VTP協定實驗步驟

1.實驗拓撲圖如下所示:

2.建立如圖環境，測試a、b、c、d的連通性。

3.配置f0/11和f/0/12為通道，驗證配置，檢視是否正常。

4.配置vtp域，域名為cisco，密碼為xxx,

               sw1為伺服器，sw2為客戶機。

檢視關鍵資訊。

5.在sw1上建立vlan2包含a，  建立vlan3包含b。

6.在sw2上檢視是否已有vlan2、vlan3。如果沒有，給出解決方法。是否可以人工建立vlan4、vlan5，同樣vlan2包含c，  建立vlan3包含d。測試ac、bd的連通性。

7.啟用修剪，驗證配置。

8.在中繼中去除vlan3的修剪，檢視配置并說明修剪意義。

<b>步驟</b><b>1</b>

<b>    </b><b>删除交換機配置和</b><b>vlan.dat</b><b>檔案并重新開機裝置，按照實驗拓撲圖連接配接實驗的線纜。</b><b></b>

<b>switch#</b>

<b>del</b>

<b> flash:vlan.dat</b>

<b>delete filename [vlan.dat]?</b>

<b>delete flash:vlan.dat? [confirm]</b>

<b>switch#</b><b>erase startup-config</b>

<b>erasing the nvram filesystem will remove all files! continue? [confirm]</b>

<b>[ok]</b>

<b>erase of nvram: complete</b>

<b>switch#</b><b>reload</b><b></b>

<b>步驟</b><b>2</b>

<b>    </b><b>給各個交換機命名</b><b>.</b>

<b>   </b><b>switch&gt;</b><b>enable</b>

<b>   </b><b>switch#</b><b>config t</b>

<b>   switch(config)# </b><b>hostname sw1</b>

<b>   sw1(config)#</b>

<b>步驟</b><b>3</b>

<b>測試連通性</b><b>,</b><b>結果如下所示</b><b>:</b>

<b>在</b><b>a</b><b>上用</b><b>ping</b><b>指令測試和</b><b>b</b><b>的連通性</b><b>:</b>

<b>c:\documents and settings\administrator&gt;ping 1.1.1.4</b>

<b></b>

<b>pinging 1.1.1.4 with 32 bytes of data:</b>

<b>reply from 1.1.1.4: bytes=32 time&lt;10ms ttl=128</b>

<b>在</b><b>a</b><b>上用</b><b>ping</b><b>指令測試和</b><b>c</b><b>的連通性</b><b>:</b>

<b>c:\documents and settings\administrator&gt;ping 1.1.1.1</b>

<b>pinging 1.1.1.1 with 32 bytes of data:</b>

<b>reply from 1.1.1.1: bytes=32 time&lt;10ms ttl=128</b>

<b>在</b><b>a</b><b>上用</b><b>ping</b><b>指令測試和</b><b>d</b><b>的連通性</b><b>:</b>

<b>c:\documents and settings\administrator&gt;ping 1.1.1.2</b>

<b>pinging 1.1.1.2 with 32 bytes of data:</b>

<b>reply from 1.1.1.2: bytes=32 time&lt;10ms ttl=128</b>

<b>這裡連通由于2950</b><b>交換機預設是中繼，不做詳細介紹：</b>

<b>步驟</b><b>4</b>

<b>    </b><b>配置</b><b>sw1</b><b>将</b><b>fa0/11</b><b>、和</b><b>0/12</b><b>端口組合為一個邏輯信道：</b><b></b>

<b>sw1(config)#interface range fastethernet0/11 - 12</b>

<b>sw1(config-if-range)#channel-group 1 mode on</b>

<b>creating a port-channel interface port-channel 1</b>

<b>配置</b><b>sw2</b><b>将</b><b>fa0/11</b><b>、和</b><b>0/12</b><b>端口組合為一個邏輯信道：</b><b></b>

<b>sw2(config)#interface range fastethernet0/11 - 12</b>

<b>sw2(config-if-range)#channel-group 1 mode on</b>

<b>sw2(config-if-range)#</b>

<b>使用</b><b>show etherchannel summary</b><b>指令檢查快速以太通道連接配接：</b><b></b>

<b>sw1#show etherchannel 1 summary</b>

<b>flags:  d - down        p - in port-channel</b>

<b>        i - stand-alone s - suspended</b>

<b>        h - hot-standby (lacp only)</b>

<b>        r - layer3      s - layer2</b>

<b>        u - unsuitable for bundling</b>

<b>        u - in use      f - failed to allocate aggregator</b>

<b>        d - default port</b>

<b>number of channel-groups in use: 1</b>

<b>number of aggregators:           1</b>

<b>group  port-channel  protocol    ports</b>

<b>------+-------------+-----------+-----------------------------------------------</b>

<b>1      po1(su)          -        fa0/11(pd)  fa0/12(p)</b>

<b>sw2#show etherchannel 1 summary</b>

<b>        u - in use      f - failed to allocate aggregator</b>

<b>1      po1(su)          -        fa0/11(pd) fa0/12(p)</b>

<b>步驟</b><b>5</b>

<b>    </b><b>在</b><b>sw1</b><b>上配置</b><b>vtp</b><b>域</b><b>cisco</b><b>并建立名為</b><b>vlan 10</b><b>和</b><b>vlan 20</b><b>的</b><b>vlan</b><b>。</b><b>2950</b><b>交換機預設是</b><b>vtp</b><b>伺服器模式，是以你不需要配置它。然而，如果需要的話，配置模式中啟用伺服器的指令是</b><b>vtp mode server</b><b>：</b><b></b>

<b>sw1(config)#vtp mode server</b>

<b>device mode already vtp server.</b>

<b>sw1(config)#vtp domain cisco</b>

<b>changing vtp domain name from null to cisco</b>

<b>sw1(config)#vtp password xxx</b>

<b>setting device vlan database password to xxx</b>

<b>sw1(config)#</b>

<b>配置</b><b>sw2</b><b>作為</b><b>vtp</b><b>客戶</b><b></b>

<b>sw2(config)#vtp mode client</b>

<b>setting device to vtp client mode.</b>

<b>sw2(config)#vtp domain cisco</b>

<b>domain name already set to cisco.</b>

<b>sw2(config)#</b>

<b>使用</b><b>show vtp status</b><b>指令檢查</b><b>vtp</b><b>重要資訊：</b><b></b>

<b>sw1#show vtp status</b>

<b>vtp version                     : 2</b>

<b>configuration revision          : 0</b>

<b>maximum vlans supported locally : 64</b>

<b>number of existing vlans        : 5</b>

<b>vtp operating mode              : server</b>

<b>vtp domain name                 : cisco</b>

<b>vtp pruning mode                : disabled</b>

<b>vtp v2 mode                     : disabled</b>

<b>vtp traps generation            : disabled</b>

<b>md5 digest                      : 0x8c 0xe8 0x23 0x13 0xc9 0xd9 0x1c 0xea</b>

<b>configuration last modified by 0.0.0.0 at 0-0-00 00:00:00</b>

<b>local updater id is 0.0.0.0 (no valid interface found)</b>

<b>sw1#</b>

<b>----------------------------------------------------------------------</b>

<b>使用</b><b>show vtp counters</b><b>指令檢查</b><b>vtp</b><b>發送和接收的通告請求，彙總通告，子網通告和加入消息的條目，以及檢測到的配置錯誤。</b><b></b>

<b>sw1#show vtp counters</b>

<b>vtp statistics:</b>

<b>summary advertisements received    : 2</b>

<b>subset advertisements received     : 1</b>

<b>request advertisements received    : 1</b>

<b>summary advertisements transmitted : 2</b>

<b>subset advertisements transmitted  : 2</b>

<b>request advertisements transmitted : 0</b>

<b>number of config revision errors   : 1</b>

<b>number of config digest errors     : 0</b>

<b>number of v1 summary errors        : 0</b>

<b>vtp pruning statistics:</b>

<b>trunk            join transmitted join received    summary advts received from</b>

<b>                                                   non-pruning-capable device</b>

<b>---------------- ---------------- ---------------- ---------------------------</b>

<b>po1                 0                1                0</b>

<b>sw2#show vtp status</b>

<b>vtp operating mode              : client</b>

<b>md5 digest                      : 0x57 0x30 0x6d 0x7a 0x76 0x12 0x7b 0x40</b>

<b>sw2#</b>

<b>sw2#show vtp counters</b>

<b>summary advertisements received    : 4</b>

<b>subset advertisements received     : 3</b>

<b>request advertisements received    : 0</b>

<b>subset advertisements transmitted  : 1</b>

<b>request advertisements transmitted : 2</b>

<b>number of config revision errors   : 0</b>

<b>number of config digest errors     : 2</b>

<b>                                                   non-pruning-capable device</b>

<b>po1                 1                0                0</b>

<b>步驟</b><b>6</b>

<b>    </b><b>建立</b><b>vlan 2</b><b>和</b><b>vlan 3</b><b>的</b><b>vlan</b><b>，按照前面的配置要求，将每個交換機将端口劃歸到各自的</b><b>vlan</b><b>。</b><b></b>

<b>sw1(vlan)#vlan 2</b>

<b>vlan 2 added:</b>

<b>    name: vlan0002</b>

<b>sw1(vlan)#vlan 3</b>

<b>vlan 3 added:</b>

<b>    name: vlan0003</b>

<b>sw1(vlan)#exit</b>

<b>apply completed.</b>

<b>exiting....</b>

<b>sw1#config t</b>

<b>enter configuration commands, one per line.  end with cntl/z.</b>

<b>sw1(config)#interface fastethernet0/1</b>

<b>sw1(config-if)#switchport mode access</b>

<b>sw1(config-if)#switchport access vlan 2</b>

<b>sw1(config-if)#exit</b>

<b>sw1(config)#interface fastethernet0/2</b>

<b>sw1(config-if)#switchport access vlan 3</b>

<b>sw1(config-if)#</b>

<b>步驟</b><b>7</b>

<b>    </b><b>使用指令</b><b>show vlan brief</b><b>檢驗是否已經有</b><b>valn2</b><b>、</b><b>3</b><b>。</b><b></b>

<b>sw2#show vlan brief</b>

<b>vlan name                             status    ports</b>

<b>---- -------------------------------- --------- -------------------------------</b>

<b>1    default                          active    fa0/1, fa0/2, fa0/3, fa0/4</b>

<b>                                                fa0/5, fa0/6, fa0/7, fa0/8</b>

<b>                                                fa0/9, fa0/10, fa0/13, fa0/14</b>

<b>                                                fa0/15, fa0/16, fa0/17, fa0/18</b>

<b>                                                fa0/19, fa0/20, fa0/21, fa0/22</b>

<b>                                                fa0/23, fa0/24</b>

<b>1002 fddi-default                     active</b>

<b>1003 token-ring-default               active</b>

<b>1004 fddinet-default                  active</b>

<b>1005 trnet-default                    active</b>

<b>我們看出并沒有，由于剛剛</b><b>vtp</b><b>伺服器設定了密碼，這樣就将</b><b>cisco</b><b>管理域設為了安全模式，這樣防止未經授權的交換機加入到使用者的域内。剛才說明了這點。這時我們隻須在</b><b>sw2</b><b>上設定密碼即可。</b><b></b>

<b>sw2#config t</b>

<b>sw2(config)#vtp password xxx</b>

<b>setting device vlan database password to xxx.</b>

<b>或許剛剛設完密碼馬上驗證還會沒有，這時不須緊張，由于交換機每五分鐘發送一次通告或者有變化時，它通告鄰接交換機目前的</b><b>vtp</b><b>域名和配置修訂号。稍等一會在驗證。</b><b></b>

<b>1    default                          active    fa0/1, fa0/2, fa0/3, fa0/4</b>

<b>                                                fa0/5, fa0/6, fa0/7, fa0/8</b>

<b>2    vlan0002                         active</b>

<b>3    vlan0003                         active</b>

<b>1005 trnet-default                    active</b>

<b>在</b><b>sw2</b><b>上人工建立</b><b>vlan4</b><b>、</b><b>vlan5</b>

<b>sw2#vlan database</b>

<b>sw2(vlan)#vlan 4</b>

<b>vlan 4 added:</b>

<b>    name: vlan0004</b>

<b>sw2(vlan)#vlan 5</b>

<b>vlan 5 added:</b>

<b>    name: vlan0005</b>

<b>sw2(vlan)#exit</b>

<b>in client state, no apply attempted.</b>

<b>驗證：</b><b></b>

<b>2    vlan0002                         active</b>

<b>這時大家會發現明明看到已經建立</b><b>vlan4</b><b>、</b><b>5</b><b>怎麼會沒有。大家有沒有注意到交換機已經告訴大家</b><b>in client state, no apply attempted.</b><b>vtp</b><b>客戶模式不能建立，删除，和修改</b><b>vlan</b><b>。</b><b></b>

<b>按照前面的配置要求，将每個交換機将端口劃歸到各自的</b><b>vlan</b><b>。</b><b></b>

<b>sw2(config)#interface fastethernet0/1</b>

<b>sw2(config-if)#switchport mode access</b>

<b>sw2(config-if)#switchport access vlan 2</b>

<b>sw2(config-if)#exit</b>

<b>sw2(config)#interface fastethernet0/2</b>

<b>sw2(config-if)#switchport access vlan 3</b>

<b>sw2(config-if)#</b>

<b>測試連通：</b><b></b>

<b>在</b><b>b</b><b>上用</b><b>ping</b><b>指令測試和</b><b>d</b><b>的連通性</b><b>:</b>

<b>步驟</b><b>8</b>

<b>    </b><b>隻須在</b><b>vtp</b><b>伺服器上啟用修剪就啟用了整個管理域的修剪。</b><b></b>

<b>sw1(config)#vtp pruning</b>

<b>pruning switched on</b>

<b>驗證配置：</b><b></b>

<b>configuration revision          : 2</b>

<b>number of existing vlans        : 7</b>

<b>vtp pruning mode                : enabled</b>

<b>md5 digest                      : 0xe3 0xbd 0xa0 0xc9 0x14 0x85 0x9b 0xfc</b>

<b>configuration last modified by 0.0.0.0 at 3-1-93 00:47:48</b>

<b>vtp pruning mode                : enabled</b>

<b>步驟</b><b>9</b>

<b>    </b><b>在</b><b>sw1</b><b>的中繼中去除</b><b>vlan3</b><b>的修剪</b><b></b>

<b>sw1(config-if-range)#switchport trunk pruning vlan remove 3</b>

<b>sw1(config-if-range)#</b>

<b>sw1#show interface fastethernet0/11 switchport</b>

<b>name: fa0/11</b>

<b>switchport: enabled</b>

<b>administrative mode: dynamic desirable</b>

<b>operational mode: trunk (member of bundle po1)</b>

<b>administrative trunking encapsulation: dot1q</b>

<b>operational trunking encapsulation: dot1q</b>

<b>negotiation of trunking: on</b>

<b>access mode vlan: 1 (default)</b>

<b>trunking native mode vlan: 1 (default)</b>

<b>voice vlan: none</b>

<b>administrative private-vlan host-association: none</b>

<b>administrative private-vlan mapping: none</b>

<b>administrative private-vlan trunk native vlan: none</b>

<b>administrative private-vlan trunk encapsulation: dot1q</b>

<b>administrative private-vlan trunk normal vlans: none</b>

<b>administrative private-vlan trunk private vlans: none</b>

<b>operational private-vlan: none</b>

<b>trunking vlans enabled: all</b>

<b>pruning vlans enabled: 2,4-1001</b>

<b>capture mode disabled</b>

<b>capture vlans allowed: all</b>

<b>protected: false</b>

<b>appliance trust: none</b>

<b>sw1#show interface fastethernet0/12 switchport</b>

<b>name: fa0/12</b>

<b>在</b><b>sw2</b><b>上驗證：</b><b></b>

<b>sw2#show interface fastethernet0/11 switchport</b>

<b>pruning vlans enabled: 2-1001</b>

<b>voice vlan: none (inactive)</b>

<b>我們會發現</b><b>sw2</b><b>上并沒有去除</b><b>vlan3</b><b>的修剪，說明移出修剪不同啟用修剪。需要根據情況在每個交換機上配置。</b><b></b>

<b>修剪的意義：</b><b></b>

交換機預設情況下是在網絡上傳播廣播和未知資料包。這樣會給整個網絡帶來大量的不必要流量。

vtp修剪通過減少不必要的流量，如：廣播、多點傳播、未知等。來提高帶寬使用率。