موضوع:VLAN Trunking Protocol (VTP)

شاید بهترین تعریف برای VTPعبارت زیر باشه :

VLAN Trunking Protocol, also known as VTP is a technology that allows for the propagation of VLAN’s from a single switch to multiple switches in a Server-Client fashion.

تکنولوژی که به وسیله آن میتوانیم بر روی یک سویچ Vlanها را تعریف کرد و به صورت اتو ماتیک  Vlanها را بر روی تمامی سویچهای موجود در شبکه انتشار داد.

به این صورت که یک سویچ را به عنوان سرور در نظر می گیریم ،سپس Vlanهای مورد نظر را تعریف کرده و سایر سویچهای موجود در شبکه را Client  در نظر گرفته. در این حالت ما می توانیم هر تغییری را مانند حذف اضافه و … را بر روی یک سویچ انجام داد و بعد بر روی تمامی سویچهای موجود در شبکه منتشر  شود.

In the world of VTP, the VTP Server is the centralized point of management in the network for VLAN propagation. Whenever you create a new VLAN on the VTP Server, this VLAN will automatically be propagated to the switches in the same VTP Domain. Think of a VTP Domain as a single autonomous system, or a single collection of switches that share the same VLAN’s. For example you have a large campus building in a University network. This building in the three tier design model will have an access and distribution core. The VTP Server in this design would be the distribution switch. In most cases, the VTP server would be a chassis switch or a switch stack to provide redundancy to access switches.

Creating a VLAN on the distribution switch will allow for all access switches to access other access switches on different floors of the building on the same VLAN, this eliminates the need to create the Vlan on 3 separate switches, the distribution, and both access switches in the given example.

In large enterprise networks VTPv2 can be used in the campus core as VTPv2 can only propagate up to 1005 VLAN’s, however once you hit the VTP VLAN ceiling you’d be required to migrate to VTP Version 3 to allow for the propagation of 4095 VLAN’s.

There are three VTP Versions currently; VTP Version 3 which is quite new provides major advantages over versions one and two.

VTP Version 1 was the initial release of this technology gives you the ability to configure the switch as a VTP Server, VTP Client, VTP Transparent Switch (will be discussed in Lab 4-11) and on CatOS switches, VTP Mode OFF which completely disables VTP.

VTP Version 2 is not to much different from v1 however VTPv2 includes the support for token ring VLAN’s and VTP Pruning. If neither of these features are required in a network then there is no need to upgrade from version one to version two.

VTP Version 3 on the other hand has significant advantages over its predecessors, two of the most beneficial features to modern networks is that VTP v3 supports the entire IEEE VLAN Range 1-4095 and also the ability to propagate Private VLAN information. VTP v3 also gives better administrative control over the VTP domain by allowing you to configure which devices can update other devices view of the VLAN topology. You now have the option to turn VTP on or off on a per trunk basis and now the VTP server has a primary and backup VTP server.

Now take a step back for a second and ask yourself what happens if someone else plugs a switch into the network with the same VTP domain and a higher revision of the database and completely different VLAN information. The answer is quite simple, you’re network goes into the bit bucket as your VLAN’s on all switches change, some get removed, new ones added and so on. When a VLAN is removed on a switch and ports are in that specific VLAN, those ports get shutdown. All in all, if this happens on your watch and its your fault you better update your resume.

But don’t worry, there is hope!! With the a VTP Password, you can prevent unwanted VTP server switches in the network. By using a VTP password switches can only be a client of a VTP Server if the passwords match.

VTP Domains can be unique to location but there is one domain name that is special; VTP Domain: NULL, this domain name basically is no domain name, its blank and is represented as the domain name NULL. However when it is changed you cannot change it back to NULL.

سناریوی زیر رو در  نظر بگیرید:

کانفیگ های زیر رو در SW1انجام بدید:

Sw1#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Sw1(config)#vtp mode server

Device mode already VTP SERVER.

Sw1(config)#vtp domain test.loc

کانفیگ مربوت به SW2:

Sw2#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Sw2(config)#vtp mode client

Setting device to VTP CLIENT mode.

Sw2(config)#vtp domain test.loc

کانفیگ مربوت به SW3:

Sw3#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Sw3(config)#vtp mode client

Setting device to VTP CLIENT mode.

Sw3(config)#vtp domain test.loc

اینتر فیسهای fa0/1-2را در channel-group1 و اینتر فیسهای  fa0/3-4را در channel-group2 قرار می

دهیم. در SW1

SW1(config)#int range fastEthernet 0/1-2

اینتر فیسهای fa0/1-2را  در channel-group 1قرار می دهیم در SW2

SW2(config)#int range fastEthernet 0/1-2

اینتر فیسهای fa0/1-2را  در channel-group 1قرار می دهیم در SW3

SW3(config)#interface range fastEthernet 0/1-2

با استفاده از شماره channel-groupها انها را ترانک می کنیم در SW1

SW1(config)#interface port-channel 1

SW1(config-if)#switchport mo trunk

SW1(config)#interface port-channel 2

Channel-group 1را ترانک می کنیم .در SW2

SW2(config)#interface port-channel 1

Channel-group 2را ترانک می کنیم .در SW3

SW3(config)#interface port-channel 2

Vlan 10  را با نام  20learn.ir  ایجاد می کنیم.

Sw1(config)#vlan 10

نمایش تمامی vlan  ها :در SW1

SW1#show vlan brief

VLAN Name                             Status    Ports

—- ——————————– ——— ——————————-

1    default                          active    Fa0/5, Fa0/6, Fa0/7, Fa0/8

                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12

                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16

                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20

                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24

                                                Gig1/1, Gig1/2

10   20learn.ir                       active

1002 fddi-default                     active

1003 token-ring-default               active

1004 fddinet-default                  active

نمایش تمامی vlan  ها :در SW2

SW2#show vlan brief

VLAN Name                             Status    Ports

—- ——————————– ——— ——————————-

1    default                          active    Fa0/3, Fa0/4, Fa0/5, Fa0/6

                                                Fa0/7, Fa0/8, Fa0/9, Fa0/10

                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14

                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18

                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22

                                                Fa0/23, Fa0/24, Gig1/1, Gig1/2

10   20learn.ir                       active

1002 fddi-default                     active

1003 token-ring-default               active

1004 fddinet-default                  active

1005 trnet-default                    active

VTP Password and VTP version

خب اگر کسی بیاد در شبکه ما یک سویچ بزاره  با همون نام دامنه ما (در اینجا  Test.loc) با تنضیمات متفاوت و Revision

Numberبا لاتر برخی از vlan  ها حذف می شوند بعضی اضافه می شوند و ….

با استفاده از VTP Password  شبکه از این گونه حملات در امان  می ماند .به این صورت که کلاینت هایی تغییرات جدید را

دریافت می کنند که پسورد آنها با پسورد VTP Server Matchباشد.

کانفیگ VTP Password  و VTP versionدر سویچهای کلاینت و سرور.

در SW1:

در SW2:

در SW3:

با دستور Show Vtp Password  میتونیم پسورد رو ببینیم.

SW1#show vtp password

VTP Password: cisco