Tag Archives: Switching

A side note about VLANs

I was going over a tricky configuration with a co-worker today concerning VLANs and IP addressing.

We have a switch (Cisco 2960) connected to a router. The router is providing 4 VLANs via a single port, and we want to have all 4 VLANs present, regardless of what is plugged into the switch.

Now we know from our studies, that we can create all the VLANs we want in global configuration mode, BUT those VLANs are not visible until they are active, and to be active, they must have an active port in the VLAN.

VLANsSo here is where it gets to be fun. I decided to recreate the problem in my home lab. I don’t have a 2960 lying around but I do have a 2950 and a 3550, so I patched them together as shown. The trunk connecting the two switches is a 3 port trunk.

With an IP address set on each VLAN I can ping from the 3550 to the router and vice versa, but I cannot ping the 2950 except VLAN 501 (designated the native VLAN)

So why is this … I can ping everything except VLAN502,3 & 4 on the 2950.

Well, the answer is simple – the 2950 is  simple layer two switch and can only have one IP address for management purposes. The 3550 is a much more sophisticated layer three switch and can have one IP address per VLAN.

The 2950 will close down the VLANs with IP addresses except for the native vlan, and they are administratively down too.

s2950#sh ip int br
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down 
Vlan501 172.17.35.51 YES manual up up 
Vlan502 10.100.35.51 YES manual administratively down down 
Vlan503 172.18.35.51 YES manual administratively down down 
Vlan504 172.30.35.51 YES manual administratively down down 
FastEthernet0/1 unassigned YES unset down down 
FastEthernet0/2 unassigned YES unset down down 
FastEthernet0/3 unassigned YES unset down down

Guess I need to buy another 3550!

BTW – just for fun, here is the router Fast Ethernet port configuration , and this is a great example of why Router on a Stick is so useful!

VLANs2

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

Lab Practice – Switching Part 3

So just to recap, we have our three switches with a router as follows:

sw4

We have verified the VLANS, the trunks, Etherchannels and the operation of spanning tree protocol. So What do we do next? Lets add a few scenarios:

Scenario 1.

Some users complain that it takes time for their PCs to boot every morning. Apparently the network is really really slow. So how do we fix that?

Well, one the likely culprits is spanning tree protocol. When there is connection activity at a port, STP will run through its algorithm (listening, learning, forwarding) regardless of what it is connection to the switch. When a hosts connects however there is no need for this so STP has a command to prevent host ports (and only host ports) from doing this:

s2950(config-if)#int fa0/10
s2950(config-if)#spanning-tree portfast 
%Warning: portfast should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc... to this
 interface when portfast is enabled, can cause temporary bridging loops.
 Use with CAUTION
%Portfast has been configured on FastEthernet0/10 but will only
 have effect when the interface is in a non-trunking mode.
s2950(config-if)#^Z
s2950#

The portfast option is placed on a per port basis and immediately puts the port into forwarding mode. This helps to bring hosts onto the network much faster, and can help in speeding up the DHCP process.

Scenario 2.

During a management meeting, it was noted that the backup link from the 2950-12 to the 3550 was not adequate to cope with the network traffic in the event that one of the other switch Etherchannel links goes down. How do we fix this?

What we need to do is define another Etherchannel link, by stealing one or two ports from the sales VLAN, and move those users over to the 3550 which has extra capacity.

s3550(config)#int range fa0/9 - 12
s3550(config-if-range)#switchport access vlan 40
s3550(config-if-range)#^Z

This gets me my ports on the 3550 and then to remove them from the 2950-12:

s2950-12(config)#int range fa0/9 - 12
s2950-12(config-if-range)#no switchport access vlan 40
s2950-12(config-if-range)#^Z

and a couple of show interface vlan brief commands to confirm.
So now we build the Etherchannel link.

Currently we are connecting the 3550 and 2950-12 together via one link, and I’m going to add another two to make a three channel link.

2950-12     3550
 fa0/3   -  fa0/24
 fa0/9   -  fa0/23
 fa0/10  -  fa0/22

And now we have an etherchannel link forming a mesh for all three switches.

Protocols

One of the aspects of both routing and switching that I have had trouble with is knowing what is running on the network at any given time. We talk a great deal about broadcast and multicast packets, BPDUs and so on. So just what exactly is floating around when our network is idling? Well, I decided to try and figure that out:

Protocol  Sends           every      Multicast address
STP       BPDU            2s         01:80:C2:00:00:00
VTP       Summary Advert  300s       01:00:0C:CC:CC:CC
CDP       CDP packet      60s        01:00:0c:cc:cc:cc

Note: STP might be a mix of both version 1 and 2, and there might even be some RSTP floating around there too. In addition there might be protocols running on a per port basis like DTP for instance.

A final note

While this was fun, this was sort of thrown together as I went along. Frankly with this equipment I would never have arranged the switches this way. However, we also know that in the real world, things evolve, and by this I mean that initially the company may have purchased the 2950-12 because at that time, that was all they needed. Later someone added the 2950-24 and then the 3550 because it said POE on the box, and some hotshot decided he needed POE for his IP phone.  And so we end up with the above. Yes you could go into work one Saturday when no one else is there and rewire the whole thing, but what if these switchboxes are in different parts of the building ….

You see where I am going with this 🙂

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

Lab Practice – Switching Part 2

We are going to take the lab topology from the previous post and introduce some VLANs to see what happens!

The Caper

Lets assume that our switches form a network for a small business called ACME Inc. We have a number of departments and each department needs to have its own VLAN.

sw4

So we have 5 VLANs as follows:

  • Finance  (VLAN10)
  • HR         (VLAN 20)
  • R&D       (VLAN 30)
  • Sales     (VLAN 40)
  • IT          (VLAN 50)

… and we need to create a trunk to connect to the router. Now remember from our previous studies that we need to user a router and the trunk to allow inter-VLAN communication (if we allow it).

First, lets make sure all the switches are in the same VLAN domain. We are going to use the company name ACME as the domain name.

s2950-12#conf t
 Enter configuration commands, one per line. End with CNTL/Z.
 s2950-12(config)#vtp domain acme
 Changing VTP domain name from cisco to acme
 s2950-12#sh vtp status
 VTP Version : 2
 Configuration Revision : 0
 Maximum VLANs supported locally : 128
 Number of existing VLANs : 5
 VTP Operating Mode : Server
 VTP Domain Name : acme
 VTP Pruning Mode : Disabled
 VTP V2 Mode : Disabled
 VTP Traps Generation : Disabled
 MD5 digest : 0x26 0x9F 0x13 0xCA 0x52 0x75 0xA0 0x67
 Configuration last modified by 0.0.0.0 at 3-1-93 03:45:04
 Local updater ID is 0.0.0.0 (no valid interface found)

I did this on each switch to verify the change, and noted that all three switches are in server mode.
Now, lets create our VLANs:

s3550(config)#int range fa0/1 - 6
 s3550(config-if-range)#switchport access vlan 10
 % Access VLAN does not exist. Creating vlan 10
 s3550(config-if-range)#int range fa0/13 - 18
 s3550(config-if-range)#switchport access vlan 20
 % Access VLAN does not exist. Creating vlan 20
 s3550(config-if-range)#exit

I did that on each switch, putting the appropriate ports into the new VLANs and then ran a show command to verify:

s2950#sh vlan br
 VLAN Name                   Status    Ports
 1    default                active    Fa0/3, Fa0/4, Fa0/5, Fa0/6
                                       Fa0/7, Fa0/8, Fa0/17, Fa0/18
                                       Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                       Fa0/23, Fa0/24
 10  VLAN0010                active
 20  VLAN0020                active
 30  VLAN0030                active
 40  VLAN0040                active
 50  VLAN0050                active    Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                       Fa0/13, Fa0/14, Fa0/15, Fa0/16
 1002 fddi-default act/unsup
 1003 token-ring-default act/unsup
 1004 fddinet-default act/unsup
 1005 trnet-default act/unsup

So I know what VLAN is which because I set them, but what if I’m not the only admin on this network. Lets name the VLANs so anyone else coming in behind me can figure out whats going on. This is pretty easy to do as follows:

s2950(config)#vlan 20 
s2950(config-vlan)#name hr
s2950(config-vlan)#exit

… for each VLAN. If I go to the other switches and do a sh vlan br, I can see the new VLAN names. Now I’m going to run a couple of hosts on these switches and ping around – I wont bother to post the output here, but yes I can ping around my network, but I cannot ping across VLANs.

So what now?

From the show VLAN brief command we can see that VLAN information is being broadcast across the entire network, given that every switch has a every VLAN on the network listed in its VLAN list. This is ok for this small network, but what if we had a much larger network? To cut down on that traffic we are going to prune some of these VLANs.

s2950(config)#vtp pruning

… and that really is all we need to do.

What’s in the trunk?

OK, next we hook up the trunk link between the 2950 and the router. For routing I am using a Cisco 2610XM, which has a single fast Ethernet port, so we will use one fast Ethernet port on the root switch to trunk to the router: lets use fa0/24

s2950#conf t
 Enter configuration commands, one per line. End with CNTL/Z.
 s2950(config)#int fa0/24
 s2950(config-if)#no switchport port-sec
 s2950(config-if)#switchport mode trunk
 s2950(config-if)#no shut
 s2950(config-if)#exit
 s2950(config)#

I have the switch ports configured with security as a part of my default lab config, and to get a 2950 port to trunk you need to remove the security.

A quick show command to verify our trunk connection:

s2950#sh int trunk
 !
 Port    Mode         Encapsulation Status    Native vlan
 Fa0/24  on           802.1q        trunking  1
 Po1     desirable    802.1q        trunking  1
 Po2     desirable    802.1q        trunking  1
 !
 Port     Vlans allowed on trunk
 Fa0/24   1-4094
 Po1      1-4094
 Po2      1-4094
 !
 Port     Vlans allowed and active in management domain
 Fa0/24   1,10,20,30,40,50
 Po1      1,10,20,30,40,50
 Po2      1,10,20,30,40,50
 !
 Port     Vlans in spanning tree forwarding state and not pruned
 Fa0/24   1,10,20,30,40,50
 Po1      1,10
 Po2      1

Just as a side note: see the pruning? Cool huh?
Next, lets get the routing sorted out.

 

 

 

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

Lab Practice – Switching Part 1

The countdown to the next exam date has started and I’m off to a flying start. The place I wanted to start was with switching. I remember sitting in the exam last week looking at a switching sim, and desperately trying to remember the port priority numbers and their meanings, and just blanking on it, so I thought, lets have another look at Spanning Tree Protocol and switching loops.

There is an excellent video about STP here.

So here is my topology:

sw1I have three switches in a mesh configuration, with a mixture of port speeds. With my default configurations loaded, all of the ports are closed so nothing happens but if we go ahead and open the ports …. we see a nice mixture of green and amber LEDs, which means what?

Lets take a look

The 2950-24

s2950#sh span
 VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 32769
 Address 000f.f7d1.d100
 Cost 4
 Port 25 (GigabitEthernet0/1)
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
 Address 0013.7f08.9f40
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 300
 Interface   Role   Sts  Cost Prio.Nbr  Type
 Fa0/1       Desg   FWD  19   128.1     P2p
 Fa0/2       Desg   FWD  19   128.2     P2p
 Gi0/1       Root   FWD  4    128.25    P2p
 Gi0/2       Altn   BLK  4    128.26    P2p

We can see that the gigabit link Gi0/1 is the designated root port, with the second link in blocking mode. Also notice that fa0/1 and 2 are in forward mode as this enables communication with switch 2950-12.

The 2950 – 12

s2950-12#sh span
 VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 32769
 Address 000f.f7d1.d100
 Cost 19
 Port 3 (FastEthernet0/3)
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
 Address 0017.0eae.0800
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 300
 Interface  Role  Sts  Cost  Prio.Nbr  Type
 Fa0/1      Altn  BLK  19    128.1     P2p
 Fa0/2      Altn  BLK  19    128.2     P2p
 Fa0/3      Root  FWD  19    128.3     P2p

Notice that fa0/3 is forwarding, and that is the connection to the root port, but the other ports that connect to 2950 switch are in blocking mode.

The 3550

s3550#sh span
 VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 32769
 Address 000f.f7d1.d100
 This bridge is the root
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
 Address 000f.f7d1.d100
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 300
 Interface   Role   Sts   Cost   Prio.Nbr   Type
 Fa0/24      Desg   FWD    19    128.24     P2p
 Gi0/1       Desg   FWD     4    128.25     P2p
 Gi0/2       Desg   FWD     4    128.26     P2p

As we would expect from the root bridge, all the ports are in forwarding mode. Also notice the port cost for the 1Gb/s links.

sw2

So you can see from this graphic that the 2950-12 reaches the other 2950 via the root switch. Why is this?

The reason is the port cost and topology. Essentially Spanning tree turns mesh configurations into hierarchies, while using links that have the lowest port cost and priority, without causing switching loops. If fa0/1 and 2 on 2950-12 were open, we would have a loop and that is very bad. (see video mentioned above).

So lets run a little experiment. Lets simulate a cable failure, by pulling the cable at fa0/3 on 2950-12. What should happen is that one of the links at fa0/1 or fa0/2 should open and I think it should be fa0/1 because it has the lower port priority (128.1 as opposed to 128.2 for fa0/2)
Output edited for brevity.

s2950-12#sh span
 VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 32769
 Address 000f.f7d1.d100
 Cost 19
 Port 3 (FastEthernet0/3)
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
 Address 0017.0eae.0800
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 300
 Interface  Role   Sts   Cost  Prio.Nbr  Type
 Fa0/1      Altn   BLK   19    128.1     P2p
 Fa0/2      Altn   BLK   19    128.2     P2p
 Fa0/3      Root   FWD   19    128.3     P2p
01:48:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
 Fa0/1  Root  LIS  19 128.1 P2p
 Fa0/2  Altn  BLK  19 128.2 P2p
01:48:34: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to down
 Fa0/1 Root LRN 19 128.1 P2p
 Fa0/2 Altn BLK 19 128.2 P2p
 Fa0/1 Root FWD 19 128.1 P2p
 Fa0/2 Altn BLK 19 128.2 P2p

You can see the three stages the port goes through to become enabled:
Listening – learning – forwarding

But notice that only one port does this, the other is still blocked to prevent loops.

This is cool but …

So while all of this works, what is wrong with this picture? Well, we can see that we have a number of links that are not being used. Assume that all the ports on these switches are in use, we might want to use the bandwidth in those redundant links. So what can we do about that:

Set up an Etherchannel link

We have those two gigabit links so lets turn that into a single Etherchannel link. One of the drawbacks of spanning tree protocol (and we saw this in the above experiment) is that if a link goes down, the replacement link can take 30-60 seconds to come up. That is a long time on a network.

An Etherchannel is a group of links (2-6) that the switch bundles and load balances across. If one goes down, the load or traffic shifts to the remaining links.

s2950(config)#int range gi0/1 - 2
 s2950(config-if-range)#channel-group 1 mode on

I had to take each port out of access mode and I put them into dynamic desirable mode. I also had to disable switchport security. Shut the ports, configure them all, then open them all at once. I have found that if I don’t, sometimes the Etherchannel will not come up and the ports at one end of the link will go into error-disable mode. So what does this give us:

s2950#sh span
 VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 32769
 Address 000f.f7d1.d100
 Cost 3
 Port 65 (Port-channel1)
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
 Address 0013.7f08.9f40
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 15
 Interface  Role  Sts  Cost  Prio.Nbr  Type
 Fa0/1      Desg  FWD  19    128.1     P2p
 Fa0/2      Desg  FWD  19    128.2     P2p
 Po1        Root  FWD  3     128.65    P2p

So there is our etherchannel link and it is the root link, but now it has a cost of 3, and look at the priority number – it has gone from 128.25 and 26 to 65!

Ok, that was fun, lets make another one!

There are two fast Ethernet links between the two 2950s that we can turn into an Etherchannel.

s2950(config)#int range fa0/1 - 2
 s2950(config-if-range)#no switchport port-sec
 s2950(config-if-range)#no switchport mode access
 s2950(config-if-range)#switchport mode dynamic desirable
 s2950(config-if-range)#channel-group 2 mode on
s2950-12(config)#int range fa0/1 - 2
 s2950-12(config-if-range)#no switchport port-sec
 s2950-12(config-if-range)#no switchport mode access
 s2950-12(config-if-range)#switchport mode dyn des
 s2950-12(config-if-range)#channel-group 1 mode on

So now our topology has changed a little:

s2950-12#sh span
VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 32769
 Address 000f.f7d1.d100
 Cost 15
 Port 65 (Port-channel1)
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
 Address 0017.0eae.0800
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 300
Interface  Role  Sts  Cost  Prio.Nbr  Type
Fa0/3      Altn  BLK  19    128.3     P2p 
Po1        Root  FWD  12    128.65    P2p
s2950>sh span
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 000f.f7d1.d100
Cost 3
Port 65 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0013.7f08.9f40
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface  Role  Sts  Cost  Prio.Nbr Type
Po1        Root  FWD  3     128.65    P2p
Po2        Desg  FWD  12    128.66    P2p

sw3Notice the link to the root from 2950-12 has now been blocked, and the route to the root bridge is now via the Etherchannel link. This is because the cost of the two Etherchannel links (12+3) is less than the cost of the Fast Ethernet link (19), making the Etherchannel link the desired route to the root.

The Root Bridge

Throughout all of this, the 3550 has remained the root bridge. If we look at the Root ID Priority, we can see that it is the same for all three switches, so the root bridge election comes down to the MAC address of each switch – lowest one wins.

So lets say we want to make the 2950-24 the root bridge, we can  change the election of the root bridge by changing the ID priority value.

s2950(config)#spanning-tree vlan 1 ?
 forward-time   Set the forward delay for the spanning tree
 hello-time     Set the hello interval for the spanning tree
 max-age        Set the max age interval for the spanning tree
 priority       Set the bridge priority for the spanning tree
 root           Configure switch as root
 <cr>

You can see that I could just set it to root, but I’m going to use a value (7 x 4096):

s2950(config)#spanning-tree vlan 1 priority 28672
s2950(config)#exit
s2950#sh span
VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 28673
 Address 0013.7f08.9f40
 This bridge is the root
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)
 Address 0013.7f08.9f40
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 15
Interface  Role  Sts  Cost  Prio.Nbr  Type
Po1        Desg  FWD  3     128.65    P2p 
Po2        Desg  FWD  12    128.66    P2p

There are two observations of interest here:

  • The link topology did not change and I suspect this is because of the port costs.
  • The command to change the priority is based on VLAN

Spanning tree protocol runs on a per VLAN basis so can we change the root on a per VLAN basis too? Lets find out in our next post.

 

 

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

Trunks

In the last post we looked at VLANs and switch ports, One of the details we learned is that switch ports can only exist in one VLAN and if we want to connect multiple VLANs from one or more switches, to a router, we have to use trunks. Trunks can forward all VLAN traffic.
trunk
You can see in the image above, if the connection to the router was an access port, it could only be in one VLAN. If we make it a trunk, all three VLANs can access the router from the switch. So switch ports can either be an access port or a trunk port.

We have looked at how to configure access ports but lets take a look at configuring trunk ports.

Note: you can’t actually turn off trunk mode, but if you change the mode to access, it is no longer trunking.

show interface trunk – show the ports used for trunking and gives details about trunk mode.

To configure trunk on a per port basis, we use switchport mode :

  • access – turn off trunk mode, puts the port into access mode
  • dynamic auto – Will trunk but must be initiated by remote port
  • dynamic desirable – will try to trunk if the remote port is ok.
  • trunk – forces the port to trunk mode
  • Switchport no negotiate – turn off DTP (Dynamic Trunk Protocol) to reduce overhead and prevent dynamic trunk changes

So now that we have trunks connecting our switches and routers, we have to have the switches understand each other’s VLANs. Also, some VLANs may span two or more switches, and we don’t need to be configuring all that manually. There is a mechanism for the switches to communicate all of this automatically, and it is called VTP (VLAN Trunking Protocol)

VLAN Trunking Protocol (VTP)

The first thing we should note about VTP is it is Cisco proprietary.

VTP Domains – A named area encompassing a number of switches. We can configure domains on a per switch basis. If VTP is running, there must be a domain name set. Domain names are case sensitive – beware.

Within a VTP domain the switches can be configured in one of 3 VTP modes:

  • Server – Can create, modify or delete VLANs.
  • Client – can receive VLAN info but cannot change VLANs
  • Transparent – can forward VTP ads, but will not process the info. This mode has locally significant VLANs only; the VLAN info is not passed to other servers or clients

Note: in all cases ports can be added or removed from the VLAN.

Communication from server to client and server to server is achieved through the use of the Summary Advertisement. This is a data packet, sent every 5 minutes or immediately upon a change.

A VTP server stores the VLAN config in NVRAM, so on reload, the info is immediately available. A client however does not and must get its VLAN config from a summary advertisement.

VTP Revision Numbers

Every time a VTP server sends out a summary advertisement, it attaches a configuration revision number. This is to ensure that the information received by the other servers in our switch network is the latest and greatest. When a summary is received by another server, the server compares the incoming revision number with its own and if the incoming is greater, it uses that info. If it is not, it drops the packet, and does not forward it.

VTP Password

We can authenticate our  VTP info using the command vtp password. As always the password is case sensitive. Check to make sure you have service-password encryption on so that the clear text password is not clear text, however, this is the one password that does not get encrypted. Yeah – maybe in the next version of VTP.

Also be aware that if we set a password, we have to configure that password on all the switches in the VTP domain.

VTP Pruning

One of the problems with trunks is that they forward broadcast and multicast packets from all VLANs on that switch, regardless of weather the destination switch even has those VLANs. This of course is a big waste of bandwidth and resource so how do we limit this? We have a whole post about that…

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone