Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,596 --> 00:00:07,546 >> Deeper down the rabbit hole we go with VLANs as we unpacked VTP and 802.1Q. 2 00:00:07,906 --> 00:00:11,426 In the last Nugget, I gave you kind of the overview like this what VLANs are, 3 00:00:11,426 --> 00:00:14,916 this is why they're great, this is some examples of how we can use them, 4 00:00:15,346 --> 00:00:18,306 now I'd like to unpack the details of it. 5 00:00:19,036 --> 00:00:21,996 So, how to look at trunks and how they really work 6 00:00:21,996 --> 00:00:25,276 and that there's really a secret sauce behind them called 802.1Q. 7 00:00:25,276 --> 00:00:30,606 We'll look at a concept of the Native VLAN and then finally, look at VTP, 8 00:00:30,606 --> 00:00:34,576 how it can help or destroy your entire network. 9 00:00:35,946 --> 00:00:38,506 Okay, let's pull a little review from the last Nugget. 10 00:00:38,686 --> 00:00:40,536 Trunking, what is it? 11 00:00:40,736 --> 00:00:47,286 Well, trunking is the ability to connect multiple switches together and allow your VLANs 12 00:00:47,286 --> 00:00:52,196 to seamlessly go across your entire campus fabric. 13 00:00:52,796 --> 00:00:56,486 Man, that statement was made for a marketing magazine or something like that. 14 00:00:56,486 --> 00:00:59,496 That sounded so good, I can't even say it again if I try. 15 00:00:59,956 --> 00:01:05,416 But, if I connect multiple switches together like let's add switch C and switch D together, 16 00:01:05,626 --> 00:01:11,926 well, it gives me the ability to add computers, and devices, and wireless access points, 17 00:01:11,926 --> 00:01:16,466 and printers and whatever else, whatever widgets I'd like to, all around the campus 18 00:01:16,466 --> 00:01:19,436 and allow these VLANs to span that direction. 19 00:01:19,436 --> 00:01:25,416 So, for instance, let's say VLAN 2, which I have there as that little orange-ish computer. 20 00:01:25,656 --> 00:01:28,386 VLAN 2 might be the sales VLAN. 21 00:01:28,896 --> 00:01:30,776 So all the sales people are a member of that. 22 00:01:30,776 --> 00:01:35,936 So I can now add sales people down here and add them as well to VLAN 2 and maybe this-- 23 00:01:35,936 --> 00:01:39,926 this is-- this wireless access point is actually for VLAN 3 24 00:01:39,926 --> 00:01:43,426 because only the executive team get wireless access, or whatever. 25 00:01:43,526 --> 00:01:44,516 You get the point. 26 00:01:44,516 --> 00:01:49,286 We can stretch our VLANs all around our company through this concept of trunking. 27 00:01:49,846 --> 00:01:54,846 Now what trunking does is tag, remember I said in the last Nugget, 28 00:01:54,996 --> 00:02:02,606 a better word for is tagging, tag each packet that sent across the wire, across those links 29 00:02:02,606 --> 00:02:06,556 that connect the switches, with this special little 4-byte field. 30 00:02:07,056 --> 00:02:15,306 Now, there are two forms of trunking, one is 802.1Q. 31 00:02:15,306 --> 00:02:19,586 I'm hesitant even say this nowadays but you may see it. 32 00:02:19,586 --> 00:02:23,246 You may encounter it somewhere sometime whether it be exam, 33 00:02:23,246 --> 00:02:25,786 whether it be real world, you might run into it. 34 00:02:25,976 --> 00:02:29,966 There is another one called ISL, Inter-Switch Link. 35 00:02:30,016 --> 00:02:35,416 So these are two different languages that you can use for tagging packets. 36 00:02:35,446 --> 00:02:37,636 Now, Cisco was first to the game with VLAN. 37 00:02:37,936 --> 00:02:41,786 Long before there was a real standard or at least I should say a good standard, 38 00:02:41,786 --> 00:02:44,596 Cisco came out with something called Inter-Switch Link. 39 00:02:44,926 --> 00:02:49,556 Now that worked and it allowed you to tag your packets with specific VLAN information 40 00:02:49,556 --> 00:02:52,746 and send it across, but anytime you say, Cisco made it, 41 00:02:52,806 --> 00:02:55,656 that means it only works for Cisco switches. 42 00:02:55,656 --> 00:03:02,746 802.1Q, which was the eventual standard, is the replacement for ISL. 43 00:03:02,746 --> 00:03:07,106 Now, this is industry standard-- in-- in-- well, you get the point, 44 00:03:07,106 --> 00:03:12,356 industry standard to where any vendor can create a switch and use 802.1Q. 45 00:03:12,356 --> 00:03:16,176 So, I could-- you know, I've got switch A which might be a Cisco, might be a Cisco, 46 00:03:16,176 --> 00:03:20,486 maybe bring in switch F over here with-- it's some hidden brand over here. 47 00:03:20,486 --> 00:03:25,466 We don't know, but as long as it's a managed switch, it will support 802.1Q 48 00:03:25,466 --> 00:03:28,866 and it will do VLANs and now be able to integrate and speak 49 00:03:28,866 --> 00:03:31,486 that trunking language with my Cisco switches. 50 00:03:31,776 --> 00:03:33,496 So let's dig a little bit deeper. 51 00:03:33,816 --> 00:03:41,016 Inside of this little 4-byte tag is a-- is VLAN data and this is where it will be 1 52 00:03:41,016 --> 00:03:47,376 of 4,096 different values so let it know which VLAN it belongs to. 53 00:03:47,706 --> 00:03:53,736 And then next to that is something known as the priority, or if you dig a little bit deeper, 54 00:03:53,736 --> 00:03:58,326 it's not part of this series but that is actually called class of service. 55 00:03:58,326 --> 00:04:01,476 So switches can do quality of service as well. 56 00:04:01,476 --> 00:04:04,516 So I can put in this header information. 57 00:04:04,516 --> 00:04:07,806 I can put little tags that say, "Oh, these traffic is really important. 58 00:04:07,806 --> 00:04:09,706 You're a level-5 traffic. 59 00:04:09,936 --> 00:04:11,576 Whereas this traffic, eh, it's not that important 60 00:04:11,576 --> 00:04:13,656 and you're a level 1 or a level 0 traffic." 61 00:04:13,656 --> 00:04:17,076 So, these are all known as the CoS or Class of Service bits. 62 00:04:17,076 --> 00:04:21,446 If you ever decided diving to CCNP, or get into Voice over IP 63 00:04:21,446 --> 00:04:24,886 or one of the more advanced tracks, they'll totally explain that. 64 00:04:24,886 --> 00:04:26,876 For now, we don't care. 65 00:04:26,876 --> 00:04:32,416 [laughs] All eyes are on that VLAN tag which is sitting in the header and it passes all of that 66 00:04:32,416 --> 00:04:35,816 between switches by embedding it into each frame. 67 00:04:35,816 --> 00:04:38,266 Now, keep in mind, this is a trunking thing. 68 00:04:38,786 --> 00:04:43,836 This is only on the links between your switches, VLAN tags are always removed 69 00:04:44,096 --> 00:04:47,366 when we're sending data to the computer themselves. 70 00:04:48,536 --> 00:04:53,616 Partnered with the concept of trunking is the idea of the Native VLAN. 71 00:04:54,756 --> 00:04:57,906 Trunks send tagged information, right? 72 00:04:57,906 --> 00:04:59,776 Let me go with the simple view here. 73 00:04:59,986 --> 00:05:04,946 We got a couple of switches, let's say we've got three computers up here that are all-- 74 00:05:04,946 --> 00:05:08,456 you know, these guys are a member of VLAN 2, this guy is a member of VLAN 3, 75 00:05:08,456 --> 00:05:13,036 and then down here I've got one computer that's a member of VLAN 2 76 00:05:13,036 --> 00:05:14,886 and one computer member of VLAN 3. 77 00:05:15,326 --> 00:05:19,236 So, if this is a trunk, it's going to send tagged information across. 78 00:05:19,236 --> 00:05:23,476 So as VLAN 3 sends a broadcast, it will come down here and go, "Oh, let's put a little, 79 00:05:23,666 --> 00:05:25,016 you know, shim on the header there. 80 00:05:25,016 --> 00:05:32,156 We've got VLAN 3 tag, that's now we officially know, an 802.1Q tag on the header. 81 00:05:32,156 --> 00:05:34,926 So when this guy gets it, he goes, "Oh, you belong to VLAN 3." 82 00:05:35,146 --> 00:05:38,846 Strips off that little tag and then sends it to all the VLAN 3 devices. 83 00:05:39,066 --> 00:05:40,686 That's what trunks do. 84 00:05:40,686 --> 00:05:46,146 Now, the question of this Native VLAN comes in when we say, "Well, 85 00:05:46,476 --> 00:05:50,796 what if I need to send something between these guys that is not tagged?" 86 00:05:51,736 --> 00:05:56,176 And you might look at the picture and say, "Well, look at the picture what wouldn't be tag. 87 00:05:56,176 --> 00:05:59,826 I mean, we've got two over here and two over here and three over here and three over here, 88 00:05:59,826 --> 00:06:02,006 so you would have tags of two and tags of three [inaudible], 89 00:06:02,106 --> 00:06:03,966 why would you send something that's not tagged?" 90 00:06:04,406 --> 00:06:09,486 Well, there are management protocols that run behind the scenes on switches. 91 00:06:09,486 --> 00:06:15,636 Well, like one of them we know is Telnet, another one might be SSH. 92 00:06:15,636 --> 00:06:21,556 So, maybe I'm sitting here plugged in to the console port of the switch, this switch is, 93 00:06:21,556 --> 00:06:25,946 you know, 300 feet down the hall and then like, well, 94 00:06:25,946 --> 00:06:29,266 I don't want to go walk down the hall with my laptop. 95 00:06:29,306 --> 00:06:30,206 That's a far walk. 96 00:06:30,206 --> 00:06:32,436 I'm sitting in my chair, I'm kind of cozy. 97 00:06:32,726 --> 00:06:36,916 I just want a Telnet from this switch down to this switch, right? 98 00:06:37,276 --> 00:06:41,946 Well, if I'm Telnetting from this switch to this switch, what VLAN does that belong on? 99 00:06:42,416 --> 00:06:46,906 None, really, I mean, it's whatever VLAN this switch management interface is 100 00:06:46,906 --> 00:06:48,206 on which is probably VLAN 1. 101 00:06:48,206 --> 00:06:50,776 So, it's going to send that across untagged, 102 00:06:51,316 --> 00:06:54,576 or there's another protocol we haven't talk about yet called CDP. 103 00:06:54,576 --> 00:06:56,756 It's a discovery protocol. 104 00:06:56,756 --> 00:07:02,356 It's kind of neat because Cisco devices will send each other these little discovery messages 105 00:07:02,356 --> 00:07:05,316 where they're like, "Oh, I see you my little friends, Cisco device. 106 00:07:05,316 --> 00:07:06,476 I'm going to add you to a table." 107 00:07:06,476 --> 00:07:11,746 So, an administrator at any point can type in a command called Show CDP Neighbors 108 00:07:11,746 --> 00:07:15,146 and they can see all the Cisco devices around them, all of the devices 109 00:07:15,146 --> 00:07:17,366 that are attached to whatever device they're on. 110 00:07:17,596 --> 00:07:21,726 Well, in order for CDP to work, these guys have to send like little probes, 111 00:07:21,726 --> 00:07:23,666 little hellos saying, "Hey, I'm running CDP. 112 00:07:23,666 --> 00:07:24,436 This is me. 113 00:07:24,436 --> 00:07:26,226 This is-- I'm a switch did you know who-- ." 114 00:07:26,226 --> 00:07:29,086 All of that stuff is running on the Native VLAN. 115 00:07:29,366 --> 00:07:34,346 It doesn't really belong to a VLAN so much as it's just traffic that needs 116 00:07:34,346 --> 00:07:35,696 to pass from one switch to another. 117 00:07:35,936 --> 00:07:37,986 It's considered untagged traffic. 118 00:07:38,466 --> 00:07:43,806 This concept originally came about in long, long ago when switches were so expensive, 119 00:07:43,806 --> 00:07:46,306 people were like, man, we can't afford many of these things. 120 00:07:46,526 --> 00:07:51,646 Let's put hubs in the middle of our network so that we can kind of, you know, balance the cost. 121 00:07:51,646 --> 00:07:55,666 So we would have some switches going through hubs to reach other switches. 122 00:07:55,666 --> 00:08:00,426 Well, and to those hubs, we would plug in computers and these switches would have trunks 123 00:08:00,426 --> 00:08:01,946 to each other, they'd be tagging packets, 124 00:08:01,946 --> 00:08:04,986 so VLAN 15 ends up on VLAN 15 and all that kind of stuff. 125 00:08:04,986 --> 00:08:09,666 But the question became, well, what happens when this computer comes in on that port and says, 126 00:08:09,666 --> 00:08:11,106 "Hey, I want to talk to something. 127 00:08:11,426 --> 00:08:12,596 What VLAN is it on? 128 00:08:14,096 --> 00:08:14,806 The Native VLAN. 129 00:08:15,426 --> 00:08:23,766 If a trunk receives data that does not have a tag on it, 130 00:08:23,766 --> 00:08:27,746 it will automagically become part of the Native VLAN. 131 00:08:28,606 --> 00:08:31,206 Nowadays-- I mean, nowadays, burn that model. 132 00:08:31,206 --> 00:08:34,836 Nobody does that anymore, that's like-- you know, that's heresy. 133 00:08:34,956 --> 00:08:36,906 Why would you put a hub in the middle of your network? 134 00:08:37,136 --> 00:08:40,736 But nowadays, we use this concept for things like this. 135 00:08:40,886 --> 00:08:48,226 For example, best practice says, "I want to put my IP phones on a VLAN." 136 00:08:48,226 --> 00:08:52,236 Let's put them on VLAN 15 which is separate from the computer 137 00:08:52,236 --> 00:08:54,886 that it's plugged into, maybe this guy is on VLAN 10. 138 00:08:55,276 --> 00:08:56,256 Why is that a best practice? 139 00:08:56,506 --> 00:08:57,436 Because it's scary. 140 00:08:57,606 --> 00:09:04,176 If you have your computer and your phone on the same VLAN and somebody pulls out Wireshark, 141 00:09:04,486 --> 00:09:10,576 Wireshark has the ability to capture voice packets and reassemble them into audio files. 142 00:09:10,896 --> 00:09:15,306 [laugh]s So back in the day, you know, people would have those little butt sets 143 00:09:15,306 --> 00:09:18,006 that they would have on their waist with the alligator clips. 144 00:09:18,006 --> 00:09:20,816 You know, that they would clip on to the wires and be able to kind 145 00:09:20,816 --> 00:09:22,876 of tap phone conversations and hear what's going on. 146 00:09:22,876 --> 00:09:24,486 I mean phone text still have them today. 147 00:09:24,486 --> 00:09:26,076 I shouldn't say back in the day, they're still around. 148 00:09:26,516 --> 00:09:29,626 Now, you can do that without needing any alligator clips. 149 00:09:29,686 --> 00:09:31,476 You can open Wireshark and I capture the data. 150 00:09:31,476 --> 00:09:35,946 So Cisco is like, "Whoa, let's keep this guy on a separate VLAN than this guy. 151 00:09:36,226 --> 00:09:38,056 But then we'll run in the problem, "Well, how do you that? 152 00:09:38,056 --> 00:09:42,326 Because normal ports are only a member of one VLAN." 153 00:09:42,326 --> 00:09:50,466 And then, you know, if this guy is sending traffic, I mean, how do I differentiate 154 00:09:50,466 --> 00:09:53,616 between him sending traffic and him because they're coming in the same port. 155 00:09:54,136 --> 00:09:57,406 Well, that was where that concept of the Native VLAN came in. 156 00:09:57,936 --> 00:10:02,926 Now, what I'm about to tell you is if you were to tell this to Cisco, they'll be like, 157 00:10:02,926 --> 00:10:04,906 "No, no, no, that's not how we do it. 158 00:10:04,906 --> 00:10:05,896 It's not. It's not." 159 00:10:05,896 --> 00:10:11,556 Because it's actually a security flaw, if you will, but it was the original way they do it 160 00:10:11,556 --> 00:10:15,316 and it's still kind of the way they do it, but let me explain 161 00:10:15,316 --> 00:10:18,896 and that we can unpack all of the politics behind it later. 162 00:10:19,516 --> 00:10:24,326 The way that we can make this work is to configure this port as a type of trunk. 163 00:10:25,206 --> 00:10:29,856 Now, a trunk will send tagged packets which IP phones understand. 164 00:10:29,856 --> 00:10:36,536 So I can say, on this trunk, I'm going to have VLAN 15 be the tagged VLAN. 165 00:10:37,806 --> 00:10:40,796 Now that's good because this phone understands tags. 166 00:10:40,796 --> 00:10:46,746 Cisco IP phones, you pull them out of box, they're like, "I speak the language of 802.1Q. 167 00:10:46,746 --> 00:10:48,266 I speak tags." 168 00:10:48,266 --> 00:10:51,886 So, as I'm speaking on the phone, I'm saying, "Hello everybody" on the phone. 169 00:10:52,036 --> 00:10:55,866 It's sending packets and it's automatically putting them with little tag of 15. 170 00:10:56,206 --> 00:11:01,246 So the switch goes, "Okay, you're coming from a phone, I'm going to put you on VLAN 15." 171 00:11:01,546 --> 00:11:04,466 Now the computer, no idea what a VLAN even is. 172 00:11:04,626 --> 00:11:07,666 Computers do not know the concept of VLANs. 173 00:11:07,896 --> 00:11:09,986 They know the concept of surfing the web. 174 00:11:10,226 --> 00:11:12,146 They know the concept of transferring files. 175 00:11:12,336 --> 00:11:14,756 So they just have an IP address, they're just sending data. 176 00:11:15,026 --> 00:11:17,766 So they're coming in without any VLAN tags. 177 00:11:17,956 --> 00:11:19,976 Hmm, that rings a bell. 178 00:11:20,546 --> 00:11:23,186 If they don't have any VLAN tags, then what are they on? 179 00:11:23,866 --> 00:11:24,626 The Native VLAN. 180 00:11:24,916 --> 00:11:28,446 So what you would configure this for is it would be a trunk 181 00:11:28,446 --> 00:11:33,336 and I would set it out for a Native VLAN of 10. 182 00:11:33,686 --> 00:11:36,696 So when this computer starts sending data, it doesn't have a tag, 183 00:11:36,976 --> 00:11:39,316 it says, "Well, you must be on VLAN 10." 184 00:11:39,316 --> 00:11:42,466 So that's kind of how we apply that concept today. 185 00:11:42,466 --> 00:11:46,526 Now, Cisco has new and improved ways of doing this kind of thing. 186 00:11:46,526 --> 00:11:52,456 So the reason I emphasize that is because they really make a point of saying it's not a trunk. 187 00:11:52,686 --> 00:11:56,476 It's a tagged access port, but it really is kind of the same thing. 188 00:11:56,476 --> 00:12:00,536 So for now, just for the concept, that's what the Native VLAN is all about. 189 00:12:00,696 --> 00:12:02,616 So, why am I talking about this? 190 00:12:02,616 --> 00:12:07,736 You know, it's kind of like, okay, good I get it, what's the point? 191 00:12:07,836 --> 00:12:12,826 Well, the point-- I found out-- so, this has been bugging me for so long. 192 00:12:12,826 --> 00:12:17,656 You see how my circles are kind of like blobby, see that. 193 00:12:17,656 --> 00:12:23,816 I found out that my little drawing program here converts my-- when I clear it like that, 194 00:12:23,816 --> 00:12:28,186 when I clear-- it converts my pen to like a gel pen and I finally figured out, check this out. 195 00:12:28,186 --> 00:12:28,936 Watch the blobby. 196 00:12:29,046 --> 00:12:30,786 Watch it. Bam! 197 00:12:31,196 --> 00:12:32,206 Isn't that so much cleaner? 198 00:12:32,736 --> 00:12:36,036 Come on, the difference, gel pen, oh ugly. 199 00:12:37,066 --> 00:12:38,346 Default, oh, much better. 200 00:12:38,346 --> 00:12:39,436 So, I finally figured that out. 201 00:12:39,436 --> 00:12:40,676 I was very excited. 202 00:12:40,676 --> 00:12:43,036 But why am I telling you this concept of the Native VLAN? 203 00:12:43,606 --> 00:12:47,646 The reason why is because it's dangerous if you mismatch them. 204 00:12:48,056 --> 00:12:49,306 So, what I mean is this. 205 00:12:49,306 --> 00:12:55,006 Let's say we've got two switches and by default, the Native VLAN is 1. 