Followup: VLAN interface status

Thanks to my readers, I often learn something completely new about the intricacies of Cisco IOS. The “VLAN Interface Status post resulted in a comment about the SVI autostate concept, which is (not surprisingly) a somewhat muddy topic:

  • In most cases, the SVI interface tracks the state of access and trunk ports using the VLAN. The details are well explained in the Understanding SVI Autostate section of the Cisco IOS documentation.

The important part of the SVI autostate calculation is the “port is in STP forwarding state for the VLAN” requirement. If a VLAN is not carried in a trunk port (for example, due to switchport trunk allowed configuration command), the trunk port’s status does not influence the autostate.

  • In some IOS releases, you can exclude the individual physical ports from the autostate calculation with the switchport autostate exclude interface configuration command. Most commonly you’d want to exclude uplink ports on access switches.
  • In some unspecified IOS releases (including 12.4T), you can use the (currently undocumented according to Command Lookup Tool) no autostate VLAN interface configuration command, which disables the autostate algorithm and makes the SVI interface permanently active.

5 comments:

  1. Hi Ivan,

    You say "Most commonly you’d want to exclude uplink ports on access switches" - that's what I was tempted to do and lost connectivity on layer 3 (cdp etc is still running).

    Greets,

    Michael "MiKa" Kafka from Vienna

    ReplyDelete
    Replies
    1. Well, you wouldn't do that for the management VLAN ;)

      For customer VLANs it makes sense - if the switch is one of the HSRP peers, you wouldn't want it to be active if it has zero client connections in that VLAN.

      Delete
  2. Ivan,

    it's exactly the other way round: you never want to exclude an uplink from autostate - I learned it the hard way (see my other comment). You only want to exclude flapping access-ports from autostate calculation to prevent that a flapping access-ports tears down the SVI.

    Best regards,

    MiKa

    ReplyDelete
  3. Struggling with a SVI on a Nexus4k.

    SVI down/down, but vlan is active on port-channel to N5K.

    Is the up/down status only influenced by local ports having the vlan active or also by upstream switch (cdp etc.) ?

    ReplyDelete
  4. On a 6500 12.2(17d)SXB6 my SVI is up/down even though I have trunk ports that have that VLAN in STP forwarding state. I have no access ports in that VLAN but I would have thought that a trunk port in forwarding state for that vlan would allow the associated SVI to come active. Any ideas?
    Kind Regards,
    Peter

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.