Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide: Campus Network Architecture

Date: Jun 4, 2015

Return to the article

This chapter from Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide: (CCNP SWITCH 300-115) covers implementing VLANs and trunks in campus switched architecture, understanding the concept of VTP and its limitation and configurations, and implementing and configuring EtherChannel.

This chapter covers the following topics:

This chapter covers the key concepts of VLANs, trunking, and EtherChannel to build the campus switched networks. Knowing the function of VLANs and trunks and how to configure them is the core knowledge needed for building a campus switched network. VLANs can span across the whole network, or they can be configured to remain local. Also, VLANs play a critical role in the deployment of voice and wireless networks. Even though you might not be a specialist at one of those two fields, it is important to understand basics because both voice and wireless often rely on a basic switched network.

Once VLANs are created, their names and descriptions are stored in a VLAN database, with the exception of specific VLANs such as VLANs in the extended range in Cisco IOS for the Catalyst 6500. A mechanism called VLAN Trunking Protocol (VTP) dynamically distributes this information between switches. However, even if network administrators do not plan to enable VTP, it is important to consider its consequences.

EtherChannel can be used to bundle physical links in one virtual link, thus increasing throughput. There are multiple ways traffic can be distributed over the physical link within the EtherChannel.

Implementing VLANs and Trunks in Campus Environment

Within the switched internetwork, VLANs provide segmentation and organizational flexibility. VLANs help administrators to have the end node or workstations group that are segmented logically by functions, project teams, and applications, without regard to the physical location of the users. In addition, VLANs allow you to implement access and security policies to particular groups of users and limit the broadcast domain.

In addition, the voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. Because the sound quality of an IP phone call can deteriorate if the data is unevenly sent, the switch supports quality of service (QoS).

This section discusses in detail how to plan, implement, and verify VLAN technologies and address schemes to meet the given business and technical requirements along with constraints. This ability includes being able to meet these objectives:

VLAN Overview

A VLAN is a logical broadcast domain that can span multiple physical LAN segments. Within the switched internetwork, VLANs provide segmentation and organizational flexibility. A VLAN can exist on a single switch or span multiple switches. VLANs can include (hosts or endnotes) stations in a single building or multiple-building infrastructures. As shown in Figure 3-1, sales, human resources, and engineering are three different VLANs spread across all three floors.

Figure 3-1 VLAN Overview

The Cisco Catalyst switch implements VLANs by only forwarding traffic to destination ports that are in the same VLAN as the originating ports. Each VLAN on the switches implements address learning, forwarding, and filtering decisions and loop-avoidance mechanisms, just as though the VLAN were a separate physical switch.

Ports in the same VLAN share broadcasts. Ports in different VLANs do not share broadcasts, as illustrated in Figure 3-2, where a PC 3 and PC 4 cannot ping because they are in different VLANs, whereas PC 1 and PC 2 can ping each other because they are part of the same VLAN. Containing broadcasts within a VLAN improves the overall performance of the network. Because a VLAN is a single broadcast domain, campus design best practices recommend mapping a VLAN generally to one IP subnet. To communicate between VLANs, packets need to pass through a router or Layer 3 device.

Figure 3-2 VLAN Broadcast Domain

NOTE

Inter-VLAN routing is discussed in detail in Chapter 5, “Inter-VLAN Routing.” Generally, a port carries traffic only for the single VLAN. For a VLAN to span multiple switches, Catalyst switches use trunks. A trunk carries traffic for multiple VLANs by using Inter-Switch Link (ISL) encapsulation or IEEE 802.1Q. This chapter discusses trunking in more detail in later sections. Because VLANs are an important aspect of any campus design, almost all Cisco devices support VLANs and trunking.

NOTE

Most of the Cisco products support only 802.1Q trunking because 802.1Q is the industry standard. This book focuses only on 802.1Q.

VLAN Segmentation

Larger flat networks generally consist of many end devices in which broadcasts and unknown unicast packets are flooded on all ports in the network. One advantage of using VLANs is the capability to segment the Layer 2 broadcast domain. All devices in a VLAN are members of the same broadcast domain. If an end device transmits a Layer 2 broadcast, all other members of the VLAN receive the broadcast. Switches filter the broadcast from all the ports or devices that are not part of the same VLAN.

In a campus design, a network administrator can design a campus network with one of two models: end-to-end VLANs or local VLANs. Business and technical requirements, past experience, and political motivations can influence the design chosen. Choosing the right model initially can help create a solid foundation upon which to grow the business. Each model has its own advantages and disadvantages. When configuring a switch for an existing network, try to determine which model is used so that you can understand the logic behind each switch configuration and position in the infrastructure.

End-to-End VLANs

The term end-to-end VLAN refers to a single VLAN that is associated with switch ports widely dispersed throughout an enterprise network on multiple switches. A Layer 2 switched campus network carries traffic for this VLAN throughout the network, as shown in Figure 3-3, where VLANs 1, 2, and 3 are spread across all three switches.

Figure 3-3 End to End VLAN

If more than one VLAN in a network is operating in the end-to-end mode, special links (Layer 2 trunks) are required between switches to carry the traffic of all the different VLANs.

An end-to-end VLAN model has the following characteristics:

Local VLANs

The campus enterprise architecture is based on the local VLAN model. In a local VLAN model, all users of a set of geographically common switches are grouped into a single VLAN, regardless of the organizational function of those users. Local VLANs are generally confined to a wiring closet, as shown in Figure 3-4. In other words, these VLANs are local to a single access switch and connect via a trunk to an upstream distribution switch. If users move from one location to another in the campus, their connection changes to the new VLAN at the new physical location.

Figure 3-4 Local VLANs

In the local VLAN model, Layer 2 switching is implemented at the access level, and routing is implemented at the distribution and core level, as shown in Figure 2-4, to enable users to maintain access to the resources they need. An alternative design is to extend routing to the access layer, and links between the access switches and distribution switches are routed links.

The following are some local VLAN characteristics and user guidelines:

NOTE

VTP is discussed in more detail later in this chapter.

Comparison of End-to-End VLANs and Local VLANs

This subsection describes the benefits and drawbacks of local VLANs versus end-to-end VLANs.

Because a VLAN usually represents a Layer 3 segment, each end-to-end VLAN enables a single Layer 3 segment to be dispersed geographically throughout the network. The following could be some of the reasons for implementing the end-to-end design:

The following list details some considerations that the network administrators should consider when implementing end-to-end VLANs:

Based on the data presented in this section, there are many reasons to implement end-to-end VLANs. The main reason to implement local VLANs is simplicity. Local VLAN configures are quick and easy for small-scale networks.

Mapping VLANs to a Hierarchical Network

In the past, network designers have attempted to implement the 80/20 rule when designing networks. The rule was based on the observation that, in general, 80 percent of the traffic on a network segment was passed between local devices, and only 20 percent of the traffic was destined for remote network segments. Therefore, network architecture used to prefer end-to-end VLANs. To avoid the complications of end-to-end VLANs, designers now consolidate servers in central locations on the network and provide access to external resources, such as the Internet, through one or two paths on the network because the bulk of traffic now traverses a number of segments. Therefore, the paradigm now is closer to a 20/80 proportion, in which the greater flow of traffic leaves the local segment; so, local VLANs have become more efficient.

In addition, the concept of end-to-end VLANs was attractive when IP address configuration was a manually administered and burdensome process; therefore, anything that reduced this burden as users moved between networks was an improvement. However, given the ubiquity of Dynamic Host Configuration Protocol (DHCP), the process of configuring an IP address at each desktop is no longer a significant issue. As a result, there are few benefits to extending a VLAN throughout an enterprise (for example, if there are some clustering and other requirements).

Local VLANs are part of the enterprise campus architecture design, as shown in Figure 3-4, in which VLANs used at the access layer should extend no further than their associated distribution switch. For example, VLANs 1, 10 and VLANs 2, 20 are confined to only a local access switch. Traffic is then routed out the local VLAN as to the distribution layer and then to the core depending on the destination. It is usually recommended to have two to three VLANs per access block rather than span all the VLANs across all access blocks. This design can mitigate Layer 2 troubleshooting issues that occur when a single VLAN traverses the switches throughout a campus network. In addition, because Spanning Tree Protocol (STP) is configured for redundancy, the switch limits the STP to only the access and distribution switches that help to reduce the network complexity in times of failure.

Implementing the enterprise campus architecture design using local VLANs provides the following benefits:

Implementing a Trunk in a Campus Environment

A trunk is a point-to-point link that carries the traffic for multiple VLANs across a single physical link between the two switches or any two devices. Trunking is used to extend Layer 2 operations across an entire network, such as end-to-end VLANs, as shown in Figure 3-5. PC 1 in VLAN 1 can communicate with the host in VLAN 21 on another switch over the single trunk link, the same as a host in VLAN 20 can communicate with a host in another switch in VLAN 20.

Figure 3-5 Trunk Overview

As discussed earlier in this chapter, to allow a switch port that connects two switches to carry more than one VLAN, it must be configured as a trunk. If frames from a single VLAN traverse a trunk link, a trunking protocol must mark the frame to identify its associated VLAN as the frame is placed onto the trunk link. The receiving switch then knows the frame’s VLAN origin and can process the frame accordingly. On the receiving switch, the VLAN ID (VID) is removed when the frame is forwarded on to an access link associated with its VLAN.

A special protocol is used to carry multiple VLANs over a single link between two devices. There are two trunking technologies:

NOTE

ISL is a Cisco proprietary implementation. It is not widely used anymore.

When configuring an 802.1Q trunk, a matching native VLAN must be defined on each end of the trunk link. A trunk link is inherently associated with tagging each frame with a VID. The purpose of the native VLAN is to enable frames that are not tagged with a VID to traverse the trunk link. Native VLAN is discussed in more detail in a later part of this section.

Because the ISL protocol is almost obsolete, this book focuses only on 802.1Q. Figure 3-6 depicts how ISL encapsulates the normal Ethernet frame. Currently, all Catalyst switches support 802.1Q tagging for multiplexing traffic from multiple VLANs onto a single physical link.

Figure 3-6 ISL Frame

IEEE 802.1Q trunk links employ the tagging mechanism to carry frames for multiple VLANs, in which each frame is tagged to identify the VLAN to which the frame belongs. Figure 3-7 shows the layout of the 802.1Q frame.

Figure 3-7 802.1Q Frame

The IEEE 802.1Q/802.1p standard provides the following inherent architectural advantages over ISL:

The 802.1Q Ethernet frame header contains the following fields:

IEEE 802.1Q uses an internal tagging mechanism that modifies the original frame (as shown by the X over FCS in the original frame in Figure 3-7), recalculates the cyclic redundancy check (CRC) value for the entire frame with the tag, and inserts the new CRC value in a new FCS. ISL, in comparison, wraps the original frame and adds a second FCS that is built only on the header information but does not modify the original frame FCS.

IEEE 802.1p redefined the three most significant bits in the 802.1Q tag to allow for prioritization of the Layer 2 frame.

If a non-802.1Q-enabled device or an access port receives an 802.1Q frame, the tag data is ignored, and the packet is switched at Layer 2 as a standard Ethernet frame. This allows for the placement of Layer 2 intermediate devices, such as unmanaged switches or bridges, along the 802.1Q trunk path. To process an 802.1Q tagged frame, a device must enable a maximum transmission unit (MTU) of 1522 or higher.

Baby giants are frames that are larger than the standard MTU of 1500 bytes but less than 2000 bytes. Because ISL and 802.1Q tagged frames increase the MTU beyond 1500 bytes, switches consider both frames as baby giants. ISL-encapsulated packets over Ethernet have an MTU of 1548 bytes, whereas 802.1Q has an MTU of 1522 bytes.

Understanding Native VLAN in 802.1Q Trunking

The IEEE 802.1Q protocol allows operation between equipment from different vendors. All frames, except native VLAN, are equipped with a tag when traversing the link, as shown in Figure 3-8.

Figure 3-8 Native VLAN in 802.1Q

A frequent configuration error is to have different native VLANs. The native VLAN that is configured on each end of an 802.1Q trunk must be the same. If one end is configured for native VLAN 1 and the other for native VLAN 2, a frame that is sent in VLAN 1 on one side will be received on VLAN 2 on the other. VLAN 1 and VLAN 2 have been segmented and merged. There is no reason this should be required, and connectivity issues will occur in the network. If there is a native VLAN mismatch on either side of an 802.1Q link, Layer 2 loops may occur because VLAN 1 STP BPDUs are sent to the IEEE STP MAC address (0180.c200.0000) untagged.

Cisco switches use Cisco Discovery Protocol (CDP) to warn of a native VLAN mismatch. On select versions of Cisco IOS Software, CDP may not be transmitted or will be automatically turned off if VLAN 1 is disabled on the trunk.

By default, the native VLAN will be VLAN 1. For the purpose of security, the native VLAN on a trunk should be set to a specific VID that is not used for normal operations elsewhere on the network.

Switch(config-if)# switchport trunk native vlan vlan-id

NOTE

Cisco ISL does not have a concept of native VLAN. Traffic for all VLANs is tagged by encapsulating each frame.

Understanding DTP

All recent Cisco Catalyst switches, except for the Catalyst 2900XL and 3500XL, use a Cisco proprietary point-to-point protocol called Dynamic Trunking Protocol (DTP) on trunk ports to negotiate the trunking state. DTP negotiates the operational mode of directly connected switch ports to a trunk port and selects an appropriate trunking protocol. Negotiating trunking is a recommended practice in multilayer switched networks because it avoids network issues resulting from trunking misconfigurations for initial configuration, but best practice is when the network is stable, change to permanent trunk.

Cisco Trunking Modes and Methods

Table 3-1 describes the different trunking modes supported by Cisco switches.

Table 3-1 Trunking Modes

Mode in Cisco IOS

Function

Access

Puts the interface into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. The interface becomes a nontrunk interface even if the neighboring interface does not agree to the change.

Trunk

Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link. The interface becomes a trunk interface even if the neighboring interface does not agree to the change.

Nonegotiate

Prevents the interface from generating DTP frames. You must configure the local and neighboring interface manually as a trunk interface to establish a trunk link. Use this mode when connecting to a device that does not support DTP.

Dynamic desirable

Makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode.

Dynamic auto

Makes the interface willing to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk or desirable mode. This is the default mode for all Ethernet interfaces in Cisco IOS.

NOTE

The Cisco Catalyst 4000 and 4500 switches run Cisco IOS or Cisco CatOS depending on the Supervisor Engine model. The Supervisor Engines for the Catalyst 4000 and 4500 do not support ISL encapsulation on a per-port basis. Refer to the product documentation on Cisco.com for more details.

Figure 3-9 shows the combination of DTP modes between the two links. A combination of DTP modes can either make the port as an access port or trunk port.

Figure 3-9 Output from the SIMPLE Program

VLAN Ranges and Mappings

ISL supports VLAN numbers in the range of 1 to 1005, whereas 802.1Q VLAN numbers are in the range of 1 to 4094. The default behavior of VLAN trunks is to permit all normal and extended-range VLANs across the link if it is an 802.1Q interface and to permit normal VLANs in the case of an ISL interface.

VLAN Ranges

Cisco Catalyst switches support up to 4096 VLANs depending on the platform and software version. Table 3-2 illustrates the VLAN division for Cisco Catalyst switches. Table 3-3 shows VLAN ranges.

Table 3-2 VLAN Support Matrix for Catalyst Switches

Type of Switch

Maximum Number of VLANs

VLAN ID Range

Catalyst 2940

4

1–1005

Catalyst 2950/2955

250

1–4094

Catalyst 2960

255

1–4094

Catalyst 2970/3550/3560/3750

1005

1–4094

Catalyst 2848G/2980G/4000/4500

4094

1–4094

Catalyst 6500

4094

1–4094

Table 3-3 VLAN Ranges

VLAN Range

Range Usage

Propagated via VTP

0, 4095

Reserved for system use only. You cannot see or use these VLANs.

1

Normal Cisco default. You can use this VLAN, but you cannot delete it.

Yes

2–1001

Normal For Ethernet VLANs. You can create, use, and delete these VLANs.

Yes

1002–1005

Normal Cisco defaults for FDDI and Token Ring. You cannot delete VLANs 1002–1005.

Yes

1006–1024

Reserved for system use only. You cannot see or use these VLANS.

1025–4094

Extended for Ethernet VLANs only.

Not supported in VTP Versions 1 and 2. The switch must be in VTP transparent mode to configure extended-range VLANS. This range is only supported in Version 3.

NOTE

The Catalyst 2950 and 2955 support as many as 64 VLANs with the Standard Software image, and up to 250 VLANs with the Enhanced Software image. Cisco Catalyst switches do not support VLANs 1002 through 1005; these are reserved for Token Ring and FDDI VLANs. Furthermore, the Catalyst 4500 and 6500 families of switches do not support VLANs 1006 through 1024. In addition, several families of switches support more VLANs than the number of spanning-tree instances. For example, the Cisco Catalyst 2970 supports 1005 VLANs but only 128 spanning-tree instances. For information on the number of supported spanning-tree instances, refer to the Cisco product technical documentation.

Configuring, Verifying, and Troubleshooting VLANs and Trunks

This section provides the configuration, verification, and troubleshooting steps for VLANs and trunking.

To create a new VLAN in global configuration mode, follow these steps:

Example 3-1 shows how to configure a VLAN in global configuration mode.

Example 3-1 Creating a VLAN in Global Configuration Mode in Cisco IOS

Switch# configure terminal
Switch(config)# vlan 5
Switch(config-vlan)# name Engineering
Switch(config-vlan)# exit

To delete a VLAN in global configuration mode, delete the VLAN by referencing its ID number:

Switch(config)# no vlan vlan-id

NOTE

After a VLAN is deleted, the access ports that belong to that VLAN move into the inactive state until the ports are moved to another VLAN. As a security measure, ports in the inactive state do not forward traffic.

Example 3-2 demonstrates deletion of a VLAN in global configuration mode.

Example 3-2 Deleting a VLAN in Global Configuration Mode

Switch# configure terminal
Switch(config)# no vlan 3
Switch(config)# end

To assign a switch port to a previously created VLAN, follow these steps:

Example 3-3 illustrates configuration of an interface as an access port in VLAN 200.

Example 3-3 Assigning an Access Port to a VLAN

Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface FastEthernet 5/6
Switch(config-if)# description PC A
Switch(config-if)# switchport
Switch(config-if)# switchport host
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 200
Switch(configif)# no shutdown
Switch(config-if)# end

NOTE

Use the switchport command with no keywords to configure interfaces as Layer 2 interfaces on Layer 3 switches. After configuring the interface as a Layer 2 interface, use additional switchport commands with keywords to configure Layer 2 properties, such as access VLANs or trunking.

Verifying the VLAN Configuration

As previously discussed, after you configure the VLANs, one of the important steps is to be able to verify the configuration. To verify the VLAN configuration of a Catalyst switch, use show commands. The show vlan command from privileged EXEC mode displays information about a particular VLAN. Table 3-4 documents the fields displayed by the show vlan command.

Table 3-4 show vlan Field Descriptions

Field

Description

VLAN

VLAN number

Name

Name, if configured, of the VLAN

Status

Status of the VLAN (active or suspended)

Ports

Ports that belong to the VLAN

Type

Media type of the VLAN

SAID

Security association ID value for the VLAN

MTU

Maximum transmission unit size for the VLAN

Parent

Parent VLAN, if one exists

RingNo

Ring number for the VLAN, if applicable

BridgNo

Bridge number for the VLAN, if applicable

Stp

Spanning Tree Protocol type used on the VLAN

BrdgMode

Bridging mode for this VLAN

Trans1

Translation bridge 1

Trans2

Translation bridge 2

AREHops

Maximum number of hops for All-Routes Explorer frames

STEHops

Maximum number of hops for Spanning Tree Explorer frames

Example 3-4 displays information about a VLAN identified by number in Cisco IOS.

Example 3-4 Displaying Information About a VLAN by Number in Cisco IOS

SW1#show vlan id 3

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
3    VLAN0003                         active    Et1/1

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
3    enet  100003     1500  -      -      -        -    -        0      0

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

SW1#

Example 3-5 displays information about a VLAN identified by name in Cisco IOS.

Example 3-5 Displaying Information About a VLAN by Name in Cisco IOS

SW1# show vlan name VLAN0003

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
3    VLAN0003                         active    Et1/1

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
3    enet  100003     1500  -      -      -        -    -        0      0

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

SW1#

To display the current configuration of a particular interface, use the show running-config interface interface-type slot/port command. To display detailed information about a specific switch port, use the show interfaces command. The command show interfaces interface-type slot/port with the switchport keyword displays not only a switch port’s characteristics but also private VLAN and trunking information. The show mac address-table interface interface-type slot/port command displays the MAC address table information for the specified interface in specific VLANs. During troubleshooting, this command is helpful in determining whether the attached devices are sending packets to the correct VLAN.

Example 3-6 displays the configuration of a particular interface. Example 3-6 shows that the interface Ethernet 5/6 is configured with the VLAN 200 and in an access mode so that the port does not negotiate for trunking.

Example 3-6 Displaying Information About the Interface Config

Switch# show running-config interface FastEthernet 5/6
Building configuration... !
Current configuration :33 bytes
interface FastEthernet 5/6
switchport access vlan 200
switchport mode access
end

Example 3-7 displays detailed switch port information as the port VLAN and operation modes. As shown in Example 3-7, the Ethernet port 4/1 is configured as the switch port means Layer 2 port, working as an access port in VLAN 2.

Example 3-7 Displaying Detailed Switch Port Information

BXB-6500-10:8A# SW1# show int ethernet 4/1 switchport
Name: Et4/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Operational Dot1q Ethertype:  0x8100
Negotiation of Trunking: Off
Access Mode VLAN: 200 (Inactive)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Operational Native VLAN tagging: disabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Voice VLAN: none (Inactive)
Appliance trust: none

Example 3-8 displays the MAC address table information for a specific interface in VLAN 1.

Example 3-8 Displaying MAC Address Table Information

Switch# show mac-address-table interface GigabitEthernet 0/1 vlan 1
SW1# show mac address-table interface Gigabitethernet 0/1
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    aabb.cc01.0600    DYNAMIC     Gi0/1
Total Mac Addresses for this criterion: 1

NOTE

In this book, the configuration and verification are shown as the part of the scenarios that will be shown in a particular topology.

To configure the VLANs on switches SW1 and SW2 and enable trunking between the switches, use the topology shown in Figure 3-10.

Figure 3-10 Topology to Configure VLAN and Trunking

Table 3-5 outlines the IP addressing scheme that will be used for this topology.

Table 3-5 IP Addressing

Device

Device IP

Device Interface

Device Neighbor

Interface on the Neighbor

PC1

192.168.1.100

Eth0/0

SW1

Eth0/1

PC2

192.168.20.101

Eth0/0

SW1

Eth0/2

PC3

192.168.1.110

Eth0/0

SW2

Eth0/1

PC4

192.168.20.110

Eth0/0

SW2

Eth0/2

Configuring VLANs and Trunks

To configure a port to belong to a certain VLAN, you have the following two options:

With static VLAN configuration, switch ports are assigned to a specific VLAN. End devices become members in a VLAN based on the physical port to which they are connected. The end device is not even aware that a VLAN exists. Each port that is assigned to a VLAN receives a port VLAN ID (PVID).

With dynamic VLAN configuration, membership is based on the MAC address of the end device. When a device is connected to a switch port, the switch must query a database to figure out what VLAN needs to be configured. With dynamic VLANs, you need to assign a user’s MAC address to VLAN in the database of a VLAN Management Policy Server (VMPS). With dynamic VLANs, users can connect to any port on the switch, and they will be automatically assigned into the VLAN they belong to.

NOTE

This book focuses only on configuring VLANs statically. All Cisco Catalyst switches support VLANs. That said, each Cisco Catalyst switch supports a different number of VLANs, with high-end Cisco Catalyst switches supporting as many as 4096 VLANs. Table 3-2 notes the maximum number of VLANs supported by each model of Catalyst switch. With static VLAN configuration, you first need to create a VLAN on the switch, if it does not yet exist. VLANs are identified by the VLAN number that runs 1 through 4094.

Best Practices for VLANs and Trunking

Usually, network designers design and implement the VLANs and their components depending on the business needs and requirements, but this section provides general best practices for implementing VLAN in a campus network.

Following are some of the practices for VLAN design:

Voice VLAN Overview

Some Cisco Catalyst switches offer a unique feature called voice VLAN, which lets you overlay a voice topology onto a data network. You can segment phones into separate logical networks even though the data and voice infrastructure are physically the same.

The voice VLAN feature places the phones into their own VLANs without any end-user intervention. These VLAN assignments can be seamlessly maintained even if the phone is moved to a new location.

The user simply plugs the phone into the switch, and the switch provides the phone with the necessary VLAN information. By placing phones into their own VLANs, network administrators gain the advantages of network segmentation and control. Furthermore, network administrators can preserve their existing IP topology for the data end stations. IP phones can be easily assigned to different IP subnets using standards-based DHCP operation.

With the phones in their own IP subnets and VLANs, network administrators can more easily identify and troubleshoot network problems. In addition, network administrators can create and enforce QoS or security policies.

With the voice VLAN feature, Cisco enables network administrators to gain all the advantages of physical infrastructure convergence while maintaining separate logical topologies for voice and data terminals. This ability offers the most effective way to manage a multiservice network.

Multiservice switches support a new parameter for IP telephony support that makes the access port a multi-VLAN access port. The new parameter is called a voice or auxiliary VLAN. Every Ethernet 10/100/1000 port in the switch is associated with two VLANs:

During the initial CDP exchange with the access switch, the IP phone is configured with a VVID.

The IP phone is also supplied with a QoS configuration using CDP.

Data packets between the multiservice access switch and the PC or workstation are on the native VLAN. All packets going out on the native VLAN of an IEEE 802.1Q port are sent untagged by the access switch. The PC or workstation connected to the IP phone usually sends untagged packets, as shown in Figure 3-12, whereas a PC VLAN that connected directly to the phone sends untagged packets because this considers the native VLAN and voice VLAN as VVID 110. The IP phone tags voice packets based on the CDP information from the access switch.

Figure 3-12 Voice VLAN Overview

The multi-VLAN access ports are not trunk ports, even though the hardware is set to the dot1Q trunk. The hardware setting is used to carry more than two VLANs, but the port is still considered an access port that is able to carry one native VLAN and the voice VLAN.

The switchport host command can be applied to a multi-VLAN access port on the access switch.

As shown in Figure 3-13, interface Fa0/1 is configured to set data devices in data VLAN 10 and VoIP devices in voice VLAN 110.

Figure 3-13 Voice VLAN Configuration

When you run the show vlan command, both the voice and the data VLAN are seen applied to the interface Fa0/1 as demonstrated in Example 3-9.

Example 3-9 show vlan Command Output Provides Information About the Voice and Data VLAN

Switch# show vlan

VLAN  Name             Status            Ports
----  -------------------------------- --------- -----------------
1     default          active Fa0/6,Fa0/7,Fa0/8,Fa0/9,Fa0/10

10  VLAN0010             active        Fa0/1
110 VLAN0110             active        Fa0/1
<... output omitted ...>

Verify the switchport mode and the voice VLAN by using the show interface interface-slot/number switchport command.

Switch Configuration for Wireless Network Support

Cisco offers the following two WLAN implementations:

In the autonomous (or standalone) solution, each AP operates independently and acts as a transition point between the wireless media and the 802.3 media. The data traffic between two clients flows via the Layer 2 switch when on the same subnet from a different AP infrastructure. As the AP converts the IEEE 802.11 frame into an 802.3 frame, the wireless client MAC address is transferred to the 802.3 headers and appears as the source for the switch. The destination, also a wireless client, appears as the destination MAC address. For the switch, the APs are relatively transparent, as illustrated in Figure 3-14.

Figure 3-14 Wireless Configurations Options

In a controller-based solution, management, control, deployment, and security functions are moved to a central point: the wireless controller, as shown in Figure 3-14. Controllers are combined with lightweight APs that perform only the real-time wireless operation. Controllers can be standalone devices, integrated into a switch, or a WLC can be virtualized.

Both standalone and lightweight APs connect to a switch. It is common that the switch is Power over Ethernet (PoE)-able and so APs get power and data through the Ethernet cable. This makes the wireless network more scalable and easier to manage.

To implement a wireless network, APs and switches need to be configured. APs can be configured directly (autonomous APs) or through a controller (lightweight APs). Either way, configuring APs is a domain of the WLAN specialist. On the switch side, just configure VLANs and trunks on switches to support WLAN.

VLAN Trunking Protocol

VTP is a protocol that is used to distribute and synchronize information about VLAN databases configured throughout a switched network. VTP minimizes misconfigurations and configuration inconsistencies that might result in various problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.

This section discusses in detail how to plan, implement, and verify VTP in campus networks. The following subsections cover these topics:

VTP Overview

VTP is a Layer 2 protocol that maintains VLAN configuration consistency by managing the additions, deletions, and name changes of VLANs across networks, as shown in Figure 3-15. Switches transmit VTP messages only on 802.1Q or ISL trunks. Cisco switches transmit VTP summary advertisements over the management VLAN (VLAN 1 by default) using a Layer 2 multicast frame every 5 minutes. VTP packets are sent to the destination MAC address 01-00-0C-CC-CC-CC with a logical link control (LLC) code of Subnetwork Access Protocol (SNAP) (AAAA) and a type of 2003 (in the SNAP header).

Figure 3-15 VTP Overview

In Figure 3-15, configurations made to a single VTP server propagate across trunk links to all connected switches in the network in the following manner:

VTP domain is one switch or several interconnected switches sharing the same VTP environment but switch can be only in one VTP domain at any time. By default, a Cisco Catalyst switch is in the no-management-domain state or <null> until it receives an advertisement for a domain over a trunk link or until you configure a management domain. Configurations that are made on a single VTP server are propagated across trunk links to all of the connected switches in the network. Configurations will be exchanged if VTP domain and VTP passwords match.

VTP is a Cisco proprietary protocol.

VTP Modes

VTP operates in one of three modes: server, transparent, or client. On some switches, VTP can also be completely disabled. Figure 3-16 shows the brief description of each of the VTP modes.

Figure 3-16 VTP Modes and Its Characteristics

The characteristics of the three VTP modes are as follows:

NOTE

In VTP Version 3, there is a concept of a primary server and a secondary server. VTP Version 3 is not within the scope of this book; for more information, refer to documents on Cisco.com.

In the server, transparent, and client modes, VTP advertisements are received and transmitted as soon as the switch enters the management domain state. In the VTP off mode, switches behave the same as in VTP transparent mode with the exception that VTP advertisements are not forwarded. Off mode is not available in all releases.

By default, Cisco IOS VTP servers and clients save VLANs to the vlan.dat file in flash memory, causing them to retain the VLAN table and revision number.

Switches that are in VTP transparent mode display the VLAN and VTP configurations in the show running-config command output because this information is stored in the configuration text file. If you perform erase startup-config on a VTP transparent switch you will delete its VLANs.

NOTE

The erase startup-config command does not affect the vlan.dat file on switches in VTP client and server modes. Delete the vlan.dat file and reload the switch to clear the VTP and VLAN information. See documentation for your specific switch model to determine how to delete the vlan.dat file.

VTP Versions

Cisco Catalyst switches support three different versions of VTP: 1, 2, and 3. It is important to decide which version to use because they are not interoperable. In addition, Cisco recommends running only one VTP version for network stability. This chapter emphasizes VTP Versions 1 and 2 because VTP Version 3 is not the most frequently used version of the VTP.

The default VTP version that is enabled on a Cisco switch is Version 1. If you do need to change the version of VTP in the domain, the only thing that you need to do is to enable it on the VTP server; the change will propagate throughout the network.

VTP Version 2 offers the following features that Version 1 does not:

VTP Version 3 brings the following properties:

NOTE

VTPv3 is not compatible with VTPv1. VTPv3 is compatible with VTPv2 as long as you are not using it to propagate private or extended VLANs.

NOTE

This book focuses only on VTP Versions 1 and 2 because VTP Version 3 is still not common in the field and is not the focus of the exam.

VTP Pruning

VTP pruning uses VLAN advertisements to determine when a trunk connection is flooding traffic needlessly. By default, a trunk connection carries traffic for all VLANs in the VTP management domain. Commonly, some switches in an enterprise network do not have local ports configured in each VLAN. In Figure 3-17, Switches 1 and 4 support ports statically configured in the red VLAN.

Figure 3-17 VTP Pruning

VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. Figure 3-17 shows a switched network with VTP pruning enabled. The broadcast traffic from Hosts or workstation in red VLAN is not forwarded to Switches 3, 5, and 6, because traffic for the red VLAN has been pruned on the links indicated on Switches 2 and 4.

Regardless of whether you use VTP pruning support, Catalyst switches run an instance of STP for each VLAN. An instance of STP exists for each VLAN even if no ports are active in the VLAN or if VTP pruning removes the VLANs from an interface. As a result, VTP pruning prevents flooded traffic from propagating to switches that do not have members in specific VLANs. However, VTP pruning does not eliminate the switches’ knowledge of pruned VLANs.

VTP Authentication

VTP domains can be secured by using the VTP password feature. It is important to make sure that all the switches in the VTP domain have the same password and domain name; otherwise, a switch will not become a member of the VTP domain. Cisco switches use the message digest 5 (MD5) algorithm to encode passwords in 16-byte words. These passwords propagate inside VTP summary advertisements. In VTP, passwords are case sensitive and can be 8 to 64 characters in length. The use of VTP authentication is a recommended practice.

VTP Advertisements

VTP advertisements are flooded throughout the management domain. VTP advertisements are sent every 5 minutes or whenever there is a change in VLAN configurations. Advertisements are transmitted (untagged) over the native VLAN (VLAN 1 by default) using a multicast frame. A configuration revision number is included in each VTP advertisement. A higher configuration revision number indicates that the VLAN information being advertised is more current than the stored information.

One of the most critical components of VTP is the configuration revision number. Each time a VTP server modifies its VLAN information, the VTP server increments the configuration revision number by one. The server then sends out a VTP advertisement with the new configuration revision number. If the configuration revision number being advertised is higher than the number stored on the other switches in the VTP domain, the switches overwrite their VLAN configurations with the new information that is being advertised. As shown in Figure 3-18, when the VLAN was added into the database on the VTP server switch, it increased the revision to 4 and advertised the rest of the domain switches that are in client or server VTP mode. However, the switch in transparent mode does not change its revision number or its database.

Figure 3-18 VTP Advertisement

The configuration revision number in VTP transparent mode is always zero. Because a VTP-transparent switch does not participate in VTP, that switch does not advertise its VLAN configuration or synchronize its VLAN database upon receipt of a VTP advertisement.

NOTE

In the overwrite process, if the VTP server were to delete all the VLANs and have the higher revision number, the other devices in the VTP domain would also delete their VLANs.

A device that receives VTP advertisements must check various parameters before incorporating the received VLAN information. First, the management domain name and password in the advertisement must match those values that are configured on the local switch. Next, if the configuration revision number indicates that the message was created after the configuration currently in use, the switch incorporates the advertised VLAN information.

NOTE

On many Cisco Catalyst switches, you can change the VTP domain to another name and then change it back to reset the configuration revision number; alternatively, you can change the mode to transparent and then back to the previous setting.

VTP Messages Types

VTP uses various message types for its communication. The subsections that follow describe the message types for VTP.

Summary Advertisements

By default, Catalyst switches issue summary advertisements in 5-minute increments. Summary advertisements inform adjacent Catalysts of the current VTP domain name and the configuration revision number.

When the switch receives a summary advertisement packet, the switch compares the VTP domain name to its own VTP domain name. If the name differs, the switch simply ignores the packet. If the name is the same, the switch then compares the configuration revision to its own revision. If its own configuration revision is higher or equal, the packet is ignored. If it is lower, an advertisement request is sent.

Subset Advertisements

When you add, delete, or change a VLAN in a Catalyst server, the Catalyst server where the changes are made increments the configuration revision and issues a summary advertisement. One or several subset advertisements follow the summary advertisement. A subset advertisement contains a list of VLAN information. If there are several VLANs, more than one subset advertisement can be required to advertise all the VLANs.

Advertisement Requests

A switch needs a VTP advertisement request in these situations:

Configuring and Verifying VTP

When creating VLANs, one must decide whether to use VTP in your network. With VTP, changes made on one or more switches propagate automatically to all other switches in the same VTP domain.

NOTE

The domain name and password are case sensitive.

The VTP domain name can be specified or learned. By default, the domain name is <null>. You can specify the password for the VTP management domain. However, if the same password for each switch is not used in the domain, VTP will not function properly. MD5 hashing is used for VTP passwords.

NOTE

The domain name cannot be reset to <null> except if the database is deleted. The domain name can only be reassigned.

To configure VTP, use the topology layout shown in Figure 3-19. In this scenario, Switch 1 will be configured as client, Switch 2 as server, and Switch 3 for transparent mode.

Figure 3-19 VTP Configuration Topology

Complete the following steps to configure the VTP on the switches shown in the topology in Figure 3-19:

Switch1# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et0/2, Et0/3, Et1/0
                                                Et1/1, Et1/2, Et1/3, Et2/0
                                                Et2/1, Et2/2, Et2/3, Et3/0
                                                Et3/1, Et3/2, Et3/3, Et4/0
                                                Et4/1, Et4/2, Et4/3, Et5/0
                                                Et5/1, Et5/2, Et5/3
10   VLAN0010                         active
1002 fddi-default                     act/unsup
<... output omitted ...>

Switch2# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et0/3, Et1/0, Et1/1
                                                Et1/2, Et1/3, Et2/0, Et2/1
                                                Et2/2, Et2/3, Et3/0, Et3/1
                                                Et3/2, Et3/3, Et4/0, Et4/1
                                                Et4/2, Et4/3, Et5/0, Et5/1
                                                Et5/2, Et5/3
10   VLAN0010                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
<... output omitted ...>

Switch3# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et0/1, Et0/3, Et1/0
                                                Et1/1, Et1/2, Et1/3, Et2/0
                                                Et2/1, Et2/2, Et2/3, Et3/0
                                                Et3/1, Et3/2, Et3/3, Et4/0
                                                Et4/1, Et4/2, Et4/3, Et5/0
                                                Et5/1, Et5/2, Et5/3
20   VLAN0020                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
<... output omitted ...>

While a switch is in VTP transparent mode, it can create and delete VLANs that are local only to itself. These VLAN changes are not propagated to any other switch.

In this example, VLAN 20 is only present in the VLAN database of Switch 3 (the VTP transparent switch, on which you created the VLAN).

Overwriting VTP Configuration (Very Common Issue with VTP)

One of the common issues with VTP is that if you are not careful you can easily wipe out the configuration of the VLAN database across the entire network. Therefore, when a switch is added to a network, it is important that it does not inject spurious information into the domain. Let’s review the scenarios illustrated in Figure 3-20, where the SW1 is a VTP server, and SW2 and SW3 are in the VTP client mode. They are all synced to the same configuration revision number ‘12’ and have VLANs 10, 20, 30, and 40. In addition, each switch has hosts connected to multiple VLANs, like SW1 has hosts in VLAN 10 and 20, as depicted in Figure 3-20.

Figure 3-20 Overwriting VTP Configuration

Example 3-10 shows the VTP and VLAN configuration of the switch SW1. Note that SW2 and SW3 would have the similar revision number and VLANs because they are completely synced.

Example 3-10 VLAN and VTP Outputs from Switch SW1

SW1# show vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : CCNP
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : aabb.cc00.5a00
Configuration last modified by 0.0.0.0 at 9-24-13 07:33:33
Local updater ID is 0.0.0.0 (no valid interface found)

Feature VLAN:
--------------
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 9
Configuration Revision            : 12
MD5 digest                        : 0x11 0x31 0x4F 0x6A 0x96 0x0D 0xB6 0xB9
                                    0xAE 0xF4 0xD4 0x85 0x4D 0x58 0xC8 0x4D
SW1# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et1/0, Et2/0, Et2/1
                                                Et2/2, Et2/3, Et3/0, Et3/1
                                                Et3/2, Et3/3, Et4/0, Et4/1
                                                Et4/2, Et4/3, Et5/0, Et5/1
                                                Et5/2, Et5/3
10   VLAN0010                         active
20   VLAN0020                         active    Et1/2
30   VLAN0030                         active    Et1/3
40   VLAN0040                         active

Now assume that SW2 failed and was replaced by another new switch in the closet, as shown in Figure 3-21.

Figure 3-21 Overwriting VTP Configuration: Switch Failure

However, the network administrator forgot to erase the configuration and VLAN database.

The replacement switch has the same VTP domain name configured as the other two switches. The VTP revision number on the replacement switch is 29, higher than the revision on the other two switches.

NOTE

The VTP revision number is stored in NVRAM and is not reset if you erase switch configuration and reload it.

Example 3-11 shows the output of VLANs and VTP on the new replacement switch to show the revision number and its VLAN database.

Example 3-11 VTP and VLAN Output from the New Replacement Switch

Replacement# show vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : CCNP
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : aabb.cc00.5a00
Configuration last modified by 0.0.0.0 at 9-24-13 08:15:44
Local updater ID is 0.0.0.0 (no valid interface found)

Feature VLAN:
--------------
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 10
Configuration Revision            : 29
MD5 digest                        : 0x29 0xF2 0x1F 0xA5 0x41 0x44 0x04 0xAC
                                    0x08 0x3B 0x9A 0x2C 0x73 0x8A 0xA2 0xBD
! The replacement switch does not have VLANs 20, 30, and 40 in its database.
Replacement# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et0/1, Et0/2, Et1/0
                                                Et2/0, Et2/1, Et2/2, Et2/3
                                                Et3/0, Et3/1, Et3/2, Et3/3
                                                Et4/0, Et4/1, Et4/2, Et4/3
                                                Et5/0, Et5/1, Et5/2, Et5/3
10   VLAN0010                         active    Et1/1
11   VLAN0011                         active
22   VLAN0022                         active
33   VLAN0033                         active
44   VLAN0044                         active
<... output omitted ...>

Because SW2 has a higher revision number, SW1 and SW3 will sync to the latest revision.

The consequence is that VLANs 20, 30, and 40 no longer exist on SW1 and SW2. This leaves the clients that are connected to ports belonging to nonexisting VLANs without connectivity, as shown in Figure 3-22.

Figure 3-22 VTP Overwriting Advertisement

Example 3-12 shows the output of show vtp status and show vlan of the SW1 and SW3 to show how the VLAN database is updated with new switch database.

Example 3-12 Show VTP Status and Show VLAN Outputs from SW1 and SW3

SW1# show vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : CCNP
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : aabb.cc00.5900
Configuration last modified by 0.0.0.0 at 9-24-13 08:15:44
Local updater ID is 0.0.0.0 (no valid interface found)

Feature VLAN:
--------------
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 10
Configuration Revision            : 29
MD5 digest                        : 0x29 0xF2 0x1F 0xA5 0x41 0x44 0x04 0xAC
                                    0x08 0x3B 0x9A 0x2C 0x73 0x8A 0xA2 0xBD
SW1# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et1/0, Et2/0, Et2/1
                                                Et2/2, Et2/3, Et3/0, Et3/1
                                                Et3/2, Et3/3, Et4/0, Et4/1
                                                Et4/2, Et4/3, Et5/0, Et5/1
                                                Et5/2, Et5/3
10   VLAN0010                         active
11   VLAN0011                         active
22   VLAN0022                         active
33   VLAN0033                         active
44   VLAN0044                         active
<... output omitted ...>
SW3# show vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : CCNP
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : aabb.cc00.5600
Configuration last modified by 0.0.0.0 at 9-24-13 08:15:44

Feature VLAN:
--------------
VTP Operating Mode                : Client
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 10
Configuration Revision            : 29
MD5 digest                        : 0x29 0xF2 0x1F 0xA5 0x41 0x44 0x04 0xAC
                                    0x08 0x3B 0x9A 0x2C 0x73 0x8A 0xA2 0xBD
SW3# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et0/2, Et1/0, Et2/0
                                                Et2/1, Et2/2, Et2/3, Et3/0
                                                Et3/1, Et3/2, Et3/3, Et4/0
                                                Et4/1, Et4/2, Et4/3, Et5/0
                                                Et5/1, Et5/2, Et5/3
10   VLAN0010                         active    Et1/1
11   VLAN0011                         active
22   VLAN0022                         active
33   VLAN0033                         active
44   VLAN0044                         active
<... output omitted ...>

Also, when the new switch is added with a VTP client with a higher revision number, it can cause the same havoc as a switch with the VTP server, as discussed earlier. The VTP client, as a general rule, just listens to VTP advertisements from VTP servers, and it does not do its own advertisements. However, when the switch with the VTP client is added to a network, it will send a summary advertisement from its own stored database. If the VTP client gets an inferior advertisement from the VTP server, it will assume it has better, more current information. The VTP client will now send out advertisements with a higher revision number. The VTP server and all directly connected VTP clients will accept these as more current. This will not only delete the old VLANs but also can add new VLANs into the network and create network instability.

Remember the revision configuration and how to reset it each time a new switch is inserted so that it does not bring down the entire network. Following are some of the key points:

Best Practices for VTP Implementation

VTP is often used in a new network to facilitate the implementation of VLANs. However, as the network grows larger, this benefit can turn into a liability. If a VLAN is deleted by accident on one server, it is deleted throughout the network. If a switch that already has a VLAN database defined is inserted into the network, it can hijack the VLAN database by deleting added VLANs. Because of this, it is the recommended practice to configure all switches to transparent VTP mode and manually add VLANs as needed, especially in a larger campus network. VTP configuration is usually good for small environments.

Implementing EtherChannel in a Switched Network

In networks where resources may be located far from where users might need them, some links between switches or between switches and servers become heavily solicited. The speed of these links can be increased, but only to a certain point. EtherChannel is a technology that allows you to circumvent the bandwidth issue by creating logical links that are made up of several physical links.

This section examines the benefits of EtherChannel and the various technologies available to implement it and also the types of EtherChannel protocol. In addition, it explains how to configure Layer 2 EtherChannels and how to load balance traffic between physical links inside a given EtherChannel bundle. EtherChannels can also operate in a Layer 3 mode, but this is discussed later in Chapter 5. The following topics are discussed in detail in the following subsections:

The Need for EtherChannel

Any-to-any communications of intranet applications, such as video to the desktop, interactive messaging, Voice over IP (VoIP), and collaborative whiteboard use, are increasing the need for scalable bandwidth within the core and at the edge of campus networks. At the same time, mission-critical applications call for resilient network designs. With the wide deployment of faster switched Ethernet links in the campus, users need to either aggregate their existing resources or upgrade the speed in their uplinks and core to scale performance across the network backbone.

In Figure 3-23, traffic coming from several VLANs at 100 Mbps aggregate on the access switches at the bottom and need to be sent to distribution switches in the middle. Obviously, bandwidth larger than 100 Mbps must be available on the link between two switches to accommodate the traffic load coming from all the VLANs. A first solution is to use a faster port speed, such as 1 or 10 Gbps. As the speed increases on the VLANs links, this solution finds its limitation where the fastest possible port is no longer fast enough to aggregate the traffic coming from all VLANs. A second solution is to multiply the numbers of physical links between both switches to increase the overall speed of the switch-to-switch communication. A downside of this method is that there must be a strict consistency in each physical link configuration. A second issue is that spanning tree may block one of the links, as shown in Figure 3-23.

Figure 3-23 Network Without EtherChannel

EtherChannel is a technology that was originally developed by Cisco as a LAN switch-to-switch technique of grouping several Fast or Gigabit Ethernet ports into one logical channel. This technology has many benefits:

Keep in mind that the logic of EtherChannel is to increase the speed between switches, as illustrated in Figure 3-24. This concept was extended as the EtherChannel technology became more popular, and some hardware nonswitch devices support link aggregation into an EtherChannel link. In any case, EtherChannel creates a one-to-one relationship. You can create an EtherChannel link between two switches or between an EtherChannel-enabled server and a switch, but you cannot send traffic to two different switches through the same EtherChannel link. One EtherChannel link always connects the same two devices only. The individual EtherChannel group member port configuration must be consistent on both devices. EtherChannel technology only bundles ports of the same type. On a Layer 2 switch, EtherChannel is used to aggregate access ports or trunks. For example, if the physical ports of one side are configured as trunks, the physical ports of the other side must also be configured as trunks. Each EtherChannel has a logical port channel interface. A configuration that is applied to the port channel interface affects all physical interfaces that are assigned to that interface. (Such commands can be STP commands or commands to configure a Layer 2 EtherChannel as a trunk or an access port.)

Figure 3-24 Network with EtherChannel

NOTE

Using new technologies like VSS (Virtual Switching System) and vPC (Virtual Port Channel), a port channel can be created across two aggregation switches from the same access layer to provide better redundancy.

Keep in mind that EtherChannel creates an aggregation that is seen as one logical link. When several EtherChannel bundles exist between two switches, spanning tree may block one of the bundles to prevent redundant links. When spanning tree blocks one of the redundant links, it blocks one EtherChannel, thus blocking all the ports belonging to this EtherChannel link. Where there is only one EtherChannel link, all physical links in the EtherChannel are active because spanning tree sees only one (logical) link. If one link in EtherChannel goes down, the bandwidth of the EtherChannel will be automatically updated, and thus the STP cost will change as well.

NOTE

On Layer 3 switches, you can convert switched ports to routed ports. You can also create EtherChannel links on Layer 3 links. Layer 3 port channels are discussed in more detail in Chapter 5.

NOTE

Also, with technologies like VSS and VPC (which are discussed in more detail in Chapter 9, “High Availability,” you can create the EtherChannel between the access layer and two different aggregation switches.

EtherChannel Mode Interactions

EtherChannel can be established using one of the following three mechanisms, as shown in Figure 3-25:

LACP

Link Aggregation Control Protocol (LACP) is part of an IEEE specification (802.3ad) that allows several physical ports to be bundled together to form a single logical channel. LACP allows a switch to negotiate an automatic bundle by sending LACP packets to the peer. Because LACP is an IEEE standard, you can use it to facilitate EtherChannels in mixed-switch environments. LACP checks for configuration consistency and manages link additions and failures between two switches. It ensures that when EtherChannel is created, all ports have the same type of configuration speed, duplex setting, and VLAN information. Any port modification after the creation of the channel will also change all the other channel ports.

LACP packets are exchanged between switches over EtherChannel-capable ports. Port capabilities are learned and compared with local switch capabilities. LACP assigns roles to EtherChannel’s ports. The switch with the lowest system priority is allowed to make decisions about what ports actively participate in EtherChannel. Ports become active according to their port priority. A lower number means higher priority. Commonly up to 16 links can be assigned to an EtherChannel, but only 8 can be active at a time. Nonactive links are placed into a standby state and are enabled if one of the active links goes down.

The maximum number of active links in an EtherChannel varies between switches.

These are the LACP modes of operation:

The following are some additional parameters that you can use when configuring LACP:

All the preceding options of LACP are optional to configure. Usually, defaults are the best to use. To configure any of these options, refer to your configuration guide.

PAgP

Port Aggregation Protocol (PAgP) provides the same negotiation benefits as LACP. PAgP is a Cisco proprietary protocol, and it will work only on Cisco devices. PAgP packets are exchanged between switches over EtherChannel-capable ports. Neighbors are identified and capabilities are learned and compared with local switch capabilities. Ports that have the same capabilities are bundled together into an EtherChannel. PAgP forms an EtherChannel only on ports that are configured for identical VLANs or trunking. PAgP will automatically modify parameters of the EtherChannel if one of the ports in the bundle is modified. For example, if configured speed, duplex, or VLAN of a port in a bundle is changed, PAgP reconfigures that parameter for all ports in the bundle. PAgP and LACP are not compatible.

These are the following two PAgP modes of operation:

NOTE

Negotiation with either LACP or PAgP introduces overhead and delay in initialization. As an alternative, you can statically bundle links into an EtherChannel. This method introduces no delays but can cause problems if not properly configured on both ends.

Layer 2 EtherChannel Configuration Guidelines

Before implementing EtherChannel in a network, plan the following steps necessary to make it successful:

Follow these guidelines and restrictions when configuring EtherChannel interfaces:

If the allowed range of VLANs is not the same, the interfaces do not form an EtherChannel, even when set to auto or desirable mode. For Layer 2 EtherChannels, either assign all interfaces in the EtherChannel to the same VLAN or configure them as trunks.

NOTE

If you do not specify any protocol, it will be static binding. That topic is not within the scope of this book.

EtherChannel Load-Balancing Options

EtherChannel load balances traffic across links in the bundle. However, traffic is not necessarily distributed equally among all the links.

Frames are forwarded over an EtherChannel link that is based on results of a hashing algorithm. Options that switch can use to calculate this hash depends on the platform.

Table 3-6 shows the comment set of options for EtherChannel load balancing.

Table 3-6 EtherChannel Load-Balancing Options

Hash Input Code

Hash Input Decision

Switch Model

dst-ip

Destination IP address

All models

dst-mac

Destination MAC address

All models

src-dst-ip

Source and destination IP address

All models

src-dst-mac

Source and destination MAC address

All models

src-ip

Source IP address

All models

src-mac

Source MAC address

All models

src-port

Source port number

4500, 6500

dst-port

Destination port number

4500, 6500

src-dst-port

Source and destination port number

4500, 6500

To verify load-balancing options available on the device, use the port-channel load-balance ? global configuration command.

The hash algorithm calculates a binary pattern that selects a link within the EtherChannel bundle to forward the frame.

NOTE

Default configuration can differ from switch to switch, but commonly the default option is src-dst-ip. It is not possible to have different load-balancing methods for different EtherChannels on one switch. If the load-balancing method is changed, it is applicable for all EtherChannels.

If only one address or port number is hashed, a switch looks at one or more low-order bits of the hash value. The switch then uses those bits as index values to decide over which links in the bundle to send the frames.

If two or more addresses or port numbers are hashed, a switch performs an XOR operation.

A four-link bundle uses a hash of the last 2 bits. A bundle of eight links uses a hash of the last 3 bits.

Table 3-7 shows results of an XOR on a two-link bundle, using the source and destination addresses.

Table 3-7 XOR for Two-Link EtherChannels

Example IP Addresses

IPs in Binary

XOR Result

Forward Frame over Link with Index

Source: 192.168.1.2

Source: ...xxxxx0

...xxxxx0

0

Destination: 192.168.1.4

Destination: ...xxxxx0

Source: 172.16.1.20

Source: ...xxxxx0

...xxxxx1

1

Destination: 172.16.1.21

Destination: ...xxxxx1

Source: 192.168.1.1

Source: ...xxxxx1

...xxxxx1

1

Destination: 192.168.1.2

Destination: ...xxxxx0

Source: 10.1.1.101

Source: ...xxxxx1

...xxxxx0

0

Destination: 10.1.1.103

Destination: ...xxxxx1

A conversation between two devices is sent through the same EtherChannel link because the two endpoint addresses stay the same. Only when a device talks to several other devices does traffic get distributed evenly over the links in the bundle.

When one pair of hosts has a much greater volume of traffic than the other pair, one link will be much more utilized than others. To fix the imbalance, consider using some other load-balancing mechanisms, such as source and destination port number, that will redistribute traffic much differently.

If most of the traffic is IP, it makes sense to load balance according to IP addresses or port numbers. For non-IP traffic, the hash uses MAC addresses to calculate the path.

To achieve the optimal traffic distribution, always bundle an even number of links. For example, if you use four links, the algorithm will take the last 2 bits. These 2 bits mean four indexes: 00, 01, 10, and 11. Each link in the bundle will get assigned one of these indexes. If you bundle only three links, the algorithm still needs to use 2 bits to make decisions. One of the three links in the bundle will be used more than the other two. With four links, the algorithm strives to load balance traffic in a 1:1:1:1 ratio. A three-link algorithm strives to load balance traffic in a 2:1:1 ratio.

NOTE

You cannot control the port that a particular flow uses. You can only influence the load balance with a frame distribution method that results in the greatest variety.

Configuring EtherChannel in a Switched Network

This section shows you how to configure the Layer 2 EtherChannel and explains its load-balancing behavior. Configure a port channel between SW1 and SW2 shown in Figure 3-26.

Figure 3-26 EtherChannel Configuration Topology

Table 3-8 shows device information.

Table 3-8 Device Information

Device

IP Address

Interface

Neighbor

Interface on the Neighbor

PC 1

172.16.1.101/24

Ethernet 0/0

Switch 1

Ethernet 0/1

PC 2

172.16.1.102/24

Ethernet 0/0

Switch 1

Ethernet 0/2

PC 3

172.16.1.203/24

Ethernet 0/0

Switch 2

Ethernet 0/1

Switch 1

No IP address

Ethernet 1/1

Switch 2

Ethernet 0/2

Switch 1

No IP address

Ethernet 1/2

Switch 2

Ethernet 0/3

EtherChannel Configuration and Load Balancing

Complete the following steps to configure EtherChannel on Switch 1. Switch 2 has EtherChannel preconfigured.

Now that the load balancing is based on destination IP, the behavior has changed. Because the only input information for calculation of the hash is destination IP address, it does not matter whether you ping PC 3 from PC 1 or PC 2. In both cases, the hash function will be the same, and traffic will go over the same link (in this example, Ethernet ½).

NOTE

The default method of load balancing usually works for most scenarios, but you can change it based on the traffic needs in the network.

EtherChannel Guard

The EtherChannel Guard feature is used to detect EtherChannel misconfigurations between the switch and a connected device.

EtherChannel misconfiguration occurs when the channel parameters do not match on both sides of the EtherChannel, resulting in the following message:

%PM-SP-4-ERR_DISABLE: channel-misconfig error detected on Po3, putting E1/3 in
err-disable state

The EtherChannel Guard feature can be enabled by using the spanning-tree etherchannel guard misconfig global configuration command.

However, EtherChannel Guard is enabled by default. To verify whether it is configured, use the show spanning-tree summary command, as demonstrated in Example 3-13.

Example 3-13 Show VTP Status and Show VLAN outputs from SW1 and SW3

Switch1# show spanning-tree summary
Switch is in pvst mode
Root bridge for: VLAN0001
Extended system ID             is enabled
Portfast Default               is disabled
PortFast BPDU Guard Default    is disabled
Portfast BPDU Filter Default   is disabled
Loopguard Default              is disabled
EtherChannel misconfig guard   is enabled
<...output omitted...>

Study Tips

Summary

In review, a VLAN is a logical grouping of switch ports that connects nodes of nearly any type, regardless of physical location. VLAN segmentation is based on traffic flow patterns. A VLAN is usually defined as an end-to-end VLAN or a local VLAN. An end-to-end VLAN spans the entire switched network, whereas a local VLAN is limited to the switches in the building access and building distribution submodules. The creation of a VLAN implementation plan depends on the business and technical requirements.

Furthermore, a trunk is a Layer 2 point-to-point link between networking devices that can carry the traffic of multiple VLANs. ISL and 802.1Q are the two trunking protocols that connect two switches. The 802.1Q protocol is an open standard protocol also used for VLAN trunking.

VTP is used to distribute and synchronize information about VLANs configured throughout a switched network. VTP pruning helps to stop flooding of unnecessary traffic on trunk links. VTP configuration sometimes needs to be added to small network deployments, whereas VTP transparent mode is usually privileged for larger networks. When configuring VLANs over several switches, ensure that the configuration is compatible throughout switches in the same domain.

To increase bandwidth and provide redundancy, use EtherChannel by aggregating individual, similar links between switches. EtherChannel can be dynamically configured between switches using either the Cisco proprietary PAgP or the IEEE 802.3ad LACP. EtherChannel is configured by assigning interfaces to the EtherChannel bundle and configuring the resulting port channel interface. EtherChannel load balances traffic over all the links in the bundle. The method that is chosen directly impacts the efficiency of this load-balancing mechanism.

Review Questions

Use the questions here to review what you learned in this chapter. The correct answers are found in Appendix A, “Answers to Chapter Review Questions.”

  1. True or False: It is important to have the same native VLAN on both switch link partners for ISL trunking.
  2. True or False: The Cisco Catalyst 6500 supports up to 1024 VLANs in the most recent software releases.
  3. True or False: When removing the native VLAN from a trunk port, CDP, PAgP, and DTP, use the lowest-numbered VLAN to send traffic.
  4. True or False: In VTP client mode, switches can add and delete VLANs.
  5. True or False: Token Ring support is available in VTP Version 1.

Questions 6 through 8 are based on the configuration in Example 3-14.

Example 3-14 Configuration Example for Questions 6 Through 8

Catalyst6500-IOS# show run interface gigabitEthernet 3/9
Building configuration...
Current configuration : 137 bytes !
interface GigabitEthernet3/9
mtu 9216
no ip address
switchport
switchport access vlan 5
switchport trunk encapsulation dot1q
end

  1. If the interface in Example 3-14 negotiates trunking, what would be the native VLAN?

    1. VLAN 1
    2. VLAN 5
    3. VLAN 9216
    4. No native VLAN if the port negotiated trunking

  2. Under what condition can the interface in Example 3-14 negotiate ISL trunking?

    1. If the port is a member of an EtherChannel.
    2. If the link partner defaults to ISL trunking for negotiated ports.
    3. If the link partner is configured for trunking in the on mode.
    4. The interface cannot negotiate trunking because it is configured statically for 802.1Q trunking.

  3. Which statement is true for the configuration of the interface in Example 3-14?

    1. The interface is a member of VLAN 5 and may negotiate to a trunk port.
    2. The interface may negotiate to an ISL trunk with a native VLAN of 5.
    3. The interface may negotiate to an 802.1Q trunk and operate with a native VLAN of 1.
    4. The interface will not negotiate to a trunk port because it is configured in access VLAN 5.
    5. If a host workstation is connected to the interface, it must be configured for trunking.

Questions 9 through 11 are based on the configuration in Example 3-15.

Example 3-15 Configuration Example for Questions 9 Through 11

svs-san-6509-2# show interfaces gigabitEthernet 3/9 switchport
Name: Gi3/9
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 2 (VLAN0002)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

  1. What is the trunk native VLAN based on in Example 3-15?

    1. VLAN 1
    2. VLAN 2
    3. VLAN 5
    4. No Native VLAN if the port negotiated trunking

  2. Based on Example 3-15, what statement is true if the link partner (peer switch) is configured for the dynamic trunking mode?

    1. The interface cannot negotiate to a trunk port because it is configured for dot1Q encapsulation.
    2. The interface cannot negotiate to a trunk port because the native VLAN and access VLANs are mismatched.
    3. The interface can negotiate to a trunk port if the peer is configured for the dynamic desirable trunking mode.
    4. The interface can negotiate to a trunk port if access VLAN is the same on both sides.

  3. What is the interface’s access mode VLAN in Example 3-15?

    1. VLAN 1
    2. VLAN 2
    3. VLAN 5
    4. VLAN 1001

  4. How does implementing VLANs help improve the overall performance of the network?

    1. By isolating problem employees
    2. By constraining broadcast traffic
    3. By grouping switch ports into logical communities
    4. By forcing the Layer 3 routing process to occur between VLANs

  5. What are the advantages of using local VLANs over end-to-end VLANs? (Choose two.)

    1. Eases management
    2. Eliminates the need for Layer 3 devices
    3. Allows for a more deterministic network
    4. Groups users by logical commonality
    5. Keeps users and resources on the same VLAN

  6. Which prompt indicates that you are in VLAN configuration mode of Cisco IOS?

    1. Switch#
    2. Switch(vlan)#
    3. Switch(config)#
    4. Switch(config-vlan)#

  7. Which switch port mode unconditionally sets the switch port to access mode regardless of any other DTP configurations?

    1. Access
    2. Nonegotiate
    3. Dynamic auto
    4. Dynamic desirable

  8. What information is contained in the FCS of an ISL-encapsulated frame?

    1. CRC calculation
    2. Header encapsulation
    3. ASIC implementation
    4. Protocol independence

  9. 802.1Q uses an internal tagging mechanism, where a tag is inserted after the _____ field.

    1. Type
    2. SA
    3. Data
    4. CRC

  10. Which command correctly configures a port with ISL encapsulation in Cisco IOS?

    1. Switch(config-if)# switchport mode trunk isl
    2. Switch(config-if)# switchport mode encapsulation isl
    3. Switch(config-if)# switchport trunk encapsulation isl
    4. Switch(config-if)# switchport mode trunk encapsulation isl

  11. Which command correctly sets the native VLAN to VLAN 5?

    1. switchport native vlan 5
    2. switchport trunk native 5
    3. switchport native trunk vlan 5
    4. switchport trunk native vlan 5

  12. If the Layer 2 interface mode on one link partner is set to dynamic auto, a trunk will be established if the link partner is configured for which types of interface modes in Cisco IOS? (Choose two.)

    1. Trunk
    2. Access
    3. Nonegotiate
    4. Dynamic auto
    5. Dynamic desirable

  13. What is the default VTP mode for a Catalyst switch?

    1. Client
    2. Access
    3. Server
    4. Transparent

  14. When is a consistency check performed with VTP Version 2?

    1. When information is read from NVRAM
    2. When the digest on a received VTP message is correct
    3. When new information is obtained from a VTP message
    4. When you enter new information through the CLI or SNMP

  15. Which command correctly sets the VTP version to version 1 in Cisco IOS global configuration mode?

    1. vtp v1-mode
    2. vtp v2-mode
    3. no vtp version
    4. no vtp version 2

  16. Which of the following are valid VTP Version 1 and 2 modes? (Choose all that apply.)

    1. Primary server mode
    2. Server mode
    3. Client mode
    4. Transparent mode

  17. After you complete the VTP configuration, which command should you use to verify your configuration?

    1. show vtp status
    2. show vtp counters
    3. show vtp statistics
    4. show vtp status counters

  18. What command might correct a problem with incorrect VTP passwords?

    1. password vtp 0
    2. clear vtp password
    3. clear password vtp
    4. vtp password password_string
  19. True or False: The EtherChannel would come up if one side of the EtherChannel mode is set to auto and the other to on.

  20. Which of the following solutions are provided by EtherChannel? (Choose two.)

    1. Provide redundancy
    2. Help to overcome bandwidth limitation
    3. Because of EtherChannel, can transmit more than one VLAN over the links between switches
    4. Can limit the broadcast to the local switches

  21. Which statement identifies network benefits provided by VLANs?

    1. VLANs allow you to group stations without regard to the physical location of the users.
    2. VLANs help to isolate problem employees.
    3. VLANs reduce the impact of network problems.
    4. VLANs can transmit frames to all ports in all VLANs.

  22. Match each command to its explanation.

    1. Switch(config-if)# switchport voice vlan vlan-id
    2. Switch(config-if)# switchport mode access
    3. Switch(config-if)# switchport access vlan vlan-id
    4. Switch(config-if)# switchport trunk native vlan vlan-id
    5. Switch(config-if)# switchport trunk allowed vlan add vlan-id

    6. Switch(config-if)# switchport mode trunk

      1. Configures the port to be assigned only to a single VLAN
      2. Configures the port to be assigned to multiple VLANs
      3. Configures a VLAN to be added to trunk port
      4. Configures a native VLAN for the trunk
      5. Configures a port to be a part of voice VLAN
      6. Configures a port to be a part of data VLAN

  23. How can you reset VTP revision number on a switch? (Choose two.)

    1. Set the switch to transparent mode and then to server mode.
    2. Set the switch to client mode and then to server mode.
    3. Change the VTP domain name to a nonexistent VTP domain and then back to the original name.
    4. Reload the switch.

  24. Which statement about transparent VTP mode is true?

    1. Creates, modifies, and deletes VLANs on all switches in VTP domain
    2. Creates, modifies, and deletes local VLANs only
    3. Does not forward advertisements to other switches in VTP domain
    4. Synchronizes VLAN configurations from other switches in VTP domain

  25. What is the correct command for configuring load balancing on an EtherChannel link?

    1. Switch(config)# channel-group number load-balance method
    2. Switch(config-if)# channel-group number load-balance method
    3. Switch(config-if)# port-channel number load-balance method
    4. Switch(config)# port-channel load-balance method

  26. Which of the following EtherChannel modes does not send or receive any negotiation frames?

    1. Passive
    2. Active
    3. On
    4. Desirable auto

© 2024 Pearson Education, Pearson IT Certification. All rights reserved.

800 East 96th Street, Indianapolis, Indiana 46240

sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |