5-5. Virtual Interfaces Virtual interfaces exist for configuration where there is no single physical attachment to a broadcast domain. For switches with Layer 2 interfaces, VLANs define broadcast domains. The VLAN interface is a Layer 3 interface for any member of the given VLAN. For switches or routers with Layer 3 interfaces, broadcast domains are defined as bridge groups. To route between bridge groups and other broadcast domains, a bridged virtual interface (BVI) is used as a Layer 3 interface. In some instances, a physical Layer 3 interface can support traffic from multiple VLANs. To provide Layer 3 interfaces for each VLAN on the physical connection, a subinterface is configured as the Layer 3 interface for the members of the VLAN.
Configuring a VLAN Interface 1. | Access the Layer 3 switching processor (for hybrid mode).
If the switching processor is a card that runs as a subsystem in a COS device, you need to access this device to perform any configuration. To access the device, use the session command. This command is not required for a switch running Supervisor IOS because you are communicating directly with the Layer 3 switch processor:
COS | (privileged)session mod
|
The mod number specifies the module number of the switch processor. Use the command show modules to locate this processor if you do not know where it is located in the switch.
| 2. | Configure a VLAN interface:
IOS | (global) interface vlan number
|
In global configuration mode, use this command to create and access a VLAN interface. This interface will be in the same broadcast domain as the members of the VLAN number. For this interface to be active, it must first exist in the VLAN database of the switch (see the section "6-1: VLAN Configuration").
NOTE The VLAN interface on a Layer 2 switch, such as a 2900/3500XL or a 2950, does not do Layer 3 switching and will not function as described in this section. The Layer 2 IOS VLAN interface is an administrative interface only. | 3. | Assign a protocol address to the interface:
IOS | (interface) ip address address netmask
|
Use the appropriate command to configure the Layer 3 interface with network addressing. The example here shows configuration of an IP address. See Step 3 of the section "5-2: Layer 3 Ethernet Interfaces" for other protocol options.
| 4. | Enable the interface:
IOS | (interface) no shutdown
|
The default status of many Layer 3 interfaces is shutdown, which is a disabled state. To ensure that the interface is operational, you should enable the interface with the command no shutdown.
|
Configuring a Bridged Virtual Interface 1. | Access the Layer 3 switching processor (for hybrid mode).
If the switching processor is a card that runs as a subsystem in a COS device, you need to access this device to perform any configuration. To access the device, use the session command. This command is not required for a switch running Supervisor IOS because you are communicating directly with the Layer 3 switch processor:
COS | (privileged)session mod
|
The mod number specifies the module number of the switch processor. Use the command show modules to locate this processor if you do not know where it is located in the switch.
NOTE Although you can configure a BVI using bridge groups for virtual interfaces on an RSM or RSFC, this is usually only configured when you have a need to provide Layer 2 communications between devices in separate VLANs. NOTE Bridge groups and BVIs are not supported on interfaces that can be either Layer 2 or Layer 3 using the switchport command. | 2. | Configure a bridge group:
IOS | (global) bridge number protocol ieee
|
To configure a BVI, you must first establish the bridge group for which you will be using the BVI to route. This command configures a bridge group running the IEEE protocol. The number here is used to associate ports with the group.
| 3. | Enable integrated routing and bridging (IRB):
|
Because the ports in the bridge group will be both routed and bridged, you must enable the IRB process. 4. | Enable routing for the bridge group:
IOS | (global) bridge number route [ip | ipx | appletalk]
|
|
By default, when you enable IRB, ports that are members of a bridge group will not attempt to route the packets because they are now considered bridged ports. If you are going to configure a Layer 3 interface to be used by these bridge ports, you must specify that the bridge group can now route. The number parameter specifies which bridged ports you are routing for, and the protocol specifies which Layer 3 protocol(s) you will be routing. 5. | Assign interfaces to the bridge group:
IOS | (interface) bridge-group number
|
|
You must assign each interface that will be in the same broadcast domain to the bridge group. The clients off of this interface will be in the same IP subnet and will use the BVI as the Layer 3 interface or gateway out of the subnet. The number option will correspond to the bridge number in Steps 2 and 4. 6. | Configure the BVI interface:
IOS | (global) interface BVI number
|
In global configuration mode, use this command to create and access a BVI interface. This interface will be in the same broadcast domain as the members of the bridge group number. The number option specifies to which bridge group the interface belongs.
| 7. | Assign a protocol address to the interface:
IOS | (interface) ip address address netmask
|
Use the appropriate command to configure the Layer 3 interface with network addressing. The example here shows configuration of an IP address. See Step 3 of the section "5-2: Layer 3 Ethernet Interfaces" for other protocol options.
| 8. | Enable the interface:
IOS | (interface) no shutdown
|
The default status of many Layer 3 interfaces is shutdown, which is a disabled state. To ensure that the interface is operational, enable the interface with the command no shutdown.
|
Configuring Subinterfaces 1. | Create and access the subinterfaces:
IOS | (global) interface type number.subnumber
|
In global configuration mode, use this command to create and access a subinterface. The type will be the controller type of the interface (for example, fastethernet or gigabitethernet). The type could also be port-channel for a channeled connection. The number specifies the location or logical number of the interface, and the .subnumber creates a logical Layer 3 subinterface off the main connection.
| 2. | Specify an encapsulation and VLAN:
IOS | [View full width] (sub-interface) encapsulation {dot1q | isl}  vlannumber [native]
|
In subinterface mode, you will specify which VLAN is associated with a given subinterface using the encapsulation command. The type (dot1q or isl) depends on the type of trunk connected to the router interface. The vlannumber option specifies which VLAN is associated with the subinterfacethat is, in which broadcast domain this subinterface will act as a Layer 3 interface.
For dot1q trunks only, the option native specifies which one of the VLANs will be the native VLAN. This is important because native VLAN packets are not tagged as per the 802.1Q specification.
NOTE Subinterfaces are used in configurations for routers or interfaces connected to a trunk link. Layer 3 interfaces do not run the Dynamic Trunking Protocol (DTP), and any switch connected to these interfaces must be configured in trunk on mode. NOTE Layer 3 interfaces on the Catalyst 4000 series and 6000 series running Supervisor IOS and 3550 switches do not support subinterfaces. Instead, use a trunk port and VLAN interfaces described in this section. | 3. | Assign a protocol address to the subinterface:
IOS | (sub-interface) ip address address netmask
|
Use the appropriate command to configure the Layer 3 subinterface with network addressing. The example here shows configuration of an IP address. See Step 3 of the section "5-2: Layer 3 Ethernet Interfaces" for other protocol options.
| 4. | Enable the interface:
IOS | (interface) no shutdown
|
The default status of many Layer 3 interfaces is shutdown, which is a disabled state. To ensure that the interface is operational, enable the interface with the command no shutdown.
|
TIP The Catalyst 4000 Layer 3 switch engine connects to the Layer 2 switch through 2 internal gigabit interfaces. These interfaces (Gigabit Ethernet 3 and Gigabit Ethernet 4) are each Layer 3 interfaces that can be configured individually (if you are only routing for one or two VLANs) or they can be configured with subinterfaces as described in this section. Another option is to channel these interfaces together and trunk across the channel, creating subinterfaces for the port channel.
Verifying Configurations After configuring your subinterfaces, use the following commands to verify configuration: IOS | (privileged) show interface type number.subnumber (privileged) show vlan [number]
|
Feature Example This example shows the configuration of a 2948G-L3 connected to a 3550 through an 802.1Q trunk link between ports G49 on the 2948G-L3 and G0/1 on the 3550. A virtual interface for VLAN 10 has been configured on both switches. Figure 5-4 shows the network topology for this example. Figure 5-4. Network Topology for Virtual Interface Configuration Example 
An example of the 2948G-L3 configuration follows: 2948G-L3 (config)#bridge 10 protocol ieee 2948G-L3 (config)#bridge irb 2948G-L3 (config)#bridge 10 route ip 2948G-L3 (config)#interface gigabitethernet 49.10 2948G-L3 (config-subif)#encapsulation dot1q 10 2948G-L3 (config-subif)#bridge-group 10 2948G-L3 (config-subif)#no shutdown 2948G-L3 (config-subif)#interface BVI 10 2948G-L3 (config-if)#ip address 192.168.10.1 255.255.255.0 2948G-L3 (config-if)#no shutdown 2948G-L3 (config-if)#end 2948G-L3 #copy running-config startup-config ________________________________________________________________ 3550 #vlan database 3550 (vlan)#vlan 10 3550 (vlan)#exit 3550 #config t 3550 (config)#interface gigabitethernet 0/1 3550 (config-if)#switchport mode trunk 3550 (config-if)#switchport mode on 3550 (config-if)#switchport trunk encapsulation dot1q 3550 (config-if)#interface vlan 10 3550 (config-if)#ip address 192.168.10.2 255.255.255.0 3550 (config-if)#no shutdown 3550 (config-if)#end 3550 #copy running-config startup-config
|
