Solved: cat3550 L3 switching without VLANs?

Bojan Zivancevic · ‎04-05-2004

I have fair experience with layer 2 switching and routing, but now I have a task ahead of me which involves layer 3 switching. It's new area for me, I read the docs, but I still have one doubt.

In short, I have one 3550-12 switch which is to be installed in network that is in use for some years. They want to keep things just about the same (at least for the moment). That means they have no VLANs at all. The first role for this switch is to replace the current software-based router (it has two NICs). There are two networks, 10.81.1.0 and 10.81.2.0, with gateways 10.81.1.1 and 10.81.2.1. For the sake of simplicity, let's say that 6 ports are to be used on the first, and the other 6 on the second network.

Now, I read all about SVIs and routed ports. I know I can make two SVIs (6 ports each) and give them these two gateway ip addresses, and enable ip routing between them. But then I will have to make VLANs across the network.

Is it possible to configure just two routed ports (to serve as gateways), and that the rest of the ports remain basic switch ports? Will the routing between these two networks work? Is there another solution which doesn't involve VLANs? Can I use some kind of "ip unnumbered" so the remaining 5 ports can use the gateway ip address?

Of course I can make every port routed, but that's just wasting ip addresses.

I hope I made myself clear. Any help is greatly appreciated!

jamey · ‎04-08-2004

A VLAN is just a broadcast domain. If you have 6 ports on a switch in one VLAN then any devices on those 6 ports will be part of the same broadcast domain. These devices can be other switches, routers, hosts, etc.

Let's say you have a 3550 and assign 6 ports to VLAN 10 and create an SVI and give the SVI an IP. Then let's say you have 6 other switches that all have hosts that you want to be in the same broadcast domain as the SVI on the 3550. Make the 6 ports on the 3550 "access ports" via the "switchport access" command and connect the other 6 switches to the 3550. On the other 6 switches, just make the port going to the 3550 an access port via the "switchport access" command. The 3550 will think of the other switch as just some device. It won't care that it is a switch. The other 6 switches don't need any special VLAN config on them because all their ports are in the same VLAN by default (VLAN1). This includes the uplink port to the 3550. Thus when a host sends a frame on one of the 6 remote switches, the frame will go out all ports (including the port going to the 3550).

"One more thing. You said "just connect another switch or whatever to one of the 6 ports". I have fiberoptic connections coming to the 3550 (it's a classic switched network). So, can I connect 6 fiberoptic links to the 3550, make a SVI containing these 6 ports, assign an ip address to the SVI, then do the same thing on the other 6 ports (with different address of course), and route traffic between these two networks? And all that without creating any VLANs accross the network? "

Yep. The 3550 should automatically route between the two SVIs (I always enter the ip routing command just to be safe though). You should not have to create any VLANs on the other switches. Think of the VLANs as being local to the switch by default. What you are getting confused by I think is when you need to extend VLANs across multiple switches...when that is the desired goal, you use trunking.

-HTH

View solution in original post

jamey · ‎04-05-2004

If you make two routed ports, they can route to each other, but to access another subnet that exists on other ports on the 3550 you'll need to create an SVI so they can route to it. Note, you don't have to create VLANs on any other switches, etc. for this.

Or you could make SVIs on the 3550 for both subnets. When you do so you don't have to make VLANs across the entire network. Just put 6 ports in one VLAN and the other 6 in another VLAN. Create the SVIs for each subnet and give them IPs. To connect to the rest of the network, just connect another switch or whatever to one of the 6 ports for the subnet you want to extend. You don't have to share VLAN info from the 3550 to the other devices.

-HTH

Bojan Zivancevic · ‎04-05-2004

Thanks. It seems to me you shown me the way. However, can you explain to me how it is possible that VLANs don't have to be created on other switches? How will anybody (or anything) communicate with the switch if there are no VLANs in the network (but there are two VLANs in the switch)? I am asking this because I am trying to exactly figure out how the ports within a SVI behave.

One more thing. You said "just connect another switch or whatever to one of the 6 ports". I have fiberoptic connections coming to the 3550 (it's a classic switched network). So, can I connect 6 fiberoptic links to the 3550, make a SVI containing these 6 ports, assign an ip address to the SVI, then do the same thing on the other 6 ports (with different address of course), and route traffic between these two networks? And all that without creating any VLANs accross the network?

Thanks again

jamey · ‎04-08-2004

A VLAN is just a broadcast domain. If you have 6 ports on a switch in one VLAN then any devices on those 6 ports will be part of the same broadcast domain. These devices can be other switches, routers, hosts, etc.

Let's say you have a 3550 and assign 6 ports to VLAN 10 and create an SVI and give the SVI an IP. Then let's say you have 6 other switches that all have hosts that you want to be in the same broadcast domain as the SVI on the 3550. Make the 6 ports on the 3550 "access ports" via the "switchport access" command and connect the other 6 switches to the 3550. On the other 6 switches, just make the port going to the 3550 an access port via the "switchport access" command. The 3550 will think of the other switch as just some device. It won't care that it is a switch. The other 6 switches don't need any special VLAN config on them because all their ports are in the same VLAN by default (VLAN1). This includes the uplink port to the 3550. Thus when a host sends a frame on one of the 6 remote switches, the frame will go out all ports (including the port going to the 3550).

"One more thing. You said "just connect another switch or whatever to one of the 6 ports". I have fiberoptic connections coming to the 3550 (it's a classic switched network). So, can I connect 6 fiberoptic links to the 3550, make a SVI containing these 6 ports, assign an ip address to the SVI, then do the same thing on the other 6 ports (with different address of course), and route traffic between these two networks? And all that without creating any VLANs accross the network? "

Yep. The 3550 should automatically route between the two SVIs (I always enter the ip routing command just to be safe though). You should not have to create any VLANs on the other switches. Think of the VLANs as being local to the switch by default. What you are getting confused by I think is when you need to extend VLANs across multiple switches...when that is the desired goal, you use trunking.

-HTH

Bojan Zivancevic · ‎04-13-2004

Thanks!

It's all clear now. I forgot about "the default behavior", when all the untagged data is presumed to be in the same vlan - it would be our SVI vlan in this case. Unnecessary mystification goes on my account - vlans are just broadcast domains, it's a great definition that shouldn't be forgotten that easy. :)

You are right about trunking, I was confused. It would have to be done that way only if I would make some vlan members on the "other" side of their native SVI.

Anyway, thanks again, you really helped me.

gajoseph · ‎04-16-2004

Becareful, this all sounds good in theory but earlier implimations did not operated as one might initially expected, however, things may have changed. For example, if you find it is not working as expected, try to turn-off all the cisco automatic things like, CDP (Cisco Discovery Protocol), PaGP (auto channelling), DTP (auto trunking), I believe the 'switchport host' (I may have the syntax incorrect, and I am not sure if it turns-off CDP) would be the best to used.

The problem is that the cisco knows there is another cisco switch from these auto things and has in the past made decisions on forwarding frames depending on what the VLAN is configured on the other end, e.g. from CDP (I think both version 1 & 2, but it maybe only ver 2) a cisco switch can know what the other end cisco switch VLAN, therefore a switch with all ports set to default (VLAN 1), would not let frames forward out any port which has a remote cisco with its port set to VLAN 2, even if all port were set just to 'access mode' but without these auto things turned-off. There is very good reason for it to do this, especially related to avoiding potential STP (Spanning Tree Protocol) problems.

Ofcourse, some the auto things may have been useful to other networking tools you might be using, e.g. alot of network management tools use CDP to build topology/connectivity information/diagrams.

Bojan Zivancevic · ‎04-18-2004

Thanks for the info. I really planned to turn off CDP (it's a mixed network with not so many cisco boxes), but I wasn't aware of these other auto-things.

Anyway, it's great to see Cisco guys monitoring conversations and jumping in with such remarks!