Education – Australia / New Zealand

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
Aruba Employee

Using GVRP/MVRP to simplify your network

Overview

I have been using GVRP in my networks for many years. It is a very effective way of distributing VLANs, and in particular, avoiding the need to correctly configure every single switch-to-switch link with the correct set of untagged and tagged VLAN mappings. In environments where there are multiple switches between endpoints, just adding a single VLAN and manually distributing it can be a significant effort, and prone to errors.

 

GVRP/MVRP propagates the VLAN IDs only - not the names. It is also a standard, unlike the proprietary VTP that has caused so much consternation in the past.


GVRP/MVRP

  • GVRP has been deprecated in favour of the more recent MVRP.
  • MVRP grew out of GVRP, and has more features and controllability.
  • GVRP has been available in the ProCurve switches for many years
  • ProCurve switches that support the 16.x firmware (now being rebadged as ArubaOS-Switch) also support MVRP.
  • The Comware 7 switches have had MVRP for a few years now.


General Process

  1. For simplicity, configure a common VLAN across all switches to use as the untagged (native/PVID) VLAN.
    You could leave this as VLAN 1, but a different VAN is probably a good idea
  2. Enable GVRP/MVRP (globally)
    [for MVRP you also need to enable each port that will send/receive MVRP traffic.]
  3. Make any port-specific or VLAN specific customisation

VLAN Propagation Example

Switch 1

This is a 2915 at the end of an MSM wireless mesh link; GVRP packets are sent over this link to the upstream switch. Just by typing in "vlan 1234", it will show up across the network (where it has not been blocked).

 

bvtv09(vlan-1234)# sh vlans 1234

 Status and Counters - VLAN Information - VLAN 1234

  VLAN ID : 1234
  Name : VLAN1234
  Status : Port-based
  Voice : No
  Jumbo : No

  Port Information Mode     Unknown VLAN Status
  ---------------- -------- ------------ ----------
  1                Auto     Block        Up

In this case the uplink is on port 1. Note the mode is Auto.

 

On the same switch, you can see that VLAN 930 has port 10 specifically untagged, but port 1 has been automatically configured by GVRP to carry VLAN 930.

bvtv09(vlan-1234)# sh vlans 930

 Status and Counters - VLAN Information - VLAN 930

  VLAN ID : 930
  Name : Show-Servers
  Status : Port-based
  Voice : No
  Jumbo : No

  Port Information Mode     Unknown VLAN Status
  ---------------- -------- ------------ ----------
  1                Auto     Block        Up
  10               Untagged Learn        Down

Switch 4

This is 3 hops away from Switch 1 (the 2915 above). It is connected to its upstream switch on port 24, and has another downstream switch on port 23. Once GVRP was enabled on all the switches, not a single additional interaction was required to get a new VLAN connected through to the downstream Switch 5. (In this case, the full path was 2915 --> 5406 --> Comware 5130 --> 3810 --> 2910, with the 5130 running MVRP.)

3810M(config)# sh vlans 1234

 Status and Counters - VLAN Information - VLAN 1234

  VLAN ID : 1234
  Name : GVRP_1234
  Status : Dynamic
  Voice :
  Jumbo : No
  Private VLAN :
  Associated Primary VID : none
  Associated Secondary VIDs : none

  Port Information Mode     Unknown VLAN Status
  ---------------- -------- ------------ ----------
  23               Auto     Learn        Up
  24               Auto     Learn        Up

 

 

Extra Config Options
GVRP port options

bvcore01(eth-B22)# unknown-vlans
 learn                 Accept join requests for new VLANs on this port and
                       propagate requests through all other forwarding ports
                       that are participating in GVRP.
 block                 Only process GRVP packets that concern themselves with
                       known VLANs and ignore new VLANs.
 disable               Ignore all GVRP packets.

Unknown-vlans block is a useful port command to stop a switch learning new VLANs. This is sometimes used at the edge rather than the core or distribution switches. If the switch only knows about VLANs 1-10, it will never learn VLANs 11-4094. However, if you add a VLAN (eg 1234), it will automatically tag itself to the uplink port.

 

The output below is from Switch 2 (5406).

bvcore01(config)# sh gvrp

 GVRP support

  Maximum VLANs to support [256] : 256
  Primary VLAN : DEFAULT_VLAN
  GVRP Enabled [No] : Yes

  Port   Type       | Unknown VLAN Join  Leave Leaveall
  ------ ---------- + ------------ ----- ----- --------
  D21    100/1000T  | Disable      20    300   1000
  D22    100/1000T  | Learn        20    300   1000
  D23    100/1000T  | Block        20    300   1000
  D24    100/1000T  | Learn        20    300   1000
  Trk3   Trunk      | Learn        20    300   1000
  Trk8   Trunk      | Learn        20    300   1000

bvcore01(config)# sh run int d24,d23,d21

Running configuration:

interface D21
   name "Cable modem LAN4"
   broadcast-limit 10
   unknown-vlans disable
   no power-over-ethernet
   untagged vlan 255
   spanning-tree admin-edge-port
   spanning-tree root-guard
   exit
interface D23
   name "behind desk"
   unknown-vlans block
   no power-over-ethernet
   untagged vlan 254
   no snmp-server enable traps link-change
   spanning-tree root-guard
   exit
interface D24
   name "docking station"
   dhcp-snooping trust
   untagged vlan 145
   no snmp-server enable traps link-change
   spanning-tree root-guard
   exit

Static-VLAN

One of the issues is thatoften comes up is how to add ports to a dynamic VLAN. To convert the dynamic VLAN to a static VLAN: static-vlan <id>


New Feature Device Profile
If you create a device profile that includes a non-existent VLAN (1234 in the example below), it will be created and the port placed in it when an aruba-ap is plugged in. If you also have GVRP/MVRP enabled, it will automatically be connected via the trunk port(s) and propagate elsewhere. This works on all Aruba IAPs and APs, and not on the POE-powered 7005 controller!

 

bvcore01(config)# sh device-profile config

Device Profile Configuration

Configuration for device-profile : default-ap-profile
untagged-vlan : 1
tagged-vlan : None
ingress-bandwidth : 100%
egress-bandwidth : 100%
cos : None
speed-duplex : auto
poe-max-power : 33W
poe-priority : critical
allow-jumbo-frames: Disabled

Configuration for device-profile : BV-Aruba-APs
untagged-vlan : 1234
tagged-vlan : None
ingress-bandwidth : 100%
egress-bandwidth : 100%
cos : None
speed-duplex : auto
poe-max-power : 33W
poe-priority : high
allow-jumbo-frames: Disabled

Device Profile Association

Device Type : aruba-ap
Profile Name : BV-Aruba-APs
Device Status : Enabled

bvcore01(config)# sh device-profile status

Device Profile Status

Port Device-type Applied device profile
-------- ----------- ----------------------
B10 aruba-ap BV-Aruba-APs


bvcore01# sh vlans 1234

Status and Counters - VLAN Information - VLAN 1234

VLAN ID : 1234
Name : VLAN1234
Status : Port-based
Voice :
Jumbo : No
Private VLAN :
Associated Primary VID : none
Associated Secondary VIDs : none

Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
B10 DEV-PROF Learn Up

Overridden Port VLAN configuration

Port Mode
------ ------------

Note the new DEV-PROF mode (similar to Auto).


References
https://en.wikipedia.org/wiki/Multiple_Registration_Protocol#Multiple_VLAN_Registration_Protocol
http://www.hp.com/rnd/support/config_examples/gvrp_use.pdf Using GVRP (Dynamic VLANs)
http://community.hpe.com/t5/ProCurve-ProVision-Based/GVRP-Best-Pratice/td-p/4051663 GVRP - Best Practice?
http://community.hpe.com/t5/Switches-Hubs-Modems-Legacy/Allow-all-VLANs-on-trunk/td-p/5870765 Allow all VLANs on trunk

Richard Litchfield
Network Solution Architect, HPE Aruba
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: