Solved

Configure VLANs on Cisco Switches

Posted on 2013-05-29
24
474 Views
Last Modified: 2013-06-05
Hello all:
I’m trying to figure out how to create 3 VLANs and which VTP mode should I choose for this implementation.
Should I do VTP Pruning or Transparent? Or Server for the Core Switch?

I will accept expert suggestions.
At the end what I’m trying to achieve is to have a smooth VLAN implementation/configuration and a healthy network.

What I have in mind.
Thanks in advance.
0
Comment
Question by:Katrach0
  • 12
  • 9
  • 2
  • +1
24 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39204461
Some people like VTP, others don't.

For your environment (8 switches), I don't see it as a huge benefit... Unless you're adding and deleting VLANs on a constant basis.

I would go with transparent mode and simply create the VLANs on the switches manually. Then remove VLANs from the trunks as needed.

Then again, I'm not a fan of VTP anyway. :-)
0
 

Author Comment

by:Katrach0
ID: 39204496
Got you jajajajjajaja So transparent for all switches, including the core....
Which commands would you use for the Core server when it comes to creating the VLANs and also for the rest of the switches?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39204562
vlan x (where x is the vlan number)
0
 

Author Comment

by:Katrach0
ID: 39204724
How would you configure that, when it comes to the vlan creation? or any other things you would apply?
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39205186
I would go with manual vlan creation as well, VTP is good for 20+ switches environments

conf t

vlan x
name vlan_name

where x is Vlan number

vlan_name - description, like Data, Voice, etc

By default all vlans are members of the trunk. If you want to changes this, you can add the following command to the trunk port

conf t
interface fa0/24
switchport trunk allowed vlan add x,y,z

where x,y,z - vlans you want on trunk ports
0
 
LVL 10

Accepted Solution

by:
Mohammed Rahman earned 250 total points
ID: 39206558
VTP - All switches by default are configured as VTP servers, unless they are configured as clients or transparent. As the network is not complex and easily manageable, I would also suggest you to avoid VTP.

VTP Server - can add and delete VLANs across same VTP domain and update database.
VTP Client - cannot add and delete VLANs across same VTP domain but it can update database its database if it senses any changes made to VLANs
VTP Transparent - can add and delete VLANs and doesn't update its database.

If you plan to implement VTP (makes tasks little easier) - you can set One switch as Server and remaining as Clients. So that the changes can be made only through server, avoiding administrative problems.

Also, VTP pruning requires all the switches to be in server mode. If you are sure that the environment will be managed by people with good knowledge (you can then take the VTP route)

You might be aware that; VTP gives you a way to preserve bandwidth by configuring it to reduce the amount of broadcasts, multicasts, and unicast packets. VTP pruning enabled switches sends broadcasts only to trunk links that actually must have the information and used on trunk connections to dynamically remove VLANs not active between the two switches.

Since the network is relatively small, I assume there will not be much of unnecessary broadcasts, multicasts, and unicast packets. Would suggest you to use the server/client model. Make core switch the server and all others as clients.

How to create VLANs

Switch#conf t
Switch(config)#VLAN 10
Switch(config-vlan)#name STAFF
Switch(config-vlan)#exit
Switch(config)#VLAN 20
Switch(config-vlan)#name CAMERAS
Switch(config-vlan)#exit
Switch(config)#VLAN 100
Switch(config-vlan)#name LAB
Switch(config-vlan)#exit

Now, you will have to move the switch ports to desired VLANs

Switch(config)#interface fa x/x
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access VLAN X  (X - the Vlan to which you want to assign the port to)

For TRUNKs

In order to make the port trunk, encapsulation must be set.

Switch(config)#interface gi x/x
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk

In order to implement VTP, all the switches should have common Domain Name (domain name is case sensitive)

On Core Switch
Switch(config)#vtp domain Katrach0  (anything off your choice)
Switch(config)#vtp mode server
Switch(config)#vtp password password (anything of your choice)

Remaining switches as clients
Switch(config)#vtp domain Katrach0  (anything off your choice)
Switch(config)#vtp mode client
Switch(config)#vtp password password (anything of your choice)
0
 

Author Comment

by:Katrach0
ID: 39219494
I will work on this, and when I finish I will get back here.

Question for you.
On Core Switch
Switch(config)#vtp domain Katrach0  (anything off your choice)
Switch(config)#vtp mode server
Switch(config)#vtp password password (anything of your choice)

Remaining switches as clients
Switch(config)#vtp domain Katrach0  (anything off your choice)
Switch(config)#vtp mode client
Switch(config)#vtp password password (anything of your choice)

With this configuration, should I keep something in mind?
Like for example if someone brings a new switch in and just put it in the network, will anything happen?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39219518
Like for example if someone brings a new switch in and just put it in the network, will anything happen?

New? As in "unconfigured"? Then no. nothing will happen. The VLAN database will not appear in the new switch until:

A) A link to an existing switch is a trunk (either manually configured or through DTP).
B) The domain name is assigned to the new switch (either manually or by the new switch learning it).
C) The new switch is manually configured with the new password.
0
 

Author Comment

by:Katrach0
ID: 39219525
Got it.

Now with this:
Remaining switches as clients
Switch(config)#vtp domain Katrach0  (anything off your choice)
Switch(config)#vtp mode client
Switch(config)#vtp password password (anything of your choice)

Will these switches learn the VLAN database from the server? or do I have to type them in manually?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39219543
That's the whole point of VTP. The VLAN database is maintained only on the servers. All the clients will learn the VLAN database from the server or neighboring clients if they're not directly connected to the server.
0
 

Author Comment

by:Katrach0
ID: 39219626
donjohnston thanks, as of right now, I'm playing with 3 switches and following everything you've told me...
I will keep playing with this then in 2 or 3 weeks will put it on production.

Again, thanks for all your help. Will keep you updated how everything goes.
0
 

Author Comment

by:Katrach0
ID: 39220135
I did this:
On Core Switch
Switch(config)#vtp domain Katrach0  (anything off your choice)
Switch(config)#vtp mode server
Switch(config)#vtp password password (anything of your choice)

Remaining switches as clients
Switch(config)#vtp domain Katrach0  (anything off your choice)
Switch(config)#vtp mode client
Switch(config)#vtp password password (anything of your choice)


And VLANs I created on Core switch do not appear on Client Switches.
0
Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

 
LVL 50

Expert Comment

by:Don Johnston
ID: 39220202
post the output of a "show int trunk" on the server and client switches. And indicate which ports connect to which switches in question.

Also post the output of a "show vtp status" for the switches in question.
0
 

Author Comment

by:Katrach0
ID: 39220266
Core SwitchClient Switch
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39220295
You didn't indicate what ports are used to connect these two switches. Assuming g024 on the core is connected to g0/2 on the client, the only problem I see is that the revision number on the server is at zero. It will need to be greater than that.

So go to the server and create a VLAN (any VLAN, doesn't matter) and then you'll see the VLAN database propagate to the client.
0
 

Author Comment

by:Katrach0
ID: 39220301
You're correct, Core is on Gig 24 and Client is on Gig 2.

I already have 3 vlans created on Core Switch.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39220312
Doesn't matter how many you have. The VTP revision number is currently at zero. Until it is incremented, there will be no propagation of the VLAN database to the clients.

Create a new VLAN and exit config mode.  If you want, you can then delete the VLAN. But until you do this, it's not going to work.
0
 

Author Comment

by:Katrach0
ID: 39220356
Genius!!!!!!!

It works!!!

 donjohnston Thanks, I think I'm OK from here, I understand this a little bit more now, before I accept the solution provided by you, do you have any tip for me, I mean I want this to work, I don''t want surprises down the road...
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39220371
Well, like I said at the outset. I'm not a huge fan of VTP.  All it takes is a minor slip up and you've wiped every VLAN from every switch.

But the way I explain it in class is that VTP is like a power saw. A very helpful tool, but if you don't stay on your toes, it can hurt you. :-)

The number one rule with VTP is to NEVER connect a new switch if the revision number isn't zero (or at least less than the current revision number of the existing switches).
0
 

Author Comment

by:Katrach0
ID: 39220377
"The number one rule with VTP is to NEVER connect a new switch if the revision number isn't zero (or at least less than the current revision number of the existing switches)."

How do I avoid/prevent this?
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 250 total points
ID: 39220383
Before you connect a new switch, issue a "show vtp status" and insure the revision number is zero. If it's not, change the mode from whatever it is to transparent and then change it to what you want it to be.

config t
vtp mode trans
vtp mode client
end
0
 

Author Comment

by:Katrach0
ID: 39220397
Got it...

Again donjohnston I really appreciate your time for helping me on this. All credits goes to you..

Regards, from DC.

Gracias.
0
 

Author Closing Comment

by:Katrach0
ID: 39220415
This got the job done.
0
 
LVL 10

Expert Comment

by:Mohammed Rahman
ID: 39224419
@Katrach0: I am sorry that I was a little away from experts-exchange and could not answer your queries.
@donjohnston: Thanks a tonne for carrying out this so smooth.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now