The VLAN interface must be administratively enabled (that is, not

shutdown).

Do not miss this point: VLAN and the VLAN interface are related but
separate ideas, each configured separately in the CLI. A VLAN interface,
configured with the interface vlan vlan-id global command, creates a
switch’s Layer 3 interface connected to the VLAN. A VLAN, created with the
vlan vlan-id global command, creates the VLAN. If you want to route
packets for the subnets on VLANs 11, 12, and 13, using SVIs, you must
configure the VLAN interfaces with those same VLAN IDs 11, 12, and 13.
The VLANs with those same VLAN IDs must also exist.

IOS supports the function to disable and enable both a VLAN and a VLAN
interface with the shutdown and no shutdown commands (as mentioned
in Steps 3 and 4 in the preceding list). As part of the configuration checklist
tasks, check the status to ensure that all the configuration enables all the
related VLANs and VLAN interfaces.

Example 18-8 shows three scenarios, each of which leads to one of the
VLAN interfaces in the previous configuration example (Figure 18-4, Example
18-6) to fail. At the beginning of the example, all three VLAN interfaces are
up/up. To begin the example, VLANs 10, 20, and 30 each have at least one
access interface up and working. The example works through three
scenarios:

Scenario 1: The last access interface in VLAN 10 is shut down (G1/0/1),

so IOS shuts down the VLAN 10 interface.
 Scenario 2: VLAN 20 (not VLAN interface 20, but VLAN 20) is deleted,
which results in IOS then bringing down (not shutting down) the VLAN 20
interface.
Scenario 3: VLAN 30 (not VLAN interface 30, but VLAN 30) is shut down,
which results in IOS then bringing down (not shutting down) the VLAN 30
interface.

Example 18-8 Three Examples That Cause VLAN Interfaces to Fail

Click here to view code image

SW1# show interfaces status

! Only ports related to the example are shown
Port Name Status Vlan Duplex
Gi1/0/1 connected 10 a-full
Gi1/0/2 notconnect 10 auto
Gi1/0/3 connected 20 a-full
Gi1/0/4 connected 20 a-full
Gi1/0/9 connected 30 a-full

SW1# configure terminal

Enter configuration commands, one per line. End with CNTL/Z

! Case 1: Interface G1/0/1, the last up/up access interface

SW1(config)# interface GigabitEthernet 1/0/1
SW1(config-if)# shutdown
SW1(config-if)#
*Apr 2 19:54:08.784: %LINEPROTO-5-UPDOWN: Line protocol on
state to down
*Apr 2 19:54:10.772: %LINK-5-CHANGED: Interface GigabitEthe
 to administratively down
*Apr 2 19:54:11.779: %LINEPROTO-5-UPDOWN: Line protocol on
net1/0/1, changed state to down

! Case 2: VLAN 20 is deleted

SW1(config)# no vlan 20
SW1(config)#
*Apr 2 19:54:39.688: %LINEPROTO-5-UPDOWN: Line protocol on
state to down

! Case 3: VLAN 30, the VLAN from the switch to the router,
SW1(config)# vlan 30
SW1(config-vlan)# shutdown
SW1(config-vlan)# exit
SW1(config)#
*Apr 2 19:55:25.204: %LINEPROTO-5-UPDOWN: Line protocol on
state to down
! Final status of all three VLAN interfaces is below
SW1# show ip interface brief | include Vlan
Vlan1 unassigned YES manual administr
Vlan10 10.1.10.1 YES manual up
Vlan20 10.1.20.1 YES manual up
Vlan30 10.1.30.1 YES manual up

Note that the example ends with the three VLAN interfaces in an up/down
state per the show ip interface brief command.
SVI Interface State with Autostate Disabled

With autostate disabled, the switch checks only whether the VLAN is defined
on the switch, either explicitly or learned by VTP. It ignores all the other
checks performed when using autostate. If no matching VLAN exists, the
switch places the VLAN interface in an up/down state.

Example 18-9 shows how to determine whether autostate is enabled from

the show interfaces vlan command output. In the example, the engineer
already configured the no autostate command under interface VLAN 10,
with interface VLAN 20 using the default setting of autostate.

Example 18-9 Recognizing the Autostate Setting on VLAN Interfaces

Click here to view code image

SW1# show interfaces vlan 10

Vlan10 is up, line protocol is up , Autostate Disabled
! Lines omitted for brevity
SW1# show interfaces vlan 20
Vlan10 is up, line protocol is up , Autostate Enabled
! Lines omitted for brevity

VLAN Routing with Layer 3 Switch Routed Ports

When Layer 3 switches use SVIs, the physical interfaces on the switches act
like they always have: as Layer 2 interfaces. That is, the physical interfaces
receive Ethernet frames, the switch learns the source MAC address of the
frame, and the switch forwards the frame based on the destination MAC
address. That logic occurs independently from any configured routing logic.

When using a Layer 3 switch, the switch acts as the default router for
endpoint hosts. As usual, to send a packet to a default router, a host uses
ARP to learn the default router’s MAC address and then encapsulates the
packet in a frame destined to the default router’s MAC address. As a result,
when using a Layer 3 switch with SVIs, hosts send their frames to the SVI’s
MAC address. Those frames arrive in a physical switch port, which forwards
the frame based on the destination MAC address, but to the internal
destination of the VLAN interface. That process triggers internal routing
actions like stripping data-link headers, making a routing decision, and so
on.

Alternately, the Layer 3 switch configuration can make a physical port act
like a router interface instead of a switch interface. To do so, the switch
configuration makes that port a routed port. On a routed port, the switch
does not perform Layer 2 switching logic on that frame. Instead, frames
arriving in a routed port trigger the Layer 3 routing logic, including

1. Stripping off the incoming frame’s Ethernet data-link header/trailer

2. Making a Layer 3 forwarding decision by comparing the destination IP
address to the IP routing table
3. Adding a new Ethernet data-link header/trailer to the packet
4. Forwarding the packet, encapsulated in a new frame

This third major section of the chapter examines routed interfaces as

configured on Cisco Layer 3 switches, but with a particular goal in mind: to
also discuss Layer 3 EtherChannels. L3 EtherChannels use routed ports, so
before learning about L3 EtherChannels you must first understand routed
ports.

Implementing Routed Interfaces on Switches

When a Layer 3 switch needs a Layer 3 interface connected to a subnet, and

only one physical interface connects to that subnet, the design can use a
routed port instead of an SVI. Stated differently, when routing over a point-
to-point link connected to one other device only, using a routed port makes
sense. Conversely, when the Layer 3 switch needs a Layer 3 interface
connected to a subnet, and many physical interfaces on the switch connect
to that subnet, the design must use an SVI.

To see why, consider the design in Figure 18-5, which repeats the same
design from Figure 18-4, which was used in the SVI examples. In that
design, the gray rectangle on the right represents the switch and its
internals. On the right of the switch, at least two access ports sit in both
VLAN 10 and VLAN 20. The Layer 3 switch must use SVIs as an interface
into those VLANs because two or more ports connect to the VLAN.
Figure 18-5 Routing on a Routed Interface on a Switch

The link on the left of the figure connects from the switch to Router B1. The
design needs routing between Router B1 and the switch. While earlier
Example 18-6 and Example 18-7 show how to accomplish that routing with
an access port and an SVI on the switch, using a routed port works as well,
given that the design creates a point-to-point topology between the two
devices.

Enabling a switch interface to be a routed interface instead of a switched

interface is simple: just use the no switchport subcommand on the
physical interface. Cisco switches capable of being a Layer 3 switch use a
default of the switchport command to each switch physical interface. Think
about the word switchport for a moment. With that term, Cisco tells the
switch to treat the port like it is a port on a switch—that is, a Layer 2 port on
a switch. To make the port stop acting like a switch port and instead act like
a router port, use the no switchport command on the interface.

Once the port is acting as a routed port, think of it like a router interface.
That is, configure the IP address on the physical port, as implied in Figure
18-5. Example 18-10 shows a completed configuration for the interfaces
configured on the switch in Figure 18-5. Note that the design uses the exact
same IP subnets as the example that showed SVI configuration in Example
18-6, but now, the port connected to subnet 10.1.30.0 has been converted
to a routed port. All you have to do is add the no switchport command to
the physical interface and configure the IP address on the physical interface.

Example 18-10 Configuring Interface G0/1 on Switch SW1 as a Routed

Port

Click here to view code image

ip routing
!
interface vlan 10
ip address 10.1.10.1 255.255.255.0
!
interface vlan 20
ip address 10.1.20.1 255.255.255.0
!
interface gigabitethernet 1/0/9
no switchport
ip address 10.1.30.1 255.255.255.0
Once configured, the routed interface will show up differently in command
output in the switch. In particular, for an interface configured as a routed
port with an IP address, like interface GigabitEthernet1/0/9 in the previous
example:

show interfaces: Similar to the same command on a router, the output will
display the IP address of the interface. (Conversely, for switch ports, this
command does not list an IP address.)

show interfaces status: Under the “VLAN” heading, instead of listing the
access VLAN or the word trunk, the output lists the word routed, meaning
that it is a routed port.

show ip route: Lists the routed port as an outgoing interface in routes.

show interfaces type number switchport: If a routed port, the output is

short and confirms that the port is not a switch port. (If the port is a Layer 2
port, this command lists many configuration and status details.)

Example 18-11 shows samples of all four of these commands as taken from
the switch as configured in Example 18-10.

Example 18-11 Verification Commands for Routed Ports on Switches

Click here to view code image

SW1# show interfaces g1/0/9
GigabitEthernet1/0/9 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 4488.165a.f277 (
Internet address is 10.1.30.1/24
! lines omitted for brevity

SW1# show interfaces status

! Only ports related to the example are shown; the command
Port Name Status Vlan Duplex
Gi1/0/1 connected 10 a-full
Gi1/0/2 connected 10 a-full
Gi1/0/3 connected 20 a-full
Gi1/0/4 connected 20 a-full
Gi1/0/9 connected routed a-full

SW1# show ip route

! legend omitted for brevity

10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks

C 10.1.10.0/24 is directly connected, Vlan10
L 10.1.10.1/32 is directly connected, Vlan10
C 10.1.20.0/24 is directly connected, Vlan20
L 10.1.20.1/32 is directly connected, Vlan20
C 10.1.30.0/24 is directly connected, GigabitEthern
L 10.1.30.1/32 is directly connected, GigabitEthern

SW1# show interfaces g0/1 switchport