DescriptionThis article describes the best practice for manually changing VLANs on managed switches.
SolutionManually
changing VLANs on managed switches should always be done
through the system Administration UI as opposed to directly on the switch itself.
For
devices under enforcement, the Current Vlan value is updated when the system changes the VLAN of that port. If the current VLAN is
changed manually via the CLI of the switch, there will be no knowledge of the change unless one of the following occurs:
- Update VLAN or READ VLANs
function is manually run
- The system's management processes are restarted
- VLANs are read during L2 poll under certain conditions (refer to related KB article below for details)
Because of this, inconsistent results can occur when it comes to
VLAN switching if changes are not done through the UI.
Example:- Administration UI Port View: Port 10 Current VLAN = 30 (Registration).
- From the switch CLI, port 10's VLAN is changed from 30 to 20.
- Result: Port View: Port 10 Current VLAN still displays 30 (Registration).
- Rogue host connects.
- Result: According to the system database, Port 10 already has VLAN 30 configured. Therefore, no attempt to change the port VLAN is made. The Rogue host remains in VLAN 20.
- From Model Configuration, READ VLANs is clicked under Network Access/VLANs.
- Result: Port View: Port 10 Current VLAN value updates to 20.
- Upon the next L2 poll or the host disconnects/reconnects, the system switches Port 10's VLAN to 30.
Workaround: If VLANs are changed via the switch CLI, force a re-read of the VLANs. 1. On the switch's Model Configuration, right-click and select Network Access/VLANs.
2. Click the READ VLANs button. The Port View will update accordingly.
Related Articles
Technical Note: Scenarios when VLAN information is updated during L2 Poll
