Routing VLAN

Answered Question

Is there a problem with running an IP address on the main interface with sub-interfaces for Vlans or should the IP addresses all be sub-interfaces?

EXAMPLE:

interface GigabitEthernet0/0

ip address 172.16.1.2 255.255.0.0

bridge-group 1

media-type rj45

!

interface GigabitEthernet0/0.1

encapsulation dot1Q 11

ip address 192.168.11.254 255.255.255.0

no cdp enable

!

interface GigabitEthernet0/0.3

encapsulation dot1Q 33

ip address 192.168.33.254 255.255.255.0

no cdp enable

or

interface GigabitEthernet0/0

no ip address

media-type rj45

!

interface GigabitEthernet0/0.1

encapsulation dot1Q 11

ip address 172.16.1.2 255.255.0.0

bridge-group 1

!

interface GigabitEthernet0/0.2

encapsulation dot1Q 11

ip address 192.168.11.254 255.255.255.0

no cdp enable

!

interface GigabitEthernet0/0.3

encapsulation dot1Q 33

ip address 192.168.33.254 255.255.255.0

no cdp enable

What would the repercusions be?

Both seem to work the same.

I have this problem too.
0 votes
Correct Answer by Pavel Bykov about 9 years 5 months ago

The big difference is that packets traveling from "interface GigabitEthernet0/0 " are not send encapsulated. They don't have 802.1Q tags, and therefore do not belong to any VLAN. They will be received by either NATIVE VLAN on other side (if it's a switch with trunk port), or interface that has no encapsulation on another side (if it's a router).

In second configuration you are throwing two IP networks in one VLAN (172.16.1.2 255.255.0.0 and 192.168.11.254 255.255.255.0 )

Not that it won't work, but it's not recommended and is not a good design practice. You are creating VLANs to separate broadcast domains, and create separate networks, but here you have two networks in one VLAN - VLAN 11

Where does bridge-group 1 lead to?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
Pavel Bykov Wed, 08/08/2007 - 07:52

The big difference is that packets traveling from "interface GigabitEthernet0/0 " are not send encapsulated. They don't have 802.1Q tags, and therefore do not belong to any VLAN. They will be received by either NATIVE VLAN on other side (if it's a switch with trunk port), or interface that has no encapsulation on another side (if it's a router).

In second configuration you are throwing two IP networks in one VLAN (172.16.1.2 255.255.0.0 and 192.168.11.254 255.255.255.0 )

Not that it won't work, but it's not recommended and is not a good design practice. You are creating VLANs to separate broadcast domains, and create separate networks, but here you have two networks in one VLAN - VLAN 11

Where does bridge-group 1 lead to?

Actions

This Discussion