1.0 Extracted Technical Problem

An engineer is attempting to establish inter-VLAN routing on a Cisco Catalyst 3850 switch. The initial configuration involves the creation of multiple VLANs (e.g., VLAN 10, 20, 30) and their corresponding Switched Virtual Interfaces (SVIs), which have been assigned IP addresses to serve as default gateways for their respective subnets.

The core issue preventing successful communication between devices in different VLANs is that the SVIs are in a down/down state, as verified by the show ip interface brief command. Despite the correct creation of VLANs and the assignment of IP addresses to the SVI interfaces, the logical interfaces are not becoming active, thereby preventing the switch from populating its routing table with the connected routes for these subnets.

The initial configuration steps undertaken were:

• Creation of VLANs (10, 20, 30).
• Creation of corresponding SVIs (interface Vlan10, interface Vlan20, etc.).
• Assignment of IP addresses and subnet masks to each SVI.
• Assignment of physical access ports to the respective VLANs.

2.0 Critical Evaluation and Solution Enhancement

The initial steps form the foundation of inter-VLAN routing but are incomplete. An SVI’s operational state (up/up) is dependent on two primary conditions that were not addressed in the initial configuration description. The provided solution below is comprehensive, addressing these missing prerequisites and outlining a best-practice approach for configuration and verification.

An SVI will transition to an up/up state only when:

1. The VLAN exists and is active in the switch’s VLAN database.
2. The SVI itself is not administratively shut down.
3. At least one Layer 2 port (an access port in that VLAN or a trunk port carrying that VLAN) is in an up/up state and in a Spanning Tree Protocol (STP) forwarding state for that VLAN.

Most critically, for the switch to perform routing functions between these SVIs, IP routing must be globally enabled. Without this command, the device operates as a Layer 2 switch only.

3.0 Comprehensive Configuration and Implementation Plan

This procedure provides a complete, step-by-step guide to correctly configure and activate inter-VLAN routing.

Step 1: Enable Global IP Routing
This is the most critical command for enabling Layer 3 functionality on the switch. Without it, no routing will occur between SVIs.

configure terminal
!
ip routing
!

Step 2: VLAN and SVI Configuration
Ensure that the VLANs are created and that the corresponding SVIs are configured with appropriate IP addresses and are administratively enabled.

! Create the VLANs in the switch database
vlan 10
 name SERVERS
!
vlan 20
 name WORKSTATIONS
!
vlan 30
 name GUEST_WIFI
!
exit
!
! Configure the Layer 3 SVI for VLAN 10
interface Vlan10
 description Gateway for SERVER VLAN
 ip address 192.168.10.1 255.255.255.0
 no shutdown
!
! Configure the Layer 3 SVI for VLAN 20
interface Vlan20
 description Gateway for WORKSTATION VLAN
 ip address 192.168.20.1 255.255.255.0
 no shutdown
!
! Configure the Layer 3 SVI for VLAN 30
interface Vlan30
 description Gateway for GUEST WIFI VLAN
 ip address 192.168.30.1 255.255.255.0
 no shutdown
!

Step 3: Assign Physical Ports to VLANs
For an SVI to become active, at least one physical port must be active in that VLAN. Assign access ports as needed for endpoint devices. It is best practice to enable PortFast on access ports to allow them to transition to the forwarding state immediately.

! Configure an access port for a server in VLAN 10
interface GigabitEthernet1/0/1
 description Connection to Server-01
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
 no shutdown
!
! Configure an access port for a workstation in VLAN 20
interface GigabitEthernet1/0/24
 description Connection to Workstation-PC
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
 no shutdown
!

Repeat this port configuration for at least one active port in each VLAN requiring an active SVI.

4.0 Verification and Troubleshooting

After applying the configuration, a systematic verification process is essential to confirm functionality.

1. Verify SVI Status: Check if the SVIs have transitioned to an up/up state.

   show ip interface brief | include Vlan
   

   The output should show the Status and Protocol columns as “up”.

2. Verify VLAN Port Assignments: Confirm that the VLANs are active and have ports assigned to them.

   show vlan brief
   

   Look for your VLANs (10, 20, 30) to be in an “active” state with the correct interfaces listed.

3. Verify the IP Routing Table: With ip routing enabled and SVIs active, the switch should automatically populate its routing table with “Connected” routes for each SVI subnet.

   show ip route connected
   

   You should see entries for the 192.168.10.0/24, 192.168.20.0/24, and 192.168.30.0/24 networks.

4. Perform Connectivity Tests:

   • Ping from the switch itself to an endpoint in each VLAN to verify Layer 2 and 3 connectivity to the client.
   • Ping from a client in one VLAN (e.g., 192.168.20.10) to the gateway of another VLAN (e.g., 192.168.10.1) and then to an endpoint in that other VLAN (e.g., 192.168.10.50). This validates the entire end-to-end routing path.

By following this comprehensive plan, the SVIs will transition to an active state, the switch will build its routing table, and seamless inter-VLAN communication will be established.