VLANs

This chapter describes how to identify and resolve problems that might occur when implementing VLANs.

Information About VLANs

VLANs can isolate devices that are physically connected to the same network but are logically considered to be part of different LANs that do not need to be aware of one another.

We recommend using only following characters in a VLAN name:

  • a-z or A-Z
  • 0 to 9
  • - (hyphen)
  • _ (underscore)

Consider the following guidelines for VLANs:

  • Keep user traffic off the management VLAN; keep the management VLAN separate from user data.
note.gif

Noteblank.gif We recommend that you enable the sticky Address Resolution Protocol (ARP) when you configure private VLANs. ARP entries that are learned on Layer 3 private VLAN interfaces are sticky ARP entries. For security reasons, private VLAN port sticky ARP entries do not age out.


  • IGMP runs only on the primary VLAN and uses the configuration of the primary VLAN for all secondary VLANs.
  • Any IGMP join request in the secondary VLAN is treated as if it is received in the primary VLAN.
  • Private VLANs support these Switched Port Analyzer (SPAN) features:

blank.gif You can configure a private VLAN port as a SPAN source port.

blank.gif You can use VLAN-based SPAN (VSPAN) on primary, isolated, and community VLANs or use SPAN on only one VLAN to separately monitor egress or ingress traffic.

  • A private VLAN host or promiscuous port cannot be a SPAN destination port. If you configure a SPAN destination port as a private VLAN port, the port becomes inactive.
  • A destination SPAN port cannot be an isolated port. (However, a source SPAN port can be an isolated port.)
  • You can configure a SPAN to span both primary and secondary VLANs or, alternatively, to span either one if you are interested only in ingress or egress traffic.
  • A MAC address learned in a secondary VLAN is placed in the shared table of the primary VLAN. When the secondary VLAN is associated to the primary VLAN, their MAC address tables are merged into one, shared MAC table.

Initial Troubleshooting Checklist

Troubleshooting a VLAN problem involves gathering information about the configuration and connectivity of individual devices and the entire network. In the case of VLANs, begin your troubleshooting activity as follows:

Checklist
n1000v_trouble_12vlan-4.jpg

Verify the physical connectivity for any problem ports or VLANs.

 

Verify that both end devices are in the same VLAN.

 

The following CLI commands are used to display VLAN information:

  • show system internal private-vlan info
  • show system internal private-vlan event-history errors
  • show system internal private-vlan event-history traces
  • show vlan id vlan-id
  • show vlan private-vlan
  • show vlan all-ports
  • show vlan private-vlan type
  • show vlan internal bd-info vlan-to-bd 1
  • show vlan internal errors
  • show vlan internal info
  • show vlan internal event-history error s

Cannot Create a VLAN

 

Symptom
Possible Cause
Solution

You cannot create a VLAN.

The Cisco Nexus 1000V is using a reserved VLAN ID.

VLANs 3968 to 4047 and 4094 are reserved for internal use and cannot be changed.