Ethernet Switches & Routers

Reply
New Contributor
Posts: 3
Registered: ‎11-19-2014

Prevent VLAN Deletion

So I have not been able to find an answer to this question anywhere so far.

 

If you generate a VLAN on a Layer 2 switch, add in ports and then remove them from the VLAN, the VLAN ceases to exist. Is there a way to prevent the switch from automatically removing the VLAN from the configuration? We use dynamic VLANs with MPA. If we have a local, non-routable, VLAN that exists only on a single switch in the infrastructure (therefore no permanent tagged ports), there are chances that the VLAN could cease to exist. This would happen by either MPA dynamically changing the ports to other VLANs whether it be a functional one or the authentication failure VLAN. We've run into this issue recently.

 

There are two workarounds we've come up with:

  1. Untag all the ports on the switch in that VLAN and hope they all don't get dynamically changed. This works, but this is not a confident solution.
  2. Tag the uplink port on the switch so that one port remains in the VLAN. This would not be tagged on the other end to prevent any traversal. However, this is not a desirable approach since it sort of defeats the local L2 only VLAN function.

So basic question: Can I tell my switch to not delete the VLAN is there are no ports assigned to it?

Brocadian
Posts: 44
Registered: ‎01-05-2012

Re: Prevent VLAN Deletion

No sure if vlan exists without port vs no vlan makes any difference.

 

But the system do not delete the vlan because there is no port assigned.

See below.

 

switch#

switch#conf t

switch(config)#vlan 1919

switch(config-vlan-1919)#end

switch#sh vlan b

 

System-max vlan Params: Max(4095) Default(64) Current(4095)

Default vlan Id :999

Total Number of Vlan Configured :16

VLANs Configured :2 100 200 220 276 300 329 336 400 500 600 700 800 900 999 to 1000

 

switch#sh vlan 1919

Port-vlan 1919 does not have any members.

switch#conf t

switch(config)#no vlan 1919

switch(config)#end

switch#sh vlan 1919

Error - port-vlan 1919 does not exist.

switch#sh vlan b

 

System-max vlan Params: Max(4095) Default(64) Current(4095)

Default vlan Id :999

Total Number of Vlan Configured :16

VLANs Configured :2 100 200 220 276 300 329 336 400 500 600 700 800 900 999 to 1000

 

switch#

 

 

In both case, vlan 1919 in this example is not a "functional" VLAN

New Contributor
Posts: 3
Registered: ‎11-19-2014

Re: Prevent VLAN Deletion

So I was playing with the 8.0.2a code where they've gone and re-engineered authentication in 8.0.2. Now there are 3 VLANs that have to be maintained if you want to use full functional authentication. For us, these VLANs are essentially not "functional" in terms of passing traffic. The solution we've come up with is designating a port to tag all these VLANs in (critical, default-auth and restricted) and just leave the port disabled.

 

There really needs to be a command inside a given VLAN to make it a persistent VLAN regardless of untagged/tagged ports. Especially in cases like authentication where your switch will essentially explode if the VLAN ceases to exist and it tries to move a port into that VLAN. Or the switch itself should just maintain those 3 VLANs for authentication (and similar configuration situations) as long as they are defined in the authentication configuration section.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Download FREE NVMe eBook