cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7266
Views
1
Helpful
20
Replies

VLANs in " sh VLAN " and running config to not match

JohnW63
Level 1
Level 1

When I run the " sh VLAN  " the command which shows the VLANs what is active and what it is described does not match what the "sh run" command shows me as defined. I have one VLAN in the " sh VLAN " command that doesn't even exist in the running config. 

 

How does this happen ? How does the one not even defined in the running config work at all ? 

20 Replies 20

Here are several points that I hope will be helpful:

- if there is a vlan there will always be a layer 2 entity for that vlan. There might or might not be a layer 3 entity for the vlan. In other words it is possible to have a layer 2 vlan without the layer 3 part, but it is not possible to have the layer 3 part without the layer 2 part.

- as we send data through our networks we should remember that every data packet has some layer 2 information and some layer 3 information. Some of our devices forward that data paying attention only to the layer 2 information. We generally call these devices switches (or to be precise they are layer 2 switches). Some of our devices forward that data paying attention to both layer 2 and layer 3 information. We call these devices layer 3 switches or routers.

- when you configure a vlan you are inherently enabling layer 2 forwarding. When you configure interface vlan x you are inherently enabling layer 3 forwarding for that vlan. If the device has interface vlan x and interface  vlan y it implies that you want the switch to be able to forward packets between vlans using their layer 3 information. (and that requires that ip routing be enabled on the switch)

- generally there is a one to one relationship between vlans and subnets. So each vlan usually has 1 subnet and each subnet is in 1 vlan. It is possible (but not usual) for a vlan to have more than 1 subnet. If you take 1 subnet and attempt to put it into 2 vlans you have created a problem.

 

I am wondering about this statement " before I change a \21 subnet into eight \24 subnets". That implies that there is a very large vlan which has lots of IP hosts in it. You could separate it into 8 subnets. But I wonder why you would do that? And if you create 8 subnets but leave it as 1 large vlan then you may not be accomplishing what you thought you were. For most of us if we say that we have 8 subnets it implies that it is 8 separate groups of hosts and that we can control which ones can communicate with which other ones. But if they are all in the same vlan then it is possible that any host in 1 subnet could communicate with hosts in other subnets and we could not control it. If you want to divide into 8 subnets I would think you would also want to divide into 8 vlans.  

 

 

HTH

Rick

Richard,

 

Thanks for the further explanation. To help clarify what I have been asked to do, I'll roughly describe our environment.

 

We are a k-12 school district with about 14 school sites/admin locations. Each site has it's own IP ranges and VLANs of course. At the Data Center, which lives at one of the Admin sites, the network range is a /21. It was just set that way from long ago. I don't know why.  We have less than 100 IP in use. I was just a tech then. It is on a different range than the IPs for the rest of the site, but it is way bigger than we need. We are getting a new server cluster installed ( probably about 60-70 virtual machine setup ) and the boss wants to see if we can be more granular in where all our devices live and setup better security. So, I needed to figure out the impact of doing this and make sure what might get stuck in the wrong subnet , if I break it up. That's why I was on the IP to VLAN match up kick. 

 

Thanks for the additional information. In the /21 where you have only about 100 devices active, are the IP addresses assigned using DHCP or are the host addresses hard coded? For the server cluster I would think that you should be able to identify a range of addresses that are not currently used. If you create a new vlan for the server cluster, assign the subnet of the range of addresses not currently used for that vlan interface I would think you could deploy the server cluster with minimal impact on the rest of the network.

HTH

Rick

Richard,

That is my thought too. Since they are servers in a VCenter cluster, I believe they are all manually set to IPs. I did a export from VCenter and put the IP and server name in a spreadsheet and pointed out to my boss that not ALL of them are in the same IP range, if I were to break it up. ( They are within the range of a /21 network, but not in a smaller /24 network. ) We also have our firewall and a few servers that live in the DMZ that are in there own range, but that is well outside the network we are subnetting. I need to verify with them why a few servers are in different IP ranges and if they are going to stay there. I also need to find out what subnets will be talking to each other in same way. 

I thought that I understood that this server cluster was a new installation and so I assumed that it would have new IP addressing, and assumed that these new addresses would all be in a somewhat compact block. Probably we have all learned lessons about assumptions. So any further information you can provide about the server cluster would be helpful.

 

In an earlier post you mentioned the possibility of breaking up the existing /21 and creating 8 /24s. While that could certainly be done it would be a much larger scale project and would increase the chances that it might have negative impact on some existing devices in the network. I would suggest that as much as possible you keep the addressing and routing for the new server cluster separate from the existing addressing. 

HTH

Rick

Excelent!!!!! that answer was my solution! Thanks!

Review Cisco Networking for a $25 gift card