Wednesday, 21 September 2016

VLAN Trunking Protocol Guide

Part 1.4.a  VTPv1, VTPv2, VTPv3, VTP pruning
VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that propagates VLAN information on a LAN. To do this, VTP carries VLAN information to all the switches in a VTP domain. VTP advertisements can be sent over ISL, 802.1Q, IEEE 802.10 and LANE trunks. VTP is available on most of the Cisco Catalyst Family products.
Understanding VLAN Trunking Protocol
VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. Before you create VLANs, you must decide whether to use VTP in your network.

Using VTP, you can make configuration changes centrally on one or more switches and have those changes automatically communicated to all the other switches in the network. Without VTP, you cannot send information about VLANs to other switches.

VTP is designed to work in an environment where updates are made on a single switch and are sent through VTP to other switches in the domain. It does not work well in a situation where multiple updates to the VLAN database occur simultaneously on switches in the same domain, (resulting in an inconsistency in the VLAN database).
VTP functionality is supported across the stack, and all switches in the stack maintain the same VLAN and VTP configuration inherited from the stack master. When a switch learns of a new VLAN through VTP messages or when a new VLAN is configured by the user, the new VLAN information is communicated to all switches in the stack.
The switch supports 1005 VLANs by default. When VTP send out information of a new VLAN and the switch is already using the maximum available hardware resources, it sends a message that there are not enough hardware resources available and shuts down the VLAN. The output of the show vlan user EXEC command shows the VLAN in a suspended state.
VTP only learns about normal-range VLANs (VLAN IDs 1 to 1005). Extended-range VLANs (VLAN IDs greater than 1005) are not supported by VTP or stored in the VTP VLAN database.
The VTP Domain
A VTP domain consists of several switches or switch stacks under the same administrative scope sharing the same VTP domain name. A switch can be in only one VTP domain. You make global VLAN configuration changes for the domain.

By default, the switch is in the VTP no-management-domain state until it receives an advertisement for a domain over a trunk link or until you configure a domain name. Until the management domain name is specified or learned, you cannot create or modify VLANs on a VTP server, and VLAN information is not propagated over the network.

If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and the VTP configuration revision number. The switch then ignores advertisements with a different domain name or an earlier configuration revision number.

Note: Before adding a VTP switch in client mode to a VTP domain, always verify that its revision number is lower than the configuration revision number of any other switches in the VTP domain. Switches in a VTP domain always use the VLAN configuration of the switch with the highest VTP configuration revision number. If you add a switch that has a revision number higher than the revision number in the VTP domain, it can erase all VLAN information from the VTP server and the whole VTP domain.

When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP advertisements are sent over all trunk connections, including ISL and 802.1Q. VTP dynamically maps VLANs with unique names and internal index associates across multiple LAN types, which simplifies administrative task.

If you configure a switch in Transparent mode, you can create and modify VLANs, but the changes are not sent to other switches in the domain, and they affect only the individual switch. However, configuration changes made when the switch is in this mode are saved in the switch running configuration and can be saved to the switch startup configuration file. It all depends on the VTP mode of operation and the version it runs.
VTP Modes
With VTP you can configure a switch or stack, to be in one of the VTP modes:
VTP server
Creates, modifies, and delete VLANs for the entire VTP domain. VTP servers advertise their VLAN configurations to other switches in the same VTP domain and synchronize their VLAN configurations with other switches based on advertisements received over trunk links. In VTP server mode, VLAN configurations are saved in NVRAM. It’s the default mode of operation.
VTP client
VTP clients do not allow the administrator to create, change, or delete any VLANs. Instead, they listen to VTP advertisements from other switches and modify their VLAN configurations accordingly. In effect, this is a passive listening mode. Received VTP information is forwarded out trunk links to neighboring switches in the domain, so the switch also acts as a VTP relay.
VTP transparent
VTP transparent switches do not participate in VTP. While in transparent mode, a switch does not advertise its own VLAN configuration, and it does not synchronize its VLAN database with received advertisements. In VTP version 1, a transparent mode switch does not even relay VTP information it receives to other switches unless its VTP domain names and VTP version numbers match those of the other switches. In VTP version 2, transparent switches do forward received VTP advertisements out of their trunk ports, acting as VTP relays. This occurs regardless of the VTP domain name setting.
Off Mode
Like transparent mode, switches in VTP off mode do not participate in VTP; however, VTP advertisements are not relayed at all. You can use VTP off mode to disable all VTP activity on or through a switch.
Configuring VTP Mode

SW1(config)# vtp mode {server | client | transparent | off}

SW1(config)# vtp password password [hidden | secret]

VTP Advertisements
VTP switches use an index called the VTP configuration revision number to keep track of the most recent information. Every switch in a VTP domain stores the configuration revision number that it last heard from a VTP advertisement. The VTP advertisement process always starts with configuration revision number 0.
When subsequent changes are made on a VTP server, the revision number is incremented before the advertisements are sent. When listening switches receive an advertisement with a greater revision number than is stored locally, they assume that the advertisement contains new and updated information. The advertisement is stored and overwrites any previously stored VLAN information.
VTP advertisements originate from server mode switches as VLAN configuration changes occur and are announced. Advertisements can also originate as requests from client mode switches that want to learn about the VTP database as they boot. VTP advertisements can occur in three forms:
Summary advertisements
VTP domain servers send summary advertisements every 300 seconds and every time a VLAN database change occurs. The summary advertisement lists information about the management domain, including VTP version, domain name, configuration revision number, time stamp, MD5 encryption hash code, and the number of subset advertisements to follow. For VLAN configuration changes, summary advertisements are followed by one or more subset advertisements with more specific VLAN configuration data. Bellow show the Summary Advertisement Format:

Subset Advertisements
VTP  servers send Subset Advertisements after a VLAN configuration change occurs. These advertisements list the specific changes that have been performed, such as creating or deleting a VLAN, suspending or activating a VLAN, changing the name of a VLAN, and changing a VLAN’s MTU. Subset Advertisements can list the following VLAN parameters: Status of the VLAN, VLAN type (Ethernet or Token Ring), MTU, Length of the VLAN name, VLAN number, Security Association Identifier (SAID) value, and VLAN name. VLANs are listed individually in sequential subset advertisements. Bellow shows the VTP Subset Advertisement Format.

Advertisement Requests (from Clients)
A VTP client can request any VLAN information it lacks. A client switch might be reset and have its VLAN database cleared, and its VTP domain membership might be changed, or it might hear a VTP summary advertisement with a higher revision number than it currently has. After a client advertisement request, the VTP servers respond with Summary and Subset Advertisements to bring it up to date.

Catalyst switches in Server mode store VTP information separately from the switch configuration in NVRAM. VLAN and VTP data are saved in the vlan.dat file on the switch’s Flash Memory File System. All VTP information, including Revision Number, is retained even when the switch power is off. Through this, a switch can recover the last known VLAN configuration from its VTP database after it reboots.
VTP advertisements distribute this global domain information:
– VTP domain name
– VTP configuration revision number
– Update identity and update timestamp
– MD5 digest VLAN configuration, including maximum transmission unit (MTU) size for each VLAN.
– Frame format 
VTP advertisements distribute this VLAN information for each configured VLAN:
– VLAN IDs (ISL and IEEE 802.1Q)
– VLAN name
– VLAN type
– VLAN state
– Additional VLAN configuration information specific to the VLAN type
VTP Version 2
By default, VTP operates in Version 1. VTP Version 2 supports these features that are not supported in Version 1:
– Token Ring Bridge Relay Function (TrBRF) and Token Ring Concentrator Relay Function (TrCRF) VLANs.
– Unrecognized Type-Length-Value (TLV) support. A VTP server or client propagates configuration changes to its other trunks, even for TLVs that is not able to parse. The unrecognized TLV is saved in NVRAM when the switch is operating in VTP server mode.
– Version-Dependent Transparent Mode. In Version 1 transparent mode, inspects messages for the domain name and version, and it forwards a message only if the version and domain name match. VTP Version 2 supports only one domain, it forwards VTP messages in transparent mode without inspecting the version and domain name.
– Consistency Checks – In Version 2, VLAN consistency checks (names and values) are performed only when you enter new information through the CLI or SNMP. Consistency checks are not performed when new information is obtained from a VTP message or when information is read from NVRAM. If the MD5 digest on a received VTP message is correct, its information is accepted.
Configuring VTP
By default, VTP operates in Server mode, but to set a device to Server mode use the following:

SW1# conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)# vtp mode server

Device mode already VTP Server for VLANS.

SW1(config)# vtp domain CCNP

Changing VTP domain name from NULL to CCNP

SW1(config)# vtp password 53cr3t

Setting device VTP password to 53cr3t

SW1(config)# end

SW1#

Configuring a VTP Client

When a switch is in client mode, you cannot change its VLAN configuration. The client switch receives an updates from a server in the domain and then modifies its configuration accordingly.

SW1# conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)# vtp mode client

Setting device to VTP Client mode for VLANS.

SW1(config)# vtp domain CCNP

Changing VTP domain name from NULL to CCNP

SW1(config)# vtp password 53cr3t

Setting device VTP password to 53cr3t

SW1(config)# end

SW1#

Disabling VTP (VTP Transparent Mode)
When you configure the switch for Transparent mode, the switch does not send VTP updates and does not act on VTP updates received from other switches. However, a VTP transparent switch running VTP Version 2 does forward received VTP advertisements on its trunk links.
SW1# conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)# vtp mode transparent

Setting device to VTP Transparent mode for VLANS.

SW1(config)# vtp domain CCNP

Changing VTP domain name from NULL to CCNP

SW1(config)# vtp password 53cr3t

Setting device VTP password to 53cr3t

SW1(config)# end

SW1#

Note:https://i0.wp.com/www.cisco.com/c/dam/en/us/td/i/templates/blank.gifBefore you create extended-range VLANs (VLAN IDs 1006 to 4094), you must set VTP mode to transparent by using the vtp mode transparent global configuration command. Save this configuration to the startup configuration so that the switch boots up in VTP transparent mode. Otherwise, you lose the extended-range VLAN configuration if the switch resets and boots up in VTP server mode (the default)
Enabling VTP Version 2
VTP Version 2 is disabled by default on VTP Version 2-capable switches. When you enable VTP Version 2 on a switch, every VTP Version 2-capable switch in the VTP domain enables Version 2. You can only configure the version when the switches are in VTP server or transparent mode.

SW1# conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)# vtp mode server

Device mode already VTP Server for VLANS.

SW1(config)# vtp version 2

SW1(config)# vtp domain CCNP

Changing VTP domain name from NULL to CCNP

SW1(config)# vtp password 53cr3t

Setting device VTP password to 53cr3t

SW1(config)# end

SW1#

VTP Version 3
VTP version 3 supports features that are not supported in version 1 or version 2:
Enhanced authentication – You can configure the authentication as hidden or secret. When hidden, the secret key from the password string is saved in the VLAN database file, but it does not appear in plain text in the configuration. Instead, the key associated with the password is saved in hexadecimal format in the running configuration. You must reenter the password if you enter a takeover command in the domain. When you enter the secret keyword, you can directly configure the password secret key.
Extended range VLAN (VLANs 1006 to 4094) Propagation – VTP versions 1 and 2 propagate only VLANs 1 to 1005. If extended VLANs are configured, you cannot convert from VTP version 3 to version 1 or 2.
Note: VTP pruning still applies only to VLANs 1 to 1005, and VLANs 1002 to 1005 are still reserved and cannot be modified.
Private VLAN support.
Version 3 can propagate MST protocol database information. A separate instance of the VTP protocol runs for each application that uses VTP.
VTP Primary Server and VTP Secondary Servers. A VTP primary server updates the database information and sends updates that are honored by all devices in the system. A VTP secondary server can only back up the updated VTP configurations received from the primary server to its NVRAM.
By default, all devices come up as secondary servers. You can enter the vtp primary command to specify a primary server. You can have a working VTP domain without any primary servers. Primary server status is lost if the device reloads or domain parameters change, even when a password is configured on the switch.
Turn VTP On or Off on a per-trunk (per-port) basis. You can enable or disable VTP per port by entering the [no] vtp interface configuration command. When you disable VTP on trunking ports, all VTP instances for that port are disabled.
Note: When you globally set VTP mode to off, it applies to all the trunking ports in the system. However, you can specify on or off on a per-VTP instance basis. For example, you can configure the switch as a VTP server for the VLAN database but with VTP off for the MST database
Enabling VTP Version 3
In this example the VTP version is set to 2 and we will proceed to configure version 3:

