VLAN Configuration - How did I get here :) - Page 2

Don2001L · ‎03-07-2023

Hello,

I have a old 2924XL setup with a pair of routers in a LAB to learn and test with.
I have a couple of VLAN created to segregate traffic on switch but there are a couple of things that I don't understand about how this configuration Got there ...

This is what is setup -

Core_LAN#show vlan brief
VLAN Name Status Ports ---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/21, Fa0/22
20 VLAN0020 active
100 VLAN0100 active
200 VLAN0200 active Fa0/23, Fa0/24
300 VLAN0300 active Fa0/17, Fa0/18, Fa0/19, Fa0/20

show run only displays 2 of them ?

interface VLAN1
ip address xx.xx.xx.xx 255.0.0.0
no ip directed-broadcast
no ip route-cache
!
interface VLAN300
no ip directed-broadcast
no ip route-cache
shutdown

1 - 200 - 300 are active and in use / passing traffic.
First thing I don't understand is - Where is 200 ?

Second - is 300 = shutdown - because VLAN1 is the active management VLAN ( and this is the Normal state of affairs )

Thank you for humoring me,
Don

Humanoid

Richard Burts · ‎03-08-2023

Don

I read through the discussion again and am quite puzzled. In one of your posts you show some output from show run/startup and ask this question "Why don't I see the VLAN0200 / 200 configuration information when I capture the configuration". What puzzles me is the posted output quite clearly does show vlan 200 on Fa0/24.

HTH

Rick

Don2001L · ‎03-08-2023

PS: Just for "Fun"
I changed the VLAN 100 configuration
_______________________________
conf term
interface VLAN 100
shutdown
_____________________
show vlan id 100
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
100 VLAN0100 active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 100 enet 100100 1500 - - - - - 0 0

Excerpt from show run
_______________________
interface VLAN100
no ip directed-broadcast
no ip route-cache
shutdown
________________________
The 100 VLAN didn't show up in the running config Before I made the change to shut it down

VLAN 100 was Not in use ( FYI )

Humanoid

Richard Burts · ‎03-08-2023

Don

Thanks for the update and the experiment with vlan 100. Your explanation "The 100 VLAN didn't show up in the running config Before I made the change to shut it down" is consistent with what I have tried to explain. In newer switches/newer versions of code all of the commands related to vlans are in running/startup config. But in older switches/older code the commands to create the vlan are in the vlan data base and do not show up in running/startup config. As far as I can tell you had created vlan 100 but had not done anything with it. And so it did not show up in running/startup. Then you configured shutdown for vlan 100. Now it does show up in running/startup.

HTH

Rick

mlund · ‎03-09-2023

Hi all

This is a classic misunderstanding of "vlan" and "interface vlan" In this old 2924 when you create a vlan (layer2) this vlan then is stored in a file called "vlan database" found in nvram, as @Richard Burts has already mentioned. You can see what's in this file with "show vlan database" (I think, it's from my memory), but you can't see it in running config. Try to create a new vlan and see how it is populated in this file. As per my understanding (again from my memory) this old 2924 can only have one "interface vlan" (layer3) active at the same time. So if you do "no shutdown" on "interface vlan300" this will probably shutdown "interface vlan1" Or maybe you have to shutdown "interface vlan1" before doing no shutdown on "interface vlan 300"

Also when doing shutdown on an "interface vlan" this will not shut down the "vlan", the L2 vlan will still be active.

Richard Burts · ‎03-09-2023

@mlund makes an excellent point. I have seen the behavior that is described in older switches where if you bring up a new layer 3 interface then the interface that has been active is shut down by the IOS. The original post shows clearly that there are vlan interfaces for vlan 1 and vlan 300. If the vlan interface for vlan 300 was the active interface and an IP was configured for vlan 1 then vlan 300 becomes shutdown. Or if vlan 1 had an IP address but was shut down when vlan interface 300 was configured, then if you no shut interface vlan 1 then interface vlan 300 becomes shut down.

HTH

Rick

Don2001L · ‎03-10-2023

Again, thank All Y'all for your patience and support in helping me try to understand this and how I got here and what I might Change.

mmm - so somehow Way back then maybe I created VLAN - 200 as a Layer 2 and VLAN 300 the Layer 3 ?
and the System set the Layer three VLAN 300 in a shutdown state because VLAN1 was already active as a Layer 3 VLAN ??

As @mlund stated there are "vlan" and "interface vlan" - where could I see the difference -

This doesn't show them as being much/any different
( I omitted some unrelated details for the Token ring - fddi etc... VLAN's )

#vlan database
#show current

VLAN ISL Id: 1
    Name: default
    Media Type: Ethernet
    VLAN 802.10 Id: 100001
    State: Operational
    MTU: 1500
    Translational Bridged VLAN: 1002
    Translational Bridged VLAN: 1003

VLAN ISL Id: 1002
Name: fddi-default
Bridge Type: SRB
Translational Bridged VLAN: 1 Translational Bridged
A
Name: token-ring-default
Translational Bridged VLAN: 1
Translational Bridged VLAN: 1002

VLAN ISL Id: 20
    Name: VLAN0020
    Media Type: Ethernet
    VLAN 802.10 Id: 100020
    State: Operational
    MTU: 1500

VLAN ISL Id: 100
    Name: VLAN0100
    Media Type: Ethernet
    VLAN 802.10 Id: 100100
State: Operational
    MTU: 1500

VLAN ISL Id: 200
    Name: VLAN0200
    Media Type: Ethernet
    VLAN 802.10 Id: 100200
    State: Operational
    MTU: 1500

VLAN ISL Id: 300
    Name: VLAN0300
    Media Type: Ethernet
    VLAN 802.10 Id: 100300
    State: Operational
    MTU: 1500

Humanoid

Don2001L · ‎03-10-2023

Found some More -

#show vlan id 300
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
300 VLAN0300 active Fa0/17, Fa0/18, Fa0/19, Fa0/20
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
300 enet 100300 1500 - - - - - 0 0

#show interface vlan 300
VLAN300 is administratively down, line protocol is down
Hardware is CPU Interface, address is 0003.6b55.afc0 (bia 0003.6b55.afc0)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA ARP type: ARPA, ARP Timeout 04:00:00

So is the Interface VLAN 300 -> Layer 3
and the * Regular* Vlan 300 -> Layer 2

- and how did I managed to Get ? Both ?

Humanoid

Richard Burts · ‎03-10-2023

Yousaid "This doesn't show them as being much/any different " and showed output from the vlan data base. And in the vlan data base there is not any significant difference. Because the vlan data base deals with the layer 2 vlans. And in that perspective there are not any significant differences.

The differences are at layer 3 (with interface vlan x). Your switch/version of software allows only a single layer 3 vlan interface to be active. When you have configured both interface vlan 1 and interface vlan 300 then one of them will be shut down. Which one is active and which is shut down depends on history of your switch that we do not have (and frankly is not very important).

You show correct understanding with this

So is the Interface VLAN 300 -> Layer 3
and the * Regular* Vlan 300 -> Layer 2

Then you ask "and how did I managed to Get ? Both ?" The answer is that you chose to configure layer 2 vlan 300 (quite appropriate) and laye 3 vlan interface 300 (perhaps questionable).

Perhaps it might help if we think abut a layer 2 switch (like yours) and its vlans and vlan interface(s). A layer 2 switch does forwarding of traffic using layer 2 information (mac address) and supports multiple layer 2 vlans. Why would a layer 2 switch want/need a layer 3 interface? The answer is that the vlan interface is for "management" traffic. Do you want to access the switch using telnet/SSH? Then it needs a layer 3 interface (vlan interface). Do you want the switch to forward syslog messages to a server? If so it needs the management interface to do that. Do you want your SNMP server to be able to access the switch or to receive SNMP information from the switch? Then it needs a management interface.

But for these purposes the switch needs only one active management interface.

HTH

Rick

Don2001L · ‎03-11-2023

Good Morning Rick,

I understand the difference between L2 / L#.
The Interface I used ( Java Web ) was the same for each of the VLAN 20 / 100 / 200 / 300 and I don't see any options to Select Layer 2 vs. Layer 3 using that Interface ?

They look identical and don't have any other parameters that you have control over when creating them ?

It indeed may not be possible to figure what I did - when there were added / created to understand how I ended up with what I have now

Thank anyway

Humanoid

Richard Burts · ‎03-11-2023

Don

Yes I am sure that the Java Web interface deals only with layer 2 aspects of vlans and at layer 2 there are not significant differences (other than having different vlan ID). I am sure that at some point you went into config mode on the switch and you configured interface vlan 300. Since it is not serving any useful purpose at this point you could certainly remove it from the config and not have any impact on the switch.

HTH

Rick

Don2001L · ‎03-15-2023

Hello Rick,

I don't ever remember logging into the device and running any conf term commands, but it might have been a long long time ago...

Thanks,
Don

Humanoid

Richard Burts · ‎03-15-2023

Don

Thanks for the update. Hard to determine when the vlan interface for 300 was added. But knowing that there are 2 vlan interfaces on the switch, and understanding the behavior of older layer 2 switches when there are more than 1 vlan interface we can understand how/why vlan 3 interface is shut down, and that is probably the more important aspect of the discussion.

HTH

Rick

Don2001L · ‎03-16-2023

Hello Rick,

Thanks for you patience and perseverance in helping me unraveling this -

So correct me if I'm wrong here but this would indicate that I created both L2 and L3 VLAN's ?
( which I am pretty sure I did not - Maybe for VLAN 300 - but I was conscious when I created VLAN200

Using image as the formatting is out to lunch when pasting text from the show commands.

Don

Humanoid

Richard Burts · ‎03-16-2023

Don

In your original post clearly there were 2 vlan interfaces, one for vlan 1 and the other for vlan 300. Now there is also a vlan interface for vlan 200. Are you saying that you did not create this?

HTH

Rick

Don2001L · ‎03-19-2023

Hello Rick,

For the purpose of this thread - there have always been three VLAN's 1 - 200 - 300
( 10 and 100 also exist - but are not in use and so are not relevant to this conversation )

My initial conundrum was - even though I * believed* I created them both from the Web-Java interface - How could they be different e.g. L3 / L2
( Just because I believe it doesn't make it true )

Both VLAN's served the same purpose to segregate ports on the switch so in could feed traffic in / out of two ports, to allow me to monitor traffic / performance / utilization between unmanaged devices.

That last image paste was to illustrate that the VLAN's created from the Web-Java UI seem to be L2/ L3 vlans.

I will create another new/one - VLAN 400 and see what happens.

Thanks again for humoring me,
Don

Humanoid