cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1390
Views
0
Helpful
14
Replies

SVI Config on 2x3750G switches

bavingtonm
Level 1
Level 1

Hi

On the 2 x 3750G callapsed core/distribution switches I have configure SVI interfaces for each vlan in my network (6 vlans, 1, 10, 20, 30, 40, 50).

I have about 5 switch blocks/stacks each using a different vlan eg. switch_block 1 (5 x switches in stack)uses Vlan 10.

The top switch in the stack connects via fibre to core_sw_1 and at the bottom switch in stack via fibre to core_2. All switches are then linked in a daisy chain fashion via copper.

spanning-tree is split over each of the core switches as root eg. core_1 is root for vlan 1,10,20 and core _2 is root for vlan 30,40,50.

I have used the "switch(config)#int vlan 1" command and assigned an ip address (on core_1) of 10.217.12.1/24 for the SVI. I have repeated the steps for all vlans, eg. vlan 10 is 10.217.13.1/24 vlan 20 is 10.217.14.1/24 and so on.

I have repeated the above steps on the second core switch also but have replaced the last octet of the IP address to .2 (int vlan 1--10.217.12.1 on core_1 and int vlan 1 -- 10.217.12.2 on core_2, repeating for each of the other vlans.

Is this the right way to configure SVI's???

On the switch block the top and bottom switches of the stack have also been configured with the "int vlan #" command and IP addresses have been incremented by 1 on each switch eg. vlan 1 -- 10.217.12.3 /24 on top switch and int vlan 1 -- 10.217.12.4 /24 on the bottom switch.

Is this the correct way to configure SVI's??

Please advise?

Thanks

MB

14 Replies 14

Mark Yeates
Level 7
Level 7

MB,

Remember SVI's are the creation of layer 2 VLAN's within the VLAN database. Interface VLAN's are the layer 3 "routed VLAN" portion on the switch. You do not need a VLAN interface on all your switches. I would create VLAN interfaces only on your cores, and SVI's on your access layer switches. Do you plan to use HSRP on your cores? Here's how to create an SVI on your switches.

switch#configure terminal

switch(config)#vlan 10

switch(config-vlan)#exit

switch(config)#

HTH,

Mark

"I would create VLAN interfaces only on your cores, and SVI's on your access layer switches."

Mark, why should he create an SVI on the access layer when it is a switched layer?

You also seem to differentiate between a "VLAN interface," which you suggest he create on the core, and an SVI (which is a routed vlan interface). Im not sure I understand what the functional difference is. Moreover, you suggest he create the routed SVI on a switched access layer...

Hmmmmmmm...

Wanna think about that one?

Victor

Victor

Thanks for catching my mixed up terminology there. Ultimately I was advising the creation of the VLAN interface on the cores and the layer 2 VLANs on the access layer switches.

Mark

No biggie, Mark. I just wanted to point it out so that MB doesn't get confused, not to be a jerk.

Have a great night. :-)

Victor

lamav
Level 8
Level 8

MB:

You have given a lot of information, which is good, but I find some of it confusing. You called the 3750 stack the collapsed core , but then you mention that it is uplinked to another core switch...?

Anyway, the purpose of stacking switches is to create greater port densities and to increase switch forwarding capabilities with the addition of each physical switch in the virtual stack. You can stack up to 9 physical switches. So, the stack should be treated as a single switch with one management interface and one (1) SVI for each routed vlan created. By routed vlan I mean a vlan that you want to participate in inter-vlan routing.

You should understand what a vlan and an SVI are and why you configure them.

A vlan is pretty much a layer 2 construct. Devices in the same vlan belong to the same layer 2 broadcast domain, and communication between hosts on the same vlan can be acheived solely using layer 2 source and destination addresses.

However, for traffic to leave that vlan and venture to the outside world, if you will, it needs to exit through a layer 3 gateway, a routed interface whose layer 3 address belongs to the subnet(s) designated for that vlan. That SVI's IP address is typically used as the default gateway for hosts on that vlan. You would create the SVI on the routed/L3 switched layer using the command "interface vlan x".

So, why would you want to create 2 SVI's in the same stack? In fact, you can't even create 2 layer 3 interfaces for the same subnet on the same routed device. Each stack is basically one switch, and if that switch is a routed layer (as in your collapsed core), it should have one SVI for each vlan. Maybe I misunderstood what you meant...

If I did and you understand the concept, great.

Lastly, I would stay away from using vlan 1 for user traffic. Vlan 1 is used to exchange control plane information for layer 2 mechanisms, such as CDP, PaGP, VTP, etc. So, leave that vlan alone and prune it when appropriate. Also, create a separate vlan for management traffic. Lets say you have 100 or so devices you need to manage, create a /25 subnet, call it vlan 100 (or whatever), and then create an SVI for it on each switch that will be in the same management domain.

By the way, the L3 management interface would be the only SVI you would create on a layer 2 switch. You would also need the "ip default-gateway" command with the next hop configured so that you can access the switch remotely. Or you can use the "ip route 0.0.0.0 0.0.0.0 " command, but you would need to enable ip routing with the "ip routing" command first.

Come back if you have any other questions...

HTH

Victor

Hi

I have 2 x 3750g's which are not using stack wise, they have 2 fibre links between them. Is it better to use the stackwise cables instead?

I have split the stp root bridge between the 2 switches, core_1 vlan 1,10,20 and core_2 vlan 30,40,50. Is this a bad setup? if so why?

I assumed I should config "int vlan #" (SVI's) on both switches whats best practice for this scenario? or please advise of a better way to go about things?

Thanks

MB

Should I configure the core as 2 x 3750G-12S's connected via stackwise cable and configured purely for layer 3?

Then use the access switches in the switch block for layer 2 distribution/access?

Any advise please?

MB,

You will not want to use the stackwise cables as you would loose the ability of having both cores. I don't think there would be an issue with the current STP configuration. You will want to use the VLAN interface (SVI's) on both of your cores. I apologize for the confusion on my earlier post.

P.S Victor no insult taken. I'm glad that you did catch my mistake to make sure that the correct information was given.

Mark

Thanks, but I'm now confused..... So how do I set the SVI's up on the second core, what addresses would I need on the second core?

present config:

Core_1 -- Vlan 10 SVI -- 10.217.13.1 /24

Core_2 -- Vlan 10 SVI -- 10.217.13.2 /24

Core_1 -- Vlan 20 SVI -- 10.217.14.1 /24

Core_2 -- Vlan 20 SVI -- 10.217.14.2 /24

and so on.

is this correct?

Thanks

Yes this is correct. I will recommend using HSRP with your dual core design. Here is a guide for configuring HSRP. If you need more help feel free to ask.

http://www.cisco.com/en/US/docs/internetworking/case/studies/cs009.html

Mark

Thank you very much for the advise.... I have just one last question:

If each switch block, not core, is configured with a seperate vlan eg. block of 5 switches in switch block 1 and vlan 10 is active,

switch block 2 and vlan 20 is active (5 also in block)

would I create SVI's for each of the blocks?

eg.

switch block 1 -- vlan 10 -- 10.217.13.3 /24

switch block 1 -- vlan 20 -- 10.217.14.3 /24

etc, as I did on the cores?

Thanks

MB

MB:

the terminology youre using is getting confusing.

Please supply a drawing that shows the switches in question and how you want to connect them...

Thanks

Victor

Sorry for any confusion with terminology!

By Switch Stack/block I mean stack of switches that are daisy chained together with copper.

Each stack/block of switches configured with a different vlan and subnet.

Servers are connected on vlan 50 and must be accessible by all hosts in all the vlans.

I have used SVI's on both the core/dist switches and dont know if something else is needed to be changed?

thx

thx

MB

Im sorry, but I cant open your diagram. Whats a .sdr extension?

Anyway, let me give you a brief of what you have to do:

1. On the Layer 2 access switches,

a.) Create vlan 50 and give it a name.

example:

vlan 50

name HR_vlan

b) Place the end-user access switchports in vlan 50 and set the correct speed and duplex settings, and enable it.

interface gi1/0/1

switchport

switchport mode access

switchport access vlan 50

speed auto

duplex auto

no shut

c.) Then create the trunk that will be used to send vlan-50-tagged traffic up to the routed core layer.

interface gi1/0/20

switchport

switchport mode trunk

switchport trunk encapsulation dot1q

speed auto

duplex auto

no shut

d.) Create a management vlan and give it a name

vlan 100

name management_vlan

e.) Create the Layer 3 management interface that you can telnet to later:

interface vlan 100

ip address 10.10.100.2 255.255.255.128

f.) Configure a static route for management traffic.

ip default-gateway 10.10.100.250

--OR--

ip routing

ip route 0.0.0.0 0.0.0.0 10.10.100.250

2. On the routed core switches:

a.) Create vlan 50 and the management vlan in layer 2.

vlan 50

name HR_vlan

vlan 100

name management vlan

b.) Then create the routed SVI interfaces for each vlan.

interface vlan 50

ip address 10.10.50.2 255.255.255.0

standby 50 ip 10.10.50.1

standby 50 priority 105

standby 50 preempt

interface vlan 100

ip address 10.10.100.250 255.255.255.128

c.) Create the other end of the trunk:

interface gi1/0/10

switchport

switchport mode trunk

switchport trunk encapsulation dot1q

speed auto

duplex auto

no shut

I know you configured STP already and you seem confident with it, so I am not going to go into that unless you need me to.

What I did was give you the general view of what you should do. A general approach.

HTH

Victor

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco