VLAN iNTERFACE IP

Samaj0101 · ‎02-03-2021

when I should give IP on VLAN Interface? I have 4 VLAN(VLAN 2,3,4,5) and 7 L3 Switch so what should I do to configure that?

Georg Pauwen · ‎02-03-2021

Hello,

what is the purpose of 7 L3 switches ? Typically, two (in e.g. an HSRP setup) would be sufficient. IP addresses would be assigned to SVI interfaces for each Vlan on those two L3 switches.

Martin L · ‎02-03-2021

First, To have access to L2/L3 switch in order to set it up and manage it, you give IP to interface vlan X. Without it, you have no access via Telent/SSH. But you have access via Console cable/port.

If you have L3 switch, you can do routing on that switch for vlans instead of doing routing on a router (so called ROAS, router-on-a-stick). Lovely name...ROAS ! For example: to have routing between vlan 2 and 4 and reach to/from vlan 2 and 4, but not for others, you do

Config t

interface vlan 2

ip address x.x.x.x m.m.m.m

no shut

interface vlan 4

ip address x.x.x.x m.m.m.m

no shut

If there is no interface vlan 3, 5, they will not be able to communicate to others, nor between them without a help from a router (switch you can add)

Regards, ML
**Please Rate All Helpful Responses **

Samaj0101 · ‎02-04-2021

How to allow server and internet to all VLAN?? which are the ways?

Richard Burts · ‎02-04-2021

To provide Internet access you need to have inter vlan routing for the various vlans/subnets in your network. for the subnets that should access the Internet the inter vlan routing should have a default route which would point to a router at the edge of your network. That router would connect to your ISP and would perform address translation for your traffic as it goes to the ISP.

HTH

Rick

Samaj0101 · ‎02-04-2021

can you give me example of that ??suppose switch 1 Ip is

vlan 1 ip 172.16.0.1/24,

vlan 2 ip is 172.16.10.1

|vlan 3 ip is 172.16.20.1

firewall ip is 10.0.0.1/24 (that port in switch 2,in switch there is also vlan 2,3)

and sevrer ip is 10.0.0.45/24(that port in switch 3,in switch there is also vlan 3,4,5)

Richard Burts · ‎02-05-2021

If the firewall is connected to switch 2 then it certainly makes sense to configure inter vlan routing on switch 2. It is not clear whether you also want to do inter vlan routing on switches 1 and 3. It could work that way or it could work with inter vlan routing only on switch 2.

If you intend to do inter vlan routing on the 3 switches then it would make sense to run a dynamic routing protocol between the switches, though it is possible to implement this with static routing. A starting point is that switch 2 (where the firewall is connected) should have a default route (probably a static default route, though it is possible that switch 2 might learn the default route using a routing protocol with the firewall). If you are doing inter vlan routing on 3 switches then switches 1 and 3 need a default route with switch 2 as the next hop. They might learn that default route via routing protocol or might have static default route.

You mention vlan 1 being in switch 1 and do not mention it in the other switches. Do 2 and/or 3 also have vlan 1 active in them? vlan 2 is active in switch 1 and 2 so switch 3 would need a route for that subnet. vlan 3 is present in all 3 switches so each switch can reach any destination in that vlan. vlan 4 and 5 appear to be active only in switch 3 so switches 1 and 2 would need a route to those subnets.

HTH

Rick

Scott Leport · ‎02-03-2021

Hi,

The layer 3 SVI's should be configured on whatever the default gateway of the network is. That could be a layer 3 switch or a router running router on a stick (as Martin L pointed out above), better to run it on a layer 3 switch if you can. The access layer switches within the network should have the VLANs configured at layer 2 and these switches would typically have only one layer 3 SVI configured for management purposes.

There is also an option of configuring switch ports as routed ports too, instead of SVIs. In order to do that, you would disable the switchport functionality of a switch, e.g:

int gi1/0/1

no switchport

ip address 192.168.1.1 255.255.255.0

Richard Burts · ‎02-03-2021

The original post asks a very open ended question "when I should give IP on VLAN Interface?" without giving much information about the environment. @Martin L makes a very important point when he says that basically there are 2 reasons to configure a vlan interface with an IP address:

1) to provide a management interface which supports remote access

2) to provide inter vlan routing

so +5 for that good observation.

We are told that there are 4 vlans and 7 switches. Beyond that we do not know anything about the environment. So it is fairly clear that each switch would have an SVI with an IP address for management purposes. The switches might have other SVIs with IP addresses if inter vlan routing is intended on the switch. How many of the 7 switches are intended to do inter vlan routing?

HTH

Rick

Samaj0101 · ‎02-03-2021

In 3 switches(172 n/w)I want to configure VLAN to divide my department and in all departments, I want to give access to only 2 servers and the internet and the other 4 switches(10 n/w) for biomatrix and camera so I don't want to create any VLAN for that. But one pc (from that 3 switches) collect data from other 4 switch and upload to live site so how to configure that?