03-22-2009 09:39 AM - edited 03-06-2019 04:44 AM
Hi all,
if you put a switch port in access mode, and you assigned it to a nonexistent vlan, the switch will create the vlan, like this:
SW1(config)#int fast 0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 12
% Access VLAN does not exist. Creating vlan 12
Is there any way to avoid this? I mean, if the vlan doesn't exist I don't want the switch to create it automatically, without my confirmation.
Appreciate any help.
Regards,
Carlos.
Solved! Go to Solution.
03-24-2009 01:55 PM
03-22-2009 09:59 AM
Hi Carlos,
Theere is no way you get any warning message or confirmation message here.
Only alternative way for you to check in advance whether this VLAN is exist or not and you want to creat it or not.
"show vlan" will show all layer 2 VLAN created in switch.
-Chintan
03-22-2009 02:59 PM
Hi there Carlos,
You can use VTP for this. If the switch is a VTP client, it will not create the VLAN. It will put the config into the interface however, but looking at the 'show vlan' result page won't show that VLAN existing.
I don't know of any other way to restrict the automatic creation of the VLAN when it is a VTP server or VTP transparent though.
This is the right place to find out though!! :)
Brad
03-22-2009 09:59 PM
The old legacy switches, 2900/3500 series, won't tell you. If you create a VLAN Interface and you didn't create the VLAN in the database, it won't tell you, it won't create one and the VLAN's just won't work until you create one in the VLAN Database.
03-23-2009 02:07 AM
Hi all,
thanks for your answers.
I'll be more specifically: we have two 6500s, who are our VTP servers.
The problem is that we have reached the maximum STP instances in our access switches (2960), which are the VTP clients. This limitation consist in 128 instances of STP and we have configured in PVSTP mode, so if we create one more VLAN the STP says something like this:
%SPANTREE_VLAN_SW-2-MAX_INSTANCE: Platform limit of 128 STP instances exceeded. No instance created for VLAN647 (port Gi0/7).
And we are trying to avoid creating a VLAN due to a missconfiguration in the number of the access port you assigned with the switchport command.
Will I have explained right?
Thanks for your support.
Regards,
Carlos.
03-23-2009 03:11 PM
Hi Carlos,
Let me see if I understand you correctly.
You have two (2) 6500 switches that are both VTP servers. (I assume here that you update the 6500 VTP server with the highest revision number so that all clients and the other server get the VTP update?) And you want to ensure than anyone on the VTP server can not accidentally create a VLAN that is then sent to all the access switches, that consequently exceeds the access switches STP max instances?
If I have understood correctly, you could look at restricting who has access to the VTP server, so those mistakes aren't made often.. Or you could prune the number of STP instances to allow only the needed ones by using the 'switchport trunk allowed vlan' command on the trunks.
I hope I have understood correctly.
Brad
03-24-2009 01:18 AM
Hi bmcginn,
Thanks for your answer.
This is not exactly what we want.
We want to avoid whatever VTP server to create a VLAN when assigned one of its ports (of the 6500s) to a non existant VLAN (due to an error typing the number) with the "switchport access" command.
I hope you understand better now.
Thanks,
Carlos.
03-24-2009 03:28 AM
Carlos,
One other thing you could consider, if possible. Analyze your network and determine if you can run MST on your core and plain old STP on your access switches. I believe, not positive, but I am pretty sure that MST has little to no issues interacting with STP. Thus, you could end up with only a single instance running on your legacy switches.
Here is a good link for reference...
Edit: I just realized you stated your access switches are 2960's. These should support MST. I can imagine a network that could have 128 different trees, so really there shouldn't be a need for PVST. You may want to look into migrating to MST. The configuration/understanding of MST is slightly more complicated, but it may be worth it. It would certainly cutdown on overhead on your links.
Here is a doco for MST on 2960's
Also, if you are new to MST, there is a fantastic introduction video on Cisco Learning Network here: https://cisco.hosted.jivesoftware.com/docs/DOC-2446
HTH,
Ryan
03-24-2009 03:35 AM
Hi rpfinneran,
thanks for your advice.
We're now considering a new project to perfom what you suggested, but we don't know when can be implemented.
So, the question I made it's a workaround while we don't move up from PVST to MST.
Thanks,
Carlos.
03-24-2009 01:55 PM
03-25-2009 07:41 AM
Hi leolaohoo,
that's exactly what we were looking for!!
I'll suggest the implementation of this workaround and I will post my results.
Thanks a lot!
Carlos.
03-26-2009 11:01 PM
And thank you for the rating.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide