What is SVI? Difference Between SVI and VLAN Explained
Introduction
If you have worked with Cisco switches, you have likely come across the terms VLAN and SVI. While they sound similar and are closely related, they serve completely different purposes. Confusing the two is one of the most common mistakes made by networking students and even junior engineers.
In simple terms: a VLAN is a logical network segment that groups ports together, while an SVI (Switched Virtual Interface) is a virtual Layer 3 interface that provides IP connectivity to that VLAN. Think of a VLAN as a room and the SVI as the door that lets traffic in and out of it. This article explains both concepts clearly, highlights their differences, and shows you how they work together in real Cisco network designs.
What is a VLAN?
A Virtual Local Area Network (VLAN) is a logical grouping of switch ports that behave as if they are on the same physical network, regardless of their actual physical location. VLANs operate at Layer 2 (Data Link Layer) of the OSI model.
How VLANs Work
When a switch port is assigned to a VLAN, frames sent from that port are tagged with a VLAN ID (1–4094 as per IEEE 802.1Q). The switch uses these tags to keep traffic from different VLANs completely isolated from one another, even though they share the same physical switch hardware.
VLAN 10
Access VLAN 10
Switching
Access VLAN 10
VLAN 10
What a VLAN Does
- Segments a network into isolated broadcast domains
- Improves security by keeping traffic separated
- Reduces unnecessary broadcast traffic
- Logically groups users by department or function (e.g., HR, Finance, IT)
- Operates at Layer 2 — no IP address assigned to the VLAN itself
What is an SVI (Switched Virtual Interface)?
A Switched Virtual Interface (SVI) is a virtual Layer 3 interface created on a multilayer (Layer 3) switch and associated with a specific VLAN. It is essentially the switch's logical IP interface for that VLAN.
When you assign an IP address to an SVI, you give the switch the ability to route traffic into and out of that VLAN. The SVI acts as the default gateway for all devices in its associated VLAN.
SVI in Action — Inter-VLAN Routing
192.168.10.10
VLAN 10
Layer 2 Segment
192.168.10.1
Routing
192.168.20.1
Layer 2 Segment
192.168.20.10
VLAN 20
In the diagram above, PC-A (VLAN 10) sends a packet to PC-B (VLAN 20). The packet is handed up to the SVI for VLAN 10, routed internally to the SVI for VLAN 20, and forwarded down to PC-B — all within the same Layer 3 switch. No external router is needed.
SVI Configuration Example
! Create VLAN 10 first Switch# configure terminal Switch(config)# vlan 10 Switch(config-vlan)# name HR_Network Switch(config-vlan)# exit ! Create SVI for VLAN 10 and assign IP address Switch(config)# interface vlan 10 Switch(config-if)# description Gateway for HR VLAN Switch(config-if)# ip address 192.168.10.1 255.255.255.0 Switch(config-if)# no shutdown Switch(config-if)# exit ! Enable IP routing on the Layer 3 switch Switch(config)# ip routing
This is Test Code
ip routing on a Layer 3 switch to enable inter-VLAN routing via SVIs. Without it, the SVIs will have IP addresses but the switch will not route between them.
Uses of SVI
- Inter-VLAN Routing: Routes traffic between VLANs without an external router
- Default Gateway: Acts as the gateway for all devices in the VLAN
- Switch Management: Used to assign a management IP to access the switch remotely via SSH/Telnet
- DHCP Helper: Configured with
ip helper-addressto forward DHCP requests to a central server - HSRP/VRRP: Used in redundancy protocols to provide a virtual gateway IP
Difference Between SVI and VLAN
Although SVI and VLAN are tightly linked, they are fundamentally different constructs. The table below captures every key difference:
| Feature | VLAN | SVI |
|---|---|---|
| Full Form | Virtual Local Area Network | Switched Virtual Interface |
| OSI Layer | Layer 2 (Data Link) | Layer 3 (Network) |
| Has IP Address? | No | Yes |
| Primary Function | Segments network into broadcast domains | Provides Layer 3 (IP) connectivity to a VLAN |
| Traffic Handling | Switches frames within the same VLAN | Routes packets between VLANs |
| Created On | Any switch (Layer 2 or Layer 3) | Layer 3 (multilayer) switches only |
| Configuration | vlan <id> |
interface vlan <id> |
| Dependency | Independent — VLAN can exist without SVI | Dependent — SVI requires VLAN to exist first |
| Default Gateway Role | Cannot be a gateway | Serves as default gateway for VLAN devices |
| Remote Management | Not used for switch management | Used to SSH/Telnet into the switch |
| Routing Needed? | No — purely Layer 2 | Yes — requires ip routing command |
| Can Route Between VLANs? | No | Yes |
| Physical Interface? | No — logical grouping of ports | No — virtual interface (no physical port) |
| Number per Switch | Up to 4094 | Up to 4094 (one per VLAN, model-dependent) |
| State (Up/Down) | Active / Inactive | Up/Up, Up/Down, Down/Down |
How VLAN and SVI Work Together
VLAN and SVI are complementary — a VLAN provides the Layer 2 broadcast domain, and the SVI provides the Layer 3 IP gateway into that domain. Neither replaces the other; you need both for full network functionality.
🔵 VLAN Only (Layer 2)
192.168.10.10
Layer 2 Only
192.168.10.20
PC-A and PC-B communicate within VLAN 10. No routing needed. Cannot reach VLAN 20.
🟢 VLAN + SVI (Layer 2 + Layer 3)
VLAN 10 — GW: 192.168.10.1
192.168.10.1
ip routing enabled
192.168.20.1
VLAN 20 — GW: 192.168.20.1
PC-A can reach PC-B across VLANs because SVIs enable routing between them.
The Relationship — A Simple Rule
🏢 VLAN = The Room
- Groups devices logically
- Creates isolated broadcast domain
- Keeps traffic separated at Layer 2
- Has no IP address
- Can exist on any switch
🚪 SVI = The Door
- Gives the VLAN an IP address
- Acts as the gateway (door in/out)
- Enables routing between rooms (VLANs)
- Requires a Layer 3 switch
- Needs the VLAN (room) to exist first
Understanding SVI Status
When you run show interfaces vlan <id>, the SVI can be in one of several states. Understanding these states is critical for troubleshooting.
| Status | Meaning | Common Cause |
|---|---|---|
| Vlan10 is up, line protocol is up | SVI is fully operational | VLAN exists, at least one access port in VLAN is up |
| Vlan10 is down, line protocol is down | SVI is not functional | No active ports in VLAN 10, or VLAN does not exist in VLAN database |
| Vlan10 is administratively down | SVI was manually shut down | shutdown command was applied to the interface |
| Vlan10 is up, line protocol is down | Interface exists but no active ports | All ports in VLAN are down or VLAN not in allowed list on trunk |
! Verify SVI status Switch# show interfaces vlan 10 Switch# show ip interface brief Switch# show vlan brief
SVI for Switch Management
Even on a basic Layer 2 switch (which cannot route between VLANs), you can create a single SVI — typically on the management VLAN — to give the switch an IP address for remote access via SSH or Telnet.
! Management SVI on a Layer 2 switch (Catalyst 2960) Switch(config)# vlan 99 Switch(config-vlan)# name Management Switch(config-vlan)# exit Switch(config)# interface vlan 99 Switch(config-if)# ip address 10.0.99.10 255.255.255.0 Switch(config-if)# no shutdown Switch(config-if)# exit ! Set default gateway for management traffic Switch(config)# ip default-gateway 10.0.99.1
SVI vs Router-on-a-Stick
There are two common methods for inter-VLAN routing. SVI (on a Layer 3 switch) is the modern, preferred approach. Router-on-a-Stick uses sub-interfaces on an external router connected via a trunk port.
| Feature | SVI (Layer 3 Switch) | Router-on-a-Stick |
|---|---|---|
| Hardware | Layer 3 switch only | Layer 2 switch + external router |
| Performance | Hardware switching — very fast | Software routing — slower |
| Scalability | Excellent — handles many VLANs | Limited by router bandwidth and port |
| Cost | Higher (Layer 3 switch) | Lower (any router) |
| Complexity | Simple — one device | More complex — two devices, trunk link |
| Best For | Campus, enterprise networks | Small offices, home labs |
Quick Reference Summary
| Question | VLAN | SVI |
|---|---|---|
| Does it have an IP address? | No | Yes |
| Can it route traffic? | No | Yes |
| Is it a physical interface? | No | No |
| Works on Layer 2 switch? | Yes | Management only |
| Required for inter-VLAN routing? | No | Yes |
| Can it be default gateway? | No | Yes |
| Can it exist without the other? | Yes | No — needs VLAN first |
Conclusion
A VLAN and an SVI are two distinct but complementary networking concepts. The VLAN creates an isolated Layer 2 broadcast domain, grouping switch ports logically and keeping traffic separated. The SVI elevates that VLAN to Layer 3 by assigning it an IP address, enabling inter-VLAN routing, remote switch management, and default gateway functionality.
To put it simply: you always need a VLAN before you can create an SVI, but you do not always need an SVI for every VLAN. VLANs used purely for Layer 2 traffic isolation — such as a voice VLAN or a storage VLAN — may never need an SVI. However, any VLAN whose devices need to communicate with the rest of the network must have an SVI (or use a router) to route that traffic.
Understanding this distinction is fundamental to Cisco switching design and is a core topic in both the CCNA and CCNP Enterprise certifications. Master these two concepts and inter-VLAN routing becomes straightforward.