GVRP—GARP VLAN Registration
Protocol—is an application of the Generic Attribute Registration Protocol—GARP.
GVRP is defined in the IEEE 802.1Q standard, and GARP is defined in the IEEE
802.1D-1998 standard.
When GVRP is enabled on a switch, the
VID for any static VLANs configured on the switch is advertised (using
BPDUs—Bridge Protocol Data Units) out all ports, regardless of whether a port
is up or assigned to any particular VLAN.
A GVRP-aware port on another device that receives the advertisements
over a link can dynamically join the advertised VLAN.
When you enable GVRP on a switch, you
have the per-port join-request options listed in this table:
Learn Enables
the port to become a member of any unknown VLAN for which it receives an
(default) advertisement.
Allows the port to advertise other VLANs that have at least one other
switch port as a vlan member.
Block Prevents
the port from joining any new dynamic VLANs for which it receives an
advertisement.
Allows the port
to advertise other VLANs that have at least one other port as a vlan member.
Disable Causes the port to ignore and drop all GVRP advertisements it
receives and also prevents the
port from sending
any GVRP advertisements.
Example:
(config)#
interface 1-2
unknown-vlans disable
#show
gvrp
...
GVRP Enabled [No] : Yes
...
Port Type
| Unknown VLAN Join Leave
Leaveall
---- --------- + ------------ ----- -----
--------
1
100/1000T | Disable 20 300
1000
2
100/1000T | Disable 20 300 1000
3
100/1000T | Learn 20 300
1000
4
100/1000T | Learn 20 300
1000
...
A dynamic VLAN continues to exist on
a port for as long as the port continues to receive advertisements of that VLAN
from another device connected to that port or until you:
1. Convert the VLAN to a static VLAN
2. Reconfigure the port to Block or
Disable
3. Disable GVRP
4. Reboot the switch
The time-to-live for dynamic VLANs is
10 seconds.
These steps outline the procedure for
setting up dynamic VLANs for a segment.
1. Determine the VLAN topology you
want for each segment (broadcast domain) on your network.
2. Determine the VLANs that must be
static and the VLANs that can be dynamically propagated.
3. Determine the device or devices on
which you must manually create static VLANs in order to propagate VLANs
throughout the segment.
4. Determine security boundaries and
how the individual ports in the segment will handle dynamic VLAN
advertisements.
5. Enable GVRP on all devices you
want to use with dynamic VLANs and configure the appropriate “Unknown VLAN”
parameter (Learn, Block, or Disable) for each port.
6. Configure the static VLANs on the
switch(es) where they are needed, along
with the per-VLAN parameters (Tagged, Untagged, Auto, and Forbid) on each port.
7. Dynamic VLANs will then appear
automatically, according to the configuration options you have chosen.
8. Convert dynamic VLANs to static
VLANs where you want dynamic VLANs to become permanent.
If a port on the switch has joined a
dynamic VLAN, you can use the following command to convert that dynamic VLAN to
a static VLAN:
(config)# static-vlan < dynamic-vlan-id >
For example, to convert dynamic VLAN
333 (from the previous example) to a static VLAN:
2920(config)# static-vlan 333
When you convert a dynamic VLAN to a
static VLAN, all ports on the switch are assigned to the VLAN in Auto mode.
No comments:
Post a Comment
Please add comments so I may update the material to accommodate platform modification to various commands. Also if you have some real-world caveats, do please share.