2.10-InterVLAN Routing PDF

10/8/2018 InterVLAN Routing | NetworkLessons.
com
Search...
Table of Contents
Switching
 Unit 1: Switching Basics
 Unit 2: VLANs and Trunking
Introduction to VLANs (Virtual LAN)
How to con gure VLANs
802.1Q Encapsulation
How to con gure a trunk between switches
How to change the Native VLAN
Cisco DTP (Dynamic Trunking Protocol) Negotiation
802.1Q Tunneling (Q-in-Q)
Etherchannel over 802.1Q Tunneling
Private VLANs (PVLAN)
InterVLAN Routing
Troubleshooting VLANs & Trunks
Troubleshooting Inter-VLAN Routing
 Unit 3: VTP (VLAN Trunking Protocol)
 Unit 4: Spanning-Tree
 Unit 5: Etherchannel
 Unit 6: Virtualization
 Unit 7: Design
 Unit 8: Security
 Unit 9: Miscellaneous
You are here: Home » Switching
InterVLAN Routing
a d k y v
In this lesson we are going to take a look at routing between VLANs. When we want communication between di erent VLANs we’ll need a
device that can do routing. We could use an external router but it’s also possible to use a multilayer switch (aka layer 3 switches).
Let’s look at the di erent options!
Router on a Stick
https://networklessons.com/switching/intervlan-routing/ 1/14
10/8/2018 InterVLAN Routing | NetworkLessons.com
SW1 has two VLANs so we have two di erent subnets. If we want communication between these VLANs we’ll have to use a device that can do
routing. In this example we’ll use a router for the job. R1 will need access to both VLANs so we’ll create a 802.1Q trunk between SW1 and R1.
Here’s how to con gure this:
SW1(config)#interface fa0/3
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk allowed vlan 10,20
This is how we con gure SW1. Make interface fa0/3 a trunk port and for security measures I made sure that only VLAN 10 and 20 are allowed.
R1(config)#interface fa0/0.10
R1(config-subif)#encapsulation dot1Q 10
R1(config-subif)#ip address 192.168.10.254 255.255.255.0
R1(config)#interface fa0/0.20
R1(config-subif)#encapsulation dot1Q 20
R1(config-subif)#ip address 192.168.20.254 255.255.255.0
Create two sub-interfaces on the router and tell it to which VLAN they belong. Don’t forget to add an IP address for each VLAN.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, FastEthernet0/0.10

C 192.168.20.0/24 is directly connected, FastEthernet0/0.20
The router will be able to route because these two networks are directly connected.
C:\Documents and Settings\H1>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 192.168.10.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.254
C:\Documents and Settings\H2>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 192.168.20.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.254
Don’t forget to set your IP address and gateway on the computers.
Let’s try a ping:
C:\Documents and Settings\H1>ping 192.168.20.1
Pinging 192.168.20.1 with 32 bytes of data:
Reply from 192.168.20.1: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.1.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
That’s how you do it. So why would you want to use a solution like this? It’s cheap! You don’t need a multilayer switch for your routing. Any
layer 2 switch will do.
The Cisco Catalyst 2960 is a layer 2 switch; the cheapest multilayer switch is the Cisco Catalyst 3560. Compare the price on those two and you’ll
see what I’m talking about.
Some of the disadvantages of this solution is that your router is a single point of failure and that tra c ows up and down on the same link
which might cause congestion.
Configurations
Want to take a look for yourself? Here you will nd the con guration of each device.
R1
hostname R1
!
interface fastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
!
interface fastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
!
end
SW1
hostname SW1
!
interface fastEthernet0/1
switchport mode access
switchport access vlan 10
!
!
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,20
end
So what other solutions do we have?
SVI (Switch Virtual Interface)
This is the picture of a multilayer switch. This switch has routing capabilities! I can con gure something called a SVI (Switch Virtual Interface)
for each VLAN and put an IP address on it. This IP address can be used for computers as their default gateway. Here’s how to con gure it:
SW1(config)#ip routing
SW1(config)#interface vlan 10
SW1(config-if)#no shutdown
SW1(config-if)#ip address 192.168.10.254 255.255.255.0
SW1(config-if)#no shutdown
Start by enabling routing using the ip routing command. If you forget this your switch won’t build a routing table! Next step is to create a SVI
for VLAN 10 and 20 and con gure IP addresses on them. This con guration might look familiar if you worked with layer 2 switches before. On a
layer 2 switch like the Cisco Catalyst 2950/2960 we also have a SVI but you can only use it for remote management.
Once you create a SVI and type no shutdown it will normally be “up” since it’s only a virtual interface, there are however a number of
requirements or it will show up as “down”:
The VLAN has to exist in the VLAN database and it should be active.
At least one access or trunk port should use this VLAN actively and it should be in spanning-tree forwarding mode.
Simply said: the VLAN has to be active somehow or your SVI will go down.
I have two computers in VLAN 10 and created a SVI for VLAN 10.
SW1#show ip interface brief vlan 10

Interface IP-Address OK? Method Status Protocol
Vlan10 192.168.10.254 YES manual up up
You’ll see that the status says up/up so that’s good.
If I shutdown one interface nothing will change, my SVI will still show up/up because interface fa0/2 is still active.
SW1#show ip interface brief vlan 10

Interface IP-Address OK? Method Status Protocol
Vlan10 192.168.10.254 YES manual up down
Once I shut both interfaces we don’t have anything active anymore in VLAN 10. As a result the SVI will go to up/down.
Now if I want I can exclude an interface from the SVI state. Imagine I want to make sure that whatever happens to interface fa0/2 doesn’t
in uence the SVI state:
SW1(config-if)#switchport autostate exclude
I can use the switchport autostate exclude command. This means it won’t in uence the state of the SVI interface anymore. Fa0/1 is the only
interface that can now in uence the SVI state, as soon as it goes down you’ll see that SVI state go down as well, even though fa0/2 is still up
and running.
Enough about the SVI, there’s another method we can use our multilayer switch for routing. By default all interfaces on a switch are
switchports (layer 2) but we can change them to routed ports (layer 3). A routed port is the exact same interface as what we use on a router.
Configurations
Want to take a look for yourself? Here you will nd the con guration of SW1.
SW1
hostname SW1
!
ip routing
!
interface vlan 10
ip address 192.168.10.254 255.255.255.0
!
interface vlan 20
ip address 192.168.20.254 255.255.255.0
!
interface FastEthernet0/2
switchport autostate exclude
!
end
Enough about SVI, there’s another method we can use for routing on multilayer switches.
Routed Port
By default all interfaces on a switch are switchports (layer 2) but we can change them to routed ports (layer 3). A routed port is the exact
same interface as what we use on a router.
Here’s an example of the routed port. SW2 is a layer 2 switch and SW3 is a multilayer switch. The fa0/16 interface on SW3 has been con gured
as a router port so it can be used as the default gateway for the clients in VLAN 10.
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 10
I’m going to con gure the fa0/16 interface to SW3 as a normal access port and put it in VLAN 10.
SW3(config-if)#no switchport
Make it a routed port by typing no switchport and put an IP address on it, it can now be used by the computers as a gateway!
There are two things you should remember about this routed port:
It’s no longer a switchport so it’s not associated with any VLAN.

It’s a routed port but it doesn’t support sub-interfaces like a router does.
Configurations
SW2
hostname SW2
!
interface fa0/1
!
interface fa0/2
!
!
end
SW3
hostname SW3
!
interface fa0/16
no switchport
ip address 192.168.10.254 255.255.255.0
!
end
What should you use? The SVI or the routed port? If you only have one interface in a VLAN it’s ne to use the routed port, con gure an IP
address on it and you are ready to go. If you have multiple interfaces in a VLAN you should use the SVI.
Routing Protocols
Multilayer switches can use routing protocols. Let me show you an example:
I have two multilayer switches and the link in between is layer 2. Let’s con gure these switches:


I’m creating a 802.1q trunk in between the switches but it doesn’t matter what you pick. I also could have used access interfaces and use a
single VLAN.
SW2(config)#vlan 10
SW3(config)#vlan 10
Create a SVI interface on each Switch and con gure an IP address.
SW3#ping 192.168.10.1
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
The switches can reach each other so the SVI interfaces and trunk are working.
SW2(config)#router eigrp 10
SW2(config-router)#network 192.168.10.0
SW3(config)#router eigrp 10
SW3(config-router)#network 192.168.10.0
Let’s con gure EIGRP to see if we can form a neighbor adjacency.
SW2 %DUAL-5-NBRCHANGE: EIGRP-IPv4:(10) 10: Neighbor 192.168.10.2 (Vlan10) is up: new adjacency
There goes…the switches have found each other.
SW3#show ip eigrp neighbors

EIGRP-IPv4:(10) neighbors for process 10
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.10.1 Vl10 13 00:01:25 1 200 0 1
We have successfully con gured EIGRP between these two switches using the SVI interfaces.
Configurations
SW2
hostname SW2
!
ip routing
!
interface FastEthernet 0/16
!
interface vlan 10
ip address 192.168.10.1 255.255.255.0
!
router eigrp 10
network 192.168.10.0
!
end
SW3
hostname SW3
!
ip routing
!
interface FastEthernet 0/16
!
interface vlan 10
ip address 192.168.10.2 255.255.255.0
!
router eigrp 10
network 192.168.10.0
!
end
We can also do this with the routed ports!
Same switches but now I’m going to make the link in between layer 3 by using the routed ports.
SW2(config)#no interface vlan 10

SW3(config)#no interface vlan 10

Get rid of the SVI interfaces and change the interfaces to routed ports. Don’t forget to add an IP address.
SW2(config)#router ospf 10
SW2(config-router)#network 192.168.10.0 0.0.0.255 area 0
SW#(config-if)#router ospf 10
SW3(config-router)#network 192.168.10.0 0.0.0.255 area 0
Let’s con gure OSPF this time just for fun!
SW2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface

192.168.10.2 1 FULL/DR 00:00:37 192.168.10.2 FastEthernet0/16
We have established an OSPF neighbor adjacency by using the routed ports!
Configurations
SW2
hostname SW2
!
ip routing
!
no switchport
ip address 192.168.10.1 255.255.255.0
!
router ospf 10
network 192.168.10.0 0.0.0.255 area 0
!
end
SW3
hostname SW3
!
ip routing
!
no switchport
ip address 192.168.10.2 255.255.255.0
!
router ospf 10
network 192.168.10.0 0.0.0.255 area 0
!
end
These are all the methods how you can con gure routing on your multilayer switches. The router on a stick, SVI interfaces and the routed port.
I hope this lesson has been useful to you!
« Previous Lesson
Private VLANs (PVLAN)
Next Lesson
Troubleshooting VLANs &
Trunks
»
Forum Replies
jtharvey
Rene,
I have a Cisco SG300-28 PoE+ switch and am having an old age moment in setting up VLans. Would you know the answer to or be able to assist with the
following:
My network has:
1 router, which also handles DHCP duties with one range currently speci ed 192.168.1.x/24
1 switch
1 WAP
and about 40 nodes
I want to create multiple VLANS on the Cisco SG300 switch.
Vlan10 - Mgmnt
Vlan20 - Children
Vlan30 - AV
Vlan40 - Automation
Vlan50 - VoIP
Vlan60 - Guest
What are the steps necessary after creating the Vlans in this scenario to make things work?
WAP is on port 1
... Continue reading in our forum
lagapides
Hello Dinh.
I had a production network where I wanted to implement exactly what you describe. The solution I used was access lists as you mentioned. It is probably the
fastest and most immediate solution. However, there are a couple of other solutions that may be more exible as well. These are described below:
VLAN access list - This is just an access list but it lters based on VLAN rather than IP. It is a layer 2 solution. An example con guration can be seen below:
interface Vlan1
no ip address
shutdown
!
interface Vlan2
description VLan connected t
lagapides
Hello Brian
Please allow me to step in and participate, as this is an issue that I had trouble in visualising and understanding. I hope I can be of some help. For the most part,
you’ve got it, maybe I can make things a little bit clearer for you.
https://cdn-forum.networklessons.com/user_avatar/forum.networklessons.com/wilder7bc/40/371_1.png
wilder7bc:
so four switches all four are in same subnet, and lets just say they are in VLAN 10.
I think I have been coming at this all wrong. when I thought of SVI I thought about Default Gateway when we gave it an IP
willveld
Happy to provide my example lab and diagram if helps I really have spent long time reading on this on your site and wider sources but I’m not sure what is
allowed or should be allowed and most importantly if vlans have to be stretched (spanned is di erent I think) what is the right / best way to do it. (Assuming a
subnet has to Ben stretched)
arindom.nag
Hi Rene,
Hope you are doing good…
I am trying to make access list for Inter VLAN routing but not able to do so do you have any example?
I think Lazaros given same kind if example on July 2016 but to whom Lazaros explained the person didn’t explain with any topology i read out the topic in forum
but not having any clue.
So can you help me on this…
Aside Lazaros,if you are there you can help me…bcz from last few hours i tried and tried but not able to x…
Thanks & Regards,

Arindom
 68 more replies! Ask a question or join the discussion by visiting our Community Forum
Hello There!
I am René Molenaar (CCIE
#41726), Your main Instructor.
My goal is to teach you
everything about Cisco,
Wireless and Security. I am
here to Help You Master Networking!
Read my story
Social Fans
 
14,284 9,680
FANS FOLLOWERS
 
491 10,603
FOLLOWERS SUBSCRIBERS
New Lessons
CoPP (Control Plane Policing)
IPv6 First Hop Security Features
IPv6 Source Guard
NTPv4
IPv6 NPTv6 (Network Pre x Translation)
Tag Cloud
802.1Q ACL ARP Authentication Certi cate
Design DHCP DMVPN Filtering Firewall
GRE IGMP IKE IOS IP Routing
IPSec LDP Linux Load Balancing LSA
NAT Network Management
Network Services Network Type OER
OSPFv3 PAT PE-CE PFR PIM PPP
Redistribution Security Shaping

SNMP SSH Stub Summarization Trunk
Tuning Tunnel VLAN VPN VRF Wireless
Disclaimer
Privacy Policy
Support
© 2013 - 2018 NetworkLessons.com 17856

2.10-InterVLAN Routing PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2.10-InterVLAN Routing PDF

Uploaded by

Copyright:

Available Formats

10/8/2018 InterVLAN Routing | NetworkLessons.

 Unit 1: Switching Basics

 Unit 2: VLANs and Trunking

Introduction to VLANs (Virtual LAN)

How to con gure VLANs

How to con gure a trunk between switches

How to change the Native VLAN

Cisco DTP (Dynamic Trunking Protocol) Negotiation

802.1Q Tunneling (Q-in-Q)

Etherchannel over 802.1Q Tunneling

Private VLANs (PVLAN)

Troubleshooting VLANs & Trunks

Troubleshooting Inter-VLAN Routing

 Unit 3: VTP (VLAN Trunking Protocol)

You are here: Home » Switching

Let’s look at the di erent options!

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

Gateway of last resort is not set

C 192.168.10.0/24 is directly connected, FastEthernet0/0.10

C:\Documents and Settings\H1>ipconfig

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

C:\Documents and Settings\H2>ipconfig

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Don’t forget to set your IP address and gateway on the computers.

Let’s try a ping:

C:\Documents and Settings\H1>ping 192.168.20.1

Pinging 192.168.20.1 with 32 bytes of data:

Reply from 192.168.20.1: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.1.2:

So what other solutions do we have?

SVI (Switch Virtual Interface)

SW1#show ip interface brief vlan 10

You’ll see that the status says up/up so that’s good.

SW1#show ip interface brief vlan 10

It’s no longer a switchport so it’s not associated with any VLAN.

SW2(config-if)#switchport trunk encapsulation dot1q

SW3(config-if)#switchport trunk encapsulation dot1q

Create a SVI interface on each Switch and con gure an IP address.

Type escape sequence to abort.

Let’s con gure EIGRP to see if we can form a neighbor adjacency.

There goes…the switches have found each other.

SW3#show ip eigrp neighbors

We can also do this with the routed ports!

SW2(config)#no interface vlan 10

SW3(config)#no interface vlan 10

Let’s con gure OSPF this time just for fun!

SW2#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

We have established an OSPF neighbor adjacency by using the routed ports!

I want to create multiple VLANS on the Cisco SG300 switch.

... Continue reading in our forum

... Continue reading in our forum

... Continue reading in our forum

So can you help me on this…

Thanks & Regards,

Network Services Network Type OER

OSPFv3 PAT PE-CE PFR PIM PPP

Redistribution Security Shaping

You might also like