About a month ago I worked on an old CatOS switch. Working on this switch reminded me about some of the differences between CatOS and IOS. One of the big differences is how a Layer 3 routed interface is configured between the two OS versions. On a Catalyst running IOS, it is almost identical as configuring a routed interface on a router. CatOS…not so much.
On a CatOS switch you had two management planes that you had to work with. You had the switch side which ran CatOS. You used ‘set’ and ‘clear’ commands to program the switch management plane. For all Layer 3 functions, the switch had an MSFC (Multi-layer Switch Feature Card) installed on the Supervisor engine. The MSFC, the routing processor, ran IOS and was a completely separate point of management. To create a ‘Layer 3 interface’ on a CatOS switch you first had to create a VLAN that you would use between the port connected to an adjacent device and the MSFC card. So if you wanted to use a /30 subnet between the MSFC and the neighbor router you had to use a one of your finite number of VLANs.
With the native IOS on Catalyst switches you no longer had two management planes for your core switch. You had one CLI to configure the switch and the route processor. Now when you needed to configure a routed link with a neighbor device, you could turn the interface into a routed port using the ‘no switchport’ command. You then, just like a router, configure the IP address directly on the interface. No more creating VLANs to the route processor.
When you issue the command ‘show vlan brief’ the switch will show you the VLANs in use, including reserved VLANs. These reserved VLANs are from 1002 to 1005.
When doing your planning for VLANs, you decide to start with VLAN 1006 since it is the next available. So let’s create VLAN 1006.
What? That VLAN was not in my list of VLANs. What does it mean that VLAN is not available in Port Manager? Well, the switches still operate internally like the old CatOS switch with the MSFC card. Even the lower end models that route like this 3560 I am using here. When you create a routed interface, the native IOS handles creating the VLAN for you. Then it assigns the VLAN to that port and the MSFC or route processor. You can see this with the ‘show vlan internal usage’ command. Earlier I changed interface Gi0/1 into a routed port for demonstration. You can see the interface Gi0/1 was assigned to VLAN 1006.
I put two additional ports into routed mode and you can see that IOS increases the VLAN number by one. This is done with the ‘no switchport’ command. You don’t even have to have an IP address on the interface.
There is a command to tell the switch to allocate these VLANs for internal usage in an ascending or descending manner. Ascending starts at VLAN 1006 and increases by 1, where descending starts at 4094 and decreases by one. Most Catalyst that I have come across only allow ascending. The only one that I have seen that will allow you to configure this policy descending is the 7600 platform. As you can see below, the only ‘option’ that I have on my 3560 is ascending.
When doing your VLAN planning, be sure to account for these VLANs if you are using routed ports. I first learned about them after our team had spent a significant amount of time planning our new VLAN and subnet scheme and was in the middle of deploying them.