We're planning to cut users over to a new VLAN (and new subnet) on a 3750 switch. Before we actually cut the users over to the new VLAN, I'd like to create the VLAN interface and give it an IP address, then verify that we can route to the new subnet, while still keeping the old VLAN active. I was able to create the VLAN and the VLAN interface and give it an IP address, but the new VLAN is still in up/down state. Do I have to have active access ports in the new VLAN before it comes up and becomes routeable?
You have to add a new vlan in the vlan database. At least one port of that vlan is active.
Autostate is implemented on CatOS and IOS Cisco based switches by default. On some CatOS platforms, this feature can be disabled in order to allow redundancy in special scenarios. On IOS based switches, this feature cannot be disabled.
The router VLAN interfaces have to fulfill the following general conditions to be up/up:
VLAN exists and is in active status on the switch VLAN database.
VLAN interface exists on the router and is not administratively down.
At least one L2 (access port or trunk) port exists and has a link up on this VLAN. The latest implementation of the autostate feature allows synchronization to Spanning-Tree Protocol (STP) port status.
A VLAN interface will be brought up after the L2 port has had time to converge (that is, transition from listening-learning to forwarding). This will prevent routing protocols and other features from using the VLAN interface as if it were fully operational. This also prevents other problems, such as routing black holes, from occurring.
At least one L2 (access port or trunk) port is in spanning-tree forwarding state on the VLAN.
A follow up question - if I want multiple L3 VLAN interfaces to be active on the switch (in other words, if I want the switch to route between VLANs) do I have to enter the "ip routing" command? It seems like I would have to, as I'm basically asking the switch to route in between separate subnets. However, I enabled ip routing and lost connectivity with the switch. Luckily I'd set the switch to reload after a few minutes so I was able to back out of the command and connectivity was restored. But I'm not sure why entering the "ip routing" command would cause me to lose connectivity with the existing active VLAN subnet.
We manage the switch with the VLAN that is currently active on it. I was hoping to activate the new VLAN and verify that we could route to it before we cut any users onto it. I didn't do anything to the existing VLAN, I just created the new VLAN, the new VLAN interface and gave it an IP address, but it was still in up/down state (because I didn't have any active ports on it). But then when I enabled ip routing, I lost all connectivity with the switch. Although it was still forwarding traffic, I think, because I was still able to get to a "downstream" switch that hangs off this switch. So I'm just not sure why I would lose connectivity to that VLAN interface as soon as I enabled ip routing.
In any case, I think I'll wait until we can get some kind of active workstation on the new VLAN so that it will come up/up and we can verify routing to it.
You probably lost connectivity to the switch because it was setup as a layer 2 switch using a default gateway . Once you turn on ip routing then that default gateway no longer works and you have to add a static default "route" pointing to the gateway instead in order to manage the switch .
Good call, Glen! I just tested your theory - I entered a quad-zero static default route, then turned on ip routing, then removed the default-gateway and everything seems to be working. This switch is remote, so I had to be careful to not get locked out. In fact I got locked out at first because I put in the static route and removed the default-gateway before I'd enabled ip routing, but I'd set the switch to reload so after a few minutes I was able to get back in. Once I was able to get back in I made sure the static route was in there, then enabled ip routing, then removed the default gateway.
I'd always wondered what the difference was between a default-gateway and a quad-zero static route - I guess the default-gateway is a Layer 2 function and the quad-zero a Layer 3?
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...