INTER-VLAN ROUTING

Introduction to Inter-VLAN
After knowing how to configure VLANs on a network switch, the next step is to allow devices connected
to the various VLANs to communicate with each other. You learned that each VLAN is a unique broadcast
domain, so computers on separate VLANs are, by default, not able to communicate. There is a way to
permit these end stations to communicate; it is
called inter-VLAN routing.
Inter-VLAN routing as a process of forwarding
network traffic from one VLAN to another VLAN
using a router. VLANs are associated with unique IP
subnets on the network. This subnet configuration
facilitates the routing process in a multi-VLAN
environment. When using a router to facilitate interVLAN routing, the router interfaces can be connected
to separate VLANs. Devices on those VLANs send
traffic through the router to reach other VLANs.

Traditionally, LAN routing has used routers with multiple physical interfaces. Each interface needed to be
connected to a separate network and configured for a different subnet.

In this example, the router was configured with two separate physical interfaces to interact with the
different VLANs and perform the routing.

Switch S1 Ports
F0/6: VLAN 10
F0/5: VLAN 30
Switch S2 Ports
F0/11: VLAN 10
F0/18: VLAN 20
F0/6 : VLAN 30
F0/1 F0/4: Trunk

INTER-VLAN ROUTING
Traditional inter-VLAN routing requires multiple physical interfaces on both the router and the switch.
However, not all inter-VLAN routing configurations require multiple physical interfaces. Some router
software permits configuring router interfaces as trunk links. This opens up new possibilities for interVLAN routing.
"Router-on-a-stick" is a type of router configuration in which a single physical interface routes traffic
between multiple VLANs on a network.
The router interface is configured to operate as a trunk link and is connected to a switch port configured
in trunk mode. The router performs the inter-VLAN routing by accepting VLAN tagged traffic on the trunk
interface coming from the adjacent switch and internally routing between the VLANs using subinterfaces.
The router then forwards the routed traffic-VLAN tagged for the destination VLAN-out the same physical
interface.
Subinterfaces are multiple virtual interfaces, associated with one physical interface. These subinterfaces
are configured in software on a router that is independently configured with an IP address and VLAN
assignment to operate on a specific VLAN.
Router-on-a-stick
R1 Subinterfaces
F0/0.10: 172.17.10.1
F0/0.20: 172.17.20.1
F0/0.30: 172.17.30.1

Switch S1 Ports
F0/1 F0/5: Trunk
Switch S2 Ports
F0/11: VLAN 10
F0/18: VLAN 20
F0/6 : VLAN 30
F0/1 F0/4: Trunk

Some switches can perform Layer 3 functions, replacing the need for dedicated routers to perform basic
routing on a network. Multilayer switches are capable of performing inter-VLAN routing.

INTER-VLAN ROUTING
Switch-based inter-VLAN routing

S1 VLAN interfaces
VLAN10: 172.17.10.1
VLAN20: 172.17.20.1
VLAN30: 172.17.30.1
Switch S1 Ports
F0/1 F0/4: Trunk
Switch S2 Ports
F0/11: VLAN 10
F0/18: VLAN 20
F0/6 : VLAN 30
F0/1 F0/4: Trunk
To enable a multilayer switch to perform routing functions, VLAN interfaces on the switch need to be
configured with the appropriate IP addresses that match the subnet that the VLAN is associated with on
the network. The multilayer switch also must have IP routing enabled.

Interfaces and Subinterfaces

Using the Router as a Gateway
Traditional routing requires routers to have multiple physical interfaces to facilitate inter-VLAN routing.
The router accomplishes the routing by having each of its physical interfaces connected to a unique VLAN.
Each interface is also configured with an IP address for the subnet associated with the particular VLAN
that it is connected to. By configuring the IP addresses on the physical interfaces, network devices
connected to each of the VLANs can communicate with the router using the physical interface connected
to the same VLAN. In this configuration, network devices can use the router as a gateway to access the
devices connected to the other VLANs.
The routing process requires the source device to determine if the destination device is local or remote
to the local subnet. The source device accomplishes this by comparing the source and destination
addresses against the subnet mask. Once the destination address has been determined to be on a remote
network, the source device has to identify where it needs to forward the packet to reach the destination
device. The source device examines the local routing table to determine where it needs to send the data.

