Cisco – Difference between SVI and subinterface

ciscoroutingswitchvlan

Modern multi-layer switches seem to support both SVIs (switch virtual interfaces) and subinterfaces concepts. Both are virtual layer 3 concepts used to perform routing functions and some equipment supports both.

Sometimes the documentation can even put composite limits on both SVIs and subinterfaces, highlighting the similarities as well. Here is a snippet for Cisco Catalyst 9500 Series Switches.

You cannot configure more than 4,000 Layer 3 VLAN interfaces. The sum
of all the routed interfaces, SVI interfaces and subinterfaces should
be equal to 4000 or less.

What are the differences between SVIs and subinterfaces for multi-layer switches? Can one always be used in place of another?

Best Answer

Another aspect to and expanding a bit what zac67 already gave in his answer:

VLAN IDs used on tagged (sub)interfaces of routed interfaces (a.k.a. no switchport) can be completely independent from the switch's "switching" context [1].

In extenso: the VLAN tag used on the subinterface does not appear as a L2 VLAN on the switch, neither consumes nor is part of any instance of (per-VLAN-)spanning-tree, and won't be part of any VTP/GVRP setups etc. There can even be subinterfaces of multiple routed interfaces using the same (overlapping) VLAN tag - and they'd be completely independent: Sometimes, this s referred to as "port local VLAN awareness".

To give a freedhandedly composed config example, in pseudo Cisco config speak. Essentially, this is very similar to how classic routers (ISR G1, ISR G2, ISR 4K et) get VLAN aware subinterfaces (of course, classic routers don't need the "no switchport" part)

interface gig1/1
 no switchport

interface gig1/1.100
 encapsulation dot1q 100
 ip address 192.168.100.1/24
 ...

interface gig1/1.200
 encapsulation dot1q 200
 ip address 192.168.200.1/24
 ...

interface gig1/2
 no switchport

interface gig1/2.100
 encapsulation dot1q 100
 ip address 192.168.201.1/24
 ...

SVIs in contrast are based on the existence of the given VLAN (as in: "L2-VLAN") on the given switch. So to have an SVI, you'd need to first create the said VLAN, get its spanning-tree right, check if it's part of VTP/GVRP if so intended etc.

Then you'll make sure the switchports pertaining to it are set right (some will be access vlan xxx, some might be switchport trunk allowed vlan xxx, some with portfast, some without...), and then you can add the SVI by virtue of interface vlan xxx.

Since VLANs are unique per switch (at least for a plain vanilla, non VDC capable switch), this uniqueness restriction applies to SVIs, too. You can't have multiple interface vlan xxx for the same VLAN ID.

vlan 100
 name MyVLAN100
vlan 200
 name MyVLAN200

spanning-tree vlan 100 priority 16384
spanning-tree vlan 200 priority 16384

interface vlan 100
  ip address 192.168.100.1/24
  ...

interface vlan 200 
  ip address 192.168.200.1/24
  ...

interface gig1/1
 switchport mode trunk
 switchport switchport trunk allowed vlan 100,200
 spanning-tree port type edge trunk
 ...

[1] Well.. somewhat. There are/were switches (Cat6500, for example) that would consume a VLAN ID (henceforth hidden) when configuring a routed port, and they had their issues with or plainly did not allow tagged subinterfaces of such routed ports. Behind the scenes, they would internally configure a VLAN without spanning-tree, map the configured port into that VLAN, and add an SVI with the pseudo routed port's configured ip address).

Best Answer

Related Solutions

Vlan – Difference between Subnet and VLAN

Routing – SubInterface on a router

Related Topic