Solved: Vlans and Default G/W

fotismark · ‎12-01-2017

I have a question regarding a design.

There is a switch A, Core....which has vlans only as Layer 3 Interfaces.

Interface	IP-Address	OK? Method Status	Protocol
Vlan1	unassigned	YES TFTP administratively down down
Vlan11	192.168.1.238 YES TFTP up	up
Vlan12	192.168.2.254 YES TFTP up	up
Vlan17	192.168.7.254 YES TFTP up	up
Vlan18	192.168.8.254 YES TFTP up	up
Vlan20	192.168.10.254 YES TFTP up	up
Vlan22	192.168.12.254 YES TFTP up	up
Vlan23	192.168.13.254 YES TFTP up	up
Vlan24	192.168.14.254 YES TFTP up	up
Vlan25	192.168.15.254 YES TFTP up	up
Vlan26	192.168.16.254 YES TFTP up	up
Vlan30	192.168.20.254 YES TFTP up	up
Vlan100	192.168.100.254 YES TFTP up	up	-

now on floor lets say 2cond they have Vlan 22 with all interfaces in it as access.

Also they have Vlan 100 Layer 3 interface as management of 192.168.100.22

What mind bogles me is the fact that they gave a Default Gateway on 2nd floor of 192.168.100.254 which is the management. Shouldn't they give the 192.168.12.254 a stated

on core switch L3 Vlan interface?

Thanks

Julio E. Moisa · ‎12-01-2017

Hi

The default gateway command is associated to the Management VLAN in this case it should be the gateway for the VLAN 100.

For example if your VLAN to manage the switches is:

VLAN 100 with network 192.168.100.0/24 and gateway 192.168.100.254

The configuration on the switches can be:

Core switch

vlan 100

interface vlan 100

description TO-MANAGE-SWITCHES

ip address 192.168.100.254 255.255.255.0

no shut

Access switch

vlan 100

name MGNT

interface vlan 100

description MGNT

ip add 192.168.100.5 255.255.255.0

no shutdown

ip default-gateway 192.168.100.254

You can have many SVI on the switches but just one should be used to manage the switches (and this VLAN should be used on all the access switches to keep an order), in certain way have multiple SVI does not make sense, you can create other SVI for testing. Usually 1 SVI is created to have control of the switch and to be able to reach it remotely you must create apply the ip default-gateway with the same network related to the SVI for Management. Basically it must be aligned to keep an order, you could have other SVI and change the ip default gateway to that network but you will have to reach the switch using that IP instead the Management VLAN IP.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

paul driver · ‎12-01-2017

Hello

The switch on that 2nd floor could have any interface from that L3 switch core as its mgt SVI /subnet and D/G as it just for remote administration purposes of that switch and not for the end hosts attached to the switch.

It wont affect what the devices attached and assigned to the access -ports of the L2 switch either as the traffic from those ports will be tagged upto the L3 switch and any traffic destined outside the source host subnet will get routed into the other vlans by the L3 switch

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

paul driver · ‎12-02-2017

Hello
That is correct the d/g of the users will be the L3 vlan address which in this case resides on the L3 switch and is associated to the vlan they are assigned to at the switchport level.

In theory the l2 access switch doesn’t even require a mgt address it only required for admin purposes

Red
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Julio E. Moisa · ‎12-01-2017

Hi

The default gateway command is associated to the Management VLAN in this case it should be the gateway for the VLAN 100.

For example if your VLAN to manage the switches is:

VLAN 100 with network 192.168.100.0/24 and gateway 192.168.100.254

The configuration on the switches can be:

Core switch

vlan 100

interface vlan 100

description TO-MANAGE-SWITCHES

ip address 192.168.100.254 255.255.255.0

no shut

Access switch

vlan 100

name MGNT

interface vlan 100

description MGNT

ip add 192.168.100.5 255.255.255.0

no shutdown

ip default-gateway 192.168.100.254

You can have many SVI on the switches but just one should be used to manage the switches (and this VLAN should be used on all the access switches to keep an order), in certain way have multiple SVI does not make sense, you can create other SVI for testing. Usually 1 SVI is created to have control of the switch and to be able to reach it remotely you must create apply the ip default-gateway with the same network related to the SVI for Management. Basically it must be aligned to keep an order, you could have other SVI and change the ip default gateway to that network but you will have to reach the switch using that IP instead the Management VLAN IP.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

fotismark · ‎12-02-2017

Hm, i had the impression that the DG of the users would needes to be the layer 3 vlan of those users belong to. And that the management vlan would have access someone with an ip, from that range. Becayse MGM vlan has a layer 3 ip on all floors, 100.11, 100.22, 100.33. But the main switch has all layer 3 vlas 1.254, 2.253, 3.254. My assumption would be be 1st floor gatewa1.254 and Interface vlan 100 192.168.11.254

Anyway, i need to do some review back on ccna :)

paul driver · ‎12-02-2017

Hello
That is correct the d/g of the users will be the L3 vlan address which in this case resides on the L3 switch and is associated to the vlan they are assigned to at the switchport level.

In theory the l2 access switch doesn’t even require a mgt address it only required for admin purposes

Red
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

paul driver · ‎12-01-2017

Hello

The switch on that 2nd floor could have any interface from that L3 switch core as its mgt SVI /subnet and D/G as it just for remote administration purposes of that switch and not for the end hosts attached to the switch.

It wont affect what the devices attached and assigned to the access -ports of the L2 switch either as the traffic from those ports will be tagged upto the L3 switch and any traffic destined outside the source host subnet will get routed into the other vlans by the L3 switch

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul