martes, 30 de junio de 2009

CCNP-Modulo2.4

2.4 Propagating VLAN Configurations with VLAN Trunking Protocol

2.4.1 Explaining VTP Domains



In an enterprise network with many interconnected switches, maintaining a consistent list of VLANs across those switches can be administratively cumbersome and potentially error prone. The VLAN Trunking Protocol (VTP) is designed to automate this administrative task.

Switches that share common VLAN information are organized into logical groups called VTP management domains. The VLAN information within a VTP domain is propagated through trunk links and is updated via the VTP, allowing all switches within a particular domain to maintain identical VLAN databases.

Only “global” VLAN information regarding VLAN number, name, and description is exchanged. Information on how ports are assigned to VLANs on a given switch is kept local to the switch and is not part of a VTP advertisement.

These are the attributes of a VTP Domain:

  • A switch may be in only one VTP domain.

  • A VTP domain may be as small as only one switch.

  • VTP updates are exchanged only with other switches in the same domain.

  • The way VLAN information is exchanged between switches in the same domain depends upon the VTP mode of the switch.

  • By default, a Catalyst switch is in the no-management-domain state until it receives an advertisement for a domain over a trunk link, or until a management domain is configured.


2.4.2 Describing VTP


VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the additions, deletions, and name changes of VLANs on all switches in a VTP domain. Switches sharing a single VTP domain exchange VTP updates to distribute and synchronize VLAN information.

VTP runs over trunk links, allowing interconnected switches to distribute and synchronize a single list of configured VLANs. This process reduces the manual configuration required at each switch; VLANs can be created on one switch and then propagated to others.



VTP has the following attributes:

  • It is a Cisco proprietary protocol.

  • Advertises VLANs 1 through 1005 only.

  • Updates are exchanged only across trunk links.

  • Each switch operates in a given VTP mode that determines how updates are sent from and received by that switch.



Currently, Catalyst switches run VTP versions 1, 2, and 3. Version 2 is the most common, although within version 2, the default operating mode of the switch is version 1.



Version 2 provides these features:

  • Support for Token Ring switches

  • Consistency checks on new VTP and VLAN configuration parameters

  • Propagation of VTP updates that have an unrecognized type, length, or value

  • Forwarding of VTP updates from transparent mode switches without checking the version number

VTP version 3 is now available on some switches that use the Cisco Catalyst operating system. When enabled, VTP version 3 provides these enhancements to previous VTP versions:

  • Support for extended VLANs

  • Support for the creation and advertising of private VLANs

  • Support for VLAN instances and MST mapping propagation instances

  • Improved server authentication

  • Protection from the wrong database accidentally being inserted into a VTP domain

  • Interaction with VTP versions 1 and 2

  • Ability to be configured on a per-port basis

CAUTION:

VTP versions 1 and 2 are not interoperable on switches in the same VTP domain. Every switch in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every switch in the VTP domain supports version 2.

There are some guidelines to using VTP within the Campus Infrastructure module:

  • The VTP domain is restricted to building switch blocks.

  • VTP keeps VLAN information consistent between the Building Distribution layer and Building Access layer switches.

  • VLAN configuration errors or failures are confined to the distribution and access layer switch blocks.

  • Knowledge of all VLANs does not need to exist on all switches within the Campus Infrastructure module. Use of VTP is optional, and in high-availability environments it is best practice to set all switches to ignore VTP updates.

CAUTION:

VLANs deleted on one switch may be deleted on all switches in the VTP domain, and thus all ports are removed from that VLAN. Delete VLANs with caution on a switch participating in a VTP domain with other switches.


2.4.3 VTP Modes


VTP can be configured on each switch to operate in one of three modes: server, client, or transparent.


The default mode is server. The mode determines if VLANs can be created on the switch and how the switch participates in sending and receiving VTP advertisements. The number of VLANs that can be configured on a switch varies by mode.

Figure describes the features of the VTP client, server, and transparent modes.

CAUTION:

Before adding a VTP client or server to a VTP domain, always verify that its VTP configuration revision number is lower than the configuration revision number of the other switches in the VTP domain. Switches in a VTP domain always use the VLAN configuration of the switch with the highest VTP configuration revision number. If you add a switch in server or client mode that has a revision number that is higher than the revision number in the VTP domain, it can erase all VLAN information from the VTP server and VTP domain. To reset the VTP revision number on the switch that is being added, either modify the VTP domain name or set the VTP mode to transparent.


2.4.4 Describing VTP Pruning


VTP pruning uses VLAN advertisements to determine when a trunk connection is flooding traffic needlessly.

By default, a trunk connection carries traffic for all VLANs in the VTP management domain. Commonly, some switches in an enterprise network do not have local ports configured in each VLAN. In Figure , only switches 1 and 4 support ports statically configured in the red VLAN.

VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. VLAN1 is always ineligible for pruning; traffic from VLAN1 cannot be pruned.

Figure shows a switched network without VTP pruning enabled on the left. Port 1 on switch 1 and port 2 on switch 4 are assigned to the red VLAN. A broadcast is sent from the host connected to switch 1. Switch 1 floods the broadcast, and every network device in the network receives it, even though switches 3, 5, and 6 have no ports in the red VLAN. With VTP pruning enabled, the broadcast traffic from station A is not forwarded to switches 3, 5, and 6 because traffic for the red VLAN has been pruned on the links indicated on switches 2 and 4.

Note:
You can implement VTP pruning only on VTP servers, not on clients. Consider VTP pruning support to minimize traffic on trunk links.
Note:
A switch runs an instance of spanning tree for each VLAN that it is aware of, even if no ports are active or if VTP pruning is enabled. VTP pruning prevents unnecessary flooded traffic but does not eliminate the switch knowledge of pruned VLANs.

2.4.5 Describing VTP Operation



Switches within a VTP management domain synchronize their VLAN databases by sending and receiving VTP advertisements over trunk links. VTP advertisements are flooded throughout a management domain by switches running in specific modes of operation. Advertisements are sent every 5 minutes or whenever there is a change in VLAN configuration. VTP advertisements are transmitted over VLAN1, using a Layer 2 multicast frame. VLAN advertisements are not propagated from a switch until a management domain name is specified or learned.

Figure shows the general order of VLAN synchronization over VTP.

One of the most critical components of VTP is the configuration revision number. When initially configured, the VTP configuration revision number is set to 0. Each time a VTP server modifies its VLAN information, it increments the VTP configuration revision number by one. It then sends out a VTP advertisement referencing the new configuration revision number. If the configuration revision number being advertised is higher than the number stored on other switches in the VTP domain, they overwrite their VLAN configurations with the new information.

CAUTION:

Because of the overwrite process, if all VLANs on a VTP server are deleted, the VTP server sends an advertisement with a higher revision number. The receiving devices in the VTP domain accept the advertisement and delete those VLANs as well.

Three types of VTP advertisements are exchanged between switches:

  • Summary advertisements: An update sent by VTP servers every 300 seconds or when a VLAN database change occurs. Among other things, this advertisement lists the management domain, VTP version, domain name, configuration revision number, time stamp, and number of subset advertisements. If the advertisement results from a VLAN database change, one or more subset advertisements will follow.

  • Subset advertisements: An update that follows a summary advertisement resulting from a change in the VLAN database. A subset advertisement cites the specific change that was made to a specific VLAN entry in the VLAN database. One subset advertisement is sent for each VID that encountered a change.

  • Advertisement requests from clients: An update sent by a switch requesting information to update its VLAN database. If a client hears a VTP summary advertisement with a configuration revision number higher than its own, the switch may send an advertisement request. A switch operating in VTP server mode then responds with summary and subset advertisements.

Note:
VTP advertisements are associated with VLAN database information only, not with VLAN information configured on specific switch ports. Likewise, on a receiving switch, the receipt of new VLAN information does not change the VLAN associations of trunk or access ports on that switch.

2.4.6 Describing VTP Configuration Commands



The vtp configuration command is used to configure VTP characteristics for a switch. All switches in the same VTP domain share the same VTP domain name and password, if one is configured. It is a good idea to set the VTP mode to “client” if switches are being added to an existing switched network.

The show vtp commands are used to verify the current VTP parameter values.



Figure describes the commands that are used to configure VTP.


2.4.7 Configuring a VTP Management Domain



Default VTP configuration values depend on the switch model and the software version. The default values for the Catalyst 2900, 4000, and 6000 series switches are as follows:

  • VTP domain name: None

  • VTP mode: Server

  • VTP password: None

  • VTP trap: Disabled (Simple Network Management Protocol [SNMP] traps communicating VTP status)

The VTP domain name can be specified or learned from VTP updates received from other switches. By default, the domain name is not set.

A password can be set for the VTP management domain. The password must be the same for all switches in the domain in order for the VLAN database to be synchronized among switches.



The steps for configuring VTP vary per design and switch mode, but the general steps for configuring a switch are as follows :



Step 1 Establish a design specifying which switches are server, client, or transparent, and what the boundaries are for the VTP domain.


Step 2 Verify the current VLAN information on any switch that will be configured as server.


Step 3 Specify the VTP password (optional).


Step 4 Specify the version number, if other than the default.


Step 5 Specify the VTP domain name (case-sensitive).


Step 6 Configure the VTP mode.


Step 7 Verify the configuration.


Step 8 Verify that updates are being sent from or received by the switch as intended.

Figure describes the commands used to configure a switch to become part of a VTP domain. Follow these steps from privileged EXEC mode.



Use the show vtp status command to verify the VTP configuration.

When initially configuring switches in a VTP domain, pay close attention to the configuration revision number. Check to see that it increments only when changes are made at intended VTP servers.

In Figure , “Configuration last modified by 10.1.1.1” specifies the IP address of the switch that last updated the VLAN database of this switch.

Note:
In this example, VTP version 2 is available (as shown by the “VTP Version” line of the output), but not enabled (as shown by the “VTP V2 Mode”).

Use the show vtp counters command to display statistics about VTP operation.

Output from this command verifies if VTP updates are being sent and received by the switch, and it records the number of updates that have been seen.



2.4.8 Adding New Switches to an Existing VTP Domain

The configuration revision number is used when determining if a switch should keep its existing VLAN database or overwrite it with the VTP update sent by another switch in the same domain with the same password. Therefore, when a switch is added to a network, it is important that it does not inject spurious information into the domain.


CAUTION:

This overwrite occurs whether the switch is a VTP client or server. A VTP client can erase VLAN information on a VTP server. One indication that information has been erased is when many of the ports in the network go into inactive state because the ports are now assigned to a nonexistent VLAN. An example of a VTP client overwriting a VTP server will be shown later.



Figure describes the procedure for adding a new switch to a network. For VLAN stability, it is critical to add a switch in this manner.

No hay comentarios:

Publicar un comentario