A couple days ago I was working on the network at the computer shop and ran into an issue configuring the Cisco Catalyst 2950 switch we have on part of the network. The goal was to set up three VLAN’s to segregate traffic on three segments of the network that each have their own purpose. One of the VLAN’s is used by the employees, one VLAN used for the public, and the third VLAN used to host servers that provide various services. I was in a rush to minimize downtime when I was configuring the access to the 2950 switch itself and attempted to assign an IP address to two of the VLAN’s. Below I explain the details of the issue that caused as well as an explanation of why this won’t work.
Cisco Catalyst 2950: Line protocol on Interface Vlan, changed state to down
- 2900XL(config)#
- 2900XL(config)#interface vlan 1
- 2900XL(config-if)#no shut
- 2900XL(config-if)#exit
- 2900XL(config)#exit
- 00:14:05: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
- 2900XL#
- 00:14:06: %LINK-5-CHANGED: Interface Vlan10, changed state to administratively down
- 00:14:06: %SYS-5-CONFIG_I: Configured from console by console
- 00:14:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
- 00:14:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down
- 2900XL#
As you can see above when issuing the “no shut” command to Vlan 1 the Vlan 10 interface was administratively shut down. Below is a quick example of what the configuration on the 2950 switch looked like.
Catalyst 2950 VLAN (Virtual Local Area Network) Configuration:
- interface Vlan1
- ip address 192.168.10.10 255.255.255.0
- no ip route-cache
- !
- interface Vlan10
- ip address 192.168.20.20 255.255.255.0
- no ip route-cache
- shutdown
- !
As seen above you can see that it looks like things should work without issue which would be true if this was a layer 3 switch. Since this is a layer 2 switch only a single IP address can be configured on any virtual interface for management. The Cisco iOS is smart enough to shut down any other virtual interface with an IP address assigned if another is attempted to be enabled at the same time. It is not required to have the VLAN interface configured to section off the switch ports into different interfaces as you can simply use the “switchport access” configuration to assign each port to a different VLAN as shown in the below example configuration.
Example Cisco Catalyst 2950 VLAN Access Configuration By Port:
- interface FastEthernet0/9
- no ip address
- !
- interface FastEthernet0/10
- no ip address
- !
- interface FastEthernet0/11
- no ip address
- !
- interface FastEthernet0/12
- no ip address
- !
- interface FastEthernet0/13
- switchport access vlan 10
- no ip address
- !
- interface FastEthernet0/14
- switchport access vlan 10
- no ip address
- !
- interface FastEthernet0/15
- switchport access vlan 10
- no ip address
- !
As you can see above six of the Fast Ethernet ports configurations are listed above. On this switch the first twelve Fast Ethernet ports are used in VLAN 1 and the second twelve Fast Ethernet ports are in VLAN 10. When you want an interface to belong to VLAN 1 you don’t have to configure anything because VLAN 1 is assumed by default however when you want an interface to be in a different VLAN simply specify the VLAN using “switchport access” as shown in the above configuration example.
You cannot have two interfaces with IP addresses assigned to them on a layer two switch such as the Cisco Catalyst 2950 that was used in this example.
That is awesome! Thanks!