Thank you for your reply Ankur

On my core switch which is running in VTP server mode, I did create vlan 11 (which is going to be my management vlan) and assigned an address of 10.11.1.1 to it. I figured the core is layer 3 and will route anything coming to that vlan.

I do have a trunk between all my access switches and the core and distribution switches. The trunk appears to be working fine between the access switches (2960's) and the core (6506) and distribution switches (6504e) as I am able to assign individual ports on the access switches to any vlan that is proporgated by the VTP servers (the core and distribution switch).

So, on the access switch, how do I create a layer 3 interface when it is a layer 2 switch?

It seems like the answer to my problem was in your response, but I just can't quite get it in my mind. Do you happen to have the commands I can issue on the access switches to do what your talking about.

Again, thanks for responding. It is apprecaited.

Hi Atlan,

You can have only one layer 3 logical interface up and running on your layer 2 switch.

So to create a layer 3 interface on layer 2 switch just run the same command as you do on any layer 3 switch

2960(config)#interface vlan 11

2960(config-int)#ip address

2960(config-int)#no shut

HTH

Ankur

*Pls rate the post if it helps

Thank you Ankur,

While your posts did not give me the exact answer, it did give me enough to figure out the issue. I just had to take a minute to think through your explaination.

I went back and started from scratch after your explaination. I rebuilt the management vlan on the VTP server and assigned the int vlan 11 an address

I went to the access switches and shutdown vlan 1 and brought up vlan 11.

Worked fine. I hate it when I get caught up on something so simple. But, thanks for the clarity.

Thank you rdanevich, I see what your saying and did seriously consider just using vlan 1 as my management vlan 1 as well. I setup VLAN 1 on the core and distributions and the access switches and it did work. But, I noticed that my routes (running eigrp) all changed around to vlan1 routes. Just did not look right to me. Maybe it was right and I am worrying too much about it.

I learned going to the furtherst switch the hard way :) I won't make that mistake again :)

But, I am curious though, if I set both sides of the trunk ports to native vlan 11, would it then allow me to set the ip address of vlan 1 locally? seems to me if the access switch is still in vtp client mode that even assigning an ip to management vlan 11 on the access switch would not work?

I do appreciate your insights though, I am a firm believer that the more thoughts you hear, the more clearer your own become.

Hi,

I dont agree to above poster. It is not necessary to configure the management vlan as native vlan on the trunk ports. You should be able to assign an IP address on the management vlan using the commands given by Ankur in his post. Once you have given the IP address and have used " no shut " on the interface this will automatically come online.

Let us know the output of the following commands on the access switches

"Show vlan"

"Show interface vlan 11 "

" show interface switchport"

Also let us know that from where i.e which Vlan you rae trying to access the Vlan 11 or the access switches IP. You might have to check for the inter-vlan routing between the vlan if you are on a different vlan.

Please let us know your inputs on this and we will take it form there.

HTH, Please rate if it does.

-amit singh

You know what? I think my "Native Vlan" thinking may have been incorrect. That "Native VLAN" setting has ALWAYS been a confusing subject for me. :-( I think it's more like this, if your "trunking" capabilites went south, then ONLY the "Native VLAN" would be able to communicate. So rather this is a pro-active step if a trunking disaster were to strike, you'd still be able to access your switches remotely.

It is possible to have your "Mangement" IP address in your "Data" range (the IP addresses that your PCs and Printers use). Not good design though (more traffic, broadcasts, bandwidth etc..) Are your switchports configured/set for another VLAN (switchport access vlan 2, switchport access vlan 8, etc...) Is your network using more than one subnet/vlan? Or was it all slapped together in the past by somebody else? Everything defaulting to VLAN 1? Also, I forgot to mention that you'd have to create a subinterface on your router to route traffic for VLAN 11.

I don't understand what you mean by all your routes "changed" around to vlan1 routes. What were they before?

If you do go with the VLAN 11 setup, be sure to REMOVE the IP address from VLAN 1 and shutdown the interface. F.Y.I. My experience has shown me that leaving an IP address in VLAN1 and shutting down the interface still causes a conflict problem when trying to remotely access the switch. Also, if you're going to do this create the commands in a text file then merge the contents into the running config via TFTP. [Example:

interface VLAN1

no ip address

shutdown

!

interface VLAN11

ip address 10.x.x.x 255.255.255.128

no shutdown

!

ip default-gateway 10.x.x.1]

Tip: When first doing this, first issue the command "Reload in 15"

That'll give you 15 minutes to make the changes successfully. If successful, issue the "cancel reload" command. Then don't forget to save the running-config to the startup-config.

If unsuccessful wait 15 minutes and the switch will reboot after 15 minutes has gone by thus negating all your changes and going back to the original saved configuration. This may save you a trip or having to call someone for their assistance.

VTP client mode prevents you from creating a VLAN on that switch for the switchports, for the PCs to ACCESS. Management is entirely seperate. "Logical Layer 3 Interface" refers to the management IP address.

Hope this helps for now, waiting for the update. :-)