This cisco propietart protocol for differenting vlans that are traversing switch trunk links. It encaspulates the layer 2 frame rather than tagging. It adds a new 26byte header and 4 byte FCS
It does not use the concept of native vlan it encapusaltes all it frames including management traffic.
The ISL header structure:
| 40 | 4 | 4 | 48 | 16 | 8 | 24 | 15 | 1 | 16 | 16bit |
DA
|
Type
|
User
|
SA
| Len |
AAA03
|
HSA
|
VLAN
|
BP DU
|
Index
|
Resv
|
- DA - 40-bit multicast destination address.
- Type - 4-bit descriptor of the encapsulated frame types - Ethernet (0000), Token Ring (0001), FDDI (0010), and ATM (0011).
- User - 4-bit descriptor used as the type field extension or to define Ethernet priorities. This is a binary value from 0, the lowest priority, to 3, the highest priority.
- SA - 48-bit source MAC address of the transmitting Catalyst switch.
- LEN - 16-bit frame-length descriptor minus DA type, user, SA, LEN, and CRC.
- AAAA03 - Standard SNAP 802.2 LLC header.
- HSA - First 3 bytes of SA (manufacturer's ID or organizational unique ID).
- VLAN - 15-bit VLAN ID. Only the lower 10 bits are used for 1024 VLANs.
- BPDU - 1-bit descriptor identifying whether the frame is a Spanning Tree bridge protocol data unit (BPDU). Also set if the encapsulated frame is a Cisco Discovery Protocol (CDP) frame.
- INDEX - 16-bit descriptor that identifies the transmitting port ID. Used for diagnostics.
- RES - 16-bit reserved field used for additional information, such as Token Ring and Fiber Distributed Data Interface (FDDI) frame Frame Check (FC) field.
DOT1Q
Open standard for differentiating traffic as traverse trunk. It uses a concept of tagging rather than encaspsulation of the frame. It inserts a 4 byte 'vlan tag' this is put in between the src mac and the ethertype
It uses the concept of native vlan. Where native vlans should match both sides and are used for management. Native vlan is traffic that is sent untagged across a trunk any traffic sent untagged across a trunk is put into the native vlan. Supports 4094 vlans
DTP
Dynamic Trunking Protocol is a cisco properitary protocol for dynmaically configuring trunk links. It is dynamic desirable by default . You can specify ISL or dot1q in the config.
| Modes | |
| on | Forces the link into permanent trunking, even if the neighbor doesn't agree |
| off | Forces the link to permanently not trunk, even if the neighbor doesn't agree |
| desirable | Causes the port to actively attempt to become a trunk, subject to neighbor agreement (neighbor set to on, desirable, or auto ) |
| auto | Causes the port to passively be willing to convert to trunking. The port will not trunk unless the neighbor is set to on or desirable . This is the default mode. Note that auto-auto (both ends default) links will not become trunks. |
| nonegotiate | Forces the port to permanently trunk but not send DTP frames. For use when
the DTP frames confuse the neighboring (non-Cisco) 802.1q switch. You must
manually set the neighboring switch to trunking. |
DTP frames are sent to multicast address neighboring switches listen on multicast address for the DTP. It uses the same multicast address as VTP and is differentiated by it ethertype.
DTP has a field for vtp this implies that vtp domain must match in order for DTP to work.
The multicasts are sent to the same multicast address as VTP 01-00-0C-CC-CC-CC
VTP
VTP is vlan trunk protocol is cisco propetiary. It deals with the creation,deletion and renaming of vlans on layer 2 switches in the same 'vtp domain'. It allows for automatic creation\deleteion\renaming of vlans on servers in the vtp domain. It provides a consistenet vlan view between server and clients.
The vtp frame consists of a vtp header and vtp message field. It is put in the data field of either an 802.1q or ISL packet.
This frame will have a destination mac of 01-00-0C-CC-CC-CC, which is the reserved multicast address of vtp.
There are 3 different message types common to all vtp version
summary advertisments which inform of vtp domain name+ revision + md5 password
Subset Advertisements- follow a summary advertisment contains vlan information +sequence numbers
Advertisement Request- Are used to request when change occur i.e switch reloaded recieved a summary advertisment with higher revision number
Server Mode- Meaning you can update delete rename vlans and these will propgated to other switches
You update other switches vlan databases. These is based on configuration revision number
Higher configuration revisions numbers will be taken as newer vlan config and be propgated to other switches in the domain. VTP server is the default mode for VTP so cares needs to be taken if putting a new switch online with higher vtp revision numbers. We can reset the vtp revision number by setting the switch to transparent then back to server. The server will keep track of each others configuration number via VTP updates sent every 5 minutes and update when they recieve. Also when vlan is edited or added or deleted the server vlan will generate a summary update to other switches in the vtp domain.
Client Mode- Can not update delete rename vlans. You will forward updates to all other switches though recieved . Vlan information is saved in a vlan database not in nvram so when a client reboots it will request information from a server when it boots up.
Transparent Mode- Can create + delete + rename vlans locally on the transparent mode switch but will not propgate these to other switches. It will forward on updates it recieves out all trunk links from other switches. It will not modify the vlan database of any other switch. The vlans in transparent mode will be saved in nvrm meaning they will be there after reload.
VTP 1 + 2 do not differ that much mainly VTP 2 added support for token ring
VTPV3 was a major overhaul it added support for 4095 vlans,pvlans,MST config, A better client server model to deal with mistaken overwrites,clear text and hidden password
IN vtpv3 there is one primary server per vtp domain responsible for updating all devices.
the server is specfied with specified with vtp primary vlan
VTPv3 is backward compatiable with vtpv2 but not with v1
VTPv2 and VTPv1 are not compatiable.
VTPv3 added a new role of off which will not process or forward vtp messages
VTP PRUNING
Cisco Propetiary
Only availible for first 1k vlans
Vlan 1 + 1002-1005 are prune inelgible
Switches use vtp prune (vtp join messages) to inform what vlans have active ports on them
for vlans that are not active the flood traffic is pruned
Switches will not have vlans pruned if they are in the transit path of another switch with active ports in particular vlan
Nice Command for viewing status
Sh interface Pruning - shows what vlans are pruned on trunk and what vlan are requested on trunk
As regards VTP pruning problems it is cisco properitary so if you are in mixed enviorment you can have problems using it as the non cisco equitment will not respond to vtp requests sent by cisco switches
What happens then is that cisco switches asssume that all vlans are required for that trunk when it does not recieve a respones and in turn starts requesting of other swithces all vlans as it thinks it is in the transit path to all vlans this then goes through the L2 enviorment it does not cause major issue but negates sort of using vtp pruning in the first place
You can manually restrict to the trunks using the allowed list on the trunk to the non cisco device or non cisco layer 2 device
switchport trunk allowed vlan 10,20
VTP Pruning can also have problems when switches are in transparent mode as they do not send out vtp requests for there own vlans but they do forward request from other switches connected to them in the vtp domain (typicall vtp transparent mode behaviiour forward vtp related traffic for vtp domain you are in but do process for your own database)
so this can cause issues in the flow path of the traffic to vlan that are created on transparent switches. As other switches do not recieve the request for the transparent mode vlans it in turn prunes it on its trunk link.
No comments:
Post a Comment