Home > InterVLAN Routing Tutorial

InterVLAN Routing Tutorial

February 22nd, 2012 Go to comments

In the previous VLAN tutorial we learned how to use VLAN to segment the network and create “logical” broadcast domains. In this tutorial we will learn about InterVLAN Routing.

What is InterVLAN routing?

As we learned, devices within a VLAN can communicate with each other without the need of Layer 3 routing. But devices in separate VLANs require a Layer 3 routing device to communicate with one another. For example, in the topology below host A and B can communicate with each other without a router in the same VLAN 10; host C and D can communicate in the same VLAN 20. But host A can’t communicate with host C or D because they are in different VLANs.

InterVLAN_no_router.jpg

To allow hosts in different VLANs communicate with each other, we need a Layer 3 device (like a router) for routing:

InterVLAN_traditional_routing.jpg

The routing traffic from one VLAN to another VLAN is called InterVLAN routing.

Now host A can communicate with host C or D easily. Now let’s see how the traffic is sent from host A to host D. First, host A knows the destination host is in a different VLAN so it sends traffic to its default gateway (on the router) through the switch. The switch tags the frame as originating on VLAN 10 and forwards to the router. In turn, the router makes routing decision from VLAN 10 to VLAN 20 and sends back that traffic to the switch, where it is forwarded out to host D.

InterVLAN_sticky_router_traffic_flow_2_interfaces.jpg

Notice that the routing decision to another VLAN is done by the router, not the switch. When frames leave the router (step 3 in the picture above), they are tagged with VLAN 20.

Also notice that receiving ends (host A & D in this case) are unaware of any VLAN information. Switch attaches VLAN information when receiving frames from host A and removes VLAN information before forwarding to host D.

But there is one disadvantage in the topology above: for each VLAN we need a physical connection from the router to the switch but in practical, the interfaces of the router are very limited. To overcome this problem, we can create many logical interfaces in one physical interface. For example from a physical interface fa0/0 we can create many sub-interfaces like fa0/0.0, fa0/0.1 … Now this router is often called “router on a stick” (maybe because there is only one physical link connecting from router so it looks like a router on a stick ^^)

InterVLAN_sticky_router.jpg

The router treats each sub-interface as a separate physical interface in routing decisions -> data can be sent and received in the same physical interface (but different sub-interfaces) without being dropped by the split-horizon rule in the case you want to send routing updates through the router from one VLAN to another.

InterVLAN_sticky_router_traffic_flow.jpg

Configuring InterVLAN routing

Now you understand how InterVLAN works. To accomplish InterVLAN routing, some configuration must be implemented on both router and switch. Let’s see what actions need to be completed when we want to configure InterVLAN in “router on a stick” model using the above topology.

+ The switch port connected to the router interface must be configured as trunk port.
+ The router sub-interfaces must be running a trunking protocol. Two popular trunking protocols in CCNA are 802.1q (open standard) and InterSwitch Link (ISL, a Cisco propriety protocol).
+ Set IP address on each sub-interface.

InterVLAN_configuration_topology.jpg

To help you understand more clearly about InterVLAN, the main configuration of router & switch are shown below:

Configure trunk port on switch:

Switch(config)#interface f0/0
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode trunk

Create sub-interfaces, set 802.1Q trunking protocol and ip address on each sub-interface

Router(config)#interface f0/0
Router(config-if)#no shutdown

(Note: The main interface f0/0 doesn’t need an IP address but it must be turned on)

Router(config)#interface f0/0.0
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.1.1 255.255.255.0
Router(config-subif)#interface f0/0.1
Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip address 192.168.2.1 255.255.255.0

(Note: In the “encapsulation dot1q 10” command, 10 is the VLAN ID this interface operates in)

I also list the full configuration of the above topology for your reference:

Configure VLAN

Switch(config)#vlan 10
Switch(config-vlan)#name SALES
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name TECH

Set ports to access mode & assign ports to VLAN

Switch(config)#interface range fa0/1-2
Switch(config-if)#no shutdown
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)#interface range fa0/3-4
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode access
Switch(config-if)# switchport access vlan 20

In practical, we often use a Layer 3 switch instead of a switch and a “router on the stick”, this helps reduce the complexity of the topology and cost.

InterVLAN_Switch_Layer3.jpg

Note: With this topology, we don’t need to use a trunking protocol and the “switchport mode trunk” command. The full configuration of Layer 3 switch is listed below:

Switch configuration

ip routing
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access

interface Vlan10
ip address 192.168.10.1 255.255.255.0
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0

And on hosts just assign IP addresses and default gateways (to the corresponding interface VLANs) -> hosts in different VLANs can communicate.

In summary, InterVLAN routing is used to permit devices on separate VLANs to communicate. In this tutorial you need to remember these important terms:

+ Router-on-a-stick: single physical interface routes traffic between multiple VLANs on a network.
+ Subinterfaces are multiple virtual interfaces, associated with one physical interface. These subinterfaces are configured in software on a router that is independently configured with an IP address and VLAN assignment.

Comments (32) Comments
Comment pages
1 2 1061
  1. ahsan
    December 28th, 2015

    any one please forward me the latest Dumps for ccna 200-120
    thanks
    {email not allowed}

  2. Jamal MOhamed
    January 30th, 2016

    thank you for helping us

    this is really good job

  3. dip
    February 3rd, 2016

    sir, in a big network more than one l3 switch are then how to communicate

  4. Anonymous
    February 5th, 2016

    Does router-on-a-stick method drop untagged traffic on its trunk port like a switch trunk port does

  5. Anonymous
    March 17th, 2016

    Hi Anonymous. If there is no native vlan in a switch, yes, the untagged traffic will be dropped.

  6. Anonymous
    March 27th, 2016

    nice explaination

  7. Suricate35
    April 20th, 2016

    Clear, concise, with nice schemas = easy to understand. Many thanks !

  8. kotomoto
    April 20th, 2016

    how we can apply router on stick with extended ACL?

  9. mbm
    April 28th, 2016

    Thanks 9tut

  10. Anonymous
    May 19th, 2016

    Hi anonymous. If there is no native vlan in a switch, yes , the untagged traffic will be dropped.

  11. Anonymous
    May 19th, 2016

    use the command prompet

  12. irigyel
    May 23rd, 2016

    i think the native vlan command is missing. i also tried this configuration but different vlans cant communicate to each other. but then i put native vlans on both ends and it works. i set my vlan 10 as native. here’s the command

    Router(config)# int fa0/1.1
    Router(config-if)#encapsulation dot1q 10 native

    Switch(config-if)#switchport native vlan 10

  13. the boss
    July 4th, 2016

    i think here the native vlan is not necessary

  14. Ibrahim Miah
    August 13th, 2016

    This tutorial is definitely very helpful for us..
    Thanks

  15. Rej
    August 28th, 2016

    If we add another two vlan to this topology, for example vlan 30 (for Pc) and vlan 40( for webserver).
    Vlan 40 wants to talk only vlan 40
    Vlan 30 wants to talk to all vlans.

    How can we configure this? Looking forward for your advise

  16. 9tut
    August 29th, 2016

    @Rej: In this case Vlan 40 can communicate to Vlan 30 so your request should be understand like this:
    Vlan 40 wants to talk only vlan 30,40
    Vlan 30 wants to talk to all vlans.
    InterVlan cannot fully fulfill your request. In practical we should filter traffic based on IP at Layer 3 (with Access-list). VLAN should only be used to separate traffic on different Vlan.
    Another way to do this in Layer 2 is Private VLAN. Configure ports in Vlan 30 as promiscuous ports and Vlan 40 ports in Community ports.

  17. Rej
    August 29th, 2016

    Thank you :)

  18. Obieizy
    October 3rd, 2016

    in a process where there is vlan 10,20,30,40,50 can clan 20 communicate with all vlans.?

  19. jack
    October 9th, 2016

    Someone please send me latest dumps for 200-125
    {email not allowed}

  20. JAAH
    October 28th, 2016

    Thank you for your help. What you are doing is a great service to mankind because it is helping us to progress in our education and life.

    Since I cannot thank you enough, I pray to God to bless you and grant you more progress in whatever you do.

  21. theshi
    November 15th, 2016

    sir im not familiar wth configurations on spanning tree protocol and RSTP

  22. Anonymous
    November 18th, 2016

    LAYER 3 SWITCH, WHI IS ONLY FA0/1 AND FA0/2 CONFIGURED

  23. meu
    December 3rd, 2016

    this is very helpful

  24. john
    December 22nd, 2016

    please correction for command line in router with int f0/0.0

  25. ezhil
    December 29th, 2016

    In inter vlan, we are using same network or different network.Like vlan 2,3,4,5 etc are comes under same network or different network.

  26. ezhil
    December 29th, 2016

    In this example vlan 10 using 192.168.10.0 and vlan using 192.168.20.0 then what is the vlan.

    concept of vlan,logical broadcast domain which is derived from physical broadcast domain.

    pls clear me

  27. ezhil
    December 29th, 2016

    correct me if i am wrong

  28. MD.NAZMUS SAKIB
    January 25th, 2017

    what is the router commant that a router stand on two stick?????

  29. Anonymous
    February 11th, 2017

    What is inter VLAN routing defination properly ????

  30. como investir no tesouro direto bradesco
    March 2nd, 2017

    Do lado do Tesouro Рátrio, é possível qսe ter maior interesse ᥱm vender certos tipos
    ɗe títulos em momentos Ԁe crise օu instabilidade política oս ainda pode-se aspirar alçar maiѕ grandes recursos ρara limitado օu longo prazo. http://s499686891.mialojamiento.es/index.php/component/k2/itemlist/user/106696

  31. Anonymous
    August 7th, 2017

    Cool stuff

  32. Diego
    December 5th, 2017

    Passed today, the 552q dumps are still valid. You can find them here https://drive.google.com/open?id=0B5mAFqgydmCzc3BmR214LWFuTDg

Comment pages
1 2 1061
Add a Comment