Solved: Re: VLAN deleted, but active

s309973 · ‎06-24-2005

Let me preface this post by stating I recently inherated this infrastructure and am in the process of re-documenting, since all available diagrams were out of day or out right wrong.

My predecessor has a switch where he had defined "VLAN3", which has a few active ports - but VLAN3 isn't defined in the configuration anywhere. This is the extent of the VLAN configuration:

--------------------------------

interface VLAN1

description INSIDE NETWORK

ip address <addr> <mask>

no ip directed-broadcast

no ip route-cache

!

interface VLAN2

description DMZ

no ip directed-broadcast

no ip route-cache

shutdown

--------------------------------

The output of 'sh vlan br' returns the following:

--------------------------------

3548-EX1#show vlan br

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5,

Fa0/7, Fa0/27, Fa0/31

2 DMZ active Fa0/6, Fa0/8, Fa0/9, Fa0/10,

Fa0/11, Fa0/12, Fa0/13, Fa0/14,

Fa0/15, Fa0/16, Fa0/17, Fa0/18,

Fa0/19, Fa0/20, Fa0/21, Fa0/22,

Fa0/23, Fa0/28, Fa0/29, Fa0/30,

Fa0/32, Fa0/33, Fa0/34, Fa0/35,

Fa0/36, Fa0/37, Fa0/38, Fa0/39,

Fa0/40, Fa0/41, Fa0/42, Fa0/43,

Fa0/44, Fa0/45, Fa0/46, Fa0/47,

Fa0/48

3 DMZ1 active Fa0/3, Fa0/24, Fa0/25, Fa0/26

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

--------------------------------

And 'show ip int vlan 3':

--------------------------------

VLAN3 is deleted, line protocol is down

Internet protocol processing disabled

--------------------------------

These ports are seemingly being used but the VLAN is tagged as 'deleted'. Does this mean that if this switch looses power or reboots for any reason, the VLAN configuration for these ports will be "gone" and revert back to VLAN1? Common sense tells me I need to re-define VLAN3 in this switch, since "switchport access vlan 3" is configured on ports 3, 24, 25, and 26.

amit-singh · ‎06-24-2005

Hi,

On Layer 2 switch there is no need to define the Vlan interface. Vlan interface is only used for routing purpose, when you have a layer-3 switch which is doing the routing between the Vlans.

In this case your switch is a L-2 switch and the ports are assigned statically to the respective vlan. ON a layer 2 switch you need an IP on a particular interface Vlan just to manage the switch remotely. The respective Vlan interface is not created that's why you are getting that error. BTW which switch is this.

If you switch reboots or power fialure, the ports still will be in the same VLAN only if you saved the changes by using command " write mem ". If you havenot saved the changes and the switch looses its power then the ports will fall back to the default vlan, which is Vlan 1.

HTH,

-amit singh

View solution in original post

amit-singh · ‎06-24-2005

Hi,

On Layer 2 switch there is no need to define the Vlan interface. Vlan interface is only used for routing purpose, when you have a layer-3 switch which is doing the routing between the Vlans.

In this case your switch is a L-2 switch and the ports are assigned statically to the respective vlan. ON a layer 2 switch you need an IP on a particular interface Vlan just to manage the switch remotely. The respective Vlan interface is not created that's why you are getting that error. BTW which switch is this.

If you switch reboots or power fialure, the ports still will be in the same VLAN only if you saved the changes by using command " write mem ". If you havenot saved the changes and the switch looses its power then the ports will fall back to the default vlan, which is Vlan 1.

HTH,

-amit singh

s309973 · ‎06-24-2005

Thanks for your response. This switch is a WS-C3548-XL. Since my "show config" shows the configuration for these ports are set with "switchport access vlan 3", I shouldn't be at any risk of these ports dropping out of this VLAN in the event of a reboot. I wasn't aware defining the VLAN interface was only necessary for management purposes. Thanks for that information.

jroyster · ‎06-24-2005

Yep, the Int VLAN is called a SVI or switched virtual interface. It is used to route between VLANs. So no harm in having as many vlans as you like without a corresponding SVI.

These VLANs are isolated and there is no router/gateway for IP packets to be forwarded to reach another VLAN. This approach is used frequently to keep a particular VLAN from having communication to another.

And judging from the descriptions and names VLAN3 could very well be the "external" Internet having no access to anything else, possible forcing things through a firewall.

m-treadway · ‎06-25-2005

The funny thing about 3548 switches is that the VLAN information isn't kept in the runnning or startup configs. These switches have a seperate VLAN Database that holds this information. If you do a dir on the flash, you will see a file called "vlan.dat".

You can actually do a write erase and delete the startup config then reload the switch, and after the switch comes up blank, do a "show VLAN" and the VLAN information will still be there.

You can always delete that file to remove the entire database or add and remove VLANs anytime by using the "vlan database" command on the switch. You do not have to be in config t mode to enter the vlan database. Just type "vlan data" and hit enter. Then the question mark is your friend. It is easy. You can add or remove VLANs and change the VTP mode from here. You have to use the "exit" command to leave the VLAN database and save your changes.

By default, a 3548 comes with all ports in VLAN 1 and VLAN 1 is the management VLAN as well. The only time it is neccessary to create an actual VLAN interface is when you want to change the management interface. If you want to do that, you create the new VLAN interface, give it an ip address and mask for mangement purposes only, and issue the very important "management" command. That shuts down VLAN 1 also.

conf t

int vlan x

ip address x.x.x.x 255.255.255.0

management

end

You will also need to use the "ip default-gateway x.x.x.x" command to specify the gateway router's address.

Hope this helps.