Hi Josh,

If I understand you correctly, you are asking about when is it necessary to create an interface Vlan for a particular VLAN and configure it with an IP address. To answer this question, we need to look at what a switch conceptually consists of.

A managed switch, such as Cisco Catalyst 2960, is really a combination of a switching hardware and a computer that runs the IOS, sets up and controls the hardware, and runs all the control/management plane protocols such as STP, VTP, CDP, Telnet/SSH, SNMP, etc. Essentially, it's a host and a switch in a single box. Now, the host (the computer) inside your switch, just like any external host, can be made a member of a particular VLAN. In such case, its connection to that particular VLAN is exactly the interface Vlan, and the address on that interface is in fact the address of the host in that VLAN.

Why would you want the internal host to be connected to one particular VLAN? Well, this would allow it to become yet another IP-reachable machine in that VLAN, allowing you to access the entire switch remotely via Telnet, SSH, HTTP, SNMP - you name it. You could manage it remotely, and that is why such a particular VLAN is then called the management VLAN. And of course, because you could be talking to that switch from a different subnet than the management VLAN, the switch would also need to be configured with a default gateway address to be able to send its own responses back to you. Obviously, you can have only a single gateway, and it would need to fall into the IP space of the management VLAN - but this is IP basic, there's no exception to this rule.

Now, some more sophisticated switches allow you to actually configure multiple interface Vlan interfaces, one for each VLAN. This would essentially make the host inside your switch to become a member in all these VLANs. Now you could ask why would you want to do that - and the answer is, you would do this if the switch was a so-called multilayer switch that was also capable of L3 routing between different IP subnets. In such case, just like a router, the internal host would need to be connected to all VLANs it is going to route between, and then it would essentially act like a router. Its addresses configured on different interface Vlan interfaces would essentially become the default gateway addresses for external hosts in respective VLANs.

Of course, if doing router-on-stick, none of this is really necessary, and that's why it worked for you just fine.

Usually, as a matter of rule, on L2-only switches, you would configure at most one interface Vlan for the one chosen management VLAN to allow you to manage the switch remotely over the network. On L3 switches capable of both routing and switching, you would configure multiple interface Vlan for each VLAN you have and intend to provide routing for. With L3-capable switches, you wouldn't be doing the router-on-stick; instead, the L3 switch would do the inter-VLAN routing itself.

You also need to distinguish between a VLAN and an interface Vlan. A VLAN is a logical broadcast domain - a group of ports allowed to talk to each other directly, just like on an ordinary switch. An interface Vlan is a link between the internal computer in a Cisco switch and a particular VLAN, and allows the internal computer to become a member of that particular VLAN, essentially becoming a host in that VLAN. You need it either for remote management, or for inter-VLAN routing if the switch is capable of L3 switching.

You're welcome to ask further!

Best regards,
Peter