Posted on 2008-09-06 11:00:00
Tags: Networking, Rant, Cisco
When Cisco Systems started, the world of networking was simple, there were routers and there were hubs. Routers connected to other routers and hubs, hubs connected to one router and computers. Each interface on the router was its own LAN, its own IP subnet (Unless you used the interface for SNA, DECNet, IPX, AppleTalk or briding only). And the configuration on the routers made sense:
interface serial0 ip address 192.168.1.1 255.255.255.0 ! interface ethernet0 ip address 192.168.2.1 255.255.255.0
Over time, hubs got replaced by switches. Coax cables got replaced by cat5 cables. Seperate routers and switches got integrated and people started to think in VLANs instead of router interfaces. And this is where the Cisco IOS syntax went wrong: They kept talking about router interfaces instead of LANs.
For example, to create a new VLAN an Extreme Networks switch/router or a Riverstone / Cabletron switch/router (does anybody remember them?), you create the VLAN (you give it a name, not just an index number) add the IP subnet to the VLAN, add a tag to the VLAN and add (finally!) the ports, tagged or untagged, to the VLAN. So you have a VLAN, and it has the VLAN tag and IP address properties, and it has one or more ports in it. Port specific properties (speed, duplex, label) are configured in the ports section.
As you can see, this is readable and this is logical.create vlan "backbone" configure vlan backbone tag 2 configure vlan backbone add ports 4 tagged configure vlan backbone add ports 5 untagged configure vlan backbone ipaddress 10.128.7.1/28 [...] configure ports 4 display-string fibre-to-dc1 configure ports 4 auto off speed 100 duplex full configure ports 5 display-string natgw
Now let's see how it goes on the Cisco switch/router. It calls both the physical and logical ports and the VLAN definitions "interfaces", so there is no hierarchical approach of obvious difference between them:
Let's see, vlan 2 is euhm... on ethernet0/2 and on ethernet0/1 (maybe on others too, I couldn't find it so fast in the configuration), ethernet0/2 is the access network so it is untagged but it sits in vlan 2 and ethernet0/1 is full-duplex and has vlan 2 on the trunk so it must be tagged.interface ethernet0/1 description fibre-to-dc1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 2 switchport mode trunk duplex full spanning-tree portfast ! interface ethernet0/2 description natgw switchport mode access switchport access vlan 2 spanning-tree portfast ! interface vlan 2 description backbone ip address 10.128.7.1 255.255.255.240
So the definition of VLANs in the IOS Syntax has become more of a hack without hierarchical approach to the issue than a proper style of hierarchical definition of the VLANs, its properties and the ports in it. Instead of the above, it could have gotten its own section:
interface ethernet0/1 description fibre-to-dc1 duplex full spanning-tree portfast ! interface ethernet0/2 description natgw spanning-tree portfast ! vlan 2 description backbone ip address 10.128.7.1 255.255.255.240 untagged ethernet0/2 tagged ethernet0/1
Can this issue be resolved and the IOS Syntax replaced by a proper syntax in which you can define a VLAN and its properties readable and logically? Asking the question is answering it: Of course. But will it ever happen? I hope it, because the current syntax is very error-prone. But I doubt it, since it is there already for years and hundreds of thousands of devices do use this syntax. Having people to change all of these configurations isn't something Cisco would want to do.
| Share on Facebook | Share on Twitter