Try our training for free.

Gain instant access to our entire IT training library for 1 week. Train anytime on your desktop, tablet, or mobile devices.

Cisco CCNA certification proves your professional worth. It tells prospective employers that you can handle the day-to-day work of running a mid- to large-sized Cisco network....
Cisco CCNA certification proves your professional worth. It tells prospective employers that you can handle the day-to-day work of running a mid- to large-sized Cisco network.

The two-exam CCNA process covers lots of innovative features, which better reflect the skills and knowledge you'll need on the job. Passing both exams is your first step towards higher-level Cisco certification, and trainer Jeremy Cioara has mapped these CCNA training videos to the 640-816 test. This CCNA training is not to be missed.

Here's how one user described Jeremy's training: "By the way, Jeremy Cioara has to be by far one of the BEST Cisco trainers I have ever had the privilege to learn from overall. He not only keeps your attention but his energy is contagious and he provides the information at a level where you grasp it rather easily."

The last day to take the 640-816 exam is Sept. 30, 2013. After that date, the only ICND2 exam available will be 200-101. CBT Nuggets has a training course for the 200-101 exam here.

All trademarks and copyrights are the property of their respective holders.
1. Review: Rebuilding the Small Office Network, Part 1 (33 min)
2. Review: Rebuilding the Small Office Network, Part 2 (28 min)
3. Review: Rebuilding the Small Office Network, Part 3 (23 min)
4. Switch VLANs: Understanding VLANs (16 min)
5. Switch VLANs: Understanding Trunks and VTP (39 min)
6. Switch VLANs: Configuring VLANs and VTP, Part 1 (35 min)
7. Switch VLANs: Configuring VLANs and VTP, Part 2 (39 min)
8. Switch STP: Understanding the Spanning-Tree Protocol (28 min)
9. Switch STP: Configuring Basic STP (21 min)
10. Switch STP: Enhancements to STP (29 min)
11. General Switching: Troubleshooting and Security Best Practices (29 min)
12. Subnetting: Understanding VLSM (18 min)
13. Routing Protocols: Distance Vector vs. Link State (26 min)
14. Routing Protocols: OSPF Concepts (30 min)
15. Routing Protocols: OSPF Configuration and Troubleshooting (39 min)
16. Routing Protocols: EIGRP Concepts and Configuration (32 min)
17. Access-Lists: The Rules of the ACL (27 min)
18. Access-Lists: Configuring ACLs (34 min)
19. Access-Lists: Configuring ACLs, Part 2 (48 min)
20. NAT: Understanding the Three Styles of NAT (20 min)
21. NAT: Command-line NAT Configuration (35 min)
22. WAN Connections: Concepts of VPN Technology (33 min)
23. WAN Connections: Implementing PPP Authentication (34 min)
24. WAN Connections: Understanding Frame Relay (28 min)
25. WAN Connections: Configuring Frame Relay (30 min)
26. IPv6: Understanding Basic Concepts and Addressing (34 min)
27. IPv6: Configuring, Routing, and Interoperating (23 min)
28. Certification: Some Last Words for Test Takers (13 min)
29. Advanced TCP/IP: Working with Binary (25 min)
30. Advanced TCP/IP: IP Subnetting, Part 1 (55 min)
31. Advanced TCP/IP: IP Subnetting, Part 2 (22 min)
32. Advanced TCP/IP: IP Subnetting, Part 3 (19 min)

Review: Rebuilding the Small Office Network, Part 1

Review: Rebuilding the Small Office Network, Part 2

Review: Rebuilding the Small Office Network, Part 3

Switch VLANs: Understanding VLANs

Switch VLANs: Understanding Trunks and VTP

Switch VLANs: Configuring VLANs and VTP, Part 1

00:00:00

All right, we've talked a lot about the concepts. Let's hit the configuration. We're now going to walk through the configuration of VLANs and VTP. First off, looking at the network diagram enhancements because we have added some switches to the network, and then we'll walk through step-by-step setting up trunk, setting up VTP, getting the replication happening between our switches, adding VLANs and assigning the ports to the VLANs.

00:00:26

Before we jump into the configuration, let me just go over some of the changes to the network diagram that we've been making as our office has grown. You can see our corporate office, which is connected to router 1 and router 2 here has grown to three switches. We have more computers than our single switch can handle, so we expanded.

00:00:43

Now as of right now switch 1, which was the switch we've been using all along, has become the core switch -- essentially everything connects to that. It's the core of our network. Now that switch configuration hasn't really changed. I've noted the new interface connections

00:00:58

here that will go down to our two new switches -- switch 2 and switch 3. Now the IP addressing for a corporate office -- I went ahead and tried to shorten that a little bit. So you can see that the corporate office is represented as everything 192.168.1.0/24. This is the.10 of that range. This is the.11 of that range and so on. You'll see a lot of network diagrams drawn

00:01:21

like that just because it takes up a lot of space to write in the full IP address. Now some of the devices still have their full IP addresses like the host in this router right here because I have some special uses that I'm gonna use those for. I'm going to be changing

00:01:34

those as we work through this and the following videos. So that's what the landscape looks like. Now on switch number 2 and 3, all I've done so far is just given them host names, set up some basic console port settings so that I am able to you know, have logging synchronous, no exec timeout, no IP domain look up.

00:01:54

Some of the initial optimization commands we talked about in the series. So, what I still need to do is assign them IP addresses from this range and bring up their VLAN interface. Let's go in and do that just as a good review and get our blood flowing before we jump into the new stuff. So -- wrong window, bring up this one. I'm

00:02:12

attached to the serial -- or the console port of switch number 2, gonna get into privileged mode and just do a show run. You can see as I space through this, nothing really out of the norm you know, everything is looking pretty much the same as a brand new switch, no config modifications. I can do show IP interface

00:02:33

brief. I see some of my interfaces are up, which represents devices plugged in, but my VLAN 1 interface, which is -- I'm going to be using for management is currently shut down. So let's configure that. I get into global config mode and get under the interface

00:02:47

VLAN 1 and we'll give it the IP address I have on my network diagram for switch 2. Look back; switch two is 192.168.1.11/24. Good. So I'll do a no shut down and bring up that interface, switch 2 is now configured. Now with that in mind, I still need to give that switch a default gateway in order to be able to manage it remotely. I do that from global configuration mode.

00:03:20

But I'm going to hold off on doing that and the reason why is when we get to routing between VLANs; that's in a -- in a video or two later, you're going to be able to see some of the changes that we've made and how that may affect the routing of our network. So hold off on the default gateway. Let's hop

00:03:35

over to switch 3; switch 3 global config mode. By the way no config on this one as well. So I'll get under interface VLAN 1. IP address on that is 192.168.1.12. You can see that right here. Power that on and we're good to go. So at this point, I should be able to ping between my switches, just saying ping 192.168.1.10. That would be pinging from switch 3 to switch 1. Hold our breath and poof, it's working. It's that first ping takes

00:04:16

a moment. Let's try pinging switch number 2, which we've just configured. 1.11. There we go -- success. We're now able to ping through. So we're good to go. As of right now, everything belongs to VLAN 1. Meaning all of our ports -- let me just do a show command. I'll do a show VLAN.

00:04:35

And see this is switch number 3. Default or VLAN 1 -- every single one of those ports belong to the default VLAN. Notice fastethernet 0/1 is missing from that list. I'll talk about why that is in just a moment. But for now let's just go with it, everything is -- is plugged into VLAN 1. Now we're moving into the configuration of VLANs and VTP. So the first step that we're going to need in all

00:05:01

of our configurations is to set up our trunk ports between our switches. This port right here or that link between those two and this port right here between those two switches need to become trunks so that they can transmit all the VLAN information across them. Likewise, VTP will not work on any interface that

00:05:20

is not a trunk. Meaning it has to be active in order for the VTP updates to replicate across that link. So let's first off go and configure our trunks. I'm gonna start the configuration on switch number 1 because that is our core switch of our network. Now notice the interfaces,

00:05:38

fastethernet 0/11 and 12 connect down to switch 2 and switch 3 respectively. So those are going to be configured as my trunk. I'm gonna hop on up to that switch -- I gotta close that window, there we go -- start off on one and the first thing I want to show you is that I can type in the password -- there we go. The first thing I want to show you is how

00:06:01

those ports are configured by default. I'm gonna do a show run fast -- or type in interface fast ethernet 0/11; that's just the way that you can trim down the running config to show just that interface from it. I hit enter and you can see the default mode of that port -- it says switch port mode dynamic desirable. As a matter of fact, let me just do a show run, scroll down a little bit, look at that.

00:06:29

0/2, dynamic desirable, three dynamic -- everything is dynamic desirable. That is a horrific default. Let me tell you why. What that says is this switch port is in a mode of dynamic. Meaning, let me jump back here -- it can either become an access port or a trunk port on the fly.

00:06:53

Now access ports are designed to connect to NPC. Any time you have a -- a PC device right here, it needs to be an access port which means it's -- it essentially means it's not going to be a trunk, meaning I can assign that one VLAN and it will always be on one VLAN; we will not negotiate a trunk connection. The

00:07:11

trunk ports are used between switches and that is the one that translates -- transmits all VLAN information between the two switches. Now the default again is dynamic desirable which means I will dynamically switch between these two modes. If I detect another switch plugged in, I'll convert to a trunk port. If I detect a PC plugged in, I'll convert to an access port.

00:07:35

Now it sounds convenient and that's why CISCO designed it that way. They wanted it to be convenient so you can just plug cables together and be trunking, which is actually what we're doing right now on these ports. They are trunk ports because we're dynamic -- they're just switching to whatever's plugged in. But the

00:07:49

reason I say it's horrific is because it's wide open to malicious people. Let's say that this person in their cubicle is an angry user and he does not like the company at all. So he brings in his own switch from home and plugs it into his cubicle wall jack. Well, as soon as he does that the switch will notice that, and go, "Oh, well

00:08:10

hey, let's -- let's negotiate a trunk connection with that other switch. VTP updates will be sent down that -- that port; the user can actually sabotage your VLAN database. They can -- they can use an attack known as VLAN hopping. I'll talk about that a little

00:08:23

bit more. So it's horrible to have those ports on dynamic. Anytime you see anything like dynamic, desirable, auto, negotiate; anything like that on a CISCO device, it's usually better -- 90 percent of the time it's better that you would hard code those modes rather than leave them on dynamic. So dynamic

00:08:45

desirable means I'll dynamically change and I'm desiring to be a trunk port. Meaning I will actively negotiate a trunk, if I see another switch attached. So our two ports that we're configuring are 11 and 12 and I need to go under those ports. I'll do interface fastethernet 0/11 and I need to change the switch port mode. Type in switch port mode and I'll do a question

00:09:09

mark and you can see we have access. We have trunk and we have dynamic -- dot1q-tunnel; that's another story for another day. That's -- that's actually a CCIE level topic right there. But access and trunk are the two we want to use. Right now it's set to dynamically negotiate. Now this is a connection between

00:09:29

a switch, so we can safely say switch port mode trunk. Now this is going to give an error. When I do this and it's -- it's saying the command is rejected. An interface whose trunking encapsulation is auto cannot be configured to trunk mode. Here's what that means.

00:09:48

Remember I said there was the language of love -- that was in the previous video -- the language of love of trunking was 802.1Q. That is the official trunking language that everybody in the world now uses between their switches. But long ago when VLANs, the concept of VLANs were first created, CISCO created their own trunking language. It was actually

00:10:09

known as ISL -- InnerSwitchLink. It was before the 802.1Q standard was really standardize and really was a good standard to use anyway. So CISCO said we're going to create our own and you can use that between CISCO switches for more efficient trunking. Well, times have changed, the industry has progressed

00:10:27

and ISL is being faded out And what I mean by that is it's going away. They're -- they're trying to phase it out of all switches. A lot of the brand new switches they create don't even support ISL. However, this switch, switch number 1 is actually a 3550, which is a little higher end switch, supports a lot more features. So it has the

00:10:47

ability of using ISL or 802.1Q on its interface. So what it's saying is that trunking encapsulation right now is auto. It's going to try and negotiate between the two, which kind of integrates with this dynamic system. But since we're hard coding everything, we have to add an extra command to the upper end switches in CISCO's world. And we type in switch

00:11:10

port trunk encapsulation and then we choose: 802.1Q where they write it.1Q, ISL or negotiate. Now, remember anytime you see negotiate, dynamic, auto -- don't use it. We're going to hard code.1Q. Now -- now that we've hard coded what language it's going to speak -- the language between the switches, I can just type in switch port mode trunk enter. And now you can see

00:11:38

the same command as before but now it's not popping up that error message between the two switches. So we have on the 3550 fastethernet 0/11 is configured as a trunk port. Good, now let's move or fastethernet 0/12 and this should be pretty simple. I'll just type in a

00:11:57

switch port trunk encapsulation.1Q, enter. And then switch port mode trunk. Good. So now fastethernet 11 and 12 are both configured as trunk ports and let me show you a massive security step forward in your world. Now that you know which ones are trunks set all the rest of them to access ports. Meaning right now everything; these are hard

00:12:23

coded trunks, but everything else is still set to dynamic. So this is 24-port switch, so we can safely say 1 through 10, you know, up to 11 is considered an access port and then 13 through 20; hmm, let's do 23. There's something in this picture I'm not showing you. I'll show you a little bit later. 13 through 23 will be considered access ports. So here's what we do. You can type in interface range fastethernet and then you

00:12:55

type in your -- your module and port, 0/1 through 10. I'll do that first group and I'll say switch port mode access or full command access. I'll then type in, hit the upper arrow and then do interface range fastethernet 0/ and then what was the next range? 13 through 23. 13 through 23. Switch port mode access hard coded access ports.

00:13:24

Good. Now if I go back and do a show run, you can see that all of the modes have gone over to access you know, this is our internet router connection. We labeled that in the first video, but fastethernet 2 access, access, good. All these are great. Oop, there's our trunk ports, trunk and.1Q encapsulation. Everything else -- access, access, access, because we want to make sure that they don't negotiate trunk ports on the fly. Good.

00:13:49

So we've got the core switched, 3550 configured. Let's go down and do switch 2 and switch 3. I'll do these a little bit faster. Jump over to switch 2. Now switch 2 and switch 3 -- I'll do a show version are actually CISCO 2950 switches. They don't have as many features as the 3550 and one of the features they're missing is the ability to support ISL encapsulation. That's not even an option on the 2950. It's been phased out. They only support 802.1Q. So when I configure the trunk ports on switch 2 and 3, you can see the trunk ports are fastethernet 0/1 and 0/1 on both of those. All I need to do is get underneath the interface fastethernet 0/1 and type in switch port mode trunk; enter. There is no encapsulation command.

00:14:38

Look at this -- I'll type in switch port trunk encaps -- oh, oh, oh -- -- there's no command. Notice I'll hit the question mark; nothing. No encapsulation command because since it only supports one encapsulation, 802.1Q; what's the point of having others? Now on this switch, I can safely exit back out and do interface range fastethernet 0/2 through 24, meaning all the rest of the ports except port one which is our trunk. And type in switch port mode; access. Slam. All those

00:15:12

are now access ports. Do a show run and you can see there's my trunk, 0,1,2,3,4 and everything else is now considered access ports on this switch. Let's go to switch 3. Fastethernet 0/1; switch port mode trunk and then interface range fastethernet 0/2 through 24; switch port mode; access. Now if you're following along; if you've got your own lab equipment and you're setting up this kind of configuration, I do want to make sure I mention the interface range command on most IOS versions, except the very newest and best IOS versions is really finicky with how you type this in.

00:15:56

The spacing has to be exact between these two. So if you forget a space, no exit back out -- interface range fastethernet 0/1 through 10, it will say, ugh, I -- I -- I don't know what you're talking about. In the new IOS versions they fixed that so it works

00:16:12

real seamlessly. But I've seen a lot of people that are like, "Oh, no. I can't use the range command. My IOS must not support it. Most the time it's just looking for a different syntax there. Good. So I would say it's safe to save our configuration, if you type it right on all these switches.

