Overview
I have been using GVRP in my networks for many years. It is a very effective way of distributing VLANs, and in particular, avoiding the need to correctly configure every single switch-to-switch link with the correct set of untagged and tagged VLAN mappings. In environments where there are multiple switches between endpoints, just adding a single VLAN and manually distributing it can be a significant effort, and prone to errors.
GVRP/MVRP propagates the VLAN IDs only - not the names. It is also a standard, unlike the proprietary VTP that has caused so much consternation in the past.
GVRP/MVRP
- GVRP has been deprecated in favour of the more recent MVRP.
- MVRP grew out of GVRP, and has more features and controllability.
- GVRP has been available in the ProCurve switches for many years
- ProCurve switches that support the 16.x firmware (now being rebadged as ArubaOS-Switch) also support MVRP.
- The Comware 7 switches have had MVRP for a few years now.
General Process
- For simplicity, configure a common VLAN across all switches to use as the untagged (native/PVID) VLAN.
You could leave this as VLAN 1, but a different VAN is probably a good idea - Enable GVRP/MVRP (globally)
[for MVRP you also need to enable each port that will send/receive MVRP traffic.] - Make any port-specific or VLAN specific customisation
VLAN Propagation Example
Switch 1
This is a 2915 at the end of an MSM wireless mesh link; GVRP packets are sent over this link to the upstream switch. Just by typing in "vlan 1234", it will show up across the network (where it has not been blocked).
bvtv09(vlan-1234)# sh vlans 1234
Status and Counters - VLAN Information - VLAN 1234
VLAN ID : 1234
Name : VLAN1234
Status : Port-based
Voice : No
Jumbo : No
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
1 Auto Block Up
In this case the uplink is on port 1. Note the mode is Auto.
On the same switch, you can see that VLAN 930 has port 10 specifically untagged, but port 1 has been automatically configured by GVRP to carry VLAN 930.
bvtv09(vlan-1234)# sh vlans 930
Status and Counters - VLAN Information - VLAN 930
VLAN ID : 930
Name : Show-Servers
Status : Port-based
Voice : No
Jumbo : No
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
1 Auto Block Up
10 Untagged Learn Down
Switch 4
This is 3 hops away from Switch 1 (the 2915 above). It is connected to its upstream switch on port 24, and has another downstream switch on port 23. Once GVRP was enabled on all the switches, not a single additional interaction was required to get a new VLAN connected through to the downstream Switch 5. (In this case, the full path was 2915 --> 5406 --> Comware 5130 --> 3810 --> 2910, with the 5130 running MVRP.)
3810M(config)# sh vlans 1234
Status and Counters - VLAN Information - VLAN 1234
VLAN ID : 1234
Name : GVRP_1234
Status : Dynamic
Voice :
Jumbo : No
Private VLAN :
Associated Primary VID : none
Associated Secondary VIDs : none
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
23 Auto Learn Up
24 Auto Learn Up
Extra Config Options
GVRP port options
bvcore01(eth-B22)# unknown-vlans
learn Accept join requests for new VLANs on this port and
propagate requests through all other forwarding ports
that are participating in GVRP.
block Only process GRVP packets that concern themselves with
known VLANs and ignore new VLANs.
disable Ignore all GVRP packets.
Unknown-vlans block is a useful port command to stop a switch learning new VLANs. This is sometimes used at the edge rather than the core or distribution switches. If the switch only knows about VLANs 1-10, it will never learn VLANs 11-4094. However, if you add a VLAN (eg 1234), it will automatically tag itself to the uplink port.
The output below is from Switch 2 (5406).
bvcore01(config)# sh gvrp
GVRP support
Maximum VLANs to support [256] : 256
Primary VLAN : DEFAULT_VLAN
GVRP Enabled [No] : Yes
Port Type | Unknown VLAN Join Leave Leaveall
------ ---------- + ------------ ----- ----- --------
D21 100/1000T | Disable 20 300 1000
D22 100/1000T | Learn 20 300 1000
D23 100/1000T | Block 20 300 1000
D24 100/1000T | Learn 20 300 1000
Trk3 Trunk | Learn 20 300 1000
Trk8 Trunk | Learn 20 300 1000
bvcore01(config)# sh run int d24,d23,d21
Running configuration:
interface D21
name "Cable modem LAN4"
broadcast-limit 10
unknown-vlans disable
no power-over-ethernet
untagged vlan 255
spanning-tree admin-edge-port
spanning-tree root-guard
exit
interface D23
name "behind desk"
unknown-vlans block
no power-over-ethernet
untagged vlan 254
no snmp-server enable traps link-change
spanning-tree root-guard
exit
interface D24
name "docking station"
dhcp-snooping trust
untagged vlan 145
no snmp-server enable traps link-change
spanning-tree root-guard
exit
Static-VLAN
One of the issues is thatoften comes up is how to add ports to a dynamic VLAN. To convert the dynamic VLAN to a static VLAN: static-vlan <id>
New Feature Device Profile
If you create a device profile that includes a non-existent VLAN (1234 in the example below), it will be created and the port placed in it when an aruba-ap is plugged in. If you also have GVRP/MVRP enabled, it will automatically be connected via the trunk port(s) and propagate elsewhere. This works on all Aruba IAPs and APs, and not on the POE-powered 7005 controller!
bvcore01(config)# sh device-profile config
Device Profile Configuration
Configuration for device-profile : default-ap-profile
untagged-vlan : 1
tagged-vlan : None
ingress-bandwidth : 100%
egress-bandwidth : 100%
cos : None
speed-duplex : auto
poe-max-power : 33W
poe-priority : critical
allow-jumbo-frames: Disabled
Configuration for device-profile : BV-Aruba-APs
untagged-vlan : 1234
tagged-vlan : None
ingress-bandwidth : 100%
egress-bandwidth : 100%
cos : None
speed-duplex : auto
poe-max-power : 33W
poe-priority : high
allow-jumbo-frames: Disabled
Device Profile Association
Device Type : aruba-ap
Profile Name : BV-Aruba-APs
Device Status : Enabled
bvcore01(config)# sh device-profile status
Device Profile Status
Port Device-type Applied device profile
-------- ----------- ----------------------
B10 aruba-ap BV-Aruba-APs
bvcore01# sh vlans 1234
Status and Counters - VLAN Information - VLAN 1234
VLAN ID : 1234
Name : VLAN1234
Status : Port-based
Voice :
Jumbo : No
Private VLAN :
Associated Primary VID : none
Associated Secondary VIDs : none
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
B10 DEV-PROF Learn Up
Overridden Port VLAN configuration
Port Mode
------ ------------
Note the new DEV-PROF mode (similar to Auto).
References
https://en.wikipedia.org/wiki/Multiple_Registration_Protocol#Multiple_VLAN_Registration_Protocol
http://www.hp.com/rnd/support/config_examples/gvrp_use.pdf Using GVRP (Dynamic VLANs)
http://community.hpe.com/t5/ProCurve-ProVision-Based/GVRP-Best-Pratice/td-p/4051663 GVRP - Best Practice?
http://community.hpe.com/t5/Switches-Hubs-Modems-Legacy/Allow-all-VLANs-on-trunk/td-p/5870765 Allow all VLANs on trunk