Only normal-range VLANs (1-1005) can be configured and stored in a flash file called vlan.dat.
Switch#vlan database
Switch(vlan)#vlan 10 name ccie
Switch(vlan)#show current
! proposed or difference Switch(vlan)#show proposed
Switch(vlan)#apply
! reset or abort
Private VLANs
A private VLAN has a primary VLAN and one or more secondary VLANs.
The ports in the primary VLAN are promiscuous.
Secondary VLANs are community VLANs or isolated VLANs.
VLAN Trunking Protocol
VTP advertises the VLAN ID, VLAN name and VLAN media type (Ethernet, FDDI, Token Ring).
VTP Modes: Server (default mode), Client, Transparent and off (only in CatOS).
Originates VTP advertisements: server and client
Processes received advertisements to update its VLAN configuration: server and client
Forwards received VTP advertisements: server, client and transparent
Saves VLAN configuration in NVRAM or vlan.dat: server, client and transparent
Can create, modify or delete VLANs using configuration commands: server and transparent
VTP Process
VTP server needs a VTP domain name before to start sending VTP updates.
A VTP client without a VTP domain will assume the VTP domain in the first received VTP update.
VTP configuration is stored in vlan.dat (flash memory).
VTP updates are propagated throughout trunk ports.
If md5 is configured then the VTP advertisement carries the validation (hash) of the VTP update.
VTP Configuration
Server and client switches must match the same VTP version.
Transparent switches at version 2 forward version 1 (default version) or 2 VTP updates.
Pruning (disabled by default) prevents flooding on a per-VLAN basis. When pruning is enabled on a VTP server, pruning is enable for the entire VTP domain. VLANs 1, 1002-1005 and 1006-4094 (extended-range) are pruning-ineligible.
Normal-Range and extended-range VLANs
Normal-range VLANs (1-1005) can be configured in VLAN database mode with the details stored in vlan.dat (flash memory).
Extended-range VLANs (1006-4096) cannot be configured in VLAN database mode, nor stored in vlan.dat, nor advertised via VTP. In fact, to configure then, the switch must be in VTP transparent mode.
Storing VLAN configuration
Normal-range VLANs can be configured from VLAN database mode or configuration mode (server and transparent).
Extended-range VLANs can only be configured from configuration mode (transparent).
VTP and normal-range VLAN configuration are stored in vlan.dat (server and transparent) and NVRAM (transparent). If VTP mode or domain name in vlan.dat file and startup-config file differ, the switch uses only the vlan.dat file for VLAN configuration.
Extended-range VLAN configuration are only stored in NVRAM (transparent).
ISL and 802.1Q Concepts
Support normal and extended range (ISL, 802.1Q)
ISL is a protocol defined by Cisco. 802.1Q by IEEE.
ISL encapsulates the original frame. 802.1Q inserts a tag.
ISL does not support native VLAN but 802.1Q does.
ISL adds a new 26 byte header and a 4 byte trailer (new CRC).
This header uses the source address of the device doing the trunk and a multicast destination address (0100.0C00.0000 or 0300.0C00.0000).
802.1Q inserts a 4 byte tag (Etype and Tag), right after the source address, and a new calculated FCS.
With an 802.1Q tag, the first 2 bytes are a registered Ethernet type (0x8100) and the last 2 bytes contain the priority and VLAN-ID.
ISL and 802.1Q Configuration
Switches default to use the DTP desirable mode.
If both switches support both types of trunking, they negotiate to use ISL.
Allowed, Active and Pruned VLANs
Allowed VLANs are those allowed by using the
switchport trunk allowed
command.Allowed and active are those VLANs configured on the switch.
Active and pruned are those with any VTP-pruned VLANs removed.
Trunk Configuration Compatibility
trunk =
switchport mode trunk
trunk+DTP =
switchport mode trunk; switchport nonegotiate
desirable =
switchport mode dynamic desirable
auto =
switchport mode dynamic auto
access =
switchport mode access
access+DTP =
switchport mode access; switchport nonegotiate
trunk trunk+DTP desirable auto access access+DTP trunk trunk trunk fail fail fail fail trunk+DTP trunk trunk trunk trunk fail fail desirable fail trunk trunk trunk access access auto fail trunk trunk access access access access fail fail access access access access access+DTP fail fail access access access access
isl =
switchport trunk encapsulation isl
dot1q =
switchport trunk encapsulation dot1q
negotiate =
switchport trunk encapsulation negotiate
isl dot1q negotiate isl isl fail isl dot1q fail dot1q dot1q negotiate isl dot1q isl->dot1q
Configuring Trunking on Routers
Routers and hosts do not support DTP.
ISL configuration:
Router(config)#interface fa0/1.1
Router(config-if)#ip address 10.1.1.1 255.255.255.0
Router(config-if)#encapsulation isl 11
Router(config)#interface fa0/1.2
Router(config-if)#ip address 10.1.2.1 255.255.255.0
Router(config-if)#encapsulation isl 12
802.1Q configuration:
Router(config)#interface fa0/2
Router(config-if)#description native_vlan_1
Router(config-if)#ip address 10.2.0.1 255.255.255.0
Router(config)#interface fa0/2.1
Router(config-if)#ip address 10.2.1.1 255.255.255.0
Router(config-if)#encapsulation dot1q 21
! [native] Router(config)#interface fa0/2.2
Router(config-if)#ip address 10.2.2.1 255.255.255.0
Router(config-if)#encapsulation dot1q 22
802.1Q-in-Q Tunneling
SwitchSP1(config)#interface fa0/1
SwitchSP1(config-if)#description to_SwitchCustomer1
SwitchSP1(config-if)#switchport access vlan 10
SwitchSP1(config-if)#switchport mode dot1q-tunnel
SwitchSP1(config-if)#no l2protocol-tunnel cdp
! enables cdp, stp and vtp SwitchSP1(config)#interface fa0/2
SwitchSP1(config-if)#description to_SwitchCustomer2
SwitchSP1(config-if)#switchport access vlan 20
SwitchSP1(config-if)#switchport mode dot1q-tunnel
SwitchSP1(config-if)#no l2protocol-tunnel cdp
! enables cdp, stp and vtp SwitchSP1(config)#interface fa0/3
SwitchSP1(config-if)#description to_SwitchSP2
SwitchSP1(config-if)#switchport mode trunk
SwitchSP1(config-if)#switchport trunk encapsulation dot1q
SwitchSP2(config)#interface fa0/1
SwitchSP2(config-if)#description to_SwitchCustomer1
SwitchSP2(config-if)#switchport access vlan 10
SwitchSP2(config-if)#switchport mode dot1q-tunnel
SwitchSP2(config-if)#no l2protocol-tunnel cdp
! enables cdp, stp and vtp SwitchSP2(config)#interface fa0/2
SwitchSP2(config-if)#description to_SwitchCustomer2
SwitchSP2(config-if)#switchport access vlan 20
SwitchSP2(config-if)#switchport mode dot1q-tunnel
SwitchSP2(config-if)#no l2protocol-tunnel cdp
! enables cdp, stp and vtp SwitchSP2(config)#interface fa0/3
SwitchSP2(config-if)#description to_SwitchSP1
SwitchSP2(config-if)#switchport mode trunk
SwitchSP2(config-if)#switchport trunk encapsulation dot1q
Configuring PPPoE
ISP(config)#ip local pool MyPool 10.0.0.2 10.0.0.254
ISP(config)#bba-group pppoe MyGroup
ISP(config-bba-group)#virtual-template 1
ISP(config-bba-group)#sessions per-mac limit 2
ISP(config)#interface virtual-template 1
ISP(config-if)#ip address 10.0.0.1 255.255.255.0
ISP(config-if)#peer default ip address pool MyPool
ISP(config-if)#ppp authentication chap callin
ISP(config)#interface f0/0
ISP(config-if)#no ip address
ISP(config-if)#pppoe enable group MyGroup
ISP(config-if)#no shutdown
ISP(config)#username CPE password MyPassword
CPE(config)#interface dialer1
CPE(config-if)#dialer pool 1
CPE(config-if)#dialer-group 1
CPE(config-if)#encapsulation ppp
CPE(config-if)#ip address negotiated
CPE(config-if)#ppp chap password MyPassword
CPE(config-if)#mtu 1492
CPE(config)#interface f0/0
CPE(config-if)#no ip address
CPE(config-if)#pppoe enable
CPE(config-if)#pppoe-client dial-pool-number 1
CPE(config-if)#no shutdown
CPE(config)#dialer-list 1 protocol ip permit