Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1293
Views
10
Helpful
15
Replies

Adding VLAN caused havoc

Utair Corporation
Level 3
Level 3

‎12-17-2012 09:36 PM - edited ‎03-07-2019 10:40 AM

I had 63 VLANs in my network, with one VTP server switch and all others in client mode. Some time ago we started buying LAN-Lite versions of 2960 switches, which has 64 VLANs limit.

Just after i've added two VLANs on VTP server, random network outage problems begun. People reported random connection drops all over whole network.

After some investigation i've found what all LAN-Lite switched turend into transparent VTP mode.

Problems stopped only after i deleted some VLANs on VTP server and turned client mode on all switches back.

So i wonder, why there was connectivity problems at all? Was it inter-switch trunks stopping to work? Something else?

Labels:
0 Helpful
15 Replies 15

mahmoodmkl
Level 7
Level 7

‎12-17-2012 09:39 PM

Hi,

I think u had run out of the STP instances on your switches and this has caused this issue.

I suggest u to investigate the number of instances supported by u r devices.

Thanks

0 Helpful

Utair Corporation
Level 3
Level 3
In response to mahmoodmkl

‎12-17-2012 10:22 PM

There were no such messages in logs, there were no loops to cause problems, i do not have redunant links. I could accept if new VLANs did not appear on that switches. But actually affecting current VLANs isn't right to me.

0 Helpful

milan.kulik
Level 10
Level 10
In response to Utair Corporation

‎12-18-2012 05:30 AM

Hi,

blame the guys writing the IOS code!

When there is a 64 VLAN limit on your switch and you add 65th VLAN, the switch might

a) move to VTP transparent mode,

b) remove STP instance from one random VLAN.

IMHO, b) is a pretty stupid feature but that's the way  the IOS behaves (at least it was several years ago I met the same problem personally).

BR,

Milan

Utair Corporation
Level 3
Level 3
In response to milan.kulik

‎12-18-2012 07:06 PM 

milan.kulik wrote:
When there is a 64 VLAN limit on your switch and you add 65th VLAN, the switch might 
a) move to VTP transparent mode,

There were log messages indicating that. And checking vtp status confirmed that.

0 Helpful

Mandlenkosi Nkiwane
Level 3
Level 3

‎12-18-2012 08:40 AM

Looks pretty obvious to me that when you have the client switches with a limit of 64 vlans and your VTP server with a limit of more than 64 vlans, could it be that you could have planned your change better?

I understand the blame factor that they should have made a mechanism int he IOS to not accept any additional Vlan once the limit was reached, however, on the other hand, knowing that you have a hardware limitation and trying to add more than your hardware can handle is always a disaster scenario.

I would suggest in the future you plan your changes and evaluate the impact that these changes will cause to your production network.

Rule number one for me: Better safe than sorry.

glen.grant
VIP Alumni
VIP Alumni
In response to Mandlenkosi Nkiwane

‎12-18-2012 10:23 AM

   All that should have needed to be done is on the trunks to the 2960's you manually prune off anything that is not needed on the trunk.  I'll guarantee that you probably do not need all 64 vlans on a 2960 . We have a big client/server setup of like 80 vlans and we have run even old  2950's in the domain without issue.  On both sides of the trunk just use the  "switchport trunk allowed " command to restrict  only the vlans needed on the 2960 . This makes the 2960 only create the spanning tree instances for the vlans allowed on the trunks and not for all vlans in your vtp domain.

Utair Corporation
Level 3
Level 3
In response to glen.grant

‎12-18-2012 07:11 PM 

glen.grant wrote:
   I'll guarantee that you probably do not need all 64 vlans on a 2960.

Of course i do not. They just stacked up over time.

glen.grant wrote:
   On both sides of the trunk just use the  "switchport trunk allowed " command to restrict  only the vlans needed on the 2960 . This makes the 2960 only create the spanning tree instances for the vlans allowed on the trunks and not for all vlans in your vtp domain.

Will it still pass other vlans to trunk ports? Or will it cut off all vlans not used by this particular switch?

0 Helpful

milan.kulik
Level 10
Level 10
In response to glen.grant

‎12-19-2012 03:49 AM

Hi,

I'm afraid the switch would fall into the VTP transparent mode anyway?

So IMHO, the best practice is to get rid off VTP (=all switches in VTP transparent mode) and to configure only VLANs really necessary on each switch.

BR,

Milan

0 Helpful

Utair Corporation
Level 3
Level 3
In response to Mandlenkosi Nkiwane

‎12-18-2012 07:08 PM

You can't know everything. My work is not switches only and i've got one head and two hands only.

0 Helpful

mahmoodmkl
Level 7
Level 7
In response to Utair Corporation

‎12-19-2012 02:52 AM

Hi

It will pass all other vlans traffic which are excpet which are not used by this switch.

0 Helpful

Kyle McKay
Level 1
Level 1

‎12-19-2012 12:52 PM

Was VTP pruning enabled as well?

0 Helpful

Utair Corporation
Level 3
Level 3
In response to Kyle McKay

‎12-19-2012 06:49 PM

It is enabled.

0 Helpful

Utair Corporation
Level 3
Level 3
In response to Utair Corporation

‎12-19-2012 07:00 PM

Also, network not just stopped to work for some VLANs. It was "pulsing". I mean people calling each over by IP phone, talking, then opps - no audio. Network programs working, then dropping connections, then connecting back.

0 Helpful

milan.kulik
Level 10
Level 10
In response to Utair Corporation

‎12-19-2012 11:40 PM

Hi,

IMHO, that could be a consequence of STP instance stopped for random (=different) VLANs on different switches.

And broadcast/multicast storms possibly following.

BR,

Milan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card