What is GVRP, Why and How to convert GVRP created dynamic VLANs to static

1. Introduction, what is GVRP (Generic VLAN Registration Protocol) 

GVRP enables the automatic VLAN configuration of switches in a network by allowing GVRP enabled switches to dynamically exchange VLAN configuration information with each other.  

GVRP is based on GARP, which defines how attributes, like VIDs, are registered and deregistered.  

2. Advantages of GVRP 

GVRP makes it easier to manage VLANs that span more than one switch. Without GVRP, Administrators must manually configure switches to ensure that the various parts of the VLANs can communicate with each other across the different switches. With GVRP this is done automatically. 

3. Limitation of GVRP 

Only GVRP can modify or delete dynamic GVRP VLANs. Dynamic GVRP VLANs exist only so long as the switch continues to receive GVRP PDUs (Protocol Data Unit) that contain the VID of that VLAN. If there are no more relevant GVRP PDUs arriving, or there are no active links in the VLAN, GVRP deletes it from the switch. 

A dynamic GVRP port in a static VLAN remains a member of the VLAN only if the switch continues to receive GVRP PDUs that contain the VID of that VLAN. If the relevant GVRP PDUs are no longer being received on the port, then GVRP removes the dynamic port from the VLAN, but does not delete the VLAN if it is a static VLAN, (i.e. not a VLAN created by GVRP) 

4. Why is it recommended to convert dynamic VLANs to static VLANs? 

When the switch stops receiving PDUs for longer than 600 milliseconds (default leave time) regardless of the reason, or switch was restarted, the mechanism mentioned above will kick in and remove the dynamically created VLAN as well as all port associations to the deleted VLAN. Those are not restored even when the switch starts receiving PDU again. Only a port that receives a PDU will be automatically tagged for the dynamic VLAN. Thus, it is recommended that dynamically created VLANs to be converted to static so the above scenario can be avoided. 

5. How to convert dynamically created VLANs to static VLANs 

   

• Always operate on the first device that has dynamically created VLANs (Switch2 in this case)

• Verify dynamically created VLANs by running command 

Switch-2#show vlan brief 

 

VLAN ID  Name            Type    State   Member ports 

                                         (u)-Untagged, (t)-Tagged 

======= ================ ======= ======= ==================================== 

1       default          STATIC  ACTIVE  port1.0.1(u) port1.0.2(t) port1.0.3(t) 

                                         port1.0.4(u) port1.0.5(u) port1.0.6(u) 

                                         port1.0.7(u) port1.0.8(u) port1.0.9(u) 

                                         port1.0.10(u) port1.0.11(u) 

                                         port1.0.12(u) port1.0.13(u) 

                                         port1.0.14(u) port1.0.15(u) 

                                         port1.0.16(u) port1.0.17(u) 

                                         port1.0.18(u) port1.0.19(u) 

                                         port1.0.20(u) port1.0.21(u) 

                                         port1.0.22(u) port1.0.23(u) 

                                         port1.0.24(u) port1.0.25(u) 

                                         port1.0.26(u) port1.0.27(u) 

                                         port1.0.28(u) 

10      VLAN0010        DYNAMIC ACTIVE  port1.0.2(t) port1.0.3(t) 

20      VLAN0020        DYNAMIC ACTIVE  port1.0.2(t) 

• Use command below to add dynamic VLANs to config 

Switch-2#conf t 

Enter configuration commands, one per line.  End with CNTL/Z. 

Switch-2(config)#vlan database 

Switch-2(config-vlan)#vlan 10,20 state enable 

Switch-2(config-vlan)#end 

• Verify dynamic VLANs has been converted 

Switch-2#sh vlan brief 

 

VLAN ID  Name            Type    State   Member ports 

                                         (u)-Untagged, (t)-Tagged 

======= ================ ======= ======= ==================================== 

1       default          STATIC  ACTIVE  port1.0.1(u) port1.0.2(t) port1.0.3(t) 

                                         port1.0.4(u) port1.0.5(u) port1.0.6(u) 

                                         port1.0.7(u) port1.0.8(u) port1.0.9(u) 

                                         port1.0.10(u) port1.0.11(u) 

                                         port1.0.12(u) port1.0.13(u) 

                                         port1.0.14(u) port1.0.15(u) 

                                         port1.0.16(u) port1.0.17(u) 

                                         port1.0.18(u) port1.0.19(u) 

                                         port1.0.20(u) port1.0.21(u) 

                                         port1.0.22(u) port1.0.23(u) 

                                         port1.0.24(u) port1.0.25(u) 

                                         port1.0.26(u) port1.0.27(u) 

                                         port1.0.28(u) 

10      VLAN0010         STATIC  ACTIVE  port1.0.2(t) 

20      VLAN0020         STATIC  ACTIVE  port1.0.2(t) 

• Move on to the next switch in line and repeat the steps above. 

• Once all dynamitic VLANs are converted, turn off GVRP with command 

Switch-2(config)#no gvrp enable 

6. GVRP and network security 

GVRP should be used with caution because it can expose your network to unauthorized access. If a network intruder were to connect to a switch port running GVRP and transmit a bogus GVRP PDU containing VIDs of restricted VLANs, GVRP would make the port a member of the VLANs, giving the intruder access to restricted areas of your network. 

  

7. Conclusion  

GVRP is a valuable tool for network management when used correctly. However, it is essential to convert the dynamically created VLANs to static once created to mitigate risk of network instability and security. 

For more information on How to configure GVRP, you can visit the following link: https://www.alliedtelesis.com/us/en/documents/gvrp-feature-overview-and-configuration-guide