VTP Theory

                       Now we talked bit about Vlans and Trunks, let’s imagine that we have a topology that looks like when we see on picture.

                     We have got 5 Switches that are interconnected like you see here with Trunks and let’s imagine that we using Dot1Q Trunks and what we want to do is add a New Vlan, let’s imagine that there is a new Department and we need to add a Vlan for that new Department and let’s imagine all these Switches are in the same building, what we could do is, we can go to each Switch, we can go to Switch1 and say “you have a new Vlan and that new Vlan is 300”.

                      Then we could go to the next Switch and say “you have new Vlan of 300”,then we could go to next, next and next, we could go to each Switch individually and say “you got a new Vlan” that’s solution of we think about it doesn’t scale very well, if we have to visit every Single Switch that could be a lot of administrative overhead if we wanted to add or delete or change Vlan.

                     But the good news is if we do have a topology like this, we can take advantage of something called VTP, “The Vlan Trunking Protocol”, be careful don’t be thrown off by name, the name of Vlan Trunking Protocol makes it sound like here is the protocol that does Trunking you really doesn’t, if i could name this Protocol, i would called it “The Vlan Advertisement Protocol” because that what it does, it advertises Vlan information.

                      Let’s go back to scenario where we want to create Vlan 300 on all of the Switches what we can do with VTP is create Vlan 300 on Switch1 and then we could send VTP advertisements down to our neighboring Switches.

                        But, please keep in mind that this Advertisements has to be over Trunks links maybe that’s why it’s called Vlan Trunking Protocol because it flows over Trunks links and when the Switches in the middle get these Advertisements, they could now say “hey! we have got a new Vlan”, Switch2 now has a Vlan of 300 and Switch3 it also has a newly created Vlan in its local Vlan database on of 300.

                      And these Switches on the middle that received the VTP Advertisements they could send VTP Advertisements out of their other Trunks Port, letting the Switches on the bottom know that they now have a new Vlan, Switch4 has a Vlan of 300 and Switch5 it also has a newly created Vlan of 300.

                      Now every Switch in this topology knows about Vlan 300, it’s added to the Vlan Database of each of these Switches and we only had to edit to one Switch which dramatically cuts down on the Administrative overhead of going to each Switch individually, that’s the broad overview of what VTP can do for us, but obesely there are many options we can configure for example, we might want to ask the design question, if we want to use VTP amongst these Switches, do i want to able to go to any of these Switches and add or delete or rename of Vlan or should it be just one or more select Switches.

                       If we do not want a particular Switch to be able to create and modify or delete Vlan, let’s say Switch4, we can go it and say “you are operating a Client mode”.

                    A Client Mode Switch can update its database and response to VTP Advertisement that it receives and if it does receive VTP Advertisement it will still have forwarded on out of its other Trunk Ports, but we cannot administratively connect to that Switch and say “we want to create a Vlan, we want to delete a Vlan and we want to rename the Vlan”.

                   No, Client mode Switch it’s Vlan database only gets updated based on Advertisements that it received and again it can forward those Advertisement on, they don’t terminate on the Client Switch and in addition to having Client mode, we also have a Server mode.

                 Let’s imagine that this Switch1 is running in a Server mode and the Switch that operating in VTP Server mode can create modify and delete a Vlan locally and that change will be propagated over Trunk links to neighboring Switches and if it receives a VTP advertisements maybe from another Server, Yes we can have multiple Servers on our topology that perfectly fine, if it receives a VTP advertisements it’s gonna forwarded on out of its other Trunks Ports and like we said, we can have multiple Server in a topology, we can have multiple Client as well.

                       Let’s imagine that this Switch2 is another Server mode Switch, this Switch5 is a Client Mode Switch but there is one other option we not yet mentioned and it’s a Transparent Mode Switch.

                      A Transparent Mode Switch can create modify or delete Vlans in its local database, when we make a change to a Transparent Mode Switch that change is not advertised to other Switches. What happened when a Transparent Mode Switch receives a VTP Advertisement?

                 As you might guess that Transparent Mode Switch does not update its database based on that advertisement, changes to a Transparent Mode Switches Vlan databases can allow, we made locally on that Switch but just because the Transparent Mode doesn’t make an update based on received VTP advertisement, that doesn’t prevented from sending the Advertisement out of its other Trunk Port, so that other Switches in the topology like the Client Switch5 can get that advertisement and make update to its database based on that Advertisement.

                 So, sum up Transparent Mode operation we not trying to block VTP Advertisements if we received one we can forward it on, what we trying to do is make sure that this Switch3 doesn’t get its Vlan database updated based on those VTP advertisements.

                Well allowing an administrator to connect to that Switch and make updates, make changes to that Vlan database locally on that Switch, now our next session we gonna be taking a look at the Configuration of VTP but before we get into that, couple of other thing we want to do on this session, i want to show you a side by side comparison of these 3 different VTP modes and also wanna you to walk through a sample VTP scenario on whiteboard to see how things should work, then in our next session we go out and see how to actually configure VTP but for now let’s do.

                        Here on Picture, we can see those 3 different Modes of VTP operation that we talked about, let’s begin by talking bit about the Server mode if we have a Switch that is, in a Server mode then we can connect to that Switch(maybe we do a SSH Telnet connection or maybe we connect to the console) but once we administratively connected to that Switch, we can then create a Vlan on that Switch have added to that Switches Vlan database, delete a Vlan from that Switches Vlan database or modify the existing Vlan and we already mentioned that we can have more than 1 Server and if One Server receives a VTP advertisement from a another Server it can make an update based on that VTP advertisements and if it does receive VTP advertisement from another Server in the network it can forward that VTP advertisement out to other Switches.

                         Remembering that these VTP advertisement only flow over Trunk links and in addition to forwarding VTP messages that Server receives, it can also originate VTP advertisements, let’s say that we make a change on a Switch that’s configured in a Server Mode and it sends that Advertisement out to a neighboring Switch, that neighboring Switch is gonna take a look that Advertisement and say “ok!  let me compare this Advertisement with the context of my Vlan Database” let see

Ø  Which version of Vlan information seems to be most up to date?

Ø  is it the VTP Advertisement or it’s my Local Database?

Ø  How does a Switch determinate if one Vlan databases is more up to date then another Vlan Database?

                           Well every time we make a change to our Vlan database on a Server Mode Switch it’s going to increment a number, it’s called the “Configuration Revision Number”

Ø  And if we add a Vlan, that’s adds 1 to whatever the Current Configuration Revision Number is
Ø   If we change the name of Vlan, it’s gonna increment that by another 1
Ø   If we delete the Vlan, it gets increment again by 1

               And when Switch receives a VTP advertisement it’s going to compare the “Configuration Revision number of that Advertisements” with the “Configuration Revision Number of its local Vlan database”, whichever number is higher that’s the one, it’s gonna be believed, that’s considered to be a most Authoritative and that’s the version of the Vlan Database we go with.

                 If we have a Switch that’s running in a Client mode, we cannot connect to that Switch and make any changes to our Vlan database locally, we cannot create, modify and delete a Vlan but that Switch does have a Vlan database and it can update its database based on received Advertisements and if it receives a VTP Advertisement it can forward that out its other Trunk Ports to neighboring Switches and here something that not as obvious.

                 The Client Mode Switch can originate a VTP advertisement, it’s gonna be telling its neighboring Switches “hey guys! This is what my Vlan database look like”, even though we don’t make modification locally to that Client Mode Switch, it can still send out its version of the Vlan database, let me give you example, let say that.

                       I purchase a new Switch and i had that Switch sitting on my desk, i am doing some experiments maybe i updated the Cisco iOS version on it, i have been adding some Vlans and deleting some of and it’s been Server mode that time, and every time i made a change it incremented the Configuration Revision Number.

                     Well now let say it’s time to added it to a Network and i say, we gonna set this to Client Mode and i set it to Client Mode but that doesn’t reset the Configuration Revision Number, i added to the network that Client Mode Switch is gonna advertise its version of the Vlan database to the other Switches and if based on the changes i have been making locally, the Switch sitting up my desk, if those changes caused the Configuration Revision number to be higher than the Configuration Revision number that all the Switches currently have, guess they gonna believe, they gonna believe my newly added Switch and we could accidently blow away the correct Vlan Database for all of the other Switches.

                 But coming up i am gonna give you some recommendations about how to safely add a Switch to your Network and our final mode of VTP Operation is Transparent Mode.

              On a Transparent mode Switch we can create, modify and delete Vlans but those changes only going to apply to that Switches Vlan database, those changes do not get advertised to anyone else, and if this Transparent mode Switch receives a VTP advertisements it can forwarded on to other Switches, it’s not trying to block VTP advertisement with a  Transparent Mode Switch but the Transparent Mode Switch is going to ignore that Advertisements, another words, “it’s not going to update its local database based on the context of that advertisement”, in even though it can forward VTP messages it’s not going to originate any of those Advertisements and now we go this clear understanding of these different VTP Modes, let’s go back to that topology that we were looking at few movement ago and walk through an example of what’s happening in background with VTP when we go to a Switch and add a Vlan?

                       Going back to our topology from earlier let’s assigned some different Modes of these Switches, let’s say that the Switch1 is in Server Mode and we say this Switch2 is Server Mode Switch, we make the Switch3 is Transparent Mode and lets also make the Switch4 in a Transparent Mode and we will through on Client as well, let say the Switch5 in a Client Mode.

                      To begin with the Configuration Revision Number of this topology is 10, and we make a change, we go to one of the Servers not the Client, we go to one of the Servers and we just use the Switch1 Server and we say “We going to add vlan 300”, when we do that on the Server Mode Switch, it’s going to go head and update its Local Vlan Database to add that Vlan and its Configuration Revision Number, abbreviated that CRN, it’s Configuration Revision Number now goes from a 10 to an 11.

                     And it’s gonna send VTP advertisements out its Trunk Ports to its neighboring Switches, what happened when this Switch2, this Server mode Switch2 gets that VTP Advertisement, let’s gonna look advertisement and say
Ø  How does the Configuration Revision Number of that Advertisement compare to the Configuration Revision Number of my Vlan Database?

                    And its gonna say “Oh! the Advertisement is an 11, my Local Database is 10”, i am going to believe the Advertisement and i am going to create Vlan 300 and my local Vlan Database, it’s also going to forward that Vlan Advertisement out all of its other Trunk Ports.

Ø  Which is gonna takes it down to this Switch4 Transparent Mode Switch

Ø  What happens when this Advertisement reaches to Switch3 Transparent Mode Switch?

                      Well in its Transparent Mode meaning that it’s not going to update its Local Database based on that Advertisement, however it will forwarded it out it’s gonna send it down to Switch5 Client Mode Switch.

                    Now what happens with Switch4 Transparent Mode Switch, same thing is the other Transparent Mode Switch, the advertisement is going to be ignored but the Client Mode Switch gonna say “who has the highest Configuration Revision Number”, the VTP Advertisements or my Local Vlan Database, it concludes that the Advertisements is higher, it’s got an 11, Switch5 Client Mode Switch it will also install a Vlan of 300 in its Local Vlan Database.

                Now the entire Switches in topology has gone from Configuration Revision Number of 10 to an 11, we say that synchronization is now complete and this is gonna be our study state until another change is made in the topology.

               And by the way, when we made this change on that Switch1 that change, that update sends out immediately, we didn’t wait for some timers where we say we gonna send VTP Advertisement in some seconds, now when the change is made that change gets advertised immediately.

               However, be aware that VTP is going to send out a VTP message every five minutes but this periodic VTP message doesn’t contain the flow of Vlan database information, it shot of light weight version of that it’s gonna contain things like
Ø  The VTP domain name
Ø  It will contain the Configuration Revision Number and some information like that but

                  it’s not gonna contain everything, it’s not gonna put big bandwidth impact on the network and we gonna take a look at Configuration of VTP in our next session but here something that we have to be place in order for VTP to work, in order for Switches to exchange information via VTP
Ø  They need to be in the same VTP Domain

                   The Domain need to be match and please be aware that this domain is Case-Sensitive name and it’s gonna match on our neighboring Switch in order for updates to be made and we already mentioned, we have to have Trunk links in a place,
Ø  VTP advertisements only flow over Trunk links, they not gonna be send out be Access Port and optionally,
Ø  We can add Passwords

                  We can have the same password on neighboring Switches to allow them to exchange VTP information and prevent somebody from intentionally or accidentally introducing a Switch on the Network that might blow away to existing Vlan database on all our Switches and also want you to know about the different VTP Versions.

                  They are currently 3 different Versions of VTP as Version1, Version2 and Version3, let’s talk about few of the differences between these different versions of VTP, first of all between Version 1 and Version 2, here is the difference in Version 1 if we had a Switch set to Transparent mode, it would actually take a look at the VTP message that it received before it would forwarded out other Trunk ports on that Switch
Ø  It would check to make sure that the domain name matched
Ø  It would make sure that the VTP version matched and

                 it would only forward that VTP advertisement if those things matched and many people would say, that is not what would we want a Transparent Mode Switch to do, we would want a Transparent Mode Switch to truly be Transparent and not do those checks.

                    Well VTP version 2 does Transparently forward on VTP Advertisements without checking the Domain Name in the Version, which is what VTP Version 1 did, and one other difference Between Versions 1 and 2 is that, Version2 added a support for Token ring Lan Switching and Token ring Vlan’s, we don’t see that much anymore but back in the days Cisco did have a Catalyst Switches that supported Token ring but differences did Version 3 bring.

                  Well version 3 allowed an additional Vlan numbers to be Advertised to be a VTP, this specifically number in a range of 1017 through 4094, and something interested that Version 2 does, if i plugin a Brand-new Cisco Catalyst Switch to the network and i have not gone through statically set the VTP Domain Name, with Version 2 it would see a VTP message coming from a neighboring Switch and it would automatically update its Domain Name based on the Advertisement that it receives, that seems like bit of a Security issue

                 Well VTP Version 3 forced you to do manual Configuration of your VTP domain and that’s one Security enhancement but VTP Version 3 also does a better job of a securing the VTP domain password, if you set the one of those up, and VTP version 3 also makes a fundamental change in, how Vlan database information has propagated even though we could have multiple Servers in our Switch topology, there gonna be one and only one Primary Server in a VTP domain and only that primary Server is able to make updates to other devices, and one other thing that VTP Version 3 brings to the Table is support for MST, that’s the Version of Spanning Tree Protocol that allows us to do defined different instances of Spanning Tree and we can say that these Vlans belongs to this instance of Spanning Tree and these other Vlans belongs to other instance of Spanning Tree VTP Version 3 supports that, and one of feature i want to aware that before we go out and start doing the Configuration and is VTP Pruning.

                       Let’s say that on the Switch1 we had Vlans 100,200 and 300 but of this Switch5 as an example, let say we had couple of Laptops and the Laptop1 it belonged to Vlan 100, and the Laptop2 belong to Vlan 200

                      But nowhere on the Switch, to i have nobody belongs to Vlan 300 but remember that a Trunk by default is going to forward traffic for all of the Vlan’s across that Trunk and we talked about how we could administratively create a list of allowed Vlans over a Trunk but that’s extra administrative work to do that, would it be great though that Switch5 could say “i don’t have anybody belonging to Vlan 300”, so don’t send me any Vlan 300 traffic over this Trunk, that’s one of this thing that VTP can do for us if there is no Vlan 300 traffic needed if we have VTP Pruning enabled for that Trunk, we can dynamically Prun off unneeded Vlans, that’s the theory of VTP, now let see how to set it up in our next session.      

Click Here To Download The PDF File

                     If You Like the Post. Don’t forget 

            to “Subscribe/Share/Comment”. Thank You.

                                        

Read More

Trunking & Pruning Configuration

                  Now the we talked about the Theory of Trunking, let’s see how to set up couple of Trunks, we wanna set up trunk in this session between Switches Sw1 and Sw2 and another Trunk between Sw1 and Sw3, first see now things are configured now on Sw1, let’s do a

Ø  Sw1#show interfaces fastetherent 1/0/13 switchport

                            It tell us right now we acting as an Access Port that’s our Operational Mode, we are not Trunking currently our mode is set to Dynamic Auto, we willing to form a Trunk if we receive a DTP frame, but it looks like we haven’t received a DTP frame because we are operating in Access mode, and we can also see that Encapsulation Type, if Trunk were to come up is gonna be negotiated that’s probably not what we want, we probably want to hard cod Dot1Q as the Encapsulation Type, also if we formed a Trunk the Native vlan would be Vlan 1 and let’s see how to set that to a non-default Vlan, keeping in mind that both ends of a Trunk need to agree on the Native Vlan.

                       Let’s hard cod the Trunking Encapsulation to be Dot1Q on both of these ports, let’s also set the Native Vlan to be 100 something other than the default we need to make that match on far end Switches.

                  And let’s set up fastethernet 1/0/13 on Switch Sw1 with a mode of Dynamic Desirable that will cause to send DTP frames down to Switch Sw2 which is configured for Dynamic Auto that gonna cause the formation of Trunk and just illustrate that settings, the Trunking mode to Trunk also sends those DTP frames we set the mode to Trunk on fastetherent 1/0/14 and we see that Trunk is formed there is well.

To see if we have any Trunks currently on a Switch, we can do a

Ø  Sw1#show interfaces trunk

Let’s go into the interface Configuration mode and set the Encapsulation type to Dot1Q

Ø  Sw1(config)#interface fastetherent 1/0/13

Ø  Sw1(config-if)#switchport trunk encapsulation dot1q

Let’s also change the Native Vlan to non-default value, we say we make it to 100

Ø  Sw1(config-if)#switchport trunk native vlan 100

Now let set the mode to Dynamic Desirable

Ø  Sw1(config-if)#switchport mode dynamic desirable

Now configure interface fastetherent 1/0/14

Ø  Sw1(config)#interface fastetherent 1/0/14

Ø  Sw1(config-if)#switchport trunk encapsulation dot1q

Ø  Sw1(config-if)#switchport trunk native vlan 100

Ø  Sw1(config-if)#switchport mode trunk

                     Instead of Dynamic Desirable, Trunk mode gonna also send DTP frames that also gonna bring up Trunk because the other end is set to Dynamic Auto.

Now go to Switch Sw2 and make changes on them

Ø  Sw2(config)#interface fastethernet 0/3

Ø  Sw2(config-if)#switchport trunk native vlan 100

Let’s do same thing on Switch Sw3

Ø  Sw3(config)#interface fastethernet 0/3

Ø  Sw3(config-if)#switchport trunk native vlan 100

                Now the Trunks should be happy, let’s go back to Switch Sw1 and let’s give that command to show up what Trunks we have currently on the Switch.

Ø  Show interfaces trunk

                             Notice that our Native Vlan is 100 for each of these Ports, notice that we hard coded Encapsulation to be 802.1Q and we are currently Trunking for both of these ports.

And that’s the look at the couple of ways of configuring an Ethernet Trunk

                           We have now created Vlans on our Switch we created Trunks, set the Trunking encapsulation type to 802.1Q, we set the Native Vlan to a non-default value but something else we might want to do Trunks is to limit what Vlan’s are gonna be allowed flow over those Trunks, this can help us from a Security Prospective because by default all Vlan’s are allowed over a Trunk this means that Unknown unicast, Broadcast and Multicast traffic for all the Vlans flow over a Trunk by default, this might open up the opportunity for the Malicious user to capture packets.

                         They should not be seeing and also eliminating the Vlan’s allowed over trunks can help us from Quality of Service prospective because we don’t have an unnecessary packet flowing across the Trunk containing from the Trunks Bandwidth, rather alongside traffic that does need to flow across the trunk and here on Sw1 let’s take a look at, what Vlan’s are allowed over the Trunks we created.

Let’s do a Show command

Ø  Sw1#show interfaces trunk

                        And we can see that for both of are Ports we allowing all Vlans and range of 1 through 4094 but right now the only Vlans that we have on the Switch are Vlan’s 1, 100 and 200 and we see that, they are allowed an Active in Management Domain, let say for some reason, we do not want to allow Vlan 200 to flow across that Trunk Port, how can we do that, let’s go into interface

Ø  Sw1(config)#interface fastetherent 1/0/13

Ø  Sw1(config-if)#switchport trunk allowed vlan

ü  Word: - is specify the individual Vlans, that are going to be allowed over this trunk Port and we just separate the Vlan with a (,) Comma, we could say 1,100,200 and that would be allowed those 3 Vlans across this Trunk Port.

ü  Add: - if we just want to add Vlan in existing or Current Vlan list, we can give the Keyword ADD

ü  All: - we could say “allow all of Vlans”.

ü  Except: - we could say, “allowed Vlan except” the following Vlans.

ü  None: - Don’t allow any one, block all Vlans on this Trunk Port

ü  Remove: - if we got our current list, we can surgically remove individual Vlans from Existing or Current Vlan list, if we wanted to.

There is couple of ways of Pruning Vlans, first let’s use first(Word) approach to we just enter the individual Vlan numbers

Ø  Sw1(config-if)#switchport trunk allowed vlan 1,100

Now let’s go back and take a look at what Vlans are allowed on that Port.

Ø  Sw1#show interface fastetherent 1/0/3 trunk

                   Currently though, it’s only 1 and 100 allowed and we can see Vlan 200 is no longer allowed over this Trunk port it’s only Vlans 1 and 100, that’s one way of setting this up.

Let’s go back into interface and make that Command go away

Ø  Sw1(config)#interface fastetherent 1/0/13

Ø  Sw1(config-if)# no switchport trunk allowed vlan

Now let’s try this in a different way, let’s say

Ø  Sw1(config-if)#switchport trunk allowed vlan except 200

ü  Allow all vlan except specific Vlan (200)

Now take a look

Ø  Sw1#show interface fastetherent 1/0/3 trunk

                     And we can see, we looking at the allowed Vlan’s on this trunk, it’s 1-199 and 201-4094, the only Vlan that’s not allowed is Vlan 200, and the only Vlans that are currently allowed an Active are 1 and 100 because we said allow everything except 200 and that only leaves us with these 2 Vlans.

That’s the look at couple of ways, we can go into a Trunk and Prun of unnecessary Vlan traffic, which we said could help us with Security as well as Quality of Service.

Click Here to Download The PDF File

                     If You Like the Post. Don’t forget 

            to “Subscribe/Share/Comment”. Thank You.

                                                                                                               

Read More

Trunking Theory

                    When we were talking about Vlan’s we said that a way that we could interconnect Switches if those Switches had multiple Vlans, was to dedicate a Port on each Switch for each Vlan for example, if i am going from the Floor 2 Switch on picture.

                Down to the Floor 1 Switch, i might have a Port on Floor 2, that was dedicated for the Accounting Vlan and Port on the Floor1 Switch that dedicated for the Accounting Vlan, similarly i might have a Port that’s dedicated for the Sales vlan and as you see, i have just got a couple of Switches with a couple of Vlans this is not gonna scale very.

             Well for example, the Floor1 Switch is also got a Port Dedicated for just for the Sales Vlan and its gonna have a Port dedicated just for the Accounting Vlan to get down to this Router.

                  It’s already using up 4 Ports for just to get to other infrastructure devices and a solution to a situation like this is to use Trunk Ports.

                                                     And the Trunk ports is as supposed to an Access Port and, “An Access Port typically has one and only one Vlan Associated with it but a Special Trunk Port can have Multiple Vlans flowing over that port” we can have Accounting traffic, Sales traffic peacefully co-existing on this same Single Link, a Single Trunk One Link and if we had 10 Vlans, can you imagine that, how many number of ports we would save there instead of dedicating 10 ports one per vlan, now we just One Port a Trunk Port, and that Single Trunk Port can carry traffic for Multiple Vlans.

            There is a question that first comes up though that is, how we determined the Vlan to which our frame belong for example of, we have 2nd Accounting Computer on Floor1 and its sends out a Packet going to the 1^st Accounting Computer on Floor2, it’s gonna go into the Switch and Floor 1 Switch is gonna send a Packet up the Trunk or the Frame is gonna be sent up the Trunk.

                  When it gets to this Point on this Switch, how does that Switch know, the Vlan to which that frame belongs. Well what we can do is, to Color or to Tag our frames to indicate that frames Vlan membership in our example, the Floor 2 Switch receives that frame and it has no question about, where that frame is destined, it looks at the Tag and it says “Oh! this is a Blue Frame or maybe it’s in Vlan 100” and it knows, it needs to go out a Vlan 100 Port and we gonna send that frame out to the destination PC in the Accounting Vlan.

                   And many of our Cisco Switches support a couple of different Trunking types, we have the Cisco proprietary ISL the Inter-Switch Link Trunking type.

               Interestingly Cisco use to prompt this as the preferred type of Trunk, but now Cisco is suggesting now we use the industry standard 802.1Q that the Ethernet Trunking type, that we typically see it’s IEEE 802.1Q commonly called “A Dot1Q Trunk” for short.

                     Now little bit more specific about how the Tagging, how the coloring over frame on Dot1Q Trunk actually works.

                  On picture, we single format of an IEEE 802.1Q Frame in addition to the fields making up an Ethernet frame, notice that we have 4 Bytes or 4 Tagged Bytes have been added.

Ø  2 Tag Protocol Identifier Bytes

Ø  2 Tag Controller Identifier Bytes

                       And inside of these 4 Bytes, we have 12 Bits set indicating to Vlan ID.

                 And we have 3 Bits that indicate the Priority of this frame, these bits are called the “COS” or the Class of Service Bits.

                 But these Bits there are 3 of them, they can indicate the Priority of our frame think about how many possible values do we have if we have 3 Bits are disposal of 2³ =8, we got 8 possible values and that gonna be in a range of 0-7.

                However Cisco says “we should not use the Values of 6 and 7 they reserved for Networks use” meaning that on our Networks, we should not configure any traffic other than possibly Routing traffic, as having a COS value greater then 5, typically if we doing something like Voice over our Network that Voice media is gonna be given a COS value of 5 and we said that we gonna be adding 4 Bytes to these frame going over a Dot1q Trunk, and 12 Bits inside of those 4 Bytes are gonna be indicating the Vlan ID. Well, there is a Special Vlan called the Native Vlan.

                     The Native Vlan does not have these extra Bytes, its Untagged Vlan and by default on our Cisco Catalyst Switches that Native Vlan default to Vlan 1, however we can change it, here is a big point, if we do change it, we want the Switches at each end of this Trunk to agree on what is the Native Vlan, let’s say that we had one Switch configured with Native Vlan of 100 and it connected over a Trunk to another Switch, but that other Switch was configured with Native Vlan of 200, what would happen if we sent from our original Switch a frame is a member of Vlan 100.

                 Well that original Switch Vlan 100 is the Native Vlan, it’s gonna be Untagged when it reaches the Second Switch, the Second Switch is gonna look at it and say “Oh! this is an Untagged Frame, this must belong to the Native Vlan of 200 according to that other Switch”, that allow us to do something called Vlan Hopping going from one Vlan to another Vlan because the Switches don’t agree on who should be the Native Vlan, we don’t want to do that we wanna make sure that, the Switches that each end of Trunk agree on the Native Vlan, and in upcoming session we gonna see how to configure a Native Vlan on a Trunk, and we also gonna see how to configure Trunks.

                Interestingly Trunks can be dynamically negotiated and Broad up between couple of Switches, we can have Switchport set to different Trunking modes, let’s see how it works.

                           Let’s imagine that we have these two Switches interconnected with a link

               And we want to form a Trunk between these Switches, we have different Trunking modes that we can configure on the Switch Ports, here they are as a reference for you we got these 4 modes.

                     If we tell a Port that you are an Access Port, it is not going to be a Trunk Ports, it’s going to be an Access Port which usually means that its only gonna be participated on a single Vlan because usually means, there is an exception with Voice Vlans there we talked about later but typically an Access Port belongs to one and only one Vlan.

                 If we tell a Port that “Hey! You are Trunk Port”, that means it’s a Trunk Port really doesn’t matter what the other side is doing, that Port is gonna be a Trunk Port but we can have a Trunk dynamic formed between 2 Switches that are willing to form a Trunk on their Ports.

                   We can have either the Dynamic Desirable Mode set on a Port or Dynamic Auto, the way a Trunk is dynamically formed is using a Protocol a called “DTP” or Dynamic Trunking Protocol”.

                                             And both the Trunk and the Dynamic Desirable modes will send DTP Frames to the other side, if a Dynamic Desirable or a Dynamic Auto Port receives a DTP frame, it knows that “Hey! The other side of this link is wants to become a Trunk” and we are good with that, let’s form a Trunk.

                     Notice thought the Trunk Mode and Dynamic Desirable they originate DTP frames, the Dynamic Auto Mode does not, its wiling to become a Trunk if it happens to receive a DTP frame but it’s not gonna send one that’s the difference between Dynamic Desirable and Dynamic Auto.

And all of these different Modes, let’s check out different combination and permutation that we might have, and ask will a Trunk will formed with different combination of Trunking Modes.

               

               If we have one side of our link set to the Access Mode, for example if Switch Sw1 set to the Access Mode and really doesn’t matter what Switch Sw2 is set to because a Trunk is not gonna be formed in that case, because we told one side it doesn’t matter if you receive DTP frame you are in Access Port and if we hard code one side to be an Access Port, it’s not gonna be Trunk.

                       What if one Side is set to Trunk and the other side is set to either Dynamic Desirable or Dynamic Auto, and either case a Trunk is going to be formed, remember that Port configured for Trunk mode is going to send a DTP frames and either a Dynamic Desirable or a Dynamic Auto port will form a Trunk if it receives a DTP frames, and it’s gonna be receiving the DTP frames from the other side of the link configured as a Trunk.

                      And if both side is set to Trunk obviously, a Trunk is gonna be formed, it really doesn’t matter, that they happen to be sending a DTP frames, they are not looking for DTP frames there are just both independently told, you are Trunk and as a result we gonna have a Trunk between those Switches.

                       And it’s get bit a trickier though, when we get to the different Dynamic modes for example, Dynamic Desirable on both sides will a Trunk be formed here, actually YES remember what Dynamic desirable does, it’s desiring to set it to Trunk and as a result it’s going to initiate, it’s going to send DTP frames the other side is gonna see the DTP frames and say “Great! let’s be a Trunk”, and Trunk is gonna be formed.

                        What about Dynamic Desirable on one side and Dynamic Auto on the other side, well Dynamic Desirable is gonna be sending DTP frames but Dynamic Auto port is not going to be sending or we should say “it’s not going to be initiating DTP frames but when it receives the DTP frames from the Dynamic Desirable side” it gonna say “Oh! the other side want to be a Trunk, i am willing to do that”, let’s form a Trunk and Trunk is going to formed.

                       But if both sides are set to Dynamic Auto, and that case both Ports are willing to form a Trunk however, no one is initiating it, neither side is going to initiate a DTP frame and as a result, even though both sides are willing, a Trunk is not going to be formed.

Those are some different ways that we can Dynamically and Statically form a Trunk between a couple of Cisco Catalyst Switches.

Click Here To Download The PDF File

                     If You Like the Post. Don’t forget 

            to “Subscribe/Share/Comment”. Thank You.

Read More