[Source] Configuring VTP and Virtual LANs
This chapter describes how to configure VLAN Trunk Protocol (VTP) and virtual LANs (VLANs).
Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 5000 Series Command Reference publication.
This chapter consists of these sections:
These sections describe how to use VTP with the Catalyst 5000 series switches:
Before you create VLANs, you must decide whether to use VTP in your
network. With VTP, you can make configuration changes centrally on a
single Catalyst 5000 series switch and have those changes automatically
communicated to all the other switches in the network.
VTP is a Layer 2 messaging protocol that maintains VLAN
configuration consistency by managing the addition, deletion, and
renaming of VLANs on a network-wide basis. VTP minimizes
misconfigurations and configuration inconsistencies that can result in
a number of problems, such as duplicate VLAN names, incorrect VLAN-type
specifications, and security violations.
These sections describe how VTP works on the Catalyst 5000 series switches:
A VTP domain (also called a VLAN management domain) is made up of
one or more interconnected switches that share the same VTP domain
name. A switch can be configured to be in one and only one VTP domain.
You make global VLAN configuration changes for the domain using either
the command-line interface (CLI) or Simple Network Management Protocol
(SNMP).
By default, the Catalyst 5000 series switch is in VTP server mode
and is in the no-management domain state until the switch receives an
advertisement for a domain over a trunk link or you configure a
management domain. You cannot create or modify VLANs on a VTP server
until the management domain name is specified or learned.
If the switch receives a VTP advertisement over a trunk link, it
inherits the management domain name and configuration revision number.
The switch ignores advertisements with a different management domain
name or an earlier configuration revision number.
If you configure the switch as VTP transparent, you can create and
modify VLANs but the changes affect only the individual switch.
When you make a change to the VLAN configuration on a VTP server,
the change is propagated to all switches in the VTP domain. VTP
advertisements are transmitted out all trunk connections, including
Inter-Switch Link (ISL), IEEE 802.1Q, IEEE 802.10, and ATM LAN
Emulation (LANE).
VTP maps VLANs dynamically across multiple LAN types with unique
names and internal index associations. Mapping eliminates excessive
device administration required from network administrators.
You can configure a Catalyst 5000 series switch to operate in any one of these VTP modes:
Each Catalyst 5000 series switch in the VTP domain sends periodic
advertisements out each trunk port to a reserved multicast address. VTP
advertisements are received by neighboring switches, which update their
VTP and VLAN configurations as necessary.
The following global configuration information is distributed in VTP advertisements:
- VLAN IDs (ISL and 802.1Q)
- Emulated LAN names (for ATM LANE)
- 802.10 SAID values (FDDI)
- VTP domain name
- VTP configuration revision number
- VLAN configuration, including maximum transmission unit (MTU) size for each VLAN
- Frame format
If you use VTP in your network, you must decide whether to use VTP
version 1 or version 2. VTP version 1 is supported in Catalyst 5000
series supervisor engine software release 2.1 or later and ATM software
release 3.1 or later. VTP version 2 is supported in Catalyst 5000
series software release 3.1(1) and later.
Note If you are using VTP in a Token Ring environment, you must use version 2.
VTP version 2 supports the following features not supported in version 1:
- Token Ring support--VTP version 2 supports Token Ring
LAN switching and VLANs (Token Ring Bridge Relay Function [TrBRF] and
Token Ring Concentrator Relay Function [TrCRF]). For more information
about Token Ring VLANs, refer to the "Understanding How VLANs Work" section.
- Unrecognized Type-Length-Value (TLV) Support--A VTP
server or client propagates configuration changes to its other trunks,
even for TLVs it is not able to parse. The unrecognized TLV is saved in
nonvolatile RAM (NVRAM).
- Version-Dependent Transparent Mode--In VTP version 1, a
VTP transparent switch inspects VTP messages for the domain name and
version, and forwards a message only if the version and domain name
match. Since only one domain is supported in the Catalyst 5000 series
software, VTP version 2 forwards VTP messages in transparent mode,
without checking the version.
- Consistency Checks--In VTP version 2, VLAN consistency
checks (such as VLAN names and values) are performed only when you
enter new information through the CLI or SNMP. Consistency checks are
not performed when new information is obtained from a VTP message, or
when information is read from NVRAM. If the digest on a received VTP
message is correct, its information is accepted without consistency
checks.
VTP pruning enhances network bandwidth use by reducing unnecessary
flooded traffic, such as broadcast, multicast, unknown, and flooded
unicast packets. VTP pruning increases available bandwidth by
restricting flooded traffic to those trunk links that the traffic must
use to access the appropriate network devices. By default, VTP pruning
is disabled.
Make sure that all devices in the management domain support VTP
pruning before enabling it. VTP pruning is supported in Catalyst 5000
series software release 2.3 and later.
Figure 13-1
shows a switched network without VTP pruning enabled. Port 1 on Switch
1 and port 2 on Switch 4 are assigned to the Red VLAN. A broadcast is
sent from the host connected to Switch 1. Switch 1 floods the broadcast
and every switch in the network receives it, even though Switches 3, 5,
and 6 have no ports in the Red VLAN.
Figure 13-1: Flooding Traffic without VTP Pruning
Figure 13-2
shows the same switched network with VTP pruning enabled. The broadcast
traffic from Switch 1 is not forwarded to Switches 3, 5, and 6 because
traffic for the Red VLAN has been pruned on the links indicated (port 5
on Switch 2 and port 4 on Switch 4).
Figure 13-2: Flooding Traffic with VTP Pruning
Enabling VTP pruning on a VTP server enables
pruning for the entire management domain. VTP pruning takes effect
several seconds after you enable it. By default, VLANs 2 through 1000
are pruning-eligible. VTP pruning does not prune traffic from VLANs
that are pruning-ineligible. VLAN 1 is always pruning-ineligible;
traffic from VLAN 1 cannot be pruned.
To make a VLAN pruning ineligible, enter the clear vtp pruneeligible command. To make a VLAN pruning eligible again, enter the set vtp pruneeligible command.
You can set VLAN pruning-eligibility regardless of whether VTP pruning
is enabled or disabled for the domain. Pruning eligibility always
applies to the local device only, not for the entire VTP domain.
Table 13-1 shows the default VTP configuration.
Table 13-1: VTP Default Configuration
| Feature
| Default Value
|
|---|
VTP domain name
| Null
|
VTP mode
| Server
|
VTP version 2 enable state
| Version 2 is disabled
|
VTP password
| None
|
VTP pruning
| Disabled
|
Follow these guidelines when implementing VTP in your network:
- All switches in a VTP domain must run the same VTP version.
- You must configure a password on each Catalyst 5000 series switch in the management domain when in secure mode.
| Caution If you configure VTP in secure
mode, the management domain will not function properly if you do not
assign a management domain password to each Catalyst 5000 series switch
in the domain.
|
- A VTP version 2-capable switch can operate in the same
VTP domain as a switch running VTP version 1 provided VTP version 2 is
disabled on the VTP version 2-capable switch (VTP version 2 is disabled
by default).
- Do not enable VTP version 2 on a switch unless all of
the switches in the same VTP domain are version 2-capable. When you
enable VTP version 2 on a switch, all of the version 2-capable switches
in the domain enable VTP version 2.
- In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN switching to function properly.
- Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for the entire management domain.
- Making VLANs pruning-eligible or pruning-ineligible on
a switch affects pruning-eligibility for those VLANs on that device
only (not on all switches in the VTP domain).
These sections describe how to configure VTP on the Catalyst 5000 series switches:
When a switch is in VTP server mode, you can change the VLAN configuration and have it propagate throughout the network.
To configure the switch as a VTP server, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Define the VTP domain name.
| set vtp domain name
|
Step 2 Place the switch in VTP server mode.
| set vtp mode server
|
Step 3 (Optional) Set a password for the VTP domain.
| set vtp passwd passwd
|
Step 4 Verify the VTP configuration.
| show vtp domain
|
This example shows how to configure the switch as a VTP server and verify the configuration:
Console> (enable) set vtp domain Lab_Network
VTP domain Lab_Network modified
Console> (enable) set vtp mode server
VTP domain Lab_Network modified
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Lab_Network 1 2 server -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
10 1023 40 enabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.70 disabled disabled 2-1000
Console> (enable)
When a switch is in VTP client mode, you cannot change the VLAN
configuration on the switch. The client switch receives VTP updates
from a VTP server in the management domain and modifies its
configuration accordingly.
To configure the switch as a VTP client, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Define the VTP domain name.
| set vtp domain name
|
Step 2 Place the switch in VTP client mode.
| set vtp mode client
|
Step 3 Verify the VTP configuration.
| show vtp domain
|
This example shows how to configure the switch as a VTP client and verify the configuration:
Console> (enable) set vtp domain Lab_Network
VTP domain Lab_Network modified
Console> (enable) set vtp mode client
VTP domain Lab_Network modified
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Lab_Network 1 2 client -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
10 1023 40 enabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.70 disabled disabled 2-1000
Console> (enable)
When you configure the switch as VTP transparent, you disable VTP
on the switch. A VTP transparent switch does not send VTP updates and
does not act on VTP updates received from other switches. However, a
VTP transparent switch running VTP version 2 does forward received VTP
advertisements out all of its trunk links.
To disable VTP on the switch, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Place the switch in VTP transparent mode (disabling VTP on the switch).
| set vtp mode transparent
|
Step 2 Verify the VTP configuration.
| show vtp domain
|
This example shows how to configure the switch as VTP transparent and verify the configuration:
Console> (enable) set vtp mode transparent
VTP domain Lab_Net modified
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Lab_Net 1 2 Transparent -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
10 1023 0 enabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.70 disabled disabled 2-1000
Console> (enable)
VTP version 2 is disabled by default on VTP version 2-capable
switches. When you enable VTP version 2 on a switch, every VTP version
2-capable switch in the VTP domain will enable version 2 as well.
| Caution VTP version 1 and VTP version 2
are not interoperable on switches in the same VTP domain. Every switch
in the VTP domain must use the same VTP version. Do not enable VTP
version 2 unless every switch in the VTP domain supports version 2.
|
Note In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN switching to function properly.
To enable VTP version 2, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Enable VTP version 2 on the switch.
| set vtp v2 enable
|
Step 2 Verify that VTP version 2 is enabled.
| show vtp domain
|
This example shows how to enable VTP version 2 and verify the configuration (shown by the arrow):
Console> (enable) set vtp v2 enable
This command will enable the version 2 function in the entire management domain.
All devices in the management domain should be version2-capable before enabling.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Net modified
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Lab_Net 1 2 server -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
10 1023 1 enabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.70 enabled disabled 2-1000
Console> (enable)
To disable VTP version 2, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Disable VTP version 2.
| set vtp v2 disable
|
Step 2 Verify that VTP version 2 is disabled.
| show vtp domain
|
This example shows how to disable VTP version 2:
Console> (enable) set vtp v2 disable
This command will disable the version 2 function in the entire management domain.
Warning: trbrf & trcrf vlans will not work properly in this mode.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Net modified
Console> (enable)
To configure VTP pruning, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Enable VTP pruning in the management domain.
| set vtp pruning enable
|
Step 2 (Optional) Make specific VLANs pruning-ineligible on the device. (By default, VLANs 2-1000 are pruning-eligible.)
| clear vtp pruneeligible vlan_range
|
Step 3 (Optional) Make specific VLANs pruning-eligible on the device.
| set vtp pruneeligible vlan_range
|
Step 4 Verify the VTP pruning configuration.
| show vtp domain
|
Step 5 Verify that the appropriate VLANs are being pruned on trunk ports.
| show trunk
|
This example shows how to enable VTP pruning in the management
domain and how to make VLANs 2-99, 250-255, and 501-1000
pruning-eligible on the particular device:
Console> (enable) set vtp pruning enable
This command will enable the pruning function in the entire management domain.
All devices in the management domain should be pruning-capable before enabling.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Network modified
Console> (enable) clear vtp pruneeligible 100-500
Vlans 1,100-500,1001-1005 will not be pruned on this device.
VTP domain Lab_Network modified.
Console> (enable) set vtp pruneeligible 250-255
Vlans 2-99,250-255,501-1000 eligible for pruning on this device.
VTP domain Lab_Network modified.
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Lab_Network 1 2 server -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
8 1023 16 disabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.2 disabled enabled 2-99,250-255,501-1000
Console> (enable) show trunk
Port Mode Encapsulation Status Native vlan
-------- ----------- ------------- ------------ -----------
1/1 auto isl trunking 523
Port Vlans allowed on trunk
-------- ---------------------------------------------------------------------
1/1 1-1005
Port Vlans allowed and active in management domain
-------- ---------------------------------------------------------------------
1/1 1,522-524
Port Vlans in spanning tree forwarding state and not pruned
-------- ---------------------------------------------------------------------
1/1 1,522-524
Console> (enable)
To disable VTP pruning, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Disable VTP pruning in the management domain.
| set vtp pruning disable
|
Step 2 Verify that VTP pruning is disabled.
| show vtp domain
|
This example shows how to disable VTP pruning in the management domain:
Console> (enable) set vtp pruning disable
This command will disable the pruning function in the entire management domain.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Network modified
Console> (enable)
To monitor VTP activity, including VTP advertisements sent and received and VTP errors, perform this task:
| Task
| Command
|
|---|
Display VTP statistics for the switch.
| show vtp statistics
|
This example shows how to display VTP statistics on the switch:
Console> (enable) show vtp statistics
VTP statistics:
summary advts received 4690
subset advts received 7
request advts received 0
summary advts transmitted 4397
subset advts transmitted 8
request advts transmitted 0
No of config revision errors 0
No of config digest errors 0
VTP pruning statistics:
Trunk Join Trasmitted Join Received Summary advts received from
non-pruning-capable device
-------- --------------- ------------- ---------------------------
1/1 0 0 0
1/2 0 0 0
Console> (enable)
These sections describe how to use VLANs on the Catalyst 5000 series switches:
A VLAN is a group of end stations with a common set of
requirements, independent of physical location. VLANs have the same
attributes as a physical LAN but allow you to group end stations even
if they are not located physically on the same LAN segment.
The following sections describe how VLANs work on the Catalyst 5000 series switches:
VLANs allow you to group ports on Catalyst 5000 series switches to
limit unicast, multicast, and broadcast traffic flooding. Flooded
traffic originating from a particular VLAN is only flooded out other
ports belonging to that VLAN.
Note Before you create VLANs, you must decide whether to use VTP
to maintain global VLAN configuration information for your network. For
complete information on VTP, refer to the "Using VTP" section.
Figure 13-3 shows an example of VLANs segmented into logically defined networks.
Figure 13-3: VLANs as Logically Defined Networks
VLANs are often associated with
IP subnetworks. For example, all the end stations in a particular IP
subnet belong to the same VLAN. Traffic between VLANs must be routed.
Port VLAN membership on the switch is assigned manually on a
port-by-port basis. When you assign switch ports to VLANs using this
method, it is known as port-based, or static, VLAN membership.
Note Catalyst 5000 series switches support
dynamic VLAN membership using the VLAN Membership Policy Server (VMPS).
For information on how to configure VMPS and dynamic port VLAN
membership, refer to the "Configuring Dynamic Port VLAN Membership with VMPS" chapter.
The in-band (sc0) interface of a Catalyst 5000
series switch can be assigned to any VLAN, so you can access another
Catalyst 5000 series switch on the same VLAN directly without a router.
Only one IP address at a time can be assigned to the in-band interface.
If you change the IP address and assign the interface to a different
VLAN, the previous IP address and VLAN assignment are overwritten.
You can set these parameters when you create a VLAN in the management domain:
Note When translating from one VLAN type to
another, the Catalyst 5000 series switch requires a different VLAN
number for each media type.
Two Token Ring VLAN types are supported on Catalyst 5000 series switches running VTP version 2:
Token Ring Bridge Relay Function (TrBRF) VLANs
interconnect multiple Token Ring Concentrator Relay Function (TrCRF)
VLANs in a switched Token Ring network (see Figure 13-4).
The TrBRF can be extended across a network of switches interconnected
via trunk links. The connection between the TrCRF and the TrBRF is
referred to as a logical port.
Figure 13-4: Interconnected Token Ring TrBRF and TrCRF VLANs
For source routing, the switch appears as a single
bridge between the logical rings. The TrBRF can function as a
source-route bridge (SRB) or source-route transparent (SRT) bridge
running either the IBM or IEEE STP. If SRB is used, you can define
duplicate Media Access Control (MAC) addresses on different logical
rings.
The Catalyst 5000 series Token Ring software runs
an instance of STP for each TrBRF VLAN and each TrCRF VLAN. For TrCRF
VLANs, STP removes loops in the logical ring. For TrBRF VLANs, STP
interacts with external bridges to remove loops from the bridge
topology, similar to STP operation on Ethernet VLANs.
| Caution Certain parent TrBRF STP and TrCRF
bridge mode configurations can place the logical ports (the connection
between the TrBRF and the TrCRF) of the TrBRF in a blocked state. For
more information, refer to the "VLAN Configuration Guidelines" section.
|
For source routing, the switch appears as a single
bridge between the logical rings. The TrBRF can function as an SRB or
SRT bridge running either the IBM or IEEE STP. If SRB is used,
duplicate MAC addresses can be defined on different logical rings.
To accommodate IBM System Network Architecture
(SNA) traffic, you can use a combination of SRT and SRB modes. In a
mixed mode, the TrBRF considers some ports (logical ports connected to
TrCRFs) to operate in SRB mode while others operate in SRT mode.
Token Ring Concentrator Relay Function (TrCRF)
VLANs define port groups with the same logical ring number. You can
configure two types of TrCRFs in your network: undistributed and backup.
Typically, TrCRFs are undistributed, which means
each TrCRF is limited to the ports on a single Catalyst 5000 series
switch. Multiple undistributed TrCRFs on the same or separate switches
can be associated with a single parent TrBRF (see Figure 13-5). The parent TrBRF acts as a multiport bridge, forwarding traffic between the undistributed TrCRFs.
Note To pass data between rings located on separate switches,
you can associate the rings to the same TrBRF and configure the TrBRF
for SRB.
Figure 13-5: Undistributed TrCRFs
Note By default, Token Ring ports are associated
with the default TrCRF (VLAN 1003, trcrf-default), which has the
default TrBRF (VLAN 1005, trbrf-default) as its parent. In this
configuration, a distributed TrCRF is possible (see Figure 13-6),
and traffic is passed between the default TrCRFs located on separate
switches provided that the switches are connected via an ISL trunk.
Figure 13-6: Distributed TrCRF
Within a TrCRF, source-route switching forwards
frames based on either MAC addresses or route descriptors. The entire
VLAN can operate as a single ring, with frames switched between ports
within a single TrCRF.
You can specify the maximum hop count for
All-Routes and Spanning-Tree Explorer frames for each TrCRF. This
limits the maximum number of hops an explorer is allowed to traverse.
If a port determines that the explorer frame it is receiving has
traversed more than the number of hops specified, it does not forward
the frame. The TrCRF determines the number of hops an explorer has
traversed based on the number of bridge hops in the route information
field.
A backup TrCRF enables you to
configure an alternate route for traffic between undistributed TrCRFs
located on separate switches that are connected by a TrBRF, in the
event that the ISL connection between the switches fails. Only one
backup TrCRF for a TrBRF is allowed, and only one port per switch can
belong to a backup TrCRF.
If the ISL connection between the switches fails,
the port in the backup TrCRF on each affected switch automatically
becomes active, rerouting traffic between the undistributed TrCRFs
through the backup TrCRF. When the ISL connection is reestablished, all
but one port in the backup TrCRF is disabled. Figure 13-7 illustrates the backup TrCRF.
Figure 13-7: Backup TrCRF
Table 13-2 shows the default VLAN configuration.
Table 13-2: VLAN Default Configuration
| Feature
| Default Value
|
|---|
Native (default) VLAN
| VLAN 1
|
Port VLAN assignments
| All ports assigned to VLAN 1
Token Ring ports assigned to VLAN 1003 (trcrf-default)
|
VLAN state
| Enabled
|
MTU size
| 1500 bytes
4472 bytes for Token Ring VLANs
|
SAID value
| 100,000 plus the VLAN number (for example, the SAID for VLAN VLAN 3 is 100003)
|
Pruning eligibility
| VLAN 2-1000 are pruning-eligible
|
Default FDDI VLAN
| VLAN 1002
|
Default FDDI NET VLAN
| VLAN 1004
|
Default Token Ring TrBRF VLAN
| VLAN 1005 (trbrf-default) with bridge number 0F
|
Default Token Ring TrCRF VLAN
| VLAN 1003 (trcrf-default)
|
TrBRF STP
| IBM
|
TrCRF bridge mode
| SRB
|
Follow these guidelines when creating and modifying VLANs in your network:
- A maximum of 250 VLANs can be active at any time.
- Before you can create a VLAN, the switch must be in VTP
server mode or VTP transparent mode. If the switch is a VTP server, you
must define a VTP domain. For information on configuring VTP, refer to
the "Configuring VTP" section.
- The default TrBRF (VLAN 1005) can only be the parent of
the default TrCRF (VLAN 1003). You cannot specify the default TrBRF as
the parent of a user-configured TrCRF.
- You must configure a TrBRF before you configure the TrCRF (the parent TrBRF VLAN you specify must exist).
- In a Token Ring environment, the logical ports (the
connection between the TrBRF and the TrCRF) of the TrBRF are placed in
a blocked state if either of these conditions exists:
- The TrBRF is running the IBM STP, and the TrCRF is in SRT mode.
- The TrBRF is running the IEEE STP, and the TrCRF is in SRB mode.
Note VLANs support a number of parameters that are not discussed in detail in this section. For complete information on the set vlan command and its parameters, refer to the Catalyst 5000 Series Command Reference publication.
These sections describe how to configure VLANs on the Catalyst 5000 series switches:
To create a new Ethernet VLAN, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Create a new Ethernet VLAN.
| set vlan vlan_num [name name] [said said] [mtu mtu] [translationvlan_num]
|
Step 2 Verify the VLAN configuration.
| show vlan [vlan_num]
|
Note The default VLAN type is Ethernet; if you do not specify the VLAN type, the VLAN is an Ethernet VLAN.
This example shows how to create an Ethernet VLAN and verify the configuration:
Console> (enable) set vlan 500 name Engineering
Vlan 500 configuration successful
Console> (enable) show vlan 500
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
500 Engineering active 344
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
500 enet 100500 1500 - - - - - 0 0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
Console> (enable)
To modify the VLAN parameters on an existing Ethernet VLAN, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Modify an existing Ethernet VLAN.
| set vlan vlan_num [name name] [state {active | suspend}] [saidsaid] [mtu mtu] [translation vlan_num]
|
Step 2 Verify the VLAN configuration.
| show vlan [vlan_num]
|
To create a new FDDI VLAN, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Create a new FDDI or FDDI NET type VLAN.
| set vlan vlan_num [name name] type {fddi | fddinet} [saidsaid] [mtu mtu]
|
Step 2 Verify the VLAN configuration.
| show vlan [vlan_num]
|
To modify the VLAN parameters on an existing FDDI VLAN, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Modify an existing FDDI or FDDI NET type VLAN.
| set vlan vlan_num [name name] [state {active | suspend}] [said said] [mtu mtu]
|
Step 2 Verify the VLAN configuration.
| show vlan [vlan_num]
|
Note You must enable VTP version 2 before you create Token Ring VLANs. For information on enabling VTP version 2, refer to the "Configuring VTP" section.
To create a new Token Ring TrBRF VLAN, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Create a new Token Ring TrBRF type VLAN.
| set vlan vlan_num [name name] type trbrf [said said] [mtu mtu] bridge bridge_number [stp {ieee | ibm}]
|
Step 2 Verify the VLAN configuration.
| show vlan [vlan_num]
|
Note You must specify a bridge number when creating a new TrBRF.
This example shows how to create a new Token Ring TrBRF VLAN and verify the configuration:
Console> (enable) set vlan 999 name TrBRF_999 type trbrf bridge a
Vlan 999 configuration successful
Console> (enable) show vlan 999
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
999 TrBRF_999 active
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
999 trbrf 100999 4472 - - 0xa ibm - 0 0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
Console> (enable)
To modify the VLAN parameters on an existing Token Ring TrBRF VLAN, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Modify an existing Token Ring TrBRF type VLAN.
| set vlan vlan_num [name name] [state {active | suspend}] [saidsaid] [mtu mtu] [bridge bridge_number] [stp {ieee | ibm}]
|
Step 2 Verify the VLAN configuration.
| show vlan [vlan_num]
|
Note You must enable VTP version 2 before you create Token Ring VLANs. For information on enabling VTP version 2, refer to the "Configuring VTP" section.
To create a new Token Ring TrCRF VLAN, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Create a new Token Ring TrCRF type VLAN.
| set vlan vlan_num [name name] type trcrf [said said] [mtu mtu] {ringhex_ring_number | decring decimal_ring_number} parent vlan_num
|
Step 2 Verify the VLAN configuration.
| show vlan [vlan_num]
|
Note You must specify a ring number (either in hexadecimal or in decimal) and a parent TrBRF VLAN when creating a new TrCRF.
This example shows how to create a Token Ring TrCRF VLAN and verify the configuration:
Console> (enable) set vlan 998 name TrCRF_998 type trcrf decring 10 parent 999
Vlan 998 configuration successful
Console> (enable) show vlan 998
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
998 TrCRF_998 active 352
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
998 trcrf 100998 4472 999 0xa - - srb 0 0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
998 7 7 off
Console> (enable)
To modify the VLAN parameters on an existing Token Ring TrCRF VLAN, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Modify an existing Token Ring TrCRF type VLAN.
| set vlan vlan_num [name name] [state {active | suspend}] [said said] [mtu mtu] [ring hex_ring_num] [decring decimal_ring_num] [bridgebridge_num] [parent vlan_num]
|
Step 2 Verify the VLAN configuration.
| show vlan [vlan_num]
|
To create a backup TrCRF, assign one port on each switch that the TrBRF traverses to the backup TrCRF.
To configure a TrCRF VLAN as a backup TrCRF, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Configure a TrCRF VLAN as a backup TrCRF.
| set vlan vlan_num backupcrf on
|
Step 2 Verify the VLAN configuration.
| show vlan [vlan_num]
|
| Caution If the backup TrCRF port is
attached to a Token Ring multistation access unit (MSAU), it does not
provide a backup path unless the ring speed and port mode are set by
another device. We recommend that you configure the ring speed and port
mode for the backup TrCRF.
|
To specify the maximum number
of hops for All-Routes Explorer frames or Spanning-Tree Explorer frames
in the TrCRF, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Specify the maximum number of hops for All-Routes Explorer frames in the TrCRF.
| set vlan vlan_num aremaxhop hopcount
|
Step 2 Specify the maximum number of hops for Spanning-Tree Explorer frames in the TrCRF.
| set vlan vlan_num stemaxhop hopcount
|
Step 3 Verify the VLAN configuration.
| show vlan [vlan_num]
|
This example shows how to limit All-Routes Explorer
frames and Spanning-Tree Explorer frames to ten hops, and how to verify
the configuration (shown by the arrow):
Console> (enable) set vlan 998 aremaxhop 10 stemaxhop 10
Vlan 998 configuration successful
Console> (enable) show vlan 998
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
998 VLAN0998 active 357
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
998 trcrf 100998 4472 999 0xff - - srb 0 0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
998 10 10 off
Console> (enable)
A VLAN created in a management domain remains unused until you
assign one or more switch ports to the VLAN. If you specify a VLAN that
does not exist, the VLAN is created and the specified ports are
assigned to it.
Note Make sure you assign switch ports to a VLAN of the proper
type. For example, assign Ethernet, Fast Ethernet, and Gigabit Ethernet
ports to Ethernet-type VLANs, Token Ring ports to Token Ring TrCRF-type
VLANs, and so forth.
To assign one or more switch ports to a VLAN, perform this task in privileged mode:
| Task
| Command
|
|---|
Step 1 Assign one or more switch ports to a VLAN.
| set vlan vlan_num mod_num/port_num
|
Step 2 Verify the port VLAN membership.
| show vlan [vlan_num]
show port [mod_num[/port_num]]
|
This example shows how to assign switch ports to a VLAN and verify the assignment:
Console> (enable) set vlan 560 4/10
VLAN 560 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
560 4/10
Console> (enable) show vlan 560
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
560 Engineering active 348 4/10
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
560 enet 100560 1500 - - - - - 0 0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
Console> (enable) show port 4/10
Port Name Status Vlan Level Duplex Speed Type
----- ------------------ ---------- ---------- ------ ------ ----- ------------
4/10 notconnect 560 normal half 10 10BaseT
<...output truncated...>
Last-Time-Cleared
--------------------------
Wed Jun 24 1998, 12:16:41
Console> (enable)
When you delete a VLAN in VTP server mode, the VLAN is removed from
all switches in the VTP domain. When you delete a VLAN in VTP
transparent mode, the VLAN is deleted only on the current switch.
| Caution When you delete a VLAN, any ports
assigned to that VLAN become inactive. Such ports remain associated
with the VLAN (and thus inactive) until you assign them to a new VLAN.
|
To delete a VLAN on the switch, perform this task in privileged mode:
| Task
| Command
|
|---|
Delete a VLAN.
| clear vlan vlan_num
|
Note You cannot delete a Token Ring TrBRF VLAN without first
reassigning its child TrCRFs to another parent TrBRF, or deleting the
child TrCRFs.
This example shows how to delete a VLAN (in this case, the switch is a VTP server):
Console> (enable) clear vlan 500
This command will deactivate all ports on vlan 500
in the entire management domain
Do you want to continue(y/n) [n]?y
Vlan 500 deleted
Console> (enable)