206 00:12:55,836 --> 00:12:58,816 That's just how it is, but you can change that. 207 00:12:58,996 --> 00:13:03,386 Let's say on one side, I make the Native VLAN 10 and on the other side, 208 00:13:03,386 --> 00:13:06,526 I make the Native VLAN 20, right? 209 00:13:06,776 --> 00:13:07,966 Well, that poses a problem. 210 00:13:07,966 --> 00:13:10,906 It's going to break something, likely, if I do that. 211 00:13:10,906 --> 00:13:12,646 The switches will start yelling at you. 212 00:13:12,646 --> 00:13:17,576 They'll send you messages on the console port like mad being like, "Native VLAN mismatch. 213 00:13:17,576 --> 00:13:18,226 Don't do this. 214 00:13:18,226 --> 00:13:19,326 Something is very wrong." 215 00:13:19,576 --> 00:13:26,256 But what ends up happening is devices that are on VLAN 10, maybe they're the accounting devices 216 00:13:26,566 --> 00:13:31,976 and devices that are on VLAN 20, maybe they're the sales devices end 217 00:13:31,976 --> 00:13:35,116 up merging together into this big blob VLAN. 218 00:13:35,386 --> 00:13:36,646 So here's what happens. 219 00:13:36,676 --> 00:13:41,196 This guy sends some data to the other side, the switches like, "Oh, okay, 220 00:13:41,196 --> 00:13:45,926 you're trying to reach, we'll say, you know, device X over here," and he's in VLAN 20. 221 00:13:46,246 --> 00:13:49,136 But as soon as it hits that trunk port, it goes, "Oh, wait a sec, 222 00:13:49,216 --> 00:13:52,066 wait a sec, VLAN 20 is my Native VLAN. 223 00:13:52,486 --> 00:13:56,516 That means VLAN 20 doesn't have any tags. 224 00:13:57,016 --> 00:13:57,996 There're no tags in there." 225 00:13:58,206 --> 00:14:01,896 So rather than doing what trunks normally do which is stick a little tag 226 00:14:01,896 --> 00:14:07,526 on that packet saying VLAN 20 is-- you know, is tagged on here, so this switch gets in, 227 00:14:07,526 --> 00:14:09,156 he's like, "Oh, you belong to VLAN 20." 228 00:14:09,156 --> 00:14:13,046 He goes, "Oh, well that's my Native VLAN so I'm going to strip the tag off. 229 00:14:13,046 --> 00:14:13,846 There's going to be no tag. 230 00:14:13,846 --> 00:14:18,336 I'm just going to send it untagged 'cause remember, Native VLAN equals untagged." 231 00:14:19,056 --> 00:14:22,366 So, on the other side, I've got a Native VLAN of 10. 232 00:14:22,566 --> 00:14:27,846 So it comes in and it assumes that I'm on VLAN 10. 233 00:14:27,976 --> 00:14:31,406 And so, so this untagged traffic went out on 20 came in it's like, "Oh, 234 00:14:31,406 --> 00:14:33,606 well my Native VLAN is 10 so now I'm on 10." 235 00:14:33,666 --> 00:14:34,776 Is it supposed to do that? 236 00:14:34,776 --> 00:14:37,056 No, but it's how it's configured. 237 00:14:37,256 --> 00:14:38,976 That's called the Native VLAN mismatch. 238 00:14:39,076 --> 00:14:44,206 And what it does is undo a lot of your security boundaries to where this guy can now get 239 00:14:44,206 --> 00:14:46,416 to this guy, and he's not supposed to. 240 00:14:47,066 --> 00:14:51,916 Because-- and same thing happens on this side, if I've got computer and VLAN 10 over here. 241 00:14:52,156 --> 00:14:54,236 When he sends it, he's going to be like, "Oh, VLAN 10, 242 00:14:54,236 --> 00:14:58,256 that's my Native so I'll send it untagged and then it comes in on this guy as VLAN 20." 243 00:14:58,336 --> 00:15:02,866 So, my point is, if you're configuring trunks which we're going to do in the next Nugget, 244 00:15:03,066 --> 00:15:09,666 you want to make sure that the Native VLAN matches between both sides. 245 00:15:09,666 --> 00:15:11,206 Now, let's get back to Cisco. 246 00:15:11,746 --> 00:15:14,626 Cisco had a really good idea. 247 00:15:14,626 --> 00:15:17,356 Remember I said, they were first to the game with VLANs, 248 00:15:17,356 --> 00:15:19,756 they came out with this protocol called ISL. 249 00:15:19,756 --> 00:15:22,566 We don't use it anymore nowadays, but it was great, great for its time. 250 00:15:23,126 --> 00:15:26,736 Well, way back then, Cisco, you know, was kind of looking at the VLAN standard 251 00:15:26,736 --> 00:15:29,956 as it was emerging and they're like, "We can do something really cool. 252 00:15:30,566 --> 00:15:34,066 We're going to come up with this protocol called VTP." 253 00:15:34,686 --> 00:15:39,156 Now, first of, the name will mess you up, 254 00:15:39,316 --> 00:15:43,696 [laughs] it stands for the VLAN Trunking Protocol. 255 00:15:44,966 --> 00:15:47,956 But, and I'm going to say it and I'm going to say it twice 256 00:15:47,956 --> 00:15:49,016 because I want it to stick in your head. 257 00:15:49,266 --> 00:15:52,996 It is not a trunking protocol, okay? 258 00:15:52,996 --> 00:15:53,326 You get it? 259 00:15:53,326 --> 00:15:56,926 The VLAN Trunking Protocol is not a trunking protocol. 260 00:15:57,336 --> 00:16:00,336 There are only two trunking protocols out there. 261 00:16:00,466 --> 00:16:01,646 One of them has gone away. 262 00:16:01,926 --> 00:16:04,856 One is ISL, the other is 802.1Q. 263 00:16:05,246 --> 00:16:09,566 Those are the two protocols that can tag traffic 264 00:16:09,896 --> 00:16:12,756 so that switches know what VLAN it belongs to, that's it. 265 00:16:12,886 --> 00:16:15,886 So the VLAN Trunking Protocol, what, is not a trunking protocol. 266 00:16:16,016 --> 00:16:21,996 It should've been called the VLAN Replication Protocol, that's my humble opinion. 267 00:16:22,346 --> 00:16:27,636 But nonetheless, here's what Cisco's goal was and it really was, it really was a good idea. 268 00:16:27,636 --> 00:16:31,116 You know why I'm saying this, that I'm going to have this kicker at the end and I'm like, yeah, 269 00:16:31,116 --> 00:16:33,816 and it's not a good idea anymore and you're right. 270 00:16:33,816 --> 00:16:40,436 So, VTP was a great idea because what would happen is it would save you configuration work 271 00:16:40,436 --> 00:16:42,516 and make your network totally consistent. 272 00:16:42,896 --> 00:16:47,036 So, the way VTP works is you would link up all your switches with trunks. 273 00:16:47,036 --> 00:16:49,556 So we've got 802.1Q running everywhere here. 274 00:16:49,556 --> 00:16:50,596 This is our trunking, right? 275 00:16:50,596 --> 00:16:55,066 8021Q Trunk, that bridge [inaudible] switch together 276 00:16:55,196 --> 00:16:57,226 and I would go in and I would create a VLAN. 277 00:16:57,226 --> 00:17:01,496 Let's say VLAN 10 and I name it, that's one of the things you can do. 278 00:17:01,496 --> 00:17:03,646 We'll say name sales. 279 00:17:04,226 --> 00:17:08,306 Now VTP immediately goes, "Oh, I'm going to update my database." 280 00:17:08,306 --> 00:17:09,586 It looks like they made a change, 281 00:17:09,826 --> 00:17:13,536 all the switches by the way start their database at Revision 0. 282 00:17:13,536 --> 00:17:14,516 So it's Revision 0. 283 00:17:14,656 --> 00:17:15,936 And now it goes, "Okay, they made a change. 284 00:17:15,936 --> 00:17:17,006 They added VLAN 10. 285 00:17:17,156 --> 00:17:19,226 We are at Rev 1." 286 00:17:19,696 --> 00:17:23,476 He sends an announcement saying, "Rev 1," this guy is like, "Oh, sweet Rev 1. 287 00:17:23,476 --> 00:17:24,146 I want Rev 1. 288 00:17:24,396 --> 00:17:25,156 Rev 1, Rev 1." 289 00:17:25,156 --> 00:17:30,106 So all these switches are getting this little revision and they go, "What's to be revised?" 290 00:17:30,106 --> 00:17:31,026 My VLAN database. 291 00:17:31,026 --> 00:17:33,786 So they now all have VLAN 10, VLAN 10. 292 00:17:34,146 --> 00:17:38,926 So, it saves you the time, 'cause normally, I have to go switch by switch, 293 00:17:38,926 --> 00:17:43,076 by switch and add in VLAN 10 and add in and name it and give it a name. 294 00:17:43,076 --> 00:17:45,446 I mean, I know I'm making it sound like a lot of work, and it kind of is. 295 00:17:45,446 --> 00:17:48,716 But VTP just makes it that much easier and then they go in there and say, "Well, 296 00:17:48,716 --> 00:17:52,116 I'm going to add VLAN 20, maybe VLAN 20 is marketing." 297 00:17:52,526 --> 00:17:55,696 And it goes, "Okay, Rev 2, Rev 2, Rev 2, Rev 2." 298 00:17:55,696 --> 00:17:57,356 I mean, it's almost instantaneous. 299 00:17:57,356 --> 00:17:58,706 It's like snap your fingers, bam! 300 00:17:58,706 --> 00:18:00,906 VLAN 20 appears on all the switches. 301 00:18:00,906 --> 00:18:05,066 And now, all you have to do is start assigning the ports to it, so it knows which ports belong 302 00:18:05,066 --> 00:18:07,936 in which VLANS, but it saves you a big part of your configuration. 303 00:18:07,936 --> 00:18:09,756 So that's really cool. 304 00:18:10,196 --> 00:18:11,886 Here's where the problem comes in. 305 00:18:12,626 --> 00:18:14,646 I'm talking about all these, right? 306 00:18:14,646 --> 00:18:20,086 Let's say that you go out on eBay after this discussion like, "I got to do this. 307 00:18:20,086 --> 00:18:22,216 I'm going to go on eBay, I'm going to buy a switch." 308 00:18:22,216 --> 00:18:26,116 You look at the description and it says, you know, "Cisco 3550. 309 00:18:26,116 --> 00:18:32,036 You know, the company went out of business, used it for eight years, still works great, you know, 310 00:18:32,126 --> 00:18:34,886 their loss, your gain, buy it now 50 dollars." 311 00:18:34,886 --> 00:18:36,766 And you're like, "Fifty dollars, that's great." 312 00:18:36,876 --> 00:18:37,876 So you buy it now, bam! 313 00:18:38,096 --> 00:18:39,066 You get the switch in the mail. 314 00:18:39,856 --> 00:18:46,466 You go to log on and you find out it has the company's old configuration on it, that's cool. 315 00:18:46,856 --> 00:18:50,736 Because it's very easy to do password recovery in a Cisco switch, 316 00:18:50,926 --> 00:18:54,446 and I love when I get stuff off eBay where it has old configurations 'cause I 317 00:18:54,446 --> 00:18:56,316 like seeing how people's network are setup. 318 00:18:56,316 --> 00:18:57,466 I'm like, "Oh, oh." 319 00:18:57,586 --> 00:18:59,126 You know, and I just like seeing that. 320 00:18:59,126 --> 00:19:02,486 So, you kind of-- you look at it, you're like, "Man, this is really cool. 321 00:19:02,486 --> 00:19:03,876 Oh well, okay let's erase it." 322 00:19:03,876 --> 00:19:06,466 So, you erased the configuration on the switch. 323 00:19:06,466 --> 00:19:09,896 You do, right erase is one of the ways to do it, quick way. 324 00:19:10,236 --> 00:19:11,756 Reboot, okay, I'm back to a clean config. 325 00:19:11,756 --> 00:19:13,736 Okay, I'm playing around at home doing my thing, right? 326 00:19:13,736 --> 00:19:15,936 And all a sudden I'm like, "Ah, I got to go to work." 327 00:19:17,006 --> 00:19:18,826 And then the thought hits your mind. 328 00:19:19,576 --> 00:19:22,226 You know what, I have a lot of downtime at work. 329 00:19:22,226 --> 00:19:28,306 Maybe I can bring my switch to work that I got off eBay and just do a little studying. 330 00:19:29,016 --> 00:19:30,576 And so, you're like, "That's a great idea." 331 00:19:30,576 --> 00:19:33,456 So you bring your switch to work and you configure, "You know, man, this is great", 332 00:19:33,456 --> 00:19:34,886 and all of a sudden, it hits you again. 333 00:19:35,176 --> 00:19:40,886 You're like, "You know what, I've got this home switch," poof, enter the picture. 334 00:19:41,376 --> 00:19:45,176 "And I've been playing around but I want this to be real. 335 00:19:45,526 --> 00:19:47,146 Here's what I want to do. 336 00:19:47,146 --> 00:19:52,666 I want to take my cubicle here and I've got this little wall jack and I'm going 337 00:19:52,666 --> 00:19:55,006 to unplug my computer that's plugged in. 338 00:19:55,006 --> 00:19:58,746 I'm just going to-- I'm going to plug it into my home switch." 339 00:19:59,196 --> 00:20:04,976 And you click in there and you-- if it were made for TV movie, you know, it would be slow motion. 340 00:20:05,086 --> 00:20:08,896 There would be some guy jumping over the cubicle going, "Nooo!" 341 00:20:08,896 --> 00:20:12,146 You know, there'll be some drama here but for now, you just click it in. 342 00:20:12,326 --> 00:20:14,936 Light goes green and all of a sudden, poof! 343 00:20:15,516 --> 00:20:18,916 First thing you notice you know-- first thing anybody notices, you'll see a head poke 344 00:20:18,916 --> 00:20:25,256 up in the cubicle farms and, you know, Bob down the hall is like, "Hey, is your email up?" 345 00:20:25,256 --> 00:20:28,086 You know, someone else is like, "No, my Facebook access isn't up either." 