SVI (Switch Virtual Interface)
VLAN-interface, also known as SVI (Switch Virtual Interface) or RVI (Routed VLAN Interface) - is a virtual LAN (VLAN) of switch ports represented by one interface to a routing or bridging system. There is no physical interface for the VLAN and the SVI provides the Layer 3 processing for packets from all switch ports associated with the VLAN. It provides routing and often serves as the default gateway for the local network segment. VLAN-interface is configured as a physical router interface: it is possible to assign IP, it participates in the VRRP, can have ACL, etc. You can imagine it as a physical interface within the switch, or, on the contrary, imagine that this is the switch routing interface, which terminates the VLAN.
There is one-to-one mapping between a VLAN and SVI, thus only a single SVI can be mapped to a VLAN. By default, an SVI is created for the default VLAN (VLAN1) to permit remote switch administration. An SVI cannot be activated unless associated with a physical port.
SVIs are generally configured for a VLAN for the following reasons:
Allow traffic to be routed between VLANs by providing a default gateway for the VLAN. Provide fallback bridging (if required for non-routable protocols). Provide Layer 3 IP connectivity to the switch. Support bridging configurations and routing protocol. SVIs advantages include:
Much faster than router-on-a-stick, because everything is hardware-switched and routed. No need for external links from the switch to the router for routing. Not limited to one link. Layer 2 EtherChannels can be used between the switches to get more bandwidth. Latency is much lower, because it does not need to leave the switch An SVI can also be known as a Routed VLAN Interface (RVI) by some vendors[Источник 1].
SVI in Cisco Switch[Источник 2]
To switch traffic between the VLANs, you need to:
- enable ip routing
- VLAN must be created
- must be created corresponding VLAN interface (switched virtual interfaces)
It is, belonging to VLAN ports as one interface to the routing and switching functions in the system; created when the interface vlan; It supports routing protocols. SVI-interface is in state up, if the three conditions are satisfied: VLAN, which corresponds SVI, and there is an active switch in VLAN database SVI is not turned off administrative At least one level 2 interface belongs to the corresponding VLAN, it is in the up state and the STP forward.
Creating SVI interface and state
If you create a VLAN interface, but does not create the corresponding VLAN and does not include ip routing, the port will be able to "down down". After you create the corresponding VLAN, the port is able to "up down".
Default SVI-interface switches to "down", if all of the interfaces that go into VLAN'a "down" state. Port can be excluded from checking the availability of the SVI-interface. To do this, use switchport autostate exclude command. Once the command applies to all VLAN, which are included in the interface. This can be useful for when a switch port is connected to the traffic analyzer or IDS.
-sw(conf-if)# switchport autostate exclude
Layer 3 interface
Switch port to Layer 3 mode:
switch(-if)# no switchport
Useful commands Cisco Switch
sw(config-if)# switchport host
Commands of switchport host:
- switches to access mode
- switch on spanning-tree PortFast
- switch off EtherChannel
Reject unknown unicast and multicast packages:
sw(config-if)# switchport block unicast
sw(config-if)# switchport block multicast
Change the storage time of addresses in the switching table (default 300 seconds):
sw(config)# mac address-table aging-time <0 | 10-1000000> [vlan <vlan-id>]
Create a static entry:
sw(config)# mac address-table static <mac-addr> vlan <vlan-id> interface <int-id>
mac address-table static drop allows you to configure filtering by unicast MAC address.
After specifying the MAC address, the switch will discard the traffic, which indicates the address of the sender or recipient.
sw(config)# mac address-table static <mac-addr> vlan <vlan-id> drop
sw# show mac address-table static
Example of SVI setup
Configure SVI (Switch Virtual Interface) for each VLAN and put an IP address on it. This IP address can be used for computers as their default gateway[Источник 3].
SW1(config)#ip routing SW1(config)#interface vlan 10 SW1(config-if)#no shutdown SW1(config-if)#ip address 192.168.10.254 255.255.255.0 SW1(config)#interface vlan 20 SW1(config-if)#no shutdown SW1(config-if)#ip address 192.168.20.254 255.255.255.0
Start by enabling routing using the ip routing command. If you forget this your switch won’t build a routing table. Next step is to create a SVI for VLAN 10 and 20 and configure IP addresses on them.
Once you create a SVI and type no shutdown it will normally be “up” since it’s only a virtual interface, there are however a number of requirements or it will show up as “down”:
- The VLAN has to exist in the VLAN database and it should be active.
- At least one access or trunk port should use this VLAN actively and it should be in spanning-tree forwarding mode.
We have two computers in VLAN 10 and created a SVI for VLAN 10.:
SW1#show ip interface brief vlan 10 Interface IP-Address OK? Method Status Protocol Vlan10 192.168.10.254 YES manual up up
If we shutdown one interface nothing will change, the SVI will still show up/up because interface fa0/2 is still active.
Once we shut both interfaces we don’t have anything active anymore in VLAN 10. As a result the SVI will go to up/down.
SW1#show ip interface brief vlan 10 Interface IP-Address OK? Method Status Protocol Vlan10 192.168.10.254 YES manual up down
Now if we want to exclude an interface from the SVI state. Make sure that whatever happens to interface fa0/2 doesn’t influence the SVI state:
SW1(config)#interface fa0/2 SW1(config-if)#switchport autostate exclude
You can use the switchport autostate exclude command. This means it won’t influence the state of the SVI interface anymore. Fa0/1 is the only interface that can now influence the SVI state, as soon as it goes down you’ll see that SVI state go down as well, even though fa0/2 is still up and running.
Cite error: Invalid
parameter "group" is allowed only.
<references />, or
<references group="..." />
- Cisco Support Community
<ref> tags exist for a group named "Источник", but no corresponding
<references group="Источник"/> tag was found, or a closing
</ref> is missing