subinterfaces and vlans

Unanswered Question
Jul 22nd, 2008

If you are configuring vlan trunking on your switch and the related subinterfaces on your router, must you have routing turned on before you configure the router? We are doing some prep work on our routers and encountering some odd behavior when configuring the subinterfaces. The worst of which is that we loose connectivity to the router when we turn on the encapsulation on the subinterface. BTW> We haven't turned on routing yet because decisions are still being made regarding AS numbers and redistributions, so we don't want to negatively impact the production network. Although these new routers are not in production, they are live on the production network.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
AJAZ NAWAZ Tue, 07/22/2008 - 07:33

[If you are configuring vlan trunking on your switch and the related subinterfaces on your router, must you have routing turned on before you configure the router?]

Simple ans is no. That said, if you was to look in your routing table, the connected subnets will appear in there (ie. the subinterfaces). So by simply adding the subinterfaces the router will locally route between these subnetworks regardless of any routing process being started up or not.



Richard Burts Tue, 07/22/2008 - 07:33


Perhaps you can clarify a few things about your situation which are not clear to me from your post. Are we talking about a router or about a layer 3 switch which can do routing? From the description it sounds like a router and not a layer 3 switch which is to do inter vlan routing, but it would be helpful to be sure.

Also when you say that you have not turned on routing, does that just literally mean that you have not entered any commands to enable routing or does it mean that you have disabled routing? Or does it mean that you have not configured any routing protocol?

The impact of these questions is that one of the differences between a router and a layer 3 switch is that on a router the routing function is enabled by default (no commands required) while on a layer 3 switch you must enable routing.



mgottfried Tue, 07/22/2008 - 07:44

I am talking about new routers with a limited configuration. No routing protocol configured, no routing parameters set, but routing not disabled.

Basically, we are going to use trunking from the switches to the new routers because we have other routers that we have to connect to the switches due to the fact that we don't have enough ethernet ports for a router to router connection. IE: The other router(s) connect to the switch and the vlans they are in are trunked up to the new router with subinterfaces.

What happens is that the folks doing the configurations are reporting to me that they loose connectivity as soon as they configure the encapsulation on the subinterface. (The connectivity to the router is through the same interface they are configuring.)

mgottfried Tue, 07/22/2008 - 07:51

I guess I should theorize a bit on this. The problem is being reported to me by other technicians. I am suspicious that they are shooting themselves in the foot. The router interface they are trying to configure is currently in use with the physical interface configured already. They are remotely accessing the routers via that interface. Then, when they configure the subinterface and encapsulation they loose connectivity. I think this may be being caused by the fact that the router expects the connection to be a trunk as soon as you enter the encapsulation command. Because the switch that the technician is accessing the router through isn't yet configured to trunk the connection, they loose their access.

Richard Burts Tue, 07/22/2008 - 08:07


The additional information is helpful. But there are still aspects of this that I do not understand.

The part that is now more clear is that if you have a new router (on which routing is enabled by default) and if you connect it to a trunk port on a switch, and you configure subinterfaces with dot1q encapsulation then the router will begin doing routing between the vlans that it knows about.

I am not so clear why you lose connectivity when you configure encapsulation on the router. Since the router has no static routes and has no routing protocol it will not know about any networks or subnets other than what is locally connected. But if the switch(es) are connected to another router already which is providing connectivity then I do not understand why that does not continue to work. For the devices on the switch, and for the switch what is configured as the default gateway, and where is that address (what device in the network has that address)?



Richard Burts Tue, 07/22/2008 - 08:14


Your theory sounds pretty good to me. If they are coming through a switch to get to the new router, and if the port on the switch is configured as an access port rather than as a trunk port, then configuring the router interface with subinterfaces would put them out of sync.

I would suggest that when they configure the router if the first subinterface that they configure is the subinterface for the native vlan then things might work ok. And of course if they were to configure the switch port as a trunk before they configure the router it would not be so much of a problem.



mgottfried Tue, 07/22/2008 - 12:47

That is pretty much the same conclusion I came to as I was writing that last post. Of course, my internet connection went south right after that and I'm just now able to get back on to look at later postings.

I'm wondering if they might just be better off to visit the sites so that they can harmlessly configure both the trunking on the switch and the subinterfaces on the router at the same time from the console. Part of the reason I'm thinking that is that they really need to move the IP address from the physical interface to the user vlan on the router so it will support their data connections. They can't do that remotely without losing their connection in the middle.

That brings another question to mind. What ramifications are there to having an IP address on the physical interface? I haven't got a lab set up where I can test this. I'm wondering what will happen. The goal is to create several vlans. One for data, one for voice, one for special applications, one for switch management, etc... I'm thinking that having the IP address remain on the physical interface is going to be a problem. I'm thinking that should be moved to the subinterface that corresponds to the data vlan on the switch. Of course, all of the other vlans will have their appropriate IPs configured as well.


This Discussion