|
|
This chapter describes how to configure VLANs on the Catalyst 6000 family switches.
This chapter consists of these sections:
A VLAN is a group of end stations with a common set of requirements, independent of physical location. VLANs have the same attributes as a physical LAN but allow you to group end stations even if they are not located physically on the same LAN segment.
The following sections describe how VLANs work:
VLANs allow you to group interfaces on a switch to limit unicast, multicast, and broadcast traffic flooding. Flooded traffic originating from a particular VLAN is only flooded out other interfaces belonging to that VLAN.
Figure 6-1 shows an example of VLANs segmented into logically defined networks.
VLANs are often associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. Traffic between VLANs must be routed. Interface VLAN membership on the switch is assigned manually on an interface-by-interface basis. When you assign switch interfaces to VLANs using this method, it is known as interface-based, or static, VLAN membership.
You can set these parameters when you create a VLAN in the management domain:
The following section describes the two Token Ring VLAN types supported on switches running VTP version 2:
Token Ring Bridge Relay Function (TrBRF) VLANs interconnect multiple Token Ring Concentrator Relay Function (TrCRF) VLANs in a switched Token Ring network (see Figure 6-2). The TrBRF can be extended across a network of switches interconnected via trunk links. The connection between the TrCRF and the TrBRF is referred to as a logical port.
For source routing, the switch appears as a single bridge between the logical rings. The TrBRF can function as a source-route bridge (SRB) or a source-route transparent (SRT) bridge running either the IBM or IEEE STP. If SRB is used, you can define duplicate MAC addresses on different logical rings.
The Token Ring software runs an instance of STP for each TrBRF VLAN and each TrCRF VLAN. For TrCRF VLANs, STP removes loops in the logical ring. For TrBRF VLANs, STP interacts with external bridges to remove loops from the bridge topology, similar to STP operation on Ethernet VLANs.
| Caution Certain parent TrBRF STP and TrCRF bridge mode configurations can place the logical ports (the connection between the TrBRF and the TrCRF) of the TrBRF in a blocked state. For more information, see the "VLAN Configuration Guidelines" section. |
For source routing, the switch appears as a single bridge between the logical rings. The TrBRF can function as an SRB or SRT bridge running either the IBM or IEEE STP. If SRB is used, duplicate MAC addresses can be defined on different logical rings.
To accommodate IBM System Network Architecture (SNA) traffic, you can use a combination of SRT and SRB modes. In a mixed mode, the TrBRF considers some ports (logical ports connected to TrCRFs) to operate in SRB mode while others operate in SRT mode.
Token Ring Concentrator Relay Function (TrCRF) VLANs define port groups with the same logical ring number. You can configure two types of TrCRFs in your network: undistributed and backup.
Typically, TrCRFs are undistributed, which means each TrCRF is limited to the ports on a single switch. Multiple undistributed TrCRFs on the same or separate switches can be associated with a single parent TrBRF (see Figure 6-3). The parent TrBRF acts as a multiport bridge, forwarding traffic between the undistributed TrCRFs.
Within a TrCRF, source-route switching forwards frames based on either MAC addresses or route descriptors. The entire VLAN can operate as a single ring, with frames switched between ports within a single TrCRF.
You can specify the maximum hop count for All-Routes and Spanning Tree Explorer frames for each TrCRF. This limits the maximum number of hops an explorer is allowed to traverse. If a port determines that the explorer frame it is receiving has traversed more than the number of hops specified, it does not forward the frame. The TrCRF determines the number of hops an explorer has traversed by the number of bridge hops in the route information field.
A backup TrCRF enables you to configure an alternate route for traffic between undistributed TrCRFs located on separate switches that are connected by a TrBRF, in the event that the ISL connection between the switches fails. Only one backup TrCRF for a TrBRF is allowed, and only one port per switch can belong to a backup TrCRF.
If the ISL connection between the switches fails, the port in the backup TrCRF on each affected switch automatically becomes active, rerouting traffic between the undistributed TrCRFs through the backup TrCRF. When the ISL connection is reestablished, all but one port in the backup TrCRF is disabled. Figure 6-5 illustrates the backup TrCRF.
Table 6-1 through Table 6-5 shows the default configurations for the different VLAN media types.
| Parameter | Default | Range |
|---|---|---|
1 | 1-1005 | |
"default" | No range | |
100001 | 1-4294967294 | |
1500 | 1500-18190 | |
1002 | 0-1005 | |
Translational bridge 2 | 1003 | 0-1005 |
VLAN state | active | active, suspend |
| Parameter | Default | Range |
|---|---|---|
VLAN ID | 1002 | 1-1005 |
VLAN name | "fddi-default" | No range |
802.10 SAID | 101002 | 1-4294967294 |
MTU size | 1500 | 1500-18190 |
Ring number | 0 | 1-4095 |
Parent VLAN | 0 | 0-1005 |
Translational bridge 1 | 1 | 0-1005 |
Translational bridge 2 | 1003 | 0-1005 |
VLAN state | active | active, suspend |
| Parameter | Default | Range |
VLAN ID | 1003 | 1-1005 |
VLAN name | "token-ring-default" | No range |
802.10 SAID | 101003 | 1-4294967294 |
Ring Number | 0 | 1-4095 |
MTU size | VTPv1 default 1500; VTPv2 default 4472 | 1500-18190 |
Translational bridge 1 | 0 | 0-1005 |
Translational bridge 2 | 0 | 0-1005 |
VLAN state | active | active, suspend |
Bridge mode | srb | srb, srt |
ARE max hops | 7 | 0-13 |
STE max hops | 7 | 0-13 |
Backup CRF | disabled | disable; enable |
| Parameter | Default | Range |
|---|---|---|
VLAN ID | 1004 | 1-1005 |
VLAN name | "fddinet-default" | No range |
802.10 SAID | 101004 | 1-4294967294 |
MTU size | 1500 | 1500-18190 |
Bridge number | 1 | 0-15 |
STP type | ieee | auto, ibm, ieee |
VLAN state | active | active, suspend |
| Parameter | Default | Range |
|---|---|---|
VLAN ID | 1005 | 1-1005 |
VLAN name | "trnet-default" | No range |
802.10 SAID | 101005 | 1-4294967294 |
MTU size | VTPv1 1500; VTPv2 4472 | 1500-18190 |
Bridge number | 1 | 0-15 |
STP type | ibm | auto, ibm, ieee |
VLAN state | active | active, suspend |
Follow these guidelines when creating and modifying VLANs in your network:
You use the VLAN database command mode to add, change, and delete VLANs. In VTP server or transparent mode, commands to add, change, and delete VLANs are written to the file vlan.dat, and you can display them by entering the mode show vlan privileged EXEC command. The vlan.dat file is stored in nonvolatile memory.
You use the interface configuration command mode to define the port membership mode and add and remove ports from a VLAN. The results of these commands are written to the running-configuration file, and you can display the file by entering the show running-config privileged EXEC command.
These sections describe how to configure VLANs:
User-configured VLANs have unique IDs from 1 to 1001. Enter a vlan command with an unused ID to create a VLAN. Enter a vlan command for an existing VLAN to modify the VLAN.
See the "VLAN Default Configuration" section for the list of default parameters that are assigned when you create a VLAN. If you do not specify the VLAN type with the media keyword, the VLAN is an Ethernet VLAN.
To create a VLAN, perform this task:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router# vlan database | Enter VLAN configuration mode. | ||
| Router(vlan)# vlan vlan_id | Add an Ethernet VLAN. | ||
| Router(vlan)# exit | Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode. | ||
| Router# show vlan name vlan_name | Verify the VLAN configuration. |
This example shows how to create an Ethernet VLAN and verify the configuration:
Router# vlan database
Router(vlan)# vlan 3
VLAN 3 added:
Name: VLAN0003
Router(vlan)# exit
APPLY completed.
Exiting....
Router# show vlan name VLAN0003
VLAN Name Status Ports
---- -------------------------------- --------- ---------------------
3 VLAN0003 active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- ------ ------
3 enet 100003 1500 - - - - 0 0
Router#
When you delete a VLAN from a switch that is in VTP server mode, the VLAN is removed from all switches in the VTP domain. When you delete a VLAN from a switch that is in VTP transparent mode, the VLAN is deleted only on that specific switch.
You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005.
To delete a VLAN, perform this task:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router# vlan database | Enter VLAN configuration mode. | ||
| Router(vlan)# no vlan vlan_id | Delete the VLAN. | ||
| Router(vlan)# exit | Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode. | ||
| Router# show vlan brief | Verify the VLAN configuration. |
This example shows how to delete a VLAN:
Router# vlan database Router(vlan)# no vlan 3 Deleting VLAN 3... Router(vlan)# exit APPLY completed. Exiting.... Router#
This example shows how to verify the configuration:
Router# show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- ---------------------
1 default active Fa5/2, Fa5/3, Fa5/4, Fa5/5,
Fa5/6, Fa5/7, Fa5/8, Fa5/9,
Fa5/10, Fa5/11, Fa5/12, Fa5/13,
Fa5/14, Fa5/15, Fa5/16
2 VLAN0002 active
4 VLAN0004 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Router#
A VLAN created in a management domain remains unused until you assign one or more switch interfaces to the VLAN.
To assign one or more switch interfaces to a VLAN, complete the procedures in the "Configuring Ethernet Interfaces for Layer 2 Switching" section.
The valid range of user-configurable ISL VLANs is 1-1001. The valid range of VLANs specified in the IEEE 802.1Q standard is 0-4095. In a network environment with non-Cisco devices connected to Cisco switches through 802.1Q trunks, you must map 802.1Q VLAN numbers greater than 1000 to ISL VLAN numbers.
802.1Q VLANs in the range 1-1000 are automatically mapped to the corresponding ISL VLAN. 802.1Q VLAN numbers greater than 1000 must be mapped to an ISL VLAN in order to be recognized and forwarded by Cisco switches.
These restrictions apply when mapping 802.1Q VLANs to ISL VLANs:
To map an 802.1Q VLAN to an ISL VLAN, perform this task:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# vlan mapping dot1q dot1q_vlan isl isl_vlan | Map an 802.1Q VLAN to an ISL Ethernet VLAN. The valid range for dot1q_vlan is 1001-4095. The valid range for isl_vlan is 1-1000. | ||
| Router(config)# exit | Exit the configuration mode. | ||
| Router# show vlan | Verify the VLAN mapping. |
This example shows how to map 802.1Q VLAN 2000 to ISL VLAN 200:
Router# configure terminal Router(config)# vlan mapping dot1q 2000 isl 200 Router(config)# exit Router#
This example shows how to verify the configuration:
Router# show vlan <...output truncated...> VLAN Mapping Table: ISL VLAN 802.1Q VLAN ---------------------------------- 200 2000
To clear an 802.1Q-to-ISL VLAN mapping, perform this task:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# no vlan mapping dot1q {dot1q_vlan | all}
| Clear the mapping between 802.1Q VLANs and ISL Ethernet VLANs. | ||
| Router(config)# exit | Exit the configuration mode. | ||
| Router# show vlan mapping | Verify the VLAN mapping. |
This example shows how to clear the VLAN mapping for 802.1Q VLAN 2000:
Router# configure terminal Router(config)# no vlan mapping dot1q 2000 Router(config)# exit Router#
This example shows how to clear all 802.1Q-to-ISL VLAN mappings:
Router# configure terminal Router(config)# no vlan mapping dot1q all Router(config)# exit Router#
Posted: Mon Jan 3 14:29:09 PST 2000
Copyright 1989-1999©Cisco Systems Inc.