cannot delete created vlan in packet tracer

p1xels

Hi
1)I am using packet tracer 6 and I created a vlan 20 in a 2950-24 switch found in PT device list apart form the native vlan 1.
Now when I went to config and gave the command "no vlan 20" ,it accepts the command but nothing seems to happen since when I run "sh ip int brief" it still shows there in "down down" state ! Also i cant make it "up up"?
Please tell me how to delete this vlan and also how to make it "up up"?
2)I read in book that by default the administrative mode of 2960 switches are in "dynamic auto" but when in Packet tracer i checked the 2950 switch also seemed to have the same administrative mode of "dynamic auto"!
Then what is so special about 2960 switches since this feature is also there in other switches!
Or is it a bug of Packet Tracer?

Jon_Cisco

Have you tried assigning the vlan to an interface or creating a virtual interface?


Switch(config)#interface Vlan20
Switch(config-if)#ip address xxx.xxx.xxx.xxx 255.255.255.0
Switch(config-if)#no shutdown

OfWolfAndMan

You have an SVI set. That isn't enabling the vlan. To remove it, put #no interface vlan [vlan number] or if you wanna use it for future use, just interface vlan then shutdown

p1xels

Hi Jon and Wolfman,
Thank You but the answers dont work in my case. Firstly Wolfman I am trying to put it up and not shut the Vlan down!
I said that I wanted to put the VLan up up along with the native vlan in the "up" state.
like Vlan 1 - up up
vlan 20 - up up
And Jon I did exctly that what you said here before i posted this question here .
These were my commands -
2950>en
>conf t
>int vlan 20
>ip address 10.0.0.1 255.255.255.248
> no shutdown
>end(or ^Z)
Then from enable mode I ran "show ip int brief" which showed both vlan 1 and vlan 20 in down state, but vlan showed "administratively down" ,whereas vlan 20 was just "down down"
And I want to make both vlan 1 (native) and vlan 20 "up up " .

BTW,I often get confused with these concepts-
Can individual ports in switches be assigned to different vlans? like say port fa0/1 to vlan 2, fa0/3 to vlan 4 and so on ..
How do i do that?
Also, is this the command for assigning a vlan say vlan 3 to an interface fa0/1-
int fa0/1 -> vlan 3

Is that possible?
Also, I tried running the command " delete flash:vlan.dat" but still I couldn't delete the vlan 20!!

2) Neither of you answered my 2nd question as to what is so special about Ad mode in 2960 being in "Dynamic Auto" which according to Packet Tracer is also there in other 2950 switch?

OfWolfAndMan

p1xels wrote: »

Hi Jon and Wolfman,
Thank You but the answers dont work in my case. Firstly Wolfman I am trying to put it up and not shut the Vlan down!
I said that I wanted to put the VLan up up along with the native vlan in the "up" state.
like Vlan 1 - up up
vlan 20 - up up
And Jon I did exctly that what you said here before i posted this question here .
These were my commands -
2950>en
>conf t
>int vlan 20
>ip address 10.0.0.1 255.255.255.248
> no shutdown
>end(or ^Z)
Then from enable mode I ran "show ip int brief" which showed both vlan 1 and vlan 20 in down state, but vlan showed "administratively down" ,whereas vlan 20 was just "down down"
And I want to make both vlan 1 (native) and vlan 20 "up up " .

Is that possible?

Also, I tried running the command " delete flash:vlan.dat" but still I couldn't delete the vlan 20!!
2) Neither of you answered my 2nd question as to what is so special about Ad mode in 2960 being in "Dynamic Auto" which according to Packet Tracer is also there in other 2950 switch?

To enable VLAN 20, you have to put #vlan 20. Regardless if you have an interface vlan configured, if you don't enable the vlan on the switch, it's not gonna work.

As for Dynamic Auto, all switch ports trunk by default. Dynamic desirable is the default. Because you don't want any random user having access to a trunk port, you need to set them as #switchport mode access. This option has nothing to do with administrative mode. It is interface specific.

eten

you also need to have at least 1 access port, or a trunk allowing that vlan for the svi to come up

p1xels

Dear Wolfandman,
Here I post the output of "show int switchport" command from Packet Tracer -
Switch#show interfaces switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none


No where I see in the output which shows the "Dynamic desirable is the default" in 2950 in Packet Tracer.
It seems you haven't understood my question properly. Because my point is not clear to you .
Let me again clarify, the 2950 is showing "Dynamic auto" and not "Dynamic desirable" in the output.
Here is the output from "show running-config" in Packet Tracer(I am using 2950 model switch) -
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.32.1 255.255.255.240
!
interface Vlan20
ip address 10.10.10.1 255.255.255.240
!
!

And here is the output from "show ip int brief" -

Vlan1 unassigned YES manual administratively down down

Vlan2 192.168.32.1 YES manual up down

Vlan20 10.10.10.1 YES manual up down

I tried in many ways to delete the vlans or put it up but I couldn't!
Please Help
Thanks & Regards

p1xels

Hi
I even went to config mode and tried these commands-
Switch(config)#int fa0/3
Switch(config-if)#switchport trunk allowed vlan add 20
but still the SVI vlan 20 was not up though the Vlan 1 was showing adm down!
Here again the output -

FastEthernet0/24 unassigned YES manual down down

Vlan1 unassigned YES manual administratively down down

Vlan2 192.168.32.1 YES manual up down

Vlan20 10.10.10.1 YES manual up down

It seems my concepts with vlans are not very clear!

To make my life a little easier can you please the commands step by step ?

OfWolfAndMan

Dynamic desirable is the default. For some reason on the packet tracer's 2950 IOS though, it shows as auto. There's a lot of features on the switches in packet tracer that are omitted, but this is a first I've seen that. Good observation. On a real life 2950 though, it will be desirable mode by default.

From what you have with it being up and down, I could tell you what it is, and what you've done. Just to clarify though, you can't have multiple interface VLANs on a L2 switch. You'll need to get rid of one.

Example 1:
#conf t
#interface vlan 2
#ip address 192.168.32.1 255.255.255.240
#no shut
#exit
#vlan 2
#exit
#interface f0/1
#switchport access vlan 2 (If you use this command, using the #vlan 2 command won't be needed)
#no shutdown
#switchport mode [access | trunk] (If you use the trunk command, on most switches, you'll need to enable the #switchport trunk encapsulation dot1q command first)

You are missing ONE thing. You don't have a port trunking to a neighboring switch. Once you connect a switch to one of the ports and they are trunking on both sides, your vlan line protocol will come up. The #switchport trunk allowed vlan command can be used, but if you set the native vlan to 2 by using the #switchport trunk native vlan 2 command on the trunk, you won't need it to allow 2 as all traffic from the native vlan is untagged when crossing the trunk. Here's a document on it:

Catalyst 2950 Desktop Switch Software Configuration Guide, 12.1(9)EA1 - Configuring VLANs [Cisco Catalyst 2950 Series Switches] - Cisco

OfWolfAndMan

Also, I tried running the command " delete flash:vlan.dat" but still I couldn't delete the vlan 20!!

You have to reload the switch for this to work. Simply type #reload. If you want to completely wipe the switch, delete vlan.dat and then type #write erase then reload.

Jon_Cisco

OfWolfAndMan gave you some great feedback.

For the record I did not ignore your entire question. I simply believe it's better to give a few ideas and work through the process. This allows everyone to learn from to posts on the forms. So you will notice my answers are always a little vague rather then just stating what I think might be wrong.

Great observations so far!

p1xels

I still have some questions -

#vlan 2
#exit
#interface f0/1
#switchport access vlan 2 (If you use this command, using the #vlan 2 command won't be needed)

Why do you say these that "switchport access vlan 2" won't be needed if we already use the #vlan2 command??And why do you use the #vlan 2 command when you have already created the vlan 2 by using these commands -
#conf t
#interface vlan 2
#ip address 192.168.32.1 255.255.255.240
#no shut

And strangely untill you issue the commands #vlan 2 , the SVI vlan 2 is not up!
Why should that be when I have already created the vlan with the interface vlan command? Can any of you please explain that?
I also dont understand that why will you use "switchport mode trunk" command at the end
of these commands -
#interface f0/1
#switchport access vlan 2 (If you use this command, using the #vlan 2 command won't be needed)
#no shutdown
#switchport mode [access | trunk]
if you already create port fa0/1 as an access-port for vlan 2??

Another thing I like to point out regarding your advice to reload after deleting vlan.dat I already tried that in the morning but nothing changed in the configuration ! When I ran the "show ip int brief" command all the vlans i created were up and showing! How is that possible then? Another bug of Packet tracer?

Lastly, why would you need the #switchport trunk native vlan 2 command on the trunk, when you can create the trunk by just using #switchport mode trunk command?

OfWolfAndMan

Switched Virtual Interfaces (SVIs) on a layer 2 switch are EXPLICITLY used for remote management. Using the #vlan [vlan number] command allows the passing of traffic of that particular vlan on a switch. If you really want to understand this more in a lab environment, you need to configure a router on a stick or an environment with L3 switching. For the sake of you only going for your CCNA, I will explain router on a stick. If you want to go into CCNP level, I can explain that too.

Let's say you want to design your own network. Vlan 2 is used for switch management, so on each L2 switch (And your L3 switches), you will configure VLAN 2 as your management vlan. You use the subnet 192.168.32.0/28. Now, let's say you want to have seperate vlans for your administrative department and one for your IT department. You choose vlan 3 as your administrative department vlan and vlan 4 as your IT dept vlan. Here is how a generic config would look for that:

#vlan 2
#name //MANAGEMENT\\
#vlan 3
#name //ADMINISTRATION\\
#vlan 4
#name //IT_DEPT\\
#interface range f0/1 - 12
#description //ADMINISTRATION_USER\\
#switchport mode access
#switchport access vlan 3
#switchport nonegotiate
#no shutdown
#interface range f0/13 - 23
#description //IT_DEPT_USER\\
#switchport mode access
#switchport access vlan 4
#switchport nonegotiate
#interface Vlan2
#ip address 192.168.32.1 255.255.255.240
#no shutdown

So then you hook up a few computers to ports on one configured as vlan 3 and a couple of ports on vlan 4. How will those users on vlan 4 communicate with the users on vlan 3? They won't, because they don't have a subnet configured for each and there is no gateway for them to reach the other vlan. To do this, you have to create a trunk on your last interface, f0/24, and on the other side, there either has to be: 1. A router with each vlan configured with a subnet, or 2. A L3 switch configured with SVIs specifying those particular VLANs. SVIs on a L3 switch can have multiple SVIs configured as a virtual gateway for each seperate vlan to communicate with each other. Again, since you're going for your CCNA, we will do a router on a stick.

1. Configure your trunk
#interface f0/24
#switchport trunk encapsulation dot1q
#switchport mode trunk
#switchport trunk allowed vlan 2-4
Also, you need to configure a default gateway on the connected router to allow connectivity. To make it simple, you should put it in the same subnet as vlan's 2 SVI. Let's assume the router's ip is 192.168.32.2 255.255.255.240.
#ip default-gateway 192.168.32.2

Next, you need to configure the router to switch traffic from one vlan to the other, to do this, you will first need to configure the interface the switch is connecting to (Usually F0/0 or F0/1) for the ip specified above.

R1(config)#interface f0/0
#ip address 192.168.32.2 255.255.255.240
#no shutdown

Next, you configure the router to provide a subnet for each vlan and specify the vlan.
#interface f0/0.3
#encapsulation dot1q 3
#ip address 192.168.33.1 255.255.255.0
#interface f0/0.4
#encapsulation dot1q 4
#ip address 192.168.34.1 255.255.255.0

Now that you've configured that, everything should communicate.

