First I am a bit puzzled

clark white · ‎02-07-2017

Dears

i have a 4500 switch with 2 vlans 2 & 3, int vlan 2 for managment and layer 2 vlan3 only for access ports, as soon as i create a int vlan 3 and give a ip address to the int vlan 3 after a exec-timeout i loose the connectivity to the switch managment vlan , i have to access it from the vlan 3 ip address, why that so can anybody help me to know,i have a default-gateway pointing to firewall

thanks

Reza Sharifi · ‎02-07-2017

Hi,

If the switch is used as a layer-2 device only, than you only need one management subnet/IP.

It also maybe that after creating an svi for vlan 3, that will replace vlan 2 svi and what is why you lose connectivity to the switch. Can you verify if both SVIs exist at the same time and both vlans are on the trunk to the firewall?

What are the IP segments for each vlan?

HTH

Richard Burts · ‎02-07-2017

I believe that Reza is on the right track. A switch that is doing layer 2 forwarding (ip routing not enabled) needs only a single SVI. I have had the experience of a layer 2 switch configured with multiple SVI. It allows multiple SVI to be configured but the most recently configured interface is the only active SVI. The output of show ip interface brief might be helpful. I suspect that it will show that the older SVI is down and the more recent SVI is the one that is up.

HTH

Rick

HTH

Rick

Julio E. Moisa · ‎02-07-2017

Hi

That is weird you should not lost connectivity if other SVI is created unless the gateway IP for management vlan changed on the following command ip default-gateway <gateway IP for management vlan> on the switch or something changed under a trunk.

Please share your current config if it is possible.

thanks

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

clark white · ‎02-08-2017

Dears,

It is a 4507 switch with sup 7 it is a layer 3 switch, it is working as a layer 2 without any routing but when i create vlan 3 interface it losses it connectivity,

i have a default-gateway to the firewall and also i have a default route pointing to the firewall while having both in the running configuration still i am not able to access when there are 2 interfaces,

attached is the configuration.

Julio E. Moisa · ‎02-08-2017

Your config looks fine, but I'm going to make a double check.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Richard Burts · ‎02-08-2017

First I am a bit puzzled about why you are configuring another vlan interface with an IP address. Clearly this switch is operating as a layer 2 switch (ip routing is not enabled). And it has what appears to be a functional vlan interface for management in vlan 47. So why are you configuring another layer 3 vlan interface and giving it an IP address?

Your comment in the post mentions a default route. I do not find any default route in the posted config. If there were a default route configured it would do no harm but it also would do no good. The default route would be used only if you enable ip routing. So the configured default gateway should be sufficient as long as you do not enable ip routing.

If you want to continue to investigate this then I will repeat my request that you configure the second vlan interface with an IP address and then do show ip interface brief and post the output.

HTH

Rick

HTH

Rick

Layer SVI interface