Module 9: Virtual Trunking Protocol 
9.1 Trunking 
   
9.1.1 History of trunking 

In the telephony industry, the trunking concept is associated with the telephone communication path or channel between two points. One of these two points is usually the Central Office (CO). Shared trunks may also be created for redundancy between COs.

在電話工業中，二點之間的電話通訊路徑或通道與 Trunking 概念有關。二個端點之中通常有一個是局端 (CO)， 為了局端之間的備援，也有可能為此而建立共享式的 Trunk。

The concept used by the telephone and radio industries was then adopted for data communications. An example of this in a communications network is a backbone link between an MDF and an IDF. A backbone is composed of several trunks.

電話工業及廣播工業所使用的觀念也被資料通訊所採用，在通訊網路中介於 MDF 及 IDF 之間的骨幹線路就是一個例子。一個骨幹是由數個 Trunk 所組成的。

Currently, the same principle of trunking is applied to network switching technologies. A trunk is a physical and logical connection between two switches across which network traffic travels.

現在，相同的 Trunking 觀念也被用於網路交換科技上，一個 Trunk 是一個流過二台交換器之間的網路傳輸之實體連線及邏輯連線。

9.1.2 Trunking concepts 

In a switched network, a trunk is a point-to-point link that supports several VLANs. The purpose of a trunk is to conserve ports when a link between two devices that implement VLANs is created. Figure illustrates two VLANs shared across switches Sa and Sb. Each switch uses two physical links so that each port carries traffic for a single VLAN. This is a simple way to implement inter-switch VLAN communication, but it does not scale well.

在一個交換式的網路中，一個 Trunk 就是一個支援多個 VLAN的點對點線路。當二個設備之間的連接建立了 VLAN 時，Trunk 可以節省這二個設備所需要的連接埠，這就是 Trunk 的目的。圖 說明了二個 VLAN 跨越了交換器 Sa 及 Sb，每個交換器使用二個實體線路，每一個實體線路都只承載單一 VLAN 的傳輸。這是一種交換器之間 VLAN 的通訊實作方式，雖然簡單，但網路的規模無法變大。

The addition of a third VLAN would require the use of two more ports, one on each connected switch. This design is also inefficient in terms of load sharing. In addition, the traffic on some VLANs may not justify a dedicated link. Trunking bundles multiple virtual links over one physical link. This allows the traffic of several VLANs to travel over a single cable between the switches.

增加第三個 VLAN 將需要使用額外的二個連接埠，分別在所連接的交換器上。從負載平衡的角度來看，這種設計也不夠經濟。此外，某些 VLAN 的傳輸也不適合給予一個專屬線路。Trunking 可將數個虛擬線路組合成在一條實體線路上，此將可以讓多個 VLAN 的傳輸從單一纜線流經二台交換器。

A comparison for trunking is like a highway distributor. The roads with different start and end points share a main national highway for a few kilometers then divide again to reach their particular destinations. This method is more cost effective than the construction of an entire road from start to end for every known or new destination.

高速公路車道分配是 Trunking 的一種比喻。 不同起點及終點的道路共用了一段國道高速公路，然後再分開到達特定的終點。這種方法會比直接在各個起迄點之間建立專屬道路要來得經濟。

9.1.3 Trunking operation 

Trunking protocols were developed to effectively manage the transfer of frames from different VLANs on a single physical line. The trunking protocols establish agreement for the distribution of frames to the associated ports at both ends of the trunk.

為了在單一實體線路上有效地管理來自於不同 VLAN 之間的訊框傳送，因此發展了 Trunking 協定。Trunking 協定允許讓訊框派送到 Trunk 二端的連接埠。

The two types of trunking mechanisms that exist are frame filtering and frame tagging. Frame tagging has been adopted as the standard trunking mechanism by the IEEE.

現有的二種 Trunking 機制為訊框過濾 (Frame Filtering) 及訊框標誌 (Frame Tagging)。訊框標誌已被 IEEE 所採用而變成一種標準。

Trunking protocols that use frame tagging achieve faster delivery of frames and make management easier.

使用訊框標誌的 Trunking 協定可達到較快速傳遞及較容易管理的目的。

The unique physical link between the two switches is able to carry traffic for any VLAN. In order to achieve this, each frame sent on the link is tagged to identify which VLAN it belongs to. Different tagging schemes exist. The two most common tagging schemes for Ethernet segments are ISL and 802.1Q:

• ISL  – A Cisco proprietary protocol
• 802.1Q  – An IEEE standard that is the focus of this section

介於二台交換器之間的唯一實體線路可以承載任何 VLAN 的傳輸。為了達到這個目的，每個訊框在送到該線路之前都被插入一個標籤，用來識別其所屬的 VLAN。現有不同的標誌方式存在，其中二種最常用於乙太網路區段的技術是 ISL 及 802.1Q：

• ISL  –Cisco 的專屬協定
• 802.1Q  –IEEE 的標準，也是本節的重點

9.1.4 VLANs and Trunking 

The IEEE 802.1Q standard specifies frame tagging as the method to implement VLANs.

IEEE 802.11Q的標準敘述了如何使用訊框標誌來完成VLAN。

VLAN frame tagging was specifically developed for switched communications. Frame tagging places a unique identifier in the header of each frame as it is forwarded throughout the network backbone. The identifier is understood and examined by each switch before any broadcasts or transmissions are made to other switches, routers, or end stations. When the frame exits the network backbone, the switch removes the identifier before the frame is transmitted to the target end station. Frame tagging functions at Layer 2 and does not require much network resources or administrative overhead.

VLAN 訊框標誌是特別為交換式的通訊環境所量身訂製的。當訊框流經網路骨幹時，訊標標誌會將唯一的識別碼放在每個訊框的標頭欄位，這個識別碼可以被每個交換器所認知及檢測出來，並且是在交換器對訊框作出廣播或傳送到其它交換器, 路由器與端點設備之前。當訊框離開網路骨幹，交換器會將該識別碼移除，再將訊框傳送到目的地裝置。訊框標誌屬於第二層的功能，它不需要太多的網路資源或額外的管理負擔。

It is important to understand that a trunk link does not belong to a specific VLAN. A trunk link is a conduit for VLANs between switches and routers.

有一件事很重要，Trunk 線路不屬於任何一個 VLAN，這點必須要瞭解。一個 Trunk 線路是一個介於眾交換器及眾路由器之間的 VLAN 傳遞管道。

ISL is a protocol that maintains VLAN information as traffic flows between the switches. With ISL, an Ethernet frame is encapsulated with a header that contains a VLAN ID.

ISL 是一個協定，它可以維護流經交換器之間傳輸的 VLAN 資訊。使用 ISL 時，乙太網路訊框會再度被封裝，並配置一個具有 VLAN 識別碼的標頭。

9.1.5 Trunking implementation 

This page will teach students how to create and configure a VLAN trunk on a Cisco IOS command-based switch. First configure the port as a trunk and then use the commands shown in Figure to specify the trunk encapsulation.

本節將會將學生如何在 Cisco IOS 命令列模式的交換器上建立及設定 VLAN Trunk。首先要將連接埠設定成 Trunk，接著使用圖 的指令來指定 Trunk 的封裝方式。

Verify that trunking has been configured and verify the settings with the show interfacesFa0/port_num or show interfacestrunk commands from Privileged EXEC mode of the switch.

檢查已被設定的 Trunking，並且在交換器的特權管理者模式下以 show interfacesFa0/port_num 或 show interfacestrunk 指令檢查這些設定。

9.2 VTP 
   
9.2.1 History of VTP 

VLAN Trunking Protocol (VTP) was created by Cisco to solve operational problems in a switched network with VLANs. It is a Cisco proprietary protocol.

VLAN Trunking 協定 (VTP) 是由 Cisco 所建立，為了解決在交換式網路上使用 VLAN 的操作問題。它是一個 Cisco 的專屬協定。

Consider the example of a domain with several interconnected switches that support several VLANs. A domain is a logical group of users and resources under the control of one server, called the primary domain controller (PDC).

考慮下面例子，在一個具有多台相互連接交換器的領域中，每個交換器都支援多個 VLAN。一個領域是指由使用者及資源所組成的一個邏輯群組，該群組被一台稱為主要領域伺服器 (PDC) 所控制。

To maintain connectivity within VLANs, each VLAN must be manually configured on each switch. As the organization grows and additional switches are added to the network, each new switch must be manually configured with VLAN information. A single incorrect VLAN assignment could cause two potential problems:

• Cross-connected VLANs due to VLAN configuration inconsistencies
• VLAN misconfiguration across mixed media environments such as Ethernet and Fiber Distributed Data Interface (FDDI)

為了維護 VLAN 內的連接，必須在各個交換器上手動設定每一個 VLAN。當企業組織成長並加入更多的交換器，每一個新的交換器都必須手動設定 VLAN 資訊。只要一個不正確的 VLAN 指派就可能導致二個潛在問題：

• 由於 VLAN 設定不一致所導致的 VLAN 交叉連接
• 在混合通訊媒體的環境 (例如：乙太網路及FDDI) 不當地規劃VLAN

With VTP, VLAN configuration is consistently maintained across a common administrative domain. Additionally, VTP reduces management and monitoring complexities of networks with VLANs.

在一個共同的管理領域內的 LAN 設定可以藉由 VTP 維持一致性。此外，在具有 VLAN 的網路環境下，VTP 也可以降低管理及監督的複雜度。

9.2.2 VTP concepts 

The role of VTP is to maintain VLAN configuration consistency across a common network administration domain. VTP is a messaging protocol that uses Layer 2 trunk frames to add, delete, and rename VLANs on a single domain. VTP also allows for centralized changes that are communicated to all other switches in the network.

VTP 的角色是讓 VLAN 的設定可以在一個共同的網路管理領域內維持一致性。VTP 是一個訊息傳遞的協定，在單一領域下它使用第二層 Trunk 訊框對 VLAN 進行增加、刪除以及重新命名的工作。VTP 也允許集中式的改變並通知到網路上的其它交換器。

VTP messages are encapsulated in either ISL or IEEE 802.1Q protocol frames, and passed across trunk links to other devices. In IEEE 802.1Q frames, a 4-byte field is used to tag the frame.

VTP 訊息被封裝在 ISL 或 IEEE 802.1Q 協定訊框內，再從 Trunk 線路傳送到其它的裝置。在 IEEE 802.1Q 訊框上，會額外加入一組 4 位元組的欄位作為標籤以茲識別。

While switch ports are normally assigned to only a single VLAN, trunk ports by default carry frames from all VLANs.

在正常情形下，一般的交換器連接埠都只被指派到單一的 VLAN 上，而 Trunk 連接埠則預設可承載來自於任何 VLAN 的訊框。

9.2.3 VTP operation 

A VTP domain is made up of one or more interconnected devices that share the same VTP domain name. A switch can be in one VTP domain only.

一個 VTP 領域是由一個或多個交互相連的裝置所構成，這些裝置共用相同的 VTP 領域名稱。一個交換器只能存在於一個 VTP 領域內。

When transmitting VTP messages to other switches in the network, the VTP message is encapsulated in a trunking protocol frame such as ISL or IEEE 802.1Q. Figure shows the generic encapsulation for VTP within an ISL frame. The VTP header varies based on the type of VTP message, but generally, the same four items are found in all VTP messages:

• VTP protocol version - Either version 1 or 2
• VTP message type - Indicates one of four types of messages
• Management domain name length - Indicates the size of the name that follows
• Management domain name - Name configured for the management domain

當 VTP 訊息在網路上傳遞給其它的交換器時，該 VTP 訊息被封裝在一個 Trunking 協定訊框內，例如 ISL 或 IEEE 802.1Q 協定的訊框。圖 展示了 ISL 訊框的 VTP 概要封裝格式。VTP 標頭會按照 VTP 訊息的型態而變化，但一般而言，所有的 VTP 訊息都可以找到四個相同項目：

• VTP 協定版本 – 第一版或第二版
• VTP 訊息型態 – 指定了四種訊息型態中的一種
• 管理領域名稱長度 – 指定了接下來的名稱長度
• 管理領域名稱 – 對該管理領域所設定的名稱

VTP switches operate in one of three modes:

• Server
• Client
• Transparent

VTP 交換器運作於下列三種模式之一：

• 伺服模式
• 用戶模式
• 透通模式

VTP servers can create, modify, and delete VLAN and VLAN configuration parameters for the entire domain. VTP servers save VLAN configuration information in the switch NVRAM. VTP servers send VTP messages out to all trunk ports.

VTP 伺服模式交換器可以對整個領域的 VLAN 及 VLAN 設定參數進行建立、修改及刪除的工作。VTP 伺服模式交換器將 VLAN 設定資料儲存在本身的 NVRAM 內。VTP 伺服模式交換器將 VTP 訊息送到所有的 Trunk 連接埠。

VTP clients cannot create, modify, or delete VLAN information. This mode is useful for switches that lack the memory to store large tables of VLAN information. The only role of VTP clients is to process VLAN changes and send VTP messages out all trunk ports.

VTP 用戶模式交換器不能新增、修改或刪除 VLAN 資訊，這個模式對於記憶體不足以儲存 VLAN 資訊的交換器而言非常用有。VTP 用戶模式交換器的唯一角色是處理 VLAN 的改變並且將 VTP 訊息傳送到所有的 Trunk 連接埠。

Switches in VTP transparent mode forward VTP advertisements but ignore information contained in the message. A transparent switch will not modify its database when updates are received, or send out an update that indicates a change in its VLAN status. Except for forwarding VTP advertisements, VTP is disabled on a transparent switch.

在 VTP 透通模式下的交換器會傳送 VTP 通告，但卻忽略該訊息的內容。當收到或送出關於 VLAN 狀態的更新訊息時，一個透通模式交換器將不會修改它自己的資料庫。除了傳送 VTP 通告外，在一個透通模式交換器上會關閉 VTP 的功能。

VLANs detected within the advertisements serve as notification to the switch that traffic with the newly defined VLAN IDs may be expected.

交換器從通告中所偵測到的 VLAN 就可當作一個通知，具有新定義的 VLAN 識別碼的傳輸將有可能來到。

In Figure , Switch C transmits a VTP database entry with additions or deletions to Switch A and Switch B. The configuration database has a revision number that is incremented by one. A higher configuration revision number indicates that the VLAN information that is received is more current then the stored copy. Any time a switch receives an update that has a higher configuration revision number, the switch overwrites the stored information with the new information sent in the VTP update. Switch F will not process the update because it is in a different domain. This overwrite process means that if the VLAN does not exist in the new database, it is deleted from the switch. In addition, VTP maintains its own configuration in NVRAM. The erase startup-configuration command clears the configuration in the NVRAM, but not the VTP database revision number. To set the configuration revision number back to zero, the switch must be rebooted.

在圖 中，交換器 C 對交換器 A 及交換器 B 傳送一個新增或刪除的 VTP 資料庫項目。該設定資料庫具有一個修訂號碼，該號碼一次往上增加一號。如果接收到的設定具有較高的修訂號碼，代表該 VLAN 資訊比自己所存放的資訊還新。不管在什麼時候，只要交換器收到具有較高修訂號碼的更新資訊，它都會把新的訊息覆蓋舊有的資訊。交換器 F 將不會處理該更新訊息，因為它位於不同的領域。這個覆寫程序意味著如果 VLAN 不存在新的資料庫，交換器將會把它刪除。此外，VTP 自行維護於它自己的 NVRAM， erase startup-configuration 指令只能清除 NVRAM 中的設定檔，但不能清除 VTP 資料庫的修訂號碼。若要將該號碼重置為 0，必須讓交換器重新開機。

By default, management domains are set to a nonsecure mode. That means that the switches interact without the use of a password. To automatically set the management domain to secure mode, a password can be added. The same password must be configured on every switch in the management domain to use secure mode.

在預設情形下，管理領域被設定成為非安全模式，此意味著這些交換器的交互作用並不需要密碼。若要將管理領域自動地設成安全模式，必須要加上密碼才行，而且所有相同管理領域的交換器都要使用相同的密碼。

9.2.4 VTP implementation 

With VTP, each switch advertises on its trunk ports its management domain, configuration revision number, the VLANs that it knows about, and certain parameters for each known VLAN. These advertisement frames are sent to a multicast address so that all neighbor devices can receive the frames. However, the frames are not forwarded by normal bridging procedures. All devices in the same management domain learn about any new VLANs configured in the transmitting device. A new VLAN must be created and configured on one device only in the management domain. All the other devices in the same management domain automatically learn the information.

在 VTP 機制下，每一個交換器會在它的 Trunk 連接埠發出通告，其內容包含了它的管理領域、設定資料的修訂號碼、它所知道的 VLAN 以及其所相關的參數。這些通告訊框以群播位址的方式傳送出去，因此所有相鄰的設備都可以接收到該訊框。但是，這些訊框不會被正常的橋接程序所轉送。在相同管理領域內的所有設備都可以學到傳送設備內所新增的 VLAN。在一個管理領域內，新的 VLAN 只需要在一台交換器上面建立就可以了，其它的裝置在相同的管理領域內都會自動學習到該資訊。

Advertisements on factory-default VLANs are based on media types. User ports should not be configured as VTP trunks.

在工廠預設 VLAN 上的通告與傳輸介質型態有關，使用者連接埠不應該被設定為 VTP Trunk。

Each advertisement starts as configuration revision number 0. As changes are made, the configuration revision number is increased incrementally by one, or n + 1. The revision number continues to increment until it reaches 2,147,483,648. When it reaches that point, the counter will reset back to zero.

每一個通告都是從修訂號碼 0 開始，每作一次改變，該號碼就增加一，或稱為 n + 1。這個修訂號碼持續增加直到 2,147,483,648 為止，當它到達這個數值，該計數器將被重置為 0。

There are two types of VTP advertisements:

• Requests from clients that want information at bootup
• Response from servers

VTP 通告的型態有二種：

• 來自於用戶模式交換器的請求，這是該交換器在開機時所想要知道的資訊
• 來自於伺服模式交換器的回應

There are three types of VTP messages:

• Advertisement requests
• Summary advertisements
• Subset advertisements

VTP 訊息的型態有三種：

• 通告請求
• 摘要通告
• 部分通告

With advertisement requests, clients request VLAN information and the server responds with summary and subset advertisements.

當用戶模式交換器需要 VLAN 的資訊時，就會發出通告請求，而伺服模式交換器就利用摘要通告及部分通告作為回應。

By default, server and client Catalyst switches issue summary advertisements every five minutes. Servers inform neighbor switches what they believe to be the current VTP revision number. If the domain names match, the server or client compares the configuration revision number that it received. If the switch receives a revision number that is higher than the current revision number in that switch, it issues an advertisement request for new VLAN information.

在預設情形下，Catalyst 交換器 (包含 VTP 用戶模式及伺服模式的交換器) 會每五分鐘發出一個摘要通告。伺服模式交換器通知相鄰交換器它目前所使用的設定資料之修訂號碼。如果交換器接收到一個修訂號碼比自己現行的號碼還要高，它就會發出一個通告請求以取得新的 VLAN 資訊。

Subset advertisements contain detailed information about VLANs such as VTP version type, domain name and related fields, and the configuration revision number. Certain actions can trigger subset advertisements:

• VLAN creation or deletion
• VLAN suspension or activation
• VLAN name change
• VLAN maximum transmission unit (MTU) change

部分通告含有 VLAN 的詳細資訊，例如：VTP 版本、領域名稱與相關欄位、以及設定的版本號碼。下列情形將會產生部分通告：

• VLAN 的建立或刪除
• VLAN 的停用或啟用
• VLAN 的名稱改變
• VLAN 的 MTU 改變

Advertisements can contain some or all of the following information:

• Management domain name - Advertisements with different names are ignored.
• Configuration revision number - The higher number indicates a more recent configuration.
• Message Digest 5 (MD5) - MD5 is the key that is sent with the VTP when a password has been assigned. If the key does not match, the update is ignored.
• Updater identity - The updater identity is the identity of the switch that sends the VTP summary advertisement.

通告可以包含下列部分或全部的資訊：

• 管理領域名稱 - 不同名稱的通告將被忽略
• 設定資料的版本號碼 - 較高的號碼意味著較新的設定資料
• 訊息摘要 (MD5) - 當密碼被設定時，MD5 就成為一把金鑰隨著 VTP 一同傳送，如果金鑰不相同，該次更新將被忽略
• 更新者識別資料 - 這個資料就是傳送 VTP 摘要通告的交換器識別碼

9.2.5 VTP configuration 

Specific steps must be considered before VTP and VLANs are configured on the network:

1. Determine the version number of VTP that will be utilized.
2. Decide if the switch will be a member of a management domain that already exists, or if a new domain should be created. If a management domain exists, determine the name and password of the domain.
3. Choose a VTP mode for the switch.

在設定 VTP 及 VLAN 之前，有些步驟必須先考慮：

1. 決定所要使用的 VTP 版本
2. 決定該交換器要加入一個已存在的管理領域還是要建立新的領域。如果要加入既有的管理領域，必須知道該領域的名稱及密碼。
3. 選定該交換器的 VTP 模式

Two different versions of VTP are available, Version 1 and Version 2. The two versions are not interoperable. If a switch is configured in a domain for VTP Version 2, all switches in the management domain must be configured for VTP Version 2. VTP Version 1 is the default. VTP version 2 can be implemented if the features required are not in version 1. The most common feature that is needed is Token Ring VLAN support.

目前有二種 VTP 版本，分別是第一版及第二版。這二個版本彼此並不相容，如果領域中的某個交換器被設定為第二版，則在該管理領域內的所有交換器都必須設定為第二版。VTP 第一版是預設值，當所需要的功能在第一版沒有提供時，就可以採用第二版。通常這些功能是 Token Ring 的 VLAN 支援。

To configure the VTP version on a Cisco IOS command-based switch, first enter VLAN database mode.

若要設定 VTP 的版本，首先必須要進入 VLAN 資料庫模式。

The following command can be used to enter VLAN database mode and configure the VTP version number.

Switch#vlan database

Switch(vlan)#vtp v2-mode

下面的指令可以進入 VLAN 資料庫模式並且設定 VTP 的版本：

Switch#vlan database

Switch(vlan)#vtp v2-mode

If the switch is the first switch in the network, the management domain should be created. If the management domain has been secured, configure a password for the domain.

如果該交換器是網路上的第一台交換器，就必須建立管理領域；如果管理領域必須具有安全性，就請為該領域設定一組密碼。

The following command can be used to create the management domain.

Switch(vlan)#vtp domain cisco

下面的指令可以建立管理領域。

Switch(vlan)#vtp domain cisco

The domain name can be between 1 and 32 characters in length. The password must be between 8 and 64 characters long.

領域名稱的長度可以是 1 到 32 個字元，密碼長度則必須介於 8 到 64 個字元之間。

To add a VTP client to a VTP domain that already exists, verify that its VTP configuration revision number is lower than the configuration revision number of the other switches in the VTP domain. Use the show vtp status command. Switches in a VTP domain always use the VLAN configuration of the switch with the highest VTP configuration revision number. If a switch is added with a higher revision number than what is currently in the VTP domain, it can erase all VLAN information from the VTP server and VTP domain.

若要將一個 VTP 用戶模式交換器加入一個已存在的 VTP 領域內，請先檢查它的 VTP 設定資料的修訂號碼比該領域內所有交換器的修訂號碼還來的小。請使用 show vtp status 指令。在 VTP 領域內的交換器永遠使用較高修訂號碼的 VLAN 設定資料，如果新加入的交換器具有較高的修訂號碼，它將會從該 VTP 領域內所有 VTP 伺服模式交換器內把內所有的 VLAN 資訊全部清除。

Choose one of the three available VTP modes for the switch. If this is the first switch in the management domain and additional switches will be added, set the mode to server. The additional switches will be able to learn VLAN information from this switch. There should be at least one server.

在對交換器進行 VTP 設定時，必須從三種 VTP 模式中選擇一種來進行。如果該交換器是管理領域內的第一台交換器，並且要讓其它的交換器可以加入，就應該把這台交換器設定為伺服模式，如此一來，新加入的交換器將可以從這台交換器學到 VLAN 的資訊。在一個管理領域內，必須至少有一台是屬於伺服模式的交換器。

VLANs can be created, deleted, and renamed at will without the switch propagating changes to other switches. VLANs can overlap if several people configure devices within a network. For example, the same VLAN ID can be used for VLANs with dissimilar purposes.

VLAN 可以在交換器上被新增、刪除及更名，即使交換器還沒有把這些資訊傳遞出去，這些工作依然可以完成。因此，如果在一個網路上有多人同時進行設定，就可能發生 VLAN 重疊的現象。例如：相同的 VLAN ID 可能會因為不同的目的而設定在不同的 VLAN 上。

The following command can be used to set the correct mode of the switch:

Switch(vlan)#vtp {client | server | transparent}

下面的指令可以用來設定交換器的操作模式：

Switch(vlan)#vtp {client | server | transparent}

Figure shows the output of the show vtp status command. This command is used to verify VTP configuration settings on a Cisco IOS command-based switch.

圖 顯示了 show vtp status 指令的結果。這個指令是用來檢查 VTP 的設定是否正確。

Figure shows an example of the show vtp counters command. This command is used to display statistics about advertisements sent and received on the switch.

圖 是 show vtp counters 指令的範例，這個指令是用來顯示交換器發出與接收通告的統計。

9.3 Inter-VLAN Routing Overview 
   
9.3.1 VLAN basics 

A VLAN is a logical grouping of devices or users that can be grouped by function, department, or application regardless of their physical location.

一個 VLAN 是一個邏輯上的群組，它可以把使用者或裝置按照功能、部門或應用的方式作為群組，而不必考慮這些裝置或使用者所在的實際位置。

9.3.2 Introducing inter-VLAN routing 

When a host in one broadcast domain wishes to communicate with a host in another broadcast domain, a router must be involved.

在一個廣播領域內的主機，如果想要與另一個廣播領域內的主機作通訊，就需要使用路由器。

Port 1 on a switch is part of VLAN 1, and port 2 is part of VLAN 200. If all of the switch ports were part of VLAN 1, the hosts connected to these ports could communicate. In this case however, the ports are part of different VLANs, VLAN 1 and VLAN 200. A router must be involved if hosts from the different VLANs need to communicate.

交換器上的 Port 1 被設定成 VLAN 1，Port 2 被設定成 VLAN 200。 如果所有的交換器連接埠都設定成 VLAN 1，則接在這些連接埠的主機都能相互通訊。但是在這個例子中，這些連接埠位於不同的 VLAN 上 (VLAN 1 與 VLAN 200)，如果來自於不同 VLAN 的主機要相互通訊，就必須加入一台路由器。

9.3.3 Inter-VLAN issues and solutions 

When VLANs are connected together, several technical issues will arise. Two of the most common issues that arise in a multiple-VLAN environment are:

• The need for end user devices to reach non-local hosts
• The need for hosts on different VLANs to communicate

當 VLAN 連接在一起，一些技術上的問題就會產生，在多個 VLAN 環境下最常見的問題有：

• 終端用戶裝置要連到遠端主機的需求
• 位於不同 VLAN 的主機要相互通訊

On a router, an asterisk (*) indicates a default route in the output of the show ip route command. For hosts on a local area network, this gateway is set to whatever machine has a direct connection to the outside world, and it is the Default Gateway listed in the workstation TCP/IP settings. If the default route is being configured for a router which itself is functioning as the gateway to the public Internet, then the default route will point to the gateway machine at an Internet service provider (ISP) site. Default routes are implemented using the ip route command.

Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1

若在路由器上執行 show ip route 指令，預設路由會被標上一個星號 (*)。對於區域網路上的主機，這個閘道器被設成直接連外的機器，它也就是工作站上 TCP/IP 設定中的預設閘道器。如果一個路由器本身就是擔任通往網際網路角色的機器，則它所設定的預設路由將會指向 ISP 的閘道機器。預設路由可以使用 ip route 指令來設定。

Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1

In this example, 192.168.1.1 is the gateway. Inter-VLAN connectivity can be achieved through either logical or physical connectivity.

在上面的範例，192.168.1.1 就是閘道位址。VLAN 之間的連接可以經過邏輯連線或實體連線來達成。

Logical connectivity involves a single connection, or trunk, from the switch to the router. That trunk can support multiple VLANs. This topology is called a router on a stick because there is a single connection to the router. However, there are multiple logical connections between the router and the switch.

邏輯連線只使用單一的連接線路，該線路即為 Trunk，它連接了交換器與路由器。該 Trunk 線路可以支援多個 VLAN。這種拓樸又稱為 router-on-a-stick，因為只有單一線路到達路由器。不管如何，在路由器與交換器之間仍然有多條邏輯連線存在。

Physical connectivity involves a separate physical connection for each VLAN. This means a separate physical interface for each VLAN.

實體連線則針對每一個 VLAN 都採用獨立分離的實體線路，這也意味著每一個 VLAN 都使用路由器上獨立分離的實體界面。

The router-on-a-stick designs employ a single trunk link that connects the router to the rest of the campus network. Inter-VLAN traffic must cross the Layer 2 backbone to reach the router where it can move between VLANs. Traffic then travels back to the desired end station using normal Layer 2 forwarding. This out-to-the-router-and-back flow is characteristic of router-on-a-stick designs.

在 router-on-a-stick 設計方式中，它只使用單一 Trunk 線路將路由器連接到校園網路。 VLAN 之間的傳輸必須跨越第二層骨幹以送達路由器，該路由器可以在 VLAN 之間作資料傳送的工作，最後再以一般的第二層轉送機制將該資料送回目的地工作站。將資料送進又送出路由器的流程就是 router-on-a-stick 設計的一個特徵。

9.3.4 Physical and logical interfaces 

In a traditional situation, a network with four VLANs would require four physical connections between the switch and the external router.

在傳統情形下，一個具有四個 VLAN 的網路需要四個實體連線以連接交換器與外部的路由器。

As technologies such as Inter-Switch Link (ISL) became more common, network designers began to use trunk links to connect routers to switches. Although any trunking technology such as ISL, 802.1Q, 802.10, or LAN emulation (LANE) can be used, Ethernet-based approaches such as ISL and 802.1Q are most common.

當交換器之間連接技術 (如 ISL) 普遍之後，網路設計者開始使用 Trunk 線路來連接路由器與交換器。 雖然任何 Trunking 技術都可以使用 (例如：ISL、802.1Q、802.10 或 LANE)，在乙太網路架構下最常見的仍是 ISL 與 802.1Q。

Networks with many VLANs must use VLAN trunking to assign multiple VLANs to a single router interface.

具有眾多 VLAN 的網路必須使用 VLAN Trunking 以便將多個 VLAN 指派到單一路由器界面上。

The dashed lines in the example refer to the multiple logical links running over this physical link using subinterfaces. The router can support many logical interfaces on individual physical links. For example, the Fast Ethernet interface FastEthernet 1/0 might support three virtual interfaces numbered FastEthernet 1/0.1, 1/0.2 and 1/0.3.

範例中的虛線代表多個邏輯線路，它是在一個實體線路上使用子界面作傳輸。該路由器可以在單一實體線路上支援許多邏輯界面，例如：高速乙太網路界面 FastEthernet 1/0可以支援三個虛擬界面，分別由 FastEthernet 1/0.1、1/0.2 及 1/0.3 作編號。

The primary advantage of using a trunk link is a reduction in the number of router and switch ports used. Not only can this save money, it can also reduce configuration complexity. Consequently, the trunk-connected router approach can scale to a much larger number of VLANs than a one-link-per-VLAN design.

使用 Trunk 線路的好處是縮減路由器以及交換器所使用的連接埠。它不僅可以節省成本，也可以降低設定的複雜度。因此，採用 Trunk 連接方式的設計將可比單一 VLAN 使用單一線路的設計達到更大的規模。

9.3.5 Dividing physical interfaces into subinterfaces 

A subinterface is a logical interface within a physical interface, such as the Fast Ethernet interface on a router.

一個子界面是在一個實體界面 (例如：路由器上的高速乙太網路界面) 上的邏輯界面。

Multiple subinterfaces can exist on a single physical interface.

在單一實體界面上可存在多個子界面。

Each subinterface supports one VLAN, and is assigned one IP address. In order for multiple devices on the same VLAN to communicate, the IP addresses of all meshed subinterfaces must be on the same network or subnetwork. For example, if subinterface FastEthernet 0/0.1 has an IP address of 192.168.1.1 then 192.168.1.2, 192.168.1.3, and 192.1.1.4 are the IP addresses of devices attached to subinterface FastEthernet 0/0.1.

每個子界面支援一個 VLAN，並且可被指派一個 IP 位址。為了讓同一個 VLAN 上的多個裝置可以相互通訊，所有網狀的子界面都必須在相同的網段或子網段。例如：如果子界面 FastEthernet 0/0.1 的 IP 位址是 192.168.1.1，則 192.168.1.2、192.168.1.3 及 192.168.1.4 都是連接在 FastEthernet 0/0.1 子界面上的裝置所可使用的 IP 位址。

In order to route between VLANs with subinterfaces, a subinterface must be created for each VLAN.

為了讓使用子界面的 VLAN 之間可以作繞送，必須為每一個 VLAN 都建立一個子界面。

9.3.6 Configuring inter-VLAN routing 

Before any of these commands are implemented, each router and switch should be checked to see which VLAN encapsulations they support. Catalyst 2950 switches have supported 802.1q trunking since the release of Cisco IOS release 12.0(5.2)WC(1), but they do not support Inter-Switch Link (ISL) trunking. In order for inter-VLAN routing to work properly, all of the routers and switches involved must support the same encapsulation.

在使用這些指令之前，必須先確認每一個路由器以及交換器所支援的 VLAN 封裝方式。Catalyst 2950 交換器從 Cisco IOS 12.0(5.2)WC(1) 開始支援 802.1q Trunking，但是它們不支援 ISL Trunking。為了讓 VLAN 之間的繞送能夠正常運作，所有的路由器及交換器都必須支援相同的封裝方式。

To define subinterfaces on a physical interface, perform the following tasks:

• Identify the interface.
• Define the VLAN encapsulation.
• Assign an IP address to the interface.

如果要在一個實體界面上定義子界面，請執行下列步驟：

• 指定該界面
• 定義 VLAN 的封裝方式
• 指派 IP 位址到該界面上

To identify the interface, use the interface command in global configuration mode.

Router(config)#interface fastethernetport-number subinterface-number

若要指定界面，請在全域設定模式下使用 interface 指令：

Router(config)#interface fastethernetport-number subinterface-number

The port-number identifies the physical interface, and the subinterface-number identifies the virtual interface.

該 port-number 指定了所使用的實體界面，而 subinterface-number 則指定了虛擬界面。

The router must be able to talk to the switch using a standardized trunking protocol. This means that both devices that are connected together must understand each other. In the example, 802.1Q is used. To define the VLAN encapsulation, enter the encapsulation command in interface configuration mode.

Router(config-if)#encapsulation dot1q vlan-number

路由器必須使用標準的 Trunking 協定與交換器作溝通，這也意味著連接在一起的二個裝置必須相互瞭解對方。本範例使用了 802.1Q。若要定義 VLAN 的封裝方式，請在界面設定模式下鍵入 encapsulation 指令：

Router(config-if)#encapsulation dot1q vlan-number

The vlan-number identifies the VLAN for which the subinterface will carry traffic. A VLAN ID is added to the frame only when the frame is destined for a nonlocal network. Each VLAN packet carries the VLAN ID within the packet header.

其中 vlan-number 指定該子界面要使用哪一個 VLAN 去傳送資料。只有當訊框要被傳送到遠端的網路時，該訊框才會被加入一個 VLAN 的識別碼。每一個 VLAN 封包都會在該表頭內嵌入 VLAN 識別碼。

To assign the IP address to the interface, enter the following command in interface configuration mode.

Router(config-if)#ip address ip-address subnet-mask

若要將 IP 位址指派到該界面，請在界面設定模式鍵入下列指令：

Router(config-if)#ip address ip-address subnet-mask

The ip-address and subnet-mask are the 32-bit network address and mask of the specific interface.

其中 ip-address 及 subnet-mask 是該界面的 32 位元網路位址及子網路遮罩。

In the example, the router has three subinterfaces configured on Fast Ethernet interface 0/0. These three interfaces are identified as 0/0.1, 0/0.2, and 0/0.3. All interfaces are encapsulated for 802.1Q. Interface 0/0.1 is routing packets for VLAN 1, whereas interface 0/0.2 is routing packets for VLAN 20 and 0/0.3 is routing packets for VLAN 30.

在本範例中，該路由器已經在 FastEthernet 0/0 界面上建立了三個子界面，這三個子界面分別編號為 0/0.1、0/0.2 以及 0/0.3。所有的界面都採用 802.1Q 的封裝方式。界面 0/0.1 針對 VLAN 1 作封包繞送，而界面 0/0.2 對 VLAN 20 的封包作繞送，至於界面 0/0.3 則對 VLAN 30 的封包作繞送。