VLAN Interface Command

Ok, I thought I had the reason for the VLAN interface command down. I thought it was either used for switch management or routing between VLANS? However, now I realized that some communication wont work with out this command which doesnt make sense. If I have a VLAN, then the switch will only switch packets to ports on the same VLAN. The only way, communication would work between VLANS is if I either enabled routing between VLANs with the VLAN Interface command, connected the switch to another multi-layer switch that did do routing between VLANS, or connected the switch to a router which routed between the VLANs.
However, I just got this new 3550 switch in, configured the correct ports with the assigned VLANs, and the only way my cisco ip phone would work is if the VLAN Interface for my voice-ip VLAN was configured. The 3550 is connected to a 4507. Now, can someone tell my why this is? You shouldnt have to configure the VLAN Interface, right?(unless I wanted to route between VLANs, which could be done by the 4507)

Sounds to me like you either dont have the dot1q trunk interface between your 4506 and 3550 working properly, or your 3550 is running the enhanced image which allows routing.
It would be nice to see your config on both the 3550 and the 4500 to determine the reason. Just a stab at how it should be configured is that on your 4506, you have it running VTP server or transparent with the defined Data and Voice Vlan's. You have a port configured for trunking (which connects to the 3550). On your 3550, you have configured it as a vtp client or transparent and have verified that it has received (or if transparent VTP you have configured) the appropriate VLAN's. You than specified "interface VLAN #" or whatever number for switch management and configured the port that connects to the 4500 as a trunk. Your port connected to the port has the auxillary or voice vlan configured. If this is how your equipment is configured and it still does not work, than look for the line "ip routing" in your 3550 and negate it with "no ip routing".
If still no worky worky, post your config.
Cheers,

Similar Messages

  • Loopback on vlan interfaces

    Hi there,
    do anyone know about the utility of the "loopback set" flag under the Vlan interface command. Could it help to keep a vlan in up/up state for example?
    Thanx.

    A vlan interface is indeed "virtual". Setting the loopback will have little effect.
    A vlan interface will be up/up when there is at least one member port for the vlan with an active link. A single active trunk port will suffice as well to get the interface active.
    Regards,
    Leo

  • Netflow on 6509 in Native Mode from Vlan Interface

    I'm trying to get a 6509-E, running Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICES_WAN-M), Version 12.
    2(33)SXI9, RELEASE SOFTWARE (fc2), to send netflow traffic from a vlan interface to a Solarwinds server.
    The server is not seeing all the vlan traffic, but does see all the traffic on the layer 2 ports (not netflow).
    I've seen that a command, ip flow ingress layer2-switched vlan, needs to be enabled, but the OS I have does not support that command.
    Or could it be that MLS is not configured except for a couple commands:
    mls netflow interface
    mls cef error action reset 
    netflow setup:
    Flow export v5 is enabled for main cache
      Export source and destination details :
      VRF ID : Default
        Source(1)       10.31.101.1 (Vlan52)
        Destination(1)  10.30.2.196 (2055)
      Version 5 flow records
      14927339 flows exported in 615072 udp datagrams
      0 flows failed due to lack of export packet
      0 export packets were sent up to process level
      0 export packets were dropped due to no fib
      0 export packets were dropped due to adjacency issues
      0 export packets were dropped due to fragmentation failures
      0 export packets were dropped due to encapsulation fixup failures
      0 export packets were dropped enqueuing for the RP
      0 export packets were dropped due to IPC rate limiting
      0 export packets were dropped due to Card not being able to export  
    interface:
    interface Vlan52
     description AN.VDI.stu
     ip address 10.31.101.1 255.255.255.0
     ip helper-address 10.31.149.200
     no ip redirects
     ip flow ingress
     ip flow egress
     ip pim neighbor-filter 98
     ip pim sparse-dense-mode
     ip cgmp

    Enabling MLS was the fix.
    mls netflow interface
    mls flow ip interface-full
    mls nde sender version 5
    mls cef error action reset   

  • Cant find the vlan-membership command

    I cant find the vlan-membership command on my 3700 layer 3 switch, i've searched google on whether the command has upgraded to a new syntax to no avail, i'm using GNS3 and the IOS is c3725-adventerprisek9-mz.124-25d.bin

    Now I got your problem. Layer 3 switch has routed ports require ip address and can't be added in vlan.
    if you want to add ports into vlan then it should be swtiched port not a routed port. to make routed port as switch port use "switchport" command under interface and use  switchport acess vlan to add a port in vlan.
    Further  more it can communicate with VLAN1 and VLAN2 through the SVI interfaces of the VLANs (int vlan1 and int vlan2).
    I hope the above info will solve your problem.

  • ACE - Query VLAN Interfaces Status

    Hi,
    I am wondering what the status of the query vlan interface means in the command 'show ft peer detail':
    Query Vlan IF State          : UP, Manual validation - please ping peer
    I am pretty sure that I did not see this status when I configured query vlan last time. Current version is A2(2.3).
    Unfortunately this status does not seem to be documented anywhere on CCO.
    I appreciate any help!
    Thanks,
    Daniel

    Hi Daniel,
    The FT Query VLAN interface is an optional, yet very good, feature to be used when using redundant ACE modules or appliances. Without it, if the FT VLAN was to go down, the standby ACE will no longer receive FT heartbeats from the active ACE and therefore take the active role.  However, if the active ACE is still running fine in the active role, then you don't want the standby ACE to take over as active because that will put them into an active/active scenario, which may lead to connectivity issues.
    This is where the FT Query VLAN interface comes in.  If the FT VLAN goes down, the standby ACE will notice this, but before taking the active role, it will ping it's peer IP address configured on the interface that is designated as the FT Query VLAN.  If the ping is successful, then it will stay in the standby role, thereby saving you some headaches.
    The status that you are seeing is the ACE's way of telling you that the interface is UP, but if you want to know if it can successfully ping the peer IP address, then you would have to manually ping the peer IP address from the CLI.  The ACE does not periodically check the ping connectivity through any automatic mechanism.  The automatic mechanism is only triggered by the FT VLAN going down.
    Does this help?
    Sean

  • VLAN interface on ME2600X

    I'm trying to configure a VLan interface on my ME2600X (for inband management), but the switch won't accept the command.
    What am I missing? I need a way to combine layer-2 services and a management vlan on the same dot1q trunk into the ME2600X.
    Geir Jensen

    Hello Geir,
    You can use service instances e.g.:
    interface GigabitEthernet0/3
    switchport trunk allowed vlan none
    switchport mode trunk
    dampening
    mtu 9100
    load-interval 30
    media-type rj45
    service instance 5 ethernet
    description Management VLAN
    encapsulation dot1q 5
    rewrite ingress tag pop 1 symmetric
    bridge-domain 5             – this will pop up message:
    Bridge-domain 5 created
    VLAN 5 does not exist, creating vlan
    interface Vlan5
    description Management VLAN
    ip address 10.0.0.1 255.255.255.0
    ip access-group MNGT-ACL in
    end
    adam

  • Ipv6 Vlan Interface EUI-64 assignation problem

    Hello, I have 2 routers 1800 series with switch modules incorporated connected with IPv6. Everything is working fine except for the problem that when I assign an IPv6 address to a Vlan (using the EUI-64 format to the switch ports), it assigns the SAME interface id (last 64 bits of the IPv6) of a fastEthernet port (FE 0/0), to the vlan, causing an error problem of duplicity:
    " c..T, overlaps with another prefix "
    Why does the EUI-64 assigns the MAC address of the FastEthernet ports instead of the ones in the switch modules?

    Thanks for the reply, but I just solved the problem. The problem was with the command IPV6 ADDRESS AUTOCONFIGURATION. This command definitely brings up a lot of trouble with VLAN ipv6 address assignation.
    After some testing I concluded that:
    1- If one interface has the IPV6 ADDRESS AUTOCONFIGURATION mode on, the interface could end up with more than one ipv6 global interface address.
    2- You cannot assign this mode to a vlan interface without getting into configuration problems.
    3- If a FastEthernet Interface has this mode on(IPV& A. A.), the router does not let you assign a global unicast address to the vlan interface, and gives the following error message:
    %IPV6-6-ADDRESS: 3FFE:C00:C18:F100:213:C4FF:FE44:4961/64 can not be configurex
    4- For the VLAN`s Interface ID you have to manually assign the link local address with the command line
    IPV6 ADDRESS FE80::1 (or any other unique link local address) LINK-LOCAL.
    This is for Vlans that are in a switch module of the same router.
    All this testing was for a Cisco router 1800 series with a switch module integrated in the router.
    Could be that this command is used for other specific occasions which I am not aware of.
    Regards,
    Grupo GTD

  • ASA 5545-X SVI/Vlan Interface

    I am looking to deploy ASA 5545-X with Layer 3 Vlan Interfaces, the device out of the box dosent let you create vlan interfaces. Is there any module available which enables to create Switch Virtual Interfaces.
    I was looking at I/O 6 ports Gigabit Ethernet card, but wanted to make sure before ordering.
    Many Thanks                  

    Hi,
    You are only able to configure Sub Interfaces for the Vlan ID on your ASA model.
    You can only configure actual Vlan interfaces with ASASM and ASA5505 model. This relates to the fact that ASA5505 has a switch module while your model does not.
    I have no expirience with the ASASM but I would imagine its similiar to the FWSM which also used Vlan interfaces as its a module in an actual larger switch/router platform.
    You can check this limitation from the Command Reference also
    interface vlan For the ASA 5505 and ASASM, to configure a VLAN interface and enter interface configuration mode, use the interface vlan command in global configuration mode. To remove a VLAN interface, use the no form of this command. interface vlan number no interface vlan number Syntax Description
    number
    Specifies a VLAN ID.
    For the ASA 5505, use an ID between 1 and 4090. The VLAN interface ID is enabled by default on VLAN 1.
    For the ASASM, use an ID between 2 to 1000 and from 1025 to 4094.
    - Jouni

  • 3750X - Dropped multicat traffic flooding on all switchport vlan interfaces

    Hello forum, 
    I have a problem on source  multicast blocking. I have a switch with a vlan interface (Ex. vlan 20 )and on that vlan interface an extended ACL is present. That ACL block specific multicast groups. Furtehrmore I have many switchport access interfaces on vlan 20 with different sources connected. 
    If one source start streaming with multicast destination IP blocked  by ACL, dropped traffic is flooaded on all switchports on source's vlan
    IGMP snooping on this vlan is enabled but seems that dropped  traffic stay on L2 vlan without it.
    Device used: C3750X
    IOS:  15.0(2)SE5
    Thank you for help

    Hi Michal,
    thanks for your reply!
    Yes, probably i've captured all lines of access-list... but I've to change my approach because my access-list is a extended "named" access-list and, on other post, I've read that "named" access-list cannot be debugged...
    Now i've deleted all access-lists entries that refer to vlan2 and I've created new one "numerical":
    #ip access-list extended 100
    #10 ip permit 172.16.2.0 0.0.0.15 any log
    In this mode the debug shows only access-list 100 traffic + bcast + mcast.
    But, the strange thing is another one now...
    I've bought a multifunction printer, that send scanned document to a email account, the printer haven't internal smtp, it makes a connection to hp servers that forward scans to real destination address...
    I was curious to find out how this connection works because, my private/confidential documents are send on internet and, i would hope that hp use a secure connection from my printer to its server...
    Well, if I add "log" switch command at the end of access-list, or I enable access-list debug, the printer stop to comunicate to hp services/server... if I turn off debug or rewrite access-list without "log" feature, incredibly the printer re-start to comunicate with hp...
    Have you any idea that explain that? I'm going crazy...

  • 3550 VLAN Interfaces Problem

    I was setting up two VLAN interfaces for my 3550. I had two VLAN interfaces. One for VLAN 10 and one for VLAN 15. After configuring each VLAN Interface, VLAN 15 was down and wouldnt come up. VLAN 10 was up however. After issuing the no shutdown command for VLAN 15, it said VLAN 15 is not shutdown, but, when i checked the interface again, the VLAN interface was up. Now, I would think, if I had to do the no shutdown command on VLAN 15, why didnt I have to do that on the VLAN 10 interface? With switches, is the first VLAN interface automatically always up and all later VLAN interfaces automatically shut down.

    A 'feature' of all the newer Catalyst switches and newer IOS is that the logical VLAN interface will remain down until a port in that VLAN is up.
    The VTP config/status can also complicate this as a VTP client doesn't have the VLANs that the IOS config actually has because the VTP client hasn't learned the VLANs yet. In other words, the switch is in a state in which the IOS config puts a port in a VLAN that doesn't yet exist because VTP hasn't downloaded the VLAN database.
    Keep in mind that VTP requires an operating trunk and if it is 802.1q then the native VLANs must match (so a native VLAN other than 1 will not work if the VLAN database hasn't been dowloaded by VTP or has been corrupted).
    Not that you are running into the VTP issue, but in the effort of full disclosure...
    Hope that helps...

  • Utility of loopback on vlan interfaces

    Hello,
    Do you know where i can find information about the use of loopback with Vlan interfaces?
    I'am working on 3550 switches...
    Thanx

    Hi Daniel,
    well i already passed the command, and the config, references.
    In fact i do use loopback as a VSI (e.g. loopback 0 1 etc.) and i am looking to learn more about its interaction/utility with vlan interfaces. (can it makes a non member vlan response to a ping?)
    Thanks

  • Vlan Interface on a 2691 router

    Hi,
    I am trying to create an vlan interface on a 2691 router but can't do it. What switch module do I need and what code. Argh!! I've searcehed all over cisco but I can't find it. What am I mmissing??
    Thanks,
    Lee

    Can you give us more information about what is it that you're trying to do?
    Your IOS is the latest and greatest in the 12.3 line as of the date of this posting. And your Feature Set is Advanced Enterprise Services, which is the fullest Feature Set you can get. (The "Plus" capabilities were folded into Enterprise Services when Cisco reorganized the Feature Sets they offer.)
    Going back to your original situation. I may have misunderstood exactly what you are trying to do.
    RE: "I am trying to create an vlan interface on a 2691 router but can't do it."
    If by this you mean you are tring to create an "interface Vlan2" or "interface Vlan10" or "interface Vlan18" like you can do on the Cisco Catalyst switches, and then put interface-specific commands underneath it, then I don't think you can. Even though you can enter "interface ?" and it shows Vlan as one of the options, it is my understanding that you do it as I outlined above in my previous post.
    If you are going to carry multiple VLANs on a single router port connected to an 802.1Q trunking switch port, then if you need IPX capabilities on a particular sub-interface, just add the IPX network address and IPX frame/encapsulation type under the sub-interface.
    If you're just trying to dedicate one router LAN port to act as a default gateway for a particular VLAN, then connect the router to a switch port that is defined as an access port for that VLAN. Assign the appropriate IP and IPX addressing under the router's LAN interface and you're done. No need for sub-interfaces, or bothering to configure the router with any Layer 2 VLAN information, except maybe a description assigned to the port that tells you what VLAN on the switch you're connecting it to.
    RE: "What switch module do I need and what code."
    If you're trying to host multiple 10/100 switching ports within the router, then you are looking for some version of Cisco's 16-port EtherSwitch Network Module. The model number NM-16ESW-something, where the "something" designates support for inline power or an optional Gigabit Ethernet interface. This should run on the code you have.
    The NM-16ESW supports 802.1Q, according to the documentation. But I have never worked with one, so I couldn't tell you how the interfaces are numbered (Fa1/0 through Fa1/15?). Also, I have no idea how the router communicates with the switching network module internally: are there 16 separate FastEthernet ports now, each one configurable as the router's own LAN ports are? Or is there some common, internal backplane-type connection between the network module and the router's CPU, configured like a Gigabit Ethernet VLAN trunk port when you implement multiple access VLANs on the 10/100 ports?
    Rather than use an NM-16ESW in a router to handle multiple VLANs, I would just use a Cisco Layer 3 switch if it were only for routing IP. 3550 or 3750 would be fine. But if you need IPX routing, then in Cisco's line you either need routers or chassis switches running Enterprise code. Other manufacturers support IPX and IP in a stackable size: Foundry, HP, and Extreme Networks, for example. In fact, Foundry and HP (who OEMs some product from Foundry) use a CLI very much like Cisco's. I've even seen HP switches show up as CDP neighbors to a Cisco router.
    There are times to use routers and times to use Layer 3 switches. And times when you need both. It all depends on what you're doing, and what you're trying to do it with...