Why do you say these that "switchport access vlan 2" won't be needed if we already use the #vlan2 command??And why do you use the #vlan 2 command when you have already created the vlan 2 by using these commands -

If you put in the switchport access vlan [vlan number] command and the #vlan [vlan number] command hasn't been input for that particular vlan, it will automatically do it. Just the way cisco IOS is. In case you wanted a two second shortcut

Edit: Additional L3 switch tidbit. Here's what a L3 switch connected to your L2 switch would look like to operate correctly to allow intervlan communication:

L3Swx(config)#interface vlan 2
#ip address 192.168.32.2 255.255.255.240
#no shutdown
#interface vlan 3
#ip address 192.168.33.1 255.255.255.0
#no shutdown
#interface vlan 4
#ip address 192.168.34.1 255.255.255.0
#no shutdown
#ip routing (You can only use this command on a L3 capable switch)

The main purpose of vlans is for the crazies to stay on the crazy vlan and the cool people to stay on the cool vlan. In case you wanted each group to have different permissions to different things i.e. file server, remote access capabilities, etc.

Deathmage

Jon_Cisco wrote: »

OfWolfAndMan gave you some great feedback.

For the record I did not ignore your entire question. I simply believe it's better to give a few ideas and work through the process. This allows everyone to learn from to posts on the forms. So you will notice my answers are always a little vague rather then just stating what I think might be wrong.

Great observations so far!

Quite True, Joh. I learn something from this post since it let me see the question from multiple people answering it so I was following everyone's logic. Kind of helpful when you just read one authors logic in a book...

p1xels wrote: »

I still have some questions -

Why do you say these that "switchport access vlan 2" won't be needed if we already use the #vlan2 command??And why do you use the #vlan 2 command when you have already created the vlan 2 by using these commands -
#conf t
#interface vlan 2
#ip address 192.168.32.1 255.255.255.240
#no shut

And strangely untill you issue the commands #vlan 2 , the SVI vlan 2 is not up!
Why should that be when I have already created the vlan with the interface vlan command? Can any of you please explain that?
I also dont understand that why will you use "switchport mode trunk" command at the end
of these commands -
#interface f0/1
#switchport access vlan 2 (If you use this command, using the #vlan 2 command won't be needed)
#no shutdown
#switchport mode [access | trunk]
if you already create port fa0/1 as an access-port for vlan 2??

Another thing I like to point out regarding your advice to reload after deleting vlan.dat I already tried that in the morning but nothing changed in the configuration ! When I ran the "show ip int brief" command all the vlans i created were up and showing! How is that possible then? Another bug of Packet tracer?

Lastly, why would you need the #switchport trunk native vlan 2 command on the trunk, when you can create the trunk by just using #switchport mode trunk command?

One thing I'd like to add to all of this, don't take the packet tracer as the set standard of how to do the configs. I've noticed throughout this thread that the commands aren't working correctly for you in the packet tracer since I got a feeling the responses to your question are from the perspective of real hardware compared to a packet tracer hardware emulator. The commands for the vlans like the one in the above posts are needed on real cisco hardware. I personally use the packet tracer and real Cisco hardware in my home lab so I can completely understand the confusion.

If i may suggest get a good book called "CCNA in 60 days" on Amazon; it explains in finite detail why each of these commands are needed. As an example: #switchport trunk native vlan 2 is needed since by default on any piece of networking hardware be it Cisco, HP, Dell switches, vlan 1 is the default. So the #switchport trunk native vlan 2 command is needed to change the default from vlan 1 to vlan 2 as the native. See once things are set to native the switch doesn't need to be told what to do with certain functions on that vlan because that's how the Cisco IOS language is written. You only need to issue special commands on vlan when that vlan is not native and need special instruction on how to perform the tasks that are I guess taken for granted on the default vlan. Does this make sense?