00:16:27

We've got our trunk ports configured that was step one. Step one; so let me -- let me clear off all the chicken scratch here. I'm going to be updating these diagrams as we go through to reflect our changes as we go. Now in this video, I'm just gonna be drawing and adding things by hand. But I'll modify it in the

00:16:52

background later, so it looks much prettier. So the trunks are configured. Now let's do the second thing, configuring VTP, the VLAN trunking protocol. So all of our VLANs can replicate between the two. So actually looking at the time I think we're going to do the first two steps in this video and then we'll split it and do the last three -- two steps in the upcoming video. I don't want to make this too long.

00:17:15

VTP just to hit the highlights, replicates those VLANs between our switches. We talked about that in the previous video. Now again, let's start up on our core switch -- switch 1. And I'm going to type in the command, show VTP status. That command will show you everything about VTP. Now I

00:17:37

will mention that all the things that we type for VTP are not stored in the running config. They're actually stored in -- in another file. Again, I'll talk about that as we get deeper in this, but as of right now you can see everything about VTP. It says VTP version is currently running VTP version 2. The configuration revision is revision one meaning there's been one change made to the switch because they start from zero; that's -- that's interesting to me because I don't know which change that is. Let me -- let me jump down to switch 2 and do a show VTP status down here. Okay, this -- there must be something on on our

00:18:12

core switch. Oh, I just remembered what it was. I'll tell you about that later, too. Let's look at switch number 2, that in the changes that we have here. VTP version 2; config rev zero. Meaning, there's been no changes made to this switch all. Maximum VLANs supported locally is 128; that means this switch, this 2950 supports a maximum of 128 VLANs passing through it at one time. Now the VLAN numbers, you can have up to -- the VLAN numbers go one through, I believe it's 4094 maximum VLANs that you can have on your switches. But these lower end switches

00:18:53

only have 24 ports so they're saying why would I have 4000 VLANs and support that many active VLANs when -- when I only have 24 ports in the first place? So, and you can see the bigger you go on the switch, like this is a 3550 up here, the more VLANs you can support.

00:19:09

Now down here it shows the number of existing VLANs is currently five. Now that means there are currently five active VLANs on here at a time. Now, wait a sec, I thought there's only VLAN 1. Let's do a show VLAN. Now when I do that I see that I have VLAN 1 and then look below it, we have VLAN 1002, 1003, four and five. Those are considered extended VLANs.

00:19:34

They were created to support other kinds of networks like you can see token ring networks and FDDI; that's an old fiber optic standard networks. Now in order for a switch to be considered industry compliant or standards compliant, those VLANs have to be on there. So it's not like we're actually using em.

00:19:51

As a matter of fact, you can see the status is that they're active, but they're unsupported because this switch doesn't have any token ring interfaces or FDDI interfaces. So they're just there because the standards say they have to be there. But we're really only

00:20:05

using VLAN 1. So you add them up one two three four five; there's our five VLANs that it's seeing and that show VTP status. Now down below you see the operating mode; it's currently a server because everything is a server by default out of the box and the domain name is blank. Meaning it -- there is no name for the existing

00:20:26

company or the replication that's happening between them. So let's stop there and jump into our configuration. When we're setting up VTP, we need to configure three major aspects. One is that VTP domain name -- I'll just put name. Two, if we want to, and this one is optional, we can add in a password for the VTP domain.

00:20:53

And three, if we want to do it we can change the VTP mode. Remember the three modes: server, client, and transparent. So we can choose which mode we would like to create. So let's start off with number one, which is configuring the name. To set that up, I'm gonna jump back to our main switch in the network which is switch number 1. Now before I do that and get the command prompt pulled back up, I want to make a mention of something that will happen before your very eyes. It's a magic show. On this switch

00:21:25

when I configure the domain name and let me just come up with it, I'll -- I'll use Nugget World will be my VTP domain name. When I configure that domain name on switch number 1, switch number 2 and 3 will automatically pick it up. Meaning, they will automatically join

00:21:47

the Nugget World domain. Now, the reason that's going to happen is because as a right now if you look back, switch number 2 and switch number 3 -- we didn't do this command and 3 but it's there -- do not have a domain name. Meaning they -- they are not a part of a domain. And when a switch does not have a domain

00:22:04

name, it is in the most susceptible state to VTP that it ever will become. And that is in a state where it will take whatever domain name has first advertised it. When we go on switch number 1 and set the domain name to Nugget World, it will send it out all trunk ports and say hey I'm Nugget World. Switch 2 and 3 since their domain name is blank and let's just jump over to switch 3 just to make sure, there it is, you can see right there the domain name is currently blank. Since it's blank it will adopt whatever domain name first

00:22:38

comes to it. And it will become part of the Nugget World domain. Now once that happens, once it is a part of a VTP domain it will not change ever again unless you change it manually, like maybe you wanted to have switch 2 and 3 a part of a different VTP domain. Well, you could go in and manually change them, but that will not affect anybody else because they've already have a domain name assigned.

00:23:00

CISCO set it up that way so you could pull a brand new switch of the box, you know, no configuration on it; plug it in; it's dynamic mode by default so it negotiates a trunk. Receives an update and automatically gets all the VLANs that are in your organization.

00:23:14

Kinda handy if you like the dynamic way of things. So let's jump on to the switch number 1. The way that we set our VTP domain is to go into global config mode and type in VTP, and I'll do a question mark, domain and it says what is the name? Type in Nugget World. Now this

00:23:38

name is absolutely case-sensitive. So if you use capitals or lower case on one switch, make sure you do it on all of them or else it won't replicate. So I type in Nugget World, it says I am changing the domain from Null to Nugget World. It's changed. So when I go back into

00:23:53

a show VTP status, I can see that Nugget World has popped up here. Now I jump down to switch number 2 and 3, let's see if what I said happened. You can see right there they adopted Nugget World as their VTP domain. Let me just hop over to switch 3. Nugget World. Excellent. Now you can even see down below the last

00:24:17

local updater, you know, who -- who was the last one to update this. As of right now, it just says the local updater id was this; 192.168.1.12 or this, which is 192.168.1.11. All that means is that it was itself; the configuration was last modified by itself in 1993. Obviously, I need to change the date to make that right. But

00:24:42

that was the last modification that was made. So we've got VLANs -- or sorry the the trunks configured. We've got VTP configured. Oh, I said I was going to get this in half. I'm not gonna do that. I'm gonna jump down to step number three. Maybe I'll divide it after this because VTP without creating VLANs is kind of like, "Eh, that's not exciting," So what I want to do is I want to set up some VLANs and watch them replicate.

00:25:05

Oh wait. I'm just jumping all over the place. We've got the name set up. We've got no password and let me show if we wanted to set up a password, how we do that. Type in VTP and you can see password is one our options. If we want do assign a password, we could. I'm gonna skip that step just because

00:25:28

you just type in a password up here and then you have to go to switch 2 and 3 and type the same password. It's pretty self-explanatory. But what I do want to show you is changing the mode. When you type in VTP mode it gives you those three options that we talked about in the previous video; server, client and transparent. Now, remember everything is a server by default, so

00:25:50

anybody can add or delete VLANs and they'll replicate to everybody else. You're supposed to only have one or two servers in the network and everything else will be clients, which means the client can not add or delete VLANs. It just accepts updates from

00:26:04

from the other switches. VTP transparent mode is the Harley Davidson rebel switch that maintains its own list of VLANs and does not send them out nor does it accept updates from other switches. So switch 1, since that's our core, let's make that the server. Let's hop down to switch 2 and I'll type in VTP mode client -- do a show VTP status down here.

00:26:28

And now you can see the operating mode is client. It's still on the Nugget World domain. Now ooh -- that's a good point. Notice right here it said the configuration last modified by, you know, 0, 0, 0, 0. Meaning nobody's last modified the configuration. Do you remember when we did this command before. It said

00:26:46

local updater ID is this: that was -- that was on there before because it was in a server mode. And it said I can update myself. But as soon as I change it to a client mode, scroll back down, you can see local modifier ID is gone -- meaning, I can't locally modify the configuration anymore. And let me do switch 3 and I'll prove that.

00:27:06

I'm over on switch 3. I'll type in VTP mode client. Boom. It's now in client mode. And verified right -- there it is. Now let's hit this last piece, which is configuring the VLANs. In the next video, I'll assign the ports to the VLAN. To configure the VLANs, all you need to do -- it's a piece of cake -- is go into global config mode, and type in VLAN and what VLAN number you would like to create.

00:27:36

So I could say VLAN 10; enter. And that will create the VLAN. But I want you to catch this. I'm on a client right now, so when I hit enter it says, "Oh, sorry, VLAN configuration is not allowed when the device is in client mode." You can't do that from here is

00:27:52

what it's trying to say. Now, this is where you as an administrator have to exercise self-control because this is, you know, this is the suggested design. We have clients everywhere in the network; one server, one or two server maybe as a backup and that's where you make all your changes from. So it's tempting

00:28:09

when you telnet into the wrong switch and you type; oh just want to create this VLAN and it says oh, you're a client. All you have to do is type VTP mode server to switch it back and make that change. But that's not how it's supposed to work. So let's hop back up to switch

00:28:21

number 1. I'm already in global config mode. So I'll type in VLAN 10; enter. Now it takes me into a VLAN creation mode or a VLAN config mode. VLAN 10 is actually created. If I go back and do a show VLAN, you can see that VLAN 10 has now appeared in my list. See that? And then if I want to I can go in and say, you know, go back under VLAN 10 creation mode and I want to say the name of that VLAN is sales; enter. A lot of people and most people

00:28:56

will assign names to their VLAN because it's a lot more logical to see, oh, that's for sales people or the marketing people or the internet router or whatever the case may be. So that you can notate what that domain really is about. So I'll do a show VLAN again.

00:29:12

I can see VLAN sales is now on the list. Let's do a show VTP status on our server. You can see the configuration revision has gone up to three. Huh? Let's jump down to switch number 2; show VTP status down here, and take a look at that. It's hopped up to three as well and notice

00:29:35

what changed. It says the configuration was last modified by 192.168.1.10. So who is that? Let's hop back up to our diagram. That's switch number 1.10. So it sent an update that modified the configuration on switch number 2. Let's do a show VLAN here. Ahhh, the power of VTP in action. Let's go over to switch number 3. Show VTP status. I can see that the config was last modified

00:30:05

by switch number 1 right there. Configuration rev, that should be the same on all of them because remember the revision numbers work, that's -- that's how it finds out that it has the latest copy of the database. We talked about that in the previous video. Show VLAN

00:30:17

and oh, you have to make that noise -- sales. Sales is now shown up. So here's what I want to do. I want to create three VLANs. So let's head back up to switch number 1. I'll create VLAN 20, name -- marketing. VLAN 30, name-- Engineering. Show VLAN. There we are; we've got the three new VLANs that have

00:30:48

come up there; nice little status message to make it all jumbled. But the three new VLANs are there. I'll do a show VTP stat. You can see our config rev has gone up to five reflecting the two new VLANs that we just added. It went from three, four, five. And now

00:31:02

we can hop down to switch 2; show VLAN; uh-huh -- switch 3; show VLAN. Uh-huh or ohhh; so there they all are. THEY are all showing up because VTP is working correctly. Now keep in mind, this whole time we've been making all these changes -- configuring trunks, setting up VTP, configuring the VLANs, but nothing on our network has changed. Meaning, we're

00:31:30

setting up VLANs; I'll just write them up here. VLANs 10, 20, and 30, but no ports are actually assigned to those VLANs yet. So if I'm looking at my computer, I'm -- I'm sitting right here on 192.168.1.50, bring up a nice little command prompt; that's my PC and I'll ping over to 192.168.1.20. I'm still able to ping there because these ports are still assigned to VLAN 1. If you look back at our config, you know, this shows the VLAN, this shows all the ports right there that are assigned to VLAN 1. Yes, we've created the VLAN but we're not actually doing anything with them yet.

00:32:07

So that's what I plan on doing in the next video is assigning those ports to the VLAN and then testing the effects of that; showing what happens when we do that. Now before I do that, before I wrap this one up, I want to talk about fastethernet 0/1. Notice it's missing from the list. The reason why is because it is configured as a trunk.

00:32:28

Now I want to show you a new command here. Well, first off I'll do a show run interface fastethernet 0/1 just to verify that is a trunk. I'm gonna type in show interface fastethernet 0/1 and we've seen the show interface command before but I want to add another command, which is switch port. Remember

00:32:49

the commands we used to change the mode from trunk to access and all that? It was switch port mode. So this shows the switch port mode characteristics and I can see that the switch port is enabled. It is administratively set to a trunk. It is operationally

00:33:04

at a trunk. The administrative encapsulation is that.1Q. The actual operational trunk encapsulation is.1Q. Now first off let me just explain. What's the difference between administrative and operational? You remember when we first got on the switch, it said switch port mode dynamic? That was the administrative mode.

00:33:22

It was dynamic initially, but we changed it. So if it was dynamic and it negotiated a trunk, we would see administrative dynamic operational trunk. Or we might say administrative dynamic operational access that kind of thing. But if you look down this list you can see

00:33:38

the native mode VLAN, we talked about that in the previous video. Administrative -- a lot more information on here on trunking VLANs enabled; that's what VLANs it's sending across there. Pruning VLANs enabled; if pruning is turned on. And by the way, VTP pruning; that's how you turn on the pruning aspect. I

00:33:59

talked about that in the previous video. You just type it in and hit enter. So those -- those are all verified by using the show interface -- what one you want to look at and switch port to see the trunking status. You can also type in show trunk. No we

00:34:17

can't. Show -- hmm? There is a command show interface trunk? Ahh, there it is. Show interface trunk will show us that we've got fastethernet 0/1; mode is on; encapsulation. Status is trunking, native VLAN is 1. So you're able to see which interfaces are set to trunking by either typing in show interface switch port, where you can see them all or you can do just show interface trunk for a lot more concise view. That's where I want to draw the line for this video. I know

00:34:56

there's only one more step, which is assigning the switch ports to the VLANs but there's a lot of testing I want to show you and show you the effects of what happens when we do that. So that you can have a full scope of what's going on. We'll -- we'll continue

00:35:07

that. I'll make a part two to this video. So we walk through this and saw the network diagram enhancements. We added three switches to our network or two additional switches and we assigned IP addresses, too. We then configured VTP and in order to do that we had this set the trunk ports between the switches; turn on the VTP domain name and -- and set all the parameters with VTP. Then we added three VLANs: VLANs 10, 20 and 30 and watched them replicate between them. In the next video, I know, which is one step, I'm going to show you a assigning the switch ports to the VLANs and then the effects of what happens when we do that. Also, we'll look at a lot of the administrative

Switch VLANs: Configuring VLANs and VTP, Part 2

Switch STP: Understanding the Spanning-Tree Protocol

Switch STP: Configuring Basic STP

Switch STP: Enhancements to STP

General Switching: Troubleshooting and Security Best Practices

Subnetting: Understanding VLSM

Routing Protocols: Distance Vector vs. Link State

Routing Protocols: OSPF Concepts

Routing Protocols: OSPF Configuration and Troubleshooting

Routing Protocols: EIGRP Concepts and Configuration

Access-Lists: The Rules of the ACL

Access-Lists: Configuring ACLs

Access-Lists: Configuring ACLs, Part 2

NAT: Understanding the Three Styles of NAT

NAT: Command-line NAT Configuration

WAN Connections: Concepts of VPN Technology

WAN Connections: Implementing PPP Authentication

WAN Connections: Understanding Frame Relay

WAN Connections: Configuring Frame Relay

IPv6: Understanding Basic Concepts and Addressing

IPv6: Configuring, Routing, and Interoperating

Certification: Some Last Words for Test Takers

Advanced TCP/IP: Working with Binary

Advanced TCP/IP: IP Subnetting, Part 1

Advanced TCP/IP: IP Subnetting, Part 2

Advanced TCP/IP: IP Subnetting, Part 3

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
16 hrs 32 videos

COURSE RATING

Basic Plan Features


Speed Control
Included in this course
Play videos at a faster or slower pace.

Bookmarks
Included in this course
Pick up where you left off watching a video.

Notes
Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Included in this course
Follow what the trainers are saying with ease.

NuggetLab
Files/materials that supplement the video training

Premium Plan Features


Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Included in this course
Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Included in this course
Develop and maintain a study plan with assistance from coaches.
Jeremy Cioara
Nugget trainer since 2003