Linda Hajovsky
asked on
Where does a Cisco IOS switch store VLAN info?
2 questions, actually:
I've got a 2960 switch running IOS 12.2(25). It has an access point connected to it but guests were unable to connect to one of the wireless networks the AP provides.
One of my techs looked into it and said that VLAN 12 was not configured on the switch; VLAN 12 is the VLAN the guest wireless network uses. He just did "vlan 12" at a conf t prompt and it all woke up. He didn't add any interfaces to VLAN 12. So question 1 is this: VLAN 12 exists on the AP, and the switch port the AP is on is configured to trunk. Why was it necessary to create VLAN 12 on the switch? None of the resources accessed by users of the guest wifi are on that switch, they just need to use its backbone to our internet router, which is also configured to trunk.
Now I can see VLAN 12 in there when I do a "sho vlan", but I can't see the command that creates VLAN 12 in the running config. So question 2 is, when the switch reboots or whatever, how does it know to re-create VLAN 12? Is the info stored somewhere other than the running-config?
Asking because I can envision a time when the switch dies and we go to swap in a replacement by throwing a copy of the old config on it, then sit around scratching our heads because "everything should be identical" when really the VLAN is not being created.
I've got a 2960 switch running IOS 12.2(25). It has an access point connected to it but guests were unable to connect to one of the wireless networks the AP provides.
One of my techs looked into it and said that VLAN 12 was not configured on the switch; VLAN 12 is the VLAN the guest wireless network uses. He just did "vlan 12" at a conf t prompt and it all woke up. He didn't add any interfaces to VLAN 12. So question 1 is this: VLAN 12 exists on the AP, and the switch port the AP is on is configured to trunk. Why was it necessary to create VLAN 12 on the switch? None of the resources accessed by users of the guest wifi are on that switch, they just need to use its backbone to our internet router, which is also configured to trunk.
Now I can see VLAN 12 in there when I do a "sho vlan", but I can't see the command that creates VLAN 12 in the running config. So question 2 is, when the switch reboots or whatever, how does it know to re-create VLAN 12? Is the info stored somewhere other than the running-config?
Asking because I can envision a time when the switch dies and we go to swap in a replacement by throwing a copy of the old config on it, then sit around scratching our heads because "everything should be identical" when really the VLAN is not being created.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I guess I'm confused as to why the switch would need to know about VLAN 12 at all. There are no interfaces on the switch in VLAN 12, so all I want is for VLAN 12-tagged frames to head out over the trunk toward the other devices which _do_ have interfaces in VLAN 12. I'm not understanding why the switch the AP is attached to needs to know about VLAN 12...shouldn't the AP be tagging the appropriate frames for VLAN 12, and then shouldn't the switch see them and just shoot them down the trunk? Will a trunked port only pass frames tagged for VLANs it knows about?
I feel like I'm probably missing something very basic here and will be embarassed once the light comes on.
I feel like I'm probably missing something very basic here and will be embarassed once the light comes on.
What VTP mode is that switch in? It could have been pruned.
Set the switch's vtp domain to "transparent"
conf t
vtp mode transparent
end
When you do this the vlans will be stored in the config. I hate VTP...
conf t
vtp mode transparent
end
When you do this the vlans will be stored in the config. I hate VTP...
True, but you have to add them to that switch if it needs to know about it.
VTP has its advantages if you have a large number of switches and a large number of VLAN's.
VTP has its advantages if you have a large number of switches and a large number of VLAN's.
In a well-designed network you would push the Layer 3 outward and never have a lot of switches with the same vlans. So VTP is a tool to manage a badly-designed network. Even when I've had to push vlans to a number of switches, I prefer to manage it manually- because when VTP isn't used correctly (i.e. the default "server" mode is left in place on all switches), removing a vlan on one switch removes it everywhere!
And yes, you have to add the vlans to the switch, but that had to be done anyway. Setting VTP to transparent means that the vlan configuration is stored as part of the regular config where it can easily be recreated on a replacement switch.
And yes, you have to add the vlans to the switch, but that had to be done anyway. Setting VTP to transparent means that the vlan configuration is stored as part of the regular config where it can easily be recreated on a replacement switch.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So any time a port is set to trunk, it should be SOP to make sure all VLANs which the trunk will need to carry exist in the VLAN database on the switch that has the trunk port. VLANs can be added to the database either manually through a "VLAN 12" command, or by VTP if that's being used. Do I have that right?
Last (I think) question: aside from concerns about filling up available space, are there any cons to setting VTP to transparent?
Last (I think) question: aside from concerns about filling up available space, are there any cons to setting VTP to transparent?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I don't know about the "filling up available space" part, but personally, I don't use VTP. It's a nice feature, but it's really easy to shoot yourself in the foot with it. I like to explain that it's like a chainsaw: An excellent tool. Saves lots of time, etc. But if you don't understand it and exercise caution, you can have a very bad day. A "bad day" being introducing a new switch that wipes out every VLAN on every switch.
So "vtp mode transparent" almost looks like a good thing to set by default if you don't intend VTP to be in use, no? Because regardless of where the VLAN database is stored, the switch won't advertise VLAN changes made to it, or accept changed from others via VTP, when it's in transparent mode?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That's correct. I always set VTP to transparent, or off if possible.
I actually experienced donjohnston's "bad day" when someone I worked with installed some switches in a facility, all left at the default "server" despite our SOPs stating that it should be set to transparent. Later they decided that certain vlans were not required in one of the wiring closets, deleted them, and POOF! they were gone in the whole building.
I actually experienced donjohnston's "bad day" when someone I worked with installed some switches in a facility, all left at the default "server" despite our SOPs stating that it should be set to transparent. Later they decided that certain vlans were not required in one of the wiring closets, deleted them, and POOF! they were gone in the whole building.
Yep. Anyone who has been around Cisco switches long enough has seen that dreaded CLE (Career Limiting Event). If it's bad enough, it becomes a CEE (Career Ending Event) or an RJE (Resume Generating Event).
:-D
:-D
It did contribute to that individual's RJE a month or so later...
Then there is the svi, which is the virtual interface which is required if you want that vlan to exist at the layer 3 level. A layer 3 interface for the vlan is not always required.