Also to give you a different answer to this question in regards to switchport access vlan 2; basically with using this command on a vlan in this case vlan 2 your telling the vlan it's being us as a direct connection. See you would normally use this on a specific port like say fe0/20, so when you use "access" your telling this port that it can communicate on this vlan. On the contray if you use "switchport trunk vlan 2" on fe0/20 your telling this port that is going to used as a trunk port or uplink to another switch so you can extend the vlan 2 to the next switch. Does this make sense to you?

I think your just getting the switchport commands confused with the simple fact that they are used on a port on the switch and that both Trunk | Access dictate how that port interacts/behaves with the vlan assigned to it.

I'm not Cisco Certfied like you are so don't take this verbatim at all But I have been reading multiple books; I'm on my 6th book right now so I'm getting to the point now were I truly understand the material but see it explained from multiple people in my case multiple authors is what has helped me understand it well.

OfWolfAndMan

On the contray if you use "switchport trunk vlan 2" on fe0/20 your telling this port that is going to used as a trunk port or uplink to another switch

Actually it doesn't have to be connected to a switch. A user could get access from a trunk port, but it would be a massive security hole on a corporate network as they could sniff all trafficif they were to pose as a rogue switch.

In addition, switch trunk vlan 2 is not the legal command. switchport trunk native vlan 2 would be the appropriate command.

eten

OfWolfAndMan wrote: »

R1(config)#interface f0/0
#ip address 192.168.32.2 255.255.255.240
#no shutdown

Next, you configure the router to provide a subnet for each vlan and specify the vlan.
#interface f0/0.3
#encapsulation dot1q 3
#ip address 192.168.33.1 255.255.255.0
#interface f0/0.4
#encapsulation dot1q 4
#ip address 192.168.34.1 255.255.255.0

I've never seen this where you would apply an IP address on the physical interface when using sub-interfaces. TBH, I don't have working experience with router on a stick; only seen it in books and labs.

Should the switch set its native vlan to 2 in this setup? The switch will be tagging its vlan across the trunk, I don't know what will happen if it doesn't find the equivalent dot1q interface on the router.

Are there any benefits with this configuration versus creating a sub-interface for vlan 2?

OfWolfAndMan

I've never seen this where you would apply an IP address on the physical interface when using sub-interfaces. TBH, I don't have working experience with router on a stick; only seen it in books and labs.

You're right. It'd be #encapsulation dot1q 2 and the ip address on a subinterface. Disregard what I said before. I was kinda in a rush typing.

Should the switch set its native vlan to 2 in this setup? The switch will be tagging its vlan across the trunk, I don't know what will happen if it doesn't find the equivalent dot1q interface on the router.

The switch's native vlan does not have to be the switch's primary SVI for the switch. For security purposes in a corporate network, , you'd want to set it something not being used by the users or switches i.e. native vlan 403. The native vlan has nothing to do with the vlans on the switch. Because the native vlan is untagged when it crosses a trunk, it can communicate with all vlans (Which is a bad thing if you configure a user as the native vlan).

I HAVE seen switches trunked to each other that have different native vlans on each side before. Will things still operate properly? Yes, but with the exception of causing spanning tree loops and potentially allowing vlan hopping. This is not an NA topic so just stick to making sure the native vlan is identical on each side of the link.

Example:
https://kb.meraki.com/knowledge_base/best-practices-for-8021q-vlan-tagging

eten

Thanks for confirming. The native vlan question was directly related to using ip address on the physical interfaces, rather than creating sub-interfaces for vlan 2.

Apparently your original configuration does work according to google & Cisco forums. That's why I was interested in knowing what are the benefits of this design and if native vlan was needed in this scenario.

Deathmage

OfWolfAndMan wrote: »

Actually it doesn't have to be connected to a switch. A user could get access from a trunk port, but it would be a massive security hole on a corporate network as they could sniff all trafficif they were to pose as a rogue switch.

In addition, switch trunk vlan 2 is not the legal command. switchport trunk native vlan 2 would be the appropriate command.

thanks for the grammar corrections. I sometimes think something but when I type the opposite comes out, i also was kind of rush-typing..

... yup it would be possible on the trunk; didn't think of it; but I wouldnt think of it so that's good you pointed it out. I think it terms of security so I didn't mention it since to me most switches should be a secured black box with a key to secure the IDF/MDF's unless it's in a secure server room or closet (but its good to keep in the back on my mind)

ahhh well that's good to know with the sytex of the native vlan; which is what I meant but I obviously failed at spell-check lol! - been making a iSCSI redundant switch (sadly it's a pair of Dell PowerConnect switches) this afternoon for a HA ESXi cluster at work...

OfWolfAndMan

How's the command line with the Dell switches? Virtualization I'd my next interest outside of routing and switching. Hoping my next job provides me a little insight into it. I would start the certs, but busy studying for the CCNP and about to start up with WGU

Deathmage

OfWolfAndMan wrote: »

How's the command line with the Dell switches? Virtualization I'd my next interest outside of routing and switching. Hoping my next job provides me a little insight into it. I would start the certs, but busy studying for the CCNP and about to start up with WGU

I'm in the same boat. Going to start WGU soon. But I want to get my CCNA and VCP for work before I get stuck with expectations from WGU. Plus CCNA goes towards my degree.

I'd like to get at least mcsa. But I want to specialize in networking and VMware...and maybe a firewall like Sonicwall.

But surprisingly Dell CLi is very similar to Cisco... If you saw it you'd pick it right up...

p1xels

OfWolfAndMan wrote: »

You're right. It'd be #encapsulation dot1q 2 and the ip address on a subinterface. Disregard what I said before. I was kinda in a rush typing.



The switch's native vlan does not have to be the switch's primary SVI for the switch. For security purposes in a corporate network, , you'd want to set it something not being used by the users or switches i.e. native vlan 403. The native vlan has nothing to do with the vlans on the switch. Because the native vlan is untagged when it crosses a trunk, it can communicate with all vlans (Which is a bad thing if you configure a user as the native vlan).

I HAVE seen switches trunked to each other that have different native vlans on each side before. Will things still operate properly? Yes, but with the exception of causing spanning tree loops and potentially allowing vlan hopping. This is not an NA topic so just stick to making sure the native vlan is identical on each side of the link.

Example:
https://kb.meraki.com/knowledge_base/best-practices-for-8021q-vlan-tagging

Hi,
To add:I think OfWolfandman,in this case, you are somewhat wrong.

Native Vlan(usually Vlan 1) cannot be configured on a subinterface for Cisco IOS Software releases that are earlier than 12.1(3)T. Native VLAN IP addresses therefore need to be configured on the physical interface. Other VLAN traffic is configured on subinterfaces:-

As an example:-

Router(config)#int fa 0/0
Router(config-if)#encapsulation dot1q 1 native
Router(config-if)#ip add 192.168.1.1 255.255.255.0
Router(config-if)#int fa0/0.10
Router(config-subif)#enc dot1q 10
Router(config-subif)#ip add 192.168.10.1 255.255.255.0

But ,in your case Ofwolfandman, then it should be like these if you are to make vlan 2 as your native vlan
int fa 0/0
encapsulation dot1q 2 native
ip add 192.168.32.2 255.255.255.240
int fa0/0.3
enc dot1q 3
ip add 192.168.33.1 255.255.255.0
interface f0/0.4
encapsulation dot1q 4
ip address 192.168.34.1 255.255.255.0

Please correct me if i am wrong.

OfWolfAndMan

Just to clarify, the Native VLAN and the management vlan are NOT the same. I want you to Google "Native VLAN" and give me a brief description of what you found.

Again, the interface Vlan on a L2 switch is explicitly for remote management only