Solved: Confirmation on best practice - VLAN

news2010a · ‎02-06-2010

Hi, can you confirm the following:

Imagine I want to create SVI vlan 307 on all my catalyst switches in order to reach switches on the network via IP.

a) I would unassign vlan 1 from every port.

b) I would assign ports for example 11 - 15 to vlan 20 (servers). then switchports 16 - 46(applications) to vlan 30 for example. Switchports 47 and 48 would be trunk allow vlan 20,30,307 to upstream 4507 distribution switch.

c) SVI int vlan 307 is the only SVI I should create and assign an IP there. I should shut int vlan 1.

Question:

Which switchports I should assign vlan 307 (management) to? I mean, my understanding is that I need physical ports associated with vlan in order to see vlan coming up, right? Please let me know what is your thought on that.

Jon Marshall · ‎02-06-2010

news2010a wrote:

He, he, yes I think that was you.

One more question:
Is it a good practice assign the default-gateway on this layer 2 access-layer switch as IP on vlan 307, right?

That way on the upstream 4507 I would have a vlan 20, vlan 30 (etc.) and vlan 307 SVI configured. Then the default-gateway configured on the layer 2 switch would be the IP specified on vlan 307, correct?

Yes, on the L3 switch that does the inter-vlan routing you will have a L3 SVI for vlan 307. The IP address assigned to that L3 SVI should be used as the default-gateway for all your L2 switches.

Jon

View solution in original post

Jon Marshall · ‎02-06-2010

news2010a wrote:
Hi, can you confirm the following:
Imagine I want to create SVI vlan 307 on all my catalyst switches in order to reach switches on the network via IP.
a) I would unassign vlan 1 from every port.
b) I would assign ports for example 11 - 15 to vlan 20 (servers). then switchports  16 - 46(applications) to vlan 30 for example. Switchports 47 and 48 would be trunk allow vlan 20,30,307 to upstream 4507 distribution switch.
c) SVI int vlan 307 is the only SVI I should create and assign an IP there. I should shut int vlan 1.
Question:
Which switchports I should assign vlan 307 (management) to? I mean, my understanding is that I need physical ports associated with vlan in order to see vlan coming up, right? Please let me know what is your thought on that.

Marlon

Not sure about c) - you would presumably have SVIs for vlan 20 and 30 ?

Anyway in answer to your question, a L3 SVI will be up/up if

1) there is a physical port that is up/up in that vlan

or

2) there is a trunk link that is up/up and the vlan is allowed on that trunk.

So you don't need to allocate any physical ports to vlan 307 if you are using this vlan to manage your switches, you just need to allow the vlan on the trunks between switches.

Jon

news2010a · ‎02-06-2010

Jon, that is right the active trunk including vlan 307 should take care to bring the SVI up/up.

Regarding creating SVI's for vlan 20 and vlan 30, the other day a noble member of this forum reminded me that the SVI's are not involved in data forwarding and are used only for management capability.

That said, is there any technical reason for me to create SVI's for vlan 20 and vlan 30?

Jon Marshall · ‎02-06-2010

news2010a wrote:

Jon, that is right the active trunk including vlan 307 should take care to bring the SVI up/up.

Regarding creating SVI's for vlan 20 and vlan 30, the other day a noble member of this forum reminded me that the SVI's are not involved in data forwarding and are used only for management capability.

That said, is there any technical reason for me to create SVI's for vlan 20 and vlan 30?

Marlon

the other day a noble member of this forum reminded me that the SVI's are not involved in data forwarding and are used only for management capability.

Hmmm, sounds like something i would say but "noble member" - can't be me

Yes your'e right, SVIs are not involved in data forwarding on a L2 switch. So i think i may have misunderstood in this post. If you were referring to setting up a L2 switch then yes, you would only have a L3 SVI for vlan 307 on that switch. You wouldn't have any other SVIs and indeed you can't.

On the L3 switch responsible for inter-vlan routing you would have SVIs for all 3 vlans, that was what i meant about c).

Jon

news2010a · ‎02-06-2010

He, he, yes I think that was you.

One more question:
Is it a good practice assign the default-gateway on this layer 2 access-layer switch as IP on vlan 307, right?

That way on the upstream 4507 I would have a vlan 20, vlan 30 (etc.) and vlan 307 SVI configured. Then the default-gateway configured on the layer 2 switch would be the IP specified on vlan 307, correct?

Jon Marshall · ‎02-06-2010

news2010a wrote:

He, he, yes I think that was you.

One more question:
Is it a good practice assign the default-gateway on this layer 2 access-layer switch as IP on vlan 307, right?

That way on the upstream 4507 I would have a vlan 20, vlan 30 (etc.) and vlan 307 SVI configured. Then the default-gateway configured on the layer 2 switch would be the IP specified on vlan 307, correct?

Yes, on the L3 switch that does the inter-vlan routing you will have a L3 SVI for vlan 307. The IP address assigned to that L3 SVI should be used as the default-gateway for all your L2 switches.

Jon