INTER-VLAN ROUTING
Traditional routing:

Switch S1 Ports
F0/6: VLAN 10
F0/5: VLAN 30
F0/1 F0/4: Trunk
Switch S2 Ports
F0/11: VLAN 10
F0/18: VLAN 20
F0/6: VLAN 30
F0/1 F0/4 Trunk

Even though there are many steps in the process of inter-VLAN routing when two devices on different
VLANs communicate through a router, the entire process happens in a fraction of a second.

Interface Configuration
Example of router interfaces being configured.

Router interfaces are configured similarly to configuring VLAN interfaces on switches. In global
configuration mode, switch to interface configuration mode for the specific interface you want to
configure.

INTER-VLAN ROUTING
Routing Table
Example of a routing table on a Cisco router.

Traditional inter-VLAN routing using physical interfaces does have a limitation. As the number of VLANs
increases on a network, the physical approach of having one router interface per VLAN quickly becomes
hindered by the physical hardware limitations of a router. Routers have a limited number of physical
interfaces that they can use to connect to different VLANs. Large networks with many VLANs must use
VLAN trunking to assign multiple VLANs to a single router interface to work within the hardware
constraints of dedicated routers.
To overcome the hardware limitations of inter-VLAN routing based on router physical interfaces, virtual
subinterfaces and trunk links are used, as in the router-on-a-stick. This is useful when performing interVLAN routing on networks with multiple VLANs and few router physical interfaces.
When configuring inter-VLAN routing using the router-on-a-stick model, the physical interface of the
router must be connected to a trunk link on the adjacent switch. Subinterfaces are created for each
unique VLAN/subnet on the network. Each subinterface is assigned an IP address specific to the subnet
that it will be part of and configured to VLAN tag frames for the VLAN that the interface is to interact
with. That way, the router can keep the traffic from each subinterface separated as it traverses the trunk
link back to the switch.
Functionally, the router-on-a-stick model for inter-VLAN routing is the same as using the traditional
routing model, but instead of using the physical interfaces to perform the routing, subinterfaces of a
single interface are used.

INTER-VLAN ROUTING
How subinterfaces are used to route between VLANs?

Subinterface Configuration
Configuring router subinterfaces is similar to configuring physical interfaces, except that you need to
create the subinterface and assign it to a VLAN.
1. Create the router subinterface by entering the interface f0/0.10 command in global
configuration mode.
2. Configured the subinterface to operate on a specific VLAN using the encapsulation dot1q vlan id
command.
3. Assign the address using the ip address ip-address net-mask command to the subinterface to
the appropriate IP address for that VLAN.

INTER-VLAN ROUTING
Subinterfaces are not enabled with the no shutdown command at the subinterface configuration mode
level of the Cisco IOS software. Instead, when the physical interface is enabled with the no shutdown
command, all the configured subinterfaces are enabled.

Router Table Output

The routes defined in the routing table indicate that they are associated with specific subinterfaces,
rather than separate physical interfaces.
Both physical interfaces and subinterfaces are used to perform inter-VLAN routing. There are
advantages and disadvantage to each method.
Port Limits
Physical interfaces are configured to have one interface per VLAN on the network. On networks with
many VLANs, using a single router to perform inter-VLAN routing is not possible.
Subinterfaces allow a router to scale to accommodate more VLANs than the physical interfaces permit.
Inter-VLAN routing in large environments with many VLANs can usually be better accommodated by
using a single physical interface with many subinterfaces.
Performance
Because there is no contention for bandwidth on separate physical interfaces, physical interfaces have
better performance when compared to using subinterfaces.
When subinterfaces are used for inter-VLAN routing, the traffic being routed competes for bandwidth
on the single physical interface.
Access Ports and Trunk Ports
Connecting physical interfaces for inter-VLAN routing requires that the switch ports be configured as
access ports. Subinterfaces require the switch port to be configured as a trunk port so that it can accept
VLAN tagged traffic on the trunk link.

INTER-VLAN ROUTING
Cost
It is more cost-effective to use subinterfaces over separate physical interfaces.
Complexity
Using subinterfaces for inter-VLAN routing results in a less complex physical configuration than using
separate physical interfaces, because there are fewer physical network cables interconnecting the
router to the switch.
On the other hand, using subinterfaces with a trunk port results in a more complex software
configuration, which can be difficult to troubleshoot.
Router Interface and Subinterface Comparison

Configure Inter-VLAN Routing

Before configuring the router, configure the switch that it will be connected to.

Example of Traditional Inter-VLAN Routing

INTER-VLAN ROUTING

After the VLANs have been created, they are assigned to the switch ports that the router will be
connecting to.
Finally, to protect the configuration so that it is not lost after a reload of the switch, the copy runningconfig startup-config command is executed in privileged EXEC mode to back up the running
configuration to the startup configuration.
Sample Router Interface Configuration

Next, the router can be configured to perform the inter-VLAN routing.

Each interface is configured with an IP address using the ip address ip_address subnet_mask command
in interface configuration mode.
The process is repeated for all router interfaces.
By default, Cisco routers are configured to route traffic between the local interfaces. As a result, routing
does not specifically need to be enabled. However, if multiple routers are being configured to perform
inter-VLAN routing, you may want to enable a dynamic routing protocol to simplify routing table
management.

INTER-VLAN ROUTING

Routing Table
Examine the routing table using the show ip route privileged EXEC mode command.

Sample router configuration.

INTER-VLAN ROUTING
Verify Router Configuration
To verify the router configuration, use the show running-config privileged EXEC mode command.

Configure Router-on-a-Stick Inter-VLAN Routing

Before configuring the router, configure the switch that it will be connected to.
Finally, to protect the configuration so that it is not lost after a reload of the switch, the copy runningconfig startup-config command is executed in privileged EXEC mode to back up the running
configuration to the startup configuration.

Router Configuration
The router can be configured to perform the inter-VLAN routing.
The configuration of multiple subinterfaces is different than when physical interfaces are used.
Each subinterface is created using the interface interface_id.Subinterface_id global configuration mode
command. After the subinterface has been created, the VLAN ID is assigned using the encapsulation
dot1q vlan_id subinterface configuration mode command.
Next, assign the IP address for the subinterface using the ip address ip_address subnet_mask
subinterface configuration mode command.
This process is repeated for all the router subinterfaces that are needed to route between the VLANs
configured on the network. Each router subinterface needs to be assigned an IP address on a unique
subnet for routing to occur.
Once all subinterfaces have been configured on the router physical interface, the physical interface is
enabled.
By default, Cisco routers are configured to route traffic between the local subinterfaces. As a result,
routing does not specifically need to be enabled.

Routing Table
Next, examine the routing table using the show ip route command from privileged EXEC mode.
Verify Router Configuration
To verify the router configuration, use the show running-config command in privileged EXEC mode. The
show running-config command displays the current operating configuration of the router. Notice which
IP addresses have been configured for each router subinterface, as well as whether the physical
interface has been left disabled or enabled using the no shutdown command.

INTER-VLAN ROUTING
After the router and switch have been configured to perform the inter-VLAN routing, the next step is to
verify that the router is functioning correctly. You can test access to devices on remote VLANs using the
ping command.
The Ping Test
The ping command sends an ICMP echo request to the destination address. When a host receives an
ICMP echo request, it responds with an ICMP echo reply to confirm that it received the ICMP echo
request. The ping command calculates the elapsed time using the difference between the time the ping
was sent and the time the echo reply was received. This elapsed time is used to determine the latency of
the connection. Successfully receiving a reply confirms that there is a path between the sending device
and the receiving device.
The Tracert Test
Tracert is a useful utility for confirming the routed path taken between two devices. Tracert also uses
ICMP to determine the path taken, but it uses ICMP echo requests with specific time-to-live values
defined on the frame.
The time-to-live value determines exactly how many router hops away the ICMP echo is allowed to
reach. The first ICMP echo request is sent with a time-to-live value set to expire at the first router on
route to the destination device.

Troubleshooting Inter-VLAN Routing

Switch Configuration Issues
Switch Cisco IOS Commands
Router Configuration Issues
IP Addressing Issues
PC IP Addressing Issue