Native VLAN settings

Unanswered Question
Mar 19th, 2008

I disabled the native VLAN(VLAN1) and used another VLAN interface for mgmt purposes; however, when I do a no ip address on native VLAN 1, and assign an ip address to the other created VLAN(VLAN5) interface, the status of the VLAN5 is as follows:

sho interfaces vlan5

Vlan5 is down, line protocol is down

Hardware is EtherSVI, address is 0015.c663.4f41 (bia 0015.c663.4f41)

Internet address is 10.10.54.2/24

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output never, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts (0 IP multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

I did a no shutdown on VLAN 5 intercace but that sill didn't resolve the issu. Can someone tell me what I am missing?

Thanks in advance,

SK

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 03/19/2008 - 16:59

Hi

Is this a layer 2 switch only ?. If so only one vlan can be active at any one time so make sure vlan 1 is shutdown.

Secondly do you have any ports on the switch in vlan 5 or a trunk link on the switch that allows vlan 5 on it.

If neither condition is met the interface will stay down.

HTH

Jon

skhirbash Wed, 03/19/2008 - 20:43

Hi Jon,

This is 3560 SW and i have created VLAN54, VLAN51 and assigned ports to each. I decided to shutdown the native VLAN(VLAN1) and created an interface VLAN on the switch(Quesion here is what is the difference betwen an interface VLAN and just a VLAN). I also created a trunk port to link it to the router and another trunk port to link to another switch. Orignially when I had the native VLAN (VLAN1) on the switch, the switch wouldn't be able to ping the router and vice versa. However, if I create a native interVLAN on the router, then they would be able to ping each other. This is the reason why I wanted to shutdown the native VLAN on the switch, not create a native interVLAN on the router, and just create a non-native VLAN(interface VLAN5)on the switch.

I hope i didn't confuse you.

Thanks,

sK

Jon Marshall Thu, 03/20/2008 - 00:36

sK

"Quesion here is what is the difference betwen an interface VLAN and just a VLAN"

As an example from your post

When you create a vlan on a switch ie.

switch(config t)# vlan 51

switch(config-vlan)# name v51

this creates a vlan at layer 2 only. So if you allocate 2 ports into vlan 51 and attach pcs to those ports the 2 pc's will be able to communicate with each other but with nothing else and no other machine that is not in vlan 51 will be able to communicate with these pcs.

If you now add a L3 SVI (Switched Virtual Interface) for vlan 51 ie.

int vlan 51

ip address 192.168.5.1 255.255.255.0

and set the default-gateway of the pc's to be 192.168.5.1 then they can now communicate with machines outside their vlan and other machines can communicate with them.

If this is a 3560 is there any reason why you are connecting to the router via a trunk ? because your 3560 can do all the inter-vlan routing.

The other confusion is the native vlan. You can change the native vlan to any vlan you choose without shutting down vlan 1 interface, although shutting down vlan 1 is no bad thing.

Jon

skhirbash Thu, 03/20/2008 - 12:19

Jon,

To test the L3 interVLANing on the 3560, I created the following:

- L2 VLAN 51 assiged ports 1-30 to this VLAN.

- LS VLAN 54 assiged ports 31-46 to this VLAN.

- L# interface VLAN 410, ip 10.10.51.2 255.255.255.0, no trunk ports.

- Host1 ip 10.10.51.100 255.255.255.0 default gateway 10.10.51.2

- Host2 ip 10.10.54.200 255.255.255.0 default gateway 10.10.51.2

Results:

Vlan410 is down, line protocol is down

Host1(member of VLAN51) can't ping Host2

Host2(member of VLAN54)can't ping Host1

Host1 or Host2 can't ping defualt gateway.

Am I don't something wrong?

sK

Jon Marshall Thu, 03/20/2008 - 12:48

sK

The L3 interface you create must match the layer 2 vlan if you want to be able to route off your vlan. So using you example

L2 VLAN 51 assiged ports 1-30 to this VLAN.

L2 VLAN 54 assiged ports 31-46 to this VLAN.

L3 interface for vlan 51

int vlan 51

ip address 10.10.51.2 255.255.255.0

int vlan 54

ip address 10.10.54.2 255.255.255.0

Any host assigned into vlan 51 must have it's default-gateway set to 10.10.51.2.

Any host assigned into vlan 54 must have it's default-gateway set to 10.10.54.2.

HTH

Jon

skhirbash Thu, 03/20/2008 - 16:41

Jon,

I followed your instructions but the hosts weren't able to ping each other. Here is the output from the switch:

Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(25)SEB4, RELEASE SOFTWARE

Interface IP-Address OK? Method Status Protocol

Vlan1 unassigned YES manual up up

Vlan51 10.10.51.1 YES manual up up

Vlan54 10.10.54.1 YES manual up up

FastEthernet0/1 unassigned YES unset up up

!

!

vlan internal allocation policy ascending

!

vlan 51

name LAB

!

vlan 54

name Production

!

!

interface Vlan1

no ip address

!

interface Vlan51

ip address 10.10.51.1 255.255.255.0

!

interface Vlan54

ip address 10.10.54.1 255.255.255.0

Vlan51 is up, line protocol is up

Hardware is EtherSVI, address is 0015.c663.4f41 (bia 0015.c663.4f41)

Internet address is 10.10.51.1/24

Vlan54 is up, line protocol is up

Hardware is EtherSVI, address is 0015.c663.4f42 (bia 0015.c663.4f42)

Internet address is 10.10.54.1/24

Host1 ip address: 10.10.51.100 255.255.255

Default gateway: 10.10.51.1

Can ping 10.10.51.1 & 10.10.54.1

Can't ping host2 10.10.54.200

Host2 ip address:10.10.54.200 255.255.255

Default gateway: 10.10.54.1

Can ping 10.10.51.1 & 10.10.54.1

Can't ping host1 10.10.51.100

Also, in this setting, I am using one L3 switch with interVLANing, what happens when I want to stack 5 other switches to this switch? Another inquiry, what happens when i add a router into this topology?

ThankS

sK

sundar.palaniappan Thu, 03/20/2008 - 17:22

It appears the Windows firewall is probably blocking ICMP echo replies from being sent. Can you disable the firewall on both PCs and try the ping?

If you want to connect more switches to this switch then you need to configure the port between these two switches as a trunk port. Those switches need to know of the all the VLANs (layer 2) that you have created in this switch. You can either manually configure the VLAN or propogate the VLAN dynamically using VTP.

HTH

Sundar

skhirbash Thu, 03/20/2008 - 19:56

Thanks Sundar for the response; however, the hosts are Win2000 and no firewall is present.

Once the L2 VLANs are propagated to all the switched throught the Trunk ports, do I need to create L3 interfaces?

Another question, if I want to create a mgmt VLAN to be able to ping the router, how do I go about doing that?

Thanks,

sK

sundar.palaniappan Fri, 03/21/2008 - 15:23

Can you ping the PCs from the local router?

You don't have to create layer 3 interface on all the switches. Just in one switch, preferably on the switch that's directly connected to the router.

Assign the switchport connected to the router a certain VLAN, let's say 51. Assign the router interface an IP from VLAN 51. In the switch you already have a VLAN (L3) 51 interface. You should be able to test your connectivity by pinging the router from the switch.

HTH

Sundar

glen.grant Wed, 03/19/2008 - 18:57

You must have at least one active port or trunk carrying vlan 5 for the SVI to come active , if there are no active ports or trunks carrying vlan5 it will show down.

Actions

This Discussion