implementing inter-vlan routing

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—4-1

Implementing Inter-VLAN Routing

Describing Routing Between VLANs


Inter-VLAN Routing Using an External Router Provide a single trunk link

from switch to router. Router physical interface is

divided into logical subinterfaces.

Each router subinterface acts as gateway for one VLAN.


Router on a Stick1. Traffic from PC1 enters

switch on VLAN 10.2. Crosses trunk to router,

arriving on subinterface FA0/0.10 (VLAN 10).

3. Router determines that route to PC2 is through subinterface FA0/0.20.

4. Crosses trunk to switch, arriving on VLAN 20.

5. Switched to PC2.


External Router Configuration


External Router: Advantages and DisadvantagesAdvantages: Works with any switch, since

Layer 3 services are not required on the switch.

Implementation is simple. The router provides

communication between VLANs.

Disadvantages: The router is a single point of

failure. Single traffic path may

become congested. Latency may be introduced

as frames leave and reenter the switch chassis multiple times, and the router makes software-based routing decisions.


Routed vs. Switched Campus Architecture When switching was fast and routing was slow, campus networks

were switched. Today routing is almost as fast as switching; routing solves Layer

2 loops issues and helps isolated VLANs. Switches require IP addresses.


Switch Virtual InterfacesRouters use interfaces or subinterfaces to interconnect multiple VLANs.

Multilayer switches use SVIs for routing between VLANs.


Configuration of Inter-VLAN Routing on a Multilayer SwitchBasic tasks: Identify which VLANs require a Layer 3 gateway. Create a VLAN on multilayer switch if it does not already exist. Create an SVI interface for each VLAN. Configure the SVI interface with an IP address. Enable the SVI interface. Enable IP routing on the multilayer switch. Determine whether a dynamic routing protocol is needed. Configure a dynamic routing protocol if needed. Identify any switch ports that require autostate exclude. Configure autostate exclude on identified switch ports.


SVI Configuration Enable IP routing. Configure an SVI for each

VLAN. Configure an IP address. Enable the SVI. Configure the routing

protocol.

switch(config)# ip routingswitch(config)# interface vlan10switch(config-if)# ip address 10.1.10.1 255.255.255.0switch(config-if)# no shutdownswitch(config)# interface vlan20 switch(config-if)# ip address 10.1.20.1 255.255.255.0switch(config-if)# no shutdown


SVI autostate exclude CommandThe line state of an SVI is in the up state when: The VLAN exists and is active in the VLAN database on the

switch The VLAN interface exists and is not administratively down At least one Layer 2 (access or trunk) port exists, has a link in the

up state on this VLAN, and is in the spanning-tree forwarding state on the VLAN

SVI autostate exclude can be used to remove a port from line-state up-and-down calculation.

switch(config)# interface fastethernet 0/24switch(config-if)# switchport auto-state exclude


Routed Ports on a Multilayer Switch Physical switch port with

Layer 3 capability Not associated with any

VLAN Requires removal of Layer 2

port functionality Configured like a router

interface but does not support VLAN subinterfaces

Used when a switch has one port per VLAN or subnet only

Useful for point-to-point Layer 3 switch links


Configuration of a Routed Interface Enable IP routing. Disable Layer 2 processing on interface. Configure IP address.


Layer 2 EtherChannel vs. Layer 3 EtherChannel Layer 2 EtherChannel

bundles access or trunk ports between switches or other devices (e.g., servers).

Layer 3 EtherChannel bundles routed ports between switches.


Configuration of Layer 3 EtherChannelThe no switchport command is applied both on the physical ports and on the EtherChannel interface.


Verification of SVIs and Routed Interfaces

switch# show ip interface fastethernet0/24FastEthernet0/24 is up, line protocol is up Internet address is 10.1.10.1/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined: 224.0.0.10 Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP CEF switching is enabled


Enable IP routing. Configure routing process. Disable auto-summary. Configure routed networks. Configure active interfaces. Configure summarization.

Routing Protocol Configuration


Verification of Routing Protocolswitch# show ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 13 subnets, 2 masksD 10.1.3.0/24 [90/28416] via 10.1.10.10, 08:09:49, Vlan10D 10.1.2.0/24 [90/28416] via 10.1.10.10, 08:09:49, Vlan10C 10.1.10.0/24 is directly connected, Vlan10


DHCP ServiceClients in access VLANs need DHCP service.DHCP service can be provided by the distribution switches, acting as gateways, or external DHCP server elsewhere in the network.


About DHCP


DHCP Configuration Configure DHCP pool with network,

mask, and other parameters. Configure excluded addresses. Pool is selected when DHCP request

is received from matching subnet.


DHCP with the ip helper Command Used if the DHCP server is not in

the same broadcast domain as the client.

Configure ip helper command on the incoming interface to forward DHCP requests via unicast to DHCP server.


Verification of the DHCP Operation

switch# debug ip dhcp server packetDHCPD: DHCPDISCOVER received from client 0100.1bd5.132a.d2 on interface Vlan6.DHCPD: Sending DHCPOFFER to client 0100.1bd5.132a.d2 (10.1.10.21).DHCPD: broadcasting BOOTREPLY to client 001b.d513.2ad2.DHCPD: DHCPREQUEST received from client 0100.1bd5.132a.d2.DHCPD: Sending DHCPACK to client 0100.1bd5.132a.d2 (10.1.10.21).DHCPD: broadcasting BOOTREPLY to client 001b.d513.2ad2.

switch# show ip dhcp bindingBindings from all pools not associated with VRF:IP address Client-ID/ Lease expiration Type Hardware address/ User name10.1.10.21 0100.1bd5.132a.d2 Jun 25 2009 06:09 AM Automatic 10.1.10.22 0100.4096.a46a.90 Jun 25 2009 09:40 AM Automatic10.1.10.23 0100.4096.aa98.95 Jun 25 2009 11:28 AM Automatic


Summary Inter-VLAN communication requires a Layer 3 device; an external

router can perform this function. SVI is a virtual interface providing Layer 3 processing for a

particular VLAN, similar to what a router interface does. To be active, the SVI number must match an existing VLAN on

the local switch. A routed interface has Layer 3 functionality. SVIs and routed interfaces are verified using the same

commands. On multilayer switches, you can aggregate Layer 3 links using

Layer 3 EtherChannels. Once you have configured a Layer 3 interface, you can enable

routing. DHCP functions can be configured with Cisco IOS Software.

implementing inter-vlan routing

Documents

switch v1

cisco systems

identified switch ports

svi interface

today routing

switchthe vlan interface

vlan database

router physical interface