05-17-2008 12:36 AM - edited 03-05-2019 11:03 PM
Hey guys,
I would like to know somthing about vlan being administratively down.
Do we able to access any devices associated with the admin down vlan?
Please refer here:
T001#sh run int vlan 301
Building configuration...
Current configuration : 97 bytes
!
interface Vlan301
ip address XX6.228.222.58 255.255.255.224
no ip route-cache
shutdown
end
T001#sh run int g8/2
Building configuration...
Current configuration : 150 bytes
!
interface GigabitEthernet8/2
description UVPNFT001_Public
switchport
switchport access vlan 301
no ip address
speed 100
duplex full
end
T001#
----------------------------
UVPNFT001 which is connected to this switch is accessible even its vlan is shut down.
By right, any interfaces that belong to this vlan should be inaccessible right?
Thank you.
regards
siraj
05-17-2008 01:01 AM
Are you sure the port is processing traffic. What is the output of sh int gi8/2 & sh int gi8/2 status ?
05-17-2008 01:22 AM
I am sure as the user able to access the box remotely,
here are the requested output:
T001#sh int g8/2
GigabitEthernet8/2 is up, line protocol is up (connected)
Hardware is C6k 1000Mb 802.3, address is 0018.1833.d145 (bia 0018.1833.d145)
Description: UVPNT001_Public
MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s
input flow-control is off, output flow-control is on
Clock mode is auto
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:47, output hang never
Last clearing of "show interface" counters 43w0d
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 18799
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 17000 bits/sec, 2 packets/sec
5 minute output rate 7000 bits/sec, 6 packets/sec
744989835 packets input, 613399131664 bytes, 0 no buffer
Received 318 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
724533228 packets output, 186620582563 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
T001#
T001#sh int g8/2 stat
GigabitEthernet8/2
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 429361 197800269
Route cache 0 0 0 0
Distributed cache 0 0 0 0
Total 0 0 429361 197800269
T001#
Thank you.
05-17-2008 07:43 AM
Not necessarily correct . You don't mention what kind of switch this is . More than likely this vlan is being routed by another device so its gateway on vlan 301 will be that device . If you look around you will find a connection to another routing device with vlan 301 on it . On layer 2 type switches the "interface vlan" or SVI is for managing the switch only and has nothing to do with any kind of routing for devices attached to that switch.
05-17-2008 09:23 AM
Siraj
I agree with Glen but would take a slightly different emphasis. You assume that if the VLAN interface is shut down then the VLAN is down. But this confuses what happens at layer 2 with what happens at layer 3. If you shut down the VLAN interface then you stop the layer 3 processing of that VLAN on that switch. But it does not impact the processing of layer 2 on that switch. So the port remains active, the switch still maintains the mac-address-table and forwards to the PC connected to that port. And as long as there is an active layer 3 interface somewhere in that VLAN acting as default gateway for the PC then everything will work.
HTH
Rick
05-18-2008 09:07 PM
Thanks for the explanation Rick,
But i still unable to understand the way this kind of network setup.
Surely anyone will access PC based on vlan 301's ip address which is act as default gateway for all interfaces that belong to its vlan group.
If we shut down vlan301, layer 3 process will be down for that subnet, so ip packets wont reach the destination right?
Appreciate if anyone able to review this kind of setup.
Thanks!
SiraJ
05-19-2008 04:27 AM
SiraJ
If the VLAN interface on this switch is shutdown then this switch is not providing layer 3 services (including routing) for VLAN 301. But as Glen pointed out, there is some other device that is providing the layer 3 routing. Perhaps there is another layer 3 switch in the network. Or perhaps there is a trunk port from the switch to some router that is doing inter VLAN routing.
It would be interesting to know what is configured on the PC as its default gateway.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide