Hey everyone how are you? I hope everything is fine. On this short article, I will share some troubleshooting tutorials we did when we encounter a VLAN SAID error in one of our switches. This can help you solve if you’re having the same issue.
[wp_ad_camp_3]
So I have this task to create new vlan in one of our multi-layer switch, upon implementing the script I encountered the following error.
SWITCH#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SWITCH(config)#vlan 505
SWITCH(config-vlan)#name WINDOWS_DHCP
SWITCH(config-vlan)#no shut
VLAN 505 is not shutdown.
SWITCH(config-vlan)#exit
% Applying VLAN changes may take few minutes. Please wait…
VLAN #116 and #505 have an identical SAID: 100505
APPLY VLAN changes failed.
As you can see, I encountered the error saying that the SAID was already taken. This should not because the VLAN SAID is uniquely generated by the IOS. It is being created something like 100 + vlan number. So in this case, the vlan said 100505 should be for VLAN 505 that I’m creating. I tried every possible way but still no go.
As we checked the config of VLAN 116, the error statement is correct that VLAN SAID 100505 was taken by VLAN 116.
It shouldn’t be like that because VLAN 116 should be using VLAN SAID 100116 as what we see on references in Cisco’s website. For additional reference, here’s what Cisco says.
The Security Association Identifier (SAID) values must be unique. SAID is a user-configurable, 4-byte VLAN identifier. The SAID identifies traffic that belongs to a particular VLAN. The SAID also determines to which VLAN each packet is switched. The SAID value is 100,000 plus the VLAN number. These are two examples:
The SAID for VLAN 8 is 100008.
The SAID for VLAN 4050 is 104050.
I opened a TAC case to Cisco to get their suggestions. As expected, it seems that this is a bug that cause the VLAN 116 took the VLAN SAID 100505. Cisco TAC advised to change the VLAN SAID of VLAN 116 to 100116 to fix the issue and then creating VLAN 505 will not be a problem.
As advised, here’s what I did.
I changed the VLAN SAID of VLAN 116 from 100505 to 100116.
SWITCH#conf t
SWITCH(config)#vlan 116
SWITCH(config-vlan)#SAID 100116
After the VLAN 116 SAID has been updated. I created the VLAN 505 which initially I was not able to create.
SWITCH#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SWITCH(config)#vlan 505
SWITCH(config-vlan)#name WINDOWS_DHCP
SWITCH(config-vlan)#no shut
VLAN 505 is not shutdown.
SWITCH(config-vlan)#exit
% Applying VLAN changes may take few minutes. Please wait…
SWITCH(config)#
This time, I didn’t encounter the error. Issue has been fixed and VLAN SAID for both vlans are properly created.
If you’re having same issue, try the solution mentioned above and I’m sure this will resolve your concern. Of course make sure you back up everything and will do it in maintenance hours. Hope this short article helps. Until next time.
[wp_ad_camp_1]
Thank you very much for the description of the above SAID issue & solution.
I am begging to study for CCNA and had no idea what SAID mean or dis.
Thank you.
Neophite.