configuring inter vlan routing

Configuring Inter-VLAN Routing

by
Configuring Inter-VLAN Routing

By default, only hosts that are members of the same VLAN can communicate. To change this and allow inter-VLAN communication, you need a router or a layer 3 switch. I’m going to start with the router approach.

To support ISL or 802.1Q routing on a Fast Ethernet interface, the router’s interface is divided into logical interfaces one for each VLAN. These are called sub interfaces. From a fast Ethernet or Gigabit interface, you can set the interface to trunk with the encapsulation command.

ISR#config t
ISR(config)#int f0/0.1
ISR(config-subif)#encapsulation ?
Dot1Q IEEE 802.1Q virtual LAN
ISR(config-subif)#encapsulation dot1Q ?
<1-4094> IEEE 802.1Q VLAN ID

Notice that our 2811 routers (named ISR) only supports 802.1Q. we’d need an older-model router to run the ISL encapsulation, but why bother?

The sub interface number is only locally significant, so it doesn’t matter which sub interface numbers are configured on the router. Most of the time, we’ll configure a sub interface with the same numbers as the VLAN we want to route. It’s easy to remember that way since that sub interface number is used only for administrative purposes.

It’s really important that you understand that each VLAN is a separate subnet. True, I know they don’t have to be. But it really is a good idea to configure your VLANs as separate subnets, so just do that.

Now, we need to make sure you’re fully prepared to configure inter-VLAN routing, as well as determine the port IP addresses of hosts connected in a switched VLAN environment. And as always, it’s a good idea to be able to fix any problems that may arise. To set you up for success, let us give you a few examples.

First, start by looking at the picture below, and read the router and switch configuration within it. If you have read all our CCNA course article by far, you should be able to determine the IP addresses, masks, and default gateways of each of the hosts in the VLANs.

The next step after that is to figure out which subnets are being used. By looking at the router configuration in the picture, you can see that we’re using 192.168.1.64/26 with VLAN 1 and 192.168.1.128/27 with VLAN 10. And by looking at the switch configuration, you can see that ports 2 and 3 are in VLAN 1 and port 4 is in VLAN 10. This means that Host A and Host B are in VLAN 1 and Host C is in VLAN 10.

Configuring Inter-VLAN Routing

Here’s what the hosts’ IP addresses should be:

HostA: 192.168.1.66, 255.255.255.192, default gateway 192.168.1.65

HostB: 192.168.1.667, 255.255.255.192, default gateway 192.168.1.65

HostC: 192.168.1.130, 255.255.255.224, default gateway 192.168.1.129

The hosts could be any address in the range. We just choose the first IP address available after the default gateway address. That wasn’t so hard, was it?

Now again using the above picture, let’s go through the commands necessary to configure switch port 1 to establish a link with the router and provide inter-VLAN communication using the IEEE version for encapsulation. Keep in mind the commands can vary slightly depending on what type of switch you’re dealing with.

For a 2960 switch, use the following:

2960#config t
2960(config)#interface fa0/1
2960(config-if)#switchport mode trunk

As you already know, the 2960 switch can only run the 802.1Q encapsulation so there’s no need to specify it. You can’t anyway! For a 3560, it’s basically the same, but since it can run ISL and 802.1Q, you have to specify the trunking protocol you’re going to use.

Let’s take a look at the picture below, and see what we learn from it. This picture shows three VLANs, with two hosts in each of them.

Configuring Inter-VLAN Routing

The router in the picture is connected to the Fa0/1 switch port, and VLAN 2 is configured on port f0/6. Looking at the diagram, these are the things that Cisco expects you to know.

  • The router is connected to the switch using sub interfaces
  • The switch port connecting to the router is a trunk port
  • The switch ports connecting to the clients and the hub are access ports, not trunk ports.

