cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2691
Views
5
Helpful
8
Replies

3750 vlan interface

Hi,

Is there way to create a vlan interface that wouldn't be routed, like on a layer 2 switch ?

I'd like to use this interface on a layer 2 isolated network, only to managed the c3750 by ssh.

Thanks.

1 Accepted Solution

Accepted Solutions

ardhuin-s wrote:

sorry, I wasn't clear about the deploment :

I have a c3750 stack with 10vlans and 8 interfaces vlan :

Vlan1                  10.114.253.254  YES NVRAM  up                    up     
Vlan2                  10.114.1.254    YES NVRAM  up                    up     
Vlan10                 10.114.10.254   YES NVRAM  up                    up     
Vlan11                 10.114.11.254   YES NVRAM  up                    up     
Vlan12                 10.114.12.254   YES NVRAM  up                    up     
Vlan249                10.114.249.254  YES NVRAM  up                    down   
Vlan250                10.114.250.254  YES NVRAM  up                    up     
Vlan252                10.114.252.254  YES NVRAM  up                    down

with the "ip routing" activated

So there's a route created automatically for the vlan interfaces/subnet :

     10.0.0.0/24 is subnetted, 6 subnets
C       10.114.10.0 is directly connected, Vlan10
C       10.114.11.0 is directly connected, Vlan11
C       10.114.12.0 is directly connected, Vlan12
C       10.114.1.0 is directly connected, Vlan2
C       10.114.250.0 is directly connected, Vlan250
C       10.114.253.0 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 10.114.250.1


I'd like to create an interface vlan 254 with an ip address that would not appear in the routing table.

I don't want the subnet of vlan 254 to be routed by the c3750 stack.


The global routing table will contain all the routes.  If you want to have a separate routing table for your management only, then you need to create a VRF and put your management vlan in that VRF.  This way you have complete separations between global and VRF tables.

HTH

Reza

View solution in original post

8 Replies 8

Reza Sharifi
Hall of Fame
Hall of Fame

Hello Stephane,

Yes, you can.

Switch# configure terminal

Switch(config)# vlan 20

Switch(config-vlan)# name test20

Switch(config-vlan)# end

http://www.ciscosystems.ch/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_sec/configuration/guide/swvlan.html#wp1196935

HTH

Reza

Thank you for your answer but this would only create a vlan, wouldn't it ?

I'd like to have an interface vlan with an IP address to which I could connect using ssh.

and I also want this interface vlan NOT to appear in the routing table.

This will create the vlan on the switch, but if I'm reading the post correctly, the vlan already exists on the switch and Stephanie just wants to add an IP'd interface within that vlan that she can ssh to for switch management.

If that is correct then yes there is no problem with doing that.  What I'm more focused on is what is the routing concern?  I'm assuming that the default gateway for the subnet that exists within this vlan is on another device.  If that is the case there wouldn't be any danger to doing what you suggest.  Just make sure that if there is a DHCP server assigning IPs within that subnet, that you IP your vlan interface outside the DHCP scope as to avoid IP conflicts.

Without have a better understanding of your deploment it is tough to offer any advice more specific than that.  I hope that helped.  Perhaps you could post some additional details about your deployment and what your routing concerns are.

Regards,

Dave

sorry, I wasn't clear about the deploment :

I have a c3750 stack with 10vlans and 8 interfaces vlan :

Vlan1                  10.114.253.254  YES NVRAM  up                    up     
Vlan2                  10.114.1.254    YES NVRAM  up                    up     
Vlan10                 10.114.10.254   YES NVRAM  up                    up     
Vlan11                 10.114.11.254   YES NVRAM  up                    up     
Vlan12                 10.114.12.254   YES NVRAM  up                    up     
Vlan249                10.114.249.254  YES NVRAM  up                    down   
Vlan250                10.114.250.254  YES NVRAM  up                    up     
Vlan252                10.114.252.254  YES NVRAM  up                    down

with the "ip routing" activated

So there's a route created automatically for the vlan interfaces/subnet :

     10.0.0.0/24 is subnetted, 6 subnets
C       10.114.10.0 is directly connected, Vlan10
C       10.114.11.0 is directly connected, Vlan11
C       10.114.12.0 is directly connected, Vlan12
C       10.114.1.0 is directly connected, Vlan2
C       10.114.250.0 is directly connected, Vlan250
C       10.114.253.0 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 10.114.250.1


I'd like to create an interface vlan 254 with an ip address that would not appear in the routing table.

I don't want the subnet of vlan 254 to be routed by the c3750 stack.

ardhuin-s wrote:

sorry, I wasn't clear about the deploment :

I have a c3750 stack with 10vlans and 8 interfaces vlan :

Vlan1                  10.114.253.254  YES NVRAM  up                    up     
Vlan2                  10.114.1.254    YES NVRAM  up                    up     
Vlan10                 10.114.10.254   YES NVRAM  up                    up     
Vlan11                 10.114.11.254   YES NVRAM  up                    up     
Vlan12                 10.114.12.254   YES NVRAM  up                    up     
Vlan249                10.114.249.254  YES NVRAM  up                    down   
Vlan250                10.114.250.254  YES NVRAM  up                    up     
Vlan252                10.114.252.254  YES NVRAM  up                    down

with the "ip routing" activated

So there's a route created automatically for the vlan interfaces/subnet :

     10.0.0.0/24 is subnetted, 6 subnets
C       10.114.10.0 is directly connected, Vlan10
C       10.114.11.0 is directly connected, Vlan11
C       10.114.12.0 is directly connected, Vlan12
C       10.114.1.0 is directly connected, Vlan2
C       10.114.250.0 is directly connected, Vlan250
C       10.114.253.0 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 10.114.250.1


I'd like to create an interface vlan 254 with an ip address that would not appear in the routing table.

I don't want the subnet of vlan 254 to be routed by the c3750 stack.


The global routing table will contain all the routes.  If you want to have a separate routing table for your management only, then you need to create a VRF and put your management vlan in that VRF.  This way you have complete separations between global and VRF tables.

HTH

Reza

creating a vrf to separate the routing tables would be an option.  Then you would just create your vlan interface with the ip vrf forwarding to place that interface in the vrf.

What is your motivation behind keeping the management interface out of the routing table?  If you are just trying to lock down access to management you can do that with access lists on your vty lines.  It would be much less complicated and easier to manipulate if you ever need to add remote access.

I guess adding a vrf would be the best option here, because my managment interface is not on the same side of the firewall then the other vlan interfaces. And I do not want to bypass the firewall.

Thank you both for your help.

Glad we could help!  Good luck

Regards,

Dave

Review Cisco Networking for a $25 gift card