Tuesday, July 21, 2009

Inter-Vlan Routing


Virtual LANs (VLANs) offer a method of dividing one physical network into multiple broadcast domains. Through VLAN we can get a sort of security like different VLAN members can not communicate with each other by default and we can do so if we allowed them to communicate and here we reduce broadcast domain. VLAN needs when we want to divide our clients so that it can not communicate with each other, one of the method is to connect them with separate switch so it will not communicate while in case of same switch all ports are member of VLAN 1 by default and members in same VLAN can communicate with each other but its not the healthy one solution so CISCO made life easy by describing the concept of VLAN where we can group our clients, so logically it will shows like they are connected to different switch and physically will be connected to same switch, now at times we want to communicate between these different VLAN’s so we can accomplish this task through three different methods namely Router on a Stick, Switch Virtual Interface (SVI) and Multi-Layer Switch (MLS). Here I am going to explain about the two methods.

1. Multi-Layer Switch (MLS)

Following steps should be taken in order to communicate between different VLAN’s. I took 3560 Cisco catalyst switch, two pc’s.

A): Take Cisco Catalyst 3560 switch and connect two pc to it, in my case I connect one pc to Fast Ethernet 0/1 and Fast Ethernet 0/2.

B): Create two VLAN namely VLAN-2 and VLAN-3.

ML-Switch (config) #vlan 2
ML-Switch (config-vlan) #
ML-Switch (config) #vlan 3
ML-Switch (config-vlan) #


C): NOTE: If we assign IP address now and later we make the interface member of VLAN so it will not allowed us to do so, the correct way is to assign the interface to the correct VLAN and then assign IP address to that interface and also assign addresses to the PC also.

ML-Switch (config-if) #interface fastethernet 0/1
ML-Switch (config-if) #switchport mode access
ML-Switch (config-if) #switchport access vlan 2

ML-Switch (config-if) #interface fastethernet 0/2
ML-Switch (config-if) #switchport mode access
ML-Switch (config-if) #switchport access vlan 3


The following command will tell the switch that you are no more switchport, now we can assign ip address to it.

ML-Switch (config-if) #interface fastethernet 0/1
ML-Switch (config-if) #no switchport
ML-Switch (config-if) #ip address 10.1.1.2 255.0.0.0
ML-Switch (config-if) #no shutdown


ML-Switch (config-if) #interface fastethernet 0/2
ML-Switch (config-if) #no switchport
ML-Switch (config-if) #ip address 20.1.1.2 255.0.0.0
ML-Switch (config-if) #no shutdown


Now to enable routing on the switch we have the following command.

ML-Switch (config-if) # ip routing

Make sure to give the switch interfaces addresses as a gateway on your pc’s, Now to check the communication between these two different VLAN,

PC_1 > ping 20.1.1.1
Pinging 20.1.1.1 with 32 bytes of data:

Reply from 20.1.1.1: bytes=32 time=62ms TTL=127
Reply from 20.1.1.1: bytes=32 time=62ms TTL=127
Reply from 20.1.1.1: bytes=32 time=62ms TTL=127
Reply from 20.1.1.1: bytes=32 time=62ms TTL=127

Ping statistics for 20.1.1.1:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 62ms, Maximum = 62ms, Average = 62ms



2. Router on a Stick

In this method we will need a router and switch (can be layer-2 switch) and two pc.

A): Connect router fastethernet 0/0 to switch fastethernet 0/1, PC-1 to switch fastethernet 0/2 and PC-2 to switch fastethernet 0/3.

B): Create two VLAN on switch and assign the interface to that VLAN.

Switch (config) #vlan 2
Switch (config-vlan) #
Switch (config) #vlan 3
Switch (config-vlan) #
Switch (config-if) #interface fastethernet 0/2
Switch (config-if) #switchport mode access
Switch (config-if) #switchport access vlan 2

Switch (config-if) #interface fastethernet 0/3
Switch (config-if) #switchport mode access
Switch (config-if) #switchport access vlan 3


C): Assign IP address on PC and Router fastethernet (I will be defining two sub-interfaces on router).

PC-1 IP address: 10.1.1.1
PC-2 IP address: 20.1.1.1

Router (config) #interface fastEthernet 0/0
Router (config-if) #no shutdown
Router (config-if) #exit


We will be defining trunk link between switch and router as multiple VLAN information will be moving through this link and for trunk link we have to define encapsulation, in this case we have layer-2 (2950) switch where we have only dot1q encapsulation available. And also remember to assign the sub-interface addresses as a gateway on your PC.

Note: If we trying to assign IP address on sub-interface on router before identifying to which VLAN it is associated and without assigning encapsulation you will get an error like

“% configuring IP routing on a LAN sub-interface is only allowed if that
Sub-interface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL VLAN”.


Router (config) #interface fastEthernet 0/0.2
Router (config-subif) #encapsulation dot1Q 2
Router (config-subif) #ip address 10.1.1.2 255.0.0.0
Router (config-subif) #no shutdown


Router (config) #interface fastEthernet 0/0.3
Router (config-subif) #encapsulation dot1Q 3
Router (config-subif) #ip address 20.1.1.2 255.0.0.0
Router (config-subif) #no shutdown


Now to communicate between these two different VLAN’s we have to configure trunk link so configuration on switch are as:

Switch (config-if) #switchport mode trunk
Switch (config-if) #switchport trunk allowed vlan 2, 3


Now check the communication

PC-2>ping 10.1.1.1

Pinging 10.1.1.1 with 32 bytes of data:

Reply from 10.1.1.1: bytes=32 time=188ms TTL=127
Reply from 10.1.1.1: bytes=32 time=125ms TTL=127
Reply from 10.1.1.1: bytes=32 time=124ms TTL=127
Reply from 10.1.1.1: bytes=32 time=121ms TTL=127

Ping statistics for 10.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 121ms, Maximum = 188ms, Average = 139ms



I hope it will be informative for you.

Thank You for Reading

9 comments:

nayyares said...

nice one.
keep it up!

Anonymous said...

Brother,
well explained ,my doubts are clear now....thanks a lot.

inter-vlan routing only name used to scared me :-)

Irum said...

for me it was very informative, as after 8 hours of repeatedly trying to practice "router on a stick" but cudnt fix my problem. but ur blog was really of grt help, and i came to knw abt the small mistake tht i was doing.

thnx alot sohail

Imran Kalim said...

Nice web site sohail...

shahid said...

That is great, dot1q is basically vlan termintaion point...you need to make some configuration for this on the SWX as access port and trunk and then define logical interfaces by the vlan numbers on the router..........GR8

ninest123 said...

replica watches, ugg boots, ralph lauren pas cher, oakley sunglasses, louis vuitton, nike roshe run, chanel handbags, burberry, kate spade outlet, louis vuitton outlet, nike outlet, longchamp, louboutin shoes, gucci outlet, ray ban sunglasses, air jordan pas cher, nike free, jordan shoes, sac longchamp, uggs on sale, louboutin, nike free, cheap oakley sunglasses, nike air max, prada outlet, air max, christian louboutin outlet, tory burch outlet, longchamp pas cher, polo ralph lauren outlet, ugg boots, polo ralph lauren outlet, louis vuitton, replica watches, nike air max, louboutin pas cher, oakley sunglasses, tiffany jewelry, oakley sunglasses, ray ban sunglasses, louis vuitton, prada handbags, michael kors, ray ban sunglasses, louis vuitton outlet, louboutin outlet, longchamp outlet, oakley sunglasses, longchamp outlet, tiffany and co

ninest123 said...

michael kors, hermes, michael kors outlet, converse pas cher, vans pas cher, true religion jeans, michael kors, nike roshe, tn pas cher, michael kors outlet, michael kors outlet, michael kors outlet, north face, nike air max, mulberry, coach outlet, nike air max, ugg boots, nike free run uk, north face, replica handbags, nike air max, sac guess, michael kors outlet, lululemon, true religion jeans, abercrombie and fitch, nike blazer, hollister pas cher, michael kors, new balance pas cher, hogan, oakley pas cher, kate spade handbags, true religion outlet, coach outlet, air force, burberry outlet online, vanessa bruno, ugg boots, timberland, ray ban pas cher, true religion jeans, coach purses, lacoste pas cher, hollister, burberry, ralph lauren uk, ray ban uk, michael kors

ninest123 said...

vans shoes, beats by dre, ghd, lancel, herve leger, new balance, ray ban, ralph lauren, abercrombie and fitch, celine handbags, north face outlet, birkin bag, louboutin, chi flat iron, soccer jerseys, nike air max, ferragamo shoes, mont blanc, insanity workout, hollister, jimmy choo shoes, nfl jerseys, soccer shoes, nike huarache, nike air max, nike roshe, wedding dresses, instyler, iphone cases, p90x workout, timberland boots, reebok shoes, mcm handbags, gucci, oakley, hollister, asics running shoes, valentino shoes, longchamp, converse, vans, converse outlet, baseball bats, hollister, north face outlet, bottega veneta, lululemon, babyliss, mac cosmetics, nike trainers

ninest123 said...

bottes ugg, ugg boots uk, ugg,uggs,uggs canada, canada goose uk, canada goose outlet, pandora jewelry, moncler, hollister, marc jacobs, swarovski, juicy couture outlet, replica watches, canada goose, moncler, swarovski crystal, links of london, wedding dresses, moncler outlet, thomas sabo, karen millen, pandora jewelry, moncler, montre pas cher, juicy couture outlet, ugg pas cher, louis vuitton, moncler, moncler, louis vuitton, moncler, louis vuitton, supra shoes, coach outlet, canada goose, toms shoes, ugg,ugg australia,ugg italia, moncler, doudoune canada goose, canada goose, canada goose outlet, louis vuitton, pandora charms, canada goose, sac louis vuitton pas cher, pandora charms