I have a quick question on vlans. If implementing vlans using router-on-a-stick configuration, i understand that you create sub-interfaces on the router and set the encapsulation dot1q. I have configured it correctly, and everything is working.
On all of the switches(2950s), vlan 1 is configured with an IP address on each. (S1 vlan1 192.168.1.10, S2 vlan1 192.168.1.11, S3 vlan 1 192.168.1.12). I have also created Vlan 100 and vlan 200
My question is, am I correct in saying that it is only when using layer 3 switches that you assign IP addresses to the additional VLANS?
For instance, on my main 2950 switch, thats has vtp mode of server, I can assign an ip address to vlan 1, then i can create vlan 100, and my switch will allow to assign an ip address to that vlan(100), but why would that ever be needed?
Sorry if this is confusing.
For a layer 2 switch such as a 2950 or 2960 you only need an IP address in one VLAN, usually your management VLAN. You don't need an IP address for each VLAN that traverses that switch. The purpose of this IP address is generally for remote management and logging in to the device.
Not a confusing question at all... Confusing topic perhaps, but good question. Let's see what we can do about it!
SVI's perform two basic functions:
1. They give a switch a "presence" within a VLAN. This means you can ping, telnet to, or otherwise manage the switch via that VLAN (without routing)
2. They give a switch the ability to route between VLANs provided that hosts use your switch (or router on a stick) address as the default gateway.
#2 is the part that you need to have an L3 switch capability for. Otherwise you are merely giving yourself the chance to manage your switch via multiple subnets or IP addresses!
Presence is an L2 thing. Routing is an L3 thing.
I am understanding it better now. I have one more question
I have S2 and S3 connecting to S1 which connects to the router(that connects to the internet, i have a different router for R-O-A-S, S3 connects to that router). Since S1 connect to this router, is that why only S1 needs to be configured with a default gateway? I didnt set a default gateway on S2 and S3
thanks for the help
You only need a default gateway on an L2 switch for management purposes. The default gateway provides a way for the switch to "know" where to route packets when sending them back to your terminal located in an remote network/subnet.
As far as I'm aware, RoaS isn't a typically used acronym. (I had to stare at it for a while, although that may be lack of caffeine this morning and late night working combined!)
Anyway... For any device to reach "off subnet" then it will need to have a default gateway configured (if in L2/host mode) or a default route configured (if in L3/router mode).
Otherwise it won't know where to go.
sorry Scott, it was early. I was hoping the -'s in r-o-a-s would help. lazy me making you think!
Scott/Vlanmps thanks so much. i understand. I guess then it wouldnt have hurt to set S2 and S3 with the default gateway then, right??
My thinking was that since S2 and S3 connect into S1, and S1 has the default gateway set, then its ok not to set it on these 2
Actually, you would not be required to have ip default-gateway set on any of the switches. Switches operate at L2 with MAC/physical addresses; and therefore don't care about L3 IP/logical addresses. L2 switches, unless being a managed switch, will not contain a routing table like your Hosts/PC's will. Your hosts need a routing table because they have IP addresses and if they want to communicate with Hosts on "other" networks/subnets then they'll have to have an default gateway configured. Similary, if your L2 switch is an "managed" switch, which means it must have an logical IP address assigned to it in order for other hosts to communicate with it: Then it too at this point requires an default gateway in order to "route" IP packets back the "Default Gateway" and thus to the other networks/subnets.
Oh, and no, it wouldn't have hurt to have configured S2 and S3 with default gateways, if they too are going to be "remotely" managed from another subnet. Just make sure in this case all three switches would have the same IP address for the default gateway.
vlanmpls, thank you. you've cleared that up! I only need to set ip default-gateway if i want to manage the switch via telnet etc.
Armen - thank you for the link, as well.
This site is awesome
It's good to make me think every once and a while.
The gateways will be helpful on your switches if you wish to manage them from some non-directly-connected network.
When you posted this the other day I read this in an cursory fashion and didn't process your intent. Reading it again, your point is well-taken: Would not necessarily need default-gateway set if remote subnet your managing switch from is an directly-connected interface on the "shared" router.
Don´t forget that 2950 is a "Layer 2 switch", and it operates much like any other node regarding Layer 3 (such as a PC) on the network. This discussion becomes complex with multilayer switches...