Chapter 4 - Implementing Inter-VLAN Routing Objectives

Configure inter-VLAN routing on a router to enable communications between end-user devices on separate VLANs Configure CEF-based Multi-layer switching Troubleshoot common inter-VLAN connectivity issues.

Chapter 4

Inter-VLAN Routing
Link to VLAN 10 Link to VLAN 20 Link to VLAN 30 S3
Fa0/3 Fa0/1 Fa0/2 Fa0/4 Fa0/2 Fa0/1 Fa0/11 Fa0/18 Fa0/3 Fa0/4 Fa0/6 Fa0/1 Fa0/2 Fa0/3 Fa0/4

R1

S1

Inter-VLAN routing can be performed by connecting different physical router interfaces to different physical switch ports. The switch ports connect to the router in access mode, and different static VLANs are assigned to each port interface.

S2

PC1 172.17.10.21/24 (VLAN 10)

Computer

PC2 172.17.20.22/24 (VLAN 20)

Computer

PC3 172.17.30.23/24 (VLAN 30)

Computer

Each switch interface would be assigned to a different static VLAN. Each router interface can then accept traffic from the VLAN associated with the switch interface that it is connected to, and traffic can be routed to the other VLANs connected to the other interfaces.
Chapter 4
2

"Router-on-a-stick" is a type of router configuration in which a single physical interface routes traffic between multiple VLANs on a network.

Router-on-a -Stick
R1
Fa0/0

R1 - Fa0/0 Sub-interfaces

S3
Fa0/3

Fa0/1 Fa0/2 Fa0/4 Fa0/2 Fa0/1 Fa0/11 Fa0/18

Fa0/1 Fa0/2 Fa0/3 Fa0/3 Fa0/4 Fa0/6

S1
Fa0/4

Fa0/0.10 172.17.10.1 Default Gateway to VLAN 10 Fa0/0.20 172.17.20.1 Default Gateway to VLAN 20 Fa0/0.30 172.17.30.1 Default Gateway to VLAN 30

S2

PC1 172.17.10.21/24 (VLAN 10)

Computer

PC2 172.17.20.22/24 (VLAN 20)

Computer

PC3 172.17.30.23/24 (VLAN 30)

Computer

Sub-interfaces are multiple virtual interfaces, associated with one physical interface. These sub-interfaces are configured with an IP address and VLAN assignment to operate on a specific VLAN. Sub-interfaces are configured for different subnets corresponding to their VLAN assignment to allow logical routing before data frames are VLAN tagged and sent back out the physical interface.
Chapter 4
3

Sub-Interface Configuration
Fa0/0.10 172.17.10.1/24 Fa0/0.30 172.17.30.1/24

R1

S3
Fa0/3

Fa0/1 Fa0/2 Fa0/4 Fa0/2 Fa0/1 Fa0/11 Fa0/18

Fa0/1 Fa0/2 Fa0/3 Fa0/3 Fa0/4 Fa0/6

S1
Fa0/4

Fa0/5

Configure Router Interfaces

S2

PC1 172.17.10.21/24 (VLAN 10)

Computer

PC2 172.17.20.22/24 (VLAN 20)

Computer

PC3 172.17.30.23/24 (VLAN 30)

Computer

To avoid confusion, name the subinterface after the VLAN to which it is attached e.g. Fa0/0.10 is connected to VLAN 10
Chapter 4
4

Sub-Interface Configuration
Fa0/0.10 172.17.10.1/24 Fa0/0.30 172.17.30.1/24

R1

S3
Fa0/3

Fa0/1 Fa0/2 Fa0/4 Fa0/2 Fa0/1 Fa0/11 Fa0/18

Fa0/1 Fa0/2 Fa0/3 Fa0/3 Fa0/4 Fa0/6

S1
Fa0/4

Fa0/5

S2

S1 Fa0/5 must be configured as a trunk to allow it to carry tagged data from multiple VLANs
Computer

PC1 172.17.10.21/24 (VLAN 10)

Computer

PC2 172.17.20.22/24 (VLAN 20)

Computer

PC3 172.17.30.23/24 (VLAN 30)

Chapter 4

Interface and Sub-Interface Comparison

Chapter 4

Layer-3 Switch
S1 VLAN Interfaces S3
Fa0/1 Fa0/2 Fa0/3 Fa0/4 Fa0/2 Fa0/1 Fa0/11 Fa0/18 Fa0/3 Fa0/4 Fa0/6 Fa0/1 Fa0/2 Fa0/3 Fa0/4

S1

172.17.10.1 Default Gateway to VLAN 10 172.17.20.1 Default Gateway to VLAN 20 172.17.30.1 Default Gateway to VLAN 30

S2

Some switches can perform Layer 3 functions, replacing the need for dedicated routers to perform basic routing on a network.
Computer

PC1 172.17.10.21/24 (VLAN 10)

Computer

PC2 172.17.20.22/24 (VLAN 20)

Computer

PC3 172.17.30.23/24 (VLAN 30)

Multilayer switches are capable of performing inter-VLAN routing.

To enable a multilayer switch to perform routing functions, VLAN interfaces on the switch need to be configured with the appropriate IP addresses that match the subnet that the VLAN is associated with on the network. The multilayer switch also must have IP routing enabled.
Chapter 4
7

Connecting VLANs Using L3 Switch

Switch Virtual Interface (SVI) is a logical interface configured for a specific VLAN, and is used by layer 3 switches to route between VLANs or to provide IP host connectivity to a switch.
A Layer 3 switch has the ability to route transmissions between VLANs.

SVI VLAN99
Management VLAN 99 172.17.99.10/24

SVI VLAN30 SVI VLAN20

Computer

Fa0/1
Student VLAN 20 172.17.20.22/24 Guest VLAN 30 172.17.30.23/24

The process is the same as when using a separate router, except that the Layer 3 Switch SVIs act as the router interfaces for routing the Fa0/3 data between VLANs.
Fa0/18
Computer

Fa0/18
Computer

Fa0/1 Fa0/3

Student VLAN 20 172.17.20.25/24 Guest VLAN 30 172.17.30.26/24

Computer

Fa0/6

Fa0/6

Computer

Chapter 4

Layer-3 Switch SVI Configuration

Configure SVI Addresses:
S1(config)#int vlan 10 S1(config-if)#ip add 172.17.10.1 255.255.255.0 S1(config-if)#int vlan 20 S1(config-if)#ip add 172.17.20.1 255.255.255.0 S1(config-if)#int vlan 30 S1(config-if)#ip add 172.17.30.1 255.255.255.0

S3
Fa0/1 Fa0/2 Fa0/3 Fa0/4 Fa0/2 Fa0/1 Fa0/11 Fa0/18 Fa0/3 Fa0/4 Fa0/6 Fa0/1 Fa0/2 Fa0/3

S1

Fa0/4

S2

Configure Routing:
Computer

PC1 172.17.10.21/24 (VLAN 10)

Computer

PC2 172.17.20.22/24 (VLAN 20)

Computer

PC3 172.17.30.23/24 (VLAN 30)

S1(config)#ip routing S1(config)#exit S1#sh ip route 172.17.0.0/24 is subnetted, 3 subnets C 172.17.10.0 is directly connected, Vlan10 C 172.17.20.0 is directly connected, Vlan20 C 172.17.30.0 is directly connected, Vlan30

Chapter 4

Layer-3 Switch Routed Port Configuration

R1
S3
Fa0/1 Fa0/2 Fa0/3 Fa0/4 Fa0/2 Fa0/1 Fa0/11 Fa0/18 Fa0/3 Fa0/4 Fa0/6 Fa0/1 Fa0/2 Fa0/3 Fa0/4

Fa0/0 172.17.40.1/30
Fa0/5 172.17.40.2/30

S1

Configure Routed Port:

S1(config)#int fa0/5 S1(config-if)#no switchport S1(config-if)#ip add 172.17.40.2 255.255.255.0 S1(config-if)#no sh S1(config-if)#exit S1(config)#router eigrp 1 S1(config-router)#network 172.17.40.0 0.0.0.3

S2

PC1 172.17.10.21/24 (VLAN 10)

Computer

A routed port has the following characteristics and functions: Physical switch port with Layer 3 capability Not associated with any VLAN Serves as the default gateway for devices out that switch port Layer 2 port functionality must be removed before it can be Chapter 4 configured

PC2 172.17.20.22/24 (VLAN 20)

Computer

PC3 172.17.30.23/24 (VLAN 30)

Computer

10

Layer 3 Switch Processing

Layer 3 switching software employs a distributed architecture in which the control path and data path are relatively independent. The control path code, such as routing protocols, runs on the route processor, whereas most of the data packets are forwarded by the Ethernet interface module and the switching fabric.
Layer 3 switching uses one of these two methods, depending on the platform: Route caching: Also known as flow-based or demand-based switching, a Layer 3 route cache is built in hardware, since the switch sees traffic flow into the switch. Topology-based: Information from the routing table is used to populate the route cache regardless of traffic flow. The populated route cache is called the forwarding information base (FIB). CEF builds the FIB.

Chapter 4

11

Multilayer Switch Packet Forwarding Process

CEF expediently switches data packets to their destination. It caches information generated by the Layer 3 routing engine.

CEF caches routing information in the Forwarding Information Base (FIB), and caches Layer 2 next-hop addresses for all FIB entries in an adjacency table.
Because CEF maintains multiple tables for forwarding information, parallel paths can exist and enable CEF to load balance per packet. Chapter 4 12

Multilayer Switch Packet Forwarding Process

When traffic cannot be processed in hardware, the traffic must receive processing in software by the Layer 3 engine. A number of different packet types may force the Layer 3 engine to process them: 1. IP packets that use IP header options. (Packets that use TCP header options are switched in hardware because they do not affect the forwarding decision.) 2. Packets that have an expiring IP Time to Live (TTL) counter. 3. Packets that are forwarded to a tunnel interface. 4. Packets that arrive with non-supported encapsulation types. 5. Packets that are routed to an interface with nonsupported encapsulation types. 6. Packets that exceed the maximum transmission unit (MTU) of an output interface and must be fragmented.

Chapter 4

13

CEF Based MLS switching

ARP Throttling (2 seconds)

ARP x 1

Chapter 4

14

Configure & Verify CEF

Configure CEF: S1 (conf)#ip cef S1 (conf-if)#ip route-cache cef Verify CEF:

S1#sh ip cef S1#sh ip cef fa0/1 detail S1#sh adjacency fa0/1 detail S1#show ip cef summary S1#show ip cef vlan 10
If CEF is enabled globally, it is automatically enabled on all interfaces as long as IP routing is enabled on the device. CEF can be enabled/disabled on a per interface basis. Cisco recommends that CEF be enabled on all Layer 3 interfaces.
Chapter 4
15

Any Questions?
Chapter 4
16