cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7127
Views
20
Helpful
5
Replies

Cat 2950 3 VLANs One keeps shutting down when I activate the other

michaeldodd98
Level 1
Level 1

Hoping someone can help me out.  I trying to practice a local VLAN "enterpirse architecture" design and having some trouble.

I have a Layer 2 Catalyst 2950 switch setup with three VLANs.  Management VLAN 7, Data VLAN 8, and Voice VLAN 9.   On the first switchport I have a trunk port connecting to a Layer 2/3 3550 and am going to pracitce with SVIs later, but can't even finish the 2950 config and I'm really not understanding what is going on.

I do not want any ports in VLAN 1 for security and best practices.  So I moved all fa ports to VLAN 8 except one, I left port fa0/1 in VLAN 7 since I want to be able to manage it via IP address on the Mangement VLAN and I understand you must have one active port in a VLAN for it to stay up, I also have made this port a trunk port for the uplink to the 3550.

So I assign an ip address to VLAN 7, 10.0.7.2 and do a no shut.  I look at the config and it automatically shut down VLAN 8.  So I go to int VLAN 8 and issue a no shut, look at the config and now VLAN 7 is shutdown and the IP address has even moved to int VLAN 8.

What the heck am I doing wrong?  Note I have disbaled VTP globally so that isn't do int.

1 Accepted Solution

Accepted Solutions

Peter Paluch
Cisco Employee
Cisco Employee

Michael,

2950 Catalysts allow you to have only one active SVI (for the so-called Managemenet VLAN). As soon as you activate one SVI using the no shutdown command, all other SVIs will be shut down automatically. This is an intended behavior on these switches, and cannot be modified. As the 2950 are L2 switches only, it does not make much sense to have multiple active SVIs on them - for these switches, there is only a single management VLAN, and it is always the one with the active SVI. If the switch is to be managed from other VLAN than the management VLAN, you need a router to route your packets from the other VLAN into the management VLAN of the switch, and vice versa.

Best regards,

Peter

View solution in original post

5 Replies 5

Peter Paluch
Cisco Employee
Cisco Employee

Michael,

2950 Catalysts allow you to have only one active SVI (for the so-called Managemenet VLAN). As soon as you activate one SVI using the no shutdown command, all other SVIs will be shut down automatically. This is an intended behavior on these switches, and cannot be modified. As the 2950 are L2 switches only, it does not make much sense to have multiple active SVIs on them - for these switches, there is only a single management VLAN, and it is always the one with the active SVI. If the switch is to be managed from other VLAN than the management VLAN, you need a router to route your packets from the other VLAN into the management VLAN of the switch, and vice versa.

Best regards,

Peter

Thanks Peter.

In case anyone else runs into this design limitation on the 2950, note that just because the VLAN is shutdown *DOES NOT* mean the VLANs won't still work which is the part I was having a hard time with.  I assumed because a VLAN is in the shutdown state it cannot segment traffic.  This is untrue. 

Here is a post I found that explained it perfectly, just a different way than Peter which I could wrap my brain around and I even tested it, the shutdown VLANs I put workstations in can still ping each other only and not workstations in other VLANs.

----- 

You can assign an IP address to that vlan but its just for management  purposes. You can use that vlan for any subnet though. For example you  can assign an IP to vlan 23 like so:

interface vlan 23

ip address x.x.x.x x.x.x.x

understand that that ip address is only for vlan management and can only  be used if that vlan is brought to a status of up/up. Once you do this  any other vlans will be shut down for management purposes but your vlans  themselves won't be shut down. Traffic will still flow. Now just  because you assign that vlan 172.16.x.x ip address you can use  192.168.x.x ip address scheme on that vlan.

  -credit to remyforbes777 also.

michaeldodd98 wrote:

Thanks Peter.

In case anyone else runs into this design limitation on the 2950, note that just because the VLAN is shutdown *DOES NOT* mean the VLANs won't still work which is the part I was having a hard time with.  I assumed because a VLAN is in the shutdown state it cannot segment traffic.  This is untrue. 

Here is a post I found that explained it perfectly, just a different way than Peter which I could wrap my brain around and I even tested it, the shutdown VLANs I put workstations in can still ping each other only and not workstations in other VLANs.

Michael.

You're confusing the VLAN with the Switched Virtual Interface - the "Interface" VLAN.

The two operate at different layers of the OSI model - the VLAN is layer 3, the SVI is layer 3.

The 2950 allows you multiple layer 2 VLAN's - but only one layer 3 SVI is permitted to be active at any one time.

Normally, on a 2950, that's interface VLAN1 - *not* VLAN1 - but you can change that to any VLAN you like.

Note that the SVI maps to the same layer 2 VLAN - so if you create interface VLAN5 and VLAN5, then any ports in VLAN5 will be able to use interface VLAN5 as a default router.

The 2950 is pretty old now, so the capabilities aren't as advanced as the more modern switches - the SVI was really intended only to allow you to manage the switch remotely, not use it as a router.

Cheers.

I have a cisco catalysts 3500 XL with a version 12.0 IOS. Had the same issue. For the Vlan I wanted as management I had to go to:

 

sw2(config)#int vlan55

sw2(config-subif)#management

 

Which then moved the management vlan over from 1 to vlan55 and shutdown vlan1.

 

 

Hi,

Thanks for sharing this information. You don't see such old switches and IOSes often anymore.

Best regards,
Peter

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco