[afnog] VLANs on Cisco Catalyst 2950

Brian Candler B.Candler at pobox.com
Fri May 26 15:31:33 EAT 2006 

On Fri, May 26, 2006 at 01:46:24PM +0200, Bruce Zamaere wrote:
> If I am on the switch through a console cable. I have set up ip on
> each vlan interface why can I ping interfaces on the same switch? I
> thought this would be ideal for troubleshooting purposes. How does the
> IOS actually use the VLAN interfaces if they are shutdown? I find this
> a bit confusing to be honest.
> 
> Finally is there a way to trick or to force the IOS to bring up more
> that one VLAN at once?

I think you need to be clear about layer 2 versus layer 3 functionality.

If you are configuring the switch via the console port, the switch itself
doesn't need *any* IP address, on *any* VLAN. A VLAN is just a group of
ports which form a broadcast domain, or a sub-switch if you like. Ethernet
frames are forwarded at layer 2, without regard to whether they are IP
packets or not, and if they are, what the destination IP address is.

So if you configure ports 1,2,3,4 in vlan 10, and ports 5,6,7,8 on vlan 11,
then any traffic generated on port 1 will be visible on ports 2,3 and 4.
Specifically, broadcasts on port 1 will be sent to ports 2,3 and 4; unicast
frames to MAC address X will be broadcast initially, but when the switch
learns that this MAC address belongs on port 3, say, then future unicast
frames to this MAC address will only go out on port 3.

However, traffic coming in on ports 1-4 will *never* go out of ports 5-8,
and vice versa. It's just as if you had two separate 4-port switches.

The switch only needs an IP address in order to be able to telnet to it or
send SNMP packets to it; that is, to manage it remotely. For this purpose it
only needs an IP address on a single VLAN. From what I've read on this
thread, it sounds like the Catalyst is in fact limited to only having a
single management IP on a single VLAN, but that's fine, as you don't need
any more than that.

Now, if this were a "layer 3 switch", which is really just another name for
a router, it would be different. The router would have its on IP address on
each subnet; the clients would point their defaultroute at the router; and
the router would forward packets between the subnets.

AFAIK a 2950 won't do this, it's just a switch. So if you have multiple
VLANs, corresponding to multiple subnets, then each VLAN needs its own
upstream router, and the clients point their defaultroute at that router,
not at the switch.

HTH,

Brian.

More information about the afnog mailing list