Extended Vlans matters on N5K

Hello there,
Looking for some help on extended vlans design. Customer is using 90% of extented VLANs as follows based on exclusive services:
1200-1499
1700-1999
1500-1799
Total of 897 VLANs.
First question is: Do you know if extentend VLANs count as active VLANs in the 512 limit or we should not worry as this limit is only for normal VLANs? The datasheet is not clear enough and does not say if this limit is for both.
Second question is: Supposing question 1 is ok, when allowing these vlans in the trunk, should we also create these VLANs or they are already active (according to conf guide), there is, should we need to issue "vlan 1200" in conf mode for instance?
Thank you!

This was a limitation with older VTP implementation(extended VLANs were not supported when VTP was first designed). With VTP version 3, extended VLANs are supported
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/confg_gd/vlans.htm#wp1090061

Similar Messages

Unable to create extended vlan

Dear All,
Is there anyway to create extended vlan(from 1006 to 1010) on my cisco 7604? These are existing customer vlan which I planned to move to this 7604 but unfortunately cant. I believe only FDDI and Token ring vlan unable to remove. Expert please advice.
PBR#sh ver
Cisco Internetwork Operating System Software
IOS (tm) s3223_rp Software (s3223_rp-IPSERVICES_WAN-M), Version 12.2(18)SXF17, R
ELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by cisco Systems, Inc.
Compiled Fri 25-Sep-09 06:10 by ccai
Image text-base: 0x40101040, data-base: 0x42A509B0
ROM: System Bootstrap, Version 12.2(17r)SX3, RELEASE SOFTWARE (fc1)
BOOTLDR: s3223_rp Software (s3223_rp-IPSERVICES_WAN-M), Version 12.2(18)SXF17, R
ELEASE SOFTWARE (fc1)
PBR uptime is 11 weeks, 1 day, 21 hours, 33 minutes
Time since PBR switched to active is 11 weeks, 1 day, 21 hours, 33 min
utes
System returned to ROM by power cycle (SP by power on)
System image file is "sup-bootdisk:s3223-ipservices_wan-mz.122-18.SXF17.bin"
cisco CISCO7604 (R7000) processor (revision 2.0) with 458752K/65536K bytes of me
mory.
Processor board ID FOX1340GBXD
R7000 CPU at 300Mhz, Implementation 0x27, Rev 3.3, 256KB L2, 1024KB L3 Cache
Last reset from power-on
SuperLAT software (copyright 1990 by Meridian Technology Corp).
X.25 software, Version 3.0.0.
Bridging software.
TN3270 Emulation software.
18 Virtual Ethernet/IEEE 802.3 interfaces
57 Gigabit Ethernet/IEEE 802.3 interfaces
1915K bytes of non-volatile configuration memory.
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
PBR#
PBR#sh vlan
VLAN Name Status Ports
1 default active Gi3/14, Gi3/44
2 HPeP_Terrestrial_Side active
3 HPeP_Satellite_Side active Gi3/23, Gi3/24
5 Management active Gi3/1, Gi3/2, Gi3/3, Gi3/4
Gi3/5, Gi3/6, Gi3/7, Gi3/8
Gi3/9, Gi3/12, Gi3/13, Gi3/15
Gi3/31, Gi3/35
6 Customer_Traffic active Gi3/11, Gi3/37, Gi3/38
8 GCU active Gi3/33, Gi3/34
20 SIME active
45 Petrofac active
51 140.176.51.0/24-client-vlan active
101 Internet_Connection active Gi1/1, Gi1/2, Gi3/16, Gi3/26
190 BUK_FVSB active
201 Customer_VLAN_201 active
202 GITNS2A active
203 Internet_Connection_New active Gi3/17, Gi3/48
204 Sports_Toto_Malaysia active
205 XOM_EXXONMOBIL active
206 PCSB active
990 Unused_Ports active Gi1/3, Gi1/4, Gi1/5, Gi1/6
Gi1/7, Gi1/8, Gi1/9
999 RSPAN active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
8 enet 100008 1500 - - - - - 0 0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
20 enet 100020 1500 - - - - - 0 0
45 enet 100045 1500 - - - - - 0 0
51 enet 100051 1500 - - - - - 0 0
101 enet 100101 1500 - - - - - 0 0
190 enet 100190 1500 - - - - - 0 0
201 enet 100201 1476 - - - - - 0 0
202 enet 100202 1500 - - - - - 0 0
203 enet 100203 1500 - - - - - 0 0
204 enet 100204 1500 - - - - - 0 0
205 enet 100205 1500 - - - - - 0 0
206 enet 100206 1500 - - - - - 0 0
990 enet 100990 1500 - - - - - 0 0
999 enet 100999 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
999
Primary Secondary Type Ports
PBR#
PBR# sh vlan internal usage
VLAN Usage
1006 online diag vlan0
1007 online diag vlan1
1008 online diag vlan2
1009 online diag vlan3
1010 online diag vlan4
1011 online diag vlan5
1012 PM vlan process (trunk tagging)
1013 Control Plane Protection
1014 L3 multicast partial shortcuts for VPN 0
1015 Egress internal vlan
1016 Multicast VPN 0 QOS vlan
1017 GigabitEthernet3/27
1018 GigabitEthernet3/47
1029 IPv6 Multicast Egress multicast
1030 L3 multicast partial shortcuts for VPN 1
1031 Multicast VPN 1 QOS vlan
1032 L3 multicast partial shortcuts for VPN 3
1033 Multicast VPN 3 QOS vlan
1034 L3 multicast partial shortcuts for VPN 5
1035 Multicast VPN 5 QOS vlan
1036 L3 multicast partial shortcuts for VPN 6
1037 Multicast VPN 6 QOS vlan
PBR#

As Cisco Freak said, those vlans are being allocated for internal use
Layer 3 LAN ports, WAN interfaces and subinterfaces, and some software features use internal VLANs in the extended range. You cannot use an extended range VLAN that has been allocated for internal use.
In order to use them, you will need to use a descending vlan allocation option, to start allocation from vlan 4094 and down, to do this you will need to apply the command:
vlan internal allocation policy descending
And then reboot your switch, so the internal vlans get reallocated
For more info refer to this configuration guide:
http://www.cisco.com/c/en/us/td/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_book/vlans.html#pgfId-1038695

OTV-Extended VLAN Gateway

I am working on this design where the DC VLANs that need to be extended to DRC via OTV have their gateways as SVIs on a server agg VSS. So there is no FHRP in DC. The other side (DRC) server aggregation is a pair of VDCs on N7K. See figure for connectivity summary.
I need to maintain the gateway IP address on both sides for each extended VLAN. So for VLAN100 the gateway in DC is SVI-100 on the VSS pair with IP address 10.0.0.254 while in the DRC side it is an HSRP VIP address of 10.0.0.254. This is required to maintain the server network card configuration once it is moved from DC to DRC.
In order to avoid tromboning traffic destined across VLANs and prevent it from traversing the OTV link, what possible solutions are available? I have been reading OTV design and best practices documentation and I think FHRP isolation is irrelevant, or is it?

Although FHRP is not issue here, but you still need to block 'ARP for default gateway' and 'MAC address of default gateway' which is advertised by IS-IS.
you can refer this link for more details:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/DCI/whitepaper/DCI3_OTV_Intro.pdf

SRW2048 extended vlan support

We are looking to use some SRW2048 in replace of some 2960 switches. Do the SRW2048 support extended vlan ( 1-4094 )
Thanks,
Jason

Hi Jason,
The manual does state;
VLAN Management Tab - Create VLAN
The Create VLAN screen provides information and global parameters for configuring and working with VLANs.
VLAN ID (2-4094). Indicates the ID number of the VLAN being configured. Up to 256 VLANs can be created. This
field is used to add VLANs one at a time. To add the defined VLAN ID number, press the Add button.
VLAN Name.
Of course the default VLAN ( VLAN ID=1) is enabled by default on all ports.
Hope that helps
regards Dave

Extending VLAN across Data centers

I hope you can help, I have 2 data centers connected via a L3 10gb (dark fiber) now I have a few more fiber strands available between the 2 data centers; so for Disaster Recovery and server clustering (requiring same subnet) does it make sense to extend certain vlans across using these extra fiber strands or is it best practice to keep the layer 3 separation, thanks in advance!

Borman
It does make sense in terms of clustering. Not sure exactly what you mean in terms of disaster recovery, that really depends on your topology/addressing.
Basically i would route where you can and extend L2 when you have to. Be aware you are extending L2 between data centres and tha brings STP issues. Obvioulsy make sure you only allow the vlans you need on this link and route all else.
There are other ways to extend a L2 vlan across a L3 link - L2TPv3 springs to mind.
Jon

Extending VLANs across routed interfaces

Hello;
I'm trying to create a L3 core network. The core equipment will be Cisco 3750 enhanced. My idea is make each link between core 3750 a routed interface, with /30 IP addresses.
The problem is the customer needs some VLANs extended across the full enterprise. Is there any way to encapsulate the VLAN inside routed interface?
Thanks in advance.

I realize this thread is 5+ years old, but I feel like commenting anyway.
If you want to encapsulate the vlan across that link, you won't be able to use routed interfaces. You will need to use a layer 2 trunk(dot1q). Therefore, I wouldn't bother with the /30 addresses unless you want to monitor that specific link by IP. In that case, use a special VLAN just for those two interfaces and put your /30 addresses on the vlan interfaces.
If you want fast fail over on a layer 2 link, well then, use Rapid STP. The goal should be to get rid of those flat VLANs that span the core and switch to your original plan of routed interfaces using EIGRP or OSPF.

How to extend VLAN in 3rd and 4th 6513 switch with HSRP

Hi presently in One Data centre 02 Nos. of 6513 is configured in HSRP. Due to space constraint some servers need to be installed in other room and there 02 Nos of 6509 switches need to be configured in HSRP again.
One Data Vlan needs to be extended in expanded room. What should be the best practice for configuration in 6509 switches in HSRP. Please suggest.

Just as #1 and #2 are connected with (I would assume) trunking ports, similarly add connections to #3 and #4 Catalyst 6k. Define the layer 2 VLANs in the 6509 and assign access ports to those VLANs as required.
Personally I don't see much value to adding L3 interfaces (SVIs) for the VLANs (and adding them to the HSRP groups) on the 6509s. It depends in part on how your other connectivity into them is setup. If everything leaving the server VLAN goes to users, WAN, Internet etc. via the original pair of 6513s then keep the 6509s simple with only layer 2 VLANs.

1300 Bridge - Extending VLANs in Pt-to-Pt Mode

I need to set up 1300 series Wireless Bridges in a point-to-point mode, and I need to extend several VLANs from one building to the other.
On the 1231G/1242AG APs in AP mode, each SSID must be mapped to a unique VLAN ID. Is this also the case with the 1300 bridge?
Is there a good doc out there that explains how to config what I'm trying to do?

No its no the case, you can have several vlans going over one SSID.
Just create sub interfaces on the Dot1radio interface and Ethernet interface.
like this (this will pass the native vlan and vlan 2 and 3 ) -
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 spanning-disabled
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
hold-queue 80 in
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 spanning-disabled
interface FastEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
There is a guide here
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanbr

Extending vlan 301 through ASR 1006 (extending the broadcast domain)

Good evening everyone. My brain hurts trying to figure this out. I'm used to Layer 3 switches so this is different.
According to the documentation, this should be allowed using EVC and Bridge Domains. But there is one disclaimer in the documentation... if you've configured a channel-group on a physical ports, you can't have port-channels (or something like that).
I have configured multiple port-channels (for port redundancy), each port-channel having multiple sub-interfaces (for vlan creation on this beast). Each sub-interface has an ip address. Now it has come to my attention that there are two vlans that need to be extended from a remote office (via port-channel 3) to our Core (via port-channel 1). I want to be clear, I am trying to get this router to simply forward layer 2 traffic from port-channel 1 to port-channel 3. I tried the following:
example: vlans 300 and 301 need to be extended.
create additional sub-interfaces like this,...
int port-channel 1.300
encapsulation dot1q 300
int port-channel 1.301
encapsulation dot1q 301
int port-channel 3.300
encap dot1q 300
int port-channel 3.301
encap dot1q 3.301
But that didn't work. I tried evc and bdi but it's confusing as heck. Anyone got any ideas? Is this possible? Can you point me to a resource that can make it crystal clear for me?

Thank you Reza. I was worried about that.
So I have an opportunity to re-configure this entire beast because of this. If I need to make this work, is the ASR the wrong choice or am I just going about it wrong?
I've read that if I had two ASRs I could implement OTV. Does that make sense?
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/wan_otv/configuration/xe-3s/wan-otv-xe-3s-book/wan-otv-confg.html#GUID-DCB20ADF-1F8E-434B-AE97-54802879F34F

Extending VLANs over an unmanaged switch

We have a network which consists of primarily Cisco 3560X switches and Meraki MR34 wireless access points. We have a handful of VLANs setup. In one instance, a WAP was plugged into an unmanaged SD100D-08 switch. I would have expected this to "break" our wireless access. However, it appears everything is working as we'd want.
The switchport on the 3560X that the unmanaged switch is connected to is configured as a trunk port with the default VLAN of 1. No matter which SSID/VLAN we connect to on the Meraki Access Points, we get assigned a proper IP in the VLAN that we'd expect. If we connect a computer to the unmanaged switch, it gets an IP from VLAN 1, just as we would have wanted.
Why is this working? I thought the unmanaged switch would drop all packets with VLAN headers?

Thanks for the quick response Jon. I have continued with my testing and connected two 3560X switches together with the same unmanaged switch in between them. I configured the 3560X ports as trunk ports and am able to pass all VLANs between the two 3560X switches with the unmanaged switch in between.
As you stated, it looks like the unmanaged switch is capable of handling the VLAN tagged frames and passing them out all connected ports.
Obviously this configuration is not best practice, but I guess it is pretty cool it's working that way.
Jason

Cannot create extended range vlan

hello guys,
Could you help me to fix this issue;
Problem Description
I get this message when I tried to create an extended range vlan.
Switch: 2960
IOS:
12.2.53
spanning-tree extend system-id is configured
VTP mode transparent is configured as well.
These are configured, and work find
2801 TEST2 active
2807 TEST3          active
2857 TEST4         active
3326 test5       active
VTP Status:
#sh vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 68bd.ab2f.b100
Configuration last modified by 10.231.71.241 at 0-0-00 00:00:00
Feature VLAN:
VTP Operating Mode                : Transparent
Maximum VLANs supported locally   : 255
Number of existing VLANs          : 29
Configuration Revision            : 0
MD5 digest                        : 0xE5 0xED 0xE2 0xB2 0x96 0x21 0x2A 0x24
                                     0xBC 0xAD 0xF5 0x27 0x95 0xF6 0x93 0x0A
ERROS:
SW1(config)#vlan 2856
SW1(config-vlan)#name test1
SW1(config-vlan)#exit
% Failed to create VLANs 2856
VLAN(s) not available in Port Manager.
%Failed to commit extended VLAN(s) changes.
SW1(config)#
thank you for helping me.
Alioune

You need to enable VTP V3 on all the switches. If one of your switch is VTPV1 capable only, it will not able to inter-operate with VTP V3.
Please look at these guidelines for 2960.
http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swvtp.html#wp1316856
Cheers,
-amit singh

Feature IOS for c1800 : extended dot1q vlan support.

I need to use extended vlan on a c1801 to make a trunk.
I don't know why this feature did not exist for this plateform :(

Hi,
sorry, I'm french; what does mean "HTH" ?
there are only 3 IOS Feature Set for c1800 :
- IP BROADBAND.
- Advanced IP services.
- Advanced entreprise services.
I Use the last and there is the dot1q encapsulation. but only standards vlans. it is impossible to put a trunk with extended dot1q vlan.

FCoE VLAN with OTV or FCIP across WAN.

Hello All,
I am wondering how would we extend a FCoE VLAN/VSAN to remote DC.
Can we use the extended VLAN from OTV and use it for FCoE or FCIP to span the SAN using N5K?
I appreciate if someone let me know what are the options to extend the VSAN/SAN across WAN.
Best Regards
Mohammed Khair Khomakho
CCIE Routing and Switching #26682

Sorry just to elaborate on the above question. If I already have OTV on nexus 7k that is used to link between 2 remote sites, can we make use of this existing link to support FCoE? Traditionally we used FCIP on MDS, to link between remote sites to extend our VSAN traffics. So can we use FCoE to run between sites connected by OTV. Thanks.

How to span vlans across core layer in core/distribution/access campus design?

Hi,
I studied Cisco Borderless Campus Design Guide 1.0 (http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1-0/Borderless_Campus_1-0_Design_Guide.html) last week because we plan to redesign our campus backbone to a three tier Core/Distribution/Access Design.
Today we use a collapsed backbone where a lot of vlans are spanned across the backbone because they are needed in different buildings.
Could anybody give me a hint how Cisco recommends to deal with that kind of vlans in the multi-tier design?
In my eyes between core and distribution layer there is only routing functionality and no l2 transport of vlans.
So using the same vlan in different buildings seems not to be supported?
Best Regards,
Thorsten

Thorsten
Just to add to Joseph's post.
It is quite common for a vlan to be spanned when it doesn't actually need to be ie. the network has evolved that way.
Most things do not need L2 adjacency, they can happily use L3. Servers sometimes do but in the campus design your servers are usually located in one site so you don't need to extend vlans to other sites in your campus.
Not suggesting this is the case for you but it may be worth checking whether you really do. (apologies if you already have)
As Joseph mentioned you really want to avoid it if at all possible ie. ideally all connections to the core switches are L3 ie. no need for vlans at all in the core.
If you need to extend a few vlans then you can do this but still route for all other vlans ie. you would configure your distribution to core connections as trunks and then allow the vlans you need to extend plus one other vlan, unique per distribution pair, to route all other vlans. So per site your distribution switches route all vlans except the extended vlans and of they need to route to a vlan in another site they use that unique vlan.
But this is not ideal because you then need to extend certain vlans across the core and because you are using L2 connections STP could come into it although that does depend on your core switch selection eg. 4500/6500 VSS etc. would alleviate this.
There are ways to extend vlans across a L3 network but the solutions available are very much dependant on the kit you use and their capabilities so if you do need multiple vlans in multiple sites but still want to keep a L3 core you may want to investigate some of those before purchasing kit (unless of course you have already purchased it).
What you do really depends on just how many vlans you actually need to extend between sites.
Jon

Using more than 1000 VLAN Ids with VTP

How do I overcome the 1000 VLAN Id limitation with VTP ?

Hi,
you need VTP version 3 for that matter or set the switches to transparent. Unfortunately VTPv3 is only available in CatOS 8.1(1) or later. See also
Understanding How VTP Version 3 Works
VTP version 3 differs from earlier VTP versions in that it does not directly handle VLANs. VTP version 3 is a protocol that is only responsible for distributing a list of opaque databases over an administrative domain. When enabled, VTP version 3 provides the following enhancements to previous VTP versions:
•Support for extended VLANs.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008019f048.html#wp1017196
Hope this helps! Please rate all posts.
Regards, Martin

Extended Vlans matters on N5K

Similar Messages

Maybe you are looking for