Changing Lives One Smile At A Time!

Switches and Default Gateways


Introducing To SVI

While our L2 switches don’t perform routing (they just switch and that’s all they do), we still need an IP address (a L3 address) on that switch in order to remotely connect to said switch.( we want to configure it without actually having to go to the switch , connect to the console port , etc.  It’s a lot easier and a lot more efficient use of time to do remote connections )

That IP address will be configured on the switch’s remote management interface, sometimes called just “management interface”, and that interface is one that doesn’t physically exist!! But don’t worry about that.

I’m going to tell you about the switch we’re on.

It’s a Layer2 switch. It has 24 Fastethernet ports and 2Gig Ethernet ports, a console port and a couple of buttons and flashing lights and that kind of thing. But there is no interface that’s called VLAN.

Near the bottom of the config as you can see, there is ‘interface VLAN1’ and it has no IP address on it and it’s just sitting there. But where is it coming from?

Well it is indeed a logical interface. It does not physically exist, and this is what we call a “switch virtual interface”  or  “SVI” .

We use these more commonly on multilayer switches. This SVI is on every Cisco switch by default (Layer2 or otherwise)

You need this IP address on here to be able to telnet or SSH to the switch or however you want to remotely connect to it because sooner or later in that process probably at the very beginning, you’re going to be asked for an IP address or you’re telnetting too.

You need an IP address and the IP address is going to be configured on this interface in just a moment the same way we configure one on a physical interface. There’s no difference whatsoever.

Note: You’re not tied to using VLAN1 (interface VLAN1) as the switch management interface or the remote management interface.

You could create another SVI and use that one.

We’re going to create another SVI on the switch because it’s a hard core rule of SVIs that you have to know that doesn’t come up with the VLAN1 very often.

Let’s do ‘show interface vlan1’

As you see, this one is up and up.

Now with SVI s, I want to tell you the theory with SVI is that you have to do a ‘no shut down’ on it, and I found that to be the case more often that not, but sometimes when I write array switches which I did with this one before this lab and I bring it up, you’ll see ‘VLAN1 is up. Line protocol is up’, and this is exactly the combination that we want. You’re going to hear the phrase “up and up” a lot especially in this section, and whenever I say you need a port that’s up and up, or SVI that’s up and up, the first part of that VLAN1 is up refers to the physical state of the interface and the second part (line protocol is up) refers to the logical state of the interface. ( That’s true on switches and routers as well.)

More often on switches when you have a problem, it’s going to be a physical issue and you’ll see something like ‘Fastethernet0/1 is down’ or ‘line protocol is down’ or something like that.

I’ll show you several different combinations there and what to look for in the troubleshooting section, but I want to mention this to you now. Up and up is the goal. That’s what we’re looking for.

So let’s go ahead and put an IP address on here.

Typically you’d have to do another ‘no shut’ after that ( not every time! But it never hurts.)

So what I want to do with this lab is with this switch we’re going to let the switch use outer110.1.1.1 as its default gateway, and Router1’s interface is 10.1.1.1/24. It has been configured.

So we’re ready to go there.

And that’s it as far as the SVI goes. That’s all we really need is that IP address. What I want to do now, is go ahead and configure a default gateway on here as well, and switch is going to use the default gateway the same way a host does, and we talked about that in the last section. A host looks at a packet and says:” I don’t know where to send this. I’ll send it to my default gateway.”   That’s what a switch is going to do. A switch will be able to switch some stuff locally but other things it gets, it might just say : “ hey, I’m sending to this address and let that guy figure it out.” , and that’s what the default gateway really is.

Now we’re going to look at this in the IP routing table and you may think “well we’re on Layer2 switch, Why do I have an IP routing table anyway?”

Frankly it’s not much of one. This is what you have:

And we’re really not interested in the gateway stuff. The only thing we’re really interested in right now is seeing that default gateway is 10.1.1.1 , and if I were on a multi-layer switch, enable Ip routing and ran this command, I would see the same IP route table that we saw on a router. But this is what you’re going to see on Layer2 switch.

So let’s go ahead and send a ping because this is the first thing you want to do after you configure a default gateway. Because if you don’t have the basic connectivity to the default gateway, something is wrong with the config or maybe the default gateway port you’re pointing to is closed, maybe it’s got another IP address on it, something is wrong if these pings don’t go through.

Anyway, our ping went through, no problem at all.

You might lose a couple of ping packets there at the beginning on occasion, but here the pings went 100% all the way through, and we are ready to go with that default gateway.

So here we go. We’ve got interface VLAN1, we’ve got our switch management interface setup ( our SVI ) , got the first one with our IP address and we’ve got a default gateway.

So next up, we’re going to use telnet to connect to this switch from that router (R1)

But before that, let’s create an SVI ( a non-default SVI ) and something here I want to point out to you along the way.

Creating a Non-Default SVI

I want to give it the same IP address that I’ve given VLAN1, so first I’m going to go to that interface:

> int vlan 1

and again if you just want to take an IP address off -shut an SVI down- you can use the same command as you would on a physical interface.

> no ip add > shut

I didn’t know IP add , and I shut , and I didn’t have to do the shut down but I did it anyway.

And you can see the state goes to “administratively down” ( remember that phrase! ) and then line protocol change state to down.

So now let’s go out to interface VLAN 10 and I’ve configured and … :

That’s an odd message! Interface VLAN10, changed state to down.

What did I do?

I haven’t done anything except enter the command ‘interface vlan 10’ ! That’s it!

Haven’t put an IP address on it, Haven’t opened it up, Haven’t even done a ‘show’ command yet to see if I need to open it, and I’ve gotten a message that says ‘changed state to down’

I haven’t done anything yet except creating a SVI !

So you know it had to be something in there!

Let’s go and finish the config:

> show int vlan 10

It says “down and down”! so that’s not good.

 I’ve hardly configured anything so how can it be down?

Let’s use a Microsoft solution(reboot):

  • conf t > int vlan10 > shut > no shut (re-open it)

On occasion resetting a port works.

It changed state to administratively down, and then as a result od me doing a ‘no shut’ , the latest message you’ve gotten is ‘interface vlan10 changed state to down’

So let’s do the ‘show’ command one more time.

  • > show vlan 10

As you could see at the top, it’s down and down!

Here’s the rule about SVIs that you have to keep in mind: When you create an SVI, for it to be up and up, you have to have a physical port on that same switch in that VLAN, and that port has to be up and up. Otherwise your SVSI is going to fail. Did you notice that when I created the SVI for VLAN10 , that VLAN10 itself was not dynamically created? Because if we put a port into a VLAN that doesn’t exist yet and we saw this earlier, what happens is that the switch creates the VLAN. If you create an SVI for a VLAN that doesn’t exist yet, the switch squat for it. You got to do it all yourself.

So what we will do here is ‘show cdp neighbor’ to do a verify.

I’m going to take that other port from Router1 ( the one that’s connected to a local fastethernet0/4 and I’m going to put that in VLAN10.

And just for fun before I do so, we see at the very top line, that particular interface is up and up. So let’s do this:

  • > conf t >   int fast 0/4 >

I’ll go ahead and make it an access port while I’m here.

  • > Switch mode access  >    

So it belongs to one VLAN and one VLAN only, and that would be VLAN10

  • > Switch access vlan 10

We got that message again: access VLAN does not exist. Creating vlan10

So now the VLAN that the SVI is going to represent, exists . now we do have a port in that particular VLAN that is up and up.

So now let’s run ‘show int vlan 10’

We seem to be getting somewhere, because that top line now says ‘vlan 10 is up. Line protocol is down.’    We know the first part of that message refers to the ohysical state of the interface. The physical problem was VLAN10 didn’t exist and there was no physical port in it, and you just noticed we got a message about line protocol and VLAN10 changed state to up. Here is the real world lesson that I want to share with you. You’ve got that theory for an SVI to be up and up. It must represent a VLAN that exists and has a port in it that is up and up. Also notice that when you resolve that issue, the SVI physically came up almost immediately, but the line protocol took 15-20 seconds and we’re so used to the physical interface coming up and the line protocol coming up 1-2 seconds later that you start thinking “ hey something wrong!”  . well something is NOT wrong , but just give it a little extra time there ( 15-20 seconds) and you’ll be fine.

Leave a Reply

Your email address will not be published. Required fields are marked *