SW1# show vtp status

VTP Version capable : 1 to 3

VTP version running : 2

VTP Domain Name : CCNP

VTP Pruning Mode : Disabled

VTP Traps Generation : Disabled

Device ID : aabb.cc00.0100

Configuration last modified by 0.0.0.0 at 11-22-15 00:18:11

Feature VLAN:

--------------

VTP Operating Mode : Transparent

Maximum VLANs supported locally : 1005

Number of existing VLANs : 5

Configuration Revision : 0

MD5 digest : 0x6C 0xAC 0x47 0xF2 0x83 0xDE 0xA9 0xD6

0xE2 0x9F 0xA6 0x44 0x48 0x8F 0x90 0x25

Enabling VTP Version 3, Hidden Password and as Primary Server
SW1# conf t

SW1(config)# vtp mode server

Setting device to VTP Server mode for VLANS.

SW1(config)# vtp version 3

SW1(config)# vtp password 53cr3t hidden

Setting device VTP password

SW1(config)# end

SW1#

SW1# vtp primary vlan

This system is becoming primary server for feature vlan

Enter VTP Password:

No conflicting VTP3 devices found.

Do you want to continue? [confirm]

SW1#

*Nov 22 00:37:48.081: %SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: aabb.cc00.0100 has become the primary server for the VLAN VTP feature

Enable VTP per Interfac
SW1# conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)# int gig0/0

SW1(config-if)# vtp

SW1(config-if)# end

SW1#

Verify VTP
Display counters about VTP messages that have been sent and received:

SW1# show vtp counters

VTP statistics:

Summary advertisements received : 0

Subset advertisements received : 0

Request advertisements received : 0

Summary advertisements transmitted : 0

Subset advertisements transmitted : 0

Request advertisements transmitted : 0

Number of config revision errors : 0

Number of config digest errors : 0

Number of V1 summary errors : 0

VTP pruning statistics:

Trunk            Join Transmitted  Join Received   Summary advts received from

                                                   non-pruning-capable device

---------------- ---------------- ---------------- ---------------------------

Display information about all VTP version 3 devices in the domain. Conflicts are VTP version 3 devices with conflicting primary servers. The show vtp devices command does not display information when the switch is in transparent or off mode.
SW1# show vtp devices conflicts

Retrieving information from the VTP domain. Waiting for 5 seconds.

No conflicting VTP3 devices found.

VTP status and configuration for all interfaces or the specified interface.
SW1# sh vtp interface e0/0


Interface                VTP Status

------------------------------------

 Ethernet0/0               enabled

SW1#
Display the VTP password
The form of the password displayed depends on whether or not the hidden keyword was entered and if encryption is enabled on the switch. In this case it is encrypted.
SW1# show vtp password

VTP Password: A22D3C460352B9E7971A690BAC83E64E

SW1#
Display VTP Configuration Information
SW1# show vtp status

VTP Version capable : 1 to 3

VTP version running : 3

VTP Domain Name : CCNP

VTP Pruning Mode : Disabled

VTP Traps Generation : Disabled

Device ID : aabb.cc00.0100

Feature VLAN:

--------------

VTP Operating Mode : Primary Server

Number of existing VLANs : 5

Number of existing extended VLANs : 0

Maximum VLANs supported locally : 4096

Configuration Revision : 1

Primary ID : aabb.cc00.0100

Primary Description : SW1

MD5 digest : 0xF1 0x51 0x6C 0xBF 0x96 0xEF 0x4F 0x48

 0x0E 0x8A 0x08 0xF7 0x55 0x48 0x50 0xBD

Feature MST:

--------------
VTP Operating Mode : Transparent

Feature UNKNOWN:

--------------

VTP Operating Mode : Transparent

SW1#

VTP Pruning
Increases network available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to reach the destination devices. Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them.
VTP pruning blocks unneeded flooded traffic to VLANs on trunk ports that are included in the pruning-eligible list. Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2-1001 are pruning eligible switch trunk ports. If the VLANs are not configured as pruning-eligible, the flooding continues. Supports VTP Version 1 and Version 2.

It’s the best design configuration to have because it enables the flooding of specific VLANs to only the trunks that connect to switches that have end devices attached to those specific VLANs. Enabling VTP pruning on a VTP server enables pruning for the entire management domain. Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the VTP domain).

Note: VLAN 1 and VLANs 1002 to 1005 are always pruning-ineligible, traffic from these VLANs cannot be pruned. Extended-range VLANs (VLAN IDs higher than 1005) are also pruning-ineligible.

VTP pruning is not designed to function in Transparent mode. If one or more switches in the network are in Transparent mode, you should do one of these:

– Turn off VTP pruning in the entire network.

– Turn off VTP pruning by making all VLANs on the trunk of the switch upstream to the Transparent switch Pruning Ineligible.

To configure VTP pruning on an interface, use the switchport trunk pruning vlan interface command. VTP pruning operates when an interface is trunking. You can set VLAN pruning-eligibility, whether or not VTP pruning is enabled for the VTP domain, whether or not any given VLAN exists, and whether or not the interface is currently trunking.
With VTP versions 1 and 2, when you enable pruning on the VTP server, it is enabled for the entire VTP domain. With VTP v3 you must manually enable pruning in every switch individually in the VTP domain.
Only VLANs included in the pruning-eligible list can be pruned. VLANs 2 through 1001 are pruning-eligible on trunk ports. Reserved VLANs and extended-range VLANs cannot be pruned. To change the pruning-eligible VLANs,
Enabling VTP Pruning
Pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the destination devices. You can only enable VTP pruning on a switch in VTP server mode.

SW2(config)# vtp pruning

Pruning switched on

SW2(config)# do sh vtp status

VTP Version capable : 1 to 3

VTP version running : 2

VTP Domain Name : CCNP

VTP Pruning Mode : Enabled

VTP Traps Generation : Disabled

Device ID : aabb.cc00.0200

Configuration last modified by 0.0.0.0 at 11-22-15 19:30:38

Local updater ID is 0.0.0.0 (no valid interface found)



Feature VLAN:

--------------

VTP Operating Mode : Server

Maximum VLANs supported locally : 1005

Number of existing VLANs : 5

Configuration Revision : 4

MD5 digest : 0x62 0xCF 0x7B 0x27 0x71 0xBC 0x99 0x78

 0x0F 0x64 0x4F 0x10 0xF4 0xF2 0x92 0xAD

SW2(config)#


Changing the Pruning-Eligible List

With VTP versions 1 and 2, when you enable pruning on the VTP server, it is enabled for the entire VTP domain. In VTP version 3, you must manually enable pruning on each switch in the domain.

Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are pruning-eligible on trunk ports. Reserved VLANs and extended-range VLANs cannot be pruned.

SW2(config)# interface e0/0

SW2(config-if)# switchport trunk pruning vlan ?

 WORD VLAN IDs of the allowed VLANs when this port is in trunking mode

 add add VLANs to the current list

 except all VLANs except the following

 none no VLANs

 remove remove VLANs from the current list

SW2(config-if)#

Separate nonconsecutive VLAN IDs with a comma and no spaces, use a hyphen to designate a range of IDs.

Note: Valid IDs are 2 to 1001. Extended-range VLANs (VLAN IDs 1006 to 4094) cannot be pruned. VLANs that are pruning-ineligible receive flooded traffic. The default list of VLANs allowed to be pruned contains VLANs 2 to 1001. 

Add VLAN 10 to 15 to the Vlan-Illegible list

SW2(config)# interface e0/0

SW2(config-if)# switchport trunk pruning vlan add 10-15

SW2(config-if)# end

SW2#

SW2# show interfaces e0/0 switchport

Name: Et0/0

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL



Appliance trust: none


All configured VLANs are allowed in the trunks, so we will configure the illegible list to not allow VLANs 10 to 15

SW2# show interfaces trunk



Port    Mode    Encapsulation    Status    Native vlan

Et0/0    on       802.1q        trunking      1

Et0/1    on       802.1q        trunking      1



Port Vlans allowed on trunk

Et0/0 1-4094

Et0/1 1-4094



Port Vlans allowed and active in management domain

Et0/0 1,10-20

Et0/1 1,10-20



Port Vlans in spanning tree forwarding state and not pruned

Et0/0 1,10-20

Et0/1 10-20

SW2#


Remove VLANs 10 to 15 from the Illegible-List

SW2(config)# interface e0/0

SW2(config-if)# switchport trunk pruning vlan remove 10-15

SW2(config-if)# end

SW2#

SW2# show interfaces e0/0 switchport

Name: Et0/0

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-9,16-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL



Appliance trust: none

SW1# show interfaces trunk



Port Mode Encapsulation Status Native vlan

Et0/0 on 802.1q trunking 1

Et0/1 on 802.1q trunking 1



Port Vlans allowed on trunk

Et0/0 1-4094

Et0/1 1-4094



Port Vlans allowed and active in management domain

Et0/0 1-20

Et0/1 1-20



Port Vlans in spanning tree forwarding state and not pruned

Et0/0 1,10-15

Et0/1 1,10-15

As we can observe, VLANs 10 to 15 were removed from the Illegible-list.

Add VLANs 10 to 15 back to the Illegible-list

SW2# conf t

 Enter configuration commands, one per line. End with CNTL/Z.

SW2(config)# interface Ethernet0/0

SW2(config-if)# switchport trunk pruning vlan add 10-15

SW2(config-if)# end

SW2# show interface ethernet 0/0 switchport

 Name: Et0/0

 Switchport: Enabled

 Administrative Mode: trunk

 Operational Mode: trunk

 Administrative Trunking Encapsulation: dot1q

 Operational Trunking Encapsulation: dot1q

 Negotiation of Trunking: On

 Access Mode VLAN: 1 (default)

 Trunking Native Mode VLAN: 1 (default)

 Administrative Native VLAN tagging: enabled

 Voice VLAN: none

 Administrative private-vlan host-association: none

 Administrative private-vlan mapping: none

 Administrative private-vlan trunk native VLAN: none

 Administrative private-vlan trunk Native VLAN tagging: enabled

 Administrative private-vlan trunk encapsulation: dot1q

 Administrative private-vlan trunk normal VLANs: none

 Administrative private-vlan trunk associations: none

 Administrative private-vlan trunk mappings: none

 Operational private-vlan: none

 Trunking VLANs Enabled: ALL

 Pruning VLANs Enabled: 2-1001

 Capture Mode Disabled

 Capture VLANs Allowed: ALL



Appliance trust: none

SW2#

SW1# show interfaces trunk



Port Mode Encapsulation Status Native vlan

Et0/0 on 802.1q trunking 1

Et0/1 on 802.1q trunking 1



Port Vlans allowed on trunk

Et0/0 1-4094

Et0/1 1-4094



Port Vlans allowed and active in management domain

Et0/0 1-20

Et0/1 1-20



Port     Vlans in spanning tree forwarding state and not pruned

Et0/0     1

Et0/1     1


As we can see we have granularity with the pruning configuration and editing the Illegible list. There are more options for different sets of possible configurations. Bellow are all the options provided:

SW1(config-if)# switchport trunk pruning vlan ?

 WORD     VLAN IDs of the allowed VLANs when this port is in trunking mode

 add      add VLANs to the current list

 except   all VLANs except the following

 none     no VLANs

 remove   remove VLANs from the current list



SW1(config-if)#


VTP and Switch Stacks

VTP configuration is the same in all members of a switch stack. When the switch stack is in VTP server or client mode, all switches in the stack carry the same VTP configuration. When VTP mode is transparent, the stack is not taking part in VTP.

– When a switch joins the stack, it inherits the VTP and VLAN properties of the stack master.

– All VTP updates are carried across the stack.

– When VTP mode is changed in a switch in the stack, the other switches in the stack also change VTP mode, and the switch VLAN database remains consistent.



Hope this helps someone else!


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)