VLAN Foundations

  •       Logically groups users
  •       Segments Broadcast Domains
  •       Subnet Correlation
  •       Access Control
  •       Quality of Service

VLAN Design / Local VLANs

Dengan design segmentasi berdasarkan function, misalnya VLAN users dipisahkan dengan VLAN Server. Secara physical juga dipisahkan, VLAN users ada di Block A sedangkan VLAN server ada block B. Hal tersebut berkaitan dengan penerapan L3 (routing) antara Dist.Layer dengan Core Layer.

Local Vlan do not extend beyond the Distribution Layer

Local Vlan traffic routed to other destinations

Should be created arround physical boundaries (batas)

VLAN Configuration

R1#vlan database
R1(vlan)#vlan 10 name OPERATION
VLAN 10 added:
    Name: OPERATIONR1(vlan)#
R1(config)#interface-range fa 1/0 – 10R1
(config-if-range)#switchport access vlan 10
R1#show vlan brief

In-Depth Trunking

Trunking Review

Trunking is the process connecting two switches together and allowing them to send vlan information between each other.

Trunking (aka Tagging) passes multi-vlan information between switches.

Tagged is give the vlan id tag on the port so switch can identify waht VLAN accross this port

Untagged is access port for that VLAN id

In-Depth exploration : ISL vs 802.1Q


  • Cisco proprietary
  • Encapsulates the entire frame
  • Being phased(bertahap) out

802.1q :

  • Open standard
  • Insert tag into frame rather than encapsulating

Native VLAN

A native VLAN is the untagged on aa 802.1q trunked port.

Unlike .1q, there is no concept of a native vlan  in ISL because traffic from all VLAN is encapsulated with a full ISL header.

Negotiating Trunking

Switches can auto-negotiate trunk connections using The Dynamic Trunking Protocol (DTP). It’s a bad plann, because can be confusing, and there are Five Different modes :

  • Access : only access a single VLAN. Jika port tersebut sudah di state ‘switchport access 50’ lalu di konek ke switch lagi, maka seluruh switch yg konek ke port access tsb hanya akan mendistribusikan vlan 50 saja di seluruh port nya.
  • Trunk :
  • Dynamic Auto : prefer be trunk port. If between switch set to auto, then its port will be access. If neighbor switch set to dyn desirable then this port will trunk port.
  • Dynamic Desirable : it become a access if connect to PC, or it become a trunk if connect to Switch. It’s not secure.
  • Non-Negotiate : its in a trunk mode. Turn off DTP negotiation, it eliminated DTP delay time.

Configuration and Verification

Switchport mode trunk
Switchport nonegotiate
Switchport trunk native vlan 4 --> set vlan 4 to untag packet (for management)
Switchport trunk allowed vlan except 10 --> all vlan will allow except vlan 10
Show interface fa0/24 switchport
Show interface fa0/24 trunk

VLAN Trunking Protocol (VTP)

VTP : The Good, the Bad and the Ugly

VTP is not a trunking protocol, it is a vlan replication protocol (it because VTP called VRP : Vlan Replication Protocol). VTP Revision number increase every there are a modification VLAN database. Modification on a VTP Server will modif all VTP Client database.

The Good is VTP Relicated VLAN Database modification on all switches in a same vtp domain. So enginner do not need to modification vlan database all of switches.

The Bad is if new switches with a bigger rev number connect to network, it will changes database on all switches, old database will disappear (menghilang).

VTP Modes

Server Client Transparent
power to change vlan information Cannot change vlan information power to change vlan information
sends and receives vtp updates sends and receives vtp updates forwards (passes through) VTP Updates – vtp v2
does not listen to vtp advertisements
saves vlan information does not save vlan configuration saves vlan configuration

VTP Pruning

Pruning (pemangkasan) restrict VLAN broadcasts to be sent only neighbouring switches with ports assigned  to the specific VLAN broadcast exists. Example ; klo switch A tidak mempunyai VLAN 5…maka dengan VTP pruning, paket broadcast tidak akan melewati trunk link ke switch A (yg tidak ada VLAN 5 nya).

Note: VTP Pruning is disabled by default on all Cisco Catalyst switches and can be enabled by issuing the “set vtp pruning enable” command.

If this command is issued on the VTP Server(s) of your network, then pruning is enabled for the entire management domain.

VTP pruning needs to be enabled only on VTP servers, after which all VTP clients in the VTP domain automatically enable VTP pruning.

VTP Configuration

  • verify current VTP Status
    • show vtp status
  • configure VTP Domain / Password
    • vtp domain EGOY
    • vtp password egoy
  • configure VTP Mode
    • vtp mode server | client | transparent
  • set VTP version number
    • Vtp version 1 | 2

Different between version 2 and version 1 :

    • version 2 support for Token Ring
    • transparent mode on version 1 check the vtp version and domain name before forward information, on version 2 its NOT. Because only one domain is supported in a switch, the domain name doesn’t need to be checked.
    • Consistency check : check vtp and vlan command line
    • Unrecognized Type-Length-Value (TLV) Support. Optional info may be encoded as a TLV (Type-Length-Value) element inside of the protocol. The type and length are fixed in size (typically 1-4 bytes), and the value field is of variable size

Common VLAN issues

  • Native VLAN Mismatch

Different Native Vlan among the switches, solving with synchronize Native Vlan among the switches

  • Trunk Negotiation Issues
    • Auto-auto doesn’t become trunk

Auto mode doesnt send DTP, so they just wait and it be nothing

    • If possible, avoid DTP (Trunk Negotiate) à recomended config
  • VTP Updates not applying
    • Ceck everything matches : verify vtp domain/password/version
    • verify trunk link (VTP only works on trunk link)
    • delete flash:/vlan.dat and reboot