Inter VLAN Routing

Introducing Routing and Switching in the Enterprise – Chapter 5

Copyleft 2012 Vincenzo Bruno (www.vincenzobruno.it)

Released under Crative Commons License 3.0 By-Sa
Cisco name, logo and materials are Copyright Cisco Systems Inc. 1
 Inter-VLAN routing
● A VLAN is a broadcast domain, so computers on separate
VLANs are unable to communicate without the intervention of a
routing device.
● Any device that supports Layer 3 routing, such as a router or
a multilayer switch, can be used to perform the necessary
routing functionality.
● Regardless of the device used, the process of forwarding
network traffic from one VLAN to another VLAN using routing is
known as inter-VLAN routing.
 Inter-VLAN routing
● One method requires a separate interface connection to the Layer
3 device for each VLAN (legacy inter-VLAN routing)
● Another method for providing connectivity between different VLANs
requires a feature called subinterfaces and trunk ports
(configuration router-on-a-stick)

Trunk
Access port
ports
Configure Legacy
inter-VLAN routing
 Configure the Switch
● Switch(config)#vlan 100
● Switch(config­vlan)#exit
● Switch(config)#vlan 200
● Switch(config­vlan)#exit
● Switch(config)#interface GigabitEthernet 1/1
● Switch(config­if)#switchport access vlan 100
● Switch(config­if)#exit
● Switch(config)#interface GigabitEthernet 1/2
● Switch(config­if)#switchport access vlan 200
● Switch(config­if)#exit
● Switch(config)#interface FastEthernet 2/1
● Switch(config­if)#switchport access vlan 100
● Switch(config­if)#exit
● Switch(config)#interface FastEthernet 2/2
● Switch(config­if)#switchport access vlan 200
● Switch(config­if)#exit
 Configure the Router
● Router(config)#interface GigabitEthernet 0/0
● Router(config­if)#ip address 192.168.100.1 255.255.255.0
● Router(config­if)#no shutdown 
● Router(config­if)#exit
● Router(config)#interface GigabitEthernet 0/1
● Router(config­if)#ip address 192.168.200.1 255.255.255.0
● Router(config­if)#no shutdown 
● Router(config­if)#exit
Configure Router-on-a-stick

GigabitEthernet 0/1

GigabitEthernet 1/1

Access ports
 Configure the Switch
● Switch(config)#vlan 5
● Switch(config­vlan)#exit
● Switch(config)#vlan 10
● Switch(config­vlan)#exit
● Switch(config)#vlan 15
● Switch(config­vlan)#exit
● Switch(config)#interface GigabitEthernet 1/1
● Switch(config­if)#switchport mode trunk
● Switch(config­if)#exit
 Configure the Router
● On the router, configure a FastEthernet interface with no IP address or
subnet mask.
● Router(config)#interface ge0/1
● Router(config­if)#no ip address
● Router(config­if)#no shutdown
● On the router, configure one subinterface with an IP address and
subnet mask for each VLAN. Each subinterface has an 802.1Q
encapsulation.
● For the VLAN 5:
● Router(config)#interface ge0/1.5
● Router(config­subif)#encapsulation dot1q 5
● Router(config­subif)#ip address 192.168.5.1 255.255.255.0
● Router(config­if)#no shutdown
 Configure the Router
● For the VLAN 10:
● Router(config)#interface ge0/1.10
● Router(config­subif)#encapsulation dot1q 10
● Router(config­subif)#ip address 192.168.10.1 255.255.255.0
● Router(config­if)#no shutdown
● For the VLAN 15:
● Router(config)#interface ge0/1.15
● Router(config­subif)#encapsulation dot1q 15
● Router(config­subif)#ip address 192.168.15.1 255.255.255.0
● Router(config­if)#no shutdown
● Verify configuration with the commands:
● Router#show vlans
● Router#show ip route
● Test configuration with ping and traceroute
 Troubleshooting
● Verify the switch access ports are on the correct VLANs
● Verify trunk ports are correctly configured
● The command show interface interface­id switchport is
useful for identifying VLAN assignment and port configuration
issues
● Using the show interface and the show running­config
commands can be useful in troubleshooting router configuration
● Verify router IPs and PC Ips and in the same network wit the
same subnet mask
 Layer 3 inter-VLAN routing
● Layer 3 switches usually have packet-switching throughputs in
the millions of packets per second (pps), whereas traditional
routers provide packet switching in the range of 100,000 pps to
more than 1 million pps.
● Catalyst 2960 Series switches running IOS Release 12.2(55) or
later, support static routing.
● Higher series support more advanced routing features
 Routed Port VLAN and SVI
● A Routed port is a pure Layer 3 interface similar to a physical interface on
a Cisco IOS router.
● Unlike an access port, a routed port is not associated with a particular VLAN
● An SVI can be created for any VLAN that exists on the switch.
● An SVI is considered to be virtual because there is no physical port
dedicated to the interface.
● It can perform the same functions for the VLAN as a router interface would
● Can be configured in much the same way as a router interface (i.e., IP
address, inbound/outbound ACLs, etc.).
● The SVI for the VLAN provides Layer 3 processing for packets
 Why SVI?
● Reasons to configure SVI:
● To provide a gateway for a VLAN so that traffic can be routed into or
out of that VLAN
● To provide Layer 3 IP connectivity to the switch
● To support routing protocol and bridging configurations
● Advantages of SVIs:
● It is much faster than router-on-a-stick
● No need for external links from the switch to the router for routing.
● Not limited to one link: Layer 2 EtherChannels can be used between
the switches to get more bandwidth.
● Latency is much lower, because it does not need to leave the switch.
● The only disadvantage is that multilayer switches are more
expensive
 Routed Ports on a Switch
● A routed port behaves like a regular router interface.
● Because Layer 2 functionality has been removed, Layer 2
protocols, such as STP, do not function on a routed interface.
● However, some protocols, such as LACP and EtherChannel, do
function at Layer 3.
● Unlike Cisco IOS routers, routed ports on a Cisco IOS switch do
not support subinterfaces.
● Routed ports are used for point-to-point links
● Routed ports are mostly configured between switches in the core
and distribution layer.
● To configure routed ports, use the no switchport interface
configuration mode command on the appropriate ports.
 Cisco Switch Database Manager
● A Catalyst 2960 switch can function as a Layer 3 device and route
between VLANs and a limited number of static routes.
● The Cisco Switch Database Manager (SDM) provides multiple
templates for the 2960 switch.
● The templates can be enabled to support specific roles depending
on how the switch is used in the network.
● For example, the sdm lanbase­routing template can be
enabled to allow the switch to route between VLANs and to
support static routing.
● The default template does not support static routing.
● If IPv6 addressing has been enabled, the template will be
dual-ipv4-and-ipv6 default.
 Manage SDM
● The SDM template can be changed in global configuration mode
with the sdm prefer <template­name> command
● Use show sdm prefer to see the current template and other
informations
● IP routing is enabled with the ip routing global configuration
mode command.
● The ip routing command is automatically enabled on Cisco routers
● Use show ip route to see the configured routes
● Use ip route <network> <sub­mask> <gateway> to add a
static route
 Troubleshooting
● Verify VLAN and assiged ports
● Ensure that ports are in the right VLAN and trunking is working
as expected
● Verify each port is correctly in access, trunk or disabled mode
● Verify the SVIs are created with the correct IP address and
subnet mask, and enabled
● Verify routing is enabled and static routes are correct
● Verify default gateways on router, switch and hosts
End of lesson