Information About VLANs
VLANs can isolate devices that are physically connected to the same network, but are logically considered to be part of different LANs that do not need to be aware of one another.
We recommend using only following characters in a VLAN name:
- a-z or A-Z
- 0 - 9
- - (hyphen)
- _ (underscore)
Consider the following guidelines for VLANs:
- Keep user traffic off the management VLAN; keep the management VLAN separate from user data.
Note We recommend that you enable sticky Address Resolution Protocol (ARP) when you configure private VLANs. ARP entries learned on Layer 3 private VLAN interfaces that are sticky ARP entries. For security reasons, private VLAN port sticky ARP entries do not age out.
- IGMP only runs on the primary VLAN and uses the configuration of the primary VLAN for all secondary VLANs.
- Any IGMP join request in the secondary VLAN is treated as if it is received in the primary VLAN.
- Private VLANs support these Switched Port Analyzer (SPAN) features:
– You can configure a private VLAN port as a SPAN source port.
– You can use VLAN-based SPAN (VSPAN) on primary, isolated, and community VLANs or use SPAN on only one VLAN to separately monitor egress or ingress traffic.
- A private VLAN host or promiscuous port cannot be a SPAN destination port. If you configure a SPAN destination port as a private VLAN port, the port becomes inactive.
- A destination SPAN port cannot be an isolated port. (However, a source SPAN port can be an isolated port.) V
- SPAN could be configured to span both primary and secondary VLANs or, alternatively, to span either one if the user is interested only in ingress or egress traffic.
- A MAC address learned in a secondary VLAN is placed in the shared table of the primary VLAN. When the secondary VLAN is associated to the primary VLAN, their MAC address tables are merged into one, shared MAC table.
Initial Troubleshooting Checklist
Troubleshooting a VLAN problem involves gathering information about the configuration and connectivity of individual devices and the entire network. In the case of VLANs, begin your troubleshooting activity as follows:
Verify the physical connectivity for any problem ports or VLANs.
Verify that both end devices are in the same VLAN.
The following CLI commands are used to display VLAN information:
- show system internal private-vlan info
- show system internal private-vlan event-history errors
- show system internal private-vlan event-history traces
- show vlan id vlan-id
- show vlan private-vlan
- show vlan all-ports
- show vlan private-vlan type
- show vlan internal bd-info vlan-to-bd 1
- show vlan internal errors
- show vlan internal info
- show vlan internal event-history errors