You are previewing Network Warrior, 2nd Edition.

Network Warrior, 2nd Edition

Cover of Network Warrior, 2nd Edition by Gary A. Donahue Published by O'Reilly Media, Inc.
  1. Network Warrior
    1. Preface
      1. Who Should Read This Book
      2. Conventions Used in This Book
      3. Using Code Examples
      4. We’d Like to Hear from You
      5. Safari® Books Online
      6. Acknowledgments
    2. 1. What Is a Network?
    3. 2. Hubs and Switches
      1. Hubs
      2. Switches
    4. 3. Autonegotiation
      1. What Is Autonegotiation?
      2. How Autonegotiation Works
      3. When Autonegotiation Fails
      4. Autonegotiation Best Practices
      5. Configuring Autonegotiation
    5. 4. VLANs
      1. Connecting VLANs
      2. Configuring VLANs
    6. 5. Trunking
      1. How Trunks Work
      2. Configuring Trunks
    7. 6. VLAN Trunking Protocol
      1. VTP Pruning
      2. Dangers of VTP
      3. Configuring VTP
    8. 7. Link Aggregation
      1. EtherChannel
      2. Cross-Stack EtherChannel
      3. Multichassis EtherChannel (MEC)
      4. Virtual Port Channel
    9. 8. Spanning Tree
      1. Broadcast Storms
      2. MAC Address Table Instability
      3. Preventing Loops with Spanning Tree
      4. Managing Spanning Tree
      5. Additional Spanning Tree Features
      6. Common Spanning Tree Problems
      7. Designing to Prevent Spanning Tree Problems
    10. 9. Routing and Routers
      1. Routing Tables
      2. Route Types
      3. The IP Routing Table
      4. Virtual Routing and Forwarding
    11. 10. Routing Protocols
      1. Communication Between Routers
      2. Metrics and Protocol Types
      3. Administrative Distance
      4. Specific Routing Protocols
    12. 11. Redistribution
      1. Redistributing into RIP
      2. Redistributing into EIGRP
      3. Redistributing into OSPF
      4. Mutual Redistribution
      5. Redistribution Loops
      6. Limiting Redistribution
    13. 12. Tunnels
      1. GRE Tunnels
      2. GRE Tunnels and Routing Protocols
      3. GRE and Access Lists
    14. 13. First Hop Redundancy
      1. HSRP
      2. HSRP Interface Tracking
      3. When HSRP Isn’t Enough
      4. Nexus and HSRP
      5. GLBP
    15. 14. Route Maps
      1. Building a Route Map
      2. Policy Routing Example
    16. 15. Switching Algorithms in Cisco Routers
      1. Process Switching
      2. Interrupt Context Switching
      3. Configuring and Managing Switching Paths
    17. 16. Multilayer Switches
      1. Configuring SVIs
      2. Multilayer Switch Models
    18. 17. Cisco 6500 Multilayer Switches
      1. Architecture
      2. CatOS Versus IOS
      3. Installing VSS
    19. 18. Cisco Nexus
      1. Nexus Hardware
      2. NX-OS
      3. Nexus Iconography
      4. Nexus Design Features
    20. 19. Catalyst 3750 Features
      1. Stacking
      2. Interface Ranges
      3. Macros
      4. Flex Links
      5. Storm Control
      6. Port Security
      7. SPAN
      8. Voice VLAN
      9. QoS
    21. 20. Telecom Nomenclature
      1. Telecom Glossary
    22. 21. T1
      1. Understanding T1 Duplex
      2. Types of T1
      3. Encoding
      4. Framing
      5. Performance Monitoring
      6. Alarms
      7. Troubleshooting T1s
      8. Configuring T1s
    23. 22. DS3
      1. Framing
      2. Line Coding
      3. Configuring DS3s
    24. 23. Frame Relay
      1. Ordering Frame Relay Service
      2. Frame Relay Network Design
      3. Oversubscription
      4. Local Management Interface
      5. Configuring Frame Relay
      6. Troubleshooting Frame Relay
    25. 24. MPLS
    26. 25. Access Lists
      1. Designing Access Lists
      2. ACLs in Multilayer Switches
      3. Reflexive Access Lists
    27. 26. Authentication in Cisco Devices
      1. Basic (Non-AAA) Authentication
      2. AAA Authentication
    28. 27. Basic Firewall Theory
      1. Best Practices
      2. The DMZ
      3. Alternate Designs
    29. 28. ASA Firewall Configuration
      1. Contexts
      2. Interfaces and Security Levels
      3. Names
      4. Object Groups
      5. Inspects
      6. Managing Contexts
      7. Failover
      8. NAT
      9. Miscellaneous
      10. Troubleshooting
    30. 29. Wireless
      1. Wireless Standards
      2. Security
      3. Configuring a WAP
      4. Troubleshooting
    31. 30. VoIP
      1. How VoIP Works
      2. Small-Office VoIP Example
      3. Troubleshooting
    32. 31. Introduction to QoS
      1. Types of QoS
      2. QoS Mechanics
      3. Common QoS Misconceptions
    33. 32. Designing QoS
      1. LLQ Scenario
      2. Configuring the Routers
      3. Traffic-Shaping Scenarios
    34. 33. The Congested Network
      1. Determining Whether the Network Is Congested
      2. Resolving the Problem
    35. 34. The Converged Network
      1. Configuration
      2. Monitoring QoS
      3. Troubleshooting a Converged Network
    36. 35. Designing Networks
      1. Documentation
      2. Naming Conventions for Devices
      3. Network Designs
    37. 36. IP Design
      1. Public Versus Private IP Space
      2. VLSM
      3. CIDR
      4. Allocating IP Network Space
      5. Allocating IP Subnets
      6. IP Subnetting Made Easy
    38. 37. IPv6
      1. Addressing
      2. Simple Router Configuration
    39. 38. Network Time Protocol
      1. What Is Accurate Time?
      2. NTP Design
      3. Configuring NTP
    40. 39. Failures
      1. Human Error
      2. Multiple Component Failure
      3. Disaster Chains
      4. No Failover Testing
      5. Troubleshooting
    41. 40. GAD’s Maxims
      1. Maxim #1
      2. Maxim #2
      3. Maxim #3
    42. 41. Avoiding Frustration
      1. Why Everything Is Messed Up
      2. How to Sell Your Ideas to Management
      3. When to Upgrade and Why
      4. Why Change Control Is Your Friend
      5. How Not to Be a Computer Jerk
    43. Index
    44. About the Author
    45. Colophon
O'Reilly logo

Configuring VLANs

VLANs are typically configured via the CatOS or IOS command-line interpreter (CLI), like any other feature. However, some IOS models, such as the 2950 and 3550 switches, have a configurable VLAN database with its own configuration mode and commands. This can be a challenge for the uninitiated, especially because the configuration for this database is completely separate from the configuration for the rest of the switch. Even a write erase followed by a reload will not clear the VLAN database on these switches. Configuring through the VLAN database is a throwback to older models that offered no other way to manage VLANs. Luckily, all newer switches (including those with a VLAN database) offer the option of configuring the VLANs through the normal IOS CLI. Switches like the 6500, when running in native IOS mode, only support IOS commands for switch configuration. The Nexus line does not have a configurable VLAN database.

Note

Cisco recommends that you configure the VLAN Trunking Protocol (VTP) as a first step when configuring VLANs. This idea has merit, as trunks will not negotiate without a VTP domain. However, setting a VTP domain is not required to make VLANs function on a single switch. Configuring VTP is covered later (see Chapter 5, Trunking and Chapter 6, VLAN Trunking Protocol).

CatOS

For CatOS, create a VLAN with the set vlan command:

Switch1-CatOS# (enable)set vlan 10 name Lab-VLAN
VTP advertisements transmitting temporarily stopped,
and will resume after the command finishes.
Vlan 10 configuration successful

There are a lot of options when creating a VLAN, but for the bare minimum, this is all you need. To show the status of the VLANs, execute the show vlan command:

Switch1-CatOS# (enable)sho vlan
VLAN Name                             Status    IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1    default                          active    7       1/1-2
                                                        2/1-2
                                                        3/5-48
                                                        6/1-48
10   Lab-VLAN                         active    112
20   VLAN0020                         active    210     3/1-4
1002 fddi-default                     active    8
1003 token-ring-default               active    11
1004 fddinet-default                  active    9
1005 trnet-default                    active    10
1006 Online Diagnostic Vlan1          active    0       internal
1007 Online Diagnostic Vlan2          active    0       internal
1008 Online Diagnostic Vlan3          active    0       internal
1009 Voice Internal Vlan              active    0       internal
1010 Dtp Vlan                         active    0       internal
1011 Private Vlan Reserved Vlan       suspend   0       internal
1016 Online SP-RP Ping Vlan           active    0       internal

Notice that VLAN 10 has the name you assigned; VLAN 20’s name, which you did not assign, defaulted to VLAN0020. The output shows which ports are assigned to VLAN 20 and that most of the ports still reside in VLAN 1 (because VLAN 1 is the default VLAN, all ports reside there by default).

There are no ports in VLAN 10 yet, so add some, again using the set vlan command:

Switch1-CatOS# (enable)set vlan 10 6/1,6/3-4
VLAN 10 modified.VLAN 1 modified.
VLAN  Mod/Ports
---- -----------------------
10  6/1,6/3-4

You’ve now added ports 6/1, 6/3, and 6/4 to VLAN 10. Another show vlan will reflect these changes:

Switch1-CatOS# (enable)sho vlan
VLAN Name                             Status    IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1    default                          active    7       1/1-2
                                                        2/1-2
                                                        3/5-48
                                                        6/2,6/5-48
10   Lab-VLAN                         active    112     6/1,6/3-4
20   VLAN0020                         active    210     3/1-4
1002 fddi-default                     active    8
1003 token-ring-default               active    11
1004 fddinet-default                  active    9
1005 trnet-default                    active    10
1006 Online Diagnostic Vlan1          active    0       internal
1007 Online Diagnostic Vlan2          active    0       internal
1008 Online Diagnostic Vlan3          active    0       internal
1009 Voice Internal Vlan              active    0       internal
1010 Dtp Vlan                         active    0       internal
1011 Private Vlan Reserved Vlan       suspend   0       internal
1016 Online SP-RP Ping Vlan           active    0       internal

The output indicates that VLAN 1 was modified as well. This is because the ports had to be removed from VLAN 1 to be added to VLAN 10.

IOS Using VLAN Database

This method is included for the sake of completeness. Older switches that require this method of configuration are no doubt still deployed. IOS switches that support the VLAN database, such as the 3750, actually display this message when you enter VLAN database configuration mode:

3750-IOS#vlan database
% Warning: It is recommended to configure VLAN from config mode,
  as VLAN database mode is being deprecated. Please consult user
  documentation for configuring VTP/VLAN in config mode.

Note

If you have an IOS switch with active VLANs, but no reference is made to them in the running configuration, it’s possible they were configured in the VLAN database. Another possibility is that they were learned via VTP (we will cover this in Chapter 6). On 3750s, when the switch is in VTP server mode, even when you configure VLANs in CLI, they do not appear in the running configuration.

Since you’re more likely to see the VLAN database in older switches, I’ll continue with examples from a 2950, though they all behave pretty similarly. If you find any switch configured using the VLAN database, my advice is to convert it to an IOS configuration.

To configure VLANs in the VLAN database, you must enter VLAN database configuration mode with the command vlan database. Requesting help (?) lists the commands available in this mode:

2950-IOS#vlan database
2950-IOS(vlan)# ?
VLAN database editing buffer manipulation commands:
  abort  Exit mode without applying the changes
  apply  Apply current changes and bump revision number
  exit   Apply changes, bump revision number, and exit mode
  no     Negate a command or set its defaults
  reset  Abandon current changes and reread current database
  show   Show database information
  vlan   Add, delete, or modify values associated with a single VLAN
  vtp    Perform VTP administrative functions.

To create a VLAN, give the vlan command followed by the VLAN number and name:

2950-IOS(vlan)#vlan 10 name Lab-VLAN
VLAN 10 added:
    Name: Lab-VLAN

You can show the VLANs configured from within VLAN database mode with the command show. You have the option of displaying the current database (show current), the differences between the current and proposed database (show changes), or the proposed database as it will look after you apply the changes using the apply command or exit VLAN database configuration mode. The default behavior of the show command is show proposed:

2950-IOS(vlan)#show
  VLAN ISL Id: 1
    Name: default
    Media Type: Ethernet
    VLAN 802.10 Id: 100001
    State: Operational
    MTU: 1500
    Backup CRF Mode: Disabled
    Remote SPAN VLAN: No

  VLAN ISL Id: 10
    Name: Lab-VLAN
    Media Type: Ethernet
    VLAN 802.10 Id: 100010
    State: Operational
    MTU: 1500
    Backup CRF Mode: Disabled
    Remote SPAN VLAN: No

Nothing else is required to create a simple VLAN. The database will be saved upon exit:

2950-IOS(vlan)#exit
APPLY completed.
Exiting....

Now, when you execute the show vlan command in IOS, you’ll see the VLAN you’ve created:

2950-IOS#sho vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gi0/1, Gi0/2
10   Lab-VLAN                         active
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active

Adding ports to the VLAN is accomplished in IOS interface configuration mode, and is covered in the next section.

IOS Using Global Commands

Adding VLANs in IOS is relatively straightforward when all of the defaults are acceptable, which is usually the case. Here I’ll revert to a 3750, since you’re likely to encounter modern switches using this method.

First, enter configuration mode. From there, issue the vlan command with the identifier for the VLAN you’re adding or changing. Next, specify a name for the VLAN with the name subcommand (as with CatOS, a default name of VLANxxxx is used if you do not supply one):

3750-IOS#conf t
Enter configuration commands, one per line. End with CNTL/Z.
3750-IOS(config)# vlan 10
3750-IOS(config-vlan)# name Lab-VLAN

Exit configuration mode and then issue the show vlan command to see the VLANs present:

3750-IOS#sho vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3
                                                Gi1/0/4, Gi1/0/5, Gi1/0/6
                                                Gi1/0/7, Gi1/0/8, Gi1/0/9
                                                Gi1/0/10, Gi1/0/11, Gi1/0/12
                                                Gi1/0/13, Gi1/0/14, Gi1/0/15
                                                Gi1/0/16, Gi1/0/17, Gi1/0/18
                                                Gi1/0/21, Gi1/0/22, Gi1/0/23
                                                Gi1/0/24, Gi1/0/25, Gi1/0/26
                                                Gi1/0/27, Gi1/0/28, Gi1/0/29
                                                Gi1/0/30, Gi1/0/31, Gi1/0/32
                                                Gi1/0/33, Gi1/0/34, Gi1/0/35
                                                Gi1/0/36, Gi1/0/37, Gi1/0/38
                                                Gi1/0/39, Gi1/0/40, Gi1/0/41
                                                Gi1/0/42, Gi1/0/43, Gi1/0/44
                                                Gi1/0/46, Gi1/0/49, Gi1/0/50
                                                Gi1/0/51, Gi1/0/52
10   Lab-VLAN                         active
100  VLAN0100                         active
200  VLAN0200                         active
300  VLAN0300                         active

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
10   enet  100010     1500  -      -      -        -    -        0      0
100  enet  100100     1500  -      -      -        -    -        0      0
200  enet  100200     1500  -      -      -        -    -        0      0
300  enet  100300     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

You assign ports to VLANs in IOS in interface configuration mode. Each interface must be configured individually with the switchport access command (this is in contrast to the CatOS switches, which allow you to add all the ports at once with the set vlan command):

3750-IOS(config)#int g1/0/1
3750-IOS(config-if)#switchport access vlan 10
3750-IOS(config-if)#int g1/0/2
3750-IOS(config-if)#switchport access vlan 10

Modern versions of IOS allow you to apply commands to multiple interfaces with the interface range command. Using this command, you can accomplish the same result as before while saving some precious keystrokes:

3750-IOS(config)#interface range g1/0/1 - 2
3750-IOS(config-if-range)#switchport access vlan 10

Now, when you execute the show vlan command, you’ll see that the ports have been assigned to the proper VLAN:

3750-IOS#sho vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/3, Gi1/0/4, Gi1/0/5
                                                Gi1/0/6, Gi1/0/7, Gi1/0/8
                                                Gi1/0/9, Gi1/0/10, Gi1/0/11
                                                Gi1/0/12, Gi1/0/13, Gi1/0/14
                                                Gi1/0/15, Gi1/0/16, Gi1/0/17
                                                Gi1/0/18, Gi1/0/21, Gi1/0/22
                                                Gi1/0/23, Gi1/0/24, Gi1/0/25
                                                Gi1/0/26, Gi1/0/27, Gi1/0/28
                                                Gi1/0/29, Gi1/0/30, Gi1/0/31
                                                Gi1/0/32, Gi1/0/33, Gi1/0/34
                                                Gi1/0/35, Gi1/0/36, Gi1/0/37
                                                Gi1/0/38, Gi1/0/39, Gi1/0/40
                                                Gi1/0/41, Gi1/0/42, Gi1/0/43
                                                Gi1/0/44, Gi1/0/46, Gi1/0/49
                                                Gi1/0/50, Gi1/0/51, Gi1/0/52
10   Lab-VLAN                         active    Gi1/0/1, Gi1/0/2
100  VLAN0100                         active
200  VLAN0200                         active
300  VLAN0300                         active
1002 fddi-default                     act/unsup

Nexus and NX-OS

NX-OS uses a command interface similar to IOS. NX-OS behaves a little bit differently, especially concerning the configuration of interfaces. The methods used for configuring VLANs are very similar to IOS. First we create the VLAN with the vlan vlan-# command:

 NX-7K-1-Cozy(config)# vlan 10

Once you’ve created the VLAN, enter VLAN configuration mode and name the VLAN with the name vlan-name command:

NX-7K-1-Cozy(config-vlan)# name Lab-VLAN

One of the cool features of NX-OS is that you no longer need the do command to run show commands from configuration mode. This behavior is similar to the PIX and ASA configuration mode, and is a most welcome change. Here, I’ve executed the show vlan command from within VLAN configuration mode:

NX-7K-1-Cozy(config-if)# sho vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Po1, Po10
10   Lab-VLAN                         active    Po1, Eth3/2

VLAN Type
---- -----
1    enet
10   enet

Remote SPAN VLANs
-------------------------------------------------------------------------------

Primary  Secondary  Type             Ports
-------  ---------  ---------------  -------------------------------------------

Another new feature in NX-OS is the capability to configure a range of interfaces without using the interface-range command. Simply enter the range you want to configure as if you were using the interface-range command in IOS:

NX-7K-1-Cozy(config-vlan)# int e3/1 - 2

This automatically puts us into interface range configuration mode. Now we assign the ports to a VLAN the same way we would in IOS—using the switchport access vlan vlan# command:

NX-7K-1-Cozy(config-if-range)# switchport access vlan 10
Warning: command rejected, Eth3/1 not a switching port
Warning: command rejected, Eth3/2 not a switching port

Now there’s a message you don’t see on a Catalyst switch by default. The Nexus 7000 switch behaves differently than a catalyst. By default, all switch ports are router ports! To perform switch port commands on a Nexus port, you must first put them into switchport mode with the switchport command:

NX-7K-1-Cozy(config-if-range)# int e3/1 - 2
NX-7K-1-Cozy(config-if-range)# switchport
NX-7K-1-Cozy(config-if-range)# no shut

Now that we have placed the ports into switchport mode, we can assign them to a VLAN without further interruption:

NX-7K-1-Cozy(config-if-range)# switchport access vlan 10
NX-7K-1-Cozy(config-if-range)#

The show vlan command now shows our ports assigned to VLAN 10. Notice once more how I’ve executed a show command from within configuration mode. I love this feature!

NX-7K-1-Cozy(config-if-range)# sho vlan

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active
10   Lab-VLAN                         active    Eth3/1, Eth3/2


VLAN Type
---- -----
1    enet
10   enet


Remote SPAN VLANs
-------------------------------------------------------------------------------


Primary  Secondary  Type             Ports
-------  ---------  ---------------  -------------------------------------------

The best content for your career. Discover unlimited learning on demand for around $1/day.