I'm going through the fun task of migrating twenty odd access switches to a new distribution later.
The downside seems to be that it looks as if there has been no deprovisioning process on these switches and they have unused vlans still active in the switches management domain and being trunked with the heinous 'switchport trunk allowed vlans all'
Before the migration takes place I would like to clean this all up by removing the vlans from the switches that are not in use and restricting the allowed vlan list on the uplinks with only layer two traffic that needs to span via the distrabution later. I would like to tell you how I plan on doing this and see if you can point out any gotchas that I have overlooked;
1. For each vlan on the switches management domain ; 'show vlan brief'
Run 'show mac address-table vlan X | ex CPU'
If the results show;
SWITCH#show mac address-table vlan 123| ex CPU
Mac Address Table
Vlan Mac Address Type Ports
---- ----------- -------- -----
Total Mac Addresses for this criterion: 20
This shows that no mac addresses are present within this vlan and the vlan is not in use at all.
This vlan can then be removed with the 'no vlan X' command.
2. To restrict the traffic spanning to the distrabution layer I would complete the same command;
'show mac address-table vlan X | ex CPU'
If only mac addresses for this vlan are seen on the interswitch trunk and no mac addresses are seen from any of the other local switches interfaces then this would show that no devices attached to the switch are using this vlan, only the system or dynamic macs of other devices on the fabric are being learnt from the interswitch trunk.
These vlans can be removed on the switch again with the 'no vlan X' command. Once the vlans have been removed from the switch the device will remove them from the uplinks allowed list 'show int trunk | i X' ( 'X' again means vlan number.)
This all hangs on the fact thateven if one of these vlans are in use and assigned to a trunk, if it's in use it must generate mac addresses to function on ethernet so if there are no mac addresses showing then as far as I see it the vlan is inactive and can be removed.
Can anyone point out anything that I am missing, or see any problems with this logic?
Meet the Authors Event - Peter Paluch, Co-author of CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
(Live event – Wednesday, October 30th, 2019 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 6:00 p.m. Paris)
This will have place on Wednesday 30...
ENCS 5400 is a purpose built compute platform for branch networking. Multiple VNFs (virtual network functions) can be hosted in the ENCS platform with flexible connectivity options.
There are multiple Layer2 software and hardware entities in a typi...
Cisco SD-Access fabric provides many optimizations to improve unicast traffic flow, and to reduce the unnec...
how do we restrict a router interfaces from directly connected to Some vlans? can any one help me to figureout?the question is Router should not have interfaces directly connected to Vlan 30 and Vlan 40
I've got a one problem. Me and my friend have the same ISP. I checked my External IP address at WhatIsMyIp.com and my friend do it to. And we saw we have the same External IP.So my question is can 2 routers have the same External IP address?If i'm right 2...