Chapter 3 Switching Esssentials

Chapter 3: Inter-VLAN Routing
Module Objectives
Module Title: Inter-VLAN Routing
Module Objective: Troubleshoot inter-VLAN routing on Layer 3 devices
© 2019, 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Inter-VLAN Routing
Operation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Inter-VLAN Routing Operation
What is Inter-VLAN Routing?
VLANs are used to segment switched Layer 2 networks for a variety of reasons.
Regardless of the reason, hosts in one VLAN cannot communicate with hosts in
another VLAN unless there is a router or a Layer 3 switch to provide routing
services.
Inter-VLAN routing is the process of forwarding network traffic from one VLAN
to another VLAN.
There are three inter-VLAN routing options:

• Legacy Inter-VLAN routing - This is a legacy solution. It does not scale
well.
• Router-on-a-Stick - This is an acceptable solution for a small to medium-
sized network.
• Layer 3 switch using switched virtual interfaces (SVIs) - This is the
most scalable solution for medium to large organizations.
Legacy Inter-VLAN Routing
• The first inter-VLAN routing solution relied on using a router with multiple
Ethernet interfaces. Each router interface was connected to a switch port in
different VLANs. The router interfaces served as the default gateways to the
local hosts on the VLAN subnet.
• Legacy inter-VLAN routing using physical interfaces works, but it has a
significant limitation. It is not reasonably scalable because routers have a
limited number of physical interfaces. Requiring one physical router
interface per VLAN quickly exhausts the physical interface capacity of a
router.
Note: This method of inter-VLAN

routing is no longer implemented in
switched networks and is included for
explanation purposes only.
Router-on-a-Stick Inter-VLAN Routing
The ‘router-on-a-stick’ inter-VLAN routing method overcomes the limitation of the
legacy inter-VLAN routing method. It only requires one physical Ethernet interface
to route traffic between multiple VLANs on a network.
• A Cisco IOS router Ethernet interface is configured as an 802.1Q trunk and
connected to a trunk port on a Layer 2 switch. Specifically, the router interface
is configured using subinterfaces to identify routable VLANs.
• The configured subinterfaces are software-based virtual interfaces. Each is
associated with a single physical Ethernet interface. Subinterfaces are
configured in software on a router.
• Each subinterface is independently configured with an IP address and VLAN
assignment. Subinterfaces are configured for different subnets that correspond
to their VLAN assignment. This facilitates logical routing.
• When VLAN-tagged traffic enters the router interface, it is forwarded to the
VLAN subinterface. After a routing decision is made based on the destination IP
network address, the router determines the exit interface for the traffic. If the
exit interface is configured as an 802.1q subinterface, the data frames are
VLAN-tagged with the new VLAN and sent back out the physical interface
Note: The router-on-a-stick

method of inter-VLAN routing
does not scale beyond 50 VLANs.
Inter-VLAN Routing on a Layer 3 Switch
The modern method of performing inter-VLAN routing is to use Layer 3
switches and switched virtual interfaces (SVI). An SVI is a virtual interface that
is configured on a Layer 3 switch, as shown in the figure.
Note: A Layer 3 switch is also called a multilayer switch as it operates at Layer

2 and Layer 3. However, in this course we use the term Layer 3 switch.
Inter-VLAN Routing on a Layer 3 Switch (Cont.)
Inter-VLAN SVIs are created the same way that the management VLAN
interface is configured. The SVI is created for a VLAN that exists on the switch.
Although virtual, the SVI performs the same functions for the VLAN as a router
interface would. Specifically, it provides Layer 3 processing for packets that are
sent to or from all switch ports associated with that VLAN.
The following are advantages of using Layer 3 switches for inter-VLAN routing:
• They are much faster than router-on-a-stick because everything is
hardware switched and routed.
• There is no need for external links from the switch to the router for routing.
• They are not limited to one link because Layer 2 EtherChannels can be
used as trunk links between the switches to increase bandwidth.
• Latency is much lower because data does not need to leave the switch in
order to be routed to a different network.
• They more commonly deployed in a campus LAN than routers.
• The only disadvantage is that Layer 3 switches are more expensive.

Router-on-a-Stick Inter-
VLAN Routing
Router-on-a-Stick Scenario
• In the figure, the R1 GigabitEthernet 0/0/1 interface
is connected to the S1 FastEthernet 0/5 port. The S1
FastEthernet 0/1 port is connected to the S2
FastEthernet 0/1 port. These are trunk links that are
required to forward traffic within and between
VLANs.
• To route between VLANs, the R1 GigabitEthernet
0/0/1 interface is logically divided into three
subinterfaces, as shown in the table. The table also
shows the three VLANs that will be configured on the
switches.
• Assume that R1, S1, and S2 have initial basic
configurations. Currently, PC1 and PC2
cannot ping each other because they are on
separate networks. Only S1 and S2 can ping each
other, but they but are unreachable by PC1 or PC2
because they are also on different networks.
• To enable devices to ping each other, the switches
must be configured with VLANs and trunking, and © 2019, 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
the router must be configured for inter-VLAN routing.

S1 VLAN and Trunking Configuration
Complete the following steps to configure S1 with VLANs and
trunking:
• Step 1. Create and name the VLANs.
• Step 2. Create the management interface.
• Step 3. Configure access ports.
• Step 4. Configure trunking ports.
trunking:
• Step 1. Create and name the VLANs.
trunking:
• Step 2. Create the management interface.
trunking:
• Step 3. Configure access ports.
trunking:
• Step 4. Configure trunking ports.
The configuration for
S2 is similar to S1.
R1 Subinterface Configuration
The router-on-a-stick method requires you to create a subinterface for each
VLAN to be routed. A subinterface is created using the interface interface_id
subinterface_id global configuration mode command. Each subinterface is then
configured with the following two commands:
• encapsulation dot1q vlan_id [native] - This command configures the
subinterface to respond to 802.1Q encapsulated traffic from the
specified vlan-id. The native keyword option is only appended to set the
native VLAN to something other than VLAN 1.
• ip address ip-address subnet-mask - This command configures the IPv4
address of the subinterface. This address typically serves as the default
gateway for the identified VLAN.
Repeat the process for each VLAN to be routed. Each router subinterface must
be assigned an IP address on a unique subnet for routing to occur. When all
subinterfaces have been created, enable the physical interface using the no
shutdown interface configuration command.
R1 Subinterface Configuration (Cont.)
In the configuration, the
R1 G0/0/1 subinterfaces
are configured for VLANs
10, 20, and 99.
Verify Connectivity Between PC1 and PC2
The router-on-a-stick configuration is
complete after the switch trunk and the
router subinterfaces have been
configured. The configuration can be
verified from the hosts, router, and
switch.
From a host, verify connectivity to a host

in another VLAN using
the ping command. It is a good idea to
first verify the current host IP
configuration using
the ipconfig Windows host command.
Next, use ping to verify connectivity with

PC2 and S1, as shown in the figure.
The ping output successfully confirms
inter-VLAN routing is operating.
Router-on-a-Stick Inter-VLAN Routing Verification
In addition to using ping between devices, the
following show commands can be used to verify and troubleshoot the
router-on-a-stick configuration.
• show ip route
• show ip interface brief
• show interfaces
• show interfaces trunk
Inter-VLAN Routing using
Layer 3 Switches
Inter-VLAN Routing using Layer 3 Switches
Layer 3 Switch Inter-VLAN Routing
Inter-VLAN routing using the router-on-a-stick method is simple to
implement for a small to medium-sized organization. However, a large
enterprise requires a faster, much more scalable method to provide inter-VLAN
routing.
Enterprise campus LANs use Layer 3 switches to provide inter-VLAN

routing. Layer 3 switches use hardware-based switching to achieve higher-
packet processing rates than routers. Layer 3 switches are also commonly
implemented in enterprise distribution layer wiring closets.
Capabilities of a Layer 3 switch include the ability to do the following:

• Route from one VLAN to another using multiple switched virtual interfaces
(SVIs).
• Convert a Layer 2 switchport to a Layer 3 interface (i.e., a routed port). A
routed port is similar to a physical interface on a Cisco IOS router.
• To provide inter-VLAN routing, Layer 3 switches use SVIs. SVIs are configured
using the same interface vlan vlan-id command ©used to create the
2019, 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
management SVI on a Layer 2 switch. A Layer 3 SVI must be created for each of
Layer 3 Switch Scenario
In the figure, the Layer 3

