Activating multiple VLAN interfaces on 3750

Unanswered Question
May 8th, 2009

We're planning to cut users over to a new VLAN (and new subnet) on a 3750 switch. Before we actually cut the users over to the new VLAN, I'd like to create the VLAN interface and give it an IP address, then verify that we can route to the new subnet, while still keeping the old VLAN active. I was able to create the VLAN and the VLAN interface and give it an IP address, but the new VLAN is still in up/down state. Do I have to have active access ports in the new VLAN before it comes up and becomes routeable?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thotsaphon Fri, 05/08/2009 - 09:50

Patrick,

You have to add a new vlan in the vlan database. At least one port of that vlan is active.

Understanding Autostate

Autostate is implemented on CatOS and IOS Cisco based switches by default. On some CatOS platforms, this feature can be disabled in order to allow redundancy in special scenarios. On IOS based switches, this feature cannot be disabled.

The router VLAN interfaces have to fulfill the following general conditions to be up/up:

*

VLAN exists and is in active status on the switch VLAN database.

*

VLAN interface exists on the router and is not administratively down.

*

At least one L2 (access port or trunk) port exists and has a link up on this VLAN. The latest implementation of the autostate feature allows synchronization to Spanning-Tree Protocol (STP) port status.

A VLAN interface will be brought up after the L2 port has had time to converge (that is, transition from listening-learning to forwarding). This will prevent routing protocols and other features from using the VLAN interface as if it were fully operational. This also prevents other problems, such as routing black holes, from occurring.

*

At least one L2 (access port or trunk) port is in spanning-tree forwarding state on the VLAN.

Here you go: http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a0080160b14.shtml

HTH,

Toshi

pweinhold Fri, 05/08/2009 - 10:17

I suspected as much, thanks for the info.

A follow up question - if I want multiple L3 VLAN interfaces to be active on the switch (in other words, if I want the switch to route between VLANs) do I have to enter the "ip routing" command? It seems like I would have to, as I'm basically asking the switch to route in between separate subnets. However, I enabled ip routing and lost connectivity with the switch. Luckily I'd set the switch to reload after a few minutes so I was able to back out of the command and connectivity was restored. But I'm not sure why entering the "ip routing" command would cause me to lose connectivity with the existing active VLAN subnet.

thotsaphon Fri, 05/08/2009 - 10:25

Patrick,

Yes, You have to enable an "ip routing" command to route between vlans.

Did you manage the switch with the ip address that is in active vlan(existing)? Or you managed the switch from the remote network by using an "ip default-gateway" command to route you back(grin)

HTH,

Toshi

pweinhold Fri, 05/08/2009 - 10:33

Toshi,

We manage the switch with the VLAN that is currently active on it. I was hoping to activate the new VLAN and verify that we could route to it before we cut any users onto it. I didn't do anything to the existing VLAN, I just created the new VLAN, the new VLAN interface and gave it an IP address, but it was still in up/down state (because I didn't have any active ports on it). But then when I enabled ip routing, I lost all connectivity with the switch. Although it was still forwarding traffic, I think, because I was still able to get to a "downstream" switch that hangs off this switch. So I'm just not sure why I would lose connectivity to that VLAN interface as soon as I enabled ip routing.

In any case, I think I'll wait until we can get some kind of active workstation on the new VLAN so that it will come up/up and we can verify routing to it.

Thanks very much for the feedback.

glen.grant Fri, 05/08/2009 - 12:21

You probably lost connectivity to the switch because it was setup as a layer 2 switch using a default gateway . Once you turn on ip routing then that default gateway no longer works and you have to add a static default "route" pointing to the gateway instead in order to manage the switch .

pweinhold Fri, 05/08/2009 - 13:08

Good call, Glen! I just tested your theory - I entered a quad-zero static default route, then turned on ip routing, then removed the default-gateway and everything seems to be working. This switch is remote, so I had to be careful to not get locked out. In fact I got locked out at first because I put in the static route and removed the default-gateway before I'd enabled ip routing, but I'd set the switch to reload so after a few minutes I was able to get back in. Once I was able to get back in I made sure the static route was in there, then enabled ip routing, then removed the default gateway.

I'd always wondered what the difference was between a default-gateway and a quad-zero static route - I guess the default-gateway is a Layer 2 function and the quad-zero a Layer 3?

Thanks for the help!

iyde Sat, 05/09/2009 - 08:25

Right - IP default-gateway is Layer 2 while quad-zero is layer 3 (it's a static route).

HTH

glen.grant Fri, 05/08/2009 - 10:09

Just hook up a laptop into a port that is assigned to that new vlan and the SVI will come up .

Actions

This Discussion