VTP
(VLAN Trunking Protocol)
VTP is VLAN Trunking Protocol it is use for VLAN’s
creation and management in the network. Let’s suppose we have a huge network
consist of multiple switches and we have to create more than 200 VLAN’s on all
switches of the network. In this situation VTP helps us to create and manage
VLAN’s on every switch of the network. With the help of this protocol we can
create, delete or modify VLAN’s.
VTP is Cisco proprietary protocol used to maintain the
VLAN’s throughput within the same VTP domain. This protocol have its own
domain. Which can be assigned manually and it can be anything. Domain name will
be case sensitive.
To use this protocol we have to keep an eye on few
things, which are mentioned below.
1. VTP
Domain should be the same on all switches connected in the network.
2. Domain
name will be case sensitive.
3. One
Switch must be in Server mode.
4. It
is necessary the VTP version should be same on all switches connected in the
network.
5. Authentication
method should be same.
VTP
Mode: -
VTP have three modes which are mentioned below.
1. Server
2. Client
3. Transparent
Server
Mode: -
By default all switches will be in server mode. This
mode allows to create, delete, add and modify VLAN’s in the network. Any
changes made on this switch which is in server mode, will be advertised to the
whole network switches which will be in the same domain. configuration are
saved in NVRAM in this mode.
Show
command: -
thetechnetworkSW0#show vtp status
VTP
Domain Creation and VTP mode selection commands in server mode.
thetechnetworkSW0#VTP
domain THETECHNETWORK
thetechnetworkSW0#vtp
mode server
thetechnetworkSW0#vtp
password cisco
Client Mode: -
In
this mode switches only can receive VLAN’s from the server. It cannot create,
add, delete or modify VLAN’s. In this mode switches receives the updates from
the server and pass it to the network for other clients. Simply in this mode
switches learns the updates receives from the server mode and advertise the
updates to the network for other vtp clients.
VTP
Domain Creation and VTP mode selection commands in client’s mode.
thetechnetworkSW1#VTP
domain THETECHNETWORK
thetechnetworkSW1#vtp
mode client
thetechnetworkSW1#vtp
password cisco
Transparent
Mode: -
This mode only advertise the received updates but
don’t update its own VLAN database. It only passes it to the other clients
which are directly connected in the network. No database change received by the
transparent mode. This mode keep itself as it is.
VTP
Domain Creation and VTP mode selection commands in transparent mode.
thetechnetworkSW2#VTP
domain THETECHNETWORK
thetechnetworkSW2#vtp
mode Transparent
thetechnetworkSW2#vtp
password cisco
Configuration Revision Number: -
Configuration
revision number is a 32 bit number which consist of number of changes or
modifications made in the database. When we create, delete or modify any VLAN.
It increments in the configuration revision number. Every change increments in
the revision number.
Ether Channel
Ether channel is link aggregation technology which is
used in cisco switches to combine the multiple physical interfaces and create
one logical interface by combining them. It is created for fault tolerance and
high speed between two cisco devices. Commonly it is known as the grouping of
the interfaces.
Types
of Ether channel: -
There are two types of ether channel both are
mentioned below.
1.
PAgP
(Port Aggregation Protocol)
It is a Cisco proprietary protocol.
Which is commonly used in the cisco devices for combining the multiple physical
interfaces into one logical interface. With this protocol we can combine
maximum 8 interfaces into 1 logical interface. Recommended ports for ether
channeling are 2, 4, 6 & 8.
Port aggregation have two modes, Active & Passive
2.
LACP
(Link Aggregation Control Protocol)
It is the standard protocol of IEEE
802.3 (Institute of Electrical and Electronics Engineering). With the help of
this protocol we can combine 8 ports that can be active and another 8 ports
that can be in standby mode. Link Aggregation protocol have two modes, Auto & Desirable.
Configure
PAgp (Port Aggregation Protocol)
Configuration commands to configure ether channel on 4
ports of Switch A & B
thetechnetworkSW-A(config)#interface
range fa0/1 - fa0/4
thetechnetworkSW-A(config-if-range)#switchport
mode access
thetechnetworkSW-A(config-if-range)#channel-group
1 mode auto
thetechnetworkSW-A(config-if-range)#exit
thetechnetworkSW-B(config)#interface
range fa0/1 - fa0/4
thetechnetworkSW-B(config-if-range)#switchport
mode access
thetechnetworkSW-B(config-if-range)#channel-group
1 mode desirable
thetechnetworkSW-B(config-if-range)#exit
To see the ether channel status and summary. We will
use below mentioned commands.
Show
Ether channel
thetechnetworkSW-A#show etherchannel
thetechnetworkSW-B#show etherchannel
Show
Ether Channel Summary
thetechnetworkSW-A#show etherchannel Summary
thetechnetworkSW-B#show etherchannel Summary
Port
Security
Port Security is the MAC base security of the switches.
It is commonly used for high security network. With this feature we can stop
the un-authorized access in the network. Only authorized/MAC binded devices can
access the network resources. MAC address of these devices will be added in the
network to use the resources of the network.
Types
of Port Security: -
There are two types of Port Security protocol which
are mentioned below.
1.
Manual
In this type we will add MAC
addresses of the all devices manually for authorization of network resources.
2.
Sticky
In this type device will
automatically learn the MAC address of the device and we will decide
authorization for this device.
States
of Port Security: -
There are three states of port security. With the help
of these states we will manage the decisions about the interfaces of the
devices. These 3 states are mentioned below.
1.
Shut
This is the high level of security.
In this state port will be shut down immediately when any un-authorized device
will try to access the LAN resources. In this states access is totally block
for all un-authorized devise.
2.
Protect
This is the medium level of security.
In this state the device will restrict the UN-authorize device and learns its
MAC address.
3.
Restrict
This is the low level state of the
security. It only restrict the device.
Below mentioned commands used for configuration of
Port Security in the Switches for the specific ports. Here we will Configure
Port security on Fastethernet0/1 interface.
thetechnetworkSW-A(config)#interface
fa0/1
thetechnetworkSW-A(config-if)#switchport
port-security maximum 100
thetechnetworkSW-A(config-if)#switchport
port-security mac-address sticky
thetechnetworkSW-A(config-if)#switchport
port-security violation shutdown
thetechnetworkSW-A(config-if)#switchport
port-security aging time 300
thetechnetworkSW-A(config-if)#exit
thetechnetworkSW-A(config)#
thetechnetworkSW-B(config)#interface
fa0/1
thetechnetworkSW-B(config-if)#switchport
port-security maximum 100
thetechnetworkSW-B(config-if)#switchport
port-security mac-address sticky
thetechnetworkSW-B(config-if)#switchport
port-security violation shutdown
thetechnetworkSW-B(config-if)#switchport
port-security aging time 300
thetechnetworkSW-B(config-if)#exit
To see the Port security on the interfaces we can use
below commands.
thetechnetworkSW-A#show port-security
thetechnetworkSW-A#show port-security interface
fastEthernet 0/1
