Now VLANs may seem simple but you need to understand every facet when working towards the CCIE.

The VLAN database can only store 1-1005 VLAN within it due to it only seeing 10 bits within the VLAN ID field. This had come from the days of ISL trunking. Due to 802.1q using 12 bits in the VLAN ID field it can happily support up to 4096 combinations of VLANs.

The following terms will give scope to the previous paragraph.

Normal-range VLAN
A vlan which is made up using the first 10 bits of the VLAN ID header.

Extended-range VLAN
A vlan which utilizes the extra bits within the VLAN ID field as defined in 802.1q.

Now that a little background has been given. Lets see what Extended-range actually means and what you should be aware of. When configuring VLANS and VTP it is important to remember where they are stored and why. IOS can put this configuration in one of two possible places – either in the Flash Memory ( VLAN.DAT anyone?) or appends it to the running configuration.

The VLAN range and VTP mode directly affect and interact the way this occurs.

VLAN range type VTP server VTP transparent
Standard VLAN Database VLAN Database/Running Configuration *
Extended Not Configurable Running Configuration

*Ensure VTP domain names are in sync between VLAN.dat and start-up configuration as VLAN.dat takes precedence.

As you can see from the table above it is important to understand what you are configuring. Normal range VLANs in VTP Server mode write information as per usual to the vlan database. Within transparent mode it also writes to the running configuration.

On the other hand with extended VLAN range you cannot even write an extended vlan to the database – Check our the funky error below.

S1(config)#vlan 3000 S1(config-vlan)#exit % Failed to create VLANs 3000 Extended VLAN(s) not allowed in current VTP mode. %Failed to commit extended VLAN(s) changes.
S1(config)# 02:15:15: %SW_VLAN-4-VLAN_CREATE_FAIL: Failed to create VLANs 3000: extended VLAN(s) not allowed in current VTP mode


Only when I changed VTP mode to transparent and tried to execute the command again was I met with success.

S1(config)#vtp mode trans Setting device to VTP TRANSPARENT mode. S
1(config)#vlan 3000 
S1(config-vlan)#name ciscoinferno-3000

I went to clarify the vlan – first in the VLAN database.

S1#vlan database % Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.
S1(vlan)#sh current ? <1-1005> ID number of the VLAN shown


Well that didn’t work. As listed above – the maximum standard VLAN range is all that is allowed. Let me try the old-fashioned way.

SW1#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active 
21 VLAN0021 active 
1002 fddi-default act/unsup 
1003 token-ring-default act/unsup 
1004 fddinet-default act/unsup 
1005 trnet-default act/unsup 
3000 ciscoinferno-3000 active

Now to confirm that it has appended itself to the running config.

S1#sh run | beg vlan
vlan internal allocation policy ascending
vlan 21 
vlan 3000
 name ciscoinferno-3000

Look at that. It is in the configuration. Now if you were attempting something crazy like trying to revert back to VTP server mode you’re out of luck.

S1(config)#vtp mode server
Device mode cannot be VTP SERVER because extended VLAN(s) exist

Being met with this error? Stop being silly and understand the facts.
What I have gained?

I have learnt a lot from my little VLAN database dive. The importance of understanding why this something is designed that way in the first place. Generally due to addressing one problem or another. This leads to clarity when reading built-on technologies and discovering their origins.

The exercise that I wanted to share with you today is that it is worth diving into tasks and technologies. It is important to understand information such as the caveats discussed in this blog. It may just save you time when rolling out changes, troubleshooting L2 connectivity issues, or even designing a enterprise wide template.

6 thoughts on “Extended VLANs: Don’t get caught out.

    1. Thanks – I admittedly did have my blinkers on regarding blueprint topics. I wonder if many places are giving VTPv3 a go? I “Once burnt, twice shy” comes to mind with VTP. I appreciate their improvements with protection of the VTP/VLAN DB. That is always a bonus.

  1. Hi, Thanks for the post. Just wanted you to know that this is only the case when trying to use extended VLANs when you do not use VTP version 3. VTP is supported with extended VLANs.

    “Extended-range VLANs are supported only in VTP version 3. If converting from VTP version 3 to VTP version 2, VLANs in the range 1006 to 4094 are removed from VTP control.”

    Kind Regards

  2. Out of luck?! That error message may save somebody’s life! Imagine if switch (or high end router for that matter) just carelessly obeyed and purged all the existing extended vlans and relative port assignments in ISP environment. You can imagine, what will happen to that person’s ass 😀

Leave a Reply

Your email address will not be published. Required fields are marked *