Wired Intelligent Edge

Please see attached network diagram. Can I set any vlan ip address from MDF1 as default gateway for IDF1 and IDF2?

You need to set the ip address of mgmt vlan

Just to know, why can't we set to any of the vlan ip address and only mgmt vlan? I can ping all the vlan ip address.

Hi Nick.
From your diagram, it seems that the only L3 device is MDF1. That L3 device is the only one that can route between VLANs because it has a virtual interface on each VLAN. The other switches (IDF1 and IDF2) are L2 switches. They have just one virtual interface on Management VLAN and use it basically for management. These L2 switches need to have a default route pointing to 10.1.1.1 as a gateway so that networks far behind MDF1can see their management interface, if not, nobody in those far networks will reach these L2 switches. You cannot set a default route that works correctly pointing to an IP (gateway) on a network (vlan) different from Management network on switch IDF1/2 because IDF1/2 does not have a virtual interface on those vlans, it only has a virtual interface on management vlan (10.1.1.2), that is the reason your default route in IDF1/2 must be:
ip route 0.0.0.0 0.0.0.0 10.1.1.1
(Whatever network you must reach, just throw the packet to the next hop/gateway 10.1.1.1).
The requirement of a default route in this scenario is that the next hop (gateway) must be in a direct attached network to the router where you are adding the default route.
I hope this explanation could help you. If so, do not forget to give me some kudos.
Regards
Pedro

Nice explanation. So if L2 switches IDF1/2 has an ip address for vlan 3 (say 10.1.3.2 and 10.1.3.3) along with mgmt vlan 1 then can I set default gateway to 10.1.3.1 on IDF1/2?

L2 switches can only have an IP address (virtual interface) in one VLAN (as a rule in Management VLAN) ... if you decide your L2 switches have a virtual interface in VLAN 3 (10.1.3.0/24), automatically you cannot use management VLAN 10.1.1.0/24 because L2 switches can only have one virtual interface in one VLAN. To assign many virtual interfaces in many VLANs, your switch must be a L3 one.

Regards

Pedro

PS: do not forget to give extra kudos :P

Since I have mgmt vlan 1 with ip address on both IDF 1/2, if I try to assign one ip address to vlan 3, it will give an error?

I do not know if it will give you an error message. What I think is that you will not have a virtual interface on vlan 3 where to assign an IP address.

 

Pedro

---

@N3tw0rk3r wrote:

L2 switches can only have an IP address (virtual interface) in one VLAN (as a rule in Management VLAN

A rule is that each VLAN can eventually have its IP Address (having one VLAN or more VLANs with theirs specific non overlapping IP Addresses on a Switch acting just only as a Layer 2 device = no IP Routing enabled is definitely possible).

 

Note that I'm not speaking about the case of a "Management VLAN" (not enabled by default) but about the case that one simple VLAN (with an IP Address assigned) can be used for general Switch's Management.

---

@N3tw0rk3r wrote: ... if you decide your L2 switches have a virtual interface in VLAN 3 (10.1.3.0/24), automatically you cannot use management VLAN 10.1.1.0/24 because L2 switches can only have one virtual interface in one VLAN.

Sure? I mean that a Switch that is simply acting as a Layer 2 device (no IP Routing enabled) should support that each one of its VLANs has its own non-overlapping IP Address and, consequently, can be contacted using those VLAN IP Addresses (if - somewhere - there is a routing device that routes those VLANs and you are using that device as router for your communications against those VLANs...isn't?). 

@N3tw0rk3rTo assign many virtual interfaces in many VLANs, your switch must be a L3 one.

I'm not sure I follow you on that (many/many).

---

@N3tw0rk3r wrote:

L2 switches can only have an IP address (virtual interface) in one VLAN (as a rule in Management VLAN

A rule is that each VLAN can eventually have its IP Address (having one VLAN or more VLANs with theirs specific non overlapping IP Addresses on a Switch acting just only as a Layer 2 device = no IP Routing enabled is definitely possible).

 

Note that I'm not speaking about the case of a "Management VLAN" (not enabled by default) but about the case that one simple VLAN (with an IP Address assigned) can be used for general Switch's Management.

---

@N3tw0rk3r wrote: ... if you decide your L2 switches have a virtual interface in VLAN 3 (10.1.3.0/24), automatically you cannot use management VLAN 10.1.1.0/24 because L2 switches can only have one virtual interface in one VLAN.

Sure? I mean that a Switch that is simply acting as a Layer 2 device (no IP Routing enabled) should support that each one of its VLANs has its own non-overlapping IP Address and, consequently, can be contacted using those VLAN IP Addresses (if - somewhere - there is a routing device that routes those VLANs and you are using that device as router for your communications against those VLANs...isn't?). 

@N3tw0rk3rTo assign many virtual interfaces in many VLANs, your switch must be a L3 one.

I'm not sure I follow you on that (many/many).

Hi Parnassus,

@parnassus wrote:
A rule is that each VLAN can eventually have its IP Address (having one VLAN or more VLANs with theirs specific non overlapping IP Addresses on a Switch acting just only as a Layer 2 device = no IP Routing enabled is definitely possible).
Note that I'm not speaking about the case of a "Management VLAN" (not enabled by default) but about the case that one simple VLAN (with an IP Address assigned) can be used for general Switch's Management.

L2 switches can only have an IP address (virtual interface) in one VLAN (as a rule in Management VLAN

It seems you did not caught my point. I was not talking about a VLAN, I was talking about the switch´s virtual interface in that VLAN. If the switch is only L2, it will not have to route between VLANs or any other remote network (that task could be done by a L3 device located in any/all its VLANs), but it will still need a management interface, and that interface could be a virtual interface that should be on the in band  management VLAN (or whichever other VLAN you want), but it is only one virtual interface with one IP address, placed in one of the VLANs of the switch.
A different situation is a L3 switch, where you can have as many virtual interfaces as VLANs. In this case, a L3 switch can route packets between VLANs directly connected, and also to segments far away, redirecting packets to the appropriate gateway.

@parnassus wrote:
Sure? I mean that a Switch that is simply acting as a Layer 2 device (no IP Routing enabled) should support that each one of its VLANs has its own non-overlapping IP Address and, consequently, can be contacted using those VLAN IP Addresses (if - somewhere - there is a routing device that routes those VLANs and you are using that device as router for your communications against those VLANs...isn't?).

Again, I was not talking about assigning an IP segment to a VLAN, I was talking to assign an IP address to a virtual interface of the switch on a VLAN. In fact, you can assign non overlapping IP segments to many VLANs on the switch, without the need to enable a virtual interface of the switch on those VLANs. The problem would be that you would not have a management interface (unless you have OOM port to do that).

@parnassus wrote:
I'm not sure I follow you on that (many/many).

In a L2 switch, you define Vlan 10, Vlan 20 and Vlan 30 ... can you create 3 different virtual interfaces on the switch: VI 10, VI 20 and VI 30  and assign them the following IP addresses: 10.10.10.1/24, 20.20.20.1/24 and 30.30.30.1/24?