  • Could I use "vlan interface" as a tunnel source of DMVPN ?

    I have a router R2811 with a 9 port FE Switch module(HWIC-D-9ESW).
    Could I use vlan interface as a tunnel source when configuring DMVPN ?
    The vlan ports is on the 9 port FE Switch module.
    Because it's used now in production,I can't try it.

    Hello.
    I think there is no restriction on software routers like 2811.
    PS: using loopback could be a better idea.

  • Passive interface command on RIP

    Hi all,
    This command below
    passive-interface command give additional information to RIP, that it can't send updates via this particular interface ---
    As per my understanding is this if we have 2 routers that are directly connected with each other and we enable this command on the interface of one of
    routers then that router will not send any RIP updates to other router right?
    secondly if these 2 routers are point to point connection we can ping directly conencted interfaces IP of  routers because they are directly connected even though there is no routing protocol running between these two right?
    3rd thing when i run sh ip protocols on one of router it shows
    Routing Protocol is "rip"
      Sending updates every 30 seconds, next due in 1 seconds
      Invalid after 180 seconds, hold down 180, flushed after 240
      Outgoing update filter list for all interfaces is not set
      Incoming update filter list for all interfaces is not set
      Redistributing: rip
      Default version control: send version 2, receive version 2
        Interface             Send  Recv  Triggered RIP  Key-chain
        FastEthernet0/0       2     2
      Automatic network summarization is in effect
      Maximum path: 4
      Routing for Networks:
        192.168.4.0
      Routing Information Sources:
        Gateway         Distance      Last Update
        192.168.4.2          120      00:23:38 ****************************************************
    here last update time keeps on incrementing but  sh ip route does not show now that rip is running.
    so this line means
    Invalid after 180 seconds, hold down 180, flushed after 240
    that after 240 secs router will flush the rip routes fron the routing table right?
    but sh ip protocol  will always show rip as routing protocol as we have config the rip and last update time will keep on incrementing right?
    thanks
    mahesh

    Hi Mahesh,
    From the config guide:
    To control the set of interfaces with which you  want to exchange routing updates, you can disable the sending of routing  updates on specified interfaces by configuring the
    passive-interface
    here is the link:
    http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1crip.html
    Correct, you do not need a routing protocol.  The interfaces are directly connected.  Now, if for example you add a loopback address to each router, you need a routing protocol or static router to reach the opposite router's loopback address.
    The reason the interfaces/IPs do not show up in the RIP routing table is because they are directly connected and directly connected routes have a lower admin distance (1) which is preferred over rip which is 120.
    yes
    HTH

  • WLC - 4402/4 - Vlan Interface Addressing

    I currently have 7 WLCs with the same Vlan interfaces defined across all 7 controllers. Does anyone know the best practice for addressing these interfaces on each of the WLCs. I currently have each unique Vlan interface assigned with the same IP address across all 7 WLCs. This is working. Should I leave it this way or should I assign each controller with a different address for the Vlan interface?

    The controllers, assuming you have it configured as such, act as dhcp relay agents. Presumably, if the router got the wrong mac address in its arp entry, the dhcp message would be lost.
    Clients could have taken a while before getting a dhcp addr (race condition for router arp entry) and not been able to work if dhcp was required.
    That said, I've seen the controllers work with the dhcp server set to 255.255.255.255 so the ip helper addresses on the routers would pick up the requests.

Maybe you are looking for