I'm going through the fun task of migrating twenty odd access switches to a new distribution later.
The downside seems to be that it looks as if there has been no deprovisioning process on these switches and they have unused vlans still active in the switches management domain and being trunked with the heinous 'switchport trunk allowed vlans all'
Before the migration takes place I would like to clean this all up by removing the vlans from the switches that are not in use and restricting the allowed vlan list on the uplinks with only layer two traffic that needs to span via the distrabution later. I would like to tell you how I plan on doing this and see if you can point out any gotchas that I have overlooked;
1. For each vlan on the switches management domain ; 'show vlan brief'
Run 'show mac address-table vlan X | ex CPU'
If the results show;
SWITCH#show mac address-table vlan 123| ex CPU
Mac Address Table
Vlan Mac Address Type Ports
---- ----------- -------- -----
Total Mac Addresses for this criterion: 20
This shows that no mac addresses are present within this vlan and the vlan is not in use at all.
This vlan can then be removed with the 'no vlan X' command.
2. To restrict the traffic spanning to the distrabution layer I would complete the same command;
'show mac address-table vlan X | ex CPU'
If only mac addresses for this vlan are seen on the interswitch trunk and no mac addresses are seen from any of the other local switches interfaces then this would show that no devices attached to the switch are using this vlan, only the system or dynamic macs of other devices on the fabric are being learnt from the interswitch trunk.
These vlans can be removed on the switch again with the 'no vlan X' command. Once the vlans have been removed from the switch the device will remove them from the uplinks allowed list 'show int trunk | i X' ( 'X' again means vlan number.)
This all hangs on the fact thateven if one of these vlans are in use and assigned to a trunk, if it's in use it must generate mac addresses to function on ethernet so if there are no mac addresses showing then as far as I see it the vlan is inactive and can be removed.
Can anyone point out anything that I am missing, or see any problems with this logic?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...