Configuring VTP, GVRP, and VLANs

Before you create VLANs, you must decide whether to use VTP in your network. With VTP, you can make configuration changes centrally on a single Catalyst series switch and have those changes automatically communicated to all the other switches in the network.

VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can result in a number of problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.

These sections describe how VTP works on the Catalyst 6000 and 6500 series switches:

Understanding VTP Domains

A VTP domain (also called a VLAN management domain) is made up of one or more interconnected switches that share the same VTP domain name. A switch can be configured to be in only one VTP domain. You make global VLAN configuration changes for the domain using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP).

By default, a Catalyst 6000 or 6500 series switch is in VTP server mode and is in the no-management domain state until the switch receives an advertisement for a domain over a trunk link or you configure a management domain. You cannot create or modify VLANs on a VTP server until the management domain name is specified or learned.

If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and configuration revision number. The switch ignores advertisements with a different management domain name or an earlier configuration revision number.

If you configure the switch as VTP transparent, you can create and modify VLANs but the changes affect only the individual switch.

When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP advertisements are transmitted out all trunk connections, including Inter-Switch Link (ISL), IEEE 802.1Q, IEEE 802.10, and ATM LAN Emulation (LANE).

VTP maps VLANs dynamically across multiple LAN types with unique names and internal index associations. Mapping eliminates excessive device administration required from network administrators.

Understanding VTP Modes

You can configure a Catalyst 6000 or 6500 series switch to operate in any one of these VTP modes:

Server---In VTP server mode, you can create, modify, and delete VLANs and specify other configuration parameters (such as VTP version and VTP pruning) for the entire VTP domain. VTP servers advertise their VLAN configuration to other switches in the same VTP domain and synchronize their VLAN configuration with other switches based on advertisements received over trunk links. VTP server is the default mode.
Client ---VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.
Transparent ---VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. However, in VTP version 2, transparent switches do forward VTP advertisements that they receive out their trunk ports.

Understanding VTP Advertisements

Each switch in the VTP domain sends periodic advertisements out each trunk port to a reserved multicast address. VTP advertisements are received by neighboring switches, which update their VTP and VLAN configurations as necessary.

The following global configuration information is distributed in VTP advertisements:

VLAN IDs (ISL and 802.1Q)
Emulated LAN names (for ATM LANE)
802.10 SAID values (FDDI)
VTP domain name
VTP configuration revision number
VLAN configuration, including maximum transmission unit (MTU) size for each VLAN
Frame format

Understanding VTP Version 2

If you use VTP in your network, you must decide whether to use VTP version 1 or version 2. Catalyst 6000 and 6500 series switches support both versions.

Note If you are using VTP in a Token Ring environment, you must use version 2.

VTP version 2 supports the following features not supported in version 1:

Token Ring support---VTP version 2 supports Token Ring LAN switching and VLANs (Token Ring Bridge Relay Function [TrBRF] and Token Ring Concentrator Relay Function [TrCRF]). For more information about Token Ring VLANs, refer to the "Understanding How VLANs Work" section.
Unrecognized Type-Length-Value (TLV) Support---A VTP server or client propagates configuration changes to its other trunks, even for TLVs it is not able to parse. The unrecognized TLV is saved in nonvolatile RAM (NVRAM).
Version-Dependent Transparent Mode---In VTP version 1, a VTP transparent switch inspects VTP messages for the domain name and version, and forwards a message only if the version and domain name match. Since only one domain is supported in the supervisor engine software, VTP version 2 forwards VTP messages in transparent mode, without checking the version.
Consistency Checks---In VTP version 2, VLAN consistency checks (such as VLAN names and values) are performed only when you enter new information through the CLI or SNMP. Consistency checks are not performed when new information is obtained from a VTP message, or when information is read from NVRAM. If the digest on a received VTP message is correct, its information is accepted without consistency checks.

Understanding VTP Pruning

VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown, and flooded unicast packets. VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled.

Make sure that all devices in the management domain support VTP pruning before enabling it. VTP pruning is supported in the Catalyst 6000 and 6500 series software releases.

Figure 8-1 shows a switched network without VTP pruning enabled. Port 1 on Switch 1 and port 2 on Switch 4 are assigned to the Red VLAN. A broadcast is sent from the host connected to Switch 1. Switch 1 floods the broadcast and every switch in the network receives it, even though Switches 3, 5, and 6 have no ports in the Red VLAN.

Figure 8-1: Flooding Traffic without VTP Pruning

Figure 8-2 shows the same switched network with VTP pruning enabled. The broadcast traffic from Switch 1 is not forwarded to Switches 3, 5, and 6 because traffic for the Red VLAN has been pruned on the links indicated (port 5 on Switch 2 and port 4 on Switch 4).

Figure 8-2: Flooding Traffic with VTP Pruning

Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP pruning takes effect several seconds after you enable it. By default, VLANs 2 through 1000 are pruning-eligible. VTP pruning does not prune traffic from VLANs that are pruning-ineligible. VLAN 1 is always pruning-ineligible; traffic from VLAN 1 cannot be pruned.

To make a VLAN pruning ineligible, enter the clear vtp pruneeligible command. To make a VLAN pruning eligible again, enter the set vtp pruneeligible command. You can set VLAN pruning-eligibility regardless of whether VTP pruning is enabled or disabled for the domain. Pruning eligibility always applies to the local device only, not for the entire VTP domain.

VTP Default Configuration

Table 8-1 shows the default VTP configuration.

Feature	Default Value
VTP domain name	Null
VTP mode	Server
VTP version 2 enable state	Version 2 is disabled
VTP password	None
VTP pruning	Disabled

Table 8-1: VTP Default Configuration

Feature Default Value

VTP domain name

Null

VTP mode

Server

VTP version 2 enable state

Version 2 is disabled

VTP password

None

VTP pruning

Disabled

VTP Configuration Guidelines

Follow these guidelines when implementing VTP in your network:

You cannot change from VTP transparent mode if GVRP dynamic creation of VLANs is enabled.
All switches in a VTP domain must run the same VTP version.
You must configure a password on each switch in the management domain when in secure mode.

Caution If you configure VTP in secure mode, the management domain will not function properly if you do not assign a management domain password to each switch in the domain.
A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTP version 1 provided VTP version 2 is disabled on the VTP version 2-capable switch (VTP version 2 is disabled by default).
Do not enable VTP version 2 on a switch unless all of the switches in the same VTP domain are version 2-capable. When you enable VTP version 2 on a switch, all of the version 2-capable switches in the domain enable VTP version 2.
In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN switching to function properly.
Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for the entire management domain.
Making VLANs pruning-eligible or pruning-ineligible on a switch affects pruning-eligibility for those VLANs on that device only (not on all switches in the VTP domain).

	Caution If you configure VTP in secure mode, the management domain will not function properly if you do not assign a management domain password to each switch in the domain.

Configuring VTP

These sections describe how to configure VTP on the Catalyst 6000 and 6500 series switches:

Enabling VTP Server Mode

When a switch is in VTP server mode, you can change the VLAN configuration and have it propagate throughout the network.

To configure the switch as a VTP server, perform this task in privileged mode:

Task Command

Step 1 Define the VTP domain name.

set vtp domain name

Step 2 Place the switch in VTP server mode.

set vtp mode server

Step 3 (Optional) Set a password for the VTP domain.

set vtp passwd passwd

Step 4 Verify the VTP configuration.

show vtp domain

Task	Command
Step 1 Define the VTP domain name.	set vtp domain name
Step 2 Place the switch in VTP server mode.	set vtp mode server
Step 3 (Optional) Set a password for the VTP domain.	set vtp passwd passwd
Step 4 Verify the VTP configuration.	show vtp domain

This example shows how to configure the switch as a VTP server and verify the configuration:

Console> (enable) set vtp domain Lab_Network
VTP domain Lab_Network modified
Console> (enable) set vtp mode server
VTP domain Lab_Network modified
Console> (enable) show vtp domain
Domain Name                      Domain Index VTP Version Local Mode  Password
-------------------------------- ------------ ----------- ----------- ----------
Lab_Network                      1            2           server      -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
10         1023             40              enabled
Last Updater    V2 Mode  Pruning  PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.70    disabled disabled 2-1000
Console> (enable)

Enabling VTP Client Mode

When a switch is in VTP client mode, you cannot change the VLAN configuration on the switch. The client switch receives VTP updates from a VTP server in the management domain and modifies its configuration accordingly.

To configure the switch as a VTP client, perform this task in privileged mode:

Task Command

Step 1 Define the VTP domain name.

set vtp domain name

Step 2 Place the switch in VTP client mode.

set vtp mode client

Step 3 Verify the VTP configuration.

show vtp domain

Task	Command
Step 1 Define the VTP domain name.	set vtp domain name
Step 2 Place the switch in VTP client mode.	set vtp mode client
Step 3 Verify the VTP configuration.	show vtp domain

This example shows how to configure the switch as a VTP client and verify the configuration:

Console> (enable) set vtp domain Lab_Network
VTP domain Lab_Network modified
Console> (enable) set vtp mode client
VTP domain Lab_Network modified
Console> (enable) show vtp domain
Domain Name                      Domain Index VTP Version Local Mode  Password
-------------------------------- ------------ ----------- ----------- ----------
Lab_Network                      1            2           client      -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
10         1023             40              enabled
Last Updater    V2 Mode  Pruning  PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.70    disabled disabled 2-1000
Console> (enable)

Enabling VTP Transparent Mode

When you configure the switch as VTP transparent, you disable VTP on the switch. A VTP transparent switch does not send VTP updates and does not act on VTP updates received from other switches. However, a VTP transparent switch running VTP version 2 does forward received VTP advertisements out all of its trunk links.

To disable VTP on the switch, perform this task in privileged mode:

Task Command

Step 1 Place the switch in VTP transparent mode (disabling VTP on the switch).

set vtp mode transparent

Step 2 Verify the VTP configuration.

show vtp domain

Task	Command
Step 1 Place the switch in VTP transparent mode (disabling VTP on the switch).	set vtp mode transparent
Step 2 Verify the VTP configuration.	show vtp domain

This example shows how to configure the switch as VTP transparent and verify the configuration:

Console> (enable) set vtp mode transparent
VTP domain Lab_Net modified
Console> (enable) show vtp domain
Domain Name                      Domain Index VTP Version Local Mode  Password
-------------------------------- ------------ ----------- ----------- ----------
Lab_Net                          1            2           Transparent -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
10         1023             0               enabled
Last Updater    V2 Mode  Pruning  PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.70    disabled disabled 2-1000
Console> (enable)

Enabling VTP Version 2

VTP version 2 is disabled by default on VTP version 2-capable switches. When you enable VTP version 2 on a switch, every VTP version 2-capable switch in the VTP domain also enables version 2.

Caution VTP version 1 and VTP version 2 are not interoperable on switches in the same VTP domain. Every switch in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every switch in the VTP domain supports version 2.

	Caution VTP version 1 and VTP version 2 are not interoperable on switches in the same VTP domain. Every switch in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every switch in the VTP domain supports version 2.

Note You must enable VTP version 2 in a Token Ring environment.

To enable VTP version 2, perform this task in privileged mode:

Task Command

Step 1 Enable VTP version 2 on the switch.

set vtp v2 enable

Step 2 Verify that VTP version 2 is enabled.

show vtp domain

Task	Command
Step 1 Enable VTP version 2 on the switch.	set vtp v2 enable
Step 2 Verify that VTP version 2 is enabled.	show vtp domain

This example shows how to enable VTP version 2 and verify the configuration (shown by the arrow):

Console> (enable) set vtp v2 enable
This command will enable the version 2 function in the entire management domain.
All devices in the management domain should be version2-capable before enabling.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Net modified
Console> (enable) show vtp domain
Domain Name                      Domain Index VTP Version Local Mode  Password
-------------------------------- ------------ ----------- ----------- ----------
Lab_Net                          1            2           server      -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
10         1023             1               enabled
Last Updater    V2 Mode  Pruning  PruneEligible on Vlans
--------------- -------- -------- -------------------------


 
  172.20.52.70    enabled  disabled 2-1000
Console> (enable)

Disabling VTP Version 2

To disable VTP version 2, perform this task in privileged mode:

Task Command

Step 1 Disable VTP version 2.

set vtp v2 disable

Step 2 Verify that VTP version 2 is disabled.

show vtp domain

Task	Command
Step 1 Disable VTP version 2.	set vtp v2 disable
Step 2 Verify that VTP version 2 is disabled.	show vtp domain

This example shows how to disable VTP version 2:

Console> (enable) set vtp v2 disable
This command will disable the version 2 function in the entire management domain.
Warning: trbrf & trcrf vlans will not work properly in this mode.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Net modified
Console> (enable)

Configuring VTP Pruning

To configure VTP pruning, perform this task in privileged mode:

Task Command

Step 1 Enable VTP pruning in the management domain.

set vtp pruning enable

Step 2 (Optional) Make specific VLANs pruning-ineligible on the device. (By default, VLANs 2-1000 are pruning-eligible.)

clear vtp pruneeligible vlan_range

Step 3 (Optional) Make specific VLANs pruning-eligible on the device.

set vtp pruneeligible vlan_range

Step 4 Verify the VTP pruning configuration.

show vtp domain

Step 5 Verify that the appropriate VLANs are being pruned on trunk ports.

show trunk

Task	Command
Step 1 Enable VTP pruning in the management domain.	set vtp pruning enable
Step 2 (Optional) Make specific VLANs pruning-ineligible on the device. (By default, VLANs 2-1000 are pruning-eligible.)	clear vtp pruneeligible vlan_range
Step 3 (Optional) Make specific VLANs pruning-eligible on the device.	set vtp pruneeligible vlan_range
Step 4 Verify the VTP pruning configuration.	show vtp domain
Step 5 Verify that the appropriate VLANs are being pruned on trunk ports.	show trunk

This example shows how to enable VTP pruning in the management domain and how to make VLANs 2-99, 250-255, and 501-1000 pruning-eligible on the particular device:

Console> (enable) set vtp pruning enable
This command will enable the pruning function in the entire management domain.
All devices in the management domain should be pruning-capable before enabling.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Network modified
Console> (enable) clear vtp pruneeligible 100-500
Vlans 1,100-500,1001-1005 will not be pruned on this device.
VTP domain Lab_Network modified.
Console> (enable) set vtp pruneeligible 250-255
Vlans 2-99,250-255,501-1000 eligible for pruning on this device.
VTP domain Lab_Network modified.
Console> (enable) show vtp domain
Domain Name                      Domain Index VTP Version Local Mode  Password
-------------------------------- ------------ ----------- ----------- ----------
Lab_Network                      1            2           server      -
 
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
8          1023             16              disabled
 
Last Updater    V2 Mode  Pruning  PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.2     disabled enabled  2-99,250-255,501-1000
Console> (enable) show trunk
Port      Mode         Encapsulation  Status        Native vlan
--------  -----------  -------------  ------------  -----------
 1/1      auto         isl            trunking      523
 
Port      Vlans allowed on trunk
--------  ---------------------------------------------------------------------
 1/1      1-1005
 
Port      Vlans allowed and active in management domain
--------  ---------------------------------------------------------------------
 1/1      1,522-524
 
Port      Vlans in spanning tree forwarding state and not pruned
--------  ---------------------------------------------------------------------
 1/1      1,522-524
Console> (enable)

Disabling VTP Pruning

To disable VTP pruning, perform this task in privileged mode:

Task Command

Step 1 Disable VTP pruning in the management domain.

set vtp pruning disable

Step 2 Verify that VTP pruning is disabled.

show vtp domain

Task	Command
Step 1 Disable VTP pruning in the management domain.	set vtp pruning disable
Step 2 Verify that VTP pruning is disabled.	show vtp domain

This example shows how to disable VTP pruning in the management domain:

Console> (enable) set vtp pruning disable
This command will disable the pruning function in the entire management domain.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Network modified
Console> (enable)

Monitoring VTP

To monitor VTP activity, including VTP advertisements sent and received and VTP errors, perform this task:

Task Command

Display VTP statistics for the switch.

show vtp statistics

Task	Command
Display VTP statistics for the switch.	show vtp statistics

This example shows how to display VTP statistics on the switch:

Console> (enable) show vtp statistics
VTP statistics:
summary advts received          4690
subset  advts received          7
request advts received          0
summary advts transmitted       4397
subset  advts transmitted       8
request advts transmitted       0
No of config revision errors    0
No of config digest errors      0
VTP pruning statistics:
Trunk     Join Trasmitted  Join Received  Summary advts received from
                                          non-pruning-capable device
--------  ---------------  -------------  ---------------------------
 1/1      0                0              0
 1/2      0                0              0
Console> (enable)

Using GVRP

These sections describe how to use GVRP on Catalyst 6000 and 6500 series switches:

Understanding How GVRP Works

GVRP provides 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports. With GVRP, the switch can exchange VLAN configuration information with other GVRP switches, prune unnecessary broadcast and unknown unicast traffic, and dynamically create and manage VLANs on switches connected through 802.1Q trunk ports.

GVRP Software Requirements

GVRP requires supervisor engine software release 5.2 or later.

Default GVRP Configuration

Table 8-2 shows the default GVRP configuration.

Table 8-2: GVRP Default Configuration
Feature Default Value

GVRP global enable state

Disabled

GVRP per-trunk enable state

Disabled on all ports

GVRP dynamic creation of VLANs

Disabled

GVRP registration mode

normal, with VLAN 1 set to fixed, for all ports

GVRP applicant state

normal (ports do not declare VLANs when in the STP¹ blocking state)

GARP timers

Join time: 200 ms

Leave time: 600 ms

Leaveall time: 10,000 ms

¹STP = Spanning-Tree Protocol

**Table 8-2: GVRP Default Configuration**
Feature	Default Value
GVRP global enable state	Disabled
GVRP per-trunk enable state	Disabled on all ports
GVRP dynamic creation of VLANs	Disabled
GVRP registration mode	normal, with VLAN 1 set to fixed, for all ports
GVRP applicant state	normal (ports do not declare VLANs when in the STP¹ blocking state)
GARP timers	Join time: 200 ms Leave time: 600 ms Leaveall time: 10,000 ms

GVRP Configuration Guidelines

Follow these guidelines when configuring GVRP:

You must enable GVRP on both ends of an 802.1Q trunk link.
The GVRP registration mode for VLAN 1 is always fixed and is not configurable. VLAN 1 is always carried by 802.1Q trunks on which GVRP is enabled.
When VTP pruning is enabled, it runs on all GVRP-disabled 802.1Q trunk ports.

Configuring GVRP

These sections describe how to configure GVRP:

Enabling GVRP Globally

You must enable GVRP globally before any GVRP processing occurs on the switch. Enabling GVRP globally enables GVRP to perform VLAN pruning on IEEE 802.1Q trunk links. Pruning occurs only on GVRP-enabled trunks. For information on setting the per-trunk port GVRP enable state, see the "Enabling GVRP on Individual 802.1Q Trunk Ports" section.

To enable dynamic VLAN creation, you must explicitly enable dynamic VLAN creation globally on the switch as well. For information on enabling dynamic VLAN creation, see the "Enabling GVRP Dynamic VLAN Creation" section.

To enable GVRP globally on the switch, perform this task in privileged mode:

Task Command

Step 1 Enable GVRP on the switch.

set gvrp enable

Step 2 Verify the configuration.

show gvrp configuration

Task	Command
Step 1 Enable GVRP on the switch.	set gvrp enable
Step 2 Verify the configuration.	show gvrp configuration

This example shows how to enable GVRP and verify the configuration:

Console> (enable) set gvrp enable
GVRP enabled
Console> (enable) show gvrp configuration
Global GVRP Configuration:
GVRP Feature is currently enabled on the switch.
GVRP dynamic VLAN creation is disabled.
GVRP Timers(milliseconds)
Join = 200
Leave = 600
LeaveAll = 10000
 
Port based GVRP Configuration:
GVRP-Status Registration Port(s)
----------- ------------ --------------------------------------
Enabled     Normal       2/1-2,3/1-8,7/1-24,8/1-24
 
GVRP Participants running on 3/7-8.
Console>

Enabling GVRP on Individual 802.1Q Trunk Ports

Note You can change the per-trunk GVRP configuration regardless of whether GVRP is enabled globally. However, GVRP will not function on any ports until you enable it globally. For information on configuring GVRP globally on the switch, see the "Enabling GVRP Globally" section.

There are two per-port GVRP states:

The static GVRP state configured in the CLI and stored in NVRAM
The actual GVRP state of the ports (active GVRP participants)

You can configure the static GVRP port-state on any 802.1Q-capable switch ports, regardless of the global GVRP enable state or whether the port is an 802.1Q trunk. However, in order for the port to become an active GVRP participant, you must enable GVRP globally and the port must be an 802.1Q trunk port (either through CLI configuration or DTP negotiation).

To enable GVRP on individual 802.1Q-capable ports, perform this task in privileged mode:

Task Command

Enable GVRP on an individual 802.1Q-capable port.

set port gvrp mod_num/port_num enable

Task	Command
Enable GVRP on an individual 802.1Q-capable port.	set port gvrp mod_num/port_num enable

This example shows how to enable GVRP on 802.1Q-capable port 1/1:

Console> (enable) set port 1/1 gvrp enable
GVRP enabled on 1/1.
Console> (enable)

Disabling GVRP on Individual 802.1Q Trunk Ports

To disable GVRP on individual 802.1Q trunk ports, perform this task in privileged mode:

Task Command

Disable GVRP on an individual 802.1Q trunk port.

set port gvrp mod_num/port_num disable

Task	Command
Disable GVRP on an individual 802.1Q trunk port.	set port gvrp mod_num/port_num disable

This example shows how to disable GVRP on 802.1Q trunk port 1/1:

Console> (enable) set port gvrp 1/1 disable
GVRP disabled on 1/1.
Console> (enable)

Enabling GVRP Dynamic VLAN Creation

You can enable GVRP dynamic VLAN creation only if these conditions are met:

The switch is in VTP transparent mode
All trunk ports on the switch are 802.1Q trunks
GVRP is enabled on all trunk ports

If you enable GVRP dynamic VLAN creation, these configuration restrictions are imposed:

You cannot change the switch to VTP server or client mode
You cannot disable GVRP on a trunk port running GVRP

If any port on the switch becomes an ISL trunk (either by CLI configuration or negotiated using Dynamic Trunk Protocol [DTP]) while dynamic VLAN creation is enabled, dynamic VLAN creation is automatically disabled until the conditions for enabling dynamic VLAN creation are restored.

Note VLANs can only be created dynamically on 802.1Q trunks in the normal registration mode.

Note Dynamic VLAN creation supports all VLAN types.

To enable GVRP dynamic VLAN creation on the switch, perform this task in privileged mode:

Task Command

Enable dynamic VLAN creation on the switch.

set gvrp dynamic-vlan-creation enable

Task	Command
Enable dynamic VLAN creation on the switch.	set gvrp dynamic-vlan-creation enable

This example shows how to enable dynamic VLAN creation on the switch:

Console> (enable) set gvrp dynamic-vlan-creation enable
Dynamic VLAN creation enabled.
Console> (enable)

Configuring GVRP Registration

These sections describe how to configure GVRP registration modes on switch ports:

Setting GVRP Normal Registration

Configuring an IEEE 802.1Q trunk port in normal registration mode allows dynamic creation (if dynamic VLAN creation is enabled), registration, and deregistration of VLANs on the trunk port. Normal mode is the default.

To configure GVRP normal registration on an 802.1Q trunk port, perform this task in privileged mode:

Task Command

Configure normal registration on an 802.1Q trunk port.

set gvrp registration normal mod_num/port_num

Task	Command
Configure normal registration on an 802.1Q trunk port.	set gvrp registration normal mod_num/port_num

This example shows how to configure normal registration on an 802.1Q trunk port:

Console> (enable) set gvrp registration normal 1/1
Registrar Administrative Control set to normal on port 1/1.
Console> (enable)

Setting GVRP Fixed Registration

Configuring an IEEE 802.1Q trunk port in fixed registration mode allows manual creation and registration of VLANs, prevents VLAN deregistration, and registers all known VLANs on other ports on the trunk port.

To configure GVRP fixed registration on an 802.1Q trunk port, perform this task in privileged mode:

Task Command

Configure fixed registration on an 802.1Q trunk port.

set gvrp registration fixed mod_num/port_num

Task	Command
Configure fixed registration on an 802.1Q trunk port.	set gvrp registration fixed mod_num/port_num

This example shows how to configure fixed registration on an 802.1Q trunk port:

Console> (enable) set gvrp registration fixed 1/1
Registrar Administrative Control set to fixed on port 1/1.
Console> (enable)

Setting GVRP Forbidden Registration

Configuring an IEEE 802.1Q trunk port in forbidden registration mode deregisters all VLANs (except VLAN 1) and prevents any further VLAN creation or registration on the trunk port.

To configure GVRP forbidden registration on an 802.1Q trunk port, perform this task in privileged mode:

Task Command

Configure forbidden registration on an 802.1Q trunk port.

set gvrp registration forbidden mod_num/port_num

Task	Command
Configure forbidden registration on an 802.1Q trunk port.	set gvrp registration forbidden mod_num/port_num

This example shows how to configure forbidden registration on an 802.1Q trunk port:

Console> (enable) set gvrp registration forbidden 1/1
Registrar Administrative Control set to forbidden on port 1/1.
Console> (enable)

Sending GVRP VLAN Declarations from Blocking Ports

To prevent undesirable Spanning-Tree Protocol (STP) topology reconfiguration on a port connected to a device that does not support per-VLAN STP, configure the GVRP active applicant state on the port. Ports in the GVRP active applicant state send GVRP VLAN declarations when they are in the STP blocking state, which prevents the STP bridge protocol data units (BPDUs) from being pruned from the other port.

Note Configuring fixed registration on the other device's port would also prevent undesirable STP topology reconfiguration.

To configure an 802.1Q trunk port to send VLAN declarations when in the blocking state, perform this task in privileged mode:

Task Command

Configure an 802.1Q trunk port to send VLAN declarations when in the blocking state.

set gvrp applicant state {normal | active} mod_num/port_num

Task	Command
Configure an 802.1Q trunk port to send VLAN declarations when in the blocking state.	set gvrp applicant state {normal \| active} mod_num/port_num

This example shows how to configure a group of 802.1Q trunk ports to send VLAN declarations when in the blocking state:

Console> (enable) set gvrp applicant active 4/2-3,4/9-10,4/12-24
Applicant was set to active on port(s) 4/2-3,4/9-10,4/12-24.
Console> (enable)

Use the normal keyword to return to the default state (active mode disabled).

Setting the GARP Timers

Note The commands set gvrp timer and show gvrp timer are aliases for set garp timer and show garp timer. The aliases may be used if desired.

Note Modifying the GARP timer values affects the behavior of all GARP applications running on the switch, not just GVRP. (For example, GMRP uses the same timers.)

You can modify the default GARP timer values on the switch.

When setting the timer values, the value for leave must be greater than three times the join value (leave

join * 3). The value for leaveall must be greater than the value for leave (leaveall > leave).

If you attempt to set a timer value that does not adhere to these rules, an error is returned. For example, if you set the leave timer to 600 ms and you attempt to configure the join timer to 350 ms, an error is returned. Set the leave timer to at least 1050 ms and then set the join timer to 350 ms.

Caution
Set the same GARP timer values on all Layer 2-connected devices. If the GARP timers are set differently on Layer 2-connected devices, GARP applications (for example, GMRP and GVRP) do not operate successfully.

To adjust the GARP timer values, perform this task in privileged mode:

Task Command

Step 1 Set the GARP timer values.

set garp timer {join | leave | leaveall} timer_value

Step 2 Verify the configuration.

show garp timer

Task	Command
Step 1 Set the GARP timer values.	set garp timer {join \| leave \| leaveall} timer_value
Step 2 Verify the configuration.	show garp timer

This example shows how to set GARP timers and verify the configuration:

Console> (enable) set garp timer leaveall 10000
GMRP/GARP leaveAll timer value is set to 10000 milliseconds.
Console> (enable) set garp timer leave 600
GMRP/GARP leave timer value is set to 600 milliseconds.
Console> (enable) set garp timer join 200
GMRP/GARP join timer value is set to 200 milliseconds.
Console> (enable) show garp timer
Timer     Timer Value (milliseconds)
--------  --------------------------
Join      200 
Leave     600 
LeaveAll  10000 
Console> (enable)

Displaying GVRP Statistics

To display GVRP statistics on the switch, perform this task:

Task Command

Display GVRP statistics.

show gvrp statistics [mod_num/port_num]

Task	Command
Display GVRP statistics.	show gvrp statistics [mod_num/port_num]

This example shows how to display GVRP statistics for port 1/1:

Console> (enable) show gvrp statistics 1/1
Join Empty Received:     0
Join In Received:        0
Empty Received:          0
LeaveIn Received:        0
Leave Empty Received:    0
Leave All Received:      40
Join Empty Transmitted:  156
Join In Transmitted:     0
Empty Transmitted:       0
Leave In Transmitted:    0
Leave Empty Transmitted: 0
Leave All Transmitted:   41
VTP Message Received:    0
Console> (enable)

Clearing GVRP Statistics

To clear all GVRP statistics on the switch, perform this task in privileged mode:

Task Command

Clear GVRP statistics.

clear gvrp statistics {mod_num/port_num | all}

Task	Command
Clear GVRP statistics.	clear gvrp statistics {mod_num/port_num \| all}

This example shows how to clear all GVRP statistics on the switch:

Console> (enable) clear gvrp statistics all
GVRP Statistics cleared for all ports.
Console> (enable)

Disabling GVRP Globally

To disable GVRP globally on the switch, perform this task in privileged mode:

Task Command

Disable GVRP on the switch.

set gvrp disable

Task	Command
Disable GVRP on the switch.	set gvrp disable

This example shows how to disable GVRP globally on the switch:

Console> (enable) set gvrp disable
GVRP disabled
Console> (enable)

Using VLANs

These sections describe how to use VLANs on the Catalyst 6000 and 6500 series switches:

Understanding How VLANs Work

A VLAN is a group of end stations with a common set of requirements, independent of physical location. VLANs have the same attributes as a physical LAN but allow you to group end stations even if they are not located physically on the same LAN segment.

The following sections describe how VLANs work on the Catalyst 6000 and 6500 series switches:

Understanding VLANs in a VTP Domain

VLANs allow you to group ports to limit unicast, multicast, and broadcast traffic flooding. Flooded traffic originating from a particular VLAN is only flooded out other ports belonging to that VLAN.

Note Before you create VLANs, you must decide whether to use VTP to maintain global VLAN configuration information for your network. For complete information on VTP, refer to the "Using VTP" section.

Figure 8-3 shows an example of VLANs segmented into logically defined networks.

Figure 8-3: VLANs as Logically Defined Networks

VLANs are often associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. Traffic between VLANs must be routed. Port VLAN membership on the switch is assigned manually on a port-by-port basis. When you assign switch ports to VLANs using this method, it is known as port-based, or static, VLAN membership.

The in-band (sc0) interface of a Catalyst 6000 or 6500 series switch can be assigned to any VLAN, so you can access another switch on the same VLAN directly without a router. Only one IP address at a time can be assigned to the in-band interface. If you change the IP address and assign the interface to a different VLAN, the previous IP address and VLAN assignment are overwritten.

You can set these parameters when you create a VLAN in the management domain:

VLAN number
VLAN name
VLAN type (Ethernet, Fiber Distributed Data Interface [FDDI], FDDI network entity title [NET], TrBRF, or TrCRF)
VLAN state (active or suspended)
Maximum transmission unit (MTU) for the VLAN
Security Association Identifier (SAID)
Bridge identification number for TrBRF VLANs
Ring number for FDDI and TrCRF VLANs
Parent VLAN number for TrCRF VLANs
Spanning-Tree Protocol (STP) type for TrCRF VLANs
VLAN number to use when translating from one VLAN type to another

Note When translating from one VLAN type to another, the Catalyst 6000 and 6500 series switch requires a different VLAN number for each media type.

Understanding Token Ring VLANs

Note Catalyst 6000 and 6500 series switches do not support ISL-encapsulated Token Ring frames. To support trunked Token Ring traffic in your network, make trunk connections directly between switches that support ISL-encapsulated Token Ring frames. When a Catalyst 6000 or 6500 series switch is configured as a VTP server, you can configure Token Ring VLANs from the switch.

VTP version 2 supports two Token Ring VLAN types:

Token Ring TrBRF VLANs

Token Ring Bridge Relay Function (TrBRF) VLANs interconnect multiple Token Ring Concentrator Relay Function (TrCRF) VLANs in a switched Token Ring network (see Figure 8-4). The TrBRF can be extended across a network of switches interconnected through trunk links. The connection between the TrCRF and the TrBRF is referred to as a logical port.

Figure 8-4: Interconnected Token Ring TrBRF and TrCRF VLANs

For source routing, the switch appears as a single bridge between the logical rings. The TrBRF can function as a source-route bridge (SRB) or source-route transparent (SRT) bridge running either the IBM or IEEE STP. If SRB is used, you can define duplicate Media Access Control (MAC) addresses on different logical rings.

The Token Ring software runs an instance of STP for each TrBRF VLAN and each TrCRF VLAN. For TrCRF VLANs, STP removes loops in the logical ring. For TrBRF VLANs, STP interacts with external bridges to remove loops from the bridge topology, similar to STP operation on Ethernet VLANs.

Caution Certain parent TrBRF STP and TrCRF bridge mode configurations can place the logical ports (the connection between the TrBRF and the TrCRF) of the TrBRF in a blocked state. For more information, refer to the "VLAN Configuration Guidelines" section.

For source routing, the switch appears as a single bridge between the logical rings. The TrBRF can function as an SRB or SRT bridge running either the IBM or IEEE STP. If SRB is used, duplicate MAC addresses can be defined on different logical rings.

To accommodate IBM System Network Architecture (SNA) traffic, you can use a combination of SRT and SRB modes. In a mixed mode, the TrBRF considers some ports (logical ports connected to TrCRFs) to operate in SRB mode while others operate in SRT mode.

Token Ring TrCRF VLANs

Token Ring Concentrator Relay Function (TrCRF) VLANs define port groups with the same logical ring number. You can configure two types of TrCRFs in your network: undistributed and backup.

Typically, TrCRFs are undistributed, which means each TrCRF is limited to the ports on a single switch. Multiple undistributed TrCRFs on the same or separate switches can be associated with a single parent TrBRF (see Figure 8-5). The parent TrBRF acts as a multiport bridge, forwarding traffic between the undistributed TrCRFs.

Note To pass data between rings located on separate switches, you can associate the rings to the same TrBRF and configure the TrBRF for SRB.

Figure 8-5: Undistributed TrCRFs

Note By default, Token Ring ports are associated with the default TrCRF (VLAN 1003, trcrf-default), which has the default TrBRF (VLAN 1005, trbrf-default) as its parent. In this configuration, a distributed TrCRF is possible (see Figure 8-6), and traffic is passed between the default TrCRFs located on separate switches provided that the switches are connected through an ISL trunk.

Figure 8-6: Distributed TrCRF

Within a TrCRF, source-route switching forwards frames based on either MAC addresses or route descriptors. The entire VLAN can operate as a single ring, with frames switched between ports within a single TrCRF.

You can specify the maximum hop count for All-Routes and Spanning-Tree Explorer frames for each TrCRF. This limits the maximum number of hops an explorer is allowed to traverse. If a port determines that the explorer frame it is receiving has traversed more than the number of hops specified, it does not forward the frame. The TrCRF determines the number of hops an explorer has traversed based on the number of bridge hops in the route information field.

A backup TrCRF enables you to configure an alternate route for traffic between undistributed TrCRFs located on separate switches that are connected by a TrBRF, in the event that the ISL connection between the switches fails. Only one backup TrCRF for a TrBRF is allowed, and only one port per switch can belong to a backup TrCRF.

If the ISL connection between the switches fails, the port in the backup TrCRF on each affected switch automatically becomes active, rerouting traffic between the undistributed TrCRFs through the backup TrCRF. When the ISL connection is reestablished, all but one port in the backup TrCRF is disabled. Figure 8-7 illustrates the backup TrCRF.

Figure 8-7: Backup TrCRF

VLAN Default Configuration

Table 8-3 shows the default VLAN configuration.

Table 8-3: VLAN Default Configuration

Feature Default Value

Native (default) VLAN

VLAN 1

Port VLAN assignments

All ports assigned to VLAN 1

Token Ring ports assigned to VLAN 1003 (trcrf-default)

VLAN state

Enabled

MTU size

1500 bytes

4472 bytes for Token Ring VLANs

SAID value

100,000 plus the VLAN number (for example, the SAID for VLAN 3 is 100003)

Pruning eligibility

VLAN 2-1000 are pruning-eligible

Default FDDI VLAN

VLAN 1002

Default FDDI NET VLAN

VLAN 1004

Default Token Ring TrBRF VLAN

VLAN 1005 (trbrf-default) with bridge number 0F

Default Token Ring TrCRF VLAN

VLAN 1003 (trcrf-default)

TrBRF STP

IBM

TrCRF bridge mode

SRB

VLAN Configuration Guidelines

Follow these guidelines when creating and modifying VLANs in your network:

A maximum of 250 VLANs can be active at any time.
Before you can create a VLAN, the switch must be in VTP server mode or VTP transparent mode. If the switch is a VTP server, you must define a VTP domain. For information on configuring VTP, refer to the "Configuring VTP" section.
The default TrBRF (VLAN 1005) can only be the parent of the default TrCRF (VLAN 1003). You cannot specify the default TrBRF as the parent of a user-configured TrCRF.
You must configure a TrBRF before you configure the TrCRF (the parent TrBRF VLAN you specify must exist).
In a Token Ring environment, the logical ports (the connection between the TrBRF and the TrCRF) of the TrBRF are placed in a blocked state if either of these conditions exists:
- The TrBRF is running the IBM STP, and the TrCRF is in SRT mode.
- The TrBRF is running the IEEE STP, and the TrCRF is in SRB mode.

Configuring VLANs

Note VLANs support a number of parameters that are not discussed in detail in this section. For complete information on the set vlan command and its parameters, refer to the Catalyst 6000 and 6500 Series Command Reference publication.

These sections describe how to configure VLANs on the Catalyst 6000 and 6500 series switches:

Creating or Modifying an Ethernet VLAN

To create a new Ethernet VLAN, perform this task in privileged mode:

Task Command

Step 1 Create a new Ethernet VLAN.

set vlan vlan_num [name name] [said said] [mtu mtu] [translation vlan_num]

Step 2 Verify the VLAN configuration.

show vlan [vlan_num]

Note The default VLAN type is Ethernet; if you do not specify the VLAN type, the VLAN is an Ethernet VLAN.

If adding a new VLAN, the VLAN number must be within the range 2 to 1001. When modifying a VLAN, the valid range for the VLAN number is 2 to 1005.

This example shows how to create an Ethernet VLAN and verify the configuration:

Console> (enable) set vlan 500 name Engineering
Vlan 500 configuration successful
Console> (enable) show vlan 500
VLAN Name                             Status    IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
500  Engineering                      active    344
VLAN Type  SAID       MTU   Parent RingNo BrdgNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
500  enet  100500     1500  -      -      -      -    -        0      0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
Console> (enable)

To modify the VLAN parameters on an existing Ethernet VLAN, perform this task in privileged mode:

Task Command

Step 1 Modify an existing Ethernet VLAN.

set vlan vlan_num [name name] [state {active | suspend}] [said said] [mtu mtu] [translation vlan_num]

Step 2 Verify the VLAN configuration.

show vlan [vlan_num]

Creating or Modifying an FDDI VLAN

To create a new FDDI VLAN, perform this task in privileged mode:

Task Command

Step 1 Create a new FDDI or FDDI NET VLAN.

set vlan vlan_num [name name] type {fddi | fddinet} [said said] [mtu mtu]

Step 2 Verify the VLAN configuration.

show vlan [vlan_num]

To modify the VLAN parameters on an existing FDDI VLAN, perform this task in privileged mode:

Task Command

Step 1 Modify an existing FDDI or FDDI NET VLAN.

set vlan vlan_num [name name] [state {active | suspend}] [said said] [mtu mtu]

Step 2 Verify the VLAN configuration.

show vlan [vlan_num]

Creating or Modifying a Token Ring TrBRF VLAN

Note You must enable VTP version 2 before you create Token Ring VLANs. For information on enabling VTP version 2, refer to the "Configuring VTP" section.

To create a new Token Ring TrBRF VLAN, perform this task in privileged mode:

Task Command

Step 1 Create a new Token Ring TrBRF VLAN.

set vlan vlan_num [name name] type trbrf [said said] [mtu mtu] bridge bridge_number [stp {ieee | ibm}]

Step 2 Verify the VLAN configuration.

show vlan [vlan_num]

Note You must specify a bridge number when creating a new TrBRF.

This example shows how to create a new Token Ring TrBRF VLAN and verify the configuration:

Console> (enable) set vlan 999 name TrBRF_999 type trbrf bridge a
Vlan 999 configuration successful
Console> (enable) show vlan 999
VLAN Name                             Status    IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
999  TrBRF_999                        active    
VLAN Type  SAID       MTU   Parent RingNo BrdgNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
999  trbrf 100999     4472  -      -      0xa    ibm  -        0      0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
Console> (enable)

To modify the VLAN parameters on an existing Token Ring TrBRF VLAN, perform this task in privileged mode:

Task Command

Step 1 Modify an existing Token Ring TrBRF VLAN.

set vlan vlan_num [name name] [state {active | suspend}] [said said] [mtu mtu] [bridge bridge_number] [stp {ieee | ibm}]

Step 2 Verify the VLAN configuration.

show vlan [vlan_num]

Creating or Modifying a Token Ring TrCRF VLAN

Note You must enable VTP version 2 before you create Token Ring VLANs. For information on enabling VTP version 2, refer to the "Configuring VTP" section.

To create a new Token Ring TrCRF VLAN, perform this task in privileged mode:

Task Command

Step 1 Create a new¹ Token Ring TrCRF VLAN.

set vlan vlan_num [name name] type trcrf [said said] [mtu mtu] {ring hex_ring_number | decring decimal_ring_number} parent vlan_num

Step 2 Verify the VLAN configuration.

show vlan [vlan_num]

¹You must specify a ring number (either in hexadecimal or in decimal) and a parent TrBRF VLAN when creating a new TrCRF.

This example shows how to create a Token Ring TrCRF VLAN and verify the configuration:

Console> (enable) set vlan 998 name TrCRF_998 type trcrf decring 10 parent 999
Vlan 998 configuration successful
Console> (enable) show vlan 998
VLAN Name                             Status    IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
998  TrCRF_998                        active    352     
VLAN Type  SAID       MTU   Parent RingNo BrdgNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
998  trcrf 100998     4472  999    0xa    -      -    srb      0      0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
998  7       7       off
Console> (enable)

To modify the VLAN parameters on an existing Token Ring TrCRF VLAN, perform this task in privileged mode:

Task Command

Step 1 Modify an existing Token Ring TrCRF VLAN.

set vlan vlan_num [name name] [state {active | suspend}] [said said] [mtu mtu] [ring hex_ring_num] [decring decimal_ring_num] [bridge bridge_num] [parent vlan_num]

Step 2 Verify the VLAN configuration.

show vlan [vlan_num]

To create a backup TrCRF, assign one port on each switch that the TrBRF traverses to the backup TrCRF.

To configure a TrCRF VLAN as a backup TrCRF, perform this task in privileged mode:

Task Command

Step 1 Configure a TrCRF VLAN as a backup TrCRF.

set vlan vlan_num backupcrf on

Step 2 Verify the VLAN configuration.

show vlan [vlan_num]

Caution If the backup TrCRF port is attached to a Token Ring multistation access unit (MSAU), it does not provide a backup path unless the ring speed and port mode are set by another device. We recommend that you configure the ring speed and port mode for the backup TrCRF.

To specify the maximum number of hops for All-Routes Explorer frames or Spanning-Tree Explorer frames in the TrCRF, perform this task in privileged mode:

Task Command

Step 1 Specify the maximum number of hops for All-Routes Explorer frames in the TrCRF.

set vlan vlan_num aremaxhop hopcount

Step 2 Specify the maximum number of hops for Spanning-Tree Explorer frames in the TrCRF.

set vlan vlan_num stemaxhop hopcount

Step 3 Verify the VLAN configuration.

show vlan [vlan_num]

This example shows how to limit All-Routes Explorer frames and Spanning-Tree Explorer frames to ten hops, and how to verify the configuration (shown by the arrow):

Console> (enable) set vlan 998 aremaxhop 10 stemaxhop 10
Vlan 998 configuration successful
Console> (enable) show vlan 998
VLAN Name                             Status    IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
998  VLAN0998                         active    357
 
VLAN Type  SAID       MTU   Parent RingNo BrdgNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
998  trcrf 100998     4472  999    0xff   -      -    srb      0      0
 
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------


 
  998  10      10      off
Console> (enable)

Assigning Switch Ports to a VLAN

A VLAN created in a management domain remains unused until you assign one or more switch ports to the VLAN. If you specify a VLAN that does not exist, the VLAN is created and the specified ports are assigned to it.

Note Make sure you assign Ethernet ports to Ethernet-type VLANs.

To assign one or more switch ports to a VLAN, perform this task in privileged mode:

Task Command

Step 1 Assign one or more switch ports to a VLAN.

set vlan vlan_num mod_num/port_num

Step 2 Verify the port VLAN membership.

show vlan [vlan_num]
show port [mod_num[/port_num]]

This example shows how to assign switch ports to a VLAN and verify the assignment:

Console> (enable) set vlan 560 4/10
VLAN 560 modified.
VLAN 1 modified.
VLAN  Mod/Ports
---- -----------------------
560   4/10
      
Console> (enable) show vlan 560
VLAN Name                             Status    IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
560  Engineering                      active    348     4/10
VLAN Type  SAID       MTU   Parent RingNo BrdgNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
560  enet  100560     1500  -      -      -      -    -        0      0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
Console> (enable) show port 4/10
Port  Name               Status     Vlan       Level  Duplex Speed Type
----- ------------------ ---------- ---------- ------ ------ ----- ------------
 4/10                    notconnect 560        normal   half    10 10BaseT
 
<...output truncated...>
 
Last-Time-Cleared
--------------------------
Wed Jun 24 1998, 12:16:41
Console> (enable)

Mapping 802.1Q VLAN IDs to ISL VLAN IDs

IEEE 802.1Q VLAN trunks support VLANs 1 through 4095. ISL VLAN trunks support VLANs 1 through 1024 (1005 to 1024 are reserved). The switch automatically maps 802.1Q VLANs 1000 and lower to ISL VLANs with the same number.

Use this feature to map 802.1Q VLANs above 1000 to ISL VLANs.

Note You can map up to eight VLANs. Only one 802.1Q VLAN can be mapped to an ISL VLAN. For example, if 802.1Q VLAN 800 has been automatically mapped to ISL VLAN 800, do not manually map any other 802.1Q VLANs to ISL VLAN 800.

To map an 802.1Q VLAN to an ISL VLAN, perform this task in privileged mode:

Task Command

Map an 802.1Q VLAN to an ISL VLAN.

set vlan mapping dot1q 1q_vlan_num isl isl_vlan_num

This example shows how to map 802.1Q VLAN 4000 to ISL VLAN 900:

Console> (enable) set vlan mapping dot1q 4000 isl 900
Vlan mapping successful
Console> (enable)

Deleting a VLAN

When you delete a VLAN in VTP server mode, the VLAN is removed from all switches in the VTP domain. When you delete a VLAN in VTP transparent mode, the VLAN is deleted only on the current switch.

Caution When you delete a VLAN, any ports assigned to that VLAN become inactive. Such ports remain associated with the VLAN (and thus, inactive) until you assign them to a new VLAN.

To delete a VLAN on the switch, perform this task in privileged mode:

Task Command

Delete a VLAN.

clear vlan vlan_num

Note You cannot delete a Token Ring TrBRF VLAN without first reassigning its child TrCRFs to another parent TrBRF, or deleting the child TrCRFs.

This example shows how to delete a VLAN (in this case, the switch is a VTP server):

Console> (enable) clear vlan 500
This command will deactivate all ports on vlan 500
in the entire management domain
Do you want to continue (y/n) [n]?y
Vlan 500 deleted
Console> (enable)

Feature	Default Value
Native (default) VLAN	VLAN 1
Port VLAN assignments	All ports assigned to VLAN 1 Token Ring ports assigned to VLAN 1003 (trcrf-default)
VLAN state	Enabled
MTU size	1500 bytes 4472 bytes for Token Ring VLANs
SAID value	100,000 plus the VLAN number (for example, the SAID for VLAN 3 is 100003)
Pruning eligibility	VLAN 2-1000 are pruning-eligible
Default FDDI VLAN	VLAN 1002
Default FDDI NET VLAN	VLAN 1004
Default Token Ring TrBRF VLAN	VLAN 1005 (trbrf-default) with bridge number 0F
Default Token Ring TrCRF VLAN	VLAN 1003 (trcrf-default)
TrBRF STP	IBM
TrCRF bridge mode	SRB

Task	Command
Step 1 Create a new Ethernet VLAN.	set vlan vlan_num [name name] [said said] [mtu mtu] [translation vlan_num]
Step 2 Verify the VLAN configuration.	show vlan [vlan_num]

Task	Command
Step 1 Modify an existing Ethernet VLAN.	set vlan vlan_num [name name] [state {active \| suspend}] [said said] [mtu mtu] [translation vlan_num]
Step 2 Verify the VLAN configuration.	show vlan [vlan_num]

Task	Command
Step 1 Create a new FDDI or FDDI NET VLAN.	set vlan vlan_num [name name] type {fddi \| fddinet} [said said] [mtu mtu]
Step 2 Verify the VLAN configuration.	show vlan [vlan_num]

Task	Command
Step 1 Modify an existing FDDI or FDDI NET VLAN.	set vlan vlan_num [name name] [state {active \| suspend}] [said said] [mtu mtu]
Step 2 Verify the VLAN configuration.	show vlan [vlan_num]

Task	Command
Step 1 Create a new Token Ring TrBRF VLAN.	set vlan vlan_num [name name] type trbrf [said said] [mtu mtu] bridge bridge_number [stp {ieee \| ibm}]
Step 2 Verify the VLAN configuration.	show vlan [vlan_num]

Task	Command
Step 1 Modify an existing Token Ring TrBRF VLAN.	set vlan vlan_num [name name] [state {active \| suspend}] [said said] [mtu mtu] [bridge bridge_number] [stp {ieee \| ibm}]
Step 2 Verify the VLAN configuration.	show vlan [vlan_num]

Task	Command
Step 1 Create a new¹ Token Ring TrCRF VLAN.	set vlan vlan_num [name name] type trcrf [said said] [mtu mtu] {ring hex_ring_number \| decring decimal_ring_number} parent vlan_num
Step 2 Verify the VLAN configuration.	show vlan [vlan_num]

Task	Command
Step 1 Configure a TrCRF VLAN as a backup TrCRF.	set vlan vlan_num backupcrf on
Step 2 Verify the VLAN configuration.	show vlan [vlan_num]

Task	Command
Step 1 Specify the maximum number of hops for All-Routes Explorer frames in the TrCRF.	set vlan vlan_num aremaxhop hopcount
Step 2 Specify the maximum number of hops for Spanning-Tree Explorer frames in the TrCRF.	set vlan vlan_num stemaxhop hopcount
Step 3 Verify the VLAN configuration.	show vlan [vlan_num]

Task	Command
Step 1 Assign one or more switch ports to a VLAN.	set vlan vlan_num mod_num/port_num
Step 2 Verify the port VLAN membership.	show vlan [vlan_num] show port [mod_num[/port_num]]

Table of Contents

Configuring VTP, GVRP, and VLANs