Configuring VTP and Virtual LANs

8/7/2019 Configuring VTP and Virtual LANs

1/24

C H A P T E R

Configuring VTP and Virtual LANs 13-1

1 3

Configuring VTP and Virtual LANs

This chapter describes how to configure VLAN Trunk Protocol (VTP) and virtual LANs (VLANs).

Note For complete syntax and usage information for the commands used in this chapter, refer to

the Catalyst 5000 Series Command Reference publication.

This chapter consists of these sections:

Using VTP on page 13-1

Using VLANs on page 13-12

Using VTPThese sections describe how to use VTP with the Catalyst 5000 series switches:

Understanding How VTP Works on page 13-1

VTP Default Configuration on page 13-5

VTP Configuration Guidelines on page 13-6

Configuring VTP on page 13-6

Understanding How VTP WorksBefore you create VLANs, you must decide whether to use VTP in your network. With VTP, you

can make configuration changes centrally on a single Catalyst 5000 series switch and have those

changes automatically communicated to all the other switches in the network.

VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing

the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizesmisconfigurations and configuration inconsistencies that can result in a number of problems, such as

duplicate VLAN names, incorrect VLAN-type specifications, and security violations.


2/24

Using VTP

Catalyst 5000 Series Software Configuration Guide13-2

These sections describe how VTP works on the Catalyst 5000 series switches:

Understanding the VTP Domain on page 13-2

Understanding VTP Modes on page 13-2

Understanding VTP Advertisements on page 13-3

Understanding VTP Version 2 on page 13-3

Understanding VTP Pruning on page 13-4

Understanding the VTP Domain

A VTP domain (also called a VLAN management domain) is made up of one or more interconnected

switches that share the same VTP domain name. A switch can be configured to be in one and only

one VTP domain. You make global VLAN configuration changes for the domain using either the

command-line interface (CLI) or Simple Network Management Protocol (SNMP).

By default, the Catalyst 5000 series switch is in VTP server mode and is in the no-management

domain state until the switch receives an advertisement for a domain over a trunk link or youconfigure a management domain. You cannot create or modify VLANs on a VTP server until the

management domain name is specified or learned.

If the switch receives a VTP advertisement over a trunk link, it inherits the management domain

name and configuration revision number. The switch ignores advertisements with a different

management domain name or an earlier configuration revision number.

If you configure the switch as VTP transparent, you can create and modify VLANs but the changes

affect only the individual switch.

When you make a change to the VLAN configuration on a VTP server, the change is propagated to

all switches in the VTP domain. VTP advertisements are transmitted out all trunk connections,

including Inter-Switch Link (ISL), IEEE 802.1Q, IEEE 802.10, and ATM LAN Emulation (LANE).

VTP maps VLANs dynamically across multiple LAN types with unique names and internal indexassociations. Mapping eliminates excessive device administration required from network

administrators.

Understanding VTP Modes

You can configure a Catalyst 5000 series switch to operate in any one of these VTP modes:

ServerIn VTP server mode, you can create, modify, and delete VLANs and specify otherconfiguration parameters (such as VTP version and VTP pruning) for the entire VTP domain.

VTP servers advertise their VLAN configuration to other switches in the same VTP domain and

synchronize their VLAN configuration with other switches based on advertisements received

over trunk links. VTP server is the default mode.

ClientVTP clients behave the same way as VTP servers, but you cannot create, change, ordelete VLANs on a VTP client.

TransparentVTP transparent switches do not participate in VTP. A VTP transparent switchdoes not advertise its VLAN configuration and does not synchronize its VLAN configuration

based on received advertisements. However, in VTP version 2, transparent switches do forward

VTP advertisements that they receive out their trunk ports.


3/24


Understanding How VTP Works

Understanding VTP Advertisements

Each Catalyst 5000 series switch in the VTP domain sends periodic advertisements out each trunk

port to a reserved multicast address. VTP advertisements are received by neighboring switches,

which update their VTP and VLAN configurations as necessary.

The following global configuration information is distributed in VTP advertisements:

VLAN IDs (ISL and 802.1Q)

Emulated LAN names (for ATM LANE)

802.10 SAID values (FDDI)

VTP domain name

VTP configuration revision number

VLAN configuration, including maximum transmission unit (MTU) size for each VLAN

Frame format

Understanding VTP Version 2

If you use VTP in your network, you must decide whether to use VTP version 1 or version 2. VTP

version 1 is supported in Catalyst 5000 series supervisor engine software release 2.1 or later and

ATM software release 3.1 or later. VTP version 2 is supported in Catalyst 5000 series software

release 3.1(1) and later.

Note If you are using VTP in a Token Ring environment, you must use version 2.

VTP version 2 supports the following features not supported in version 1:

Token Ring supportVTP version 2 supports Token Ring LAN switching and VLANs (TokenRing Bridge Relay Function [TrBRF] and Token Ring Concentrator Relay Function [TrCRF]).

For more information about Token Ring VLANs, refer to the Understanding How VLANs

Work section on page 13-12.

Unrecognized Type-Length-Value (TLV) SupportA VTP server or client propagatesconfiguration changes to its other trunks, even for TLVs it is not able to parse. The unrecognized

TLV is saved in nonvolatile RAM (NVRAM).

Version-Dependent Transparent ModeIn VTP version 1, a VTP transparent switch inspectsVTP messages for the domain name and version, and forwards a message only if the version and

domain name match. Since only one domain is supported in the Catalyst 5000 series software,

VTP version 2 forwards VTP messages in transparent mode, without checking the version.

Consistency ChecksIn VTP version 2, VLAN consistency checks (such as VLAN names andvalues) are performed only when you enter new information through the CLI or SNMP.Consistency checks are not performed when new information is obtained from a VTP message,

or when information is read from NVRAM. If the digest on a received VTP message is correct,

its information is accepted without consistency checks.


4/24

Using VTP


Understanding VTP Pruning

VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as

broadcast, multicast, unknown, and flooded unicast packets. VTP pruning increases available

bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the

appropriate network devices. By default, VTP pruning is disabled.

Make sure that all devices in the management domain support VTP pruning before enabling it. VTP

pruning is supported in Catalyst 5000 series software release 2.3 and later.

Figure 13-1 shows a switched network without VTP pruning enabled. Port 1 on Switch 1 and port 2

on Switch 4 are assigned to the Red VLAN. A broadcast is sent from the host connected to Switch 1.

Switch 1 floods the broadcast and every switch in the network receives it, even though Switches 3,

5, and 6 have no ports in the Red VLAN.

Figure 13-1 Flooding Traffic without VTP Pruning

Figure 13-2 shows thesame switched network with VTPpruning enabled. Thebroadcast traffic from

Switch 1 is not forwarded to Switches 3, 5, and 6 because traffic for the Red VLAN has been pruned

on the links indicated (port 5 on Switch 2 and port 4 on Switch 4).

Catalyst series

Switch 4

Catalyst series

Switch 5

Catalyst series

Switch 3

Catalyst series

Switch 6

Catalyst series

Switch 1

Catalyst series

Switch 2

Port 1

Port 2

Red

VLAN

S5812


5/24


VTP Default Configuration

Figure 13-2 Flooding Traffic with VTP Pruning

Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP

pruning takes effect several seconds after you enable it. By default, VLANs 2 through 1000 are

pruning-eligible. VTP pruning does not prune traffic from VLANs that are pruning-ineligible.

VLAN 1 is always pruning-ineligible; traffic from VLAN 1 cannot be pruned.

To make a VLANpruning ineligible, enter theclearvtp pruneeligible command. To make a VLAN

pruning eligible again, enter the set vtp pruneeligible command. You can set VLAN

pruning-eligibility regardless of whether VTP pruning is enabled or disabled for the domain.

Pruning eligibility always applies to the local device only, not for the entire VTP domain.

VTP Default ConfigurationTable 13-1 shows the default VTP configuration.

Table 13-1 VTP Default Configuration

Feature Default Value

VTP domain name Null

VTP mode Server

VTP version 2 enable state Version 2 is disabled

VTP password None

VTP pruning Disabled

Switch 4

Switch 5

Switch 3Switch 6 Switch 1

Catalyst 2900 XL or

Catalyst 3500 XL

Switch 2

Port 1

Port 2

Red

VLAN

S5813

Port4

Port5

Flooded traffic

is pruned.


6/24

Using VTP


VTP Configuration GuidelinesFollow these guidelines when implementing VTP in your network:

All switches in a VTP domain must run the same VTP version.

You must configure a password on each Catalyst 5000 series switch in the management domainwhen in secure mode.

A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTPversion 1 provided VTP version 2 is disabled on the VTP version 2-capable switch (VTP

version 2 is disabled by default).

Do not enable VTP version 2 on a switch unless all of the switches in the same VTP domain areversion 2-capable. When you enable VTP version 2 on a switch, all of the version 2-capable

switches in the domain enable VTP version 2.

In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN switchingto function properly.

Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for theentire management domain.

Making VLANs pruning-eligible or pruning-ineligible on a switch affects pruning-eligibility forthose VLANs on that device only (not on all switches in the VTP domain).

Configuring VTP

These sections describe how to configure VTP on the Catalyst 5000 series switches: Configuring a VTP Server on page 13-7

Configuring a VTP Client on page 13-7

Disabling VTP on page 13-8

Enabling VTP Version 2 on page 13-9

Disabling VTP Version 2 on page 13-9

Configuring VTP Pruning on page 13-10

Disabling VTP Pruning on page 13-11

Monitoring VTP on page 13-11

Caution If you configure VTP in secure mode, the management domain will not function

properly if you do not assign a management domain password to each Catalyst 5000 series switch

in the domain.


7/24


Configuring VTP

Configuring a VTP Server

When a switch is in VTP server mode, you can change the VLAN configuration and have it

propagate throughout the network.

To configure the switch as a VTP server, perform this task in privileged mode:

This example shows how to configure the switch as a VTP server and verify the configuration:

Console> (enable) set vtp domain Lab_Network

VTP domain Lab_Network modifiedConsole> (enable) set vtp mode server

VTP domain Lab_Network modified

Console> (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

-------------------------------- ------------ ----------- ----------- ----------

Lab_Network 1 2 server -

Vlan-count Max-vlan-storage Config Revision Notifications

---------- ---------------- --------------- -------------

10 1023 40 enabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

--------------- -------- -------- -------------------------

172.20.52.70 disabled disabled 2-1000

Console> (enable)

Configuring a VTP Client

When a switch is in VTP client mode, you cannot change the VLAN configuration on the switch.

The client switch receives VTP updates from a VTP server in the management domain and modifies

its configuration accordingly.

To configure the switch as a VTP client, perform this task in privileged mode:

Task Command

Step 1 Define the VTP domain name. set vtp domain name

Step 2 Place the switch in VTP server

mode.

set vtp mode server

Step 3 (Optional) Set a password for the

VTP domain.

set vtp passwd passwd

Step 4 Verify the VTP configuration. show vtp domain

Task Command

Step 1 Define the VTP domain name. set vtp domain name

Step 2 Place the switch in VTP client

mode.

set vtp mode client



8/24

Using VTP


This example shows how to configure the switch as a VTP client and verify the configuration:

Console> (enable) set vtp domain Lab_Network


Console> (enable) set vtp mode client


Console> (enable) show vtp domainDomain Name Domain Index VTP Version Local Mode Password

-------------------------------- ------------ ----------- ----------- ----------

Lab_Network 1 2 client -


---------- ---------------- --------------- -------------

10 1023 40 enabled


--------------- -------- -------- -------------------------


Console> (enable)

Disabling VTP

When you configure the switch as VTP transparent, you disable VTP on the switch. A VTPtransparent switch does not send VTP updates and does not act on VTP updates received from other

switches. However, a VTP transparent switch running VTP version 2 does forward received VTP

advertisements out all of its trunk links.

To disable VTP on the switch, perform this task in privileged mode:

This example shows how to configure the switch as VTP transparent and verify the configuration:

Console> (enable) set vtp mode transparent

VTP domain Lab_Net modified



-------------------------------- ------------ ----------- ----------- ----------

Lab_Net 1 2 Transparent -


---------- ---------------- --------------- -------------

10 1023 0 enabled


--------------- -------- -------- -------------------------


Console> (enable)

Task Command

Step 1 Place the switch in VTP

transparent mode (disabling VTP

on the switch).

set vtp mode transparent



9/24


Configuring VTP

Enabling VTP Version 2

VTP version 2 is disabled by default on VTP version 2-capable switches. When you enable VTP

version 2 on a switch, every VTP version 2-capable switch in the VTP domain will enable version 2

as well.

Note In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN

switching to function properly.

To enable VTP version 2, perform this task in privileged mode:

This example shows how to enable VTP version 2 and verify the configuration (shown by the arrow):

Console> (enable) set vtp v2 enable

This command will enable the version 2 function in the entire management domain.

All devices in the management domain should be version2-capable before enabling.

Do you want to continue (y/n) [n]? y

VTP domain Lab_Net modified



-------------------------------- ------------ ----------- ----------- ----------

Lab_Net 1 2 server -


---------- ---------------- --------------- -------------

10 1023 1 enabled


--------------- -------- -------- -------------------------

172.20.52.70 enabled disabled 2-1000

Console> (enable)

Disabling VTP Version 2

To disable VTP version 2, perform this task in privileged mode:

Caution VTP version 1 and VTP version 2 are not interoperable on switches in the same VTP

domain. Every switch in the VTP domain must use the same VTP version. Do not enable VTP

version 2 unless every switch in the VTP domain supports version 2.

Task Command

Step 1 Enable VTP version 2 on the switch. set vtp v2 enable

Step 2 Verify that VTP version 2 is enabled. show vtp domain

Task Command

Step 1 Disable VTP version 2. set vtp v2 disableStep 2 Verify that VTP version 2 is

disabled.

show vtp domain


10/24

Using VTP


This example shows how to disable VTP version 2:

Console> (enable) set vtp v2 disable

This command will disable the version 2 function in the entire management domain.

Warning: trbrf & trcrf vlans will not work properly in this mode.


VTP domain Lab_Net modifiedConsole> (enable)

Configuring VTP Pruning

To configure VTP pruning, perform this task in privileged mode:

This example shows how to enable VTP pruning in the management domain and how to make

VLANs 299, 250255, and 5011000 pruning-eligible on the particular device:

Console> (enable) set vtp pruning enable

This command will enable the pruning function in the entire management domain.

All devices in the management domain should be pruning-capable before enabling.Do you want to continue (y/n) [n]? y


Console> (enable) clear vtp pruneeligible 100-500

Vlans 1,100-500,1001-1005 will not be pruned on this device.

VTP domain Lab_Network modified.

Console> (enable) set vtp pruneeligible 250-255

Vlans 2-99,250-255,501-1000 eligible for pruning on this device.

VTP domain Lab_Network modified.



-------------------------------- ------------ ----------- ----------- ----------

Lab_Network 1 2 server -


---------- ---------------- --------------- -------------8 1023 16 disabled


--------------- -------- -------- -------------------------

172.20.52.2 disabled enabled 2-99,250-255,501-1000

Console> (enable) show trunk

Port Mode Encapsulation Status Native vlan

-------- ----------- ------------- ------------ -----------

1/1 auto isl trunking 523

Task Command

Step 1 Enable VTP pruning in the management

domain.

set vtp pruning enable

Step 2 (Optional) Make specific VLANs

pruning-ineligible on the device. (By

default, VLANs 21000 are

pruning-eligible.)

clear vtp pruneeligible vlan_range

Step 3 (Optional) Make specific VLANs

pruning-eligible on the device.

set vtp pruneeligible vlan_range

Step 4 Verify the VTP pruning configuration. show vtp domain

Step 5 Verify that the appropriate VLANs are

being pruned on trunk ports.

show trunk


11/24


Configuring VTP

Port Vlans allowed on trunk

-------- ---------------------------------------------------------------------

1/1 1-1005

Port Vlans allowed and active in management domain

-------- ---------------------------------------------------------------------

1/1 1,522-524

Port Vlans in spanning tree forwarding state and not pruned

-------- ---------------------------------------------------------------------

1/1 1,522-524

Console> (enable)

Disabling VTP Pruning

To disable VTP pruning, perform this task in privileged mode:

This example shows how to disable VTP pruning in the management domain:

Console> (enable) set vtp pruning disable

This command will disable the pruning function in the entire management domain.



Console> (enable)

Monitoring VTP

To monitor VTP activity, including VTP advertisements sent and received and VTP errors, performthis task:

This example shows how to display VTP statistics on the switch:

Console> (enable) show vtp statistics

VTP statistics:

summary advts received 4690

subset advts received 7

request advts received 0

summary advts transmitted 4397

subset advts transmitted 8request advts transmitted 0

No of config revision errors 0

No of config digest errors 0

VTP pruning statistics:

Trunk Join Trasmitted Join Received Summary advts received from

non-pruning-capable device

-------- --------------- ------------- ---------------------------

1/1 0 0 0

1/2 0 0 0

Console> (enable)

Task Command

Step 1 Disable VTP pruning in the management

domain.

set vtp pruning disable

Step 2 Verify that VTP pruning is disabled. show vtp domain

Task Command

Display VTP statistics for the switch. show vtp statistics


12/24

Using VLANs


Using VLANsThese sections describe how to use VLANs on the Catalyst 5000 series switches:

Understanding How VLANs Work on page 13-12

VLAN Default Configuration on page 13-17 VLAN Configuration Guidelines on page 13-17

Configuring VLANs on page 13-18

Understanding How VLANs WorkA VLAN is a group of end stations with a common set of requirements, independent of physical

location. VLANs have the same attributes as a physical LAN but allow you to group end stations

even if they are not located physically on the same LAN segment.

The following sections describe how VLANs work on the Catalyst 5000 series switches:

Understanding VLANs in a VTP Domain on page 13-12 Understanding Token Ring VLANs on page 13-14

Understanding VLANs in a VTP Domain

VLANs allow you to group ports on Catalyst 5000 series switches to limit unicast, multicast, and

broadcast traffic flooding. Flooded traffic originating from a particular VLAN is only flooded out

other ports belonging to that VLAN.

Note Before you create VLANs, you must decide whether to use VTP to maintain global VLAN

configuration information for your network. For complete information on VTP, refer to the Using

VTP section on page 13-1.


13/24


Understanding How VLANs Work

Figure 13-3 shows an example of VLANs segmented into logically defined networks.

Figure 13-3 VLANs as Logically Defined Networks

VLANs are often associated with IP subnetworks. For example, all the end stations in a particular

IP subnet belong to the same VLAN. Traffic between VLANs must be routed. Port VLAN

membership on the switch is assigned manually on a port-by-port basis. When you assign switch

ports to VLANs using this method, it is known as port-based, or static, VLAN membership.

Note Catalyst 5000 series switches support dynamic VLAN membership using the VLAN

Membership Policy Server (VMPS). For information on how to configure VMPS and dynamic port

VLAN membership, refer to the Configuring Dynamic Port VLAN Membership with VMPS

chapter.

The in-band (sc0) interface of a Catalyst 5000 series switch can be assigned to any VLAN, so you

can access another Catalyst 5000 series switch on the same VLAN directly without a router. Only

one IP address at a time can be assigned to the in-band interface. If you change the IP address and

assign the interface to a different VLAN, the previous IP address and VLAN assignment are

overwritten.

You can set these parameters when you create a VLAN in the management domain:

VLAN number

VLAN name

VLAN type (Ethernet, Fiber Disributed Data Interface [FDDI], FDDI network entity title [NET],TrBRF, or TrCRF)

VLAN state (active or suspended)

Maximum transmission unit (MTU) for the VLAN

Floor 1

Floor 2

EngineeringVLAN

Cisco router

FastEthernet

Catalyst 5000

Catalyst 5000

Catalyst 5000

Floor 3

MarketingVLAN

AccountingVLAN

S5071


14/24

Using VLANs


Security Association Identifier (SAID)

Bridge identification number for TrBRF VLANs

Ring number for FDDI and TrCRF VLANs

Parent VLAN number for TrCRF VLANs

Spanning-Tree Protocol (STP) type for TrCRF VLANs

VLAN number to use when translating from one VLAN type to another

Note When translating from one VLAN type to another, the Catalyst 5000 series switch requires a

different VLAN number for each media type.

Understanding Token Ring VLANs

Two Token Ring VLAN types are supported on Catalyst 5000 series switches running VTP

version 2:

Token Ring TrBRF VLANs

Token Ring TrCRF VLANs

Token Ring TrBRF VLANs

Token Ring Bridge Relay Function (TrBRF) VLANs interconnect multiple Token Ring

Concentrator Relay Function (TrCRF) VLANs in a switched Token Ring network (see Figure 13-4).

The TrBRF can be extended across a network of switches interconnected via trunk links. The

connection between the TrCRF and the TrBRF is referred to as a logical port.

Figure 13-4 Interconnected Token Ring TrBRF and TrCRF VLANs

For source routing, the switch appears as a single bridge between the logical rings. The TrBRF can

function as a source-route bridge (SRB) or source-route transparent (SRT) bridge running either the

IBM or IEEE STP. If SRB is used, you can define duplicate Media Access Control (MAC) addresses

on different logical rings.

TokenRing001

TokenRing001

TokenRing002

TokenRing002

TokenRing011

TokenRing002

SRS SRS SRS

SRB or SRT

BRF

CRF

S6624


15/24


Understanding How VLANs Work

The Catalyst 5000 series Token Ring software runs an instance of STP for each TrBRF VLAN and

each TrCRF VLAN. ForTrCRF VLANs, STPremoves loops in the logical ring. ForTrBRFVLANs,

STP interacts with external bridges to remove loops from the bridge topology, similar to STP

operation on Ethernet VLANs.

For source routing, the switch appears as a single bridge between the logical rings. The TrBRF can

function as an SRB or SRT bridge running either the IBM or IEEE STP. If SRB is used, duplicate

MAC addresses can be defined on different logical rings.

To accommodate IBM System Network Architecture (SNA) traffic, you can use a combination of

SRT and SRB modes. In a mixed mode, the TrBRF considers some ports (logical ports connected to

TrCRFs) to operate in SRB mode while others operate in SRT mode.

Token Ring TrCRF VLANs

Token Ring Concentrator Relay Function (TrCRF) VLANs define port groups with the same logical

ring number. You can configure two types of TrCRFs in your network: undistributed and backup.

Typically, TrCRFs are undistributed, which means each TrCRF is limited to the ports on a single

Catalyst 5000 series switch. Multiple undistributed TrCRFs on the same or separate switches can be

associated with a single parent TrBRF (see Figure 13-5). The parent TrBRF acts as a multiport

bridge, forwarding traffic between the undistributed TrCRFs.

Note To pass data between rings located on separate switches, you can associate the rings to the

same TrBRF and configure the TrBRF for SRB.

Figure 13-5 Undistributed TrCRFs

Note By default, Token Ring ports are associated with the default TrCRF (VLAN 1003,

trcrf-default), which has the default TrBRF (VLAN 1005, trbrf-default) as its parent. In this

configuration, a distributed TrCRF is possible (see Figure 13-6), and traffic is passed between the

default TrCRFs located on separate switches provided that the switches are connected via an ISL

trunk.

Caution Certain parent TrBRF STP and TrCRF bridge mode configurations can place the logical

ports (the connection between the TrBRF and the TrCRF) of the TrBRF in a blocked state. For

more information, refer to the VLAN Configuration Guidelines section on page 13-17.

S6813

TrBRF 3

ISLSwitch A Switch B

TrCRF200

TrCRF350

TrCRF400


16/24

Using VLANs


Figure 13-6 Distributed TrCRF

Within a TrCRF, source-route switching forwards frames based on either MAC addresses or route

descriptors. The entire VLAN can operate as a single ring, with frames switched between ports

within a single TrCRF.

You can specify the maximum hop count for All-Routes and Spanning-Tree Explorer frames for

each TrCRF. This limits the maximum number of hops an explorer is allowed to traverse. If a portdetermines that the explorer frame it is receiving has traversed more than the number of hops

specified, it does not forward the frame. The TrCRF determines the number of hops an explorer has

traversed based on the number of bridge hops in the route information field.

A backup TrCRF enables you to configure an alternate route for traffic between undistributed

TrCRFs located on separate switches that are connected by a TrBRF, in the event that the ISL

connection between the switches fails. Only one backup TrCRF for a TrBRF is allowed, and only

one port per switch can belong to a backup TrCRF.

If the ISL connection between the switches fails, the port in the backup TrCRF on each affected

switch automaticallybecomes active, reroutingtraffic between the undistributedTrCRFs through the

backup TrCRF. When the ISL connection is reestablished, all but one port in the backup TrCRF is

disabled. Figure 13-7 illustrates the backup TrCRF.

Figure 13-7 Backup TrCRF

TrBRF 2

ISL

S6812

Switch A Switch B

TrCRF300

TrCRF300

TrCRF300

TrCRF600

TrBRF 1

ISL

S6811

Switch A Switch B

TrCRF601

Backup

TrCRF 612


17/24


VLAN Default Configuration

VLAN Default ConfigurationTable 13-2 shows the default VLAN configuration.

Table 13-2 VLAN Default Configuration

VLAN Configuration GuidelinesFollow these guidelines when creating and modifying VLANs in your network:

A maximum of 250 VLANs can be active at any time.

Before you can create a VLAN, the switch must be in VTP server mode or VTP transparentmode. If the switch is a VTP server, you must define a VTP domain. For information on

configuring VTP, refer to the Configuring VTP section on page 13-6.

The default TrBRF (VLAN 1005) can only be the parent of the default TrCRF (VLAN 1003).You cannot specify the default TrBRF as the parent of a user-configured TrCRF.

You must configure a TrBRF before you configure the TrCRF (the parent TrBRF VLAN youspecify must exist).

In a Token Ring environment, the logical ports (the connection between the TrBRF and theTrCRF) of the TrBRF are placed in a blocked state if either of these conditions exists:

The TrBRF is running the IBM STP, and the TrCRF is in SRT mode.

The TrBRF is running the IEEE STP, and the TrCRF is in SRB mode.

Feature Default Value

Native (default) VLAN VLAN 1

Port VLAN assignments All ports assigned to VLAN 1

Token Ring ports assigned to VLAN 1003 (trcrf-default)

VLAN state Enabled

MTU size 1500 bytes

4472 bytes for Token Ring VLANs

SAID value 100,000 plus the VLAN number (for example, the SAID for VLAN

VLAN 3 is 100003)

Pruning eligibility VLAN 21000 are pruning-eligible

Default FDDI VLAN VLAN 1002

Default FDDI NET VLAN VLAN 1004

Default Token Ring TrBRF VLAN VLAN 1005 (trbrf-default) with bridge number 0F

Default Token Ring TrCRF VLAN VLAN 1003 (trcrf-default)

TrBRF STP IBM

TrCRF bridge mode SRB


18/24

Using VLANs


Configuring VLANs

Note VLANs support a number of parameters that are not discussed in detail in this section. For

complete information on the set vlan command and its parameters, refer to the Catalyst 5000 Series

Command Reference publication.

These sections describe how to configure VLANs on the Catalyst 5000 series switches:

Creating or Modifying an Ethernet VLAN section on page 13-18

Creating or Modifying an FDDI VLAN section on page 13-19

Creating or Modifying a Token Ring TrBRF VLAN section on page 13-19

Creating or Modifying a Token Ring TrCRF VLAN section on page 13-20

Assigning Switch Ports to a VLAN section on page 13-22

Deleting a VLAN section on page 13-23

Creating or Modifying an Ethernet VLAN

To create a new Ethernet VLAN, perform this task in privileged mode:

Note The default VLAN type is Ethernet; if you do not specify the VLAN type, the VLAN is an

Ethernet VLAN.

This example shows how to create an Ethernet VLAN and verify the configuration:

Console> (enable) set vlan 500 name Engineering

Vlan 500 configuration successful

Console> (enable) show vlan 500

VLAN Name Status IfIndex Mod/Ports, Vlans

---- -------------------------------- --------- ------- ------------------------

500 Engineering active 344

VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------

500 enet 100500 1500 - - - - - 0 0

VLAN AREHops STEHops Backup CRF---- ------- ------- ----------

Console> (enable)

Task Command

Step 1 Create a new Ethernet VLAN. set vlan vlan_num [name name] [said said] [mtu mtu]

[translation vlan_num]

Step 2 Verify the VLAN configuration. show vlan [vlan_num]


19/24


Configuring VLANs

To modify the VLAN parameters on an existing Ethernet VLAN, perform this task in privileged

mode:

Creating or Modifying an FDDI VLAN

To create a new FDDI VLAN, perform this task in privileged mode:

To modify the VLAN parameters on an existing FDDI VLAN, perform this task in privileged mode:

Creating or Modifying a Token Ring TrBRF VLAN

Note You must enable VTP version 2 before you create Token Ring VLANs. For information on

enabling VTP version 2, refer to the Configuring VTP section on page 13-6.

To create a new Token Ring TrBRF VLAN, perform this task in privileged mode:

Note You must specify a bridge number when creating a new TrBRF.

Task Command

Step 1 Modify an existing Ethernet VLAN. set vlan vlan_num [name name] [state {active |

suspend}] [said said] [mtu mtu] [translation vlan_num]


Task Command

Step 1 Create a new FDDI or FDDI NET type

VLAN.

set vlan vlan_num [name name] type {fddi | fddinet}

[said said] [mtu mtu]


Task Command

Step 1 Modify an existing FDDI or FDDI NET type

VLAN.

set vlan vlan_num [name name] [state {active |

suspend}] [said said] [mtu mtu]


Task Command

Step 1 Create a new Token Ring TrBRF type

VLAN.

set vlan vlan_num [name name] type trbrf[said said]

[mtu mtu] bridge bridge_number[stp {ieee | ibm}]



20/24

Using VLANs


This example shows how to create a new Token Ring TrBRF VLAN and verify the configuration:

Console> (enable) set vlan 999 name TrBRF_999 type trbrf bridge a




---- -------------------------------- --------- ------- ------------------------999 TrBRF_999 active


---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------

999 trbrf 100999 4472 - - 0xa ibm - 0 0

VLAN AREHops STEHops Backup CRF

---- ------- ------- ----------

Console> (enable)

To modify the VLAN parameters on an existing Token Ring TrBRF VLAN, perform this task in

privileged mode:

Creating or Modifying a Token Ring TrCRF VLAN

Note You must enable VTP version 2 before you create Token Ring VLANs. For information on

enabling VTP version 2, refer to the Configuring VTP section on page 13-6.

To create a new Token Ring TrCRF VLAN, perform this task in privileged mode:

Note You must specify a ring number (either in hexadecimal or in decimal) and a parent TrBRF

VLAN when creating a new TrCRF.

Task Command

Step 1 Modify an existing Token Ring TrBRF type

VLAN.


suspend}] [said said] [mtu mtu] [bridge bridge_number][stp {ieee | ibm}]


Task Command

Step 1 Create a new Token Ring TrCRF type

VLAN.

set vlan vlan_num [name name] type trcrf[said said]

[mtu mtu] {ring hex_ring_number| decring

decimal_ring_number} parent vlan_num



21/24


Configuring VLANs

This example shows how to create a Token Ring TrCRF VLAN and verify the configuration:

Console> (enable) set vlan 998 name TrCRF_998 type trcrf decring 10 parent 999




---- -------------------------------- --------- ------- ------------------------998 TrCRF_998 active 352


---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------

998 trcrf 100998 4472 999 0xa - - srb 0 0


---- ------- ------- ----------

998 7 7 off

Console> (enable)

To modify the VLAN parameters on an existing Token Ring TrCRF VLAN, perform this task in

privileged mode:

To create a backup TrCRF, assign one port on each switch that the TrBRF traverses to the backup

TrCRF.

To configure a TrCRF VLAN as a backup TrCRF, perform this task in privileged mode:

Task CommandStep 1 Modify an existing Token Ring TrCRF type

VLAN.


suspend}] [said said] [mtu mtu] [ring hex_ring_num]

[decring decimal_ring_num] [bridge bridge_num]

[parent vlan_num]


Task Command

Step 1 Configure a TrCRF VLAN as a backup

TrCRF.

set vlan vlan_num backupcrf on


Caution If the backup TrCRF port is attached to a Token Ring multistation access unit (MSAU),

it does not provide a backup path unless the ring speed and port mode are set by another device.

We recommend that you configure the ring speed and port mode for the backup TrCRF.


22/24

Using VLANs


To specify themaximum number of hops for All-Routes Explorer frames or Spanning-Tree Explorer

frames in the TrCRF, perform this task in privileged mode:

This example shows how to limit All-Routes Explorer frames and Spanning-Tree Explorer frames

to ten hops, and how to verify the configuration (shown by the arrow):

Console> (enable) set vlan 998 aremaxhop 10 stemaxhop 10




---- -------------------------------- --------- ------- ------------------------

998 VLAN0998 active 357


---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------

998 trcrf 100998 4472 999 0xff - - srb 0 0


---- ------- ------- ----------

998 10 10 off

Console> (enable)

Assigning Switch Ports to a VLAN

A VLAN created in a management domain remains unused until you assign one or more switch ports

to the VLAN. If you specify a VLAN that does not exist, the VLAN is created and the specified ports

are assigned to it.

Note Make sure you assign switch ports to a VLAN of the proper type. For example, assign

Ethernet, Fast Ethernet, and Gigabit Ethernet ports to Ethernet-type VLANs, Token Ring ports to

Token Ring TrCRF-type VLANs, and so forth.

To assign one or more switch ports to a VLAN, perform this task in privileged mode:

Task Command

Step 1 Specify the maximum number of hops for

All-Routes Explorer frames in the TrCRF.

set vlan vlan_num aremaxhop hopcount

Step 2 Specify the maximum number of hops for

Spanning-Tree Explorer frames in the

TrCRF.

set vlan vlan_num stemaxhop hopcount


Task Command

Step 1 Assign one or more switch ports to

a VLAN.

set vlan vlan_num mod_num/port_num

Step 2 Verify the port VLAN membership. show vlan [vlan_num]

show port [mod_num[/port_num]]


23/24


Configuring VLANs

This example shows how to assign switch ports to a VLAN and verify the assignment:

Console> (enable) set vlan 560 4/10

VLAN 560 modified.

VLAN 1 modified.

VLAN Mod/Ports

---- -----------------------560 4/10



---- -------------------------------- --------- ------- ------------------------

560 Engineering active 348 4/10


---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------

560 enet 100560 1500 - - - - - 0 0


---- ------- ------- ----------

Console> (enable) show port 4/10

Port Name Status Vlan Level Duplex Speed Type

----- ------------------ ---------- ---------- ------ ------ ----- ------------

4/10 notconnect 560 normal half 10 10BaseT

Last-Time-Cleared

--------------------------

Wed Jun 24 1998, 12:16:41

Console> (enable)

Deleting a VLAN

When you delete a VLAN in VTP server mode, the VLAN is removed from all switches in the VTP

domain. When you delete a VLAN in VTP transparent mode, the VLAN is deleted only on the

current switch.

To delete a VLAN on the switch, perform this task in privileged mode:

Note You cannot delete a Token Ring TrBRF VLAN without first reassigning its child TrCRFs to

another parent TrBRF, or deleting the child TrCRFs.

This example shows how to delete a VLAN (in this case, the switch is a VTP server):

Console> (enable) clear vlan 500

This command will deactivate all ports on vlan 500

in the entire management domain

Do you want to continue(y/n) [n]?y

Vlan 500 deleted

Console> (enable)

Caution When youdeletea VLAN, any ports assigned to that VLANbecomeinactive. Such ports

remain associated with the VLAN (and thus inactive) until you assign them to a new VLAN.

Task Command

Delete a VLAN. clear vlan vlan_num


24/24

Using VLANs

Documents

Configuring VTP and Virtual LANs