought for you, VTP pruning only works on VTP servers. So your client switches, if you have clients daisychained from other clients, they will not be able to do VTP pruning, which is another, I guess, you could say incentive to keep all your switches VTP servers, which is a bad practice in the first place. So follow my logic on that. That's how VTP pruning works.

00:17:35

I will say most people don't use it. So VTP pruning is something that's off by default. You just go in and turn it on and it does its magic. Last thing I want to mention on VTP pruning, this feature prunes the broadcast traffic from reaching the other switches.

00:17:53

It does not prune out the actual VLANs. For example, I have the green, red and blue VLANs here. The green VLAN will still be available on the bottom switch down there. It's not like it just magically disappears from the switch and only appears when you add ports. You'll see it down there, because the replication

00:18:11

feature is still working. Pruning just eliminates the broadcast traffic from reaching that switch since there are no assigned ports. Now let's get into the configuration of VTP. I'm going to show you a catch that happens on Cisco switches that might throw you off with some new switches you get into your organization.

00:18:30

Step one in configuration is verifying the current VTP status on every switch. I can't emphasize how important it is to do this, even if you think the switch has no configuration, because if you forget to verify the VTP status, it may just be that eBay switch that wipes out your network. So let me bring up the console

00:18:53

connection. Before I do you can see the live topology I have going at the bottom there. Switch A connected to B and C. So we are on switch A right now, and the key command to verify VTP is not a show run, because most VLAN information is not going to show up in the show run. It's all stored in flash in this

00:19:12

file called VLAN.dat which is not there yet because I haven't configured this. So I'm going to type in show VTP status. That's your number one command for verifying VTP. So right up front you can see VTP version is currently 2. However, version 2 mode is disabled. It runs version 1 until you turn on VTP version 2. That's just the maximum the switch can support. This is the key line you're looking for.

00:19:41

Configuration revision is 0. That means this switch has not received any VTP updates and has no VLANs or currently is not running a VLAN database that can replicate to other people. As you make changes, that's the revision number that keeps going up. Below

00:20:02

that you see the operating mode right there, which is the server mode. That's the default mode every switch is in. And then you see the domain name. I want to focus on this. The domain name by default is blank. Cisco considers that null. It's at this point that the switch will be in its most susceptible state.

00:20:24

Meaning if I plug it into a network that is running VTP and a trunk port is negotiated with me, VTP runs on top of the trunks, it will take whatever VTP domain name and password the organization has. So what this means is if I plug this switch in, I don't

00:20:43

even need the VTP domain name or the password. I'm going to get all of the VTP updates sent down to me. Tell me that's not crazy. Because here's my fear. You forget to hard code a cubicle port as an access port. You leave it on the dynamic desirable mode.

00:21:05

Well, when somebody plugs that in, their switch will negotiate a trunk port with your switch and if their VTP domain name is set to null or blank, as you can see on the screen right now, that means whatever VTP advertisement they receive it will automatically configure itself to. So can you imagine all that security you

00:21:24

thought you had by assigning a VTP domain name and password that nobody knew, it's gone because it's sent in clear text over the trunk link. Moral of the story, it is so important that you hard code every port going into a cubicle as an access port. Do not

00:21:41

let it negotiate trunks, because if it does, you're doomed. In a way. So what I'm going to do I just want to show you how this works. I'm going to telenet on over to switch B to show VTP status over there. You can see server everything is blanked out as well. I'll go

00:22:01

to switch C and do a show VTP status. Blank. Everything is blank. So our organization currently has nothing. So step one is going to be configuring the VTP domain name. Go into global config mode and type VTP domain and follow that up with the name of the domain. We'll call it CBTNugget.

00:22:25

Enter. You can see right away it says changing from null or blank to CBTNugget. I exit back out, do a show VTP status. And sure enough CBTNugget it is. Now I'll hop over to V, show VTP status over there. Look at that. See what I mean? Immediately, poof, since it was null it became the first name that came to it. I'm going to jump on over to switch C. Just do that show

00:22:54

VTP stat. Up arrow. And sure enough it is CBTNugget as well. When it is null, it is susceptible. It will become whatever the first name is that you advertise. So with that in place, well, I guess we don't have too much excitement going on, because I have not created any VLANs on here and that is why on my server, when I do a show VTP status, my config REV is currently 0. So if I go into global config mode and type in VLAN 10, we'll say name Sales, VLAN 20, name Accounting, VLAN 30, name Isabella. That's the name of my first little daughter. And I'll exit out and do a show VTP stat.

00:23:43

You can see the config REV has moved up to 3 to show a VLAN, and there's my three VLANs. Theoretically, well, it should be working. If I jump on over to switch B and do a show VLAN, poof, the same VLANs pop up. Do a show VTP status, you can see the config REV is 3. I know I'm zooming through this. Hopefully the video is keeping up. If not, it's the beauty of

00:24:06

video: Rewind. So the VLANs are replicating over to switch B and switch C. You can see the config REV as 3. Show VLAN. And there's my VLANs that are showing up. So VTP is working. It is operational. Now, a few other things. I'm trying to think that's it. That's wait thank

00:24:35

you. I put a list over here for myself. Configure the domain name and password. The password is configured just by going into global config mode and typing VTP password. You can see it right there. And voila. By the way, also while we're here that's how

00:24:50

you turn on VTP pruning. VTP version or VTP mode will set whoops. What mode it runs in. You can see the transparent server and client VTP version is version one or two. The difference between version one and two that would be a good thing to know. VTP version two adds support for token ring. Whoohoo, just in

00:25:13

time, right, but it also gives transparent switches the capability to forward VTP information through them. If you're running VTP version 1, which all switches are running by default, even though it says VTP version 2, you can see version 2 mode is disabled. If you're running version 1, the transparent mode switches will stop VTP broadcast. They absorb them rather than pass them on.

00:25:39

So let's see. Where am I? VTP domain password. VTP mode, we've seen configuring the servers, or all of them are servers by default. So let me hop back over here. I'm going to set these guys up as VTP mode client. You can see when I do a show VTP status, it is now in client mode. And what that means is this can no

00:26:07

longer create or delete VLANs from the domain. I'll just type in VLAN 40 to create a new one. It will tell me VLAN not allowed while the device is in client mode. This is where I was mentioning, this is where self discipline comes in, because you want to make sure you don't just change it back over to a server and make the change because that kind of defeats the purposes of clients.

00:26:29

VTP version number, I already showed you that. So, hmm, just trying to think if there's anything else. VTP just it's all about the concepts. Like most things in Cisco, not too much to the configuration. Last thing I'll do is hop on over to the VTP switch C, change that over to VTP mode client. Now, let me show you

00:26:56

some gotchas. I'm going to type in on switch A show flash. And you can see I showed you this right before we got started, there was no VLAN.dat file. Now there's a VLAN.dat. All of your VTP stuff and VLAN stuff, I'll do a show run include VLAN, you can see that there is nothing in the running config about VLANs.

00:27:19

All of that stuff is stored in that VLAN database file. One of the tips that I'll give you now, this is not certification world. This is just real world stuff I've run into, one of the tips that I will give you is if you're working on a used switch, meaning one that's maybe been in production for a while, and you reconfigure it to be in a new VTP domain name or joining a new domain of switches or something to that effect, I have had it happen where I have the domain name, the password, everything exactly correct, and, by the way, I should mention as I'm talking, this domain name is case sensitive. So it's lower case, upper case does matter.

00:28:00

I've had everything correct and mode is correct and trunk links are operational and it does not replicate. I have found that sometimes the VLAN database file cannot handle changes from one domain to another. Like if you do a write erase, and this is a good rule of thumb, I think of all these things as I go here, if you do a write erase to erase the switch, it does not erase the VLAN.dat file. So it will maintain its VLANs and it will

00:28:29

maintain all its VTP stuff. I've found a lot of times if you do a write erase and forget to delete the VLAN database file, the next time you try to set it up for VTP, it gets corrupted. My point in saying all of this, is that if you're having trouble with VTP and you know everything is right, you know you've got everything set up correctly, try this: Delete the VLAN database file. Do a delete/:VLAN.dat.

00:28:59

It will ask you to confirm, run through a couple times, enter, enter and confirm it. You'll have to reboot the switch to clear everything out because it's still in RAM. But a lot of times I find if you have a used switch and you're moving it between VTP domains, that VLAN database file can't handle it and it kind of gets corrupted in the sense that it won't work any more for the new VTP domain. You've just got to delete it and start over.

00:29:26

Now that I think about it I just jumped a little ahead of myself. I was going to save that for this common VLAN problems slide. One of the problems that you might have, and that's down at the very bottom, is that VLAN database file gets corrupt. So just

00:29:40

type in that delete/:/VLAN.dat, reboot the switch and that will solve a lot of the VLAN problems. I've had that happen a dozen times or so and I've gotten used to deleting the VLAN database file on older switches. Let me hit the rest of the common VLAN problems you run into as we wrap up this VLAN subsection here. First off, number one problem I've

00:30:04

seen is the native VLAN mismatch. You keep getting all these messages across your console: Native VLAN mismatch. We already talked about the native VLAN, but a mismatch happens when it's assigned differently on both sides of the connections. You want to hard code it, so it's the same. Otherwise you end up with

00:30:20

VLAN information bleeding amongst each other. Meaning if one side is VLAN 1 and the other side is VLAN 10, you've essentially linked those two VLANs through the native VLAN mismatch. That's why it's not a message to ignore. I've been into many networks where I log in, you've got a native VLAN mismatch. Oh, I've seen

00:30:41

that message forever. And I don't know how to fix it. I go you want to fix that, because you've essentially bridged VLAN 1 and VLAN 10 when you do that since the broadcast for VLAN 10 ends up going across into VLAN 1. So make sure those are matched. Second, trunk auto negotiation

00:30:59

message use. My message don't use the auto negotiation. The number one problem is auto to auto does not become a trunk. And that is by design. The auto mode does not send out VTP sorry, DTP messages that tried to negotiate a trunk for the other side. So both of them are just sitting there idle saying, okay, is somebody going to do something? But nobody does anything. So

00:31:26

if possible avoid the DTP and set all your trunks to non negotiate. That's the best way to hard code everything. The last thing is what we just talked about, VTP updates not applying. Number one steps is to go through and make sure everything matches. Check

00:31:42

your domain. Check your password. Check your version on all your switches. Are they all running version 1 or 2 or you can't have a mix. Verify your trunk links. A lot of people overlook that. VTP is called the VLAN trunking protocol. It's not a trunking

00:31:56

protocol. I already mentioned that. But it does only work over trunk links. Make sure you have trunk links between your switches. And the last one I already talked about to delete that file and reboot as a last resort. A lot of stuff on VTP. The good, the bad and the ugly. What do

00:32:14

you think? I'm curious. I'm really curious. I wish I could take a poll. How many of you will use VTP, or are using VTP in your organization? And after seeing the ugly, if you will, of VTP, how many of you still want to use it? I will say I still use it. Just to give you a personal experience, I have had it wipe

00:32:37

out a network, but I'm telling you for me the advantages outweigh the disadvantages. But that's not an opinion for everybody. VTP modes, we talked about. Server client, transparent. Transparent being disabling VTP. Pruning being the feature you can turn on

00:32:53

from global config mode, just one command line. VTP pruning, enable, and that will turn on pruning for the switches. They have to be the server mode VTP switches to enable the pruning. We walked through the VLAN configuration step by step and finally looked at troubleshooting common VLAN issues as we wrap up this VLAN subsection of the BCMSN series. I hope this has been informative

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 1

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 2

STP: Rapid Spanning Tree Concepts and Configuration

EtherChannel: Aggregating Redundant Links

L3 Switching: InterVLAN Routing Extraordinaire

L3 Switching: Understanding CEF Optimization

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 1

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 2

Campus Security: Basic Port Security and 802.1x

Campus Security: VLAN and Spoofing Attacks

Campus Security: STP Attacks and Other Security Considerations

Campus VoIP: Overview, Considerations, and AutoQoS

Wireless LAN: Foundation Concepts and Design Part 1

Wireless LAN: Foundation Concepts and Design Part 2

Wireless LAN: Frequencies and 802.11 Standards

Wireless LAN: Understanding the Hardware

The Switches Domain: Additional Life-Saving Technology

Monitoring: Your Pulse on the Network

Campus Security: VACLs

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Intermediate 11 hrs 24 videos

COURSE RATING

Basic Plan Features


Speed Control
Included in this course
Play videos at a faster or slower pace.

Bookmarks
Included in this course
Pick up where you left off watching a video.

Notes
Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Included in this course
Follow what the trainers are saying with ease.

NuggetLab
Files/materials that supplement the video training

Premium Plan Features


Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Included in this course
Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Included in this course
Develop and maintain a study plan with assistance from coaches.
Jeremy Cioara
Nugget trainer since 2003