About GVRP

GVRP (GARP VLAN Registration Protocol) is an application of GARP (Generic Attribute Registration Protocol.) It enables a switch to dynamically create 802.1Q-compliant VLANs on links with other devices running GVRP and automatically create VLAN links between GVRP-aware devices. (A GVRP link can include intermediate devices that are not GVRP-aware.) This operation reduces the chance for errors in VLAN configurations by automatically providing VID (VLAN ID) consistency across the network. After the switch creates a dynamic VLAN, the CLI static <vlan-id> command can be used to convert it to a static VLAN. GVRP can also be used to dynamically enable port membership in static VLANs configured on a switch.

GVRP uses GVRP BPDUs (GVRP Bridge Protocol Data Units) to advertise static VLANs; this a GVRP BPDU is called an advertisement. On a switch, advertisements are sent outbound from ports to the devices directly connected to those ports.

GVRP operational rules

  • A dynamic VLAN must be converted to a static VLAN before it can have an IP address.

  • For the switches covered in this guide, GVRP can be enabled only if max-vlans is set to no more than 256 VLANs.

  • The total number of VLANs on the switch (static and dynamic combined) cannot exceed the current Maximum VLANs setting. For example, in the factory default state, the switch supports up to 256 VLANs. Any additional VLANs advertised to the switch will not be added unless you first increase the Maximum VLANs setting. In the Menu interface, click on 2. Switch Configuration …  | 8. VLAN Menu | 1. VLAN Support. In the global config level of the CLI, use max-vlans.

  • Converting a dynamic VLAN to a static VLAN and then executing the write memory command saves the VLAN in the startup-config file and makes it a permanent part of the switch's VLAN configuration.

  • Within the same broadcast domain, a dynamic VLAN can pass through a device that is notGVRP-aware. This is because a half-duplex repeater, a hub or a switch that is not GVRP-aware will flood the GVRP (multicast) advertisement packets out all ports.

  • GVRP assigns dynamic VLANs as tagged VLANs. To configure the VLAN as untagged, convert it to a static VLAN.

  • Rebooting a switch on which a dynamic VLAN exists deletes that VLAN. However, the dynamic VLAN reappears after the reboot if GVRP is enabled and the switch again receives advertisements for that VLAN through a port configured to add dynamic VLANs.

  • By receiving advertisements from other devices running GVRP, the switch learns of static VLANs on those other devices and dynamically (automatically) creates tagged VLANs on the links to the advertising devices. Similarly, the switch advertises its static VLANs to other GVRP-aware devices, as well as the dynamic VLANs the switch has learned.

  • A GVRP-enabled switch does not advertise any GVRP-learned VLANs out of the ports on which it originally learned of those VLANs.

  • While GVRP is enabled on the switch, you cannot apply any ACLs to VLANs configured on the same switch.

  • A VLAN enabled for jumbo traffic cannot be used to create a dynamic VLAN; a port belonging to a statically configured, jumbo-enabled VLAN cannot join a dynamic VLAN.

Example of GVRP operation

In the following example, Tagged VLAN ports on switch A and switch C advertise VLANs 22 and 33 to ports on other GVRP-enabled switches that can dynamically join the VLANs.

GVRP operation

Options for a GVRP-aware port receiving advertisements

  • If there is not already a static VLAN with the advertised VID on the receiving port, such a port can dynamically create the VLAN and become a member.

  • If the switch already has a static VLAN assignment with the same VID as in the advertisement and the port is configured to Auto for that VLAN, then the port will dynamically join the VLAN and begin moving that VLAN's traffic. For more detail on Auto, see Per-port options for dynamic VLAN advertising and joining.

  • Ignore the advertisement for that VID.

  • Not participate in that VLAN.

Options for a port belonging to a Tagged or Untagged static VLAN

  • Send VLAN advertisements

  • Receive advertisements for VLANs on other ports and dynamically join those VLANs.

  • Send VLAN advertisements but ignore advertisements received from other ports.

  • Avoid GVRP participation by not sending advertisements and dropping any advertisements received from other devices.

IP addressing

A dynamic VLAN does not have an IP address and moves traffic on the basis of port membership in VLANs. However, after GVRP creates a dynamic VLAN, you can convert it to a static VLAN. Note that it is then necessary to assign ports to the VLAN in the same way that you would for a static VLAN created manually. In the static state you can configure IP addressing on the VLAN and access it in the same way that you would any other static VLAN.

Per-port options for handling GVRP "unknown VLANs"

An "unknown VLAN" is a VLAN that the switch learns of by receiving an advertisement for that VLAN on a port that is not already a member of that VLAN. If the port is configured to learn unknown VLANs, then the VLAN is dynamically created and the port becomes a tagged member of the VLAN.

GVRP unknown VLAN settings

Suppose that in GVRP operation, port 1 on switch A is connected to port 5 on switch C. Because switch A has VLAN 22 statically configured, while switch C does not have this VLAN statically configured (and does not "Forbid" VLAN 22 on port 5), VLAN 22 is handled as an "Unknown VLAN" on port 5 in switch C. Conversely, if VLAN 22 was statically configured on switch C, but port 5 was not a member, port 5 would become a member when advertisements for VLAN 22 were received from switch A.

The CLI show gvrp command and the menu interface VLAN Support screen show a switch's current GVRP configuration, including the Unknown VLAN settings.

Per-port options for dynamic VLAN advertising and joining

Initiating advertisements

As described in the preceding section, to enable dynamic joins, GVRP must be enabled and a port must be configured to Learn (the default). However, to send advertisements in your network, one or more static (Tagged, Untagged, or Auto) VLANs must be configured on one or more switches (with GVRP enabled), depending on your topology.

Enabling a port for dynamic joins

You can configure a port to dynamically join a static VLAN. The join will occur if that port subsequently receives an advertisement for the static VLAN. This is done by using the Auto and Learn options described in Controlling VLAN behavior on ports with static VLANs.

Parameters for controlling VLAN propagation behavior

You can configure an individual port to actively or passively participate in dynamic VLAN propagation or to ignore dynamic VLAN (GVRP) operation. These options are controlled by the GVRP "Unknown VLAN" and the static VLAN configuration parameters, as described in Controlling VLAN behavior on ports with static VLANs.

Controlling VLAN behavior on ports with static VLANs

Per-Port "Unknown VLAN" (GVRP) configuration Static VLAN Options—Per VLAN Specified on Each Port[a]
Port Activity: Tagged or Untagged (Per VLAN)[b] Port Activity: Auto[b] (Per VLAN) Port Activity: Forbid (Per VLAN)[b]
Learn (the Default) The port:
  • Belongs to specified VLAN.

  • Advertises specified VLAN.

  • Can become a member of dynamic VLANs for which it receives advertisements.

  • Advertises dynamic VLANs that have at least one other port (on the same switch) as a member.

The port:
  • Will become a member of specified VLAN if it receives advertisements for specified VLAN from another device.

  • Will advertise specified VLAN.

  • Can become a member of other, dynamic VLANs for which it receives advertisements.

  • Will advertise a dynamic VLAN that has at least one other port (on the same switch) as a member.

The port:
  • Will not become a member of the specified VLAN.

  • Will not advertise specified VLAN.

  • Can become a member of other dynamic VLANs for which it receives advertisements.

  • Will advertise a dynamic VLAN that has at least one other port on the same switch as a member.

Block The port:
  • Belongs to the specified VLAN.

  • Advertises this VLAN.

  • Will not become a member of new dynamic VLANs for which it receives advertisements.

  • Will advertise dynamic VLANs that have at least one other port as a member.

The port:
  • Will become a member of specified VLAN if it receives advertisements for this VLAN.

  • Will advertise this VLAN.

  • Will not become a member of new dynamic VLANs for which it receives advertisements.

  • Will advertise dynamic VLANs that have at least one other port (on the same switch) as a member.

The port:
  • Will not become a member of this VLAN.

  • Will ignore GVRP PDUs.

  • Will not join any dynamic VLANs.

  • Will not advertise VLANs.

Disable The port:
  • Is a member of the specified VLAN.

  • Will ignore GVRP PDUs.

  • Will not join any advertised VLANs.

  • Will not advertise VLANs.

The port:
  • Will not become a member of the specified VLAN.

  • Will ignore GVRP PDUs.

  • Will not join any dynamic VLANs.

  • Will not advertise VLANs.

The port:
  • Will not become a member of this VLAN.

  • Will ignore GVRP PDUs.

  • Will not join any dynamic VLANs.

  • Will not advertise VLANs.

[a] Each port of the switch must be a Tagged or Untagged member of at least one VLAN. Thus, any port configured for GVRP to Learn or Block will generate and forward advertisements for static VLAN(s) configured on the switch and also for dynamic VLANs the switch learns on other ports.

[b] To configure tagging, Auto, or Forbid, see Configuring or changing static VLAN per-port settings (CLI) (for the CLI) or Adding or changing a VLAN port assignment (Menu) (for the menu).

As the preceding table indicates, when you enable GVRP, a port that has a Tagged or Untagged static VLAN has the option for both generating advertisements and dynamically joining other VLANs.


[NOTE: ]

NOTE: In Controlling VLAN behavior on ports with static VLANs, the Unknown VLAN parameters are configured on a per-port basis using the CLI. The Tagged, Untagged, Auto and Forbid options are configured per static VLAN on every port, using either the menu interface or the CLI.

Because dynamic VLANs operate as Tagged VLANs and because a tagged port on one device cannot communicate with an untagged port on another device, HP recommends that you use Tagged VLANs for the static VLANs you will use to generate advertisements.


GVRP and VLAN access control

Advertisements and dynamic joins

When you enable GVRP on a switch, the default GVRP parameter settings allow all of the switch's ports to transmit and receive dynamic VLAN advertisements (GVRP advertisements) and to dynamically join VLANs.

Enabling GVRP:

  • Allows a port to both advertise and join dynamic VLANs (Learn mode—the default).

  • Allows a port to send VLAN advertisements, but not receive them from other devices; that is, the port cannot dynamically join a VLAN but other devices can dynamically join the VLANs it advertises (Block mode).

  • Prevents a port from participating in GVRP operation (Disable mode).

Port-Leave from a dynamic VLAN

A dynamic VLAN continues to exist on a port for as long as the port receives its advertisements from another device connected to that port, or until:

  • Converting the VLAN to a static VLAN

  • Reconfiguring the port to Block or Disable

  • Disabling GVRP

  • Rebooting the switch.

The time-to-live for dynamic VLANs is 10 seconds, if a port has not received an advertisement for an existing dynamic VLAN during that time, the port removes itself from that dynamic VLAN.