The importance of skinning cats

Once again the VLAN topic comes to the forefront but immediately I know this will apply to all aspects of the blueprint. The old adage goes something like “There are many ways to skin a cat”.

Lets take the example of creating a VLANs. How many ways can you do it? Well I know of three. I will give an example of each below to show my point.

First Method – VLAN Database

S1#vlan database
% Warning: It is recommended to configure VLAN from config mode,
 as VLAN database mode is being deprecated. Please consult user
 documentation for configuring VTP/VLAN in config mode.
S1(vlan)#vlan 100 name CCIE-vlan100
VLAN 100 added:
 Name: CCIE-vlan100

Note here that we have added a VLAN into the VLAN Database. Remember that you can only have VLANs that are in the standard range which consists of 1-1004. Note also that this method is being deprecated but at time of writing still relevant.

Second Method – Global Configuration

S1(config)#vlan 150
S1(config-vlan)#name CCIE-vlan150

This method is quite easy in comparison. This method is what has replaced directly interacting with vlan.dat via the VLAN database. This is the method that most students are taught when getting their CCNA studies under their belt.

Third Method – Interface creation

S1(config)#int fa0/10
S1(config-if)#switchport access vlan 200
% Access VLAN does not exist. Creating vlan 200

Note here that we have created a VLAN inadvertently by placing an interface into a VLAN which has not been defined. This creates the VLAN in the database. This only applies to standard range VLANs and does not work on all devices.

If you have read my previous article discussing the difference between standard and extended range VLANs you will have more clarity in regards to the following error.

S1(config-if)#switchport access vlan 3500
% Access VLAN does not exist. Creating vlan 3500
00:08:28: %PM-2-VLAN_ADD: Failed to add VLAN 3500 - VTP error.

This error will rear its head due to the fact that the switch cannot write an extended VLAN to the vlan.dat database. The VTP mode which allows extended VLANs to be utilized and written to the running config is transparent mode. VTPv3 does alleviate issues posed here but at this current time is outside the bounds and scope of the CCIE blueprint.

This entry was designed not as a guide to skinning our feline kitties. It’s purpose is to understand that a task may require a different way of execution. I know for a fact restrictions on the CCIE exam make some simple tasks a little trickier. It even takes trickier tasks to the extreme.

By understanding different methods such as those listed above you may avoid some obstacles. If a task stated

  • VLANs 500,1000,2000 must be created. VLAN information must be added to the running configuration concurrently.

You would have to weigh up what method and mode best suits the requirements of the question.

Fundamental understanding of technologies and their applications are important. Playing at the CLI also will reveal what the cause and effect of each word you type. The CCIE awaits me and I best get back to study.

Extended VLANs: Don’t get caught out.

Now VLANs may seem simple but you need to understand every facet when working towards the CCIE.

The VLAN database can only store 1-1005 VLAN within it due to it only seeing 10 bits within the VLAN ID field. This had come from the days of ISL trunking. Due to 802.1q using 12 bits in the VLAN ID field it can happily support up to 4096 combinations of VLANs.

The following terms will give scope to the previous paragraph.

Normal-range VLAN
A vlan which is made up using the first 10 bits of the VLAN ID header.

Extended-range VLAN
A vlan which utilizes the extra bits within the VLAN ID field as defined in 802.1q.

Now that a little background has been given. Lets see what Extended-range actually means and what you should be aware of. When configuring VLANS and VTP it is important to remember where they are stored and why. IOS can put this configuration in one of two possible places – either in the Flash Memory ( VLAN.DAT anyone?) or appends it to the running configuration.

The VLAN range and VTP mode directly affect and interact the way this occurs.

VLAN range type VTP server VTP transparent
Standard VLAN Database VLAN Database/Running Configuration *
Extended Not Configurable Running Configuration

*Ensure VTP domain names are in sync between VLAN.dat and start-up configuration as VLAN.dat takes precedence.

As you can see from the table above it is important to understand what you are configuring. Normal range VLANs in VTP Server mode write information as per usual to the vlan database. Within transparent mode it also writes to the running configuration.

On the other hand with extended VLAN range you cannot even write an extended vlan to the database – Check our the funky error below.

S1(config)#vlan 3000 S1(config-vlan)#exit % Failed to create VLANs 3000 Extended VLAN(s) not allowed in current VTP mode. %Failed to commit extended VLAN(s) changes.
S1(config)# 02:15:15: %SW_VLAN-4-VLAN_CREATE_FAIL: Failed to create VLANs 3000: extended VLAN(s) not allowed in current VTP mode


Only when I changed VTP mode to transparent and tried to execute the command again was I met with success.

S1(config)#vtp mode trans Setting device to VTP TRANSPARENT mode. S
1(config)#vlan 3000 
S1(config-vlan)#name ciscoinferno-3000

I went to clarify the vlan – first in the VLAN database.

S1#vlan database % Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.
S1(vlan)#sh current ? <1-1005> ID number of the VLAN shown


Well that didn’t work. As listed above – the maximum standard VLAN range is all that is allowed. Let me try the old-fashioned way.

SW1#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active 
21 VLAN0021 active 
1002 fddi-default act/unsup 
1003 token-ring-default act/unsup 
1004 fddinet-default act/unsup 
1005 trnet-default act/unsup 
3000 ciscoinferno-3000 active

Now to confirm that it has appended itself to the running config.

S1#sh run | beg vlan
vlan internal allocation policy ascending
vlan 21 
vlan 3000
 name ciscoinferno-3000

Look at that. It is in the configuration. Now if you were attempting something crazy like trying to revert back to VTP server mode you’re out of luck.

S1(config)#vtp mode server
Device mode cannot be VTP SERVER because extended VLAN(s) exist

Being met with this error? Stop being silly and understand the facts.
What I have gained?

I have learnt a lot from my little VLAN database dive. The importance of understanding why this something is designed that way in the first place. Generally due to addressing one problem or another. This leads to clarity when reading built-on technologies and discovering their origins.

The exercise that I wanted to share with you today is that it is worth diving into tasks and technologies. It is important to understand information such as the caveats discussed in this blog. It may just save you time when rolling out changes, troubleshooting L2 connectivity issues, or even designing a enterprise wide template.