switch, D1, is connected
to two hosts on different
VLANs. PC1 is in VLAN 10
and PC2 is in VLAN 20, as
shown. The Layer 3
switch will provide inter-
VLAN routing services to
the two hosts.
Layer 3 Switch Configuration
Complete the following steps to configure S1 with
VLANs and trunking:
• Step 1. Create the VLANs. In the example, VLANs
10 and 20 are used.
• Step 2. Create the SVI VLAN interfaces. The IP
address configured will serve as the default
gateway for hosts in the respective VLAN.
• Step 3. Configure access ports. Assign the
appropriate port to the required VLAN.
• Step 4. Enable IP routing. Issue the ip
routing global configuration command to allow
traffic to be exchanged between VLANs 10 and
20. This command must be configured to enable
inter-VAN routing on a Layer 3 switch for IPv4.
Step 1. Create the VLANs. In the example, VLANs 10
and 20 are used.
Step 1. Create the VLANs. In the example, VLANs 10
and 20 are used.
Step 2. Create the SVI VLAN interfaces. The IP
address configured will serve as the default gateway
for hosts in the respective VLAN.
Step 2. Create the SVI VLAN interfaces. The IP
address configured will serve as the default gateway
for hosts in the respective VLAN.
Step 3. Configure access ports. Assign the
Step 3. Configure access ports. Assign the
Step 4. Enable IP routing. Issue the ip
traffic to be exchanged between VLANs 10 and 20.
This command must be configured to enable inter-
VAN routing on a Layer 3 switch for IPv4.
Step 4. Enable IP routing. Issue the ip
traffic to be exchanged between VLANs 10 and 20.
This command must be configured to enable inter-
VAN routing on a Layer 3 switch for IPv4.
Layer 3 Switch Inter-VLAN Routing Verification
Inter-VLAN routing using a Layer 3 switch is simpler to configure than the
router-on-a-stick method. After the configuration is complete, the configuration
can be verified by testing connectivity between the hosts.
• From a host, verify connectivity to a host in another VLAN using
the ping command. It is a good idea to first verify the current host IP
configuration using the ipconfig Windows host command.
• Next, verify connectivity with PC2 using the ping Windows host command.
The successful ping output confirms inter-VLAN routing is operating.
Routing on a Layer 3 Switch
If VLANs are to be reachable by other Layer 3 devices, then they must be
advertised using static or dynamic routing. To enable routing on a Layer 3
switch, a routed port must be configured.
A routed port is created on a Layer 3 switch by disabling the switchport feature

on a Layer 2 port that is connected to another Layer 3 device. Specifically,
configuring the no switchport interface configuration command on a Layer 2
port converts it into a Layer 3 interface. Then the interface can be configured
with an IPv4 configuration to connect to a router or another Layer 3 switch.
Routing Scenario on a Layer 3 Switch
In the figure, the previously configured D1
Layer 3 switch is now connected to R1. R1
and D1 are both in an Open Shortest Path
First (OSPF) routing protocol domain.
Assume inter-VLAN has been successfully
implemented on D1. The G0/0/1 interface
of R1 has also been configured and
enabled. Additionally, R1 is using OSPF to
advertise its two networks, 10.10.10.0/24
and 10.20.20.0/24.
Note: OSPF routing configuration is

covered in another course. In this module,
OSPF configuration commands will be
given to you in all activities and
assessments.
Routing Configuration on a Layer 3 Switch
Complete the following steps to configure D1 to route with R1:
• Step 1. Configure the routed port. Use the no switchport command to convert the
port to a routed port, then assign an IP address and subnet mask. Enable the port.
• Step 2. Enable routing. Use the ip routing global configuration command to enable
routing.
• Step 3. Configure routing. Use an appropriate routing method. In this example,
Single-Area OSPFv2 is configured
• Step 4. Verify routing. Use the show ip route command.
• Step 5. Verify connectivity. Use the ping command to verify reachability.
Step 1. Configure the routed port. Use the no switchport command to convert the port
to a routed port, then assign an IP address and subnet mask. Enable the port.
Step 1. Configure the routed port. Use the no switchport command to convert the port
to a routed port, then assign an IP address and subnet mask. Enable the port.
Step 2. Enable routing. Use the ip routing global configuration command to enable
routing.
Step 2. Enable routing. Use the ip routing global configuration command to enable
routing.
Step 3. Configure routing. Use an appropriate routing method. In this example, Single-
Area OSPFv2 is configured
Step 3. Configure routing. Use an appropriate routing method. In this example, Single-
Area OSPFv2 is configured
Step 4. Verify routing. Use the show ip route command.
Step 5. Verify connectivity. Use the ping command to verify reachability.
Troubleshoot Inter-VLAN
Routing
Troubleshoot Inter-VLAN Routing
Common Inter-VLAN Issues
There are a number of reasons why an inter-VAN configuration may not work. All are
related to connectivity issues. First, check the physical layer to resolve any issues where a
cable might be connected to the wrong port. If the connections are correct, then use the
list in the table for other common reasons why inter-VLAN connectivity may fail.
Issue Type How to Fix How to Verify
•Create (or re-create) the VLAN if it does not show vlan [brief]
exist. show interfaces
Missing VLANs
•Ensure host port is assigned to the correct switchport
VLAN. ping
Switch Trunk Port •Ensure trunks are configured correctly. show interface trunk
Issues •Ensure port is a trunk port and enabled. show running-config
show interfaces
•Assign correct VLAN to access port.
switchport
Switch Access Port •Ensure port is an access port and enabled.
show running-config
Issues •Host is incorrectly configured in the wrong
interface
subnet.
ipconfig
•Router subinterface IPv4 address is
Router Configuration incorrectly configured. show ip interface brief
Issues •Router subinterface is assigned to the VLAN show
© 2019, 2021 Ciscointerfaces
and/or its affiliates. All rights reserved. Cisco Confidential 48
ID.
Troubleshoot Inter-VLAN Routing Scenario
Examples of some of these inter-VLAN

routing problems will now be covered in
more detail. This topology will be used
for all of these issues.
Router R1 Subinterfaces
Subinterfa
VLAN IP Address
ce
G0/0/0.10 10 192.168.10.1/24
G0/0/0.20 20 192.168.20.1/24
G0/0/0.30 99 192.168.99.1/24
Missing VLANs
An inter-VLAN connectivity issue could be
caused by a missing VLAN. The VLAN
could be missing if it was not created, it
was accidently deleted, or it is not
allowed on the trunk link.
When a VLAN is deleted, any ports

assigned to that VLAN become inactive.
They remain associated with the VLAN
(and thus inactive) until you assign them
to a new VLAN or recreate the missing
VLAN. Recreating the missing VLAN would
automatically reassign the hosts to it.
Use the show interface interface-

id switchport command to verify the
VLAN membership of the port. © 2019, 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Switch Trunk Port Issues
Another issue for inter-VLAN routing includes misconfigured switch ports. In a
legacy inter-VLAN solution, this could be caused when the connecting router port
is not assigned to the correct VLAN.
However, with a router-on-a-stick solution, the most common cause is a
misconfigured trunk port.
• Verify that the port connecting to the router is correctly configured as a trunk
link using the show interface trunk command.
• If that port is missing from the output, examine the configuration of the port
with the show running-config interface X command to see how the port is
configured.
Switch Access Port Issues
When a problem is suspected with a
switch access port configuration, use
verification commands to examine the
configuration and identify the problem.
A common indicator of this issue is the

PC having the correct address
configuration (IP Address, Subnet Mask,
Default Gateway), but being unable to
ping its default gateway.
• Use the show vlan brief, show
interface X switchport or show
running-config interface X
command to verify the interface
VLAN assignment.
Router Configuration Issues
Router-on-a-stick configuration problems are usually related to
subinterface misconfigurations.
• Verify the subinterface status using the show ip interface
brief command.
• Verify which VLANs each of the subinterfaces is on. To do so, the show
interfaces command is useful but it generates a great deal of additional
unrequired output. The command output can be reduced using IOS
command filters. In this example, use the include keyword to identify that
only lines containing the letters “Gig” or “802.1Q”

Chapter 3 Switching Esssentials

Uploaded by

Document Informationclick to expand document informationchap 3

Document Informationclick to expand document information

Copyright:

Available Formats

Chapter 3 Switching Esssentials

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Chapter 3 Switching Esssentials

Uploaded by

Copyright:

Available Formats

Chapter 3: Inter-VLAN Routing

Module Objective: Troubleshoot inter-VLAN routing on Layer 3 devices

There are three inter-VLAN routing options:

Note: This method of inter-VLAN

Note: The router-on-a-stick

Note: A Layer 3 switch is also called a multilayer switch as it operates at Layer

• The only disadvantage is that Layer 3 switches are more expensive.

the router must be configured for inter-VLAN routing.

From a host, verify connectivity to a host

Next, use ping to verify connectivity with

Enterprise campus LANs use Layer 3 switches to provide inter-VLAN

Capabilities of a Layer 3 switch include the ability to do the following:

In the figure, the Layer 3

A routed port is created on a Layer 3 switch by disabling the switchport feature

Note: OSPF routing configuration is

Examples of some of these inter-VLAN

When a VLAN is deleted, any ports

Use the show interface interface-

A common indicator of this issue is the

You might also like