The configuration of the switch would look something like this:

2960#config t
2960(config)#int f0/1
2960(config-if)#switchport mode trunk
2960(config-if)#int f0/2
2960(config-if)#switchp2960(config-if)#int f0/3ort access vlan 1
2960(config-if)#switchport access vlan 1
2960(config-if)#int f0/4
2960(config-if)#switchport access vlan 3
2960(config-if)#int f0/5
2960(config-if)#switchport access vlan 3
2960(config-if)#int f0/6
2960(config-if)#switchport access vlan 2

Before we configure the router, we need to design our logical network:

VLAN 1: 192.168.10.16/28

VLAN 2: 192.168.10.32/28

VLAN 3: 192.168.10.48/28

The configuration of the router would then look like this:

ISR#config t
ISR(config)#int f0/0
ISR(config-if)#no ip address
ISR(config-if)#no shutdown
ISR(config-if)#int f0/0.1
ISR(config-subif)#encapsulation dot1q 1
ISR(config-subif)#ip address 192.168.10.17 255.255.255.240
ISR(config-subif)#int f0/0.2
ISR(config-subif)#encapsulation dot1q 2
ISR(config-subif)#ip address 192.168.10.33 255.255.255.240
ISR(config-subif)#int f0/0.3
ISR(config-subif)#encapsulation dot1q 3
ISR(config-subif)#ip address 192.168.10.49 255.255.255.240

The hosts in each VLAN would be assigned an address from their subnet range, and the default gateway would be the IP address assigned to the router’s sub-interface in that VLAN.

Now, let’s take a look at another picture and see if you can determine the switch and router configurations without looking at the answer (no cheating!). the following picture shows a router connected to a 2960 switch with two VLANs. One host in each VLAN is assigned an IP address. What are your router and switch configurations based on these IP addresses?

Since the hosts don’t list a subnet mask, you have to look for the number of hosts used in each VLAN to figure out the block size. VLAN 1 has 85 hosts and VLAN2 has 115 hosts. Each of these will fit in a block size of 128, which is an a/25 mask, or 255.255.255.128.

Configuring Inter-VLAN Routing

you should know by now that the subnets are 0 and 128; the 0 subnet (VLAN 1) has a host range of 1126, and the 128 subnet (VLAN 2) has a range of 129254. You can almost be fooled since Host A has an IP address of 126, which makes it almost seem that Host A and B are in the same subnet, but they’re not, and you are way too smart by now to be fooled by this one!

Here is the switch configuration:

2960#config t
2960(config)#int f0/1
2960(config-if)#switchport mode trunk
 2960(config-if)#int f0/2
2960(config-if)#switchport access vlan 1
 2960(config-if)#int f0/3
2960(config-if)#switchport access vlan 2

Here is the router configuration:

ISR#config t
ISR(config)#int f0/0
ISR(config-if)#no ip address
ISR(config-if)#no shutdown
ISR(config-if)#int f0/0.1
ISR(config-subif)#encapsulation dot1q 1
ISR(config-subif)#ip address 172.16.10.1 255.255.255.128
ISR(config-subif)#int f0/0.2
ISR(config-subif)#encapsulation dot1q 2
ISR(config-subif)#ip address 172.16.10.154 255.255.255.128

We used the first address in the host range for VLAN 1 and the last address in the range for VLAN 2, but any address in the range would work. You just have to configure the host’s default gateway to whatever you make the router’s address.

Now, before we go on to the next example, we need to make sure you know how to set up the IP address on the switch. Since VLAN 1 is typically the administrative VLAN, we’ll use an IP address from that pool of addresses. Here’s how to set the IP address of the switch :

2960#config t
2960(config)#int vlan 1
2960(config-if)#ip address 172.16.10.2 255.255.255.128
2960(config-if)#no shutdown

Yes, you have to do a no shutdown on the VLAN interface. In the picture below, there are two VLANs. By looking at the router configuration, what’s the IP address, mask and default gateway of Host A? use the last IP address in the range for Host A’s address:

Configuring Inter-VLAN Routing
Router#config t
Router(config)#int f0/0
Router(config-if)#no ip address
Router(config-if)#no ip address
Router(config-if)#no shutdown
Router(config-if)#int f0/0.1
Router(config-subif)#encapsulation dot1q 1
Router(config-subif)#ip address 192.168.10.129 255.255.255.240
Router(config-subif)#int f0/0.2
Router(config-subif)# encapsulation dot1q 2
Router(config-subif)#ip address 192.168.10.46 255.255.255.240

If you really look carefully at the router configuration (the hostname in this picture is just the Router), there is a simple and quick answer. Both subnets are using a/28, or 255.255.255.240 mask, which is a block size of 16. The router’s address for VLAN 1 is in subnet 128. The next subnet is 144, so the broadcast address of VLAN 1 is 143 and the valid host range is 129142.

So the host address would be this:

IP address: 192.168.10.142

Mask: 255.255.255.240

Default Gateway: 192.168.10.129