Scribd
Upload
19 views18 pages

Chapter 5: Inter-VLAN Routing: Objectives

Uploaded by

Diane Gutierrez

The document discusses inter-VLAN routing and different solutions for enabling communication between VLANs. It describes the need for routing between VLANs to allow access to services across broadcast domains. Various interface types are defined, including access ports, trunk ports, and switch ports. Specific configurations are provided for assigning ports to VLANs and setting trunk port characteristics.

Copyright:

© All Rights Reserved
Download as PDF, TXT or read online from Scribd
Download as pdf or txt

Chapter 5: Inter-VLAN Routing: Objectives

Uploaded by

Diane Gutierrez
19 views18 pages
The document discusses inter-VLAN routing and different solutions for enabling communication between VLANs. It describes the need for routing between VLANs to allow access to services across broadcast domains. Various interface types are defined, including access ports, trunk ports, and switch ports. Specific configurations are provided for assigning ports to VLANs and setting trunk port characteristics.

Original Description:

6 - Inter-VLAN Routing

Original Title

m 6

Copyright

© © All Rights Reserved

Available Formats

PDF, TXT or read online from Scribd

Did you find this document useful?

Is this content inappropriate?

The document discusses inter-VLAN routing and different solutions for enabling communication between VLANs. It describes the need for routing between VLANs to allow access to services across broadcast domains. Various interface types are defined, including access ports, trunk ports, and switch ports. Specific configurations are provided for assigning ports to VLANs and setting trunk port characteristics.

Copyright:

© All Rights Reserved
Download as PDF, TXT or read online from Scribd
Download as pdf or txt
19 views18 pages

Chapter 5: Inter-VLAN Routing: Objectives

Uploaded by

Diane Gutierrez
The document discusses inter-VLAN routing and different solutions for enabling communication between VLANs. It describes the need for routing between VLANs to allow access to services across broadcast domains. Various interface types are defined, including access ports, trunk ports, and switch ports. Specific configurations are provided for assigning ports to VLANs and setting trunk port characteristics.

Copyright:

© All Rights Reserved
Download as PDF, TXT or read online from Scribd
Download as pdf or txt
You are on page 1/ 18

IT212 – Data Communications and Networking 2 (Cisco 2)

1
Chapter 5: Inter-VLAN Routing

Chapter 5: Inter-VLAN Routing


Objectives:
• Familiarize in different Inter-VLAN solutions
• Familiarize in Inter-VLAN configuration using router-on-a-stick
• Familiarize in Inter-VLAN configuration on a multilayer switch through virtual interface

The Need For Routing

Each network has it's own needs, though whether it's a large or small network, internal routing, in most
cases, is essential - if not critical. The ability to segment your network by creating VLANs, thus
reducing network broadcasts and increasing your security, is a tactic used by most engineers. Popular
setups include a separate broadcast domain for critical services such as File Servers, Print servers,
Domain Controllers e.t.c, serving your users non-stop.

The issue here is how can users from one VLAN (broadcast domain), use services offered by another
VLAN?

Thankfully there's an answer to every problem and in this case, its VLAN routing:

The above diagram is a very simple but effective example to help you get the idea. Two VLANs
consisting of two servers and workstations of which one workstation has been placed along with the
servers in VLAN 1, while the second workstation is placed in VLAN 2.

In this scenario, both workstations require access to the File and Print servers, making it a very simple
task for the workstation residing in VLAN 1, but obviously not for our workstation in VLAN 2.

Data Communications and Networking 2 (Cisco 2)


IT212 – Data Communications and Networking 2 (Cisco 2)
2
Chapter 5: Inter-VLAN Routing

As you might have already guessed, we need to somehow route packets between the two VLANs and
the good news is that there is more than one way to achieve this and that's what we'll be covering on this
page.

1. VLAN Routing Solutions


While the two 2924 Catalyst switches are connected via a trunk link, they are unable to route packets
from one VLAN to another. If we wanted the switch to support routing, we would require it to be a layer
3 switch with routing capabilities, a service offered by the popular Catalyst 3550 series and above.

Since there are quite a few ways to enable the communcation between VLANs (InterVLAN Routing
being the most popular) there is a good chance that we are able to view all possible solutions. This
follows our standard method of presenting all possible solutions, giving you an in-depth view on how
VLAN routing can be setup, even if you do not have a layer 3 switch.

Note: The term 'InterVLAN Routing' refers to a specific routing method which we will cover as a last
scenario, however it is advised that you read through all given solutions to ensure you have a solid
understanding on the VLAN routing topic.

But first we must know the different interface ports associated with a switch.

Interface Types

This section describes the different types of interfaces supported by the switch with references to
chapters that contain more detailed information about configuring these interface types.

Port-Based VLANs

A VLAN is a switched network that is logically segmented by function, team, or application, without
regard to the physical location of the users. Packets received on a port are forwarded only to ports that
belong to the same VLAN as the receiving port. Network devices in different VLANs cannot
communicate with one another without a Layer 3 device to route traffic between the VLANs.

VLAN partitions provide hard firewalls for traffic in the VLAN, and each VLAN has its own MAC
address table. A VLAN comes into existence when a local port is configured to be associated with the
VLAN, when the VLAN Trunking Protocol (VTP) learns of its existence from a neighbor on a trunk, or
when a user creates a VLAN. VLANs can be formed with ports across the stack.

To configure VLANs, use the vlan vlan-id global configuration command to enter VLAN configuration
mode. The VLAN configurations for normal-range VLANs (VLAN IDs 1 to 1005) are saved in the
VLAN database. If VTP is version 1 or 2, to configure extended-range VLANs (VLAN IDs 1006 to
4094), you must first set VTP mode to transparent. Extended-range VLANs created in transparent mode
are not added to the VLAN database but are saved in the switch running configuration. With VTP
version 3, you can create extended-range VLANs in client or server mode. These VLANs are saved in
the VLAN database.
IT212 – Data Communications and Networking 2 (Cisco 2)
3
Chapter 5: Inter-VLAN Routing

In a switch stack, the VLAN database is downloaded to all switches in a stack, and all switches in the
stack build the same VLAN database. The running configuration and the saved configuration are the
same for all switches in a stack.

Add ports to a VLAN by using the switchport interface configuration commands:

• Identify the interface.


• For a trunk port, set trunk characteristics, and, if desired, define the VLANs to which it can belong.
• For an access port, set and define the VLAN to which it belongs.
• For a tunnel port, set and define the VLAN ID for the customer-specific VLAN tag.

Switch Ports

Switch ports are Layer 2-only interfaces associated with a physical port. Switch ports belong to one or
more VLANs. A switch port can be an access port, a trunk port, or a tunnel port. You can configure a
port as an access port or trunk port or let the Dynamic Trunking Protocol (DTP) operate on a per-port
basis to set the switchport mode by negotiating with the port on the other end of the link. You must
manually configure tunnel ports as part of an asymmetric link connected to an IEEE 802.1Q trunk port.
Switch ports are used for managing the physical interface and associated Layer 2 protocols and do not
handle routing or bridging.

Configure switch ports by using the switchport interface configuration commands. Use the switchport
command with no keywords to put an interface that is in Layer 3 mode into Layer 2 mode.

Access Ports

An access port belongs to and carries the traffic of only one VLAN (unless it is configured as a voice
VLAN port). Traffic is received and sent in native formats with no VLAN tagging. Traffic arriving on
an access port is assumed to belong to the VLAN assigned to the port. If an access port receives a tagged
packet (Inter-Switch Link [ISL] or IEEE 802.1Q tagged), the packet is dropped, and the source address
is not learned.

Two types of access ports are supported:

• Static access ports are manually assigned to a VLAN (or through a RADIUS server for use with IEEE
802.1x.
• VLAN membership of dynamic access ports is learned through incoming packets. By default, a dynamic
access port is not a member of any VLAN, and forwarding to and from the port is enabled only when the
VLAN membership of the port is discovered. Dynamic access ports on the switch are assigned to a
VLAN by a VLAN Membership Policy Server (VMPS). The VMPS can be a Catalyst 6500 series
switch; the Catalyst 3750-X or 3560-X switch cannot be a VMPS server.

You can also configure an access port with an attached Cisco IP Phone to use one VLAN for voice
traffic and another VLAN for data traffic from a device attached to the phone.

Data Communications and Networking 2 (Cisco 2)


IT212 – Data Communications and Networking 2 (Cisco 2)
4
Chapter 5: Inter-VLAN Routing

Trunk Ports

A trunk port carries the traffic of multiple VLANs and by default is a member of all VLANs in the
VLAN database. These trunk port types are supported:

• In an ISL trunk port, all received packets are expected to be encapsulated with an ISL header, and all
transmitted packets are sent with an ISL header. Native (non-tagged) frames received from an ISL trunk
port are dropped.
• An IEEE 802.1Q trunk port supports simultaneous tagged and untagged traffic. An IEEE 802.1Q trunk
port is assigned a default port VLAN ID (PVID), and all untagged traffic travels on the port default
PVID. All untagged traffic and tagged traffic with a NULL VLAN ID are assumed to belong to the port
default PVID. A packet with a VLAN ID equal to the outgoing port default PVID is sent untagged. All
other traffic is sent with a VLAN tag.

Although by default, a trunk port is a member of every VLAN known to the VTP, you can limit
VLAN membership by configuring an allowed list of VLANs for each trunk port. The list of allowed
VLANs does not affect any other port but the associated trunk port. By default, all possible VLANs
(VLAN ID 1 to 4094) are in the allowed list. A trunk port can become a member of a VLAN only if
VTP knows of the VLAN and if the VLAN is in the enabled state. If VTP learns of a new, enabled
VLAN and the VLAN is in the allowed list for a trunk port, the trunk port automatically becomes a
member of that VLAN and traffic is forwarded to and from the trunk port for that VLAN. If VTP learns
of a new, enabled VLAN that is not in the allowed list for a trunk port, the port does not become a
member of the VLAN, and no traffic for the VLAN is forwarded to or from the port.

Tunnel Ports

Tunnel ports are used in IEEE 802.1Q tunneling to segregate the traffic of customers in a
service-provider network from other customers who are using the same VLAN number. You configure
an asymmetric link from a tunnel port on a service-provider edge switch to an IEEE 802.1Q trunk port
on the customer switch. Packets entering the tunnel port on the edge switch, already IEEE 802.1Q-
tagged with the customer VLANs, are encapsulated with another layer of an IEEE 802.1Q tag (called the
metro tag), containing a VLAN ID unique in the service-provider network, for each customer. The
double-tagged packets go through the service-provider network keeping the original customer VLANs
separate from those of other customers. At the outbound interface, also a tunnel port, the metro tag is
removed, and the original VLAN numbers from the customer network are retrieved.

Tunnel ports cannot be trunk ports or access ports and must belong to a VLAN unique to each customer.
IT212 – Data Communications and Networking 2 (Cisco 2)
5
Chapter 5: Inter-VLAN Routing

Routed Ports

A routed port is a physical port that acts like a port on a router; it does not have to be connected
to a router. A routed port is not associated with a particular VLAN, as is an access port. A routed port
behaves like a regular router interface, except that it does not support VLAN subinterfaces. Routed ports
can be configured with a Layer 3 routing protocol. A routed port is a Layer 3 interface only and does not
support Layer 2 protocols, such as DTP and STP.

Configure routed ports by putting the interface into Layer 3 mode with the no switchport
interface configuration command. Then assign an IP address to the port, enable routing, and
assign routing protocol characteristics by using the ip routing and router protocol global
configuration commands.

Entering a no switchport interface configuration command shuts down the interface and then re-
enables it, which might generate messages on the device to which the interface is connected.
When you put an interface that is in Layer 2 mode into Layer 3 mode, the previous configuration
information related to the affected interface might be lost.

The number of routed ports that you can configure is not limited by software. However, the
interrelationship between this number and the number of other features being configured might
impact CPU performance because of hardware limitations.

Switch Virtual Interfaces

A switch virtual interface (SVI) represents a VLAN of switch ports as one interface to the routing or
bridging function in the system. Only one SVI can be associated with a VLAN, but you need to
configure an SVI for a VLAN only when you wish to route between VLANs, to fallback-bridge
nonroutable protocols between VLANs, or to provide IP host connectivity to the switch. By default, an
SVI is created for the default VLAN (VLAN 1) to permit remote switch administration. Additional SVIs
must be explicitly configured.

SVI Autostate Exclude

The line state of an SVI with multiple ports on a VLAN is in the up state when it meets these conditions:

• The VLAN exists and is active in the VLAN database on the switch.
• The VLAN interface exists and is not administratively down.
• At least one Layer 2 (access or trunk) port exists, has a link in the up state on this VLAN, and is in the
spanning-tree forwarding state on the VLAN.

The default action, when a VLAN has multiple ports, is that the SVI goes down when all ports in the
VLAN go down. You can use the SVI autostate exclude feature to configure a port so that it is not
included in the SVI line-state up-an- down calculation. For example, if the only active port on the
VLAN is a monitoring port, you might configure autostate exclude on that port so that the VLAN goes

Data Communications and Networking 2 (Cisco 2)


IT212 – Data Communications and Networking 2 (Cisco 2)
6
Chapter 5: Inter-VLAN Routing

down when all other ports go down. When enabled on a port, autostate exclude applies to all VLANs
that are enabled on that port.

The VLAN interface is brought up when one Layer 2 port in the VLAN has had time to converge
(transition from STP listening-learning state to forwarding state). This prevents features such as routing
protocols from using the VLAN interface as if it were fully operational and minimizes other problems,
such as routing black holes.

EtherChannel Port Groups

EtherChannel port groups treat multiple switch ports as one switch port. These port groups act as a
single logical port for high-bandwidth connections between switches or between switches and servers.
An EtherChannel balances the traffic load across the links in the channel. If a link within the
EtherChannel fails, traffic previously carried over the failed link changes to the remaining links. You
can group multiple trunk ports into one logical trunk port, group multiple access ports into one logical
access port, group multiple tunnel ports into one logical tunnel port, or group multiple routed ports into
one logical routed port. Most protocols operate over either single ports or aggregated switch ports and
do not recognize the physical ports within the port group. Exceptions are the DTP, the Cisco Discovery
Protocol (CDP), and the Port Aggregation Protocol (PAgP), which operate only on physical ports.

When you configure an EtherChannel, you create a port-channel logical interface and assign an interface
to the EtherChannel. For Layer 3 interfaces, you manually create the logical interface by using the
interface port-channel global configuration command. Then you manually assign an interface to the
EtherChannel by using the channel-group interface configuration command. For Layer 2 interfaces, use
the channel-group interface configuration command to dynamically create the port-channel logical
interface. This command binds the physical and logical ports together.

10-Gigabit Ethernet Interfaces

The Catalyst 3750-X and 3560-X switches have a network module slot into which you can insert a 10-
Gigabit Ethernet network module, a 1-Gigabit Ethernet network module, or a blank module.

A 10-Gigabit Ethernet interface operates only in full-duplex mode. The interface can be configured as a
switched or routed port.

For more information about the Cisco TwinGig Converter Module, see the switch hardware installation
guide and your transceiver module documentation.

Power over Ethernet Ports

A PoE-capable switch port automatically supplies power to one of these connected devices if the switch
senses that there is no power on the circuit:

• Cisco pre-standard powered device (such as a Cisco IP Phone or a Cisco Aironet Access Point)
• IEEE 802.3af-compliant powered device
• IEEE 802.3at-compliant powered device
IT212 – Data Communications and Networking 2 (Cisco 2)
7
Chapter 5: Inter-VLAN Routing

A powered device can receive redundant power when it is connected to a PoE switch port and to an AC
power source. The device does not receive redundant power when it is only connected to the PoE port.

After the switch detects a powered device, the switch determines the device power requirements and
then grants or denies power to the device. The switch can also sense the real-time power consumption of
the device by monitoring and policing the power usage.

VLAN Routing Solution No.1: Using A Router With 2 Ethernet Interfaces

A few years ago, this was one of the preferred and fastest methods to route packets between VLANs.
The setup is quite simple and involves a Cisco router e.g 2500 series with two Ethernet interfaces as
shown in the diagram, connecting to both VLANs with an appropriate IP Address assigned to each
interface. IP Routing is of course enabled on the router and we also have the option of applying access
lists in the case where we need to restrict network access between our VLANs.

In addition, each host (servers and workstations) must either use the router's interface connected to their
network as a 'default gateway' or a route entry must be created to ensure they use the router as a gateway
to the other VLAN/Network. This scenario is however expensive to implement because we require a
dedicated router to router packets between our VLANs, and is also limited from an expandability
prospective.

In the case where there are more than two VLANs, additional Ethernet interfaces will be required, so
basically, the idea here is that you need one Ethernet interface on your router that will connect to each
VLAN.

To finish this scenario, as the network gets bigger and more VLANs are created, it will very quickly get
messy and expensive, so this solution will prove inadequate to cover our future growth.

Data Communications and Networking 2 (Cisco 2)


IT212 – Data Communications and Networking 2 (Cisco 2)
8
Chapter 5: Inter-VLAN Routing

VLAN Routing Solution No.2: Using A Router With One Ethernet (Trunk) Interface

This solution is certainly fancier but requires, as you would have already guessed, a router that supports
trunk links. With this kind of setup, the trunk link is created, using of course the same type of
encapsulation the switches use (ISL or 802.1q), and enabling IP routing on the router side. This method
of InterVLAN routing is also known as 'Router on a Stick'. It is a method used for communicating inter-
vlan using a router.

The downside here is that not many engineers will sacrifice a router just for routing between VLANs
when there are many cheaper alternatives, as you will soon find out. Nevertheless, despite the high cost
and dedicated hardware, it's still a valid and workable solution and depending on your needs and
available equipment, it might be just what you're looking for!

Closing this scenario, the router will need to be configured with two virtual interfaces, one for each
VLAN, with the appropriate IP Address assigned to each one so routing can be performed.
IT212 – Data Communications and Networking 2 (Cisco 2)
9
Chapter 5: Inter-VLAN Routing

VLAN Routing Solution No.3: Using A Server With Two Network Cards

We would call this option a "Classic Solution". What we basically do, is configure one of the
servers to perform the routing between the two VLANs, reducing the overal cost as no dedicated
equipment is required.

In order for the server to perform the routing, it requires two network cards - one for each VLAN and
the appropriate IP Addresses assigned, therefore we have configured one with IP Addresses 192.168.1.1
and the other with 192.168.2.1. Once this phase is complete, all we need to do is enable IP routing on
the server and we're done.

Lastly, each workstation must use the server as either a gateway, or a route entry should be created so
they know how to get to the other network. As you see, there's nothing special about this configuration,
it's simple, cheap and it gets the job done.

Data Communications and Networking 2 (Cisco 2)


IT212 – Data Communications and Networking 2 (Cisco 2)
10
Chapter 5: Inter-VLAN Routing

VLAN Routing Solution No.4: Inter-VLAN Routing

And last, InterVLAN routing! This is without a doubt the best VLAN routing solution out of all
of the above. InterVLAN routing makes use of the latest in technology switches ensuring a super fast,
reliable, and acceptable cost routing solution.

The Cisco Catalyst 3550 series switches used here are layer 3 switches with built-in routing capabilities,
making them the preferred choice at a reasonable cost. Of course, the proposed solution shown here is
only a small part of a large scale network where switches such as the Catalyst 3550 are usually placed as
core switches, connecting all branch switches together (2924's in this case) via superfast fiber Gigabit or
Fast Ethernet links, ensuring a fast and reliable network backbone.

We should also note that InterVLAN routing on the Catalyst 3550 has certain software requirements
regarding the IOS image loaded on the switch as outlined on the table below:

InterVLAN Routing
Image Type & Version
Capability
Enhanced Multilayer Image (EMI) - All
YES
Versions
Standard Multilayer Image (SMI) - prior
NO
to 12.1(11)EA1
Standard Multilayer Image (SMI) -
YES
12.1(11)EA1 and later

If you happen to have a 3550 Catalyst in hand, you can issue the Show version command to reveal your
IOS version and find out if it supports IP routing.

In returning to our example, our 3550 Catalyst will be configured with two virtual interfaces, one for
each VLAN, and of course the appropriate IP Address assigned to them to ensure there is a logical
IT212 – Data Communications and Networking 2 (Cisco 2)
11
Chapter 5: Inter-VLAN Routing

interface connected to both networks. Lastly, as you might have guessed, we need to issue the 'IP
Routing' command to enable the InterVLAN Routing service!

The diagram above was designed to help you 'visualise' how switches and their interfaces are configured
to specific VLAN, making the InterVLAN routing service possible. The switch above has been
configured with two VLANs, VLAN 1 and 2. The Ethernet interfaces are then assigned to each VLAN,
allowing them to communicate directly with all other interfaces assigned to the same VLAN and the
other VLAN, when the internal routing process is present and enabled.

Access Lists & InterVLAN Routing

Another common addition to the InterVLAN routing service is the application of Access Lists
(packet filtering) on the routing switch,to restrict access to services or hosts as required.

In modern implementations, central file servers and services are usually placed in their own isolated
VLAN, securing them from possible network attacks while controlling access to them. When you take
into consideration that most trojans and viruses perform an initial scan of the network before attacking,
an administrator can smartly disable ICMP echoes and other protocols used to detect a live host,
avoiding possible detection by an attacker host located on a different VLAN.

2. Inter-VLAN Communication Using Router-on-a-Stick


Router(config)#interface fastethernet Moves to interface configuration mode.
0/0
Router(config-if)#duplex full Sets interface to full duplex.
Router(config-if)#no shutdown Enables interface.
Router(config-if)#interface Creates subinterface 0/0.1 and moves to subinterface
fastethernet 0/0.1
configuration mode.
Router(config-subif)#description (Optional) Sets locally significant descriptor of the
Management VLAN 1
subinterface.

Data Communications and Networking 2 (Cisco 2)


IT212 – Data Communications and Networking 2 (Cisco 2)
12
Chapter 5: Inter-VLAN Routing

Router(config-subif)#encapsulation Assigns VLAN 1 to this subinterface. VLAN 1 is the native


dot1q 1 native
VLAN. This subinterface uses the 802.1Q trunking protocol.
Router(config-subif)#ip address Assigns IP address and netmask.
192.168.1.1 255.255.255.0
Router(config-subif)#interface Creates subinterface 0/0.10 and moves to subinterface
fastethernet 0/0.10
configuration mode.
Router(config-subif)#description (Optional) Sets locally significant descriptor of the
Accounting VLAN 10
subinterface.
Router(config-subif)#encapsulation Assigns VLAN 10 to this subinterface. This subinterface uses
dot1q 10
the 802.1Q trunking protocol.
Router(config-subif)#ip address Assigns IP address and netmask.
192.168.10.1 255.255.255.0
Router(config-subif)#exit Returns to interface configuration mode.
Router(config-if)#exit Returns to global configuration mode.
Router(config)#

The subnets of the VLANs are directly connected to the router. Routing between these subnets does not
require a dynamic routing protocol. In a more complex topology, these routes need to either be
advertised with whatever dynamic routing protocol is used, or be redistributed into whatever dynamic
routing protocol is used.

Routes to the subnets associated with these VLANs appear in the routing table as directly connected
networks.

3. Inter-VLAN Communication Tips


• Although most routers support both Inter-Switch Link (ISL) and Dot1Q encapsulation, some switch
models support only Dot1Q, such as the 2950 and 2960 series.
• If you need to use ISL as your trunking protocol, use the command encapsulation isl x, where x is the
number of the VLAN to be assigned to that subinterface.
• Recommended best practice is to use the same number of the VLAN number for the subinterface
number. It is easier to troubleshoot VLAN 10 on subinterface fastethernet0/0.10 than on
fastethernet0/0.2.
• The native VLAN (usually VLAN 1) cannot be configured on a subinterface for Cisco IOS releases that
are earlier than 12.1(3)T. Native VLAN IP addresses will, therefore, need to be configured on the
physical interface. Other VLAN traffic will be configured on subinterfaces:
IT212 – Data Communications and Networking 2 (Cisco 2)
13
Chapter 5: Inter-VLAN Routing

Router(config)#interface fastethernet 0/0


Router(config-if)#encapsulation dot1q 1 native
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#interface fastethernet 0/0.10
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.10.1 255.255.255.0

4. Inter-VLAN on a Multilayer Switch Through a Switch Virtual


Interface
Rather than using an external router to provide inter-VLAN communication, a multilayer switch can perform
the same task through the use of a switched virtual interface (SVI).

Removing L2 Switchport Capability of a Switch Port

3750Switch(config)#interface Moves to interface configuration mode.


fastethernet 0/1
3750Switch(config-if)#no switchport Creates a Layer 3 port on the switch.
NOTE: The no switchport command can be used on physical
ports only on a Layer 3–capable switch.

Configuring SVI Autostate

3750Switch(config)#interface Moves to interface configuration mode.


fastethernet 0/1
3750Switch(config-if)#switchport Excludes the access port/trunk in defining the status of an SVI as up
auto-state exclude
or down.
NOTE: This command is commonly used for ports that are used for
monitoring, for example, so that a monitoring port does not cause
the SVI to remain "up" when no other ports are active in the VLAN.

Data Communications and Networking 2 (Cisco 2)


IT212 – Data Communications and Networking 2 (Cisco 2)
14
Chapter 5: Inter-VLAN Routing

For the SVI line state to be up, at least one port in the VLAN must be up and forwarding. The switchport auto-
state exclude command excludes a port from the SVI interface line-state up-or-down calculation.

Configuring a Layer 3 EtherChannel

Switch(config)#interface port-channel 1 Creates a virtual Layer 2 interface.


Switch(config-if)#no switchport Changes interface to Layer 3 to enable the use of the
IP address command.
Switch(config-if)#ip address 172.32.52.10 Assigns an IP address to the Layer 3 port-channel
255.255.255.0
interface.
Switch(config)#interface range fastethernet Moves to interface range configuration mode.
5/4 - 5
Switch(config-if-range)#no switchport Creates Layer 3 ports on a switch.
Switch(config-if-range)#channel-protocol pagpConfigures port aggregation protocol.
Switch(config-if-range)#channel-group 1 mode Assigns the physical interfaces in the range to the
desirable
EtherChannel group.

Configuring Inter-VLAN Communication

3550Switch(config)#interface vlan 1 Creates a virtual interface for VLAN 1 and enters


interface configuration mode.
3550Switch(config-if)#ip address 172.16.1.1 Assigns IP address and netmask.
255.255.255.0
3550Switch(config-if)#no shutdown Enables the interface.
3550Switch(config)#interface vlan 10 Creates a virtual interface for VLAN 10 and enters
interface configuration mode.
3550Switch(config-if)#ip address 172.16.10.1 Assigns IP address and netmask.
255.255.255.0
3550Switch(config-if)#no shutdown Enables the interface.
3550Switch(config)#interface vlan 20 Creates a virtual interface for VLAN 20 and enters
interface configuration mode.
3550Switch(config-if)#ip address 172.16.20.1 Assigns IP address and netmask.
255.255.255.0
3550Switch(config-if)#no shutdown Enables the interface.
3550Switch(config-if)#exit Returns to global configuration mode.
3550Switch(config)#ip routing Enables routing on the switch.
IT212 – Data Communications and Networking 2 (Cisco 2)
15
Chapter 5: Inter-VLAN Routing

5. Configuration Example: Inter-VLAN Communication


Now you understand how InterVLAN works. To accomplish InterVLAN routing, some configuration must be
implemented on both router and switch. Let’s see what actions need to be completed when we want to configure
InterVLAN in “router on a stick” model using the above topology.

+ The switch port connected to the router interface must be configured as trunk port.
+ The router sub-interfaces must be running a trunking protocol. Two popular trunking protocols in CCNA are
802.1q (open standard) and InterSwitch Link (ISL, a Cisco propriety protocol).
+ Set IP address on each sub-interface.

To help you understand more clearly about InterVLAN, the main configuration of router & switch are shown
below:

Configure trunk port on switch:

Switch(config)#interface f0/0
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode trunk

Create sub-interfaces, set 802.1Q trunking protocol and ip address on each sub-interface

Router(config)#interface f0/0
Router(config-if)#no shutdown

(Note: The main interface f0/0 doesn’t need an IP address but it must be turned on)
Data Communications and Networking 2 (Cisco 2)
IT212 – Data Communications and Networking 2 (Cisco 2)
16
Chapter 5: Inter-VLAN Routing

Router(config)#interface f0/0.0
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.1.1 255.255.255.0
Router(config-subif)#interface f0/0.1
Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip address 192.168.2.1 255.255.255.0

(Note: In the “encapsulation dot1q 10” command, 10 is the VLAN ID this interface operates in)

I also list the full configuration of the above topology for your reference:

Configure VLAN

Switch(config)#vlan 10
Switch(config-vlan)#name SALES
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name TECH

Set ports to access mode & assign ports to VLAN

Switch(config)#interface range fa0/1-2


Switch(config-if)#no shutdown
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)#interface range fa0/3-4
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode access
Switch(config-if)# switchport access vlan 20

In practical, we often use a Layer 3 switch instead of a switch and a “router on the stick”, this helps reduce the
complexity of the topology and cost.
IT212 – Data Communications and Networking 2 (Cisco 2)
17
Chapter 5: Inter-VLAN Routing

Note: With this topology, we don’t need to use a trunking protocol and the “switchport mode trunk” command.
The full configuration of Layer 3 switch is listed below:

Switch configuration

ip routing
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access

interface Vlan10
ip address 192.168.10.1 255.255.255.0
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0

And on hosts just assign IP addresses and default gateways (to the corresponding interface VLANs) -> hosts in
different VLANs can communicate.

In summary, InterVLAN routing is used to permit devices on separate VLANs to communicate. In this tutorial
you need to remember these important terms:

+ VLAN is a switching technology that reduces the size of a broadcast domain.

Data Communications and Networking 2 (Cisco 2)


IT212 – Data Communications and Networking 2 (Cisco 2)
18
Chapter 5: Inter-VLAN Routing

+ Router-on-a-stick: is a method used for communicating inter-vlan using a router.


+ Subinterfaces are multiple virtual interfaces, associated with one physical interface. These subinterfaces are
configured in software on a router that is independently configured with an IP address and VLAN assignment.

+ Switched Virtual Interface (SVI) is a logical interface configured within a multi-layer switch compared to
an external router to where a trunk is required. An SVI can be created for each VLAN that exists but only one
SVI can be mapped to each VLAN. An SVI is virtual in that there is no physical port defined yet it can perform
the same functions for the VLAN as a router interface and can be configured in much the same way as a router
interface. The SVI for the VLAN provides Layer 3 processing for packets to or form all switch ports associated
with that VLAN.

Summary

InterVLAN is a terrific service and one that you simply can't live without in a large network. The topic
is a fairly easy one once you get the idea, and this is our aim here, to help you get that idea, and extend it
further by giving you other alternative methods.

The key element to the InterVLAN routing service is that you must have at least one VLAN interface
configured with an IP Address on the InterVLAN capable switch, which will also dictate the IP network
for that VLAN. All hosts participating in that VLAN must also use the same IP addressing scheme to
ensure communication between them. When the above requirements are met, it's then as simple as
enabling the IP Routing service on the switch and you have the InterVLAN service activated.

Reference:
• http://www.ciscopress.com/search/index.asp?page=1&query=routing+and+switching+inter+vlan&showResults=Co
ntent&searchagain=Search+Again&sort=Relevance
• http://www.firewall.cx/networking-topics/vlan-networks/222-intervlan-routing.html

You might also like