First step on any Layer 3 switch is to create the necessary VLANs.
By default, VLAN1 exists on every switch. VLAN1 is also known as the Management VLAN and it's highly advisable
VLAN1 is not used to carry user data/traffic, as VLAN1 is used only for the management of the network’s switches.
Company traffic (Servers, workstations etc) should be placed on a different VLAN, for example, VLAN2. Voice traffic
e.g IP Phones, CallManager, CallManager Express or Voice Gateways, should also be placed on a VLAN of their
own – also known as the Voice VLAN.
As part of the design and implementation phase, we strongly advise to create a list of the VLANs that will be created
along with their name and any additional information to help identify their purpose and of course the IP address that
will be assigned to every VLAN interface on the core Layer 3 switch. This will ensure all VLANs are created and
everything is documented for future reference.
Below is an example of a VLAN list we created during the installation of our Cisco Catalyst 3560G:
Before we begin creating our VLANs, let’s take a look and see the default VLANs that exist on Catalyst Layer 3
switches using the show vlan briefcommand:
C3560G# show vlan brief
VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Gi0/1, Gi0/2, Gi0/3, Gi0/4
Gi0/5, Gi0/6, Gi0/7, Gi0/8
Gi0/9, Gi0/10, Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16
Gi0/17, Gi0/18, Gi0/19, Gi0/20
Gi0/21, Gi0/22, Gi0/23, Gi0/24
Gi0/25, Gi0/26, Gi0/27, Gi0/28
Gi0/29, Gi0/30, Gi0/31, Gi0/32
Gi0/33, Gi0/34, Gi0/35, Gi0/36
Gi0/37, Gi0/38, Gi0/39, Gi0/40
Gi0/41, Gi0/42, Gi0/43, Gi0/44
Gi0/45, Gi0/46, Gi0/47, Gi0/48
Gi0/49, Gi0/50, Gi0/51, Gi0/52
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
First step is to create and name the new VLANs in the switch’s VLAN database. This is accomplished by using
the vlan command, followed by the name command. Depending on the switch model, these commands might or
might-not appear in the configuration:
C3560G(config)# vlan 2
C3560G(config-vlan)# name Data-VLAN
C3560G(config-vlan)# vlan 3
C3560G(config-vlan)# name Voice-VLAN
C3560G(config-vlan)# vlan 4
C3560G(config-vlan)# name IP-Cameras
C3560G(config-vlan)# vlan 5
C3560G(config-vlan)# name Mgnt-WiFi
C3560G(config-vlan)# vlan 6
C3560G(config-vlan)# name Company-WiFi
C3560G(config-vlan)# vlan 7
C3560G(config-vlan)# name PDA-WiFi-VLAN
C3560G(config-vlan)# vlan 8
C3560G(config-vlan)# name Guest-VLAN
C3560G(config-vlan)# end
We can verify the new VLANs have been created in the VLAN database by issuing the show vlan brief command:
C3560G# show vlan brief
VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Gi0/1, Gi0/2, Gi0/3, Gi0/4
Gi0/5, Gi0/6, Gi0/7, Gi0/8
Gi0/9, Gi0/10, Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16
Gi0/17, Gi0/18, Gi0/19, Gi0/20
Gi0/21, Gi0/22, Gi0/23, Gi0/24
Gi0/25, Gi0/26, Gi0/27, Gi0/28
Gi0/29, Gi0/30, Gi0/31, Gi0/32
Gi0/33, Gi0/34, Gi0/35, Gi0/36
Gi0/37, Gi0/38, Gi0/39, Gi0/40
Gi0/41, Gi0/42, Gi0/43, Gi0/44
Gi0/45, Gi0/46, Gi0/47, Gi0/48
Gi0/49, Gi0/50, Gi0/51, Gi0/52
2 Data-VLAN active
3 Voice-VLAN active
4 IP-Cameras active
5 Mgnt-WiFi active
6 Company-WiFi active
7 PDA-WiFi-VLAN active
8 Guest-VLAN active
VLAN Name Status Ports
—- ——————————– ——— ——————————-
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
The show vlan brief command is very useful as it not only shows the vlans created, but the switch ports assigned to
each VLAN. We can quickly identify which ports might be assigned to a specific VLAN. Since this is a new switch, all
ports are assigned to VLAN1, the Management VLAN, but this is about to change.
Note that created VLANs are stored in the switch’s VLAN database. The VLAN database is a file named vlan.dat and
is located in the switch’s FLASH memory:
C3560G# dir flash:
Directory of flash:/
2 -rwx 976 Mar 1 1993 00:04:52 +00:00 vlan.dat
3 -rwx 2110 Mar 1 1993 00:03:54 +00:00 config.text
4 -rwx 5 Mar 1 1993 00:03:54 +00:00 private-config.text
7 drwx 192 Mar 1 1993 00:09:28 +00:00 c3560-ipbase-mz.122-35.SE5
32514048 bytes total (23457280 bytes free)
Looking carefuly at the creation/modified date of the files, it seems like we are off by a bit more than 10 years, so it is
evident the correct date and time have not yet been configured. We’ll take care of this later.
Next, we create our VLAN interfaces and assign IP addresses and descriptions:
interface Vlan1
description Core-Network
ip address 172.16.10.1 255.255.255.0
!
interface Vlan2
description Data-VLAN
ip address 192.168.0.1 255.255.255.0
!
interface Vlan3
description Voice-VLAN
ip address 192.168.3.1 255.255.255.0
!
interface Vlan4
description IP-Cameras-VLAN
ip address 192.168.4.1 255.255.255.0
!
interface Vlan5
description Mgnt-WiFi-VLAN
ip address 192.168.5.1 255.255.255.0
!
interface Vlan6
description Company-WiFi-VLAN
ip address 192.168.6.1 255.255.255.0
!
interface Vlan7
description PDA-WiFi-VLAN
ip address 192.168.7.1 255.255.255.0
!
interface Vlan8
description Guest-VLAN
ip address 192.168.8.1 255.255.255.0
!
Note: When configuring the new VLAN interfaces, the switch will show the following message on the console for each
VLAN interface configured: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to
down. This message can safely be ignored as the VLAN Line protocol will come up as soon as ports on the switch
are assigned to the VLAN.
There is a possibility that Interface VLAN1 might have the shutdown command configured. This can be checked by
issuing the show runcommand. In the case the shutdown command is present under VLAN1 interface, it is
imperative to issue the no shutdown command so that the Management VLAN interface comes up.
The show ip interface brief command will verify all VLANs are up (Status), but with a protocol down status as
explained earlier:
C3560G# show ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 172.16.10.1 YES manual up down
Vlan2 192.168.0.1 YES manual up down
Vlan3 192.168.3.1 YES manual up down
Vlan4 192.168.4.1 YES manual up down
Vlan5 192.168.5.1 YES manual up down
Vlan6 192.168.6.1 YES manual up down
Vlan7 192.168.7.1 YES manual up down
Vlan8 192.168.8.1 YES manual up down
ENABLE SVI INTERVLAN ROUTING – IP ROUTING & CONFIGURING DEFAULT GATEWAY
A Switch Virtual Interface (SVI) is a VLAN of switch ports represented by one interface to a routing or bridging
system. Since there is no physical interface for the VLAN, the SVI provides the Layer 3 processing for packets from
all switch ports associated with the VLAN. Once VLANs have been created and VLAN interfaces are configured with
their IP addresses, we can enable ip routing on our switch, effectively switching ‘on’ the InterVLAN routing capabilities
of the switch and enabling the supported routing protocols.
Let’s take a look at the routing capabilities before enabling ip routing. This can be done using the show ip
route command:
C3560G# show ip route
Default gateway is not set
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty