Creating VLAN with Switchport

Answered Question
Mar 22nd, 2009

Hi all,

if you put a switch port in access mode, and you assigned it to a nonexistent vlan, the switch will create the vlan, like this:

SW1(config)#int fast 0/1

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 12

% Access VLAN does not exist. Creating vlan 12

Is there any way to avoid this? I mean, if the vlan doesn't exist I don't want the switch to create it automatically, without my confirmation.

Appreciate any help.

Regards,

Carlos.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.4 (5 ratings)
Loading.
chintan-shah Sun, 03/22/2009 - 09:59

Hi Carlos,

Theere is no way you get any warning message or confirmation message here.

Only alternative way for you to check in advance whether this VLAN is exist or not and you want to creat it or not.

"show vlan" will show all layer 2 VLAN created in switch.

-Chintan

bmcginn Sun, 03/22/2009 - 14:59

Hi there Carlos,

You can use VTP for this. If the switch is a VTP client, it will not create the VLAN. It will put the config into the interface however, but looking at the 'show vlan' result page won't show that VLAN existing.

I don't know of any other way to restrict the automatic creation of the VLAN when it is a VTP server or VTP transparent though.

This is the right place to find out though!! :)

Brad

Leo Laohoo Sun, 03/22/2009 - 21:59

The old legacy switches, 2900/3500 series, won't tell you. If you create a VLAN Interface and you didn't create the VLAN in the database, it won't tell you, it won't create one and the VLAN's just won't work until you create one in the VLAN Database.

carlos.asensio Mon, 03/23/2009 - 02:07

Hi all,

thanks for your answers.

I'll be more specifically: we have two 6500s, who are our VTP servers.

The problem is that we have reached the maximum STP instances in our access switches (2960), which are the VTP clients. This limitation consist in 128 instances of STP and we have configured in PVSTP mode, so if we create one more VLAN the STP says something like this:

%SPANTREE_VLAN_SW-2-MAX_INSTANCE: Platform limit of 128 STP instances exceeded. No instance created for VLAN647 (port Gi0/7).

And we are trying to avoid creating a VLAN due to a missconfiguration in the number of the access port you assigned with the switchport command.

Will I have explained right?

Thanks for your support.

Regards,

Carlos.

bmcginn Mon, 03/23/2009 - 15:11

Hi Carlos,

Let me see if I understand you correctly.

You have two (2) 6500 switches that are both VTP servers. (I assume here that you update the 6500 VTP server with the highest revision number so that all clients and the other server get the VTP update?) And you want to ensure than anyone on the VTP server can not accidentally create a VLAN that is then sent to all the access switches, that consequently exceeds the access switches STP max instances?

If I have understood correctly, you could look at restricting who has access to the VTP server, so those mistakes aren't made often.. Or you could prune the number of STP instances to allow only the needed ones by using the 'switchport trunk allowed vlan' command on the trunks.

I hope I have understood correctly.

Brad

carlos.asensio Tue, 03/24/2009 - 01:18

Hi bmcginn,

Thanks for your answer.

This is not exactly what we want.

We want to avoid whatever VTP server to create a VLAN when assigned one of its ports (of the 6500s) to a non existant VLAN (due to an error typing the number) with the "switchport access" command.

I hope you understand better now.

Thanks,

Carlos.

rpfinneran Tue, 03/24/2009 - 03:28

Carlos,

One other thing you could consider, if possible. Analyze your network and determine if you can run MST on your core and plain old STP on your access switches. I believe, not positive, but I am pretty sure that MST has little to no issues interacting with STP. Thus, you could end up with only a single instance running on your legacy switches.

Here is a good link for reference...

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfc.shtml#mst_region_world

Edit: I just realized you stated your access switches are 2960's. These should support MST. I can imagine a network that could have 128 different trees, so really there shouldn't be a need for PVST. You may want to look into migrating to MST. The configuration/understanding of MST is slightly more complicated, but it may be worth it. It would certainly cutdown on overhead on your links.

Here is a doco for MST on 2960's

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_44_se/configuration/guide/swmstp.html#wp1035485

Also, if you are new to MST, there is a fantastic introduction video on Cisco Learning Network here: https://cisco.hosted.jivesoftware.com/docs/DOC-2446

HTH,

Ryan

carlos.asensio Tue, 03/24/2009 - 03:35

Hi rpfinneran,

thanks for your advice.

We're now considering a new project to perfom what you suggested, but we don't know when can be implemented.

So, the question I made it's a workaround while we don't move up from PVST to MST.

Thanks,

Carlos.

carlos.asensio Wed, 03/25/2009 - 07:41

Hi leolaohoo,

that's exactly what we were looking for!!

I'll suggest the implementation of this workaround and I will post my results.

Thanks a lot!

Carlos.

Actions

This Discussion