Solved: Re: can you create a layer 2 sub-interface on a cisco switch?

baselzind · ‎05-07-2020

can you create a layer 2 sub-interface on a cisco switch? like an access port ? and if so please show me a sample

Giuseppe Larosa · ‎05-07-2020

no you cannot because sub-interfaces are a L3 concept they are logical interfaces sharing a main physical interface and that have a different L2 encapsulation ( a different VLAN-id in 802.1Q tag or a different DLCI value on a frame-relay serial interface).

In OSI L2 switches an interface can be member of a single VLAN if it is an access port or it can be member of multiple Vlans if it is a trunk port that allows those multiple VLANs.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎05-07-2020

Hello @baselzind ,

no you cannot because sub-interfaces are a L3 concept they are logical interfaces sharing a main physical interface and that have a different L2 encapsulation ( a different VLAN-id in 802.1Q tag or a different DLCI value on a frame-relay serial interface).

In OSI L2 switches an interface can be member of a single VLAN if it is an access port or it can be member of multiple Vlans if it is a trunk port that allows those multiple VLANs.

Hope to help

Giuseppe

baselzind · ‎05-07-2020

if i had sub interfaces between a switch and a router , does the sub-interfaces tag number need to be the same on both sides?

Giuseppe Larosa · ‎05-07-2020

Hello @baselzind ,

usually you have a L2 trunk on the switch side that allows a subset of the existing Vlans that should match not the subinterfaces numbers but their associated encapsulation.

on router side you have something like

int gi0/0

no ip address

int gi0/0.10

encapsulaton dot1q 10

ip address 10.10.10.1 255.255.255.0

the subinteface number can be different from the mapped Vlan-id in the enc dot1q command but usually they are kept the same for clarity in configuration.

on the switch side the command

int gi0/23

switchport

swithport mode trunk

switchport trunk allowed vlan 10,20,30,40

Note : the default is to allow all defined Vlans on a trunk on a cisco switch this will lead to send broadcast frames for all Vlans to the router that has no subinterfaces associated to them. So it is good practice to avoid this by manually configuring the list of permitted Vlans to match the encapsulations of the configured subifs on the router.

Hope to help

Giuseppe

baselzind · ‎05-07-2020

no im saying if the switch have sub-interfaces and the router have sub-interfaces , does the sub-interfaces number have to match? or only the encapsulaton dot1q numbers have to match?

Giuseppe Larosa · ‎05-07-2020

Hello @baselzind ,

I am sorry if I have not been clear.

The L2 switch cannot have subinterfaces.

A multilayer switch however can have SVI = switched virtual interfaces that are not sub-interfaces but logical L3 interfaces tied to the L2 VLAN. They are up/up if at least one L2 port either access or trunk is up/up and in STP forwarding state in yhe corresponding L2 VLAN. (that is the vlan with the same number in Cisco switches)

An SVI is an interface named like

interface vlan 10

desc SVI for L2 broadcast domain Vlan 10

ip address 10.10.10.2 255.255.255.0

no shut

and can be configured on a multilayer switch.

the physical interface to the router will be a L2 trunk exactly as explained in my previous post on this thread.

Hope to help

Giuseppe

baselzind · ‎05-07-2020

so i created trunk on the switch and a vlan and connected my pc to that vlan , and a sub-interface on the router that is connected to the switch trunk interface and gave it an ip from the same range as my laptop ip, but still i cant ping that sub-interrface ip from my pc? do i need a svi for this to work? what could i be missing? the sub-interface is up

Giuseppe Larosa · ‎05-07-2020

Hello @baselzind ,

you need to have two IP addresses in the same IP subnet and subnet mask in order to make ARP to work correctly.

also check if you have a firewall enabled on the PC that might block ICMP ping

You can use arp -g on the PC shell if it is windows based.

On the router you can use

show ip arp

to check if there is an entry for the IP address of the PC.

An SVI interface is not needed if the L2 switch just acts as a L2 switch. Ensure that the port you connect the PC to is assigned to the Vlan in access mode. Then configure the subinterface on the router as I have showed in previuos post.

Last do not modify the native vlan settings (by default the native vlan is vlan 1) or you need to do it on both ends the switch side and the router side.

Hope to help

Giuseppe

pkumari4 · ‎05-07-2020

Hello Baselzind,

As per my understanding, you have L2 switch where you have configured the VLAN and I hope you have connected the PC to an access port configured on the L2 switch.

Now coming back to your uplink connection, you have configured the trunk interface on the switch and connected it to the sub-interface on the router.(your PC and the router is in same network)

But still, you cant ping the subinterface from your PC, could you please share us the port configuration of the switch where the router is connected and also the PC port configuration.

>>Do I need a svi for this to work? what could I be missing? the sub-interface is up

As described above you can not create SVI on L2 switch, what you are missing in this I would be able to comment after seeing your configuration both switch end and router end.

Regards,

Priyanka