Nov 8

To lower broadcast traffic in our network or for some extra security we use Virtual LANs. Cisco switches can be configured with Ethernet VLAN IDs ranging from 1 to 1001 and, with the extended VLANs, from 1006 to 4096. For trunking, we can use the IEEE 802.1Q (dot1q) protocol that can support the extended VLANs (1-4096).

The fisrt important rule of implementing VLANs in a network tells us that a switch won’t forward a frame from a VLAN if it does not know about that VLAN. All the switches in a network need to know about all the VLANs regardless of the fact that they have or not local access ports in those VLANs. So, we need to go to every switch and configure all the VLAN IDs, or we could use VTP (VLAN Trunking Protocol), Cisco’s proprietary protocol that automatically configures network-wide all the VLANs. Remember, VTP is on by default, in Server mode.

But the use of VTP can sometimes lead to unexpected behavior on the switch. Most common is when you try to reset your switch and you delete the running-config and the flash:vlan.dat, reload the IOS and find all your VLANs still there. If you have VTP configured in your network (without authentication), upon boot-up, the switch will get the VLAN information from it’s VTP neighbors, the reason being that the default configuration is Server mode. The solution would be to set the switch in Transparent mode and delete the VLANs.

The configuration of VTP Transparent mode causes another strange exception. As we are have studied in CCNA, the vlan.dat file in flash holds the VLAN information for a switch, not the running-config in NVRAM. This is not true when dealing with Transparent mode. If the switch is in VTP transparent mode, the VLAN information IS stored in running-config. So, if you configure vtp mode transparent, configure some VLANs, delete the vlan.dat and reboot, you will find the VLANs still there.

One more situation where VLANs are stored in running-config is when we use extended VLANs. Regardless of VTP mode, if we configure a VLAN with an ID greater than 1006, it will be stored as an entry in running-config. Extended VLANs will NOT be carried through VTP, so it makes sense not to store them in vlan.dat, because the switch will try to synchronize the file with the VTP information.