Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.0(2)EX1 First Published: August 08, 2013 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
CONTENTS Preface Preface xi Document Conventions xi Related Documentation xiii Obtaining Documentation and Submitting a Service Request xiii CHAPTER 1 Using the Command-Line Interface 1 Information About Using the Command-Line Interface 1 Command Modes 1 Using the Help System 3 Understanding Abbreviated Commands 4 No and default Forms of Commands 4 CLI Error Messages 4 Configuration Logging 5 How to Use the CLI to Configure Features 5 Configuring the Command History 5 Changing the Command History Buffer
Contents Information About VTP 14 VTP 14 VTP Domain 14 VTP Modes 15 VTP Advertisements 16 VTP Version 2 17 VTP Version 3 17 VTP Pruning 18 VTP and Switch Stacks 20 VTP Configuration Guidelines 20 Configuration Requirements 20 VTP Settings 20 Domain Names for Configuring VTP 21 Passwords for the VTP Domain 21 VTP Version 22 Default VTP Configuration 23 How to Configure VTP 24 Configuring VTP Mode 24 Configuring a VTP Version 3 Password 26 Configuring a VTP Version 3 Primary Server 27 Enabling the VTP Versio
Contents Finding Feature Information 39 Prerequisites for VLANs 39 Restrictions for VLANs 40 Information About VLANs 40 Logical Networks 40 Supported VLANs 41 VLAN Port Membership Modes 41 Normal-Range VLAN Overview 42 Token Ring VLANs 43 Normal-Range VLANs Configuration Process 43 VLAN Configuration Saving Process 43 Normal-Range VLAN Configuration Guidelines 44 Extended-Range VLAN Configuration Guidelines 45 Default Ethernet VLAN Configuration 46 Default VLAN Configuration 46 How to Configure VLANs 47 Ho
Contents Restrictions for VLAN Trunks 62 Information About VLAN Trunks 62 Trunking Overview 62 Trunking Modes 62 Layer 2 Interface Modes 63 Allowed VLANs on a Trunk 64 Load Sharing on Trunk Ports 64 Network Load Sharing Using STP Priorities 64 Network Load Sharing Using STP Path Cost 65 Feature Interactions 66 Default Layer 2 Ethernet Interface VLAN Configuration 66 How to Configure VLAN Trunks 67 Configuring an Ethernet Interface as a Trunk Port 67 Configuring a Trunk Port 67 Defining the Allowed VLANs on
Contents Private VLAN Domains 87 Secondary VLANs 88 Private VLANs Ports 88 Private VLANs in Networks 89 IP Addressing Scheme with Private VLANs 90 Private VLANs Across Multiple Switches 90 Private VLAN Interaction with Other Features 91 Private VLANs and Unicast, Broadcast, and Multicast Traffic 91 Private VLANs and SVIs 92 Private VLANs and Switch Stacks 92 Private VLAN Configuration Tasks 92 Default Private VLAN Configuration 93 How to Configure Private VLANs 93 Configuring and Associating VLANs in a Pri
Contents Default VMPS Client Configuration 110 How to Configure VMPS 110 Entering the IP Address of the VMPS 110 Configuring Dynamic-Access Ports on VMPS Clients 111 Reconfirming VLAN Memberships 113 Changing the Reconfirmation Interval 114 Changing the Retry Count 115 Troubleshooting Dynamic-Access Port VLAN Membership 116 Monitoring the VMPS 117 Configuration Example for VMPS 117 Example: VMPS Configuration 117 Where to Go Next 118 Additional References 119 Feature History and Information for VMPS 120 C
Contents Configuring the Customer Switch 141 Configuration Examples for IEEE 802.1Q and Layer 2 Protocol Tunneling 143 Example: Configuring an IEEE 802.
Contents Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.
Preface This guide describes configuration information and examples for VLANs on the switch. • Document Conventions, page xi • Related Documentation, page xiii • Obtaining Documentation and Submitting a Service Request, page xiii Document Conventions This document uses the following conventions: Convention Description ^ or Ctrl Both the ^ symbol and Ctrl represent the Control (Ctrl) key on a keyboard.
Preface Document Conventions Convention Description [x | y] Optional alternative keywords are grouped in brackets and separated by vertical bars. {x | y} Required alternative keywords are grouped in braces and separated by vertical bars. [x {y | z}] Nested set of square brackets or braces indicate optional or required choices within optional or required elements. Braces and a vertical bar within square brackets indicate a required choice within an optional element.
Preface Related Documentation Related Documentation Note Before installing or upgrading the switch, refer to the switch release notes. • Catalyst 2960-XR Switch documentation, located at: http://www.cisco.com/go/cat2960xr_docs • Cisco SFP and SFP+ modules documentation, including compatibility matrixes, located at: http://www.cisco.com/en/US/products/hw/modules/ps5455/tsd_products_support_series_home.html • Cisco Validated Designs documents, located at: http://www.cisco.
Preface Obtaining Documentation and Submitting a Service Request Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.
CHAPTER 1 Using the Command-Line Interface This chapter contains the following topics: • Information About Using the Command-Line Interface, page 1 • How to Use the CLI to Configure Features, page 5 Information About Using the Command-Line Interface This section describes the Cisco IOS command-line interface (CLI) and how to use it to configure your switch. Command Modes The Cisco IOS user interface is divided into many different modes.
Using the Command-Line Interface Command Modes Table 1: Command Mode Summary Mode Access Method User EXEC Begin a session using Telnet, SSH, or console. Prompt Exit Method About This Mode Switch> Enter logout or quit. Use this mode to • Change terminal settings. • Perform basic tests. • Display system information. Privileged EXEC While in user EXEC mode, enter the enable command. Global configuration While in privileged EXEC mode, enter the configure command.
Using the Command-Line Interface Using the Help System Mode Access Method Line configuration While in global configuration mode, specify a line with the line vty or line console command. Prompt Exit Method Switch(config-line)# About This Mode To exit to global Use this mode to configuration mode, configure enter exit. parameters for the terminal line. To return to privileged EXEC mode, press Ctrl-Z or enter end.
Using the Command-Line Interface Understanding Abbreviated Commands Step 4 Command or Action Purpose ? Lists all commands available for a particular command mode. Example: Switch> ? Step 5 command ? Lists the associated keywords for a command. Example: Switch> show ? Step 6 command keyword ? Lists the associated arguments for a keyword.
Using the Command-Line Interface Configuration Logging Table 2: Common CLI Error Messages Error Message Meaning How to Get Help % Ambiguous command: "show con" You did not enter enough characters for your switch to recognize the command. Reenter the command followed by a question mark (?) with a space between the command and the question mark. The possible keywords that you can enter with the command appear. % Incomplete command.
Using the Command-Line Interface Configuring the Command History Changing the Command History Buffer Size By default, the switch records ten command lines in its history buffer. You can alter this number for a current terminal session or for all sessions on a particular line. This procedure is optional. SUMMARY STEPS 1.
Using the Command-Line Interface Enabling and Disabling Editing Features Step 3 Command or Action Purpose show history Lists the last several commands that you just entered in privileged EXEC mode. The number of commands that appear is controlled by the setting of the terminal history global configuration command and the history line configuration command. Example: Switch# show history Disabling the Command History Feature The command history feature is automatically enabled.
Using the Command-Line Interface Enabling and Disabling Editing Features Step 2 Command or Action Purpose terminal no editing Disables the enhanced editing mode for the current terminal session in the privileged EXEC mode. Example: Switch# terminal no editing Editing Commands through Keystrokes The keystrokes help you to edit the command lines. These keystrokes are optional. Note The arrow keys function only on ANSI-compatible terminals such as VT100s.
Using the Command-Line Interface Enabling and Disabling Editing Features Esc D Deletes from the cursor to the end of the word. Esc C Capitalizes at the cursor. Esc L Changes the word at the cursor to lowercase. Esc U Capitalizes letters from the cursor to the end of the word. Ctrl-V or Esc Q Designates a particular keystroke as an executable command, perhaps as a shortcut. Return key Scrolls down a line or screen on displays that are longer than the terminal screen can display.
Using the Command-Line Interface Searching and Filtering Output of show and more Commands DETAILED STEPS Step 1 Command or Action Purpose access-list Displays the global configuration command entry that extends beyond one line. Example: When the cursor first reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar sign ($) shows that the line has been scrolled to the left.
Using the Command-Line Interface Accessing the CLI through a Console Connection or through Telnet Command or Action Purpose Example: Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain output appear.
Using the Command-Line Interface Accessing the CLI through a Console Connection or through Telnet Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.
CHAPTER 2 Configuring VTP • Finding Feature Information, page 13 • Prerequisites for VTP, page 13 • Information About VTP, page 14 • Default VTP Configuration, page 23 • How to Configure VTP, page 24 • Monitoring VTP, page 34 • Configuration Examples for VTP, page 35 • Where to Go Next, page 36 • Additional References, page 36 • Feature History and Information for VTP, page 37 Finding Feature Information Your software release may not support all the features documented in this module.
Configuring VTP Information About VTP It does not work well in a situation where multiple updates to the VLAN database occur simultaneously on switches in the same domain, which would result in an inconsistency in the VLAN database. • The switch supports 1005 VLANs when running the IP Lite image. • However, the number of routed ports, SVIs, and other configured features affects the usage of the switch hardware.
Configuring VTP VTP Modes Note Before adding a VTP client switch to a VTP domain, always verify that its VTP configuration revision number is lower than the configuration revision number of the other switches in the VTP domain. Switches in a VTP domain always use the VLAN configuration of the switch with the highest VTP configuration revision number.
Configuring VTP VTP Advertisements VTP Mode Description VTP transparent VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. However, in VTP version 2 or version 3, transparent switches do forward VTP advertisements that they receive from other switches through their trunk interfaces.
Configuring VTP VTP Version 2 • Frame format VTP advertisements distribute this VLAN information for each configured VLAN: • VLAN IDs (including IEEE 802.1Q) • VLAN name • VLAN type • VLAN state • Additional VLAN configuration information specific to the VLAN type In VTP version 3, VTP advertisements also include the primary server ID, an instance number, and a start index. VTP Version 2 If you use VTP in your network, you must decide which version of VTP to use. By default, VTP operates in version 1.
Configuring VTP VTP Pruning Note VTP pruning still applies only to VLANs 1 to 1005, and VLANs 1002 to 1005 are still reserved and cannot be modified. • Private VLAN support. • Support for any database in a domain—In addition to propagating VTP information, version 3 can propagate Multiple Spanning Tree (MST) protocol database information. A separate instance of the VTP protocol runs for each application that uses VTP.
Configuring VTP VTP Pruning VTP pruning is disabled in the switched network. Port 1 on Switch A and Port 2 on Switch D are assigned to the Red VLAN. If a broadcast is sent from the host connected to Switch A, Switch A floods the broadcast and every switch in the network receives it, even though Switches C, E, and F have no ports in the Red VLAN. Figure 1: Flooding Traffic without VTP Pruning VTP pruning is enabled in the switched network.
Configuring VTP VTP and Switch Stacks Related Topics Enabling VTP Pruning, on page 29 VTP and Switch Stacks VTP configuration is the same in all members of a switch stack. When the switch stack is in VTP server or client mode, all switches in the stack carry the same VTP configuration. When VTP mode is transparent, the stack is not taking part in VTP. • When a switch joins the stack, it inherits the VTP and VLAN properties of the stack master. • All VTP updates are carried across the stack.
Configuring VTP VTP Configuration Guidelines startup configuration file by entering the copy running-config startup-config privileged EXEC command. You must use this command if you want to save VTP mode as transparent, even if the switch resets.
Configuring VTP VTP Configuration Guidelines Related Topics Configuring a VTP Version 3 Password, on page 26 Example: Configuring a Hidden Password, on page 35 VTP Version Follow these guidelines when deciding which VTP version to implement: • All switches in a VTP domain must have the same domain name, but they do not need to run the same VTP version.
Configuring VTP Default VTP Configuration • For VTP version 1 and version 2, if extended-range VLANs are configured on the switch stack, you cannot change VTP mode to client or server. You receive an error message, and the configuration is not allowed. VTP version 1 and version 2 do not propagate configuration information for extended range VLANs (VLANs 1006 to 4094). You must manually configure these VLANs on each device.
Configuring VTP How to Configure VTP Feature Default Setting VTP password None VTP pruning Disabled How to Configure VTP Configuring VTP Mode You can configure VTP mode as one of these: • When a switch is in VTP server mode, you can change the VLAN configuration and have it propagated throughout the network. • When a switch is in VTP client mode, you cannot change its VLAN configuration.
Configuring VTP Configuring VTP Mode DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 vtp domain domain-name Example: Switch(config)# vtp domain eng_group Configures the VTP administrative-domain name. The name can be 1 to 32 characters. All switches operating in VTP server or client mode under the same administrative responsibility must be configured with the same domain name.
Configuring VTP Configuring a VTP Version 3 Password Step 7 Command or Action Purpose copy running-config startup-config (Optional) Saves the configuration in the startup configuration file. Example: Only VTP mode and domain name are saved in the switch running configuration and can be copied to the startup configuration file.
Configuring VTP Configuring a VTP Version 3 Primary Server Command or Action Purpose Note Step 3 To clear the password, enter the no vtp password global configuration command. Returns to privileged EXEC mode. end Example: Switch(config)# end Step 4 Verifies your entries.
Configuring VTP Enabling the VTP Version Command or Action Purpose • (Optional) mst—Selects the multiple spanning tree (MST) database as the takeover feature. • (Optional) force—Overwrites the configuration of any conflicting servers. If you do not enter force, you are prompted for confirmation before the takeover. Related Topics Example: Configuring a VTP Version 3 Primary Server, on page 35 Enabling the VTP Version VTP version 2 and version 3 are disabled by default.
Configuring VTP Enabling VTP Pruning DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 vtp version {1 | 2 | 3} Enables the VTP version on the switch. The default is VTP version 1. Example: Note Switch(config)# vtp version 2 Step 3 To return to the default VTP version 1, use the no vtp version global configuration command. Returns to privileged EXEC mode.
Configuring VTP Enabling VTP Pruning Before You Begin VTP pruning is not designed to function in VTP transparent mode. If one or more switches in the network are in VTP transparent mode, you should do one of these: • Turn off VTP pruning in the entire network. • Turn off VTP pruning by making all VLANs on the trunk of the switch upstream to the VTP transparent switch pruning ineligible. To configure VTP pruning on an interface, use the switchport trunk pruning vlan interface configuration command.
Configuring VTP Configuring VTP on a Per-Port Basis Related Topics VTP Pruning, on page 18 Configuring VTP on a Per-Port Basis With VTP version 3, you can enable or disable VTP on a per-port basis. You can enable VTP only on ports that are in trunk mode. Incoming and outgoing VTP traffic are blocked, not forwarded. SUMMARY STEPS 1. configure terminal 2. interface interface-id 3. vtp 4. end 5. show running-config interface interface-id 6.
Configuring VTP Adding a VTP Client Switch to a VTP Domain Step 5 Command or Action Purpose show running-config interface interface-id Verifies the change to the port. Example: Switch# show running-config interface gigabitethernet1/0/1 Step 6 show vtp status Verifies the configuration.
Configuring VTP Adding a VTP Client Switch to a VTP Domain DETAILED STEPS Step 1 Command or Action Purpose show vtp status Checks the VTP configuration revision number. If the number is 0, add the switch to the VTP domain. Example: If the number is greater than 0, follow these sub steps: Switch# show vtp status • Write down the domain name. • Write down the configuration revision number. • Continue with the next steps to reset the switch configuration revision number.
Configuring VTP Monitoring VTP Step 8 Command or Action Purpose end Returns to privileged EXEC mode. The VLAN information on the switch is updated. Example: Switch(config)# end Step 9 show vtp status (Optional) Verifies that the domain name is the same as in Step 1 and that the configuration revision number is 0. Example: Switch# show vtp status Related Topics VTP Domain, on page 14 Monitoring VTP This section describes commands used to display and monitor the VTP configuration.
Configuring VTP Configuration Examples for VTP Configuration Examples for VTP Example: Configuring the Switch as a VTP Server This example shows how to configure the switch as a VTP server with the domain name eng_group and the password mypassword: Switch(config)# vtp domain eng_group Setting VTP domain name to eng_group. Switch(config)# vtp mode server Setting device to VTP Server mode for VLANS. Switch(config)# vtp password mypassword Setting device VLAN database password to mypassword.
Configuring VTP Example: Configuring VTP on a Per-Port Basis VLANDB Yes 00d0.00b8.1400=00d0.00b8.
Configuring VTP Feature History and Information for VTP MIBs MIB MIBs Link All supported MIBs for this release. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs Technical Assistance Description Link The Cisco Support website provides extensive online http://www.cisco.
Configuring VTP Feature History and Information for VTP Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.
CHAPTER 3 Configuring VLANs • Finding Feature Information, page 39 • Prerequisites for VLANs, page 39 • Restrictions for VLANs, page 40 • Information About VLANs, page 40 • How to Configure VLANs, page 47 • Monitoring VLANs, page 56 • Configuration Examples, page 57 • Where to Go Next, page 58 • Additional References, page 58 • Feature History and Information for VLAN, page 59 Finding Feature Information Your software release may not support all the features documented in this module.
Configuring VLANs Restrictions for VLANs Restrictions for VLANs The following are the restrictions for configuring VLANs: • The switch supports homogeneous stacking, but does not support mixed stacking. Information About VLANs Logical Networks A VLAN is a switched network that is logically segmented by function, project team, or application, without regard to the physical locations of the users.
Configuring VLANs Supported VLANs interface-by-interface basis. When you assign switch interfaces to VLANs by using this method, it is known as interface-based, or static, VLAN membership. Traffic between VLANs must be routed or fallback bridged. The switch can route traffic between VLANs by using switch virtual interfaces (SVIs). An SVI must be explicitly configured and assigned an IP address to route traffic between VLANs.
Configuring VLANs Normal-Range VLAN Overview Membership Mode VLAN Membership Characteristics VTP Characteristics Trunk (IEEE 802.1Q) : A trunk port is a member of all VLANs by default, including extended-range VLANs, but membership can be limited by configuring the allowed-VLAN list. You can also modify the pruning-eligible list to block flooded traffic to VLANs on trunk ports that are included in the list. VTP is recommended but not required.
Configuring VLANs VLAN Configuration Saving Process a switch, the vlan.dat file is stored in flash memory on the stack master. Stack members have a vlan.dat file that is consistent with the stack master. Token Ring VLANs Although the switch does not support Token Ring connections, a remote device such as a Catalyst 5000 series switch with Token Ring connections could be managed from one of the supported switches.
Configuring VLANs Normal-Range VLAN Configuration Guidelines Normal-Range VLAN Configuration Guidelines Normal-range VLANs are VLANs with IDs from 1 to 1005. VTP 1 and 2 only support normal-range VLANs. Follow these guidelines when creating and modifying normal-range VLANs in your network: • Normal-range VLANs are identified with a number between 1 and 1001. VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs.
Configuring VLANs Extended-Range VLAN Configuration Guidelines Extended-Range VLAN Configuration Guidelines VTP 3 only supports extended-range VLANs. Extended-range VLANs are VLANs with IDs from 1006 to 4094. Follow these guidelines when creating extended-range VLANs: • VLAN IDs in the extended range are not saved in the VLAN database and are not recognized by VTP unless the switch is running VTP version 3. • You cannot include extended-range VLANs in the pruning eligible range.
Configuring VLANs Default Ethernet VLAN Configuration Example: Creating an Extended-Range VLAN, on page 57 Default Ethernet VLAN Configuration The following table displays the default configuration for Ethernet VLANs. Note The switch supports Ethernet interfaces exclusively. Because FDDI and Token Ring VLANs are not locally supported, you only configure FDDI and Token Ring media-specific characteristics for VTP global advertisements to other switches.
Configuring VLANs How to Configure VLANs How to Configure VLANs How to Configure Normal-Range VLANs You can set these parameters when you create a new normal-range VLAN or modify an existing VLAN in the VLAN database: • VLAN ID • VLAN name • VLAN type ◦Ethernet ◦Fiber Distributed Data Interface [FDDI] ◦FDDI network entity title [NET] ◦TrBRF or TrCRF ◦Token Ring ◦Token Ring-Net • VLAN state (active or suspended) • Maximum transmission unit (MTU) for the VLAN • Security Association Identifier (SAID) • Bridge
Configuring VLANs How to Configure Normal-Range VLANs SUMMARY STEPS 1. configure terminal 2. vlan vlan-id 3. name vlan-name 4. mtu mtu-size 5. remote-span 6. end 7. show vlan {name vlan-name | id vlan-id} DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 Step 3 vlan vlan-id Example: Enters a VLAN ID, and enters VLAN configuration mode.
Configuring VLANs How to Configure Normal-Range VLANs Step 7 Command or Action Purpose show vlan {name vlan-name | id vlan-id} Verifies your entries. Example: Switch# show vlan name test20 id 20 Related Topics Normal-Range VLAN Configuration Guidelines, on page 44 Example: Creating a VLAN Name, on page 57 Deleting a VLAN When you delete a VLAN from a switch that is in VTP server mode, the VLAN is removed from the VLAN database for all switches in the VTP domain.
Configuring VLANs How to Configure Normal-Range VLANs Step 2 Command or Action Purpose no vlan vlan-id Removes the VLAN by entering the VLAN ID. Example: Switch(config)# no vlan 4 Step 3 end Returns to privileged EXEC mode. Example: Switch(config)# end Step 4 show vlan brief Verifies the VLAN removal.
Configuring VLANs How to Configure Normal-Range VLANs DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 interface interface-id Enters the interface to be added to the VLAN. Example: Switch(config)# interface gigabitethernet2/0/1 Step 3 Defines the VLAN membership mode for the port (Layer 2 access port).
Configuring VLANs How to Configure Extended-Range VLANs How to Configure Extended-Range VLANs With VTP version 1 and version 2, when the switch is in VTP transparent mode (VTP disabled), you can create extended-range VLANs (in the range 1006 to 4094). VTP 3 version supports extended-range VLANs in server or transparent move. Extended-range VLANs enable service providers to extend their infrastructure to a greater number of customers.
Configuring VLANs How to Configure Extended-Range VLANs DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 Configures the switch for VTP transparent mode, disabling VTP. vtp mode transparent Note Example: This step is not required for VTP version 3. Switch(config)# vtp mode transparent Step 3 vlan vlan-id Enters an extended-range VLAN ID and enters VLAN configuration mode.
Configuring VLANs How to Configure Extended-Range VLANs Command or Action Purpose startup-config switch resets, it will default to VTP server mode, and the extended-range VLAN IDs will not be saved. Note This step is not required for VTP version 3 because VLANs are saved in the VLAN database. The procedure for assigning static-access ports to an extended-range VLAN is the same as for normal-range VLANs.
Configuring VLANs How to Configure Extended-Range VLANs DETAILED STEPS Step 1 Command or Action Purpose show vlan internal usage Displays the VLAN IDs being used internally by the switch. If the VLAN ID that you want to use is an internal VLAN, the display shows the routed port that is using the VLAN ID. Enter that port number in Step 3. Example: Switch# show vlan internal usage Step 2 Enters global configuration mode.
Configuring VLANs Monitoring VLANs Step 8 Command or Action Purpose exit Exits from VLAN configuration mode, and returns to global configuration mode. Example: Switch(config-vlan)# exit Step 9 interface interface-id Specifies the interface ID for the routed port that you shut down in Step 4, and enters interface configuration mode. Example: Switch(config)# interface gigabitethernet1/0/3 Step 10 no shutdown Reenables the routed port. It will be assigned a new internal VLAN ID.
Configuring VLANs Configuration Examples Configuration Examples Example: Creating a VLAN Name This example shows how to create Ethernet VLAN 20, name it test20, and add it to the VLAN database: Switch# configure terminal Switch(config)# vlan 20 Switch(config-vlan)# name test20 Switch(config-vlan)# end Related Topics Creating or Modifying an Ethernet VLAN, on page 47 Normal-Range VLAN Configuration Guidelines, on page 44 Example: Configuring a Port as Access Port This example shows how to configure a port
Configuring VLANs Where to Go Next Where to Go Next After configuring VLANs, you can configure the following: • VLAN Trunking Protocol (VTP) • VLAN trunks • Private VLANs • VLAN Membership Policy Server (VMPS) • Tunneling • Voice VLANs Additional References Related Documents Related Topic Document Title For complete syntax and usage information for the commands used in this chapter.
Configuring VLANs Feature History and Information for VLAN Technical Assistance Description Link The Cisco Support website provides extensive online http://www.cisco.com/support resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
Configuring VLANs Feature History and Information for VLAN Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.
CHAPTER 4 Configuring VLAN Trunks • Finding Feature Information, page 61 • Prerequisites for VLAN Trunks, page 61 • Restrictions for VLAN Trunks, page 62 • Information About VLAN Trunks, page 62 • How to Configure VLAN Trunks, page 67 • Configuration Examples for VLAN Trunking, page 80 • Where to Go Next, page 81 • Additional References, page 81 • Feature History and Information for VLAN Trunks, page 82 Finding Feature Information Your software release may not support all the features documented in this
Configuring VLAN Trunks Restrictions for VLAN Trunks Cisco switches separated by a cloud of non-Cisco IEEE 802.1Q switches. The non-Cisco IEEE 802.1Q cloud separating the Cisco switches is treated as a single trunk link between the switches. • Make sure the native VLAN for an IEEE 802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning-tree loops might result.
Configuring VLAN Trunks Layer 2 Interface Modes generate DTP frames. Use theswitchport trunk encapsulation dot1q interface to select the encapsulation type on the trunk port. You can also specify on DTP interfaces whether the trunk uses IEEE 802.1Q encapsulation or if the encapsulation type is autonegotiated. The DTP supports autonegotiation of IEEE 802.1Q trunks.
Configuring VLAN Trunks Allowed VLANs on a Trunk Allowed VLANs on a Trunk By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs, 1 to 4094, are allowed on each trunk. However, you can remove VLANs from the allowed list, preventing traffic from those VLANs from passing over the trunk. To reduce the risk of spanning-tree loops or storms, you can disable VLAN 1 on any individual VLAN trunk port by removing VLAN 1 from the allowed list.
Configuring VLAN Trunks Load Sharing on Trunk Ports Figure 4: Load Sharing by Using STP Port Priorities Trunk 1 carries traffic for VLANs 8 through 10, and Trunk 2 carries traffic for VLANs 3 through 6. If the active trunk fails, the trunk with the lower priority takes over and carries the traffic for all of the VLANs. No duplication of traffic occurs over any trunk port.
Configuring VLAN Trunks Feature Interactions Feature Interactions Trunking interacts with other features in these ways: • A trunk port cannot be a secure port. • A trunk port cannot be a tunnel port. • Trunk ports can be grouped into EtherChannel port groups, but all trunks in the group must have the same configuration. When a group is first created, all ports follow the parameters set for the first port to be added to the group.
Configuring VLAN Trunks How to Configure VLAN Trunks Feature Default Setting VLAN range eligible for pruning VLANs 2 to 1001 Default VLAN (for access ports) VLAN 1 Native VLAN (for IEEE 802.1Q trunks) VLAN 1 How to Configure VLAN Trunks To avoid trunking misconfigurations, configure interfaces connected to devices that do not support DTP to not forward DTP frames, that is, to turn off DTP.
Configuring VLAN Trunks Configuring an Ethernet Interface as a Trunk Port DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 interface interface-id Specifies the port to be configured for trunking, and enters interface configuration mode.
Configuring VLAN Trunks Configuring an Ethernet Interface as a Trunk Port Step 7 Command or Action Purpose show interfaces interface-id switchport Displays the switch port configuration of the interface in the Administrative Mode and the Administrative Trunking Encapsulation fields of the display. Example: Switch# show interfaces gigabitethernet1/0/2 switchport Step 8 show interfaces interface-id trunk Displays the trunk configuration of the interface.
Configuring VLAN Trunks Configuring an Ethernet Interface as a Trunk Port DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 interface interface-id Specifies the port to be configured, and enters interface configuration mode. Example: Switch(config)# interface gigabitethernet1/0/1 Step 3 switchport mode trunk Configures the interface as a VLAN trunk port.
Configuring VLAN Trunks Configuring an Ethernet Interface as a Trunk Port Changing the Pruning-Eligible List The pruning-eligible list applies only to trunk ports. Each trunk port has its own eligibility list. VTP pruning must be enabled for this procedure to take effect. SUMMARY STEPS 1. configure terminal 2. interface interface-id 3. switchport trunk pruning vlan {add | except | none | remove} vlan-list [,vlan [,vlan [,,,]] 4. end 5. show interfaces interface-id switchport 6.
Configuring VLAN Trunks Configuring an Ethernet Interface as a Trunk Port Step 4 Command or Action Purpose end Returns to privileged EXEC mode. Example: Switch(config)# end Step 5 show interfaces interface-id switchport Verifies your entries in the Pruning VLANs Enabled field of the display. Example: Switch# show interfaces gigabitethernet2/0/1 switchport Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file.
Configuring VLAN Trunks Configuring Trunk Ports for Load Sharing DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 interface interface-id Defines the interface that is configured as the IEEE 802.1Q trunk, and enters interface configuration mode.
Configuring VLAN Trunks Configuring Trunk Ports for Load Sharing configuration command to select an interface to put in the forwarding state. Assign lower cost values to interfaces that you want selected first and higher cost values that you want selected last. These steps describe how to configure a network with load sharing using STP port priorities. SUMMARY STEPS 1. configure terminal 2. vtp domain domain-name 3. vtp mode server 4. end 5. show vtp status 6. show vlan 7. configure terminal 8.
Configuring VLAN Trunks Configuring Trunk Ports for Load Sharing Command or Action Purpose The domain name can be 1 to 32 characters. Example: Switch(config)# vtp domain workdomain Step 3 Configures Switch A as the VTP server. vtp mode server Example: Switch(config)# vtp mode server Step 4 Returns to privileged EXEC mode. end Example: Switch(config)# end Step 5 show vtp status Verifies the VTP configuration on both Switch A and Switch B.
Configuring VLAN Trunks Configuring Trunk Ports for Load Sharing Step 11 Command or Action Purpose show interfaces interface-id switchport Verifies the VLAN configuration. Example: Switch# show interfaces gigabitethernet1/0/1 Step 12 Repeat the above steps on Switch A for a second port in the switch or switch stack. Step 13 Repeat the above steps on Switch B to configure the trunk ports that connect to the trunk ports configured on Switch A.
Configuring VLAN Trunks Configuring Trunk Ports for Load Sharing Step 20 Command or Action Purpose spanning-tree vlan vlan-range port-priority priority-value Assigns the port priority for the VLAN range specified. Enter a port priority value from 0 to 240. Port priority values increment by 16. Example: Switch(config-if)# spanning-tree vlan 3-6 port-priority 16 Step 21 Returns to privileged EXEC mode. end Example: Switch(config-if)# end Step 22 Verifies your entries.
Configuring VLAN Trunks Configuring Trunk Ports for Load Sharing SUMMARY STEPS 1. configure terminal 2. interface interface-id 3. switchport mode trunk 4. exit 5. Repeat Steps 2 through 4 on a second interface in Switch A or in Switch A stack. 6. end 7. show running-config 8. show vlan 9. configure terminal 10. interface interface-id 11. spanning-tree vlan vlan-range cost cost-value 12. end 13.
Configuring VLAN Trunks Configuring Trunk Ports for Load Sharing Step 4 Command or Action Purpose exit Returns to global configuration mode. Example: Switch(config-if)# exit Step 5 Repeat Steps 2 through 4 on a second interface in Switch A or in Switch A stack. Step 6 end Returns to privileged EXEC mode. Example: Switch(config)# end Step 7 Verifies your entries. In the display, make sure that the interfaces are configured as trunk ports.
Configuring VLAN Trunks Configuration Examples for VLAN Trunking Step 12 Command or Action Purpose end Returns to global configuration mode. Example: Switch(config-if)# end Step 13 Repeat Steps 9 through 13 on the other configured trunk interface on Switch A, and set the spanning-tree path cost to 30 for VLANs 8, 9, and 10. Step 14 exit Returns to privileged EXEC mode. Example: Switch(config)# exit Step 15 show running-config Verifies your entries.
Configuring VLAN Trunks Example: Removing a VLAN Related Topics Configuring a Trunk Port, on page 67 Feature Interactions, on page 66 Example: Removing a VLAN This example shows how to remove VLAN 2 from the allowed VLAN list on a port: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport trunk allowed vlan remove 2 Switch(config-if)# end Related Topics Defining the Allowed VLANs on a Trunk Where to Go Next After configuring VLAN trunks, you can configure the following: • VTP • VLA
Configuring VLAN Trunks Feature History and Information for VLAN Trunks MIBs MIB MIBs Link All supported MIBs for this release. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs Technical Assistance Description Link The Cisco Support website provides extensive online http://www.cisco.
CHAPTER 5 Configuring Private VLANs • Finding Feature Information, page 83 • Prerequisites for Private VLANs, page 83 • Restrictions for Private VLANs, page 86 • Information About Private VLANs, page 87 • How to Configure Private VLANs, page 93 • Monitoring Private VLANs, page 101 • Configuration Examples for Private VLANs, page 102 • Where to Go Next, page 104 • Additional References, page 104 • Feature History and Information for Private VLANs, page 105 Finding Feature Information Your software release
Configuring Private VLANs Secondary and Primary VLAN Configuration template is configured, use the sdm prefer default global configuration command to set the default template. Secondary and Primary VLAN Configuration Follow these guidelines when configuring private VLANs: • If the switch is running VTP version 1 or 2, you must set VTP to transparent mode. After you configure a private VLAN, you should not change the VTP mode to client or server. VTP version 3 supports private VLANs in all modes.
Configuring Private VLANs Private VLAN Port Configuration For more information about using the ip sticky-arp global configuration and the ip sticky-arp interface configuration commands, see the command reference for this release. • You can configure VLAN maps on primary and secondary VLANs. However, we recommend that you configure the same VLAN maps on private-VLAN primary and secondary VLANs.
Configuring Private VLANs Restrictions for Private VLANs Restrictions for Private VLANs The following are restrictions for configuring private VLANs: • Private VLANs are only supported on switches running the IP Lite image. Limitations with Other Features When configuring private VLANs, remember these limitations with other features: Note In some cases, the configuration is accepted with no error messages, but the commands have no effect.
Configuring Private VLANs Information About Private VLANs Note Dynamic MAC addresses learned in one VLAN of a private VLAN are replicated in the associated VLANs. For example, a MAC address learned in a secondary VLAN is replicated in the primary VLAN. When the original dynamic MAC address is deleted or aged out, the replicated addresses are removed from the MAC address table. • Configure Layer 3 VLAN interfaces (SVIs) only for primary VLANs.
Configuring Private VLANs Secondary VLANs private VLAN can have multiple VLAN pairs, one pair for each subdomain. All VLAN pairs in a private VLAN share the same primary VLAN. The secondary VLAN ID differentiates one subdomain from another.
Configuring Private VLANs Private VLANs in Networks • Promiscuous—A promiscuous port belongs to the primary VLAN and can communicate with all interfaces, including the community and isolated host ports that belong to the secondary VLANs associated with the primary VLAN. • Isolated—An isolated port is a host port that belongs to an isolated secondary VLAN. It has complete Layer 2 separation from other ports within the same private VLAN, except for the promiscuous ports.
Configuring Private VLANs IP Addressing Scheme with Private VLANs • Configure selected interfaces connected to end stations as isolated ports to prevent any communication at Layer 2. For example, if the end stations are servers, this configuration prevents Layer 2 communication between the servers. • Configure interfaces connected to default gateways and selected end stations (for example, backup servers) as promiscuous ports to allow all end stations access to a default gateway.
Configuring Private VLANs Private VLAN Interaction with Other Features A feature of private VLANs across multiple switches is that traffic from an isolated port in switch A does not reach an isolated port on Switch B. Figure 7: Private VLANs Across Switches Because VTP does not support private VLANs, you must manually configure private VLANs on all switches in the Layer 2 network.
Configuring Private VLANs Private VLAN Configuration Tasks Multicast traffic is routed or bridged across private VLAN boundaries and within a single community VLAN. Multicast traffic is not forwarded between ports in the same isolated VLAN or between ports in different secondary VLANs. Private VLANs and SVIs In a Layer 3 switch, a switch virtual interface (SVI) represents the Layer 3 interface of a VLAN.
Configuring Private VLANs Default Private VLAN Configuration 3 Configure interfaces to be isolated or community host ports, and assign VLAN membership to the host port. 4 Configure interfaces as promiscuous ports, and map the promiscuous ports to the primary-secondary VLAN pair. 5 If inter-VLAN routing will be used, configure the primary SVI, and map the secondary VLANs to the primary. 6 Verify the private VLAN configuration. Default Private VLAN Configuration No private VLANs are configured.
Configuring Private VLANs Configuring and Associating VLANs in a Private VLAN DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters global configuration mode. Example: Switch# configure terminal Step 2 vtp mode transparent Sets VTP mode to transparent (disable VTP). Example: Switch(config)# vtp mode transport Step 3 vlan vlan-id Example: Enters VLAN configuration mode and designates or creates a VLAN that will be the primary VLAN.
Configuring Private VLANs Configuring and Associating VLANs in a Private VLAN Step 9 Command or Action Purpose vlan vlan-id (Optional) Enters VLAN configuration mode and designates or creates a VLAN that will be a community VLAN. The VLAN ID range is 2 to 1001 and 1006 to 4094. Example: Switch(config)# vlan 502 Step 10 Designates the VLAN as a community VLAN. private-vlan community Example: Switch(config-vlan)# private-vlan community Step 11 Returns to global configuration mode.
Configuring Private VLANs Configuring a Layer 2 Interface as a Private VLAN Host Port Command or Action Example: Switch# copy running-config startup-config Purpose To save the private-VLAN configuration, you need to save the VTP transparent mode configuration and private-VLAN configuration in the switch startup configuration file. Otherwise, if the switch resets, it defaults to VTP server mode, which does not support private VLANs.
Configuring Private VLANs Configuring a Layer 2 Interface as a Private VLAN Host Port Step 2 Command or Action Purpose interface interface-id Enters interface configuration mode for the Layer 2 interface to be configured. Example: Switch(config)# interface gigabitethernet1/0/22 Step 3 switchport mode private-vlan host Configures the Layer 2 port as a private-VLAN host port.
Configuring Private VLANs Configuring a Layer 2 Interface as a Private VLAN Promiscuous Port Configuring a Layer 2 Interface as a Private VLAN Promiscuous Port Beginning in privileged EXEC mode, follow these steps to configure a Layer 2 interface as a private VLAN promiscuous port and map it to primary and secondary VLANs: Note Isolated and community VLANs are both secondary VLANs. SUMMARY STEPS 1. configure terminal 2. interface interface-id 3. switchport mode private-vlan promiscuous 4.
Configuring Private VLANs Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface Command or Action Purpose mapping 20 add 501-503 single private VLAN ID or a hyphenated range of private VLAN IDs. Enter a secondary_vlan_list, or use the add keyword with a secondary_vlan_list to map the secondary VLANs to the private VLAN promiscuous port. Use the remove keyword with a secondary_vlan_list to clear the mapping between secondary VLANs and the private VLAN promiscuous port.
Configuring Private VLANs Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface SUMMARY STEPS 1. configure terminal 2. interface vlan primary_vlan_id 3. private-vlan mapping [add | remove] secondary_vlan_list 4. end 5. show interface private-vlan mapping 6. copy running-config startup config DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters global configuration mode.
Configuring Private VLANs Monitoring Private VLANs Command or Action Purpose mapping Step 6 Saves your entries in the switch startup configuration file. copy running-config startup config Example: Switch# copy running-config startup-config Related Topics Example: Mapping Secondary VLANs to a Primary VLAN Interface, on page 103 Monitoring Private VLANs The following table displays the commands used to monitor private VLANs.
Configuring Private VLANs Configuration Examples for Private VLANs Configuration Examples for Private VLANs Example: Configuring a Primary VLAN, Isolated VLAN, and a Community of VLANs This example shows how to configure VLAN 20 as a primary VLAN, VLAN 501 as an isolated VLAN, and VLANs 502 and 503 as community VLANs, to associate them in a private VLAN, and to verify the configuration: Switch# configure terminal Switch(config)# vlan 20 Switch(config-vlan)# private-vlan Switch(config-vlan)# exit Switch(con
Configuring Private VLANs Example: Configuring an Interface as a Private VLAN Promiscuous Port Negotiation of Trunking: Off Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: 20 501 Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation
Configuring Private VLANs Example: Monitoring Private VLANs Example: Monitoring Private VLANs This example shows output from the show vlan private-vlan command: Switch(config)# show vlan private-vlan Primary Secondary Type Ports ------- --------- ----------------- -----------------------------------------10 501 isolated Gi2/0/1, Gi3/0/1, Gi3/0/2 10 502 community Gi2/0/11, Gi3/0/1, Gi3/0/4 10 503 non-operational Where to Go Next You can configure the following: • VTP • VLANs • VLAN trunking • VLAN Membersh
Configuring Private VLANs Feature History and Information for Private VLANs MIBs MIB MIBs Link All supported MIBs for this release. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs Technical Assistance Description Link The Cisco Support website provides extensive online http://www.cisco.
Configuring Private VLANs Feature History and Information for Private VLANs Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.
CHAPTER 6 Configuring VMPS • Finding Feature Information, page 107 • Prerequisites for VMPS, page 107 • Restrictions for VMPS, page 108 • Information About VMPS, page 108 • How to Configure VMPS, page 110 • Monitoring the VMPS, page 117 • Configuration Example for VMPS, page 117 • Where to Go Next, page 118 • Additional References, page 119 • Feature History and Information for VMPS, page 120 Finding Feature Information Your software release may not support all the features documented in this module.
Configuring VMPS Restrictions for VMPS Restrictions for VMPS • IEEE 802.1x ports cannot be configured as dynamic-access ports. If you try to enable IEEE 802.1x on a dynamic-access (VQP) port, an error message appears, and IEEE 802.1x is not enabled. If you try to change an IEEE 802.1x-enabled port to dynamic VLAN assignment, an error message appears, and the VLAN configuration is not changed.
Configuring VMPS Dynamic-Access Port VLAN Membership • If the host is not allowed on the port and the VMPS is in open mode, the VMPS sends an access-denied response. • If the VLAN is not allowed on the port and the VMPS is in secure mode, the VMPS sends a port-shutdown response. If the port already has a VLAN assignment, the VMPS provides one of these responses: • If the VLAN in the database matches the current VLAN on the port, the VMPS sends an success response, allowing access to the host.
Configuring VMPS Default VMPS Client Configuration Default VMPS Client Configuration The following table shows the default VMPS and dynamic-access port configuration on client switches.
Configuring VMPS Configuring Dynamic-Access Ports on VMPS Clients DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 vmps server ipaddress primary Enters the IP address of the switch acting as the primary VMPS server. Example: Switch(config)# vmps server 10.1.2.3 primary Step 3 vmps server ipaddress (Optional) Enters the IP address of the switch acting as a secondary VMPS server.
Configuring VMPS Configuring Dynamic-Access Ports on VMPS Clients If you are configuring a port on a cluster member switch as a dynamic-access port, first use the rcommand privileged EXEC command to log in to the cluster member switch. Before You Begin You must have IP connectivity to the VMPS for dynamic-access ports to work. You can test for IP connectivity by pinging the IP address of the VMPS and verifying that you get a response.
Configuring VMPS Reconfirming VLAN Memberships Step 4 Step 5 Command or Action Purpose switchport access vlan dynamic Configures the port as eligible for dynamic VLAN membership. Example: Switch(config-if)# switchport access vlan dynamic The dynamic-access port must be connected to an end station. end Returns to privileged EXEC mode. Example: Switch(config)# end Step 6 show interfaces interface-id switchport Verifies your entries in the Operational Mode field of the display.
Configuring VMPS Changing the Reconfirmation Interval DETAILED STEPS Step 1 Command or Action Purpose vmps reconfirm Reconfirms dynamic-access port VLAN membership. Example: Switch# vmps reconfirm Step 2 show vmps Verifies the dynamic VLAN reconfirmation status. Example: Switch# show vmps Changing the Reconfirmation Interval VMPS clients periodically reconfirm the VLAN membership information received from the VMPS. You can set the number of minutes after which reconfirmation occurs.
Configuring VMPS Changing the Retry Count Step 2 Step 3 Command or Action Purpose vmps reconfirm minutes Example: Sets the number of minutes between reconfirmations of the dynamic VLAN membership. The range is 1 to 120. The default is 60 minutes. Switch(config)# vmps reconfirm 90 Note end Returns to privileged EXEC mode. To return the switch to its default setting, use the no vmps reconfirm global configuration command.
Configuring VMPS Troubleshooting Dynamic-Access Port VLAN Membership DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 vmps retry count Changes the retry count. The retry range is 1 to 10; the default is 3. Example: Note Switch(config)# vmps retry 5 Step 3 To return the switch to its default setting, use the no vmps retry global configuration command. Returns to privileged EXEC mode.
Configuring VMPS Monitoring the VMPS Monitoring the VMPS You can display information about the VMPS by using the show vmps privileged EXEC command. The switch displays this information about the VMPS: • VMPS VQP Version—The version of VQP used to communicate with the VMPS. The switch queries the VMPS that is using VQP Version 1. • Reconfirm Interval—The number of minutes the switch waits before reconfirming the VLAN-to-MAC-address assignments.
Configuring VMPS Where to Go Next Figure 8: Dynamic Port VLAN Membership Configuration Related Topics Configuring Dynamic-Access Ports on VMPS Clients, on page 111 Dynamic VLAN Assignments, on page 108 Configuring Dynamic-Access Ports on VMPS Clients, on page 111 Dynamic-Access Port VLAN Membership, on page 109 Where to Go Next You can configure the following: Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.
Configuring VMPS Additional References • VTP • VLANs • VLAN Trunking • Private VLANs • Tunneling • Voice VLANs Additional References Related Documents Related Topic Document Title For complete syntax and usage information for the commands used in this chapter. Catalyst 2960-XR Switch VLAN Management Command Reference Standards and RFCs Standard/RFC Title — — MIBs MIB MIBs Link All supported MIBs for this release.
Configuring VMPS Feature History and Information for VMPS Technical Assistance Description Link The Cisco Support website provides extensive online http://www.cisco.com/support resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
CHAPTER 7 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling • Finding Feature Information, page 121 • Prerequisites for Configuring Tunneling, page 121 • Information about Tunneling, page 124 • How to Configure Tunneling, page 133 • Configuration Examples for IEEE 802.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling IEEE 802.1Q Tunneling and Incompatibilities IEEE 802.1Q Tunneling and Incompatibilities Although IEEE 802.1Q tunneling works well for Layer 2 packet switching, there are incompatibilities between some Layer 2 features and Layer 3 switching. • A tunnel port cannot be a routed port. • IP routing is not supported on a VLAN that includes IEEE 802.1Q ports. Packets received from a tunnel port are forwarded based only on Layer 2 information.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Layer 2 Protocol Tunneling • The switch does not support Layer 2 protocol tunneling on ports with switchport mode dynamic auto or dynamic desirable. • DTP is not compatible with layer 2 protocol tunneling. • The edge switches on the outbound side of the service-provider network restore the proper Layer 2 protocol and MAC address information and forward the packets to all tunnel and access ports in the same metro VLAN.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Layer 2 Tunneling for EtherChannels Layer 2 Tunneling for EtherChannels To configure Layer 2 point-to-point tunneling to facilitate the automatic creation of EtherChannels, you need to configure both the SP (service-provider) edge switch and the customer switch. Related Topics Configuring Layer 2 Protocol Tunneling, on page 135 Example: Configuring Layer 2 Protocol Tunneling, on page 144 Information about Tunneling IEEE 802.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling IEEE 802.1Q Tunneling port, and the other end is configured as a tunnel port. You assign the tunnel port interface to an access VLAN ID that is unique to each customer. Figure 9: IEEE 802.1Q Tunnel Ports in a Service-Provider Network Packets coming from the customer trunk port into the tunnel port on the service-provider edge switch are normally IEEE 802.1Q-tagged with the appropriate VLAN ID.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling IEEE 802.1Q Tunneling This figure shows the tag structures of the double-tagged packets. Figure 10: Original (Normal), IEEE 802.1Q, and Double-Tagged Ethernet Packet Formats When the packet enters the trunk port of the service-provider egress switch, the outer tag is again stripped as the switch internally processes the packet. However, the metro tag is not added when the packet is sent out the tunnel port on the edge switch into the customer network.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling IEEE 802.1Q Tunneling Configuration Guidelines Example: Configuring an IEEE 802.1Q Tunneling Port, on page 143 IEEE 802.1Q Tunneling Configuration Guidelines When you configure IEEE 802.1Q tunneling, you should always use an asymmetrical link between the customer device and the edge switch, with the customer device port configured as an IEEE 802.1Q trunk port and the edge switch port configured as a tunnel port.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling IEEE 802.1Q Tunneling Configuration Guidelines • Ensure that the native VLAN ID on the edge-switch trunk port is not within the customer VLAN range. For example, if the trunk port carries traffic of VLANs 100 to 200, assign the native VLAN a number outside that range. Figure 11: Potential Problems with IEEE 802.1Q Tunneling and Native VLANs System MTU The default system MTU for traffic on the switch is 1500 bytes.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Default IEEE 802.1Q Tunneling Configuration Default IEEE 802.1Q Tunneling Configuration By default, IEEE 802.1Q tunneling is disabled because the default switchport mode is dynamic auto. Tagging of IEEE 802.1Q native VLAN packets on all IEEE 802.1Q trunk ports is also disabled.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Layer 2 Protocol Tunneling Overview a switch in Customer X, Site 1, will build a spanning tree on the switches at that site without considering convergence parameters based on Customer X’s switch in Site 2. This could result in the topology shown in the Layer 2 Network Topology without Proper Convergence figure.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Layer 2 Protocol Tunneling on Ports SP switch, remote customer switches receive the PDUs and can negotiate the automatic creation of EtherChannels. For example, in the following figure (Layer 2 Protocol Tunneling for EtherChannels), Customer A has two switches in the same VLAN that are connected through the SP network.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Default Layer 2 Protocol Tunneling Configuration access ports in the same metro VLAN. Therefore, the Layer 2 PDUs remain intact and are delivered across the service-provider infrastructure to the other side of the customer network. See the Layer 2 Protocol Tunneling figure in Layer 2 Protocol Tunneling Overview, on page 129, with Customer X and Customer Y in access VLANs 30 and 40, respectively.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling How to Configure Tunneling How to Configure Tunneling Configuring an IEEE 802.1Q Tunneling Port SUMMARY STEPS 1. configure terminal 2. interface interface-id 3. switchport access vlan vlan-id 4. switchport mode dot1q-tunnel 5. exit 6. vlan dot1q tag native 7. end 8. Use one of the following: • show dot1q-tunnel • show running-config interface 9. show vlan dot1q tag native 10.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Configuring an IEEE 802.1Q Tunneling Port Command or Action Purpose Note Example: Use the no switchport mode dot1q-tunnel interface configuration command to return the port to the default state of dynamic desirable. Switch(config-if)# switchport mode dot1q-tunnel Step 5 Returns to privileged EXEC mode.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Configuring Layer 2 Protocol Tunneling Step 10 Command or Action Purpose copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Related Topics IEEE 802.1Q Tunneling, on page 124 IEEE 802.1Q Tunneling and Incompatibilities, on page 122 Example: Configuring an IEEE 802.1Q Tunneling Port, on page 143 Configuring Layer 2 Protocol Tunneling SUMMARY STEPS 1.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Configuring Layer 2 Protocol Tunneling DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 interface interface-id Specifies the interface connected to the phone, and enters interface configuration mode.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Configuring Layer 2 Protocol Tunneling Step 6 Command or Action Purpose l2protocol-tunnel drop-threshold [ packet_second_rate_value | cdp | lldp | point-to-point | stp | vtp] (Optional) Configures the threshold for packets-per-second accepted for encapsulation. The interface drops packets if the configured threshold is exceeded. If no protocol option is specified, the threshold applies to each of the tunneled Layer 2 protocol types.
Configuring IEEE 802.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Configuring the SP Edge Switch DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 interface interface-id Specifies the interface connected to the phone, and enters interface configuration mode. Example: Switch(config)# interface gigabitethernet1/0/1 Step 3 Configures the interface as an IEEE 802.1Q tunnel port.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Configuring the SP Edge Switch Command or Action Purpose Example: is exceeded. If no protocol option is specified, the threshold applies to each of the tunneled Layer 2 protocol types. The range is 1 to 4096. The default is to have no threshold configured.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Configuring the Customer Switch Step 13 Command or Action Purpose show l2protocol Displays the Layer 2 tunnel ports on the switch, including the protocols configured, the thresholds, and the counters. Example: Switch)# show l2protocol Step 14 (Optional) Saves your entries in the configuration file.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Configuring the Customer Switch DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 interface interface-id Specifies the interface connected to the phone, and enters interface configuration mode. Example: Switch(config)# interface gigabitethernet1/0/1 Step 3 switchport mode trunk Enables trunking on the interface.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Configuration Examples for IEEE 802.1Q and Layer 2 Protocol Tunneling Command or Action Purpose Example: Switch(config)# shutdown Step 9 Enables the interface. no shutdown Example: Switch(config)# no shutdown Step 10 Returns to privileged EXEC mode. end Example: Switch(config)# end Step 11 Displays the Layer 2 tunnel ports on the switch, including the protocols configured, the thresholds, and the counters.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Example: Configuring Layer 2 Protocol Tunneling Switch(config-if)# switchport access vlan 22 % Access VLAN does not exist.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Examples: Configuring the SP Edge and Customer Switches Examples: Configuring the SP Edge and Customer Switches This example shows how to configure the SP edge switch 1 and edge switch 2. VLANs 17, 18, 19, and 20 are the access VLANs, Fast Ethernet interfaces 1 and 2 are point-to-point tunnel ports with PAgP and UDLD enabled, the drop threshold is 1000, and Fast Ethernet interface 3 is a trunk port.
Configuring IEEE 802.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Where to Go Next Where to Go Next You can configure the following: • VTP • VLANs • VLAN Trunking • Private VLANs • VLAN Membership Policy Server (VMPS) • Voice VLANs Additional References Related Documents Related Topic Document Title For complete syntax and usage information for the commands used in this chapter.
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Feature History and Information for Tunneling Technical Assistance Description Link The Cisco Support website provides extensive online http://www.cisco.com/support resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
CHAPTER 8 Configuring Voice VLANs • Finding Feature Information, page 149 • Prerequisites for Voice VLANs, page 149 • Restrictions for Voice VLANs, page 150 • Information About Voice VLAN, page 150 • How to Configure Voice VLAN, page 153 • Monitoring Voice VLAN, page 157 • Configuration Examples for Voice VLANs, page 157 • Where to Go Next, page 158 • Additional References, page 159 • Feature History and Information for Voice VLAN, page 160 Finding Feature Information Your software release may not suppor
Configuring Voice VLANs Restrictions for Voice VLANs Note Trunk ports can carry any number of voice VLANs, similar to regular VLANs. The configuration of voice VLANs is not supported on trunk ports. • Before you enable voice VLAN, we recommend that you enable QoS on the switch by entering the mls qos global configuration command and configure the port trust state to trust by entering the mls qos trust cos interface configuration command.
Configuring Voice VLANs Cisco IP Phone Voice Traffic Figure 15: Cisco 7960 IP Phone Connected to aSwitch Cisco IP Phone Voice Traffic You can configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone.
Configuring Voice VLANs Voice VLAN Configuration Guidelines • In untrusted mode, all traffic in IEEE 802.1Q or IEEE 802.1p frames received through the access port on the Cisco IP Phone receive a configured Layer 2 CoS value. The default Layer 2 CoS value is 0. Untrusted mode is the default. Note Untagged traffic from the device attached to the Cisco IP Phone passes through the phone unchanged, regardless of the trust state of the access port on the phone.
Configuring Voice VLANs Default Voice VLAN Configuration • Voice VLAN ports can also be these port types: ◦Dynamic access port. ◦IEEE 802.1x authenticated port. Note If you enable IEEE 802.1x on an access port on which a voice VLAN is configured and to which a Cisco IP Phone is connected, the phone loses connectivity to the switch for up to 30 seconds. ◦Protected port. ◦A source or destination port for a SPAN or RSPAN session. ◦Secure port.
Configuring Voice VLANs Configuring Cisco IP Phone Voice Traffic SUMMARY STEPS 1. configure terminal 2. interface interface-id 3. mls qos trust cos 4. switchport voice vlan {vlan-id | dot1p | none | untagged } 5. end 6. Use one of the following: • show interfaces interface-id switchport • show running-config interface interface-id 7. copy running-config startup-config DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode.
Configuring Voice VLANs Configuring the Priority of Incoming Data Frames Command or Action Purpose • none—Allows the phone to use its own configuration to send untagged voice traffic. • untagged—Configures the phone to send untagged voice traffic. Note Step 5 Before configuring the switch port to detect and recognize a Cisco IP phone, confirm that the phone is powered by PoE. The configuration fails when power is provided by an AC source. Returns to privileged EXEC mode.
Configuring Voice VLANs Configuring the Priority of Incoming Data Frames to send data packets from the device attached to the access port on the Cisco IP Phone. The PC can generate packets with an assigned CoS value. You can configure the phone to not change (trust) or to override (not trust) the priority of frames arriving on the phone port from connected devices. Follow these steps to set the priority of data traffic received from the non-voice port on the Cisco IP Phone: SUMMARY STEPS 1.
Configuring Voice VLANs Monitoring Voice VLAN Step 4 Command or Action Purpose end Returns to privileged EXEC mode. Example: Switch(config-if)# end Step 5 show interfaces interface-id switchport Verifies your entries. Example: Switch# show interfaces gigabitethernet1/0/1 switchport Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file.
Configuring Voice VLANs Example: Configuring a Port Connected to an IP Phone Not to Change Frame Priority This example shows how to enable switch port voice detect on a Cisco IP Phone: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z.
Configuring Voice VLANs Additional References • VLANs • VLAN trunking • Private VLANs • VLAN Membership Policy Server (VMPS) • Tunneling Additional References Related Documents Related Topic Document Title For complete syntax and usage information for the commands used in this chapter. Catalyst 2960-XR Switch VLAN Management Command Reference Standards and RFCs Standard/RFC Title — — MIBs MIB MIBs Link All supported MIBs for this release.
Configuring Voice VLANs Feature History and Information for Voice VLAN Technical Assistance Description Link The Cisco Support website provides extensive online http://www.cisco.com/support resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
INDEX C extended-range VLAN configuration guidelines 45 extended-range VLANs 52 Cisco 7960 IP Phone 150 Cisco IP Phone Data Traffic 151 Cisco IP Phone Voice Traffic 151 configuring 111 confirming 113 CoS 155 override priority 155 F feature information 37, 82, 160 VLAN trunks 82 voice VLAN 160 VTP 37 D default Ethernet VLAN configuration 46 Default Layer 2 Ethernet Interface VLAN Configuration 66 default private VLAN configuration 93 default VLAN configuration 46 definition 40 VLAN 40 deletion 49 VLAN 4
Index M mapping VLANs 103 monitoring 34, 101, 146, 157 private VLAN 101 tunneling status 146 voice VLAN 157 VTP 34 monitoring private VLANs 104 MST mode 66 N native VLAN 72 Native VLANs 127 Network Load Sharing 64, 65 STP path cost 65 STP priorities 64 normal-range 44 VLAN configuration guidelines 44 Normal-range VLANs 42 private VLANs (continued) unicast 91 private-VLAN 93 configuring 93 pruning-eligible list 71 PVST mode 66 R reconfirmation interval, changing 114 reconfirmation interval, VMPS, changin
Index VLAN membership 113 confirming 113 VLAN monitoring commands 56 VLAN port membership modes 41 VMPS 109, 110, 113, 114, 115, 116 dynamic port membership 109, 114, 116 described 109 reconfirming 114 troubleshooting 116 entering server address 110 reconfirmation interval, changing 114 reconfirming membership 113 retry count, changing 115 VMPS client configuration 110 default 110 VMPS Configuration Example command 117 voice VLAN 152, 153, 155 configuration guidelines 152 configuring IP phones for data tra
Index Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.
