Configuration of several interfaces vlan on a layer 3 switch

I am trying to incorporate a layer 3 switch in a network. (see figure 1 below). My problem is that in the configuration below, the layer 3 switch seems to offer no additional benefit on a layer 2 switch, because it does not pass packets from Layer 3, instead, it will take an additional router configuration.

If I set up 2 interfaces like no switchports (diagram2) and create virtual interfaces on the switch of level 3, that is to say 0.1/g0, g0/0.2, 0.3/g0, g0/1.1,g0/1.2, g0/1.3, configure dot1q encapsulation and add ip addresses and subnets on each interface, so I understand that I can use the switch of level 3 as a router.

However this introduces a new problem now, VLAN 1 is on both interfaces, so devices in VLAN 1 on each interface will have point to the default gateway on this specific interface and features of VLAN 1 on G0/0.1 interface must be configured with a different subnet than those on G0/1.1 interface.

It does not seem logical, am I missing something?

Figure 1

Paul

On a L3 switch you do not configure subinterfaces (usually).

You create what's called Lass (Switched Virtual Interfaces) instead of this, and what are your L3 interfaces.

If your L3 switch ports are ports of L2 or other trunks or assigned to a VLAN specific.

For each VLAN you want to route you create then a SVI IE. -

int vlan
IP x.x.x.x
No tap

and the default gateway for clients in this vlan is the IP assigned to the SVI.

Any other configuration of L3 interface, you add to the SVI.

The only time wherever you actually use the ports of L3 is when you connect to a router for example.

Jon

Tags: Cisco Network

Similar Questions

  • SG300-20 - configure DHCP on the interface VLAN

    I have read the different partners of the discussions on the SG300 and SG500 going on regarding the high setting of VLAN and DHCP on VIRTUAL networks.  For some reason, I could not get even this simple task to work.

    First thing I did was update my version firmware and boot as follows:

    SW version 1.3.7.18 (date of 12 January 2014 time 18:02:59)

    Start the 1.3.5.06 version (dated 21 July 2013 times 15:12:10)

    HW version V02

    When I rebooted the SG300 after the SW/Boot updates the boot configuration has been crushed and I had to configure my switch from scratch.  The intention is to have two VIRTUAL networks:

    VLAN 1: all the devices, servers, etc.

    VLAN 2: subnet basis which distributes DHCP addresses

    The SG300-20 is connected to a router Asus RT-AC66U on the 192.168.1.x subnet and provides access to the internal network and WiFi access (IP address of the router is 192.168.1.1 and the default gateway).  Everything works without any problem.  So my task is simply to create 2 VLANS on 192.168.2.x subnet and use DHCP to assign addresses.  I spent many hours on it and I still can't get it to work.  When I connect a laptop to the port (GI8) assigned to 2 VLANS, I end up finding a few wobbly 169.254.x.x address.  I definitely thought something would not 'easy' that hard to set up, but apparently I was wrong.

    The SG300 is running in mode L3 as shown in my running-config below.

    Someone gets to see something which could prevent my client from the laptop to receive the interface VLAN 2 DHCP IP addresses that are not on the 192.168.2.x subnet?

    Any ideas / suggestions would be greatly appreciated!

    Here's my running-config:

    config-file-header
    MYSTICSW1
    v1.3.7.18 / R750_NIK_1_35_647_358
    CLI v1.0
    router adjustment system mode

    SSD of encrypted file indicator
    @
    SSD-control-start
    config of SSD
    control of password file unrestricted SSD
    no control of the integrity of the file ssd
    SSD-control-end cb0a3fdb1f3a1af4e4430033719968c0
    !
    database of VLAN
    VLAN 2
    output
    Add a voice vlan Yes-table 0001e3 Siemens_AG_phone___
    Add a voice vlan Yes-table 00036 b Cisco_phone___
    Add a voice vlan Yes-table 00096e Avaya___
    Add a voice vlan Yes-table 000fe2 H3C_Aolynk___
    Add a voice vlan Yes-table 0060 b 9 Philips_and_NEC_AG_phone
    Add a voice vlan Yes-table 00d01e Pingtel_phone___
    VLAN voice Yes-table add Polycom/Veritel_phone___ 00e075
    Add a voice vlan Yes-table 00e0bb 3Com_phone___
    Hello interface range vlan 1
    hostname MYSTICSW1
    host 192.168.1.15 record
    logging source hostname id
    username privilege 15 b4a0fcf20b2cd9d80a55b06ab8f83277f9733904 encrypted password cisco
    location of the SNMP-Server Office
    clock timezone ""-5
    DST Web recurring U.S. clock.
    clock source sntp
    unicast SNTP client enable
    unicast SNTP client survey
    survey of 192.168.1.10 SNTP server
    !
    interface vlan 1
    IP 192.168.1.254 255.255.255.0
    no ip address dhcp
    !
    interface vlan 2
    name MysticWAN
    192.168.2.254 IP address 255.255.255.0
    !
    interface gigabitethernet8
    switchport mode access
    switchport access vlan 2
    !
    output
    Default IP gateway 192.168.1.1

    Thanks in advance!

    Clint Lambert

    Clint, please see this post

    https://supportforums.Cisco.com/message/4178990#4178990

    -Tom
    Please mark replied messages useful
    http://blogs.Cisco.com/smallbusiness/

  • configuration of VLAN and routing problem 6224 switch

    I, m having a problem accessing internet to vlan 10. I can ping everything of all the VLANS. My internet router/firewall is on ethernet 1/g11 and has an ip address of 192.168.5.254. I have no problem accessing internet to vlan 20. I add a static route to my router/firewall. What Miss me? This is my first configure a layer 3 switch.

    Configure
    database of VLAN
    VLAN 10.20
    output
    battery
    1 1 member
    output
    IP 10.10.10.1 255.255.255.0
    default IP gateway - 10.10.10.254
    IP routing
    IP route 0.0.0.0 0.0.0.0 192.168.5.254
    interface vlan 10
    Routing
    IP 192.168.100.1 address 255.255.255.0
    output
    interface vlan 20
    Routing

    192.168.5.1 IP address 255.255.255.0
    output

    !
    interface ethernet 1/g1
    switchport mode general
    pvid switchport General 10
    No switchport acceptable-framework-type general tag only
    VLAN allowed switchport General add 10
    output
    !
    interface ethernet 1/g2
    switchport mode general
    pvid switchport General 10
    No switchport acceptable-framework-type general tag only
    VLAN allowed switchport General add 10
    output
    !
    interface ethernet 1/g11
    switchport mode general
    switchport General pvid 20

    No switchport acceptable-framework-type general tag only
    VLAN allowed switchport General add 20
    output
    !
    interface ethernet 1/g12
    switchport mode general
    switchport General pvid 20
    No switchport acceptable-framework-type general tag only
    VLAN allowed switchport General add 20
    output
    !
    interface ethernet 1/g13
    switchport mode general
    switchport General pvid 20
    No switchport acceptable-framework-type general tag only
    VLAN allowed switchport General add 20
    output
    output

    Route ip console #show

    The traffic code: R - RIP derived, O - OSPF derived, C - connected, S - static
    B - BGP derived, IA - OSPF Inter zone
    E1 - OSPF external Type 1, E2 - OSPF external Type 2
    N1 - OSPF NSSA external Type 1, N2 - OSPF NSSA external Type 2

    S 0.0.0.0/0 [1/0] via 192.168.5.254, vlan 20
    C 192.168.5.0/24 [0/0], directly connected, vlan 20
    192.168.100.0/24 C [0/0], directly connected, vlan 10

    Console #.


  • X interface VLAN 4451

    I try to configure interfaces VLAN on a 4451 X and problem. I can configure subinterfaces, but I want to set up a real interface VLAN like this:

    B12_3925 (config) #int vlan 11
    * Jan 11 21:17:20: % LINEPROTO-5-UPDOWN: Line protocol on the Interface Vlan11, change of State down
    B12_3925(Config-if) #IP add 192.168.100.1 255.255.255.0

    Am I missing something? This should be very simple.

    Thank you

    Hello

    4451-X is a router, so, working with the VLAN is different to the switches. Creating a interface Vlan would make sense only if you had a switching module installed in this router and had some of its interfaces configured as switchports in the VLAN individual. Otherwise, the only way to work with the VLAN attached to interfaces routed to this router is to create some subinterfaces.

    Keep in mind: a router can have several routed interfaces and each of them can put an end to an independent set of VLANS. To a router, simply saying 'VLAN 11' doesn't mean anything, because this VLAN can be used on several routed ports and their subinterfaces. That's why the style interface Vlan is not used with routers without changing of modules installed because it is ambiguous.

    Welcome to ask for more!

    Best regards
    Peter

  • How to view associated with an interface VLAN IP address?

    I have a 6224 with some VLANs set up. I have addresses assigned to most of VLANs (i.e. "configuration, interfaces, vlan 20, ip 192.168.20.254 address '). I can't seem to find a way to have the switch shows that vlan interfaces have this ip assigned, either the CLI or from the web interface. It does not help that I don't think that the web interface even exposes settings for this at all.

    Thank you

    Scott


  • The interface VLAN ACL of inbound traffic?

    Hi, I may be over thinking this, but I have an ACL that is applied when entering an interface vlan. I have a line to allow udp any any newspaper which is temporary. I see hits, but the source ip address is outside the network to the ip address of the destination interface vlan. I expect to see ip source addresses only in the range of ip addresses of 192.168.1.128/25. What do you think? Thank you

    Interface vlan 100

    IP 192.168.1.132 255.255.255.128

    IP access-group ACL_IN in

    Hit of the ACL

    % S: SW1-6-IPACCESSLOGP: list of the allowed ACL_IN 192.168.6.100 (137) udp-> 192.168.1.132 (137), 1 packet

    Hello

    That looks like to me WINS navigation, a response packet.

    And as MS navigation works at level 2, it sends a response to the IP of the router where he sees demand for travel coming - maybe your customers have a configured WINS server address?

    Do not forget
    allow udp any any newspaper

    will match ANY ip src, not only your local subnet and is why your journal entries show the traffic in both directions.

    Rgds

    Ian

  • Interface VLAN traffic information

    Hi all

    Could someone please advice what traffic demonstrated Interface VLAN?

    For example, I have two interfaces, VLAN 10, and I created the layer 3 Interface VLAN 10.

    If I monitor the traffic of 10 to VLAN, the two interfaces combined traffic statistics?

    Thank you

    Prasanna Kumar deully

    Oh sorry I thought you meant span monitor where you register the interface traffic combined with the terms of a vlan

    To answer your question, it will display the number of ip layer 3 traffic in packets to all interfaces grouped under the vlan, then Yes, the two interfaces will show the interface of layer 3 vlan, some platforms will also show some L2 information like below and its shows 30 sec count on VLAN interfaces, but number five on the physical interface FA0/1

    Vlan149 is up, line protocol is up
    Material is EtherSVI, the address is 0008.e3ff.fd90 (bia 0008.e3ff.fd90)
    The Internet address is x.x.x.x/24
    MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    KeepAlive not supported
    Type of the ARP: ARPA, ARP Timeout 04:00
    Last entry of 00:00:14, exit ever, blocking of output never
    Last clearing of "show interface" counters 24w4d
    Input queue: 0/75/0/0 (size/max/drops/dumps); Total output drops: 0
    Strategy of queues: fifo
    Output queue: 0/40 (size/max)
      30 second entry rate 2134000 bps, 381 packets/s
    exit rate of 30 seconds 2019000 bps, 460 packets/s
      L2 switching: ucast: 30595061 pkt, 2268569227 bytes - mcast: 0 pkt, 0 bytes
    L3 in Switched: ucast: 5882988002 pkt, 1908218042989 bytes - mcast: 1623 pkt, 775020 bytes
    L3 on Switched: ucast: 5579358870 pkt, 1872959920772 bytes - mcast: 322 pkt, 138259 bytes
    5886751734 packets input, 1885010127367 bytes, 0 no buffer
    Received 0 emissions (28 of IP multicasts)
    0 Runts, 0 giants, 0 shifters
    entry 0, 0 CRC errors, frame 0, saturation 0, 0 ignored
         5618600472 packets output, 1854023804196 bytes, 0 underruns
    0 output errors, 0 interface resets
    output buffer, the output buffers 0 permuted 0 failures

  • Configurations of VMotion and VLAN

    Configurations of VMotion and VLAN

    ESXi 4.0 / 4.0 vCenter

    Can someone explain how to configure the ports VMotion using VIRTUAL LANs.

    Here's the design;

    Two network adapters for teaming on a virtual standard switch 0

    A network for management and another network for VMotion traffic

    The ports management group is on VLAN 103 and its default gateway is set to the network VLAN 103

    When I add a for VMotion VMkernel port group and configure the network, and I use the gateway of 103 VLAN by default I can't vmkping the other interfaces for VMotion similar configuration.

    If I change the default gateway settings and use VMotion gateway, then bad things happen, i.e. lose connectivity to the service console.

    Thanks,-Jeff

    Both an eon of ar sthjey the same physical segment (i.e., the plughed in the same physical switch) there will be no need for a gateway for the vmotion network address.

    If you find this or any other answer useful please consider awarding points marking the answer correct or useful

  • F10 4820 t - pulsations on the interface vlan

    Hello everyone

    Using Force10 S4820T on 9.6

    Rate limits can be applied to the physical interfaces only? and if yes how can I do to fix a speed limit on an interface vlan? Policy-map?

    Thanks in advance

    Based on the information contained in the user guide, it seems that it cannot apply to the physical interface.

    Page 739:

    http://bit.LY/1IRtdlU

  • interface vlan problems addin

    Hello

    I have a problem with my 8164F with 6.1.0.1 powerconnect version

    I create the vlan 643

    then I create an interface vlan

    interface vlan 643
    IP 172.24.64.2 255.255.240.0
    output

    When I ping the ip address of the switch

    ping 172.24.64.2
    Ping 172.24.64.2 with 0 bytes of data:

    4 packets transmitted, 0 packets received, 100% packet loss
    round-trip (MS) min/avg/max =<10><10><>

    in the journal, I have the following line

    <173>11 Jun 14:39:29 172.16.8.100 - 2 TRAPMGR [1206213340]: traputil.c (697) 1604 %% link on Vl643 is down

    show ip interface vlan 643

    State of the routing interface... Down
    Primary IP address... 172.24.64.2/255.255.240.0
    Method......................................... Manual
    Routing mode... Enable
    Administrative mode... Enable
    NET before realized emissions... Disable
    Proxy ARP...................................... Enable
    Local Proxy ARP... Disable
    Statement of assets... Inactive
    MAC address... D067. E595.0B1A
    Type of encapsulation... Ethernet
    IP MTU......................................... 1500
    Bandwidth...................................... 10000 Kbps
    Destination unreachable... Activated
    ICMP redirects... Activated

    that really interested me

    I simplified my config and merge the two portchannel.

    and it works.

    I'll come by later to STDs

  • Assign IP address to the Interface VLAN of Web Admin?

    It is a simple question, I can't find can in the web config page to assign an IP to an interface vlan.

    Example: I create a vlan 40 and assign ip 192.168.40.254/24 to it, I can accomplish this with the CLI with 'config; interface vlan 40; "192.168.40.254 IP address 255.255.255.0" but it does not seem to exist in the web interface!

    Thank you
    Scott


  • XConnect - interface vlan

    Hello

    I can create Tunnel Xconnect (OVER MPLS NETWORK) between the Vlan interface to the physical interface on the other site?

    For example:

    site 1:

    interface GigabitEthernet7/2.88
    Xconnect 1 Site Description
    encapsulation dot1Q 88
    XConnect 1.1.1.2 88 mpls encapsulation

    Site 2:

    interface Vlan 88

    Xconnect 2 Site Description
    IP 192.168.2.2 255.255.255.0

    XConnect 1.1.1.1 88 mpls encapsulation

    anyone tried this type of installation?

    Thank you

    Alon.

    Hello

    Yes. It will work.

  • Interface VLAN SG300-28 Firmware 1.3.7.18

    Hello

    I just my SG300 to update the last firrmware 1.3.7.1.8 and I met this problem:

    -By default, the interface VLAN has been activated, but the display is always disabled

    -I can not change and I can not ping to the VLAN IP interface as well (I gave an IP 192.168.10.1)

    Is this a bug? Does anyone know how to fix this? Please help me!

    Appreciate your help

    Minh

    minh06,

    You upgrade the startup code for Sx300_FW_Boot_1.3.5.58 ?

    -Marty

  • SG300/SG500 remove interface vlan

    Hello!

    The question is the following:

    I add a VLAN interface to test IP connectivity to this vlan by adding an IP address for this interface vlan and ping on a host.

    for example
    interface vlan 5
    192.168.0.251 IP address 255.255.255.0

    Then I can remove the ip address "without ip address', but I can't delete the ' interface vlan 5".»

    Even when I delete the vlan itself of the database for vlan. There is no command "no interface vlan. I can only stop the interface vlan.

    If anyone knows how to remove the interface vlan switches SG300/SG500 cli.

    Thanks, Woeger

    Hello

    I tried just that with my switch from laboratory here.

    I created VLAN 10 and he has given an IP address.

    Then I did a no ip address on the interface VLAN and then not a vlan 10.

    At this stage there is no interface THAT VLAN 10 in my config running or when I do a show ip interface.

    So remove the VLAN has done actually remove the interface for me, brings me to my question.

    What version of the bootcode/firmware do you currently use?  Maybe this problem has been fixed, because I am running 1.3.7.18 firmware with 1.3.7.01 code to boot.

    If you are on a low moving forward and put to date, don't forget to upgrade the boot thus code, it is necessary for new versions of firmware.

    Hope that help, but if not just let me know and we can take another look,

    Christopher Ebert - Advanced Network Support Engineer

    Cisco Small Business Support Center

    * Please note the useful messages *.

  • How configure sg300-10 and VLAN ID can be seen in the wireshark

    Hello, everyone,

    I have a question to ask. I brought a new switch sg300-10. I want to use to send ethernet packets. I plugged it with my laptop via port1. On the side of the laptop, I used wireshark to capture. But I have not found that the VLAN ID has been shown in the wireshark (I changed the registry of my laptop, so VLAN IDS must be displayed if it is contained in the frame). So I think the switch was not to configure and the id vlan does not appear in the framework that has been sent by swith. Does anyone know how to understand?

    Thank you

    Hi Jiang, if your administrative computer is connected to port 1, may not understand the tag VLAN. That's why it has the appearance of the GUI hangs.

    -Tom
    Please mark replied messages useful

Maybe you are looking for