Networks Training

You are here: Home / Cisco Switches / What is Cisco Switch Virtual Interface (SVI) – Configuration Example and Explanation

What is Cisco Switch Virtual Interface (SVI) – Configuration Example and Explanation

Written By

Achieving convergence in computer networks is something that is controlled by both routers and switches in the network. The basic purpose of creating a computer network is to share resources and offer communication between hosts.

cisco svi

Local Area Network (LAN) communication deals with switches, while internetwork connectivity (i.e between different LANs or WANs) requires the use of a router.

Layer 2 VLANs create what is known as a single broadcast domain, which simply means that when a broadcast message is sent within the same Layer2 VLAN, all the devices connected to that vlan (either on the same or separate switches) will receive the message.

Also, hosts connected in the same Layer 2 vlan can communicate with each other without any Layer 3 device required. However, devices that are not on the same VLAN cannot communicate with each other without some form of routing implemented.

This brings the need for network segmentation and inter-vlan communication, which can be achieved by using a router or a Layer 3 switch.

Using a router for network segmentation means each interface on the router becomes a network segment of its own, or what is known as a separate broadcast domain.

In order for this goal to be achieved using Layer 3 switches, multiple Layer 2 VLANs are created on the switch, which separates everything into multiple broadcast domains. Then, for each Layer2 vlan you need to create a corresponding Layer3 interface on the switch which will handle the routing functionality. This Layer3 interface is the SVI.

MORE READING:  Deleting the VLAN Database from a Cisco Switch

What is Switch Virtual Interface (SVI)?

Since each VLAN is an isolated network segment of it’s own, layer 3 switches need to be configured in such a way to allow inter VLAN communication.

The modus operandi of SVIs is simple. You start by creating the Layer 2 VLAN on the switch, and then assign an IP address on the VLAN Layer3 interface (SVI), just as you would on a physical router interface.

The major difference here is that the SVI Layer 3 interface is virtual. This means also clients that are connected to that VLAN will make use of the SVI interface as their default gateway.

A default SVI is created on the layer 3 switches for VLAN 1 (default native vlan), which is meant for remote management of switches. This implies that an IP address can be assigned to this interface for the purpose of management.

SVI configuration example

layer3 switch with two svi

Now let’s see a brief configuration example for creating two SVIs on a layer 3 switch based on the network diagram above.

Keep in mind that the switch has to be a layer 3 switch, in order for this to be achieved.

The configuration example shown below assumes that you already know how to carry out basic switch configuration such as changing hostnames, going to global configuration mode, interface configuration mode, and assigning IP address on an interface.

VLAN 10

SWITCH(config)#vlan 10   <- first create the Layer2 VLAN 10
SWITCH(config)#interface vlan 10 <- now create the SVI for VLAN 10
SWITCH(config-if)#description WORKSTATIONS
SWITCH(config-if)#ip address 10.0.0.1 255.255.255.0   <- assign IP to the SVI

The first line in the example above creates the layer 2 VLAN 10. The following line creates an SVI for VLAN 10 (i.e the Layer3 interface). Although the third line is OPTIONAL, it is recommended that you add an interface description, which will assist in understanding the purpose of the SVI. The last line assigns an IP address on the SVI created for VLAN 10 – in this case.  Two SVIs are created for the Workstations and Server VLANS as shown in the configuration example here.

MORE READING:  How to configure a Cisco Layer 3 Switch-InterVLAN Routing Without Router

The following commands are the same as above for creating SVI for VLAN 20. 

VLAN 20

SWITCH(config)#vlan 20  <- create Layer 2 VLAN 20
SWITCH(config)#interface vlan 20       <- now create the SVI for VLAN 20
SWITCH(config-if)#description SERVERS
SWITCH(config-if)#ip address 10.0.1.1 255.255.255.0  <- assign IP to the SVI

The need for SVIs

Having VLANs on a network simply means each VLAN is a different network segment with a different network address subnet.

Although inter VLAN communication can be achieved using a router with multiple interfaces, SVIs come with less complexities.

With the router configuration, all inter VLAN connections are handled either by a single physical router interface (“router-on-a-stick”), or multiple physical interfaces.

Sub-interfaces can also be created under a single physical interface of the router to hold the IP addresses of each VLAN.

On the other hand, using SVIs on Layer3 switches becomes more efficient in terms of achieving fast convergence on the network and also for simplifying network management and operation (all Layer2 and Layer3 functionality is handled by the same Layer3 switch).

Related Posts

Filed Under: Cisco Switches

Download Free Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls.

We use Elastic Email as our marketing automation service. By submitting this form, you agree that the information you provide will be transferred to Elastic Email for processing in accordance with their Terms of Use and Privacy Policy. Also, you allow me to send you informational and marketing emails from time-to-time.

About Harris Andrea

Harris Andrea is an Engineer with more than two decades of professional experience in the fields of TCP/IP Networks, Information Security and I.T. Over the years he has acquired several professional certifications such as CCNA, CCNP, CEH, ECSA etc.

He is a self-published author of two books ("Cisco ASA Firewall Fundamentals" and "Cisco VPN Configuration Guide") which are available at Amazon and on this website as well.

Comments

  1. Shadeofblkness says

    Great article.
    Its always good to refresh one’s memory.
    Working on my CCNA (from God knows when)so this come in handy and helpful.

    Thanks again.
    wish I could have a printed copy.

  3. Mahmoud Kharsa says

    I have a question regarding SVI.
    If I created a VLAN for guest network, should I create an SVI to make them access the internet. ?
    Can I not create a default route on the L3 switch and just connect them to it. I read it is a way to separate guest network from corporate network by not creating an SVI which will make it impossible for guest to communicate to other networks but still they can access the internet.

    Thanks for great post.

  4. Harris Andrea says

    If you don’t create an SVI for the guest VLAN then you must have a Layer3 device connected to the same VLAN which will act as the default gateway for the hosts on that VLAN. This Layer3 device will be responsible to route the guest traffic to the internet.

  5. Andrew Sellers says

    If you assign an IP for remote switch administration on the default vlan, does that IP have to be the default gateway, or may I still use the router as the gateway?

  6. Harris Andrea says

    No, it does not have to be the default gateway. The default gateway must be in the same Layer 2 / Layer 3 as the hosts.

  11. Ravi says

    It’s really helpful Harris.
    Do you write about vxlans also? That would have been great

    Thanks for this post

  12. Harris Andrea says

    I’m glad you liked it Ravi. Maybe in the future I’ll be writing about vxlans as well (or “geneve”)

  13. Thom Yohan says

    I just forgot the basics, I had to refresh the “assign the network for the VLAN” so read your post, Wohhh!!!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

BLOGROLL

Tech21Century
Firewall.cx