Virtual LAN’s and Trunks

Virtual LAN, also known as VLAN, is exactly as it sounds. It’s a method of having several virtual LAN’s on a single switch or even on an enterprise campus LAN. It’s completely driven by software and is strictly layer 2. Just as physical LAN’s, you can connect VLAN’s together with layer 3 devices, either routers or switches capable of providing layer three services.

A switch port can operate in three modes. Those modes are access, trunk and hybrid.

An access port is typically how ports are setup that connect to workstations, printers, etc. They can only be apart of a single vlan, with one exception. Hosts connected to access ports are oblivious to what vlan that they are on. Hosts can communicate with other hosts on the same vlan, but are not able to communicate with hosts on other vlan’s with out passing through a layer three device, such as a router.

Now the one exception to an access port only being able to pass traffic for a single vlan is when an access port is configured with a voice vlan, as well as a data vlan. In this configuration an IP phone is plugged into the switch port and the PC is plugged into the phone. The switch port then puts voice traffic on one vlan and data on another vlan. This allows for better security as well as quality of service for the voice traffic.

Trunk ports generally are the connections between switches. They allow switches to pass multiple vlan’s through them to other switches. That way you can have multiple vlan’s that span many switches within a enterprise LAN. Trunks can also connect switches to routers, known as router on a stick. This allows a router to connect to multiple vlan’s to route traffic through a single connection. Beware though, using a router on a stick configuration can significantly hinder your network performance as it will be the bottleneck of the network. The only instance where a router on a stick gains much use is for low traffic, small branch sites. Nowadays, layer 3 switches are used to route traffic internally on an enterprise.

There are a few different trunking protocols. In the Ethernet world, there are two methods; ISL and 802.1q. ISL stands for Inter-Switch Link and is a Cisco proprietary trunking protocol.


  • Only carries 1000 VLANs
  • Encapsulates the frame, which add overhead
  • Must be point-to-point
  • does not have a separate QoS field

Since ISL encapsulates the entire frame it can support other protocols besides Ethernet. It can support Token Ring, FDDI, and ATM.

802.1q is an open standard trunking protocol. Since it’s open, it can be used with multiple vendors. Rather than encapsulating the entire frame, 802.1q adds a tag to the existing Ethernet header. 802.1q had a priority field for better QoS support and has a rich protocol support. It can support:

  • Ethernet
  • Token Ring
  • 4095 VLANs
  • Common Spanning Tree
  • Multiple Spanning Tree
  • Rapid Spanning Tree

The native vlan is not tagged on the trunk.

Command Sets:

Interface Configuration mode:

August 4, 2010

Posted In: CCNA Study Notes, CCNP Study Notes, LAN Switching, VLAN, VLAN Trunking

VLAN Trunking Protocol

VLAN Trunking Protocol, aka VTP, is a Cisco proprietary protocol that allows Cisco switches to manage your VLAN database across all switches in your LAN through a central switch. This is done via a client / server environment.

A switch can operate in three VTP modes. The first is server mode. This is the VTP server which hosts the VLAN database and other switches on the LAN communicate to obtain a copy of the VTP database. In server mode, a network admin can add and remove VLANs at will.

The second is client mode. This is a VTP client. These switches communicate with the VTP server to obtain the database. A network admin can not add or remove VLANs manually from a switch in client mode.

And finally the the third mode is transparent mode. In transparent mode, the switch does not communicate with the VTP server and does not act as a VTP client. The network admin can add and remove VLANs from a switch in transparent mode and it will also allow VTP traffic to pass through it to other switches participating in the VTP domain.

Misconfigured, VTP can cause a major headache, but fortunately, troubleshooting VTP is pretty straight forward.

1. For VTP to propagate to switches in VTP client mode, they need to be connected as trunk ports. Switches connected together in access mode will not propagate any VTP changes.

2.The “Configuration Revision” number should be the highest on the server VTP switch. If the client has a higher revision number, then it will fail to obtain updates from the server. If a switch is introduced to the network that is running in VTP server mode, has the same VTP domain name as your server, and has the same password that you’ve setup in your VTP domain, then it will over-write your VLAN database throughout your network.

3. The “Configuration last modified” should list the IP Address of your VTP server switch. If it’s not, then you have a rogue VTP server on your network.

Fixing the issues are pretty straightforward, though may take a lot of manual input if you have a lot of VLANS.

1. If your client switches are not accepting updates from the server, verify that they are connected to the upstream switches via a trunking protocol. If that’s correct, make sure that the “Configuration Revision” isn’t higher than your VTP server. If it is, you can zero out the revision by changing to domain to null, changing the switch to server mode, then reconfiguring VTP in client mode.

2. If you have a rogue switch on the network that has taken over the role as VTP server, either remove the offending switch, or join it to the network in VTP client mode, then go to your VTP server and re-enter all your VLAN information in. You do have your VLAN information documented, right?

Other than that; use version 2, enable VTP pruning, use unique domain names, and use passwords on your VTP domain. If you’re very paranoid, set all your switches to transparent mode and update the VLAN database on your switch infrastructure manually.

Commands Sets: 

User EXEC mode:

show vtp counters
show vtp status
show vlan

Global Configuration mode:

VLAN Configuration mode:

July 27, 2010

Posted In: CCNA Study Notes, CCNP Study Notes, LAN Switching, VTP