cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
446
Views
0
Helpful
5
Replies

Vlans & Interfaces

louis0001
Level 3
Level 3

I see a lot of switches configures with vlans & interfaces without IP addresses eg vlan 500 & int vlan 500

Now it may be a silly question (as I've never thought to ask it) but is there any need to have these interfaces on there rather than just have the vlan by itself?

Does having an unassigned interface waste resources or offer less security?

5 Replies 5

Hello,

 

each VLAN interface (SVI) uses an IDB (Interface Descriptor Block), and each IDB uses memory. How many do you have ? I can imagine someone putting them in the config to quickly see which VLANs are present.

Hi Georg,

I would guess you are 100% right with your assessment. There are multiple sites each with 6 vlans, an interface to match each vlan but only one interface (for management) with an IP address.

It's a tidy setup but the part I'm wondering about (and never asked) is..... is there any point? Is it good practice or pointless? Does it unnecessarily open any security issue eg less secure?

It's not doing any harm at the moment apart from adding some lines to the config....

Joseph W. Doherty
Hall of Fame
Hall of Fame
". . . is there any need to have these interfaces on there rather than just have the vlan by itself?"

It only makes sense to have SVIs when there's a reason for them on the device. (BTW, depending how you use them, you can create some interesting issues, for example, you may want to read up on unicast flooding, https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/23563-143.html?dtid=osscdc000283, which can be formed by two L3 switches having interfaces on the same network.)

"Does having an unassigned interface waste resources or offer less security?"

Yes, and yes. For the former, the "resources"are very small. For the latter, interfaces tend to provide a doorway to the device and to your network.

So, with the above in mind, should I look to remove the unassigned interfaces. They certainly ain't doing anything apart from mirroring the vlan setup.

If you have SVI, that serve no purpose, yes, you might remove them.
Review Cisco Networking for a $25 gift card