Day 3 Trunking, DTP, and Inter-VLAN Routing
Dynamic ISL
A Cisco protocol, Dynamic Inter-Switch Link Protocol (DISL) simplifies the creation of an ISL trunk from two interconnected Fast Ethernet devices. Fast EtherChannel technology enables aggregation of two full-duplex Fast Ethernet links for high-capacity backbone connections. DISL minimizes VLAN trunk configuration procedures because only one end of a link needs to be configured as a trunk.
Configuring and Verifying Trunk Links
A trunk is a switch port that can carry multiple traffic types, each tagged with a unique VLAN ID. As data is switched across the trunk port or trunk link, it is tagged (or coloured) by the egress switch trunk port, which allows the receiving switch to identify that it belongs to a particular VLAN. On the receiving switch ingress port, the tag is removed and the data is forwarded to the intended destination.
ConfiguringVTP
All switches must be configured with the same VTP domain name if they are to exchange VLAN information
Inter-VLAN Routing
By default, although VLANs can span the entire Layer 2 switched network, hosts in one VLAN cannot communicate directly with hosts in another VLAN. In order to do so, traffic must be routed between the different VLANs. This is referred to as inter-VLAN routing.
Dynamic Trunking Protocol (DTP)
Dynamic Trunking Protocol (DTP). If a port can become a trunk, it may also have the ability to trunk automatically, and in some cases even negotiate what type of trunking to use on the port. DTP provides this ability to negotiate the trunking method with the other device.DTP is a Cisco proprietary point-to-protocol that negotiates a common trunking mode between two switches. This dynamic negotiation can also include trunking encapsulation.
IEEE 802.1Q Native VLAN
In the previous module, you learned that 802.1Q, or VLAN tagging, inserts a tag into all frames, except those in the native VLAN. The IEEE defined the native VLAN to provide for connectivity to old 802.3 ports that did not understand VLAN tags. By default, an 802.1Q trunk uses VLAN 1 as the native VLAN. The default native VLAN on an 802.1Q trunk link can be verified by issuing the show interfaces [name] switchport or the show interfaces trunk command,
NOTE:
It is important to know that if the switches are both set to dynamic auto, they will not be able to establish a trunk between them. This is because, unlike dynamic desirable mode, dynamic auto mode is a passive mode that waits for the other side to initiate trunk establishment. Therefore, if two passive ports are connected, neither will ever initiate trunk establishment and the trunk will never be formed. Similarly, if a statically configured switch port is also configured with the switchport nonegotiate command, it will never form a trunk with a neighbouring switch using DTP because this prevents the sending of DISL and DTP packets out of that port.
Inter-VLAN routing using switched virtual interfaces
Multilayer switches support the configuration of IP addressing on physical interfaces. These interfaces, however, must be configured with the no switchport interface configuration command to allow administrators to configure IP addressing on them. In addition to using physical interfaces, Multilayer switches also support Switched Virtual Interfaces (SVIs). SVIs are logical interfaces that represent a VLAN. Although the SVI represents a VLAN, it is not automatically configured when a Layer 2 VLAN is configured on the switch; it must be manually configured by the administrator using the interface vlan [number] global configuration command. The Layer 3 configuration parameters, such as IP addressing, are then configured on the SVI in the same manner as they would be on a physical interface.
Configuration Revision Number
The configuration revision number is a 32-bit number that indicates the level of revision for a VTP packet (see the show vtp status output above). This information is used to determine whether the received information is more recent than the current version. Each time that you make a VLAN change on a switch in VTP Server mode, the configuration revision is incremented by one and change will be propagated to VTP clients (switches in VTP Transparent mode will have a revision number of 0 and will not increase with database changes). In order to reset the configuration revision of a switch, change the VTP domain name, and then change the name back to the original name.
Manual (Static) Trunk Configuration
The manual configuration of a trunk is performed by issuing the switchport mode trunk interface configuration command on the desired switch port. This command forces the port into a permanent (static) trunking mode.
VTP Pruning
There will often be situations where you have VLANs 20 to 50, for example, on one side of your network and 60 to 80 on the other. It doesn't make sense for VLAN information from the switches on one side to be passed to every switch on the other. For this reason, switches can prune unnecessary VLAN information on the switches, thus reducing the Broadcast traffic
NOTE:
This command is required only on Layer 3-capable or Multilayer switches. It is not applicable to Layer 2-only switches, such as the Catalyst 2960 series. A switch would need to support the command ip routing in order to be considered Layer 3 capable.
Troubleshooting Inter-VLAN Routing
Troubleshooting Inter-VLAN Routing Inter-VLAN routing issues can come in many forms, especially considering that multiple devices are involved (switches, routers, etc.) in the process. By following a proper troubleshooting methodology, you should be able to isolate the problem to a particular device and then map it to a specific feature that has been misconfigured. From a connectivity standpoint, some of the things that need to be checked include: ▪ Verfiying that the end-stations are connected in the proper switch ports ▪ Verifying that the proper switch ports are connected in the proper router ports (if a router is used for inter-VLAN routing) ▪ Verifying that each of the ports involved in this process carry the correct VLANs o The ports that connect the end-stations are usually access ports allocated to a particular VLAN o The ports connecting the switch to the router are usually trunk ports After confirming that the connectivity between the devices is correct, the next logical step is investigating Layer 2 configuration, starting with the configured encapsulation method on the trunk ports, which is usually 802.1Q, the preferred method. Next, make sure that the same encapsulation is configured on both ends of the trunk link. Some of the commands that can be used to verify the encapsulation types are as follows: ▪ show interface trunk ▪ show interface < number > switchport Here is an example output: Cat-3550-1# show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/ 1 on 802.1q trunking 1 Fa0/ 2 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/ 1 1,10,20,30,40,50 Another important detail that is offered by the show interface trunk command is the trunk status. This confirms whether the trunk is formed or not and it has to be checked at both ends of the link. If the interface is not in "trunking" mode, one of the most important things that has to be verified is the mode of operation (on, auto, etc.) to see whether it will allow a trunking state to form with the other end of the link. The native VLAN is another important element that you should verify on the trunk ports. Misconfigured native VLANs can lead to a lack of functionality or security issues. The native VLAN should match at both ends of the trunk links. If after verifying the Layer 2 verification tasks the inter-VLAN issue is still not resolved, you can proceed to verifying Layer 3 configuration. Depending upon the Layer 3 device used to ensure the actual inter-VLAN routing, this can be configured/ verified on one of the following devices: ▪ Multilayer switch ▪ Router - physical interfaces ▪ Router - subinterfaces On the Layer 3 device, you should verify that the correct subnet is assigned to each interface (or SVI), and you should also verify the routing protocol, if needed. Usually, a different subnet is assigned to each VLAN so you should make sure that you don't misconfigure the interfaces. In order to verify this you can use the show interface command for the specific physical interface, subinterface, or SVI.
Troubleshooting Trunking and VTP
Troubleshooting Trunking and VTP The following are examples of problems and possible solutions: Trunk down? ▪ Interface must be up/ up ▪ Encapsulation must match both sides SwitchA# show interface fa1/ 1 switchport Name: Fa1/ 1 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Disabled Access Mode VLAN: 0 (( Inactive)) VLAN information not passing? ▪ Is the VLAN blocked on the trunk? Switch# show interface trunk VTP information not reaching the client? ▪ Correct domain and VTP password? show vtp status / show vtp password Added a new switch and all VTP information has changed? ▪ Always add a new switch in Client mode (but check the above note on the configuration revision number) ▪ Server mode will propagate new information VTP pruning not working?▪ Is there a transparent switch in the middle? ▪ Is the VLAN allowed across the trunk?
VTP
VLAN Trunking Protocol (VTP) is a Cisco proprietary Layer 2 messaging protocol that manages the addition, deletion, and renaming of VLANs on switches in the same VTP domain. VTP allows VLAN information to propagate through the switched network, which reduces administration overhead in a switched network, whilst enabling switches to exchange and maintain consistent VLAN information.
Basic VLAN Troubleshooting
VLANs are a fairly straightforward feature which rarely requires troubleshooting. A few of the problems that you will see are mostly configuration errors. We will cover Layer 2 troubleshooting in detail on Day 15. Common problems include the following: 1. Inter-VLAN routing not working: Check to ensure that the link between the switches and the routers is set up correctly, and the relevant VLANs are allowed and not pruned (see VTP pruning). The show interface trunk command will provide the required information. Also, check to ensure that the router's subinterfaces are configured with correct encapsulation and VLAN, and the subinterface's IP address is the default gateway for the hosts. 2. VLANs cannot be created: Check whether the VTP mode on the switch is set to "client." VLANs cannot be created if the VTP mode is client. Another important factor is the number of VLANs allowed on theswitch. The show vtp status command will provide the information required (see the Troubleshooting Trunking and VTP section below). 3. Hosts within the same VLAN cannot reach each other: It is important that hosts in a VLAN have an IP address that belongs to the same subnet. If the subnet is different, then they will not be able to reach each other. Another factor to consider is whether the hosts are connected to the same switch. If they are not connected to the same switch, then ensure that the trunk link( s) between the switches is/ are working correctly and that the VLAN is not excluded/ not pruned from the allowed list. The show interface trunk command will show needed information regarding the trunk link.
VTP Modes
VTP runs in the following three modes: ▪ Server (default) ▪ Client ▪ Transparent Server Mode In Server mode, the switch is authorised to create, modify, and delete VLAN information for the entire VTP domain. Any changes you make to a server are propagated throughout the whole domain. VLAN configuration is stored in the VLAN database file "vlan.dat" located on the flash memory. Client Mode In Client mode, the switch will receive VTP information and apply any changes, but it does not allow adding, removing, or changing VLAN information on the switch. The client will also send the VTP packet received out of its trunk ports. Remember that you cannot add a switch port on a VTP client switch to a VLAN that does not exist on the VTP server. VLAN configuration is stored in the VLAN database file "vlan.dat" located on the flash memory. Transparent Mode In Transparent mode, the switch will forward the VTP information received out of its trunk ports, but it will not apply the changes. A VTP Transparent-mode switch can create, modify, and delete VLANs, but the changes are not propagated to other switches. VTP Transparent mode also requires configuration of domain information. A VTP transparent switch is needed when a switch separating a VTP server and client needs to have a different VLAN database. Transparent mode is needed to configure the extended VLAN range (1006 to 4096).
Inter-VLAN routing using physical router interfaces
entails using a router with multiple physical interfaces as the default gatewayfor each individually configured VLAN. The router can then route packets received from one VLAN to another using these physical LAN interfaces.subnet. Although the network hosts depicted in the figure are connected to the same physical switch, because they reside in different VLANs, packets between hosts in VLAN 10 and those in VLAN 20 must be routed, while packets within the same VLAN are simply switched. The primary advantage of using this solution is that it is simple and easy to implement. The primary disadvantage, however, is that it is not scalable. For example, if 5, 10, or even 20 additional VLANs were configured on the switch, the same number of physical interfaces as VLANs would also be needed on the router. In most cases, this is technically not feasible.
The first configuration task when implementing VLAN trunking in Cisco IOS Catalyst switches
is to configure the desired interface as a Layer 2 switch port. This is performed by issuing theinterface configuration command.
The second configuration taskwhen implementing VLAN trunking in Cisco IOS Catalyst switches
task is to specify the encapsulation protocol that the trunk link should use. This is performed by issuing the switchport trunk encapsulation [option] command.
Inter-VLAN routing using router subinterfaces
using subinterfaces addresses the scalability issues that are possible when using multiple physical router interfaces. With subinterfaces, only a single physical interface is required on the router and subsequent subinterfaces are configured off that physical interface. in order to implement an inter-VLAN routing solution, subinterfaces are configured off the main physical router interface using the interface [name].[subinterface number] global configuration command. Each subinterface is associated with a particular VLAN using the encapsulation [isl | dot1Q] [vlan] subinterface configuration command. The final step is to configure the desired IP address on the interface.
two DTP modes
▪ Dynamic desirable ▪ Dynamic auto When using DTP on two neighbouring switches, if the switch port defaults to a dynamic desirable state, the port will actively attempt to become a trunk. If the switch port defaults to a dynamic auto state, the port will revert to being a trunk only if the neighbouring switch is set to dynamic desirable mode.
The three methods of implementing inter-VLAN routing in switched LANs
▪ Inter-VLAN routing using physical router interfaces ▪ Inter-VLAN routing using router subinterfaces ▪ Inter-VLAN routing using switched virtual interfaces
