Featured image

Table of Contents Link to heading

Inter-VLAN Routing Link to heading

VLANs are used to segment switched Layer 2 networks for a variety of reasons. Regardless of the reason, hosts in one VLAN cannot communicate with hosts in another VLAN unless there is a router or a multilayer switch (MLS - switch with Layer-3/Routing capabilities) to provide routing services.

Info
Inter-VLAN routing is the process of forwarding network traffic from one VLAN to another VLAN.

There are three Inter-VLAN routing options:

  1. Legacy - (no longer implemented), uses multiple physical interfaces on a router, one for each VLAN.
    • It does not scale well.
  2. Router-on-a-Stick - (implemented by routers), creates multiple subinterfaces of one singular network interface.
    • This is an acceptable solution for a small- to medium-sized network.
  3. Switch Virtual Interface (SVI) - (implemented by L3 switches), makes use of L3 capabilities on multilayer switches to route between VLANs.
    • This is the most scalable solution for medium to large organizations.

Legacy Method Link to heading

Info
Each router interface was connected to a switch port in a different VLAN.
  • The router interfaces served as the default gateways to the local hosts on the VLAN subnet.
  • Routers have a limited number of physical ports and wasting them like this is not appropriate.

Legacy

Router-on-a-Stick Method Link to heading

Info
This method allows multiple VLANs to communicate using a single physical router interface. Instead of requiring separate physical interfaces for each VLAN (as in the legacy method), this approach uses subinterfaces on the router, each assigned to a specific VLAN.
  • The switch port connecting to the router must be configured as a trunk.
  • The router interface is divided into subinterfaces, each tagged with a VLAN ID.
  • Each subinterface is assigned an IP address, acting as the default gateway for its VLAN.
  • The dot1q encapsulation method is used to tag VLAN traffic.
  • This method is limited to around 50 VLANs due to scalability concerns.
  • When VLAN-tagged traffic enters the router, it is forwarded to the appropriate subinterface, where routing decisions are made before sending it to the destination VLAN.

Router-on-a-Stick

Configuration Link to heading

1. Configure VLANs on the Switch Link to heading

Switch(config)# vlan 10
Switch(config-vlan)# name Sales
Switch(config-vlan)# exit

Switch(config)# vlan 20
Switch(config-vlan)# name HR
Switch(config-vlan)# exit

2. Set Up Trunking on the Switch Link to heading

Switch(config)# interface FastEthernet0/5
Switch(config-if)#description LINK-TO-ROUTER
Switch(config-if)# switchport mode trunk
Switch(config-if)# exit

3. Configure Subinterfaces on the Router Link to heading

Router(config)# interface GigabitEthernet0/0/1
Router(config-if)# no shutdown

Router(config)# interface GigabitEthernet0/0/1.10
Router(config-subif)# encapsulation dot1Q 10
Router(config-subif)# ip address 192.168.10.1 255.255.255.0
Router(config-subif)# exit

Router(config)# interface GigabitEthernet0/0/1.20
Router(config-subif)# encapsulation dot1Q 20
Router(config-subif)# ip address 192.168.20.1 255.255.255.0
Router(config-subif)# exit

5. Set Default Gateway on PCs Link to heading

Each PC in VLAN 10 should have 192.168.10.1 as its default gateway, and PCs in VLAN 20 should use 192.168.20.1.

Verification Link to heading

  • Pinging the VLANs default gateway from a device in the VLAN is always a good start. Afterwards, pinging devices in another VLAN.
  • The following commands can also be used to identify whether it has been correctly configured:
    • show ip route
    • show ip interface brief
    • show interfaces trunk

Switch Virtual Interface (SVI) Method Link to heading

Info
This method enables Inter-VLAN Routing directly on a Layer 3 switch, eliminating the need for an external router.

SVIs are generally configured for a VLAN for the following reasons:

  • Allow traffic to be routed between VLANs by providing a default gateway for the VLAN.
  • Provide fallback bridging (if required for non-routable protocols).
  • Provide L3 IP connectivity to the switch.
  • Support bridging configuration and routing protocol.
  • Access Layer - ‘Routed Access’ Configuration (in lieu of Spanning Tree).

Advantages of SVIs include:

  • Much faster than Router-on-a-Stick, because everything is hardware-switched and routed.
  • No need for external links from the switch to the router for routing.
  • Not limited to one link. L2 EtherChannels can be used between the switches to get more bandwidth.
  • Latency is much lower because it does not need to leave the switch.

Layer 3

Configuration Link to heading

1. Enable IP Routing on the L3 Switch Link to heading

Switch(config)# ip routing

2. Create VLANs on the Switch Link to heading

Switch(config)# vlan 10
Switch(config-vlan)# name Sales
Switch(config-vlan)# exit

Switch(config)# vlan 20
Switch(config-vlan)# name HR
Switch(config-vlan)# exit

3. Configure SVIs for Each VLAN Link to heading

Switch(config)# interface Vlan10
Switch(config-if)# ip address 192.168.10.1 255.255.255.0
Switch(config-if)# no shutdown
Switch(config-if)# exit

Switch(config)# interface Vlan20
Switch(config-if)# ip address 192.168.20.1 255.255.255.0
Switch(config-if)# no shutdown
Switch(config-if)# exit

Switch(config)# interface GigabitEthernet1/0/6
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10
Switch(config-if)# exit

Switch(config)# interface GigabitEthernet1/0/18
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 20
Switch(config-if)# exit

5. Set Up Default Gateway for PCs Link to heading

Each PC in VLAN 10 should use 192.168.10.1 as its default gateway, and PCs in VLAN 20 should use 192.168.20.1.

Layer 3 Switches Link to heading

Info
Switches that have an IP routing table and are capable of routing between networks.
  • L3 switches use hardware-based switching to achieve a higher packet processing rate than a router.
  • L2-only switches can also make use of SVIs, which is typically used in a management VLAN.
  • Unlike L2 switches, L3 switches understand the network PDU and can route appropriately.
  • L3 switches are not enabled to perform routing by default. Therefore, routing must be enabled using the ip routing global configuration command.
  • There are two different L3 interfaces on L3 switches: SVI, which is used for Inter-VLAN routing, and Routed Interface.

Routed Interface Link to heading

Info
A routed interface is used for routing data between networks, which focuses on L3 communication (e.g., Distribution/Core links or WAN links).
  • Each link between a L3 device is considered its own network and thus has its own IP address and can participate in dynamic routing protocols.
    • A /30 subnet provides only two usable IP addresses and perfect use of such point-to-point connections.
  • Routed interfaces therefore neither run STP nor support subinterfaces.
  • An enabled switchport refers to a L2 interface is changed to a L3 interface.
  • By changing a L2 interface to a L3 interface, all configuration specific to L2 on this interface is deleted.
  • If routing between VLANS, this interface also needs to be configured as trunk.

Configuration Link to heading

TaskIOS Command
Select an interface (port) to configureSwitch(config)# interface interface_#
Configure the interface as a L3 interfaceSwitch(config-if)# no switchport
Convert a L3 interface back into a L2 interfaceSwitch(config-if)# switchport
Verify the switchport statusSwitch# show interfaces interface_# switchport

Common Inter-VLAN Routing Issues Link to heading

There are several common reasons for Inter VLAN routing issues. Ensure to check the physical layer first, for example, if cables have been connected to the correct port.

Issue TypeHow to FixHow to Verify
Missing VLANs- Create (or re-create) the VLAN if it does not exist
- Ensure host port is assigned to the correct VLAN		- show vlan [brief]
- show interfaces switchport
- ping IP_#
Switch Trunk Port Issues- Ensure trunks are configured correctly
- Ensure port is a trunk port and enabled		- show interfaces trunk
- show running-config
Switch Access Port Issues- Assign correct VLAN to access port
- Ensure port is an access port and enabled
- Host is incorrectly configured in the wrong subnet		- show interfaces switchport
- show running-config
- ipconfig
Router Configuration Issues- Router subinterface IPv4 address is incorrectly configured
- Router subinterface is assigned to the wrong VLAN ID		- show ip interface brief
- show interfaces interface_#