346 00:20:28,086 --> 00:20:32,166 You know, like people immediately notice email and Facebook going down, 347 00:20:32,576 --> 00:20:35,786 and you're kind of like, "Oh, yeah," and you kind of unplugged it 348 00:20:35,786 --> 00:20:38,336 and shoved the switch in the drawer. 349 00:20:38,466 --> 00:20:39,326 What happened? 350 00:20:39,946 --> 00:20:46,686 Well, what happened was you got this switch from company X on eBay where they've been using it 351 00:20:46,686 --> 00:20:49,946 for eight years and they've probably made bajillion VLAN changes. 352 00:20:50,646 --> 00:20:53,826 You know, deleting VLANs, adding VLANs all that kind of stuff over the years. 353 00:20:53,826 --> 00:20:59,996 Maybe they're up to VTP Rev 302, and maybe that switch on there had VLAN 100. 354 00:21:00,086 --> 00:21:04,086 That's was the only VLAN, you know, at this point because you're playing with it in your lab 355 00:21:04,086 --> 00:21:05,626 or whatever, that's the only VLAN that you had. 356 00:21:05,816 --> 00:21:09,216 Well, as soon as you connected it to that wall jack, it goes through the ceiling 357 00:21:09,216 --> 00:21:10,596 and eventually connects back here. 358 00:21:10,876 --> 00:21:17,966 This guy is like, "Hey buddy, I've got VTP Rev 1302." 359 00:21:17,966 --> 00:21:21,176 Your corporate switch is like, "Great, I'm at 2. 360 00:21:21,176 --> 00:21:23,636 You know, it's like, you're way better." 361 00:21:23,876 --> 00:21:29,266 So, the way VTP work is it's not like, "Let's talk, let's kind of merge our VLANs 362 00:21:29,266 --> 00:21:30,716 to get"-- no, that's not how it works. 363 00:21:30,716 --> 00:21:34,326 He's like, "1302 says there is no VLAN 20. 364 00:21:34,326 --> 00:21:40,766 1302 says, there is no VLAN 10, 1302 has told me the only VLAN that there is, is VLAN 100." 365 00:21:40,996 --> 00:21:43,366 And like I said, it's very fast, bam! 366 00:21:43,706 --> 00:21:48,866 Bam! All your VLANs are gone in your entire enterprise, all replaced by VLAN 100. 367 00:21:48,866 --> 00:21:50,216 You know what that looks like? 368 00:21:50,936 --> 00:21:55,776 You walked in to the IT room and you see the switches and they've all turned amber. 369 00:21:55,776 --> 00:22:01,856 Every light on them totally has gone from green and flicking and happy to this amber 370 00:22:01,856 --> 00:22:04,926 like death-like state and usually, the IT person passes 371 00:22:04,926 --> 00:22:06,716 out when they see it 'cause the entire network is not. 372 00:22:06,856 --> 00:22:15,536 What has happened is it eliminated VLANs 10 and 20, but all the ports are assigned to those. 373 00:22:16,236 --> 00:22:18,966 So it's not like the ports are like, "Oh, well, I guess our VLAN went away. 374 00:22:18,966 --> 00:22:21,336 Let's all go over to VLAN 100 now." 375 00:22:21,336 --> 00:22:22,296 They don't do that. 376 00:22:22,296 --> 00:22:27,036 They're like, "No, I'm still in VLAN 20 and VLAN 20 doesn't exist so I'm going 377 00:22:27,036 --> 00:22:30,946 to turn myself off, and I'm going to put myself in a disabled state." 378 00:22:30,946 --> 00:22:34,616 So essentially, your entire network goes down. 379 00:22:34,846 --> 00:22:37,196 Now, I know what you might be thinking. 380 00:22:37,386 --> 00:22:41,986 You're like, but wait a sec, didn't you say I erased the switch, you know? 381 00:22:42,146 --> 00:22:44,386 If you're speaking for my life, didn't you tell me 382 00:22:44,386 --> 00:22:46,546 that I erased the switch before I bring it in? 383 00:22:46,546 --> 00:22:47,256 Yes, I did. 384 00:22:47,596 --> 00:22:52,436 Because VTP revisions survive configuration resets. 385 00:22:53,106 --> 00:22:56,626 VLANs survive configuration resets. 386 00:22:56,966 --> 00:23:00,796 So this little story could happen. 387 00:23:00,906 --> 00:23:05,096 But now, let me add in a little reality to it. 388 00:23:05,246 --> 00:23:07,886 Well, first of, it has happened a lot. 389 00:23:08,236 --> 00:23:10,166 It completely takes on the network. 390 00:23:10,336 --> 00:23:14,826 And the problem is, you know, people-- first of, it takes somebody some time to figure 391 00:23:14,826 --> 00:23:17,156 out what time-- I mean, you walk in, the entire thing is down. 392 00:23:17,156 --> 00:23:19,536 You're not thinking, "Oh, my VLANs must be gone." 393 00:23:19,536 --> 00:23:23,306 You're thinking virus, worm, outbreak, failure. 394 00:23:23,306 --> 00:23:25,166 You know, you're on the phone you're like, "What do I do?" 395 00:23:25,376 --> 00:23:29,066 You're not even thinking straight when something like this occurs, I mean, everybody is yelling. 396 00:23:29,066 --> 00:23:30,856 You know, company is like, "We're sending everybody home 397 00:23:30,856 --> 00:23:33,246 for the day, losses," it's not good. 398 00:23:33,796 --> 00:23:36,006 So, this is one of those not good days. 399 00:23:36,036 --> 00:23:39,706 So by time you finally do figure out, you're like, "Oh man, my VLANs are gone." 400 00:23:39,996 --> 00:23:44,956 A common fix is you take a switch off, you restore the configuration from backup, 401 00:23:44,956 --> 00:23:47,826 you're like, "Okay, well let's put the old VLANs back on," and you reconnect it. 402 00:23:47,986 --> 00:23:49,776 What happen as soon as you reconnect? 403 00:23:50,076 --> 00:23:54,596 Bam! Revision 1302 comes in and destroys you and deletes your VLAN again. 404 00:23:54,816 --> 00:23:58,706 The only way that you're going to get it back is to manually add your VLANs back in. 405 00:23:58,706 --> 00:24:00,966 So you go, "Okay, VLAN 10 exists." 406 00:24:00,966 --> 00:24:05,836 Now, we're up to Rev 1303 and now that replicates up, VLAN 20 exists, 407 00:24:05,836 --> 00:24:09,956 1304 and we start getting our VTP Revs back up. 408 00:24:09,956 --> 00:24:14,846 So, now let me add in now a little protection. 409 00:24:15,436 --> 00:24:20,296 The way VTP works is through a common domain name. 410 00:24:21,416 --> 00:24:27,586 A lot of companies make it their company name like Intel, they'll have the VTP domain Intel. 411 00:24:27,756 --> 00:24:33,986 So, if this guy comes in and doesn't have the same VTP domain name as the rest 412 00:24:33,986 --> 00:24:36,726 of the switches, then his revision will be ignored. 413 00:24:36,916 --> 00:24:39,916 So, I know you're like kind of go, "Okay, that's a little better." 414 00:24:40,076 --> 00:24:42,066 Well, here's where it usually happens. 415 00:24:42,196 --> 00:24:46,566 This-- By the way VTP outages are-- they are common. 416 00:24:46,736 --> 00:24:52,086 You know, if-- give me a group of, you know, 10 Cisco people that have worked for, you know, 417 00:24:52,086 --> 00:24:55,966 10 to 15 years in the field and I guarantee you, probably two or three 418 00:24:55,966 --> 00:24:59,616 of them have seen a complete network takedown from VTP. 419 00:24:59,616 --> 00:25:03,346 So, where it usually happens is in the lab environment. 420 00:25:03,656 --> 00:25:08,886 You got the company lab, right, where the company buys some stuff for people to play 421 00:25:08,886 --> 00:25:10,796 with so that they can do testing. 422 00:25:10,796 --> 00:25:13,906 They can do experiment without messing with the production environment. 423 00:25:14,146 --> 00:25:18,676 Well, what ends up happening is, you know, there's a switch in the lab that seems 424 00:25:18,676 --> 00:25:23,596 to be totally functional, totally fine that we've just been playing with for a long time. 425 00:25:23,676 --> 00:25:26,626 In a crisis, the company is like, "Oh man, we're out of switches 426 00:25:26,626 --> 00:25:28,096 and we just hired three more people. 427 00:25:28,306 --> 00:25:29,946 Do we have any spares anywhere?" 428 00:25:30,266 --> 00:25:34,416 You know, again, made for TV movie, slow motion music comes as somebody walks in the lab 429 00:25:34,796 --> 00:25:40,106 and brings out this lab switch which has a higher VTP Rev than the corporate network 430 00:25:40,106 --> 00:25:44,606 and happens to mirror the config in many ways as the corporate network 431 00:25:44,606 --> 00:25:47,706 but maybe doesn't have the same VLAN numbers and click. 432 00:25:47,706 --> 00:25:51,056 You know, that's where it wipes out the entire network. 433 00:25:51,056 --> 00:25:52,786 So, that's VTP. 434 00:25:52,786 --> 00:25:57,646 It's kind of like, "Yeah, that was a cool idea," but I will tell you Cisco now, 435 00:25:57,646 --> 00:25:59,496 they have changed their recommendation. 436 00:25:59,596 --> 00:26:03,196 Cisco will tell you in big bold red letters, "Don't use it." 437 00:26:03,956 --> 00:26:10,066 Despite Cisco's recommendations, many people still do use VTP 'cause it is really handy. 438 00:26:10,316 --> 00:26:13,356 And as long as you are very careful, it works well. 439 00:26:13,356 --> 00:26:17,006 Now, like I said, for every 10 Cisco people, there'tr two or three of them 440 00:26:17,006 --> 00:26:19,846 that have seen a complete network outage, but that means there are seven or eight of them 441 00:26:19,846 --> 00:26:22,986 that are like, "Yeah, it's totally fine." 442 00:26:22,986 --> 00:26:28,216 So, when you're using VTP, there are three modes that it can be in. 443 00:26:28,836 --> 00:26:32,006 A Cisco switch can be a VTP server which is the default. 444 00:26:32,006 --> 00:26:35,686 When you pull it out of the box, every Cisco switch has a VTP server. 445 00:26:35,686 --> 00:26:41,366 And that means it has the power to create VLANs, to delete VLANs, to rename VLANs, 446 00:26:41,366 --> 00:26:44,986 it can do all that stuff and then send the updates to all the other servers. 447 00:26:44,986 --> 00:26:49,196 Now, you can have all your switches, be servers if you want to. 448 00:26:49,196 --> 00:26:53,276 And that just means you can change your VLAN configuration from any switch. 449 00:26:53,506 --> 00:26:59,966 Now, if you are going to use VTP, what Cisco recommends is saying, you have one server, 450 00:26:59,966 --> 00:27:04,116 meaning one place that you can change VLANs from and all the rest 451 00:27:04,116 --> 00:27:06,276 of them are configured as clients. 452 00:27:06,496 --> 00:27:09,366 So the client switches you can't update VLANs. 453 00:27:09,366 --> 00:27:14,956 They will only accept updates and send updates, you know, if, you know, for instance, 454 00:27:14,956 --> 00:27:18,096 there's a server down here or something like that, he'll accept updates 455 00:27:18,096 --> 00:27:21,116 and he'll send updates to the other switches. 456 00:27:21,406 --> 00:27:24,476 But you can't go in there and change VLANs, delete VLANs. 457 00:27:24,476 --> 00:27:28,596 If you try to, if you log on to that switch and you're like, "Okay, add VLAN 20." 458 00:27:28,906 --> 00:27:31,456 It's going to be like, "Sorry, you're a VTP client. 459 00:27:31,456 --> 00:27:32,196 You can't do that." 460 00:27:32,196 --> 00:27:35,446 Now there-- you might be like, "Well, this seems safe. 461 00:27:35,496 --> 00:27:38,066 How can I-- cause problem?" 462 00:27:38,266 --> 00:27:41,386 Well, a lot of times, we are our own worst enemies, right? 463 00:27:41,646 --> 00:27:47,186 Because you log in to that client switch and like, "Oh, man, I got to add VLAN 20," 464 00:27:47,726 --> 00:27:50,746 and you get the message, "I'm sorry, this is a VTP client." 465 00:27:51,166 --> 00:27:54,426 And you're like, "Well buddy, it's one command." 466 00:27:54,666 --> 00:27:55,486 "No you're not. 467 00:27:55,666 --> 00:27:56,546 You're a server." 468 00:27:56,706 --> 00:28:00,656 You type in-- it's a literally command, it's a VTP mode server and poof! 469 00:28:00,656 --> 00:28:05,156 Now, I can add my VLAN without trying to figure out where in the network my VTP server is. 470 00:28:05,186 --> 00:28:10,176 So, good intention but a lot of times, our own self-discipline gets away from us. 471 00:28:10,886 --> 00:28:15,206 Transparent mode, now, the Cisco recommended mode. 472 00:28:15,206 --> 00:28:19,406 VTP transparent mode essentially means I am not using VTP. 473 00:28:20,506 --> 00:28:24,946 Truth be told, the way Cisco switches work is there is no way to-- 474 00:28:24,946 --> 00:28:27,966 you know, I'll put in quotes, turn off VTP. 475 00:28:28,086 --> 00:28:31,246 Like you can go in there and say, "No VTP" and stop running it. 476 00:28:31,516 --> 00:28:34,486 But you can go in and say, "I'm running VTP Transparent mode." 477 00:28:34,486 --> 00:28:37,766 And what that means is, now, every single switch, if it's transparent, 478 00:28:37,996 --> 00:28:42,916 every switch can change VLANs, it can modify VLANs, it can delete VLANs, 479 00:28:42,916 --> 00:28:49,186 it can do whatever we want, but I'm not ever going to tell that VLAN information 480 00:28:49,186 --> 00:28:52,016 to anybody else, meaning I'm not really participating. 481 00:28:52,156 --> 00:28:56,646 Now, if somebody sends me a VTP update, if maybe somebody else is running VTP, I'll be like, 482 00:28:56,766 --> 00:28:59,706 "Hey, thanks, I'll forward that on to any other switches that need it. 483 00:28:59,706 --> 00:29:02,156 But you know what, I'm not looking at it. 484 00:29:02,156 --> 00:29:03,696 I'm a transparent switch." 485 00:29:03,696 --> 00:29:05,646 You know, think of the words, "I'm transparent. 486 00:29:05,646 --> 00:29:09,906 I don't exist to you," or we can add some movie drama, "I'm dead to you." 487 00:29:09,956 --> 00:29:15,286 You know, all the switches that are transparent totally ignore it, but it is worthwhile knowing 488 00:29:15,496 --> 00:29:21,066 like if I have a VTP server here and a VTP server here and he's sending an update, 489 00:29:21,236 --> 00:29:24,976 the transparent switch will ignore it and yet still pass it over that server. 490 00:29:26,346 --> 00:29:29,296 One more neat feature associated with VTP. 491 00:29:29,296 --> 00:29:31,316 It's the concept of VLAN pruning. 492 00:29:32,076 --> 00:29:36,376 What this allows you to do is stop VLANs from crossing links where they don't belong. 493 00:29:36,616 --> 00:29:39,856 So, let's say, you've got this environment and setup 494 00:29:39,856 --> 00:29:42,316 with three switches, you create three VLANs. 495 00:29:42,316 --> 00:29:46,976 We'll just for now call them VLAN green, VLAN blue, and VLAN red, 496 00:29:47,076 --> 00:29:48,586 you know, which match up to some number. 497 00:29:48,676 --> 00:29:49,966 So those are all created. 498 00:29:50,246 --> 00:29:54,976 Those using VTP automatically replicate and now appear on all the switches. 499 00:29:54,976 --> 00:29:59,956 However, on this bottom switch, you only assign computers to the red and blue VLAN. 500 00:30:00,296 --> 00:30:02,066 You don't assign anything to the green VLAN. 501 00:30:02,696 --> 00:30:07,256 Well, what VTP will do is have this switch report back and say, "Hey, 502 00:30:07,506 --> 00:30:09,526 green VLAN, we don't need it here." 503 00:30:09,746 --> 00:30:11,196 There're no ports that belong here. 504 00:30:11,196 --> 00:30:16,606 So, the switch-- this switch automatically prunes green traffic from coming down here. 505 00:30:16,606 --> 00:30:22,536 So if a green computer sends a broadcast that will come down here but then stop. 506 00:30:22,536 --> 00:30:25,146 It doesn't continue on and like you see right here, 507 00:30:25,236 --> 00:30:28,736 stops all the unnecessary broadcast traffic from crossing the links. 508 00:30:28,736 --> 00:30:34,346 Well, that's great, but here's the funny thing, Cisco with their design and like, yeah, 509 00:30:34,346 --> 00:30:36,916 you should have one server and then multiple clients. 510 00:30:36,916 --> 00:30:42,116 Well, VTP pruning only works if you have all VTP servers. 511 00:30:42,366 --> 00:30:47,696 Like if this guy is a VTP client, you won't participate in VTP pruning. 512 00:30:47,696 --> 00:30:50,916 So, a little ironic with the design there. 513 00:30:51,096 --> 00:30:58,646 Now some of you might be thinking, "Well, if we can't use VTP to do this, then how do we do it?" 514 00:30:59,316 --> 00:31:02,916 Manually. You go back to this-- the manual model. 515 00:31:02,916 --> 00:31:04,876 That's how everybody else does it. 516 00:31:04,876 --> 00:31:07,866 You go to every switch that needs the VLAN, you manually create it, 517 00:31:08,056 --> 00:31:10,336 you manually add it to the trunk and that's okay. 518 00:31:10,336 --> 00:31:13,966 I mean, if everything was auto, we wouldn't really be paid for anything. 519 00:31:13,966 --> 00:31:18,096 And I will tell you and this is kind of a rule in general. 520 00:31:18,716 --> 00:31:24,966 With anything auto in network technology, mantra is you auto not use it 521 00:31:25,386 --> 00:31:28,126 because it leaves too much to chance. 522 00:31:28,126 --> 00:31:32,766 Anything that it's kind of like, "Oh, don't worry, it just kind of figures it out for you." 523 00:31:33,056 --> 00:31:34,236 I'm always like, "Really? 524 00:31:35,046 --> 00:31:39,956 All the time, every time, 100 percent at time it figures it out for me," I'd feel better. 525 00:31:39,956 --> 00:31:45,596 I would just feel better if I could say, "Okay, that trunk has this, this, and this VLAN." 526 00:31:45,596 --> 00:31:50,316 That would just make me feel better to manually type that in because again, 527 00:31:50,536 --> 00:31:54,516 it's not that much work and it impacts so much. 528 00:31:54,516 --> 00:31:56,646 So I would love for it to come back and say, "Okay, 529 00:31:56,886 --> 00:31:59,276 if it's working, I look at them like that's good. 530 00:31:59,276 --> 00:31:59,956 It's all me. 531 00:31:59,956 --> 00:32:02,086 I know exactly"-- that sounded bad. 532 00:32:02,236 --> 00:32:04,066 "It's all me, yeah." 533 00:32:04,346 --> 00:32:08,686 But no, if it's working I'm like, you know, "I know exactly what that configures. 534 00:32:08,686 --> 00:32:11,306 I have backups that config, I know what it looks like. 535 00:32:11,306 --> 00:32:14,026 It's not just like, "Well, it just kind of happened. 536 00:32:14,026 --> 00:32:15,616 They just kind of figured it out." 537 00:32:15,716 --> 00:32:18,006 And then if something goes wrong, I'm like, "What's going wrong? 538 00:32:18,006 --> 00:32:20,966 You know, what auto mechanism did this to me?" 539 00:32:21,126 --> 00:32:26,796 So, that's the overview of why we don't use VTP anymore. 540 00:32:27,156 --> 00:32:32,896 So, to summarize, we saw in this Nugget how the trunks really work and that's using 541 00:32:32,896 --> 00:32:39,426 that 802.1Q protocol, industry standard protocol that works VLANs across the board. 542 00:32:39,836 --> 00:32:45,116 We saw the VLAN lingo of Native VLAN so we know what that concept is. 543 00:32:45,116 --> 00:32:50,576 It's essentially the untagged VLAN or the untagged I should say number when we're working 544 00:32:50,856 --> 00:32:53,976 on trunks-- my little [inaudible] connecting it. 545 00:32:53,976 --> 00:32:57,366 When we're working on trunks, if I send something without a tag it belongs 546 00:32:57,366 --> 00:33:00,796 on that Native VLAN, and then of course we discuss VTP and all its glory. 547 00:33:01,256 --> 00:33:04,276 I hope this has been informative for you and I'd like to thank you for viewing. 53732