Get Unlimited Access to 800 Cisco Lessons Now Get $1 Trial
You are here: Home » Cisco » CCNA Routing & Switching ICND1 100-105

IPv4 Address Configuration on Cisco IOS Catalyst Switch

To allow remote access to a Cisco IOS Catalyst switch with protocols like telnet or SSH, we need to configure an IP address on the switch. You also need this if you want to use any network management tools to monitor your switch.

On L2 switches, the IP address is only used for remote access to your switch. On L3 (multilayer) switches, we also use these SVI interfaces for routing.

Most switches have a lot of physical interfaces so where are we going to configure an IP address? Instead of using a physical interface, we often use a virtual interface called a SVI (Switch Virtual Interface). Here’s how to visualize this:

cisco switch virtual interface vlan 1

The IP address is configured on the SVI interface. All physical interfaces within the same VLAN will be able to communicate with this SVI interface.

The default VLAN on your Cisco Catalyst switch will be VLAN 1, all interfaces belong to this VLAN by default. This means that if you create a SVI interface for VLAN 1 and put an IP address on it, everyone will be able to reach it. It is possible to use access-lists to restrict which IP addresses are allowed but it’s better to create a separate VLAN for management. Here’s an illustration:

switch management vlan 20

On the left side, we have two hosts in VLAN 10. These will be able to communicate with each other since they are in the same VLAN. On the right side, we see a computer that is only used for management. This computer is connected to interface FastEthernet 0/3 and there is an SVI interface with IP address 192.168.20.1.

This management computer will be able to exchange IP packets with our switch. This is a nice and secure method to access the switch only from computers that are supposed to.

Configuration

Let me show you how to configure the SVI interface. First, you have to make sure you created the VLAN in the VLAN database:

SW1(config)#vlan 20
SW1(config-vlan)#exit

Now we can create a new SVI interface:

SW1(config)#interface vlan 20
SW1(config-if)#no shutdown
SW1(config-if)#ip address 192.168.20.1 255.255.255.0

Make sure you don’t forget the no shutdown command. By default, all SVI interfaces are shut. Make sure you add one of the physical interfaces to VLAN 20:

SW1(config)#interface FastEthernet 0/3
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 20

That’s all you have to do. Let’s see if it’s working.

Verification

Let’s check if the SVI interface is up and running:

SW1#show ip interface brief | include Vlan
Vlan20                 192.168.20.1    YES manual up                    up

This is looking good. I will connect a computer to the FastEthernet0/3 interface of my switch to see if I can ping the switch. I also configured a static IP address in the same subnet as our switch:

C:\Users\mgmt>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : vmware
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet0:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-50-56-8E-5E-33
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e8b4:ac21:751f:fa34%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.20.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, October 6, 2015 1:46:34 AM
   Lease Expires . . . . . . . . . . : Wednesday, October 7, 2015 2:02:04 AM
   DHCPv6 IAID . . . . . . . . . . . : 251678806
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-13-64-E8-00-50-56-8E-5E-33
   NetBIOS over Tcpip. . . . . . . . : Enabled

Let’s try that ping:

C:\Users\mgmt>ping 192.168.20.1

Pinging 192.168.20.1 with 32 bytes of data:

Reply from 192.168.20.1: bytes=32 time=3ms TTL=255
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Reply from 192.168.20.1: bytes=32 time=2ms TTL=255
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255

Ping statistics for 192.168.20.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 3ms, Average = 1ms

It’s working. All devices in VLAN 20 will be able to reach our switch.

Conclusion

In this lesson, you have learned how to configure an SVI interface with a separate management VLAN so that you can access the switch remotely. We will use this later for remote access through telnet/SSH.

Forum Replies

  1. Its been awhile and I just wanted to refresh memory on how initially configure the switch. Particularly L2 switch. Most are L3 these days but nevertheless. This was the only article related I was able to find and I feel a couple of things are missing, particularly those that I had questions about. Thats:
    default gateway probably should be included, showing also difference for L3 config as is in the lesson, but also for L2 which is different because its, well, just l2 switch;

    so on L2 switch how do we assign management IP address? Can we even create a SVI on pur

    ... Continue reading in our forum

  2. Hello again Vadim, nice to see you here!

    No need to apologize about asking questions, that’s what we’re here for, to answer them as best we can!

    The only way you can access the switch using SSH or Telnet is via an IP address that has been assigned to an SVI. An L2 switch does indeed have SVIs and you can actually configure

    ... Continue reading in our forum

Ask a question or join the discussion by visiting our Community Forum