03-19-2008 04:56 PM - edited 03-05-2019 09:51 PM
I disabled the native VLAN(VLAN1) and used another VLAN interface for mgmt purposes; however, when I do a no ip address on native VLAN 1, and assign an ip address to the other created VLAN(VLAN5) interface, the status of the VLAN5 is as follows:
sho interfaces vlan5
Vlan5 is down, line protocol is down
Hardware is EtherSVI, address is 0015.c663.4f41 (bia 0015.c663.4f41)
Internet address is 10.10.54.2/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
I did a no shutdown on VLAN 5 intercace but that sill didn't resolve the issu. Can someone tell me what I am missing?
Thanks in advance,
SK
03-19-2008 04:59 PM
Hi
Is this a layer 2 switch only ?. If so only one vlan can be active at any one time so make sure vlan 1 is shutdown.
Secondly do you have any ports on the switch in vlan 5 or a trunk link on the switch that allows vlan 5 on it.
If neither condition is met the interface will stay down.
HTH
Jon
03-19-2008 08:43 PM
Hi Jon,
This is 3560 SW and i have created VLAN54, VLAN51 and assigned ports to each. I decided to shutdown the native VLAN(VLAN1) and created an interface VLAN on the switch(Quesion here is what is the difference betwen an interface VLAN and just a VLAN). I also created a trunk port to link it to the router and another trunk port to link to another switch. Orignially when I had the native VLAN (VLAN1) on the switch, the switch wouldn't be able to ping the router and vice versa. However, if I create a native interVLAN on the router, then they would be able to ping each other. This is the reason why I wanted to shutdown the native VLAN on the switch, not create a native interVLAN on the router, and just create a non-native VLAN(interface VLAN5)on the switch.
I hope i didn't confuse you.
Thanks,
sK
03-20-2008 12:36 AM
sK
"Quesion here is what is the difference betwen an interface VLAN and just a VLAN"
As an example from your post
When you create a vlan on a switch ie.
switch(config t)# vlan 51
switch(config-vlan)# name v51
this creates a vlan at layer 2 only. So if you allocate 2 ports into vlan 51 and attach pcs to those ports the 2 pc's will be able to communicate with each other but with nothing else and no other machine that is not in vlan 51 will be able to communicate with these pcs.
If you now add a L3 SVI (Switched Virtual Interface) for vlan 51 ie.
int vlan 51
ip address 192.168.5.1 255.255.255.0
and set the default-gateway of the pc's to be 192.168.5.1 then they can now communicate with machines outside their vlan and other machines can communicate with them.
If this is a 3560 is there any reason why you are connecting to the router via a trunk ? because your 3560 can do all the inter-vlan routing.
The other confusion is the native vlan. You can change the native vlan to any vlan you choose without shutting down vlan 1 interface, although shutting down vlan 1 is no bad thing.
Jon
03-20-2008 12:19 PM
Jon,
To test the L3 interVLANing on the 3560, I created the following:
- L2 VLAN 51 assiged ports 1-30 to this VLAN.
- LS VLAN 54 assiged ports 31-46 to this VLAN.
- L# interface VLAN 410, ip 10.10.51.2 255.255.255.0, no trunk ports.
- Host1 ip 10.10.51.100 255.255.255.0 default gateway 10.10.51.2
- Host2 ip 10.10.54.200 255.255.255.0 default gateway 10.10.51.2
Results:
Vlan410 is down, line protocol is down
Host1(member of VLAN51) can't ping Host2
Host2(member of VLAN54)can't ping Host1
Host1 or Host2 can't ping defualt gateway.
Am I don't something wrong?
sK
03-20-2008 12:48 PM
sK
The L3 interface you create must match the layer 2 vlan if you want to be able to route off your vlan. So using you example
L2 VLAN 51 assiged ports 1-30 to this VLAN.
L2 VLAN 54 assiged ports 31-46 to this VLAN.
L3 interface for vlan 51
int vlan 51
ip address 10.10.51.2 255.255.255.0
int vlan 54
ip address 10.10.54.2 255.255.255.0
Any host assigned into vlan 51 must have it's default-gateway set to 10.10.51.2.
Any host assigned into vlan 54 must have it's default-gateway set to 10.10.54.2.
HTH
Jon
03-20-2008 04:41 PM
Jon,
I followed your instructions but the hosts weren't able to ping each other. Here is the output from the switch:
Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(25)SEB4, RELEASE SOFTWARE
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES manual up up
Vlan51 10.10.51.1 YES manual up up
Vlan54 10.10.54.1 YES manual up up
FastEthernet0/1 unassigned YES unset up up
!
!
vlan internal allocation policy ascending
!
vlan 51
name LAB
!
vlan 54
name Production
!
!
interface Vlan1
no ip address
!
interface Vlan51
ip address 10.10.51.1 255.255.255.0
!
interface Vlan54
ip address 10.10.54.1 255.255.255.0
Vlan51 is up, line protocol is up
Hardware is EtherSVI, address is 0015.c663.4f41 (bia 0015.c663.4f41)
Internet address is 10.10.51.1/24
Vlan54 is up, line protocol is up
Hardware is EtherSVI, address is 0015.c663.4f42 (bia 0015.c663.4f42)
Internet address is 10.10.54.1/24
Host1 ip address: 10.10.51.100 255.255.255
Default gateway: 10.10.51.1
Can ping 10.10.51.1 & 10.10.54.1
Can't ping host2 10.10.54.200
Host2 ip address:10.10.54.200 255.255.255
Default gateway: 10.10.54.1
Can ping 10.10.51.1 & 10.10.54.1
Can't ping host1 10.10.51.100
Also, in this setting, I am using one L3 switch with interVLANing, what happens when I want to stack 5 other switches to this switch? Another inquiry, what happens when i add a router into this topology?
ThankS
sK
03-20-2008 05:22 PM
It appears the Windows firewall is probably blocking ICMP echo replies from being sent. Can you disable the firewall on both PCs and try the ping?
If you want to connect more switches to this switch then you need to configure the port between these two switches as a trunk port. Those switches need to know of the all the VLANs (layer 2) that you have created in this switch. You can either manually configure the VLAN or propogate the VLAN dynamically using VTP.
HTH
Sundar
03-20-2008 07:56 PM
Thanks Sundar for the response; however, the hosts are Win2000 and no firewall is present.
Once the L2 VLANs are propagated to all the switched throught the Trunk ports, do I need to create L3 interfaces?
Another question, if I want to create a mgmt VLAN to be able to ping the router, how do I go about doing that?
Thanks,
sK
03-21-2008 03:23 PM
Can you ping the PCs from the local router?
You don't have to create layer 3 interface on all the switches. Just in one switch, preferably on the switch that's directly connected to the router.
Assign the switchport connected to the router a certain VLAN, let's say 51. Assign the router interface an IP from VLAN 51. In the switch you already have a VLAN (L3) 51 interface. You should be able to test your connectivity by pinging the router from the switch.
HTH
Sundar
03-19-2008 06:57 PM
You must have at least one active port or trunk carrying vlan 5 for the SVI to come active , if there are no active ports or trunks carrying vlan5 it will show down.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: