WEBVTT 0:00:02.040000 --> 0:00:05.140000 In this video, I'm going to introduce you to the concept of something 0:00:05.140000 --> 0:00:09.480000 that you can configure on multi-layer switches called switched virtual 0:00:09.480000 --> 0:00:12.980000 interfaces. We're going to look at switched virtual interfaces and their 0:00:12.980000 --> 0:00:15.020000 usage in two different ways. 0:00:15.020000 --> 0:00:18.900000 We're going to look at how you can use them in the management plane and 0:00:18.900000 --> 0:00:21.480000 how you can use them in the data plane. 0:00:21.480000 --> 0:00:24.500000 In the event that you're not familiar with these terms of management plane 0:00:24.500000 --> 0:00:27.480000 and data plane, I'm going to draw something real quickly here to help 0:00:27.480000 --> 0:00:30.840000 identify these concepts. 0:00:30.840000 --> 0:00:34.680000 All right, so first of all, the management plane. 0:00:34.680000 --> 0:00:37.260000 Here is your laptop. 0:00:37.260000 --> 0:00:39.380000 You are the network administrator. 0:00:39.380000 --> 0:00:48.300000 And let's say that here is a router or it could be a switch, any networking 0:00:48.300000 --> 0:00:50.720000 device that you want to manage. 0:00:50.720000 --> 0:00:55.520000 In other words, you want to get in and control the command line interface. 0:00:55.520000 --> 0:00:58.860000 So you can configure troubleshoot and debug this device. 0:00:58.860000 --> 0:01:03.620000 Well, the management plane is all of those physical things. 0:01:03.620000 --> 0:01:09.060000 For example, your net card, the cable connected to your net card, the 0:01:09.060000 --> 0:01:16.100000 net card on the router, and the logical things such as the software, such 0:01:16.100000 --> 0:01:22.700000 as the iOS on the router that responds to your incoming management request. 0:01:22.700000 --> 0:01:27.800000 So for example, if I was managing this router via the console port, well, 0:01:27.800000 --> 0:01:32.860000 then the physical things would be my serial or USB port on my laptop, 0:01:32.860000 --> 0:01:37.740000 the blue sort of flat satin cable that they give you, the console port 0:01:37.740000 --> 0:01:42.760000 on the router itself, and then the software processes within the router 0:01:42.760000 --> 0:01:47.080000 or the switch that respond to whatever is connected to that console port. 0:01:47.080000 --> 0:01:50.700000 All of that would be part of the management plane. 0:01:50.700000 --> 0:02:03.320000 If we're talking about wanting to manage this router or switch, once again, 0:02:03.320000 --> 0:02:07.340000 remotely via Telnet, okay, well, then the management plane also includes 0:02:07.340000 --> 0:02:11.040000 things like what is the Telnet client that you're using on your laptop? 0:02:11.040000 --> 0:02:14.360000 Are you using putty secure CRT hyper terminal? 0:02:14.360000 --> 0:02:18.280000 The choice of that application and what that application is doing is operating 0:02:18.280000 --> 0:02:23.220000 in the management plane because putty secure CRT hyper terminal, they're 0:02:23.220000 --> 0:02:28.380000 designed to help you manage or control a remote device like a router or 0:02:28.380000 --> 0:02:29.940000 a switch or a firewall. 0:02:29.940000 --> 0:02:36.500000 Similarly, when your Telnet session goes across your Ethernet cable and 0:02:36.500000 --> 0:02:39.440000 terminates on the router, what is it on the router that's terminating 0:02:39.440000 --> 0:02:42.480000 or I should say responding to that Telnet session? 0:02:42.480000 --> 0:02:46.660000 Well, in the router, it would be something called a VTY line, right? 0:02:46.660000 --> 0:02:49.380000 A VTY line is what terminates a Telnet session. 0:02:49.380000 --> 0:02:54.620000 You would also need an interface, like a fast Ethernet interface or something 0:02:54.620000 --> 0:02:56.620000 that has an IP address on it. 0:02:56.620000 --> 0:02:59.780000 If this interface here doesn't have an IP address, you're telling that 0:02:59.780000 --> 0:03:01.620000 packets of no place they can go. 0:03:01.620000 --> 0:03:05.760000 So that interface and its IP address are part of the management plane. 0:03:05.760000 --> 0:03:12.020000 So think of like a geometric plane and all as you're trying to get from 0:03:12.020000 --> 0:03:17.720000 your laptop to manage a device, all the things your data has to go across 0:03:17.720000 --> 0:03:19.460000 physically and logically. 0:03:19.460000 --> 0:03:24.160000 Software processes included that have to handle that data till ultimately, 0:03:24.160000 --> 0:03:28.420000 when I guess for its remote destination, that is the management plane. 0:03:28.420000 --> 0:03:33.600000 Now, the data plane is simply another plane, but this is actually the 0:03:33.600000 --> 0:03:34.540000 forwarding of data. 0:03:34.540000 --> 0:03:39.900000 As data is leaving your laptop and going to iene.com or google.com, once 0:03:39.900000 --> 0:03:45.000000 again, the data plane is your, well, whatever software you're using, like 0:03:45.000000 --> 0:03:50.280000 hyper terminal or not hyper terminal, like your web browser, Google Chrome, 0:03:50.280000 --> 0:03:52.460000 Internet Explorer, Microsoft Edge, right? 0:03:52.460000 --> 0:03:56.080000 That stuff is not really designed to manage network devices. 0:03:56.080000 --> 0:03:59.800000 It's designed to create data and then send data to a server somewhere. 0:03:59.800000 --> 0:04:04.060000 So if that software, that application would be part of the data plane, 0:04:04.060000 --> 0:04:06.940000 then it goes down to your nip card out on the ethernet cable. 0:04:06.940000 --> 0:04:08.920000 That's part of the data plane. 0:04:08.920000 --> 0:04:13.640000 And then similarly, as that data is going along, okay, when it first hits 0:04:13.640000 --> 0:04:19.680000 probably a network switch, this physical interface where it's coming in, 0:04:19.680000 --> 0:04:21.220000 part of the data plane. 0:04:21.220000 --> 0:04:24.660000 Now, when that ethernet frame gets to the switch, whatever the switch 0:04:24.660000 --> 0:04:28.500000 uses to look up that frame to determine, what do I do with this thing? 0:04:28.500000 --> 0:04:29.440000 Do I forward it? 0:04:29.440000 --> 0:04:32.420000 Do I drop it? If I do forward it, where does it go? 0:04:32.420000 --> 0:04:36.340000 However, it answers that question wherever it looks to find the answer 0:04:36.340000 --> 0:04:38.980000 to that is part of the data plane. 0:04:38.980000 --> 0:04:41.940000 So for example, we might be talking about a MAC address table. 0:04:41.940000 --> 0:04:49.840000 So the MAC table in the switch is a classic example of a table that's 0:04:49.840000 --> 0:04:54.880000 used to forward the data to decide what to do with this data. 0:04:54.880000 --> 0:04:59.020000 The outgoing interface part of the data plane, if we get to a router, 0:04:59.020000 --> 0:05:00.540000 it's incoming interface. 0:05:00.540000 --> 0:05:04.380000 Now, when it looks something up, it's going to look it up in the routing 0:05:04.380000 --> 0:05:13.420000 table. Okay, well, the routing table is also part of the data plane. 0:05:13.420000 --> 0:05:17.160000 Without a router, without a routing table, this data stops. 0:05:17.160000 --> 0:05:20.520000 It can't keep going along the plane until it gets to its destination. 0:05:20.520000 --> 0:05:23.740000 It has to stop, this router would have no idea what to do with it. 0:05:23.740000 --> 0:05:27.120000 So those are concepts of management plane and data plane. 0:05:27.120000 --> 0:05:31.300000 So it all starts with management means I'm talking about management information. 0:05:31.300000 --> 0:05:34.540000 I'm trying to manage, I'm trying to get to the command line or maybe send 0:05:34.540000 --> 0:05:36.640000 SNMP or send telnet. 0:05:36.640000 --> 0:05:39.980000 Basically, I'm trying to manage a networking device and you have to sort 0:05:39.980000 --> 0:05:44.720000 of visualize, okay, what all is happening in your laptop to make that 0:05:44.720000 --> 0:05:48.700000 happen. That's part of the management plane and all the processes and 0:05:48.700000 --> 0:05:51.600000 physical things until it gets to its remote destination. 0:05:51.600000 --> 0:05:52.960000 That's part of the management plane. 0:05:52.960000 --> 0:05:58.160000 Data plane is actual user data, web browsing, email, file transfer. 0:05:58.160000 --> 0:05:59.060000 That's all considered. 0:05:59.060000 --> 0:06:04.240000 So in that case, when data is flowing through a router switch. 0:06:04.240000 --> 0:06:09.240000 So as data comes into a router switch, if that data is not trying to manage 0:06:09.240000 --> 0:06:13.120000 the device, if that data is just trying to get through that router switch 0:06:13.120000 --> 0:06:16.980000 to ultimately get to a server at the remote end, then we have to ask ourselves, 0:06:16.980000 --> 0:06:25.240000 okay, what are the components, which they're facilitating getting that 0:06:25.240000 --> 0:06:30.760000 data through, whatever those components are, they reside in the data plane. 0:06:30.760000 --> 0:06:33.020000 Okay. So that being the case. 0:06:33.020000 --> 0:06:37.060000 Let's talk about first of all, what this thing called a switched virtual 0:06:37.060000 --> 0:06:40.860000 interface is from the perspective of the management plane. 0:06:40.860000 --> 0:06:43.160000 How can this help us manage a switch? 0:06:43.160000 --> 0:06:45.840000 Remember, what we're talking about now is this, this thing I'm going to 0:06:45.840000 --> 0:06:49.840000 talk about, switch virtual interface is how do I use it? 0:06:49.840000 --> 0:06:53.980000 How can it be a tool for me so I can manage the switch so I can get access 0:06:53.980000 --> 0:06:57.260000 to the command line of the switch so I can maybe ping the switch, tell 0:06:57.260000 --> 0:06:58.300000 me it's the switch. 0:06:58.300000 --> 0:07:00.520000 How is it helpful for that? 0:07:00.520000 --> 0:07:05.160000 Okay. So this circle here represents a VLAN. 0:07:05.160000 --> 0:07:07.860000 You know, we've talked a little bit about VLANs in this series. 0:07:07.860000 --> 0:07:12.360000 I'm sure you guys have studied VLANs extensively in your own research. 0:07:12.360000 --> 0:07:16.980000 And all of these little sort of rectangles or boxes here represent layer 0:07:16.980000 --> 0:07:20.680000 three devices, devices with IP addresses. 0:07:20.680000 --> 0:07:24.460000 Let's just stick with IP version four for now just to keep it simple. 0:07:24.460000 --> 0:07:28.320000 So these are all devices with IP before addresses that are in this VLAN. 0:07:28.320000 --> 0:07:31.180000 Okay. So if they're in the VLAN, we're talking about devices that are 0:07:31.180000 --> 0:07:34.200000 hardwired devices have ethernet cables running to them. 0:07:34.200000 --> 0:07:39.300000 So servers, laptops, PCs, you know, maybe phones. 0:07:39.300000 --> 0:07:41.480000 Okay. So those are all layer three devices. 0:07:41.480000 --> 0:07:43.240000 So each device has an IP address. 0:07:43.240000 --> 0:07:47.380000 Their networking bits are all the same because they're all in the same 0:07:47.380000 --> 0:07:52.440000 VLAN. And what is sort of keeping them secure? 0:07:52.440000 --> 0:07:58.000000 What's sort of enforcing the boundaries of the VLAN is the switch that 0:07:58.000000 --> 0:07:59.580000 they're connected to. 0:07:59.580000 --> 0:08:05.620000 Now, if I am a network administrator, so for example, if I'm sitting on 0:08:05.620000 --> 0:08:09.980000 this device right here, if that's me, my laptop, and I say, well, I'm 0:08:09.980000 --> 0:08:15.440000 happy that these switch ports are providing me my boundary of my VLAN. 0:08:15.440000 --> 0:08:19.500000 I'm happy to know that my laptop is only constrained to talking in here, 0:08:19.500000 --> 0:08:23.240000 that any broadcast I send will only stay in that circle. 0:08:23.240000 --> 0:08:27.700000 Great. But I actually want to be able to get to the switch. 0:08:27.700000 --> 0:08:32.540000 I want to be able to send packets to the switch itself so I can tell net 0:08:32.540000 --> 0:08:36.160000 to it so I can establish an SSH connection to it. 0:08:36.160000 --> 0:08:39.420000 I want to send IP packets so I can manage the switch. 0:08:39.420000 --> 0:08:43.960000 I can get access to its command line and configure and troubleshoot it. 0:08:43.960000 --> 0:08:50.520000 Well, these interfaces right here are layer two switch ports by default, 0:08:50.520000 --> 0:08:53.020000 which means they expect one of two things. 0:08:53.020000 --> 0:08:56.680000 They either expect to be in a single VLAN, switch port mode access means 0:08:56.680000 --> 0:09:01.620000 they're in one VLAN, like VLAN X, or they're expecting to be in multiple 0:09:01.620000 --> 0:09:04.120000 VLANs, configured as trunks. 0:09:04.120000 --> 0:09:06.740000 Now in this case, I would expect all these interfaces to be configured 0:09:06.740000 --> 0:09:10.360000 as access to this is. 0:09:10.360000 --> 0:09:14.220000 One thing they do not support are IP addresses. 0:09:14.220000 --> 0:09:17.740000 If I try to go on to a switch's interface and put an IP address on that 0:09:17.740000 --> 0:09:21.080000 interface like I would do on a router, it will not let me. 0:09:21.080000 --> 0:09:23.120000 You'll say this is a layer two interface. 0:09:23.120000 --> 0:09:27.460000 This is not a standalone host in a group like this or like this or like 0:09:27.460000 --> 0:09:32.260000 this. This interface is just sort of facilitating group communication. 0:09:32.260000 --> 0:09:34.640000 It's sort of bundled with a bunch of other interfaces are in the exact 0:09:34.640000 --> 0:09:39.700000 same group in the same VLAN, but it does not support an IP address. 0:09:39.700000 --> 0:09:42.540000 So that leaves me with a perplexing question. 0:09:42.540000 --> 0:09:47.760000 How do I ping or tell not to the switch if I can't put an IP address on 0:09:47.760000 --> 0:09:49.520000 it? Because I need an IP address. 0:09:49.520000 --> 0:09:54.000000 It's at the exact same subnet as the VLAN that I'm in right now. 0:09:54.000000 --> 0:09:59.860000 And the solution to that is, well, we take an unused IP address in this 0:09:59.860000 --> 0:10:04.880000 VLAN and instead of configuring it right on a physical interface, we're 0:10:04.880000 --> 0:10:09.360000 going to create a logical interface called a switched virtual interface 0:10:09.360000 --> 0:10:14.800000 or an SVI. And we're going to put our IP address right there. 0:10:14.800000 --> 0:10:18.000000 So once again, we're talking about management purposes here. 0:10:18.000000 --> 0:10:24.260000 So if this as an example, if all this, if I had created this circle as 0:10:24.260000 --> 0:10:32.440000 VLAN, let's say eight and all these interfaces here, we're switch ports 0:10:32.440000 --> 0:10:41.820000 in VLAN eight. And all the devices are eight dot eight dot eight dot something 0:10:41.820000 --> 0:10:43.860000 slash twenty four. 0:10:43.860000 --> 0:10:47.500000 That is the subnet that I'm using for this VLAN. 0:10:47.500000 --> 0:10:53.160000 Then I first have to ask myself, what is an unused address in that subnet 0:10:53.160000 --> 0:10:56.340000 that's not used currently by all these orange devices? 0:10:56.340000 --> 0:11:00.980000 Maybe eight dot eight dot eight dot twenty slash twenty four. 0:11:00.980000 --> 0:11:03.160000 Okay, that's an unused device. 0:11:03.160000 --> 0:11:05.620000 I want to put an unused IP address. 0:11:05.620000 --> 0:11:09.860000 I want to put that IP address on the switch somewhere so I can ping it 0:11:09.860000 --> 0:11:13.920000 so I can tell that to it so I can SSH to it. 0:11:13.920000 --> 0:11:16.280000 Can't put on a physical interface. 0:11:16.280000 --> 0:11:20.640000 So what I would do is I would go into the switch and I would create an 0:11:20.640000 --> 0:11:25.420000 interface that didn't exist before, a logical switched virtual interface. 0:11:25.420000 --> 0:11:30.860000 So from global configuration mode. 0:11:30.860000 --> 0:11:39.660000 To create a switch virtual interface, all you type is interface VLAN. 0:11:39.660000 --> 0:11:42.480000 And remember, what is this interface VLAN being used for? 0:11:42.480000 --> 0:11:45.460000 It's going to be a place where I stick my eight, eight, eight, twenty 0:11:45.460000 --> 0:11:49.560000 IP address. Well, for eight dot eight dot eight dot twenty to be reachable 0:11:49.560000 --> 0:11:54.320000 by all those devices in the circle, all those devices in the circle are 0:11:54.320000 --> 0:11:57.860000 in VLAN eight. So that IP address I'm configuring eight, eight, eight, 0:11:57.860000 --> 0:12:01.320000 twenty also has to be reachable via VLAN eight. 0:12:01.320000 --> 0:12:08.600000 So my switched virtual interface would be interface VLAN eight. 0:12:08.600000 --> 0:12:14.100000 And then from here, so that's going to put me into config dash if mode 0:12:14.100000 --> 0:12:18.140000 as if I was in a physical interface, which I'm not, I'm in a logical interface, 0:12:18.140000 --> 0:12:20.540000 an interface I just made up in the software. 0:12:20.540000 --> 0:12:30.100000 And from here, I can type my IP address. 0:12:30.100000 --> 0:12:35.380000 So I have just created a switched virtual interface. 0:12:35.380000 --> 0:12:39.440000 A lot of people call them interface VLANs because that's the way you configure 0:12:39.440000 --> 0:12:42.920000 it is by typing interface VLAN and then a number. 0:12:42.920000 --> 0:12:48.180000 But technically this thing is called a switched virtual interface. 0:12:48.180000 --> 0:12:52.000000 Now, let me make one big, very important point of clarification here. 0:12:52.000000 --> 0:12:56.400000 A lot of times people who are just learning about this get confused between 0:12:56.400000 --> 0:13:01.880000 the difference between a VLAN and a switched virtual interface. 0:13:01.880000 --> 0:13:12.500000 Okay. So this interface VLAN right here has nothing to do with this circle. 0:13:12.500000 --> 0:13:19.260000 I shouldn't say has nothing to do with the circle, but I mentioned in 0:13:19.260000 --> 0:13:23.140000 the previous video and other CCNA videos that you may have watched that 0:13:23.140000 --> 0:13:27.340000 when you decide that you want to group a bunch of devices into a single 0:13:27.340000 --> 0:13:31.800000 VLAN. First thing you have to ask yourself is, okay, what VLAN number 0:13:31.800000 --> 0:13:32.940000 am I going to select? 0:13:32.940000 --> 0:13:36.840000 I need to select a VLAN number that's currently unused. 0:13:36.840000 --> 0:13:41.020000 Let's say I said VLAN eight, let's say VLAN eight is not used right now. 0:13:41.020000 --> 0:13:44.560000 I said, okay, once you've selected your VLAN number, working with layer 0:13:44.560000 --> 0:13:47.320000 two VLANs. So we're talking about working with broadcast domains now. 0:13:47.320000 --> 0:13:51.280000 Nothing to do with layer three with the networking layer of the OSI model, 0:13:51.280000 --> 0:13:52.660000 purely layer two. 0:13:52.660000 --> 0:13:56.100000 Working with layer two VLANs, I said was a two step process. 0:13:56.100000 --> 0:14:00.960000 Step number one was you created the broadcast domain. 0:14:00.960000 --> 0:14:07.280000 In other words, you gave the broadcast domain a name VLAN eight. 0:14:07.280000 --> 0:14:09.080000 So look at the difference here. 0:14:09.080000 --> 0:14:15.660000 On the left, I have just created a broadcast domain known as VLAN eight. 0:14:15.660000 --> 0:14:18.020000 That's not what I'm doing on the right. 0:14:18.020000 --> 0:14:23.700000 On the right, I'm just putting a layer three interface into that existing 0:14:23.700000 --> 0:14:26.560000 broadcast domain known as VLAN eight. 0:14:26.560000 --> 0:14:30.980000 This is just a layer three interface in that VLAN, the same as all these 0:14:30.980000 --> 0:14:36.360000 sort of reddish orange boxes are also layer three interfaces in the VLAN. 0:14:36.360000 --> 0:14:44.900000 So once I create my VLAN, then I can go to my very, my physical interfaces. 0:14:44.900000 --> 0:14:50.720000 Like interface fast, Ethan, at zero one, which puts me in a config dash 0:14:50.720000 --> 0:14:57.520000 I F mode. And now I can assign that interface as one port among many in 0:14:57.520000 --> 0:15:05.040000 that VLAN. I say switch port mode access, which means you are allowed 0:15:05.040000 --> 0:15:06.580000 to be in one VLAN only. 0:15:06.580000 --> 0:15:10.520000 Now he's going to assume it's VLAN one until I tell him differently. 0:15:10.520000 --> 0:15:19.740000 So then I say switch port access VLAN eight. 0:15:19.740000 --> 0:15:22.340000 So those are differences right here. 0:15:22.340000 --> 0:15:27.740000 Here I have created a broadcast domain and given it a name. 0:15:27.740000 --> 0:15:35.660000 Here I have placed a physical interface into that group. 0:15:35.660000 --> 0:15:40.840000 Here I have created a logical interface and put it in that group. 0:15:40.840000 --> 0:15:44.700000 Just simply by telling the logical interface the number eight, it puts 0:15:44.700000 --> 0:15:46.980000 it into this group. 0:15:46.980000 --> 0:15:51.220000 So here I have just created this. 0:15:51.220000 --> 0:16:01.380000 Now it used to be on some older switching platforms that if you created 0:16:01.380000 --> 0:16:06.380000 a switched virtual interface, before you created the VLAN itself. 0:16:06.380000 --> 0:16:10.860000 Like let's say I typed in interface VLAN eight and enter, but I had not 0:16:10.860000 --> 0:16:14.860000 yet actually created the broadcast domain known as VLAN eight. 0:16:14.860000 --> 0:16:18.720000 It used to be that the switch virtual interface would just stay in the 0:16:18.720000 --> 0:16:22.660000 downstate. And there's nothing it could do because you had created a layer 0:16:22.660000 --> 0:16:26.460000 three interface for VLAN and the switch said, well, I'm not aware of any 0:16:26.460000 --> 0:16:29.180000 VLAN, whatever. I'm not aware of any VLAN eight. 0:16:29.180000 --> 0:16:32.540000 So this layer three interface, I'm just going to have to hold it and pause 0:16:32.540000 --> 0:16:37.080000 until you tell me that VLAN eight actually exists. 0:16:37.080000 --> 0:16:41.020000 In most switches these days, however, if you create a layer three interface, 0:16:41.020000 --> 0:16:46.340000 for example, like interface VLAN 27, but you don't have VLAN 27 itself 0:16:46.340000 --> 0:16:51.220000 configured yet, the switch will be smart enough to say, oh, well, if I 0:16:51.220000 --> 0:16:55.100000 have an interface VLAN 27, that means I need to have a broadcast domain 0:16:55.100000 --> 0:16:56.480000 known as VLAN 27. 0:16:56.480000 --> 0:17:00.540000 And since I don't have one, I'll create one myself. 0:17:00.540000 --> 0:17:04.360000 So in most newer switches these days, Cisco switches, if you create the 0:17:04.360000 --> 0:17:08.520000 interface VLAN, it will create the VLAN by itself dynamically on the side. 0:17:08.520000 --> 0:17:12.000000 But but practically speaking, that's the wrong order. 0:17:12.000000 --> 0:17:13.800000 You really don't want to do it in that order. 0:17:13.800000 --> 0:17:18.700000 The correct order is create the layer two VLAN first, put all of your 0:17:18.700000 --> 0:17:23.640000 switch ports into that VLAN that need to be in that VLAN, and then create 0:17:23.640000 --> 0:17:26.580000 your switched virtual interface. 0:17:26.580000 --> 0:17:29.360000 Now let's go back to that idea of a switch virtual interface here for 0:17:29.360000 --> 0:17:33.440000 just a second. So let's say I create that. 0:17:33.440000 --> 0:17:41.520000 So once again, this, uh, this VLAN is VLAN eight, which I have already 0:17:41.520000 --> 0:17:46.460000 created at the global configuration level previously, like that. 0:17:46.460000 --> 0:17:51.040000 And I've already assigned these interfaces here to be part of eight. 0:17:51.040000 --> 0:17:55.800000 So let's just assume that that's all done. 0:17:55.800000 --> 0:18:00.900000 Now I create interface VLAN eight. 0:18:00.900000 --> 0:18:02.940000 Put my IP address into that. 0:18:02.940000 --> 0:18:07.860000 My IP address that is not used yet in this particular subnet. 0:18:07.860000 --> 0:18:13.300000 There we go. Well, this logical interface is actually going to come up 0:18:13.300000 --> 0:18:17.660000 with a layer two MAC address, just like a physical interface would. 0:18:17.660000 --> 0:18:20.180000 Let's you don't have to configure it. 0:18:20.180000 --> 0:18:21.840000 It's going to come up with it by itself. 0:18:21.840000 --> 0:18:24.840000 So let's just say that I'm going to put in parentheses here, but let's 0:18:24.840000 --> 0:18:30.900000 say that it's MAC address was zero two one one two two two two three three 0:18:30.900000 --> 0:18:34.700000 three three. Let's say that it that was its layer two MAC address. 0:18:34.700000 --> 0:18:44.960000 Now when I am right here, so let's say that this is me. 0:18:44.960000 --> 0:18:51.300000 I am the network admin. 0:18:51.300000 --> 0:18:58.200000 Net admin PC. And I want to tell net to this switch. 0:18:58.200000 --> 0:19:01.220000 Well, now I have an IP address I can use to get to it. 0:19:01.220000 --> 0:19:04.180000 I could tell net to eight eight eight twenty. 0:19:04.180000 --> 0:19:09.140000 Now when I do that, now my PC, let's say my PC is eight eight eight dot 0:19:09.140000 --> 0:19:14.160000 seven. When I tell net to eight eight twenty, my laptop's going to say, 0:19:14.160000 --> 0:19:17.960000 oh, that's in the same broadcast domain as me because I am eight eight 0:19:17.960000 --> 0:19:23.260000 eight. And my subnet mask is slash twenty four and the destination I'm 0:19:23.260000 --> 0:19:26.540000 trying to reach is eight eight eight. 0:19:26.540000 --> 0:19:29.140000 So therefore my device will arp. 0:19:29.140000 --> 0:19:33.700000 It'll send an ARP request for eight eight eight twenty. 0:19:33.700000 --> 0:19:37.760000 When that ARP request comes in, it's coming in on an interface that's 0:19:37.760000 --> 0:19:40.040000 configured to be in VLAN eight. 0:19:40.040000 --> 0:19:45.680000 The switch will broadcast that ARP request out as well as processing that 0:19:45.680000 --> 0:19:49.860000 ARP request itself because the switch will say, hey, I also have a layer 0:19:49.860000 --> 0:19:51.620000 three IP address in VLAN eight. 0:19:51.620000 --> 0:19:53.980000 So maybe this ARP is for me. 0:19:53.980000 --> 0:19:55.580000 And sure enough it is. 0:19:55.580000 --> 0:19:59.600000 When the switches CPU unpacks the ARP request and looks at it, it will 0:19:59.600000 --> 0:20:03.800000 realize, oh, somebody's actually arping for me at eight eight twenty. 0:20:03.800000 --> 0:20:06.940000 And because I'm in interface because I'm in VLAN eight, I can respond 0:20:06.940000 --> 0:20:10.820000 to that. And so that interface VLAN that switch virtual interface will 0:20:10.820000 --> 0:20:12.360000 send an ARP reply back. 0:20:12.360000 --> 0:20:17.560000 And now my laptop, my net admin PC will learn the MAC address. 0:20:17.560000 --> 0:20:19.640000 This associate with that SVI. 0:20:19.640000 --> 0:20:27.400000 Now, if I had other interfaces on the switch and they were in a different 0:20:27.400000 --> 0:20:33.500000 VLAN, like let's say VLAN seventy seven. 0:20:33.500000 --> 0:20:37.480000 And I want to provide them with an IP address on the switch that they 0:20:37.480000 --> 0:20:40.380000 could use. Let's say there was a network administrator over here. 0:20:40.380000 --> 0:20:45.140000 And I want him to have an IP address in his network, which is let's say 0:20:45.140000 --> 0:20:49.300000 seventy seven dot one two zero. 0:20:49.300000 --> 0:20:52.400000 Let's say that's their network. 0:20:52.400000 --> 0:20:57.420000 Then I would need to provide an IP address over here. 0:20:57.420000 --> 0:21:00.540000 And guess what? I would do the exact same procedure. 0:21:00.540000 --> 0:21:03.580000 I've already got an interface VLAN eight. 0:21:03.580000 --> 0:21:10.860000 But that interface VLAN eight is not useful for managing the switch unless 0:21:10.860000 --> 0:21:13.140000 you are in VLAN eight. 0:21:13.140000 --> 0:21:17.180000 I need an interface VLAN seventy seven. 0:21:17.180000 --> 0:21:22.040000 So I can talk to so that people in VLAN seventy seven can manage the switch. 0:21:22.040000 --> 0:21:27.220000 So that is the concept of creating and using a switch virtual interface 0:21:27.220000 --> 0:21:30.600000 for the management plane for management purposes. 0:21:30.600000 --> 0:21:33.880000 Now a lot of times at the CCNA level, that's how they first introduced 0:21:33.880000 --> 0:21:38.560000 this concept of a switched virtual interface also called an interface 0:21:38.560000 --> 0:21:43.920000 VLAN. They say, look, and a lot of times the way they'll do it is they'll 0:21:43.920000 --> 0:21:45.800000 just focus on VLAN one. 0:21:45.800000 --> 0:21:51.720000 They'll say, hey, because actually VLAN one contains a switch virtual 0:21:51.720000 --> 0:21:53.500000 interface already by default. 0:21:53.500000 --> 0:21:55.180000 You don't have to create it. 0:21:55.180000 --> 0:21:58.880000 So if you go into any switch, any brand new Cisco switch, turn on and 0:21:58.880000 --> 0:22:00.320000 you do a show run. 0:22:00.320000 --> 0:22:04.000000 You'll see that you have an interface VLAN one that already exists. 0:22:04.000000 --> 0:22:07.100000 Now that interface VLAN one does not have an IP address on it. 0:22:07.100000 --> 0:22:09.560000 So you have to put the IP address on there. 0:22:09.560000 --> 0:22:12.660000 And then a lot of CCNA materials will say, look, just put an interface, 0:22:12.660000 --> 0:22:16.440000 put an IP address on interface VLAN one. 0:22:16.440000 --> 0:22:20.000000 Interface VLAN one. 0:22:20.000000 --> 0:22:22.140000 Put an IP address on that. 0:22:22.140000 --> 0:22:27.960000 That's appropriate with two that's similar to all the other IP addresses 0:22:27.960000 --> 0:22:30.020000 you have of hosts in VLAN one. 0:22:30.020000 --> 0:22:33.280000 So let's say in VLAN one, all my hosts are 1.1.1. 0:22:33.280000 --> 0:22:39.800000 Something. I'll give this guy 1.1.1.20. 0:22:39.800000 --> 0:22:44.840000 Do a no shutdown because this is a layer three interface. 0:22:44.840000 --> 0:22:47.700000 You see layer two interfaces connect, you know, switch ports. 0:22:47.700000 --> 0:22:49.580000 Those are up by default. 0:22:49.580000 --> 0:22:52.300000 Layer three interfaces are not necessarily up by default. 0:22:52.300000 --> 0:22:54.080000 So you have to do a no shutdown. 0:22:54.080000 --> 0:22:57.380000 So now you've got a switch virtual interface that you can use to manage 0:22:57.380000 --> 0:23:03.680000 the switch. Well, that's true if your network administrators are in VLAN 0:23:03.680000 --> 0:23:07.840000 one. What if your network administrator's PC is in VLAN eight? 0:23:07.840000 --> 0:23:11.540000 If your network administrator is in VLAN eight, he or she can't reach 0:23:11.540000 --> 0:23:13.100000 that IP address. 0:23:13.100000 --> 0:23:17.740000 Because that IP address is only reachable within the broadcast domain 0:23:17.740000 --> 0:23:19.300000 known as VLAN one. 0:23:19.300000 --> 0:23:22.900000 So I would have to create another interface VLAN. 0:23:22.900000 --> 0:23:28.340000 Put another IP address on it that's suitable for VLAN eight. 0:23:28.340000 --> 0:23:34.220000 Make sure I do no shutdown on that. 0:23:34.220000 --> 0:23:39.680000 And now anybody in that broadcast domain can reach the switch via this 0:23:39.680000 --> 0:23:45.920000 IP address. So that is using a switch virtual interface purely for management 0:23:45.920000 --> 0:23:50.780000 purposes. Just so I have something I can ping or tell not to or SSH on 0:23:50.780000 --> 0:23:54.420000 the switch. But this video series is not about that. 0:23:54.420000 --> 0:23:57.800000 This video series is about inter VLAN routing. 0:23:57.800000 --> 0:24:01.940000 And this exact same concept of a switch virtual interface can be used 0:24:01.940000 --> 0:24:04.080000 for that as well. 0:24:04.080000 --> 0:24:07.080000 Let's take a look at that. 0:24:07.080000 --> 0:24:13.300000 So previously you learned that back in the old days when all switches 0:24:13.300000 --> 0:24:16.540000 could do were look at MAC addresses and compared against a MAC address 0:24:16.540000 --> 0:24:20.200000 table. We're talking about layer two switches that in order to do inter 0:24:20.200000 --> 0:24:24.980000 VLAN routing, you need to have a physical router like this circle right 0:24:24.980000 --> 0:24:27.000000 here. And we talked about that. 0:24:27.000000 --> 0:24:32.220000 We said that well, you know, you could run two, if I have two VLANs, I 0:24:32.220000 --> 0:24:36.280000 could run two physical cables to the router and then put each cable on 0:24:36.280000 --> 0:24:38.220000 the router into a different subnet. 0:24:38.220000 --> 0:24:44.180000 We said or using the router on a stick method, I could just do 802.1Q 0:24:44.180000 --> 0:24:49.280000 trunking here and then use sub interfaces on the router to route back 0:24:49.280000 --> 0:24:51.820000 and forth between the VLANs. 0:24:51.820000 --> 0:24:57.460000 But in today's networks, we'll scroll down here, most switches today are 0:24:57.460000 --> 0:25:00.440000 capable of routing as well as switching. 0:25:00.440000 --> 0:25:02.740000 Not all of them, but most of them. 0:25:02.740000 --> 0:25:06.940000 So here's where we can reuse this concept of a switch virtual interface 0:25:06.940000 --> 0:25:09.600000 for routing purposes. 0:25:09.600000 --> 0:25:14.280000 All right, so let's go back to management for just a second. 0:25:14.280000 --> 0:25:18.600000 Let's say that I wanted to create a layer three switch virtual interface 0:25:18.600000 --> 0:25:22.260000 for VLAN two, so these two people could ping it and they could tell not 0:25:22.260000 --> 0:25:25.460000 to it. All right, so let's do that. 0:25:25.460000 --> 0:25:29.640000 I'm going to first create an interface VLAN two because actually I already 0:25:29.640000 --> 0:25:32.140000 have my VLAN two configured here. 0:25:32.140000 --> 0:25:37.900000 So I would say interface VLAN two, put an IP address on there that's a 0:25:37.900000 --> 0:25:41.180000 auto-vac, host address that's not currently allocated to anything else, 0:25:41.180000 --> 0:25:44.340000 like maybe that one. 0:25:44.340000 --> 0:25:48.020000 And a subnet mass that's the same as all the hosts, don't forget about 0:25:48.020000 --> 0:25:50.480000 your no shutdown command. 0:25:50.480000 --> 0:25:53.780000 And then I'm going to create a switch virtual interface for VLAN three, 0:25:53.780000 --> 0:25:56.100000 just like we did previously. 0:25:56.100000 --> 0:26:01.840000 Interface VLAN three, IP address, let's use an unused address in that 0:26:01.840000 --> 0:26:11.320000 subnet. No shutdown. 0:26:11.320000 --> 0:26:16.780000 All right, and we also know that these two switched virtual interfaces 0:26:16.780000 --> 0:26:21.040000 are going to dynamically be allocated MAC addresses. 0:26:21.040000 --> 0:26:24.520000 It's not part of my running config, but it is there. 0:26:24.520000 --> 0:26:27.400000 It is viewable with another command. 0:26:27.400000 --> 0:26:31.640000 So let's just say the MAC address here was zero, zero, zero, two, and 0:26:31.640000 --> 0:26:36.340000 then just make it a bunch of threes. 0:26:36.340000 --> 0:26:40.060000 All right, so that's the MAC address of that switched virtual interface, 0:26:40.060000 --> 0:26:46.240000 that SVI, and let's just give a MAC address to this one. 0:26:46.240000 --> 0:26:58.240000 Okay, now with what I've configured right here so far, my hosts in VLAN 0:26:58.240000 --> 0:27:08.420000 two have an IP address on the switch that they can use to telnet to, to 0:27:08.420000 --> 0:27:11.420000 SSH to, to to to to.50. 0:27:11.420000 --> 0:27:15.460000 My hosts in VLAN three also have an IP address on the switch that they 0:27:15.460000 --> 0:27:17.420000 can use to telnet to. 0:27:17.420000 --> 0:27:25.380000 Now, if I want to interview land routing, two more steps I have to do. 0:27:25.380000 --> 0:27:28.340000 First step is not on the switch at all. 0:27:28.340000 --> 0:27:32.380000 I have to go to my DHCP server because remember these hosts are most likely 0:27:32.380000 --> 0:27:33.840000 getting their IP addresses via DHCP. 0:27:33.840000 --> 0:27:37.660000 I have to go to that DHCP server and I have to configure the server to 0:27:37.660000 --> 0:27:42.540000 say, hey, when you have a DHCP pool for VLAN two, which is the two to 0:27:42.540000 --> 0:27:46.040000 two network, I need to configure the server to allocate the default gateway 0:27:46.040000 --> 0:27:49.260000 of two to two 50. 0:27:49.260000 --> 0:27:53.900000 I'm going to give that my SVI's IP address as the default gateway. 0:27:53.900000 --> 0:27:55.500000 Same thing for VLAN three. 0:27:55.500000 --> 0:27:56.460000 So that's step number one. 0:27:56.460000 --> 0:28:00.560000 You have to do something so that the users in the VLANs learn that their 0:28:00.560000 --> 0:28:04.300000 default gateways IP address is actually what you've configured on your 0:28:04.300000 --> 0:28:06.820000 switched virtual interfaces. 0:28:06.820000 --> 0:28:09.440000 And that's not really something you do in the switch that you do that 0:28:09.440000 --> 0:28:13.700000 on the DHCP server, or if any of your hosts have static IP addresses, 0:28:13.700000 --> 0:28:15.960000 you do it right within the host itself. 0:28:15.960000 --> 0:28:23.880000 Second step. You see, when we had a router, if I have a router that has 0:28:23.880000 --> 0:28:29.760000 two interfaces, whether it be two physical interfaces or two sub interfaces, 0:28:29.760000 --> 0:28:35.060000 and let's say it's like this, right there, and let's say this is fast 0:28:35.060000 --> 0:28:37.680000 ethernet zero slash one. 0:28:37.680000 --> 0:28:42.120000 And up here, we have fast ethernet zero slash zero, which is two to two, 0:28:42.120000 --> 0:28:46.400000 just to say three for the sake of argument. 0:28:46.400000 --> 0:28:52.760000 Without doing anything on our part as a network administrator, just by 0:28:52.760000 --> 0:28:56.920000 putting an IP address on a functional interface on a router, that creates 0:28:56.920000 --> 0:29:00.720000 a connected route in the routing table. 0:29:00.720000 --> 0:29:16.580000 So here we would have two connected routes, which means that if a packet 0:29:16.580000 --> 0:29:26.660000 comes into the router and the destination IP address, let's say the packet 0:29:26.660000 --> 0:29:30.280000 comes in on fast ethernet zero zero. 0:29:30.280000 --> 0:29:33.240000 So the packet was received right here. 0:29:33.240000 --> 0:29:40.080000 And the destination IP address is three, three, three, anything. 0:29:40.080000 --> 0:29:41.840000 It doesn't really matter what it is. 0:29:41.840000 --> 0:29:48.300000 Well, that will match a route in our routing table. 0:29:48.300000 --> 0:29:51.120000 They'll match this one. 0:29:51.120000 --> 0:29:55.440000 And so now that packing can be routed out, this interface right here. 0:29:55.440000 --> 0:30:00.560000 That's because IP version four routing is enabled by default. 0:30:00.560000 --> 0:30:03.320000 The moment that connected routes are put in the routing table, because 0:30:03.320000 --> 0:30:06.620000 all you did was put an IP address on interface, that router can route 0:30:06.620000 --> 0:30:09.580000 back and forth between those interfaces. 0:30:09.580000 --> 0:30:13.200000 That's not the case with switched virtual interfaces. 0:30:13.200000 --> 0:30:19.000000 When you create switched virtual interfaces, yes, you have two logical 0:30:19.000000 --> 0:30:21.940000 interfaces here that are known in software. 0:30:21.940000 --> 0:30:25.880000 They have two different IP addresses, but this switch will not allow you 0:30:25.880000 --> 0:30:27.520000 to route between them. 0:30:27.520000 --> 0:30:31.640000 In other words, if a layer three packet comes in going to two, two, two, 0:30:31.640000 --> 0:30:37.220000 50, he can respond, but he can't route a packet that came in on VLAN two 0:30:37.220000 --> 0:30:39.540000 and route it out VLAN three. 0:30:39.540000 --> 0:30:42.700000 And just the same, he can't route a packet that came in on VLAN three 0:30:42.700000 --> 0:30:44.780000 and route it out on VLAN two. 0:30:44.780000 --> 0:30:50.280000 Inter-VLAN routing or just IP routing in general is not enabled by default. 0:30:50.280000 --> 0:30:52.680000 So we have to turn it on. 0:30:52.680000 --> 0:30:58.140000 At the global configuration level, we simply type IP routing. 0:30:58.140000 --> 0:31:03.880000 Just with that one command, we've basically turned our switch into a router. 0:31:03.880000 --> 0:31:07.600000 Now we would see in the routing table that we have two connected routes. 0:31:07.600000 --> 0:31:12.360000 We have a route to the two, two, two network that's connected via VLAN 0:31:12.360000 --> 0:31:18.480000 two and another connected route in the three, three, three network via 0:31:18.480000 --> 0:31:24.920000 VLAN three. And now my switch virtual interfaces, if my laptops are pointing 0:31:24.920000 --> 0:31:29.800000 to those as their default gateways, those switch virtual interfaces can 0:31:29.800000 --> 0:31:32.900000 be used to route packets back and forth. 0:31:32.900000 --> 0:31:35.220000 I don't need an external router to do it. 0:31:35.220000 --> 0:31:40.520000 For every VLAN I've got on here, if I've got 200 VLANs, I could create 0:31:40.520000 --> 0:31:45.200000 200 switched virtual interfaces, one per VLAN. 0:31:45.200000 --> 0:31:52.120000 And once I enable IP routing, I can route between all those VLANs and 0:31:52.120000 --> 0:31:56.600000 switch virtual interfaces. 0:31:56.600000 --> 0:31:58.660000 So that concludes this particular video. 0:31:58.660000 --> 0:32:01.700000 In the next video, I'm actually going to configure this on a switch and 0:32:01.700000 --> 0:32:05.400000 we'll see how it works and we'll verify that it actually can be used for