VTP - VLAN Trunking Protocol (1.20)

Configuring VLANs on one or two switches is easy enough, but as the scope of the VLANs increases managing each switch's VLANs individually can become an administrative headache, and prone to mistakes and inconsistencies. Therefore a VLAN management protocol can make this much, much easier.

VTP is one of a couple of VLAN management protocols, the others being GARP VLAN Registration Protocol (GVRP) these are defined in 802.1D (GARP) and 802.1Q (clause 11) for GVRP. These others are not currently supported by Cisco and are therefore not part of the Switch exam, or the CCIE exam.

VTP manages the addition, deletion and renaming of VLANs across the network from a centralised point.

VTP uses domains (areas with common VLAN requirements). A switch can only belong to one VTP domain.

To participate in a VTP domain each switch must be in one of the following modes:

1. Server mode - this has full control over VLAN creation, deletion and modification, this is the default mode for switches.

2. Client mode - cannot create, change or delete and VLANs. Clients listen to VTP advertisements from other switches and modify their own VLAN configuration. Also acts as a relay, forwarding VTP information to other switches.

3. Transparent mode - does not participate in VTP, and does not advertise its own VLAN configuration. With VTP version 1 it does not relay VTP information from other switches unless the VTP domain names and numbers match. In VTP version 2 they can still act as relays regardless of the VTP domain name.

VTP advertisements are sent using multicast and reference an index called the configuration revision number. The revision number starts at zero and increments by one with any change, at which point the update is sent to all VTP listening switches.

New switches should always be cleared of all VTP information before being introduced into the network.

VTP configuration

Head back into the PacketTracer lab we created earlier and add the following:

Management domain:

switch0(config)# vtp domain vtptest

switch1(config)# vtp domain vtptest

Mode:

switch0(config)# vtp mode server

switch0(config)# vtp version 2

switch0(config)# vtp password vtppassword

switch1(config)# vtp mode client

switch1(config)# vtp version 2

switch1(config)# vtp password vtppassword

Now we can add a couple of VLANs - so on Switch0 add VLANs 4 and 5, then do a sh vlan on Switch1

Without adding anything to Switch1 you should see 

Running a show vtp status on switch0 you should see

VTP Pruning

VTP Pruning makes more efficient use of trunk bandwidth by reducing unnecessary flooded traffic.

To implement this it is just a case of typing "vtp pruning" in config mode. But this is not supported in PacketTracer, at least not in the version I am running. It might be supported in future releases.

switch(config)# vtp pruning

Once this is added on server it is also enabled on the VTP clients.

Troubleshooting VTP

Check the mode if updates are not being received - make sure not in transparent.

Makes sure at least one switch is set as the server.

Make sure trunks are used as VTP advertisement are only sent over trunk links.

Make sure VTP domain name is identical across all switches.

VTP versions should be compatible.

Passwords should match for VTP.

VLANs and Trunks (1.20)

To those of you who have passed the CCNA certification training, then this should not be anything new, but it's good to have a recap, especially as it is clearly stated on the CCIE syllabus.

VLANs are a way of segmenting your traffic into business or geographic boundaries, a logical network segment. A VLAN introduces a separate broadcast domain - so broadcasts will not cross VLAN boundaries.

There are two types of VLANs, static or dynamic:

Static VLANs

Static VLANs are port based. Set up is easy.

Open up Packet tracer and drag two switches and two workstations onto it. I have used different switches (a 2960 and a 2950)

On the switches enter the following

Switch0(config)# vlan 2

Switch0(config-vlan)# name VLAN2

Now connect the fastethernet 0/2 port to the switches and enter this: 

Switch0(config)# interface FastEthernet0/2

Switch0(config-if)# switchport mode access

Switch0(config-if)# switchport access vlan 2

Give the workstations ip addresses of 10.0.0.12/24 and 10.0.0.13/24

Dynamic 

Dynamic VLANs are based on MAC addresses not covered as part of the CCNP Switch, and neither are they covered in the CCIE exam.

Deploying VLANs

There are two ways to deploy VLANs across the infrastructure, End-to-End or Local VLANs

End-to-End vlans 

Also know as campuswide VLANs, these span the entire fabric of a network, they are positioned to support maximum flexibility and mobility of end users and follow the 80/20 rule, whereby 80% of traffic is within the local workgroup, and 20% is destined for outside networks.

End-to-End VLANs are more difficult to manage than Local VLANs due to the increased broadcasts around the network

Local VLANs 

These are based on geographic needs and follows the 20/80 rule - 20% is local traffic, 80% is traffic that wiull traverse the core layer. More commonly used than end-to-end.

Trunking

A trunk is used to transport many VLANs between switches, frames are tagged with an ID corresponding to the VLAN number and there are two types of trunk - ISL and 802.1Q.

ISL which is proprietary to Cisco, but is now deprecated in favor of 802.1Q. ISL encapsulates each frame between a header and trailer.

802.1Q is the industry standard. Tags are embedded within the frame, and it uses a concept called the "native VLAN". Frames beloging to this VLAN are not encapsulated with any tagging information.

Trunks can be forcefully set or allowed to form under their own default settings. This uses DTP (Dynamic Trunking Protocol) and it negotiates a common trunking mode between two switches. A trunk link can be negotiated between two switches only if they belong to the same VTP domain (VLAN Trunking Protocol covered next), or if both switches do not have the VTP domain specified (i.e NULL domain). If the two switches are in different VTP domains and trunking is required then the trunk links must be set to On or Negotiate mode.

The configuration is as follows:

Switch(config)# interface type mod/port 

Switch(config-if)# switchport trunk encapsulation {isl | dot1q | negotiate} 

Switch(config-if)# switchport trunk native vlan vlan-id

Switch(config-if)# switchport trunk allowed vlan {vlan-list | all | {add | except | remove} vlan-list}

Switch(config-if)# switchport mode {trunk | dynamic {desirable | auto}}

There are three trunking modes:

1: trunk - permanent trunking mode (on). 

2: dynamic desirable - (the default) The port actively tries to convert the link to trunking and asks the far end to bring up a trunk. If the far end is set to trunk, dynamic desirable or auto then a trunk is formed.

3: dynamic auto - the port can be converted into a trunk if the other side actively asks for it. The other side must be set as trunk or dynamic desirable. if both sides are set to auto a trunk is not formed.

DTP packets are set every 30 seconds. To stop these (i.e. if unnecessary bandwidth is an issue, or just to follow best-practice) set the trunk ports to "switchport nonegotiate"

Returning to our Packet Tracer example configure a link between fastEthernet0/1 on each switch. Your PacketTracer screen should look like this:

Configure the first switch like this: 

switch0(config)# int fastethernet 0/1

switch0(config-if)# switchport trunk encapsulation dot1q

switch0(config-if)# switchport trunk native vlan 2

switch0(config-if)# switchport trunk allowed vlan 100-200

switch0(config-if)# switchport mode trunk 

switch0(config-if)# switchport nonegotiate

If the other side's native VLAN settings do not match then you should see this message:

OK, now did you have any issues with the commands? You should have found that the encapsulation command did not work. This is because ISL is being deprecated in favour of 802.1Q and Cisco has started to remove the ISL option from its line up.

Now configure the other switch in the same way as the first.

Issuing a sh interfaces trunk you can see:

You should be able to ping from one PC to another across the trunk.

Save this PacketTracer lab as we will be expanding on it later on.

Troubleshooting

Make sure that the VLANs re where they should be (sh vlan id 2)

Make sure that the trunking parameters are set (trunk, negotiated or nonegotiate)

Make sure that the trunks are talking the same language (802.1Q, or ISL)

Make sure that the native VLAN is set when using 801.1Q

Make sure that the Allowed VLANs match on both sides.

Commands:

sh interface trunk (shown above)

sh dtp <int> to see DTP packets

sh interface <int> switchport 

Next we'll move on to VTP.

The gaps between the CCNP and the CCIE

So moving from the CCNP world to the CCIE world seems like a massive jump. Just look at the book list for instance.


But how huge is the jump really?

Looking at the topics shared between the different levels (and due to space constraints I have had to shorten the topic titles as much as possible) we can see that a number of topics, as expected are already well covered, and there are a few that will be completely new.
The items that aren't covered are in green, and where a topic is covered the corresponding exam is in brackets (R for Route, S for Switch and T for TShoot.

CCNP Switch Exam topics

So although this site is focused on the CCIE R+S exams, I really probably should point out that I am still finishing off my CCNP routing and Switching (R+S). I have completed the Route exam and am lining up to take the Switch exam. 

So lets have a little look over the exam topics.

CCIE Book List

This is the book list recommended by Cisco for the CCIE Routing and Switching exam(s):

It's a long list so keep an eye on the Amazon Market place!

You can grab these books from my Amazon stores:

USA | UK

1: CCIE Routing and Switching Certification Guide
2: CCIE Routing and Switching Certification Guide (4th Edition) (Exam Certification Guide)
3: CCIE Routing and Switching v4.0 Configuration Practice Labs (2nd Edition) (Practical Studies)
4: CCIE Routing and Switching v4.0 Troubleshooting Practice Labs
5: Routing TCP/IP, Volume 1 (2nd Edition)
6: Routing TCP/IP (CCIE Professional Development): Volume 2
7: Troubleshooting IP Routing Protocols (CCIE Professional Development Series)
8: Inside Cisco IOS Software Architecture
9: Cisco LAN Switching (CCIE Professional Development series)
10: Cisco OSPF Command and Configuration Handbook (CCIE Professional Development)
11: Cisco BGP-4 Command and Configuration Handbook (CCIE Professional Development)
12: CISCO Field Manual: Router Configuration (Core Series)
13: Cisco Field Manual: Catalyst Switch Configuration (Networking Technology)
14: Developing IP Multicast Networks, Volume I: 1
15: Internet Routing Architectures (2nd Edition) (Networking Technology)
16: MPLS and VPN Architectures (Vol 1)
17: MPLS and VPN Architectures: v.2: Vol 2 (Networking Technology)
18: Cisco Catalyst QoS: Quality of Service in Campus Networks (Networking Technology)
19: End-to-End QoS Network Design: Quality of Service in LANs, WANs, and VPNs: Quality of Service in LANs, WANs, and VPNs. Best-practice QoS designs for ... attacks (Networking Technology)
20: Deploying IPv6 Networks
21: Network Security Technologies and Solutions (CCIE Professional Development)

Wow! That's 21 books for one exam. Buying these on a Kindle might be a worth while option, some of the books are £10 or so cheaper on the kindle, than on paperback, and the added advantage is that they can be taken anywhere easily.

Kindles are fairly inexpensive, and can be picked up for just over £100 for a Paperwhite, or around £150 for a Kindle Fire.

Kindle Paperwhite, 6" High Resolution Display with Built-in Light, Wi-Fi
Kindle Fire HD 7", Dolby Audio, Dual-Band Wi-Fi, 16 GB - With Special Offers

CCIE Exam topics

These are the currently published topics for the Cisco CCIE exam(s).

As this blog expands these will be linked to the relevant blog post, so please keep this page to hand. The plan is to cover everything by the time I take the exam.

Part 11 is for the written exam only.

1.00 Implement Layer 2 Technologies

1.10 Implement Spanning Tree Protocol (STP)
   (a) 802.1d
   (b) 802.1w
   (c) 802.1s
   (d) Loop guard
   (e) Root guard
   (f) Bridge protocol data unit (BPDU) guard
   (g) Storm control
   (h) Unicast flooding
   (i) Port roles, failure propagation, and loop guard operation
1.20 Implement VLAN and VLAN Trunking Protocol (VTP)
1.30 Implement trunk and trunk protocols, EtherChannel, and load-balance
1.40 Implement Ethernet technologies
   (a) Speed and duplex
   (b) Ethernet, Fast Ethernet, and Gigabit Ethernet
   (c) PPP over Ethernet (PPPoE)
1.50 Implement Switched Port Analyzer (SPAN), Remote Switched Port Analyzer (RSPAN), and flow control
1.60 Implement Frame Relay
   (a) Local Management Interface (LMI)
   (b) Traffic shaping
   (c) Full mesh
   (d) Hub and spoke
   (e) Discard eligible (DE)
1.70 Implement High-Level Data Link Control (HDLC) and PPP

2.00 Implement IPv4

2.10 Implement IP version 4 (IPv4) addressing, subnetting, and variable-length subnet masking (VLSM)
2.20 Implement IPv4 tunneling and Generic Routing Encapsulation (GRE)
2.30 Implement IPv4 RIP version 2 (RIPv2)
2.40 Implement IPv4 Open Shortest Path First (OSPF)
   (a) Standard OSPF areas
   (b) Stub area
   (c) Totally stubby area
   (d) Not-so-stubby-area (NSSA)
   (e) Totally NSSA
   (f) Link-state advertisement (LSA) types
   (g) Adjacency on a point-to-point and on a multi-access network
   (h) OSPF graceful restart
2.50 Implement IPv4 Enhanced Interior Gateway Routing Protocol (EIGRP)
   (a) Best path
   (b) Loop-free paths
   (c) EIGRP operations when alternate loop-free paths are available, and when they are not
   (d) EIGRP queries
   (e) Manual summarization and autosummarization
   (f) EIGRP stubs
2.60 Implement IPv4 Border Gateway Protocol (BGP)
   (a) Next hop
   (b) Peering
   (c) Internal Border Gateway Protocol (IBGP) and External Border Gateway Protocol (EBGP)
2.70 Implement policy routing
2.80 Implement Performance Routing (PfR) and Cisco Optimized Edge Routing (OER)
2.90 Implement filtering, route redistribution, summarization, synchronization, attributes, and other advanced features

3.00 Implement IPv6

3.10 Implement IP version 6 (IPv6) addressing and different addressing types
3.20 Implement IPv6 neighbor discovery
3.30 Implement basic IPv6 functionality protocols
3.40 Implement tunneling techniques
3.50 Implement OSPF version 3 (OSPFv3)
3.60 Implement EIGRP version 6 (EIGRPv6)
3.70 Implement filtering and route redistribution

4.00 Implement MPLS Layer 3 VPNs

4.10 Implement Multiprotocol Label Switching (MPLS)
4.20 Implement Layer 3 virtual private networks (VPNs) on provider edge (PE), provider (P), and customer edge (CE) routers
4.30 Implement virtual routing and forwarding (VRF) and Multi-VRF Customer Edge (VRF-Lite)

5.00 Implement IP Multicast

5.10 Implement Protocol Independent Multicast (PIM) sparse mode
5.20 Implement Multicast Source Discovery Protocol (MSDP)
5.30 Implement interdomain multicast routing
5.40 Implement PIM Auto-Rendezvous Point (Auto-RP), unicast rendezvous point (RP), and bootstrap router (BSR)
5.50 Implementmulticast tools, features, and source-specific multicast
5.60 Implement IPv6 multicast, PIM, and related multicast protocols, such as Multicast Listener Discovery (MLD)

6.00 Implement Network Security

6.01 Implement access lists
6.02 Implement Zone Based Firewall
6.03 Implement Unicast Reverse Path Forwarding (uRPF)
6.04 Implement IP Source Guard
6.05 Implement authentication, authorization, and accounting (AAA) 
6.06 Implement Control Plane Policing (CoPP)
6.07 Implement Cisco IOS Firewall
6.08 Implement Cisco IOS Intrusion Prevention System (IPS)
6.09 Implement Secure Shell (SSH)
6.10 Implement 802.1x
6.11 Implement NAT
6.12 Implement routing protocol authentication
6.13 Implement device access control
6.14 Implement security features

7.00 Implement Network Services

7.10 Implement Hot Standby Router Protocol (HSRP)
7.20 Implement Gateway Load Balancing Protocol (GLBP)
7.30 Implement Virtual Router Redundancy Protocol (VRRP)
7.40 Implement Network Time Protocol (NTP)
7.50 Implement DHCP
7.60 Implement Web Cache Communication Protocol (WCCP)

8.00 Implement Quality of Service (QoS)

8.10 Implement Modular QoS CLI (MQC)
   (a) Network-Based Application Recognition (NBAR)
   (b) Class-based weighted fair queuing (CBWFQ), modified deficit round robin (MDRR), and low latency queuing (LLQ)
   (c) Classification
   (d) Policing
   (e) Shaping
   (f) Marking
   (g) Weighted random early detection (WRED) and random early detection (RED)
   (h) Compression
8.20 Implement L2 QoS: weighted round robin (WRR), shaped round robin (SRR) & policies
8.30 Implement link fragmentation and interleaving (LFI) for Frame Relay
8.40 Implement generic traffic shaping
8.50 Implement Resource Reservation Protocol (RSVP)
8.60 Implement Cisco AutoQoS

9.00 Troubleshoot a Network

9.10 Troubleshoot complex Layer 2 network issues
9.20 Troubleshoot complex Layer 3 network issues
9.30 Troubleshoot a network in response to application problems
9.40 Troubleshoot network services
9.50 Troubleshoot network security

10.00 Optimize the Network

10.01 Implement syslog and local logging
10.02 Implement IP Service Level Agreement SLA
10.03 Implement NetFlow
10.04 Implement SPAN, RSPAN, and router IP traffic export (RITE)
10.05 Implement Simple Network Management Protocol (SNMP)
10.06 Implement Cisco IOS Embedded Event Manager (EEM)
10.07 Implement Remote Monitoring (RMON)
10.08 Implement FTP
10.09 Implement TFTP
10.10 Implement TFTP server on router
10.11 Implement Secure Copy Protocol (SCP)
10.12 Implement HTTP and HTTPS
10.13 Implement Telnet

Written exam only:

11.00 Evaluate proposed changes to a Network

11.01 Evaluate interoperability of proposed technologies against deployed technologies
   (a) Changes to routing protocol parameters
   (b) Migrate parts of a network to IPv6
   (c) Routing Protocol migration
   (d) Adding multicast support
   (e) Migrate spanning tree protocol
   (f) Evaluate impact of new traffic on existing QoS design
11.02 Determine operational impact of proposed changes to an existing network
   (a) Downtime of network or portions of network
   (b) Performance degradation
   (c) Introducing security breaches
11.03 Alternative solutions when incompatible changes are proposed to an existing network
   (a) Hardware/Software upgrades
   (b) Topology shifts
   (c) Reconfigurations

About the Cisco CCIE Exams

The CCIE (which stands for Cisco Certified Internetwork Expert) is one of the most coveted and respected networking exams in the world, but also one with a comparatively low number of passes. At the 2012 CiscoLive conference it was reported that at that time the number of CCIEs was just 17,320 for Routing and Switching, and when you include all the other CCIE certifications, that number jumps to a hardly whopping 26,634.

That's not many really. For a great list of the historical trend of the CCIE count go here.

But then the exam is hard and the pass rate of the lab exam is reported to be about 20%.

Unlike the CCNP, which requires a valid CCNA as a prerequisite, the CCIE does not have any prerequisites. You don't have to have any qualifications, or prove any networking skills at all before you take the written exam.  In order to take the lab exam, you must have passed the written exam, and it must still be valid. 

The certification is in two parts, a written exam (exam id 350-001) that can be taken at any PearsonVue exam center, and the 8 hour lab exam. The lab exam was originally only offered in a handful of locations which for us Brits would have meant Belgium was the closest, but now mobile labs are offered in a variety of locations, thankfully including London.

The 2 hour written exam costs $350 and the lab exam costs a creditcard-flexing $1500. Once you add on the 20 or so books (£200-400), and practice lab costs (around £800 if you buy the hardware yourself) then this is a very expensive way to further your career.

The payoff though is (apart from the CCIE logo, plaque and certificate) that salary scales for CCIEs are upwards of £57,000 (or according to a US site $70,000-150,000).

And finally one last link to read - the story of how the CCIE came about.  Admit it, a little part of you wants that jacket!