cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9854
Views
18
Helpful
14
Replies

Internal Vlan usage for routed port

cviegas2010
Level 1
Level 1

About this statement :

"Each routed port on the switch creates an internal VLAN for its use. These internal VLANs use extended-range VLAN numbers, and the internal VLAN ID cannot be used for an extended-range VLAN. If you try to create an extended-range VLAN with a VLAN ID that is already allocated as an internal VLAN, an error message is generated, and the command is rejected."

Question: Why routed ports creates an internal vlan for its use?

2 Accepted Solutions

Accepted Solutions

Hello Cristiano,

the switch supports only 1005 of a range of 4094 possible Vlans.

the reason for using an internal Vlan id for a routed port is probably related to implementation choices that may provide the capability to re-use already existing ASIC/chips as a C3560 is an hardware based multilayer switch.

So a routed port can be emulated by assigning the physical port to a vlan not used on other ports and associating the L3 interface to it.

so the sentence has to be read:

each routed port you define on it use an internal Vlan-id and counts for the maximum of 1005 L2 Vlans

the configuration guide recommends to avoid to have more then 256 Vlans defined on the switch and you need also to take care of STP limitation of 128 STP instances

Hope to help

Giuseppe

View solution in original post

Giuseppe,

That is a great answer. I absolutely agree. Routed ports are simply a "hack" - instead of manually creating a separate VLAN, assigning a single port to it, deactivating some of the L2 management protocols on the port, creating a SVI for that VLAN and performing all IP-related configuration on the SVI, the no switchport command simply makes it possible for you to configure the same functionality directly on a physical port with less hassle - but the internal processing does not change.

The 3560 usually assign the internal VLAN IDs starting from 1006 if I am not mistaken, and proceed upwards. On some platforms (not on 3560, though), this can be changed using the command vlan internal allocation policy descending, in which case the internal VLAN IDs should be allocated from 4094 downwards.

For 3560 and similar series, because of their ascending policy of allocating internal VIDs, it is therefore recommended that if extended-range VLANs are to be used, they should be numbered from 4094 downwards to minimize the possibility of conflict with already-existing internal VLANs.

Best regards,

Peter

View solution in original post

14 Replies 14

Surendra BG
Cisco Employee
Cisco Employee

Hi,

It will be of great help if you could lemme know from where did we get that info from!!

Coz this is wat i know about Routed ports!!

A  routed switch port is a physical switch port on a multilayer switch  that is capable of Layer 3 packet processing. A routed port is not  associated with a particular VLAN, as contrasted with an access port or  SVI.

The  switch port functionality is removed from the interface. A routed port  behaves like a regular router interface, except that it does not support  VLAN subinterfaces. Routed switch ports can be configured using most  commands applied to a physical router interface, including the  assignment of an IP address and the configuration of Layer 3 routing  protocols.

A routed switch port is a standalone port that is not associated with a VLAN, whereas  an SVI is a virtual interface that is associated with a VLAN. SVIs  generally provide Layer 3 services for devices connected to the ports of  the switch where the SVI is configured.

most of the time Routed port is used for connection between the devices

Lemme know if this naswered ur question and please feel free to reply back!!

Please dont forget to rate the usefull posts!!

Regards

Surendra

Regards
Surendra BG

Surendra,

Read this document and you will understand my question.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_58_se/configuration/guide/swvlan.html

Section : Configure Vlans =>Configure Extended-range Vlans

regads,

Cristiano Viegas

Hello Cristiano,

the switch supports only 1005 of a range of 4094 possible Vlans.

the reason for using an internal Vlan id for a routed port is probably related to implementation choices that may provide the capability to re-use already existing ASIC/chips as a C3560 is an hardware based multilayer switch.

So a routed port can be emulated by assigning the physical port to a vlan not used on other ports and associating the L3 interface to it.

so the sentence has to be read:

each routed port you define on it use an internal Vlan-id and counts for the maximum of 1005 L2 Vlans

the configuration guide recommends to avoid to have more then 256 Vlans defined on the switch and you need also to take care of STP limitation of 128 STP instances

Hope to help

Giuseppe

Giuseppe,

That is a great answer. I absolutely agree. Routed ports are simply a "hack" - instead of manually creating a separate VLAN, assigning a single port to it, deactivating some of the L2 management protocols on the port, creating a SVI for that VLAN and performing all IP-related configuration on the SVI, the no switchport command simply makes it possible for you to configure the same functionality directly on a physical port with less hassle - but the internal processing does not change.

The 3560 usually assign the internal VLAN IDs starting from 1006 if I am not mistaken, and proceed upwards. On some platforms (not on 3560, though), this can be changed using the command vlan internal allocation policy descending, in which case the internal VLAN IDs should be allocated from 4094 downwards.

For 3560 and similar series, because of their ascending policy of allocating internal VIDs, it is therefore recommended that if extended-range VLANs are to be used, they should be numbered from 4094 downwards to minimize the possibility of conflict with already-existing internal VLANs.

Best regards,

Peter

Peter,

Thanks so much for your answer.

Regards,

Cristiano Viegas

Giuseppe,

Thanks so much for your answer.

Regards,

Cristiano Viegas

Hello,

I know this post is quite old but I wanted to clarify this question. I am currently studying for the CCNP SWITCH exam and came across this exact line of inquiry during my studies. This is how I understand it please let em know if I am wrong:

When you create a layer 3 routed interface via the "no switchport" command on a MLS, the switch is actually assigning an extended range vlan # to the newly created Layer 3 physical interface, and accomplishing the routing via a form of SVI implementation. But instead of actually creating the vlan manually and manually assigning an ip address to it, you can simply assign an ip address to the physical port on the switch but it processes the routing the same way it would a virtual interface. Correct?

HTH.

Chris.

Hello Chris,

But instead of actually creating the vlan manually and manually  assigning an ip address to it, you can simply assign an ip address to  the physical port on the switch but it processes the routing the same  way it would a virtual interface. Correct?

Quite correct, plus the following facts: The no switchport command issued on an interface will deactivate the protocols used for Layer2 switching on this interface, such as STP, VTP, and DTP. There are no "switchport" characteristics to this port anymore (e.g. access/trunk/dynamic mode, voice VLAN, etc.). In fact, this interface starts behaving like a classic router port on a router. On lower layer Catalyst platforms, you can not create subinterfaces on this port, contrary to routed ports on routers. Higher-level Catalyst platforms allow even subinterfaces to be configured on these routed ports (in which case more internal usage VLANs are being created).

Feel welcome to ask further!

Best regards,

Peter

Hello Chris,

for CCNP level of study you are probably fine considering the routed port as a L3 port not belonging to any L2 Vlan.

The fact that an internal Vlan is actually allocated as discussed in this thread explains how this is implemented in multilayer switches, but the concept is that a port with no switchport does not run any L2 signalling protocol like STP, DTP and VTP as noted by Peter.

I would expect this concept to be the focus for CCNP switch questions on routed ports versus l2 ports.

In old times at CCNP level books there was no mention of the real implementation of routed ports,

I don't know if this aspect is now explained.

Hope to help

Giuseppe

Peter, Giuseppe,

Thank you so much for your feedback and input. I realize now that as soon as you apply the "no switchport" command that an extended range vlan # is assigned to that port as an "internal vlan" After further studying I have come to the conclusion that the "internal vlan" is really just a way for the switch to allocate resources to the newly created layer 3 interface. I believe I was wrong to assume that the internal vlan was actually doing the routing. If it was you would see the extended range vlan # in the routing table as a routable interface, and not the actual layer 3 switchport. Correct?

Thanks.

Chris.

Hi Chris,

I believe I was wrong to assume that the internal vlan was actually  doing the routing. If it was you would see the extended range vlan # in  the routing table as a routable interface, and not the actual layer 3  switchport. Correct?

Not really - you see, if the switch can hide the SVI that is created for the particular internal VLAN in the running-config, it can also hide it from the output in the routing table and display the name of the routed port instead. What really goes inside the switch can be a matter of debate. Technically, the following configuration:

interface FastEthernet0/23

no switchport

ip address 192.0.2.1 255.255.255.0

is identical to:

interface FastEthernet0/23

switchport mode access

switchport access vlan 1006

switchport nonegotiate

spanning-tree bpdufilter enable

spanning-tree portfast

no vtp

!

interface Vlan 1006

ip address 192.0.2.1 255.255.255.0

assuming the VLAN 1006 is the internal VLAN allocated for this port. So this is how visualize the internal workings of the switch when a routed port is configured. The switch can hide commands in the running-config and it can hide the SVI for the internal VLAN in all outputs, replacing it with the name of the routed port instead, but this is - at least to my understanding - how it is implemented internally.

Best regards,

Peter

Peter,

Thank you for this! My mind is officially blown! So my initial assumptions that the assignment of the internal vlan is the means by which the newly created layer 3 interface is able to perform routing. So in a sense it is a form of SVI implementation. Thank you so much for all your feedback. I really appreciate it!

All the best.

Chris.

Dear all,

its recommended to change internal vlan id that had been used ? i'm planning to move vlan id from me3600 box to c7609 that had been used for internal vlan id on c7609 ...

or i should change to new vlan id

thanks

Giarto,

To my knowledge the vlan # you use is arbitrary aside form the fact that is HAS to be an extended range vlan (1006-4049). Although I am not sure if one actually has control over which extended range vlan can be used as an internal vlan. I will have to look that up. If it is possible to control which extended range vlan is used as the internal vlan then for the sake of continuity I would try to use the same vlan # as long as it is not already being used by another config. Also, be aware that depending on the command (config)# vlan internal vlan allocation policy ascending/decending, will affect the direction in which the switch allocates extended range vlans to be used as internal vlans for layer 3 switchports. To confirm which one is being used use the Show vlan internal usage command.

HTH.

Chris.

Review Cisco Networking for a $25 gift card