© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Defining VLANs Correcting Common VLAN Configuration Errors

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Issues with 802.1Q Native VLAN Native VLAN frames are carried over the trunk link untagged. A native VLAN mismatch will merge traffic between VLANs.

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Q Native VLAN Considerations Native VLAN must match at ends of trunk; otherwise, frames will leak from one VLAN to another. By default, the native VLAN will be VLAN1. –Avoid using VLAN1 for management purposes. Eliminate native VLANs from 802.1Q trunks by making the native VLAN an unused VLAN.

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Explaining Trunk Link Problems Trunks can be configured statically or autonegotiated with DTP. For trunking to be autonegotiated, the switches must be in the same VTP domain. Some trunk configuration combinations will successfully configure a trunk, some will not. Will any of the above combinations result in an operational trunk?

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Resolving Trunk Link Problems When using DTP, ensure that both ends of the link are in the same VTP domain. Ensure that the trunk encapsulation type configured on both ends of the link is valid. On links where trunking is not required, DTP should be turned off. Best practice is to configure trunk and nonegotiate where trunks are required.

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Common Problems with VTP Configuration Updates not received as expected –VTP domain and password must match. Missing VLANs –Configuration has been overwritten by another VTP device. Too many VLANs –Consider making VTP domain smaller.

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Example of New Switch Overwriting an Existing VTP Domain VTP Version : 2 Configuration Revision : 1 Maximum VLANs supported locally : 1005 Number of existing VLANs : 6 VTP Operating Mode : Server VTP Domain Name : building1 VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 1005 Number of existing VLANs : 7 VTP Operating Mode : Client VTP Domain Name : building1 New switch not connected

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Example of New Switch Overwriting an Existing VTP Domain (Cont.) VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 1005 Number of existing VLANs : 7 VTP Operating Mode : Server VTP Domain Name : building1 VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 1005 Number of existing VLANs : 7 VTP Operating Mode : Client VTP Domain Name : building1 New switch connected

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Implementing VTP in the ECNM Plan VTP domain boundaries. Have only one or two VTP servers. Configure a VTP password. Manually configure the VTP domain name on all devices. When setting up a new domain: –Configure VTP client switches first so that they participate passively. When cleaning up an existing VTP domain: –Configure passwords on servers first because clients may need to maintain current VLAN information until the server is verified as complete.

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Summary 802.1Q native VLAN can cause security issues. Configure the native VLAN to be an unused VLAN. Some trunk link configuration combinations can result in problems on the link. Best practice is to configure trunks statically rather than with DTP. Misconfiguration of VTP can give unexpected results. Make only one or two VTP servers; keep the remainder as clients.

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v