Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,586 --> 00:00:05,246 >> So we've got the concepts, we understand what VLANs are as well 2 00:00:05,246 --> 00:00:07,746 as some scenarios where we might use them. 3 00:00:07,746 --> 00:00:09,526 Now, let's talk about how to configure them. 4 00:00:09,936 --> 00:00:14,876 In no particular order, we're going through configuring trunking, the VLAN trunking protocol 5 00:00:14,876 --> 00:00:20,496 which is what not a trunking protocol and we'll look at configuring VLANs. 6 00:00:21,706 --> 00:00:23,906 There is two different scenarios I want to show you. 7 00:00:24,036 --> 00:00:28,546 This first one kind of the simpler which is a single switch configuration of VLANs 8 00:00:28,866 --> 00:00:30,286 and then I want to expand into it. 9 00:00:30,286 --> 00:00:34,606 I want to kind of nationally grow as we move in to a multi-switch and that's where we're going 10 00:00:34,606 --> 00:00:36,606 to get in the trunking and VTP and all that. 11 00:00:36,956 --> 00:00:39,806 But starting off simple, on a single switch, 12 00:00:40,076 --> 00:00:43,716 all we need to do is create the VLANs and assign the devices. 13 00:00:43,996 --> 00:00:48,846 Now I want to make sure, it's so easy when you get into Cisco to get lost in the commands 14 00:00:49,096 --> 00:00:52,686 but then when you kind of come out of it, and you're like, "Okay, 15 00:00:52,686 --> 00:00:54,336 so I've got the commands," you kind of miss. 16 00:00:54,336 --> 00:00:56,416 You're like, "Okay, what did I use those for again? 17 00:00:56,416 --> 00:00:59,036 You know, it's like the concept and the commands get this connected. 18 00:00:59,036 --> 00:01:03,036 So what we're doing here is creating VLANs to separate devices. 19 00:01:03,036 --> 00:01:06,446 It could be we've got sales and marketing over here. 20 00:01:06,446 --> 00:01:12,556 It could be that we have a server farm over here and we've got our normal users over here. 21 00:01:12,666 --> 00:01:14,026 I mean there's all kinds of different scenarios. 22 00:01:14,026 --> 00:01:17,926 Let me give you just one, I thought of this as a great common example 23 00:01:18,256 --> 00:01:21,846 of where VLANs can be use to actually save a lot of money. 24 00:01:21,846 --> 00:01:25,366 So, and I'll also put some disclaimers on this at the end. 25 00:01:25,706 --> 00:01:31,616 But a common way to setup your internet connection is to put two routers on the outside 26 00:01:31,616 --> 00:01:33,556 of your network that connects to the service provider. 27 00:01:33,556 --> 00:01:39,186 So, let's say your service provider, let's just give it a name, is AT&T up here 28 00:01:39,426 --> 00:01:40,906 and so we have redundant routers. 29 00:01:40,906 --> 00:01:43,536 So that way if one goes down, we have a backup over the other 30 00:01:43,536 --> 00:01:48,326 so you've got this redundant router setup and those redundant routers connect to a switch. 31 00:01:48,626 --> 00:01:53,096 And then that switch connects to yet another layer called the firewall. 32 00:01:53,476 --> 00:01:57,056 So I'll put router, router, firewall, firewall on here. 33 00:01:57,316 --> 00:02:00,526 So this think of this as like the second layer of protection. 34 00:02:00,526 --> 00:02:03,926 These guys catch the big attacks that come in but they're really routers. 35 00:02:03,926 --> 00:02:08,216 They're not meant to do too much security but these guys are really the screeners. 36 00:02:08,216 --> 00:02:10,676 They're the ones that are like, okay if you don't belong here, 37 00:02:10,676 --> 00:02:12,106 you're not getting in, that's the firewall. 38 00:02:12,276 --> 00:02:17,376 And then we come back here to our internal switches or core switches. 39 00:02:17,706 --> 00:02:20,466 And oftentimes, depending on the kind of internet connection, 40 00:02:20,466 --> 00:02:24,746 we'll even have some switches on the outside like AT&T would plug into these switches. 41 00:02:24,746 --> 00:02:27,376 And what that allows us to do is actually, I mean, if we were too look 42 00:02:27,376 --> 00:02:31,036 at all the physical cabling, we would have-- let me add a different color here, 43 00:02:31,036 --> 00:02:32,836 we'd have redundant connections like this. 44 00:02:34,096 --> 00:02:38,816 So that way, if anyone's switch went down, if anyone's router went down, no matter what, 45 00:02:38,816 --> 00:02:41,406 we always had kind of a way that we can get there, right? 46 00:02:41,406 --> 00:02:43,556 So you kind of-- that's the scenario. 47 00:02:43,766 --> 00:02:47,126 Now that the problem with-- I shouldn't say problem but challenge 48 00:02:47,126 --> 00:02:49,906 that some companies experience is Cisco switches are not cheap. 49 00:02:50,356 --> 00:02:56,716 And when you look at buying this, you're like okay 1, 2, 3, 4, 5, I mean, it's kind of like, 50 00:02:57,096 --> 00:03:02,096 1000, 2000, 3000, 4000 I mean, you just start adding up the thousands of dollars 51 00:03:02,096 --> 00:03:04,166 that this kind of design works on. 52 00:03:04,166 --> 00:03:08,896 But one of the ways that you can use VLANs and again, I'll disclaimer this but this is-- 53 00:03:08,896 --> 00:03:13,556 I've done this a lot to where you actually have one switch-- 54 00:03:14,276 --> 00:03:16,546 no, we'll just say two switches here for the redundancy. 55 00:03:16,846 --> 00:03:23,366 And I say, "Okay, these ports 1 through 4 are in VLAN 10, ports, 56 00:03:23,596 --> 00:03:28,796 let's do, 5 trough 8 are in VLAN 20. 57 00:03:29,056 --> 00:03:35,556 And VLAN 10 will be-- we'll call it the outside, VLAN 20 will be what we call the DMZ VLAN 58 00:03:35,556 --> 00:03:40,946 and then we'll have a VLAN 30, I'm just making sure I got enough ports here. 59 00:03:41,116 --> 00:03:46,096 VLAN 30 which-- there are 9 through, we'll just say 24 if it's a 24-port switch. 60 00:03:46,476 --> 00:03:49,936 VLAN 30 which is our inside. 61 00:03:50,576 --> 00:03:54,606 So what you could do is actually have-- now the diagram is the same. 62 00:03:54,606 --> 00:03:59,286 We've got kind of the outside routers connected to switches which connect 63 00:03:59,286 --> 00:04:02,026 to the-- you know AT&T network, right? 64 00:04:02,376 --> 00:04:07,426 And then coming in here to what we would technically call the DMZ, 65 00:04:08,206 --> 00:04:12,926 demilitarize zone that goes between the routers and the firewalls and the firewalls connecting 66 00:04:12,926 --> 00:04:14,576 to the switches on the inside of network. 67 00:04:14,576 --> 00:04:19,476 Well, that-- still the same logical diagram that connects everything together, 68 00:04:19,476 --> 00:04:21,946 you got all the redundant ports and all that kind of stuff. 69 00:04:21,946 --> 00:04:25,196 But what happens is I'm actually taking like these guys if I were 70 00:04:25,196 --> 00:04:26,746 to look at the physical connection. 71 00:04:27,036 --> 00:04:30,496 Essentially, let's just say this is Fast Ethernet 0/0, 72 00:04:30,726 --> 00:04:34,356 Fast Ethernet 0/0 on router 1 and router 2, right? 73 00:04:34,356 --> 00:04:45,836 So I would have AT&T coming in to ports 1 and 2, router 1 going in here, router 2 going in here 74 00:04:45,836 --> 00:04:50,916 on their Fast Ethernet 0/0 port and then we get into the DMZ. 75 00:04:50,916 --> 00:04:55,186 We go, "Okay, well right here, I'm plugging in router 1 76 00:04:55,186 --> 00:04:59,356 on let's just say this is Fast-Ethernet 0/1 or something like that. 77 00:04:59,356 --> 00:05:01,726 You see what I'm doing here so Fast Ethernet 0/1. 78 00:05:01,726 --> 00:05:04,746 I don't think I gave myself enough ports but you kind of get the idea, 79 00:05:04,976 --> 00:05:11,176 router 2 Fast Ethernet 0/1 goes right here and then we have our firewalls, firewall 1 80 00:05:11,606 --> 00:05:13,586 and firewall 2, that plug-in right here. 81 00:05:13,746 --> 00:05:16,876 And then inside of here, this is where our inside interface. 82 00:05:16,876 --> 00:05:20,066 You know, that would be this side right her, our inside interface or referral. 83 00:05:20,066 --> 00:05:25,876 So what we're doing is we're taking one switch and we're actually using it 84 00:05:26,056 --> 00:05:28,716 to function as three separate switches. 85 00:05:29,176 --> 00:05:31,756 Now, we've got two for redundancy in case something goes down 86 00:05:31,756 --> 00:05:34,836 but we save thousands of dollars by doing that. 87 00:05:34,836 --> 00:05:37,846 Now, let me add the disclaimer to that. 88 00:05:37,846 --> 00:05:42,406 If you have a security auditor come into your network, well, 89 00:05:42,716 --> 00:05:44,966 it depends how much they know about networking. 90 00:05:45,236 --> 00:05:52,236 Some security auditors will be like, "No way dude, you've got the outside world plugging 91 00:05:52,236 --> 00:05:57,086 into the same switch as the DMZ as the inside. 92 00:05:57,086 --> 00:06:00,306 No way, that is going to be a security violation. 93 00:06:00,306 --> 00:06:04,016 You can't do that because it's scary because you have all 94 00:06:04,016 --> 00:06:05,466 of these things plug in the same switch." 95 00:06:05,776 --> 00:06:12,056 Well, typically those are the security auditors that maybe don't know that much about VLANs. 96 00:06:12,146 --> 00:06:14,766 Not saying all of them don't but some don't. 97 00:06:14,766 --> 00:06:18,356 And they've read in a book somewhere that you shouldn't do that and I would say 98 00:06:18,356 --> 00:06:20,176 in a purest model, I would agree. 99 00:06:20,176 --> 00:06:23,106 You know, if you've got thousands to spend and you can drop switches everywhere, 100 00:06:23,106 --> 00:06:24,886 then sure, I would much rather do that. 101 00:06:24,886 --> 00:06:26,186 But a lot of times, networks don't. 102 00:06:26,806 --> 00:06:30,756 Security auditors that know a lot about VLANs will look at this and they'll say, 103 00:06:30,906 --> 00:06:35,706 I am not the most comfortable with it but let me look at your config. 104 00:06:35,706 --> 00:06:38,366 Let me make sure that you've set your VLANs up the right way. 105 00:06:38,606 --> 00:06:42,206 And if you have, they'll be like okay then you're good. 106 00:06:42,206 --> 00:06:43,606 Yeah, I mean it's false. 107 00:06:43,606 --> 00:06:46,386 Now, I'm not going to tell you which security auditor you're going to get 108 00:06:46,386 --> 00:06:47,906 if they ever do audit your network. 109 00:06:48,146 --> 00:06:52,206 But I will say that's one of the things that you can use VLANs for. 110 00:06:52,276 --> 00:06:55,226 I mean that's just, you know, I should have put that on the practical examples 111 00:06:55,226 --> 00:06:59,036 but that's a tough one, that's a mind bender if you haven't really seen it before, 112 00:06:59,036 --> 00:07:01,296 the words like, how did that work? 113 00:07:01,296 --> 00:07:06,886 So just keep the practical in mind, practical examples as we start this configuration. 114 00:07:06,886 --> 00:07:09,896 So it doesn't just become a series of commands that you are typing. 115 00:07:11,476 --> 00:07:13,346 Okay, so let's go into the configuration. 116 00:07:13,436 --> 00:07:16,606 I'm going to bring up my switch, sitting here in user mode, 117 00:07:16,606 --> 00:07:18,276 let's get into privilege mode, enable. 118 00:07:19,356 --> 00:07:23,306 And let's first off get our bearings, like what's going on in this switch. 119 00:07:23,306 --> 00:07:25,396 I'm going to do a show VLAN. 120 00:07:25,396 --> 00:07:31,106 Well, actually before I even do that, I'll do my favorite command, show IP interface brief. 121 00:07:31,106 --> 00:07:34,876 So I type that in, I see okay, this is the switch we've been using the entire time. 122 00:07:35,376 --> 00:07:38,556 VLAN1 is given the IP address 10.1.1.10. 123 00:07:38,556 --> 00:07:39,746 Okay, good, good, got that. 124 00:07:39,746 --> 00:07:46,236 We've got the only port that is currently operational, looks like Fast Ethernet 0/8-- 125 00:07:46,236 --> 00:07:48,576 I've got one more, Fast Ethernet 0/18. 126 00:07:48,826 --> 00:07:55,156 But I'm also looking down, I got a laptop that I just plugged in there to Fast Ethernet 0/24. 127 00:07:55,156 --> 00:07:57,276 So, two ports that are up in this environment. 128 00:07:57,276 --> 00:08:00,036 Now, let me add one more show command to your library. 129 00:08:00,036 --> 00:08:02,786 I'm going to type in the command show VLAN. 130 00:08:03,206 --> 00:08:05,276 Now, some people will-- if you look at documentation, 131 00:08:05,276 --> 00:08:08,146 a lot of times you'll see people type it all the time, show VLAN brief. 132 00:08:08,236 --> 00:08:08,846 That's fine. 133 00:08:08,846 --> 00:08:10,776 I mean it's-- let me show you the difference. 134 00:08:10,776 --> 00:08:16,496 So I do a show VLAN and it shows you kind of, you know, all the VLANs that exist, 135 00:08:16,496 --> 00:08:21,386 so you've got these extraneous VLANs down here and then if you have remote span VLAN, 136 00:08:21,386 --> 00:08:22,496 we're not even going to get in that. 137 00:08:22,496 --> 00:08:24,616 I mean just kind of a little more information. 138 00:08:24,616 --> 00:08:28,086 If I do a show VLAN brief, you can see it kind of cuts off. 139 00:08:28,086 --> 00:08:35,706 I mean it's not that big a deal but it cuts off these extraneous VLANs or this extra information 140 00:08:35,706 --> 00:08:38,516 down at the bottom giving you kind of a little more detailed about information 141 00:08:38,516 --> 00:08:40,856 about what those VLANs are all about. 142 00:08:40,856 --> 00:08:45,346 Really, all we care about I will say is the output of show VLAN brief, so whatever, 143 00:08:45,406 --> 00:08:46,856 you know, whatever command you like to use. 144 00:08:46,856 --> 00:08:52,036 So what we see from this output is that we have currently on the switch one VLAN. 145 00:08:53,246 --> 00:08:55,196 And all of the ports are a member of that. 146 00:08:55,196 --> 00:08:59,946 Now, you might be saying, "Well, no Jeremy, it's five VLANs because I see 1002, 3, 4." 147 00:09:00,176 --> 00:09:04,066 These are actually-- you can see that this status is active. 148 00:09:04,276 --> 00:09:06,826 This one is active and unsupported. 149 00:09:06,826 --> 00:09:08,446 The only reason that they're there is 150 00:09:08,446 --> 00:09:13,246 because somebody created the VLAN standard many moons ago, I mean FDDI network, 151 00:09:13,246 --> 00:09:17,256 this was kind of one of the original fiber optic networks, I mean token ring networks. 152 00:09:17,256 --> 00:09:21,866 It's like hello, we're back in years beyond, you know, at that point. 153 00:09:21,996 --> 00:09:25,116 These were common place when VLANs were first envisioned and created. 154 00:09:25,116 --> 00:09:29,056 And so the standard said, "You got to have these VLANs for those things." 155 00:09:29,056 --> 00:09:31,066 So Cisco being like, "Well, we got to follow the standard." 156 00:09:31,306 --> 00:09:35,476 You've got these VLANs that are on just about every switch that really aren't used at all. 157 00:09:35,596 --> 00:09:41,336 So right now, we have one real VLAN we'll say that exist and all the ports are a member of it. 158 00:09:41,626 --> 00:09:43,096 So how do you set up more? 159 00:09:43,216 --> 00:09:46,686 First off, move to the global configuration mode. 160 00:09:46,686 --> 00:09:49,066 Now, VLANs affect the switch as a whole. 161 00:09:49,426 --> 00:09:51,516 So we do it from here. 162 00:09:51,516 --> 00:09:57,386 We type in VLAN followed by and I'll put the question mark, 163 00:09:57,386 --> 00:09:59,536 and we type in what VLAN number we would like to create. 164 00:09:59,536 --> 00:10:03,946 So I will say VLAN 50, how about we start there, VLAN 50. 165 00:10:04,486 --> 00:10:09,006 Now, it takes me into a VLAN configuration mode, not that much I can do from here. 166 00:10:09,006 --> 00:10:12,936 I mean I'll say there's one main thing that I do and that is going 167 00:10:12,936 --> 00:10:15,156 to be changing the name of the VLAN. 168 00:10:15,156 --> 00:10:18,156 You can see it right there in the list, asking name. 169 00:10:18,246 --> 00:10:20,166 It's always good to name them because let me show you. 170 00:10:20,286 --> 00:10:28,536 If I do a show VLAN-- you have to actually exit out to apply the VLAN configuration. 171 00:10:28,896 --> 00:10:30,226 But you can see that it names it. 172 00:10:30,226 --> 00:10:32,526 The name of this is VLAN 0050. 173 00:10:32,976 --> 00:10:37,056 Not too descriptive when you're trying to figure out what exactly that VLAN is. 174 00:10:37,086 --> 00:10:41,176 So go back in there and I'll type in name and let's just do sales. 175 00:10:41,636 --> 00:10:45,276 Any time I type names in Cisco, I like doing it in all capitals 176 00:10:45,456 --> 00:10:48,096 because when I'm doing a show run, it stands out to me more. 177 00:10:48,286 --> 00:10:49,646 I'm like, look, right there. 178 00:10:49,646 --> 00:10:50,746 That something I type in. 179 00:10:50,746 --> 00:10:54,376 Or like when I do an interface description, if I go under an interface, 180 00:10:54,376 --> 00:10:59,946 they do interface Fast Ethernet 0/1, I say description and I'll put on my caps lock key, 181 00:11:00,196 --> 00:11:05,676 UPLINK TO AT&T ROUTER or something like that. 182 00:11:05,676 --> 00:11:10,226 That way when I do a show run interface, you know, I see all the output. 183 00:11:10,226 --> 00:11:12,646 Immediately, I kept my eyes just kind of draw to that. 184 00:11:12,646 --> 00:11:14,476 I'm like okay, that's what the description is. 185 00:11:14,476 --> 00:11:17,836 So I now have my first VLAN. 186 00:11:17,836 --> 00:11:24,676 Let me do a show VLAN brief and I've got VLAN 50 is sales, we've named it and it's that easy. 187 00:11:24,676 --> 00:11:25,656 I mean we can go in there. 188 00:11:25,916 --> 00:11:27,626 We can type in VLAN 100. 189 00:11:29,536 --> 00:11:31,596 Name, servers. 190 00:11:32,826 --> 00:11:35,026 Now, I'm jumping VLAN by the 50's. 191 00:11:35,096 --> 00:11:36,256 That's not normal. 192 00:11:36,256 --> 00:11:39,746 Usually people will say, okay, VLAN 10, VLAN 11, 12, 13. 193 00:11:40,016 --> 00:11:46,076 But you can create any VLAN number you'd like between 1 in 4,096 194 00:11:46,076 --> 00:11:48,566 so I can do that show VLAN brief. 195 00:11:48,566 --> 00:11:49,866 I now see two VLANs are created. 196 00:11:49,866 --> 00:11:53,106 Now I've created them but they're not doing anything. 197 00:11:53,406 --> 00:11:54,266 They're just there. 198 00:11:54,266 --> 00:11:55,326 They're in the running config. 199 00:11:55,596 --> 00:12:00,166 I actually have to assign ports to them before they are active. 200 00:12:00,166 --> 00:12:01,806 You can see step 3 up there on the screen. 201 00:12:02,246 --> 00:12:06,496 Now, right now let me get resituated here. 202 00:12:06,836 --> 00:12:08,996 I'll do a show IP interface brief. 203 00:12:10,736 --> 00:12:17,816 Right now, I have port Fast Ethernet 0/17. 204 00:12:17,816 --> 00:12:18,746 This guy right here. 205 00:12:19,146 --> 00:12:24,006 Oh wait, no 18, 18 is connected to my PC, the one that I'm sitting in front of right now. 206 00:12:24,236 --> 00:12:34,516 Now this PC happens to have on that interface the IP address 10.1.1.100. 207 00:12:34,516 --> 00:12:37,326 And what I want to show-- my mouse is just jumping all over. 208 00:12:37,496 --> 00:12:39,176 I think Cisco is all typing. 209 00:12:39,596 --> 00:12:43,726 I'm going to type in ping 10.1.1.10-T. 210 00:12:43,726 --> 00:12:45,656 -T says just keep on pinging. 211 00:12:45,656 --> 00:12:48,406 Ping till the cows come home. 212 00:12:48,406 --> 00:12:50,426 That's not the output I'd like to see. 213 00:12:50,686 --> 00:12:51,816 Okay, there we go. 214 00:12:51,816 --> 00:12:53,696 The first thing sometimes just dies. 215 00:12:53,696 --> 00:12:56,696 So, we're pinging away and by the way, if you highlight something, 216 00:12:56,696 --> 00:12:58,576 it stops so just hit the enter key. 217 00:12:58,576 --> 00:13:00,646 So it's just pinging along, life is good. 218 00:13:00,956 --> 00:13:07,026 Because this guy, why, this guy, Fast Ethernet 0/18 is in VLAN 1 219 00:13:07,066 --> 00:13:08,796 and I want to really emphasize this point. 220 00:13:08,986 --> 00:13:17,876 Remember, when I say my ports are all in VLAN 1, I'm talking about a layer 2 concept. 221 00:13:18,396 --> 00:13:19,726 They're like within this switch. 222 00:13:19,726 --> 00:13:23,406 This is kind of a-- layer 2 has nothing to do with IP addresses or anything like that. 223 00:13:23,606 --> 00:13:30,616 But when I go into my switch and I type in interface VLAN 1, 224 00:13:31,126 --> 00:13:36,466 now I'm configuring a layer 3 interface for that VLAN. 225 00:13:36,736 --> 00:13:39,876 So in a nutshell, when you assign a port to VLAN 1, 226 00:13:39,876 --> 00:13:43,396 it's going to be able to reach this interface VLAN 1. 227 00:13:43,396 --> 00:13:45,616 That's how it's created. 228 00:13:45,616 --> 00:13:48,896 Let me show that to you 'cause that, I know that can be one of those concepts. 229 00:13:48,896 --> 00:13:50,176 It's like what, say that again. 230 00:13:50,176 --> 00:13:54,916 So when I see VLAN 1 right here, this is the management interface of the switch 231 00:13:54,916 --> 00:13:58,426 and it's reachable by anybody in VLAN 1. 232 00:13:58,716 --> 00:13:59,836 Now, let me show you this. 233 00:14:00,196 --> 00:14:01,716 I can also type in VLAN 1. 234 00:14:02,826 --> 00:14:04,606 Now, what's the difference? 235 00:14:04,606 --> 00:14:10,976 I type in VLAN 1, that's moving into the configuration mode for this one, layer 2 VLAN. 236 00:14:12,126 --> 00:14:13,396 Come back here, exit out. 237 00:14:13,826 --> 00:14:18,686 Interface VLAN 1, I'm in the-- notice, one mode is a VLAN mode. 238 00:14:18,686 --> 00:14:23,616 That's kind of the layer 2, that's where I can name VLANs and name VLANs. 239 00:14:23,616 --> 00:14:25,236 I mean that's about the only thing that you do from there. 240 00:14:25,476 --> 00:14:30,116 But interface VLAN 1 is where I'm into the layer 3 interface. 241 00:14:30,116 --> 00:14:34,286 I always draw it like this when I'm drawing a switch, the little kind of sheep stuff. 242 00:14:34,286 --> 00:14:39,906 That's where I go in and say, "Okay, the IP address on that VLAN interface is 10.1.1.10." 243 00:14:40,116 --> 00:14:43,166 So any computer that's in VLAN 1 will be able to reach that. 244 00:14:43,166 --> 00:14:44,356 Now, let me prove that to you. 245 00:14:44,626 --> 00:14:49,326 I'm going to into the switch and I've got this ping continually going. 246 00:14:49,326 --> 00:14:50,916 We can't really see too much movement other 247 00:14:50,916 --> 00:14:55,016 than that little two milliseconds moving beyond because it's all really fast. 248 00:14:55,016 --> 00:15:00,156 So I'm going to exit out here and I'm going to go into interface Fast Ethernet 0/18. 249 00:15:00,156 --> 00:15:04,696 Let's just put a description on there and we'll say this JEREMY'S PC. 250 00:15:04,696 --> 00:15:10,486 And now, I'm going to-- I'm going to actually put that port into VLAN 50. 251 00:15:11,156 --> 00:15:11,876 Here's how I do it. 252 00:15:12,966 --> 00:15:19,486 Switch port access VLAN 50, enter. 253 00:15:20,326 --> 00:15:28,896 I've now moved that port out of VLAN 1 and in to VLAN 50 and I am totally flabbergasted 254 00:15:28,896 --> 00:15:30,916 that this ping is continuing on right on that way. 255 00:15:30,916 --> 00:15:33,336 Let me make sure that was indeed the right port. 256 00:15:33,336 --> 00:15:34,616 And I got this guy coming in. 257 00:15:34,696 --> 00:15:38,016 Oh, that's not my PC. 258 00:15:38,336 --> 00:15:44,636 Sorry, Fast Ethernet 0/18 up arrow, description, JEREMY'S LAPTOP. 259 00:15:45,596 --> 00:15:47,556 Okay, let's [inaudible] EXIT. 260 00:15:47,556 --> 00:15:50,366 Interphase Fast Ethernet 0/24, there we go. 261 00:15:50,586 --> 00:15:53,186 Description, JEREMY'S PC. 262 00:15:53,346 --> 00:15:54,236 That' the right port. 263 00:15:54,236 --> 00:15:56,566 Okay. Now, let's keep that ping going. 264 00:15:56,566 --> 00:15:58,136 We've got 2-millisecond you can see it up there. 265 00:15:58,136 --> 00:16:01,876 I'm going to hit the up arrow and I'm going to throw this one into VLAN 50 as well. 266 00:16:02,266 --> 00:16:04,746 Now, you notice my little 2 milliseconds, it stopped moving. 267 00:16:05,256 --> 00:16:09,216 Why? Because I just moved my port into a different VLAN. 268 00:16:09,656 --> 00:16:12,766 And, it's saying, "Hey, you're down." 269 00:16:12,896 --> 00:16:15,346 You know, that this-- we can longer connect to that. 270 00:16:15,346 --> 00:16:19,156 Notice right here, VLAN 1 just went down as well. 271 00:16:19,316 --> 00:16:24,306 Wow. That-- that's actually a really valuable concept to see but let me exit it out 272 00:16:24,306 --> 00:16:26,006 and explain a little bit more before we get there. 273 00:16:26,736 --> 00:16:29,926 I'm going to do a show VLAN brief, okay? 274 00:16:30,176 --> 00:16:37,246 And I can see now that both 18 and 24 have moved over to VLAN 50. 275 00:16:37,506 --> 00:16:38,596 Now, you remember? 276 00:16:38,686 --> 00:16:39,346 Wait, hang on. 277 00:16:39,346 --> 00:16:40,276 Let me grab my pen. 278 00:16:40,586 --> 00:16:45,046 You remember that I have the management interface on here, VLAN 1. 279 00:16:45,276 --> 00:16:50,346 Well, I just have a PC on 24 and a laptop on 18. 280 00:16:50,866 --> 00:16:51,926 Here's my little laptop. 281 00:16:52,026 --> 00:16:53,996 And I just moved those guys into VLAN 50. 282 00:16:54,616 --> 00:16:58,806 So what this switch is saying is okay, you're speaking on a totally different fabric, 283 00:16:58,806 --> 00:17:01,306 a totally different layer 2 network. 284 00:17:01,306 --> 00:17:04,176 Then my management interface is on, you can't reach it. 285 00:17:04,486 --> 00:17:06,916 Now here's the interesting thing. 286 00:17:07,286 --> 00:17:10,476 This little status message right there is very interesting. 287 00:17:10,476 --> 00:17:15,586 Let me do a show IP interface brief-- show IP interface brief. 288 00:17:16,156 --> 00:17:20,336 And I noticed that VLAN 1, look at the status. 289 00:17:20,606 --> 00:17:21,356 Look at the status. 290 00:17:21,706 --> 00:17:27,286 It says VLAN 1 has this IP address, it's up as in physically, 291 00:17:27,286 --> 00:17:29,436 if I can say that about a logical interface. 292 00:17:29,436 --> 00:17:34,416 It's kind of there like it supposed to be up like it's ready to run but the protocol, 293 00:17:34,416 --> 00:17:37,736 meaning layer 2, its communication is actually down. 294 00:17:38,366 --> 00:17:39,296 Why is that? 295 00:17:39,936 --> 00:17:43,696 Well there is a rule that Cisco has for VLAN interfaces. 296 00:17:44,116 --> 00:17:50,786 They say if you have a VLAN interface but there's no active ports in that VLAN, 297 00:17:51,946 --> 00:17:54,376 this interface will turn itself off. 298 00:17:54,376 --> 00:17:57,406 It will go down because it's kind of like, well, I've got a VLAN 1 interface 299 00:17:57,406 --> 00:17:59,266 but there's no one here in VLAN 1. 300 00:17:59,266 --> 00:18:02,706 I'm looking on at this vast terrain and I see nothing. 301 00:18:03,086 --> 00:18:08,106 So, there's no point for me to even waste resources by running this VLAN 1 interface 302 00:18:08,146 --> 00:18:10,736 because there's nothing out there to use it. 303 00:18:10,736 --> 00:18:11,656 There's nobody there. 304 00:18:11,836 --> 00:18:13,916 Now let me show you this. 305 00:18:13,916 --> 00:18:15,026 I'm going to take a cable. 306 00:18:15,026 --> 00:18:20,396 I'm going to move my laptop from port 18 to port-- I'm guessing that's 20? 307 00:18:20,766 --> 00:18:21,566 Switch is upside down. 308 00:18:21,876 --> 00:18:24,356 So, I took it out of 18, right? 309 00:18:24,356 --> 00:18:25,646 And I plugged it in to 20. 310 00:18:25,966 --> 00:18:30,316 So, I see Fast Ethernet 20, just got changed up but wait, wait, hold it, 311 00:18:30,796 --> 00:18:34,406 hold it, watch it, it's coming, please. 312 00:18:35,016 --> 00:18:39,416 It will get there, hang on. 313 00:18:39,596 --> 00:18:45,116 Wait, 'cause VLAN 20, let me add explanation while this Cisco switch is thinking, 314 00:18:45,116 --> 00:18:48,456 show VLAN brief. 315 00:18:49,246 --> 00:18:54,906 V-- Fast Ethernet 0/20 is in VLAN 1 and what's going to happen is as soon 316 00:18:54,906 --> 00:18:58,056 as this Cisco switch gets off its rear and starts doing-- 317 00:18:58,056 --> 00:18:59,796 there it go-- get-- starts doing something. 318 00:18:59,956 --> 00:19:02,016 It's going to be like, "Oh, hey. 319 00:19:02,016 --> 00:19:05,496 My VLAN 1 interface should go up and thank you Cisco switch 320 00:19:05,496 --> 00:19:06,776 for bailing me out right there [inaudible]." 321 00:19:07,116 --> 00:19:09,136 Maybe-- maybe this is broken. 322 00:19:09,136 --> 00:19:13,656 So, VLAN 1 has now gone up because it says, "Now, I've got an active interface. 323 00:19:13,656 --> 00:19:15,746 Something is in the VLAN 1 network. 324 00:19:15,746 --> 00:19:17,416 So, now I can respond to that again." 325 00:19:17,676 --> 00:19:19,906 Now, let me show you something else. 326 00:19:19,906 --> 00:19:24,056 Now this-- this is going to be-- this is a bit-- a bit beyond. 327 00:19:24,296 --> 00:19:26,796 You know, my keyboard is just doing some funny things, hang on. 328 00:19:26,796 --> 00:19:28,186 Hang on one second. 329 00:19:28,186 --> 00:19:30,536 Wow, I actually had to exit the whole terminal programs. 330 00:19:30,536 --> 00:19:31,446 Something odd happen. 331 00:19:31,446 --> 00:19:34,566 So I'm going to go in and do a sharp interface brief again. 332 00:19:34,566 --> 00:19:37,256 So I see VLAN 1 is active and I want to show you something. 333 00:19:37,256 --> 00:19:40,526 This is actually a little bit beyond but I think you guys will catch it. 334 00:19:41,476 --> 00:19:41,876 Watch this. 335 00:19:41,876 --> 00:19:43,026 I'm going to go in and I'm going to-- 336 00:19:43,026 --> 00:19:47,196 well, first of, remember we did, I do a show VLAN brief, right? 337 00:19:47,336 --> 00:19:48,756 We created VLAN 50. 338 00:19:48,946 --> 00:19:49,656 How did we do that? 339 00:19:50,306 --> 00:19:51,436 VLAN 50. How is it? 340 00:19:51,436 --> 00:19:52,276 In it-- it's created. 341 00:19:52,276 --> 00:19:55,696 We named it then and that-- so that-- remember VLAN 50 is the layer 2 VLAN. 342 00:19:56,456 --> 00:19:56,886 Here we go. 343 00:19:56,886 --> 00:19:59,976 I'm going to type in interface VLAN 50. 344 00:20:02,116 --> 00:20:08,996 I've created a new interface that something in VLAN 50 is able to access. 345 00:20:08,996 --> 00:20:11,426 Now, let me write something on the board here. 346 00:20:11,906 --> 00:20:15,336 You remember, VLANs are a network. 347 00:20:15,336 --> 00:20:17,986 So, I'm going to-- I'm going to write a bold statement on the board right now. 348 00:20:17,986 --> 00:20:29,966 VLANs equals an IP SUBNET equals a BROADCAST DOMAIN. 349 00:20:30,896 --> 00:20:34,006 As in those are one in the same all across the board. 350 00:20:34,006 --> 00:20:37,916 Like when you create a new VLAN, you have to create a new IP subnet. 351 00:20:37,916 --> 00:20:39,146 We're going to talk about subnetting later. 352 00:20:39,146 --> 00:20:40,616 But just think of it like a new network. 353 00:20:40,806 --> 00:20:48,626 Like if VLAN 1 is 10.1.1.0/24, which it is right now, then VLAN 50 can't be 10.1.1.0. 354 00:20:48,626 --> 00:20:49,606 It's a different network. 355 00:20:49,606 --> 00:20:53,946 So, I would have to come up with maybe 10.1.50.0. 356 00:20:54,306 --> 00:20:55,456 That would be a different network. 357 00:20:55,586 --> 00:20:56,586 Oh, I missed my dot there. 358 00:20:56,846 --> 00:21:04,196 Because remember, /24 is a subnet mask of 255.255.255.0, trying to squeeze it in. 359 00:21:04,366 --> 00:21:07,206 So, that would mean that these first three octets represent the network. 360 00:21:07,206 --> 00:21:08,746 So, that's a totally different network, right? 361 00:21:08,746 --> 00:21:13,946 10.1.50. So we have to create for VLAN 50 a new network equals the broadcast domains. 362 00:21:13,946 --> 00:21:16,606 That means the VLANs on 50 stay on VLAN 50. 363 00:21:16,926 --> 00:21:18,396 VLANs on 1 stay on 1. 364 00:21:18,396 --> 00:21:23,416 So-- so when I come back here, I can go into VLAN 50 which-- 365 00:21:23,576 --> 00:21:27,256 let me do a show IP-- not show VLAN brief. 366 00:21:27,416 --> 00:21:34,276 Show IP interface brief and we now see this fancy new interface that has appeared. 367 00:21:34,276 --> 00:21:35,116 It's virtual. 368 00:21:35,116 --> 00:21:36,966 We just created it out of the blue. 369 00:21:37,296 --> 00:21:39,856 Call VLAN 50 but it doesn't have an IP address yet. 370 00:21:39,856 --> 00:21:40,646 I have to give it one. 371 00:21:40,686 --> 00:21:44,506 So, I'm going to go in there and I'm in interface VLAN 50 right now. 372 00:21:44,506 --> 00:21:53,206 Do IP address 10.1.50.-- nah, let's stay consistent, 10, 255.255.0, bam. 373 00:21:53,646 --> 00:21:54,716 I've added that in. 374 00:21:54,716 --> 00:22:00,376 And now, we have this IP address on this VLAN 50 interface. 375 00:22:00,846 --> 00:22:07,146 So, now-- now my computer is broken because the problem is it's still in the old network. 376 00:22:07,256 --> 00:22:12,766 We do an IP config and my computer is still in 10.1.1 and but I've moved it to VLAN 50. 377 00:22:12,766 --> 00:22:15,536 So this-- this is that VLAN 1 network. 378 00:22:15,536 --> 00:22:17,076 This is not the VLAN 50 network. 379 00:22:17,306 --> 00:22:17,736 You follow? 380 00:22:17,736 --> 00:22:18,436 You follow what I'm doing here? 381 00:22:18,626 --> 00:22:21,956 So I'm going to go in, bust out Control Panel. 382 00:22:22,376 --> 00:22:25,366 Well, network status and check task, go to the adaptor setting 383 00:22:25,366 --> 00:22:28,136 at my Apple USB Ethernet adaptor. 384 00:22:28,206 --> 00:22:29,386 I'm not going to change it. 385 00:22:29,386 --> 00:22:33,046 I'm going to put him on the 10.1.50 network. 386 00:22:34,356 --> 00:22:37,356 So now, he's 10.1.50.100. 387 00:22:37,766 --> 00:22:38,566 Close this guy down. 388 00:22:38,566 --> 00:22:40,266 Let's hit the upper arrow, make sure everything is good. 389 00:22:40,266 --> 00:22:44,266 Going up 10.1.50.100. 390 00:22:44,446 --> 00:22:48,436 So question, can I ping 10.1.50.10? 391 00:22:48,976 --> 00:22:51,636 And so you we're like, "Yes!" 392 00:22:51,686 --> 00:22:53,526 Some of you like, "Maybe." 393 00:22:53,526 --> 00:22:56,506 Some, no, so there's-- I feel the mix of answers. 394 00:22:57,086 --> 00:22:58,236 "Yes, I will be." 395 00:22:59,286 --> 00:23:06,816 10.1.50.10, come on, get me that-- get me passed that first little request time out. 396 00:23:06,816 --> 00:23:07,796 Oh, there we go. 397 00:23:07,796 --> 00:23:11,616 Because now, it's saying you are now in this zone, right? 398 00:23:11,616 --> 00:23:17,936 Essentially, I've created this little separation to where I've got this guy, which is my laptop 399 00:23:18,426 --> 00:23:23,926 and VLAN 1, this guy-- I need a-- I got to have a new color of that, right? 400 00:23:24,116 --> 00:23:30,126 This guy is in my PC, at my desktop which is in VLAN 50. 401 00:23:30,316 --> 00:23:35,426 And I have two of those little routing interfaces, VLAN 1? 402 00:23:36,066 --> 00:23:43,966 IP address 10.1.1.10 and VLAN 50, 10.1.1.50. 403 00:23:45,416 --> 00:23:46,626 Can I tell you something? 404 00:23:48,496 --> 00:23:52,606 In that single switch demonstration where all I did was create couple VLANS, 405 00:23:52,606 --> 00:23:54,856 created a VLAN interface, right? 406 00:23:55,036 --> 00:23:58,466 I've actually shown you-- I'm going to expand on this later. 407 00:23:58,546 --> 00:24:02,286 I've actually shown you how to setup a layer 3 switch. 408 00:24:03,116 --> 00:24:06,306 Seriously, that's a CCNP concept right there. 409 00:24:06,306 --> 00:24:08,136 That's like beyond, beyond, beyond. 410 00:24:08,136 --> 00:24:12,046 That what we've just done right there is setup a layer 3 switch 411 00:24:12,046 --> 00:24:16,086 because this is 3550 actually has-- 412 00:24:16,136 --> 00:24:21,156 you can't see that but it's a 3550 actually has routing capabilities within it. 413 00:24:21,156 --> 00:24:26,526 And what I can do, okay now-- forgive me if I'm going beyond and you're like I'm not hanging 414 00:24:26,526 --> 00:24:27,986 with you, that's fine, fast forward, please. 415 00:24:27,986 --> 00:24:31,316 But for those that are, hang with me, I'm going to point this guy. 416 00:24:31,316 --> 00:24:37,156 I can actually point this is guy which is 10.1.50.100. 417 00:24:37,226 --> 00:24:38,376 You know this is the zero network. 418 00:24:38,586 --> 00:24:43,626 I can't point him to that as his default gateway. 419 00:24:45,076 --> 00:24:49,266 So, this computer is like, okay, where do I go to get off my 10.1.50 network? 420 00:24:49,266 --> 00:24:50,206 How do I get there? 421 00:24:50,206 --> 00:24:55,136 I'm going to look at my default gateway which is pointed to this guy who has routing capabilities 422 00:24:55,136 --> 00:24:58,276 and this guy can now actually start routing him to other VLANs. 423 00:24:58,466 --> 00:25:00,336 Maybe this guy has a connection to the internet. 424 00:25:00,336 --> 00:25:02,036 I mean, there's all kinds of possibilities. 425 00:25:02,456 --> 00:25:04,166 Can you tell I'm kind of psych about this? 426 00:25:04,166 --> 00:25:08,986 So VLANs on a single switch, I-- you know, I probably did within the first two minutes 427 00:25:08,986 --> 00:25:11,736 of this demonstration but just to show how it was working 428 00:25:12,016 --> 00:25:17,056 to create those VLAN interfaces there, that actually created a layer 3 switch for us. 429 00:25:17,056 --> 00:25:20,626 But we'll save the complete configuration of that till later. 430 00:25:22,136 --> 00:25:25,236 I'm doing that because I totally have one of those feeling right now 431 00:25:25,516 --> 00:25:30,236 that somebody is watching they're like, "Dude, can't you just show me how to configure a VLAN 432 00:25:30,236 --> 00:25:33,226 without going ballistic on me and busting out layer 3 switches?" 433 00:25:33,346 --> 00:25:35,026 Yup, yup, yup, I totally, totally get that. 434 00:25:35,026 --> 00:25:36,236 So here's what I want to do. 435 00:25:36,236 --> 00:25:42,066 It want to take now-- take us now into a multiple switch configuration and I want 436 00:25:42,066 --> 00:25:45,946 to do it all over again with multiple switches kind of from scratch so we can see-- 437 00:25:46,236 --> 00:25:49,716 you can see the base level and just build upon, I think this will be really good. 438 00:25:50,056 --> 00:25:55,076 The reason why is because, first off, we've got CBT Switch 439 00:25:56,356 --> 00:25:58,256 that we've been configuring all this time. 440 00:25:58,406 --> 00:25:59,436 I'm going to rename that guy. 441 00:26:00,006 --> 00:26:02,396 He's going to become CBTSWITCH1. 442 00:26:02,396 --> 00:26:06,406 And then down here, we've got our new friend which doesn't have a name 443 00:26:06,406 --> 00:26:08,566 at all right now because he has no configuration. 444 00:26:08,566 --> 00:26:16,436 So, I'm going to do-- I'm going to call him CBTSWITCH2 and I think this is going 445 00:26:16,436 --> 00:26:19,226 to be really good because he has no configuration. 446 00:26:19,226 --> 00:26:24,716 It will give us a chance to do a flyby review of essentially the base configuration of the switch 447 00:26:24,716 --> 00:26:28,276 and then add the VLANs on top of it all in one place. 448 00:26:29,106 --> 00:26:30,956 So, I just plugged in CBTSWITCH2. 449 00:26:30,956 --> 00:26:31,806 It's powering up. 450 00:26:31,806 --> 00:26:37,836 Let's-- meanwhile, let's go into CBTSwitch which will now become hostname CBTSwitch1. 451 00:26:38,226 --> 00:26:41,816 And I'm going to do-- let's do-- I'm going to do a few commands here. 452 00:26:41,916 --> 00:26:45,126 I'm going to do no VLAN 50. 453 00:26:45,446 --> 00:26:46,796 No VLAN 100. 454 00:26:46,796 --> 00:26:48,566 I mean I'm blowing away everything that we just did. 455 00:26:48,566 --> 00:26:50,896 Okay, so I've eliminated those VLANs. 456 00:26:50,896 --> 00:26:54,976 Let's see what else we got. 457 00:26:54,976 --> 00:26:59,646 Let's do a VTP mode transparent. 458 00:27:00,636 --> 00:27:02,906 I'll explain what I'm doing in just a moment. 459 00:27:02,906 --> 00:27:10,676 VTP mode transparent, VTP domain and let's just call it NULL for now. 460 00:27:10,756 --> 00:27:14,456 Okay, ignore-- ignore the pieces that I've put in place there. 461 00:27:14,456 --> 00:27:22,086 Okay. So, I've now got this switch which-- let me do a show VLAN is now back to the way it was. 462 00:27:22,086 --> 00:27:23,836 We just have VLAN 1 right there. 463 00:27:24,426 --> 00:27:26,016 We've got our interfaces. 464 00:27:26,016 --> 00:27:27,376 We've got Fast Ethernet. 465 00:27:27,376 --> 00:27:28,496 Notice one thing. 466 00:27:28,666 --> 00:27:30,456 Where is Fast Ethernet 0/18? 467 00:27:31,556 --> 00:27:34,016 Missing. Where's Fast Ethernet 0/20? 468 00:27:34,376 --> 00:27:39,196 Missing. Because they, if I look at the switch, they are umber, they are broken. 469 00:27:39,426 --> 00:27:45,566 Because if I do a show run interface Fast Ethernet 0/-- let's go 24. 470 00:27:45,566 --> 00:27:49,856 Notice, this guy is still assigned to VLAN 50 and I just blew VLAN 50 away. 471 00:27:50,236 --> 00:27:53,916 That's a symptom I showed you last nugget of what VTP can do 472 00:27:53,916 --> 00:27:56,176 by eliminating all of your-- all of your VLAN. 473 00:27:56,176 --> 00:27:59,386 So-- we'll fix that but for now, let's jump 474 00:27:59,386 --> 00:28:05,446 over to our new friend CBTSwitch2, moving my console cable. 475 00:28:05,446 --> 00:28:05,896 Okay, good. 476 00:28:05,986 --> 00:28:09,176 So this guy is brand new, just moved my console cable over to him. 477 00:28:09,176 --> 00:28:12,136 So, let's do a flyby based configuration. 478 00:28:12,136 --> 00:28:13,716 I think this would be a great test. 479 00:28:13,716 --> 00:28:17,106 So, first of, privilege mode, global config. 480 00:28:17,366 --> 00:28:20,626 Hostname, CBTSwtich2. 481 00:28:20,626 --> 00:28:23,316 Now, let's go under the console port, line console zero. 482 00:28:23,606 --> 00:28:27,926 Let's do a password, cisco. 483 00:28:28,196 --> 00:28:29,646 Require logins to the port. 484 00:28:29,756 --> 00:28:32,286 Let's also add in there, logging synchronus. 485 00:28:32,286 --> 00:28:35,256 So that those console messages don't interrupt to what I'm typing. 486 00:28:35,376 --> 00:28:38,836 And I'll also do a no exec-timeout to keep it from kicking me off 487 00:28:38,836 --> 00:28:40,196 when I'm sitting here for five minutes. 488 00:28:40,196 --> 00:28:43,236 Not something good to do in production 'cause you want to keep that port secure. 489 00:28:43,236 --> 00:28:49,436 And I will do enable secret, protect our privilege mode by doing enable secret cisco. 490 00:28:49,436 --> 00:28:52,866 So now I'm requiring the password of cisco to get in there. 491 00:28:52,866 --> 00:28:53,726 Let's see what else. 492 00:28:53,726 --> 00:28:55,336 Let's put a log on banner. 493 00:28:55,666 --> 00:29:01,506 Log-- or write banner motd and we'll do-- let's just do ampersand. 494 00:29:01,836 --> 00:29:05,866 Ampersand and we'll say asterisk, asterisks, asterisk, Welcome! 495 00:29:06,436 --> 00:29:07,746 Just like it. 496 00:29:07,866 --> 00:29:13,626 Don't login, asterisk, asterisk. 497 00:29:13,626 --> 00:29:17,976 I don't think that will stand up in court but nonetheless, we'll add it in there asterisk, 498 00:29:17,976 --> 00:29:21,276 asterisk, asterisk and we'll put an ampersand there so it knows I'm done. 499 00:29:21,546 --> 00:29:22,176 Hit the enter keys. 500 00:29:22,176 --> 00:29:24,086 I've got my logon banner configured, okay. 501 00:29:24,396 --> 00:29:32,266 Okay, we've got to do-- we've got VLAN 1 port right there, 502 00:29:32,266 --> 00:29:36,676 which I'll do interface VLAN 1 and power that guy on. 503 00:29:36,776 --> 00:29:38,336 Let's do a no shutdown. 504 00:29:38,706 --> 00:29:44,096 And do-- give it the IP address 10.1.1.11 because I don't want to conflict 505 00:29:44,096 --> 00:29:47,736 with the other switch, 255.255.255.0. 506 00:29:47,736 --> 00:29:50,036 Now, something-- something-- just going along with what we just saw 507 00:29:50,036 --> 00:29:52,026 in the single switch config, if I do 508 00:29:52,026 --> 00:29:55,426 that show IP interface brief, you notice it's staying down. 509 00:29:56,496 --> 00:29:57,386 Now why is that? 510 00:29:57,956 --> 00:29:59,976 Because this switch has no active ports. 511 00:30:00,246 --> 00:30:02,716 Now, I do have these guys connected. 512 00:30:02,716 --> 00:30:06,996 This guy is connected on Fast Ethernet 0/1 on both sides. 513 00:30:08,116 --> 00:30:14,626 But if you remember, I shutdown the interfaces I wasn't using. 514 00:30:14,626 --> 00:30:16,296 The first I think was like 12 interfaces. 515 00:30:16,296 --> 00:30:20,506 I shut them down on that switch and one of the nuggets and it's actually the best practice is 516 00:30:20,506 --> 00:30:23,546 to keep shutdown while you do all these configuration 'cause some 517 00:30:23,546 --> 00:30:27,096 of the commands we're going to type in are going to make that interface go up and down, 518 00:30:27,096 --> 00:30:27,896 and up and down, and up and down. 519 00:30:27,896 --> 00:30:29,716 So, we've got to shut down so that's good. 520 00:30:29,716 --> 00:30:31,666 So, we've got enable secret. 521 00:30:31,666 --> 00:30:36,576 We've got everything-- everything should be good. 522 00:30:36,576 --> 00:30:38,086 That's a good base configuration. 523 00:30:39,456 --> 00:30:43,826 Actually, we forgot the most important command, save. 524 00:30:43,826 --> 00:30:48,506 So now, we've got our config-- or well, official-- officially supported Cisco command, 525 00:30:48,966 --> 00:30:52,136 copy, run, start, and now we are saved. 526 00:30:52,136 --> 00:30:55,626 Okay, so with that in place, we can now get in-- 527 00:30:55,626 --> 00:30:59,336 again, we were going from scratch starting off with VTP. 528 00:31:00,026 --> 00:31:04,656 Now-- right now, I'm going to do a show VTP status on the switch. 529 00:31:04,656 --> 00:31:07,976 That's-- when we're dealing with VTP, that's probably the command that you want to know. 530 00:31:08,366 --> 00:31:09,346 Show VTP status. 531 00:31:09,346 --> 00:31:11,806 We can see that out of the box, this guy is a server. 532 00:31:12,806 --> 00:31:15,826 That' running VTP version 1 which is fine. 533 00:31:15,826 --> 00:31:18,566 Version 2, by the way, add support for token ring. 534 00:31:18,886 --> 00:31:22,186 So, if you're running to the new feature set, 535 00:31:22,186 --> 00:31:24,266 that's the [inaudible] you're going to get in version 2. 536 00:31:24,266 --> 00:31:26,096 Here are some other minor things but nothing big. 537 00:31:26,556 --> 00:31:29,046 Oh, this is something worth knowing. 538 00:31:29,396 --> 00:31:34,156 VTP, so if you run VTP, how many-- we'll first. 539 00:31:34,236 --> 00:31:37,066 How many VLAN numbers total are supported. 540 00:31:37,066 --> 00:31:37,676 Anyone remember? 541 00:31:38,246 --> 00:31:41,926 You? Yes? 4096 total VLAN numbers. 542 00:31:42,076 --> 00:31:48,096 Well, if you use VTP, you're going to be limited to an initial set of-- I think-- 543 00:31:48,166 --> 00:31:50,416 it's somewhere-- it's-- well, let me show you this. 544 00:31:50,696 --> 00:31:52,316 We do a show VLAN brief. 545 00:31:54,206 --> 00:31:56,826 You will be limited to up to 1002. 546 00:31:56,826 --> 00:32:04,466 Essentially, VTP does not support VLAN numbers higher than 1005, 547 00:32:04,466 --> 00:32:06,016 which in these guys, you can't use it all. 548 00:32:06,016 --> 00:32:09,366 So, 1001 and below are-- would be what you are able to use. 549 00:32:09,366 --> 00:32:11,576 So, that is another limitation of VTP. 550 00:32:11,576 --> 00:32:14,076 Now, if you convert over to transparent mode 551 00:32:14,206 --> 00:32:18,666 which you remember disables VTP then you're good. 552 00:32:18,666 --> 00:32:19,536 But let's start off. 553 00:32:19,536 --> 00:32:22,936 Okay, so we're going to do-- try to think. 554 00:32:22,936 --> 00:32:24,796 Should we-- we should-- why do we do this. 555 00:32:24,796 --> 00:32:32,136 I'm going to jump back over to CBTSwitch1 and let's start our configuration over there. 556 00:32:32,136 --> 00:32:35,496 I'm going to do a show VTP status on that side. 557 00:32:35,736 --> 00:32:37,676 We're currently-- I just kind of reset everything. 558 00:32:37,676 --> 00:32:42,766 I said VTP operating mode transparent was disabled VTP and set it to NULL. 559 00:32:42,966 --> 00:32:47,176 The reason I did that is I wanted to make sure I zero out the configuration revision. 560 00:32:47,346 --> 00:32:54,236 So, that we are not-- you know, get-- getting this strange configuration revisions 561 00:32:54,236 --> 00:32:55,916 where something just suddenly starts replicating. 562 00:32:55,916 --> 00:32:57,306 We don't know what happen and all that. 563 00:32:57,566 --> 00:33:00,596 I also want to mention what when you bring up a Cisco switch, 564 00:33:00,596 --> 00:33:02,166 I don't think you'll see this documented. 565 00:33:02,166 --> 00:33:08,946 Like when we look at CBTSwitch2, CBTSwitch2, you notice that VTP domain name is nothing. 566 00:33:09,536 --> 00:33:12,786 That is what Cisco officially calls NULL. 567 00:33:12,786 --> 00:33:16,796 Now, I typed in-- I typed in NULL as the domain name but that's the actual name. 568 00:33:16,796 --> 00:33:21,126 Cisco officially calls a blank domain name a NULL and this is kind of-- 569 00:33:21,126 --> 00:33:23,506 I don't want to say dangerous but something to be aware of. 570 00:33:23,686 --> 00:33:28,056 When you pull a Cisco switch out that has no configuration for VTP like this guy, 571 00:33:28,616 --> 00:33:33,186 the very first VTP advertisement that he receives, he will accept 572 00:33:33,186 --> 00:33:34,936 and automatically join that domain. 573 00:33:35,216 --> 00:33:38,846 So, what that means is somebody can bring in a brand. 574 00:33:38,846 --> 00:33:44,486 If you're not careful and somebody can negotiate a trunk port with you, which we're going to stop 575 00:33:44,486 --> 00:33:46,836 that in just a second, negotiate a trunk port with you. 576 00:33:46,946 --> 00:33:51,226 And they bring in a brand new switch with no configuration, VTP will say, "Hey, 577 00:33:51,226 --> 00:33:56,216 we're part of the domain name," let's just call it CBTNuggets as our domain name. 578 00:33:56,216 --> 00:34:02,416 So I'm part of the CBTNuggets domain name and it replicates. 579 00:34:02,416 --> 00:34:06,186 Now, if the switch has no domain name, 580 00:34:06,186 --> 00:34:10,266 it will automatically join whatever the first domain name is that it hears. 581 00:34:10,456 --> 00:34:12,296 So, [inaudible]-- it'll say, "Okay, well great. 582 00:34:12,296 --> 00:34:14,196 I'll be part of the CBTNuggets domain." 583 00:34:14,536 --> 00:34:17,026 And I will automatically download, if I could spell. 584 00:34:17,306 --> 00:34:23,436 I can automatically download all of the VLANs that you have and put them on my switch. 585 00:34:23,826 --> 00:34:25,156 Hello. Yikes. 586 00:34:25,376 --> 00:34:28,486 Cisco did it that way so that you could pull new switches out of the box 587 00:34:28,486 --> 00:34:29,656 and kind of have them plug and play. 588 00:34:29,656 --> 00:34:32,466 You just plug them in and poof, they negotiate, they get the VLANs, 589 00:34:32,466 --> 00:34:33,806 they get all of that kind of stuff. 590 00:34:33,806 --> 00:34:36,956 But if this is a malicious person with their switch cubicle, 591 00:34:37,176 --> 00:34:41,446 that means they can also now add VLANs, delete VLANs, modify VLANs, do everything, 592 00:34:41,446 --> 00:34:44,256 and it replicates back up here and pretty much destroys your network. 593 00:34:44,526 --> 00:34:49,636 Not good. So, the key that we want to prevent is this. 594 00:34:50,056 --> 00:34:57,046 This-- by the way, in VLAN security, absolutely, the number one key for all VLAN security-- 595 00:34:57,046 --> 00:35:00,856 I would say, if you want the most important security aspect of VLANs, this is it. 596 00:35:01,396 --> 00:35:06,356 Make sure you hard code you're trunk ports, hard code. 597 00:35:06,576 --> 00:35:11,856 And you disable that dynamic mode, that forsaken dynamic mode, that is on Cisco switch. 598 00:35:11,856 --> 00:35:13,926 Remember this when we do a show-- 599 00:35:13,926 --> 00:35:18,126 let's do a show run interface Fast Ethernet 0/-- let's just do 5. 600 00:35:18,716 --> 00:35:22,536 Every port out of the box on Cisco switch port mode dynamic desirable 601 00:35:22,536 --> 00:35:24,986 and now we can start getting an understanding saying dynamic. 602 00:35:24,986 --> 00:35:29,436 Meaning I can be an access port which connects to PCs or I can be a trunk port 603 00:35:29,556 --> 00:35:31,186 but I really desire to be a trunk. 604 00:35:31,716 --> 00:35:33,746 No, you don't. 605 00:35:34,296 --> 00:35:39,186 I'm going in to interface range, Fast Ethernet 0/1 through 24. 606 00:35:39,366 --> 00:35:45,276 Every port that's on this switch and I'm doing switch port mode access, done. 607 00:35:45,326 --> 00:35:48,376 Get that dynamic desirable mode out of there. 608 00:35:48,576 --> 00:35:51,976 That is a huge security vulnerability because anybody can negotiate a trunk. 609 00:35:52,136 --> 00:35:53,806 Anybody could join your VTP domain. 610 00:35:53,806 --> 00:35:54,256 It's not good. 611 00:35:54,666 --> 00:35:59,116 So, then I go back and start configuring the trunk ports one by one. 612 00:35:59,116 --> 00:36:00,196 So let me back up. 613 00:36:00,586 --> 00:36:04,036 So first of, configure the VTP domain or VTP name and mode. 614 00:36:04,036 --> 00:36:05,786 Here's how you do it. 615 00:36:06,786 --> 00:36:09,866 VTP domain and then whatever the name is. 616 00:36:09,866 --> 00:36:11,986 When-- I came up with CBTNuggets. 617 00:36:13,366 --> 00:36:18,166 Key point to be aware of, this is case sensitive. 618 00:36:18,496 --> 00:36:23,556 So, if I use capital CBTN, I have to do that on the other side, otherwise they won't replicate. 619 00:36:23,556 --> 00:36:26,356 So, I've-- I've changed my domain name over and I'm going to type 620 00:36:26,356 --> 00:36:29,726 in VTP mode and we'll put server. 621 00:36:29,726 --> 00:36:33,636 Now that's the default, I just kind of back it out to transparent and back to server so I can-- 622 00:36:33,896 --> 00:36:36,566 I kind of reset the configuration revision. 623 00:36:37,006 --> 00:36:40,056 Now, step 2, I'm going to configure my trunk ports. 624 00:36:40,926 --> 00:36:43,796 My trunk is on interface Fast Ethernet 0/1. 625 00:36:44,046 --> 00:36:47,256 Remember, that is what is connected right here to the other side. 626 00:36:47,256 --> 00:36:49,636 So, I'm going to go into-- I'm on CBTSwitch1. 627 00:36:49,636 --> 00:36:56,306 I'm going to do switchport-- well the actual command is switchport mode trunk. 628 00:36:56,946 --> 00:36:57,516 Remember this? 629 00:36:57,516 --> 00:37:02,186 These are the-- I would say the three major modes: access, dynamic, trunk. 630 00:37:02,676 --> 00:37:04,896 We always want to use either access or trunk. 631 00:37:04,896 --> 00:37:05,846 Don't even worry about this one. 632 00:37:05,936 --> 00:37:06,696 That's away down the road. 633 00:37:06,866 --> 00:37:09,166 Access and trunk are the two that we use. 634 00:37:09,166 --> 00:37:12,926 Now, I'm going to get an arrow when I do this because this is an older switch-- 635 00:37:13,286 --> 00:37:18,376 oh, wait a sec 'cause I did command previously. 636 00:37:18,376 --> 00:37:22,386 So, there's actually-- let me go under an interface I haven't played with before. 637 00:37:22,576 --> 00:37:27,166 I'll do interface 0/2 and do switchport mode trunk and this was the error that I expected. 638 00:37:27,336 --> 00:37:32,906 An interface who's trunk encapsulation is auto cannot be configured as trunk mode. 639 00:37:33,116 --> 00:37:35,616 When I-- when I just playing around before I started this recording, 640 00:37:35,616 --> 00:37:38,976 I went in and tested a few commands to make sure that that they worked right. 641 00:37:39,226 --> 00:37:42,996 One of them, let me go back under interface Fast Ethernet 0/1, 642 00:37:43,386 --> 00:37:47,766 is the command switchport trunk encapsulation and I get to pick. 643 00:37:47,986 --> 00:37:50,236 Now, newer switches. 644 00:37:50,626 --> 00:37:58,406 Do not support that command at all because they have completely eliminated this protocol 645 00:37:58,406 --> 00:37:58,886 from the mix. 646 00:37:58,886 --> 00:38:01,486 Remember, that was the proprietary Cisco trunking protocol 647 00:38:01,486 --> 00:38:03,946 from way back in yesteryear that is gone. 648 00:38:04,206 --> 00:38:06,306 We now only use dot1q. 649 00:38:06,606 --> 00:38:09,506 So, older switches will support both. 650 00:38:09,566 --> 00:38:12,646 Newer switches probably will not even see this trunk encapsulation. 651 00:38:12,646 --> 00:38:17,586 So you can on newer switches, just type in switchport mode trunk and you're on the way. 652 00:38:17,586 --> 00:38:20,976 So, I've got CBTSwitch1, I've got the VTP domain name and mode. 653 00:38:21,126 --> 00:38:22,006 I've got the trunk port. 654 00:38:22,116 --> 00:38:24,266 Now, let's add some VLANs back into the mix. 655 00:38:24,266 --> 00:38:26,126 So, I'm going to go exit out of here. 656 00:38:26,126 --> 00:38:31,816 Let's do-- let's do VLAN 50 'cause I blew them away, right? 657 00:38:31,816 --> 00:38:39,866 VLAN 50 and we'll do name SALES, exit out, VLAN 100 and we'll do name SERVERS, right? 658 00:38:40,426 --> 00:38:41,076 It's what I did before. 659 00:38:41,216 --> 00:38:46,116 And the reason I'm recreating them now is because now I'm in VTP server mode. 660 00:38:46,496 --> 00:38:49,536 And when I type in a show VTP status, look at what's happening. 661 00:38:50,156 --> 00:38:54,196 Every VLAN I'm creating is incrementing my configuration revision. 662 00:38:54,386 --> 00:38:56,966 Remember how this-- form the last nugget how these guys stay in sync? 663 00:38:57,136 --> 00:38:59,986 These guys like, "Hey, I'm Rev-- I'm Rev 2." 664 00:38:59,986 --> 00:39:03,426 This guy is going to say, "Well, I'm REV 0," when he comes up. 665 00:39:03,426 --> 00:39:07,576 So, you beat me and I'll replace my VLAN database with your VLAN database. 666 00:39:07,606 --> 00:39:10,066 So, that-- that's what I'm doing as I'm bringing those up. 667 00:39:10,066 --> 00:39:12,806 Now, it's saying, okay, VLAN 50-- interface VLAN 50 changed 668 00:39:12,806 --> 00:39:15,206 up because it was some active ports in there and that's good. 669 00:39:15,256 --> 00:39:17,356 So, we're starting to see our switch come back to life. 670 00:39:17,356 --> 00:39:19,486 Let's do a show VLAN brief. 671 00:39:20,576 --> 00:39:23,656 And you see those ports that are assigned there now showing up again. 672 00:39:23,656 --> 00:39:26,266 Those were the ports that are assigned that were umber a moment ago 673 00:39:26,266 --> 00:39:28,366 because I deleted all the VLANs out of the show. 674 00:39:28,656 --> 00:39:30,826 So, we've got now-- okay, VLANs are configured. 675 00:39:30,826 --> 00:39:34,086 We've named the VLANs and on this switch anyway, we've assigned the ports to VLAN. 676 00:39:34,086 --> 00:39:40,366 All right, so now, hang on before we do all this, I'm going to click over to this switch, 677 00:39:40,946 --> 00:39:46,566 CBTSwitch2 and do a show VTP status. 678 00:39:47,176 --> 00:39:53,576 He is still zeroed out and has no domain name because remember, I have this port shutdown. 679 00:39:53,576 --> 00:39:59,686 I do a show IP interface brief and I have to link it down between CBTSwitch1 and CBTSwitch2. 680 00:39:59,686 --> 00:40:02,256 So, let's see what happens when I bring it up. 681 00:40:03,656 --> 00:40:08,126 Click back over, CBTSwitch1, show IP interface brief. 682 00:40:08,226 --> 00:40:12,346 I can see Fast Ethernet 0/1 is indeed shutdown. 683 00:40:16,176 --> 00:40:17,226 No shutdown. 684 00:40:17,776 --> 00:40:24,196 All right, we're bringing that port up and as I mentioned, it's best to keep it shut 685 00:40:24,196 --> 00:40:27,146 down when you're doing this configuration 'cause configuring the trunk port, 686 00:40:27,146 --> 00:40:30,156 you're noting switchport mode trunks, switchport trunk encapsulation at it 687 00:40:30,156 --> 00:40:34,056 and all of that stuff actually causes the port to go up and down, up and down. 688 00:40:34,056 --> 00:40:37,336 And if you got a monitoring system, it will start going nuts on using. 689 00:40:37,336 --> 00:40:38,536 Oh, you're interfaces are going down. 690 00:40:38,906 --> 00:40:40,316 So, I'm going to back out. 691 00:40:40,316 --> 00:40:44,416 I'm going to do that command now that I haven't talked about but we're going to use a lot, 692 00:40:44,416 --> 00:40:48,836 show CBT neighbors which shows you what directly connected Cisco devices you have 693 00:40:48,996 --> 00:40:49,746 and I'm now seeing. 694 00:40:49,806 --> 00:40:55,746 CBTSwitch1 sees CBTSwitch2 out its local interface Fast Ethernet 0/1. 695 00:40:55,746 --> 00:40:57,396 So, I'm like, okay, it's online, it's good. 696 00:40:57,396 --> 00:40:59,506 So now, let's hop back over. 697 00:40:59,506 --> 00:41:02,836 We'll actually and I mean, I have to bend over anymore and-- oops. 698 00:41:02,836 --> 00:41:03,596 Get my console port. 699 00:41:04,426 --> 00:41:06,506 I'm going to trying and ping. 700 00:41:06,726 --> 00:41:08,416 Let's do a show IP interface brief. 701 00:41:10,436 --> 00:41:12,286 Let's see if I can ping him on the other side. 702 00:41:12,286 --> 00:41:18,216 Remember we gave him the IP address 10.1.1.11 and there we go. 703 00:41:18,216 --> 00:41:19,256 We've got success. 704 00:41:19,256 --> 00:41:22,856 When you do pings, exclamation points are good things, dots are drops. 705 00:41:22,856 --> 00:41:24,686 So, we drop the first one and continue down from there. 706 00:41:24,936 --> 00:41:32,156 So now, I can actually type in telnet, this is from CBTSwitch1, 10.1.1.11. 707 00:41:32,156 --> 00:41:32,866 Oh, my goodness. 708 00:41:33,276 --> 00:41:35,336 Did I forget that from the base configuration? 709 00:41:35,946 --> 00:41:37,106 That's horrible. 710 00:41:37,336 --> 00:41:39,586 See that's what happens when you do a base configuration. 711 00:41:39,676 --> 00:41:40,896 Well no, no. 712 00:41:40,896 --> 00:41:44,206 Actually, I did this on purpose to demonstrate a point. 713 00:41:44,386 --> 00:41:48,706 Remember where I told you way back in the beginning, I said, if you don't set a port-- 714 00:41:48,706 --> 00:41:53,496 a password on your VTY ports then you're going to get the message password required 715 00:41:53,496 --> 00:41:56,726 but none set and that's because I'm going-- I've jump back over that. 716 00:41:56,726 --> 00:42:00,046 I'm going to do a show run begin with line-- 717 00:42:00,236 --> 00:42:03,506 begin with line and I'll on here, there's my VTY lines. 718 00:42:03,506 --> 00:42:04,866 They're requiring a login. 719 00:42:05,166 --> 00:42:06,486 I did it on the console port. 720 00:42:06,486 --> 00:42:07,776 I forgot to do on the VTY. 721 00:42:07,986 --> 00:42:10,196 They're requiring a login but I didn't set a password. 722 00:42:10,376 --> 00:42:15,876 Now, see, I just fully-- I completely did that in purpose to demonstrate-- yeah, all right. 723 00:42:16,426 --> 00:42:17,796 Whatever, you get it. 724 00:42:17,796 --> 00:42:19,716 So, I'm going to type in password cisco. 725 00:42:20,036 --> 00:42:20,926 We've now assigned that. 726 00:42:20,926 --> 00:42:23,186 And you know that I've started, of course I want to do it now. 727 00:42:23,186 --> 00:42:28,036 I'm going to jump back over the CBTSwitch1 and let's telnet over 10.1.1. 728 00:42:28,036 --> 00:42:28,466 There we go. 729 00:42:28,466 --> 00:42:29,596 Now, it's asking for password. 730 00:42:29,596 --> 00:42:31,696 Cisco enable cisco. 731 00:42:32,016 --> 00:42:33,816 Good. Now, I'm on CBTSwitch2. 732 00:42:34,676 --> 00:42:37,896 So now, I can do a show VTP status. 733 00:42:37,896 --> 00:42:39,066 Let's see what going on over here. 734 00:42:39,566 --> 00:42:41,416 Check it out. 735 00:42:42,296 --> 00:42:45,396 Previously, this guy was nothing, right? 736 00:42:45,916 --> 00:42:46,986 Previously, let's scroll back. 737 00:42:46,986 --> 00:42:48,846 I didn't do anything to this guy. 738 00:42:48,846 --> 00:42:50,076 You know, behind the scene. 739 00:42:50,376 --> 00:42:52,816 I'm live with you the whole time. 740 00:42:52,816 --> 00:42:55,056 Previously, we did a show VTP status, right? 741 00:42:55,226 --> 00:42:56,266 He was blanked out. 742 00:42:56,266 --> 00:42:57,426 There was nothing there. 743 00:42:57,686 --> 00:43:00,936 We went back over to-- so we did show IP interface brief, 744 00:43:00,936 --> 00:43:02,096 showed that the interface is down. 745 00:43:02,096 --> 00:43:04,366 We went back over to switch1. 746 00:43:04,366 --> 00:43:07,426 Did the configuration and/or actually just powered up that port. 747 00:43:07,426 --> 00:43:08,416 That's all we did. 748 00:43:08,736 --> 00:43:11,996 And then all of a sudden, poof, this guy has now this domain. 749 00:43:11,996 --> 00:43:12,926 That's what I was telling you. 750 00:43:12,926 --> 00:43:18,166 It will accept the very first domain name that it hears about and except all the VLANs. 751 00:43:18,166 --> 00:43:18,986 So, let's verify. 752 00:43:18,986 --> 00:43:24,536 Let's do a show VLAN brief and I can see that VTP has done its job. 753 00:43:24,846 --> 00:43:31,876 VLAN 50, VLAN 100 are now over there and this guy is a server as well, remember? 754 00:43:32,036 --> 00:43:34,576 Show VTP status, I can see he's a server as well. 755 00:43:34,576 --> 00:43:38,996 So, we can even test to go in the other-- we can test to go in the other way. 756 00:43:38,996 --> 00:43:40,396 So, I'm going to go into global config. 757 00:43:40,396 --> 00:43:40,726 Watch this. 758 00:43:40,926 --> 00:43:43,156 I'll create VLAN 150. 759 00:43:43,156 --> 00:43:45,156 Let's name it the TECH department. 760 00:43:45,466 --> 00:43:50,516 Control Z. So now-- now I've got this and if VTP is working right, right? 761 00:43:50,516 --> 00:43:56,566 I just went to the switch 2 and it's now a config rev 3, show VTP or show VLAN brief. 762 00:43:56,726 --> 00:43:58,926 I see the TECH group over there. 763 00:43:59,126 --> 00:44:02,486 Let's exit out from this telnet session and back over on switch 1 764 00:44:02,486 --> 00:44:03,986 and I'll do a show VLAN over here. 765 00:44:04,886 --> 00:44:06,496 Seeing it? 766 00:44:06,496 --> 00:44:07,926 VTP is doing it's job. 767 00:44:07,926 --> 00:44:10,006 It's replicating the VLANs between each other. 768 00:44:10,266 --> 00:44:15,736 Now, all I would have to do is add whatever ports I wanted to, to those specific VLANS. 769 00:44:17,186 --> 00:44:22,066 All right, last thing I wanted to show you before we wrap up is-- remember we are saying-- 770 00:44:22,066 --> 00:44:24,106 I said you can only create up to VLAN-- 771 00:44:24,566 --> 00:44:27,396 what I said, like a two thou-- 1002 if you're running VTP. 772 00:44:27,396 --> 00:44:28,836 Let me first of prove that to you. 773 00:44:28,836 --> 00:44:32,386 Let me go in and let's do VLAN-- let's do VLAN 2000. 774 00:44:33,596 --> 00:44:37,456 No, no, initially, hang on, you're like, "Whoa, buddy, you're wrong." 775 00:44:37,536 --> 00:44:39,736 No, no. Initially, it looks like you can create that. 776 00:44:39,736 --> 00:44:40,386 You can even name it. 777 00:44:40,386 --> 00:44:41,856 I'm like name broken. 778 00:44:41,856 --> 00:44:44,426 You can name it, you can do whatever you want but watch what happens. 779 00:44:44,426 --> 00:44:46,366 I'm going to exit back out. 780 00:44:46,366 --> 00:44:48,866 Denied. It's like, sorry, you cannot-- you can't-- 781 00:44:48,976 --> 00:44:51,006 you can't create that VLAN 2000 see, huh? 782 00:44:51,236 --> 00:44:52,986 So VLAN 2000 can be created. 783 00:44:52,986 --> 00:44:58,206 You're in VTP server mode or essentially, you're using VTP, this isn't allowed. 784 00:44:58,546 --> 00:45:02,866 Now, I can go in there and I can say VTP mode transparent. 785 00:45:03,346 --> 00:45:06,666 Cisco's recommendation is to use that which turns off VTP. 786 00:45:06,666 --> 00:45:08,626 Now, the other guy is running it server. 787 00:45:08,626 --> 00:45:09,646 He's doing his server thing. 788 00:45:09,646 --> 00:45:10,286 That's fine. 789 00:45:10,446 --> 00:45:11,686 We can now be transparent. 790 00:45:11,686 --> 00:45:15,756 Now, I can go in and create VLAN 2000, name NOT_BROKEN. 791 00:45:17,336 --> 00:45:18,516 Exit back out. 792 00:45:18,606 --> 00:45:20,246 And now, we're applying just fine. 793 00:45:20,426 --> 00:45:21,596 Show VLAN brief. 794 00:45:21,676 --> 00:45:25,386 But notice, this-- this is not-- there it is right thee. 795 00:45:25,386 --> 00:45:32,006 NOT_BROKEN VLAN, this is not going to replicate to the other side because VTP is not disabled. 796 00:45:32,296 --> 00:45:33,986 So-- someone-- someone asked me once. 797 00:45:33,986 --> 00:45:35,556 They go-- it's a good strategy. 798 00:45:35,556 --> 00:45:37,336 Maybe you're-- you're first setting up a network. 799 00:45:37,336 --> 00:45:40,856 It's a good strategy to use VTP, you know, replicate all the VLANs 800 00:45:40,856 --> 00:45:43,356 and then go around and turn it all off. 801 00:45:43,356 --> 00:45:44,186 Yeah, I could see that. 802 00:45:44,186 --> 00:45:47,316 I could totally agree with that if that's something you'd like to do. 803 00:45:47,656 --> 00:45:48,316 I will say. 804 00:45:48,316 --> 00:45:52,276 Once you get away from VTP though, for me, when I set up a new network, 805 00:45:52,276 --> 00:45:53,976 I just manually go at everything. 806 00:45:53,976 --> 00:45:57,376 I go on every switch and mainly create only the VLANs that belong there 807 00:45:57,606 --> 00:46:00,336 because VTP will replicate all VLANs everywhere. 808 00:46:00,546 --> 00:46:03,246 So, it's a little-- little messier. 809 00:46:03,246 --> 00:46:04,906 So, let me do a show VLAN brief. 810 00:46:05,346 --> 00:46:09,126 Just to prove VLAN 2000 does not show up on switch2. 811 00:46:09,126 --> 00:46:12,576 So, we'll wrap up by putting Cisco's best practice on here. 812 00:46:12,576 --> 00:46:14,776 VTP mode, transparent. 813 00:46:14,946 --> 00:46:17,326 And now, we have completely disabled VTP. 814 00:46:17,496 --> 00:46:21,296 But in summary, we have now configured VLANs. 815 00:46:21,516 --> 00:46:28,376 We've set up VTP, we've set up trunking, and we now have a VLAN capable environment. 816 00:46:28,856 --> 00:46:30,856 We have been too much beyond that with them. 817 00:46:30,856 --> 00:46:35,076 But that's at least-- we'll call it the base configuration of all VLANs. 818 00:46:35,576 --> 00:46:41,086 And I hope this has been informative for you and I'd like to thank you for viewing. 75787