Inter-VLAN Routing Inter-VLAN routing is the process of forwarding network traffic from one VLAN to another VLAN using a router. VLANs divide broadcast domains in a LAN environment. Whenever hosts in one VLAN need to communicate with hosts in another VLAN, the traffic must be routed between them. This is known as inter-VLAN routing. On Catalyst switches it is accomplished by creating Layer 3 interfaces (Switch virtual interfaces (SVI)). A host can communicate with only those hosts that are members of the same VLAN. In order to change this default behaviour and allow communication between different VLANs, you need a router or a layer 3 switch.
Router-based Inter-VLAN routing is a process for forwarding network traffic from on e VLAN to another VLAN using a router Figure 1
The router has to support ISL or 802.1Q trunking on a FastEthernet or GigabitEthernet interface in order to perform routing between different VLANs. The routerâ&#x20AC;&#x2122;s interface is divided into logical interfaces called subinterfaces, one for each VLAN. From a FastEthernet or GigabitEthernet interface on the router, you can set the interface to perform trunking with the encapsulation command: R1(config)#interface FastEthernet0/0.10 R1(config-subif)#encapsulation ? dot1Q IEEE 802.1Q Virtual LAN R1(config-subif)#encapsulation dot1Q ? <1-4094> IEEE 802.1Q VLAN ID R1(config-subif)#encapsulation dot1Q 10
Inter-VLAN Routing All Catalyst multilayer switches support the following types of layer 3 interfaces: 1. Routed port- a pure layer 3 port similar to that on a router. 2. Switch virtual interface (SVI)- virtual routed VLAN interface for inter-VLAN routing. 3. Bridge virtual interface (BVI)- a layer 3 bridging interface.
Figure 2 The
Figure 3 A
router supports one Vlan per interface
single ISL link can support multiple VLANs
Inter-VLAN Routing Router Interface and Subinterface Comparison a. b. c. d. e.
Port Limits Performance Access ports and Trunk ports Cost Complexity
Physical Interface
Subinterface
One Physical interface per VLAN No bandwidth contention Connected to access mode switch port More expensive Less complex connection configuration
One Physical interface for many VLAN Bandwidth contention Connected to trunk mode switch port Less expensive More complex connection configuration
There are 3 inter-VLAN routing device options 1. Layer 3 multilayer Catalyst switch 2. External router that allows trunking (router-on-a-stick) 3. External router with enough interfaces for every VLAN (this doesnâ&#x20AC;&#x2122;t scale and is very expensive)
Inter-VLAN Routing Types
Figure 4 Inter
VLAN Implementation
Inter-VLAN Routing ď&#x201A;ˇ
External Router (Router-on-a-Stick) A layer two switch can be connected to a single router to allow inter-VLAN communication either using a single physical link as a trunk with multiple sub-interfaces (a.k.a. router-on-a-stick) or using seperate physical links between the switch and router for each individual VLAN.
Configuring Router-on-a-Stick a. b. c. d.
Enable trunking on the switch port Enable the router interface with the no shut command Create the subinterfaces on the router for each VLAN Configure IPs and encapsulation on each subinterface as they relate to their VLANs
Switch (conf-subif)# encapsulation [dot1q | isl] vlan-id {native} Switch (conf-subif)# ip address x.x.x.x x.x.x.x
Example router interface configuration Router(config)# interface FastEthernet0/0 Router(config-if)#no shutdown Router(config)# interface FastEthernet 0/0.1 Router(config-subif) description VLAN 1 Router(config-subif)# encapsulation dot1Q 1 native Router(config-subif)# ip address 10.1.1.1 255.255.255.0 Router(config-subif)# exit Router(config)# interface FastEthernet 0/0.2 Router(config-subif)# description VLAN 2 Router(config-subif)# encapsulation dot1Q 2 Router(config-subif)# ip address 10.2.2.1 255.255.255.0 Router(config-subif)# exit Router(config)# end
Example switch trunk interface configuration (connected to routerâ&#x20AC;&#x2122;s Fa 0/0) switch(config)# interface FastEthernet 4/2 switch(config-if)# switchport trunk encapsulation dot1q switch(config-if)# switchport mode trunk
Advantages 1. Works with almost all switches because the switches do not have to support layer 3, just VLANs and trunking. 2. Simple configuration (one switch port, one router interface).
Inter-VLAN Routing Disadvantages 1. Router is a single point of failure. 2. If the trunk becomes congested, it can affect every VLAN. 3. Slightly higher latency because-traffic must leave and re-enter the switch. -the router makes the traffic decisions in software (which is slower than hardware).
Switch Virtual Interfaces SVIs are virtual VLAN interfaces on multilayer switches; one SVI is created for each VLAN to be routed and it performs the process for all the packets associated with that VLAN.
Configuring SVIs a. b. c. d. e. f.
Enable IP routing Create the VLANs Create the SVI Assign an IP address to each SVI Enable the interface Optional – Enable an IP routing protocol
Example Configuration Switch# configure terminal Switch(config)# ip routing Switch(config)# vlan 10 Switch(config)# interface vlan 10 Switch(config-if)# ip address 10.10.1.1 255.0.0.0 Switch(config-if)# no shutdown Switch(config)# router rip Switch(config-router)# network 10.0.0.0 SVIs are commonly used for: 1. 2. 3. 4.
Default gateways for users within the VLAN Virtual route between VLANs Provides an IP address for connectivity to the switch itself Can be used as an interface for routing protocols
An SVI is considered “up” when at least one interface in its associated VLAN is active and forwarding traffic. If all interfaces within that VLAN are down, the SVI goes down to prevent creating a routing loop.
Inter-VLAN Routing Advantages 1. Fast because all performed in hardware 2. No need for external links for routing 3. Low latency (doesnâ&#x20AC;&#x2122;t need to leave the switch)
Disadvantages 1. May require a more expensive switch. ď&#x201A;ˇ
Routed Ports Routed Ports are physical ports on the switch that act much like a router interface with an IP address configured. Routed Ports are not associated with an particular VLAN and do not run layer 2 protocols like STP or VTP. (Note: Routed interfaces also do not support subinterfaces.) Routed ports are point-to-point links that usually connect core switches to other core switches or distribution layer switches (if the distribution layer is running layer 3). They can also be used when a switch has only a single switch port per VLAN or subnet. Make sure when configuring a routed port that you use the no switchport command to make sure the interface is configured to operate at layer 3. Also make sure to assign an IP addresses and any other layer 3 information required. Lastly, check that the appropriate routing protocols are configured. A multilayer switch can have both SVIs and routed ports configured. Multilayer switches forward all layer 2 and 3 traffic in hardware, so it is very fast.
Configuring Inter-VLAN Routing with Routed Ports 1. Select the interface 2. Convert to layer 3 port (no switchport command) 3. Add an IP address 4. Enable the interface (no shut command)
Example Configuration Core(config)# interface GigabitEthernet 1/1 Core(config-if)# no switchport Core(config-if)# ip address 10.10.1.1 255.255.255.252 Core(config-if)# exit
Inter-VLAN Routing Multilayer Switching A Multilayer switch can perform both layer two switching as well as inter-VLAN routing. While I spend a considerable amount of time walking through the low-level details here, Cisco thinks it is really important. Itâ&#x20AC;&#x2122;s also easy for Cisco to ask SWITCH exam questions on (like the order of operations), so take your time and make sure you understand the process. Knowing the order of events within the switch will help you understand how the many forwarding and filtering options interact.
ď&#x201A;ˇ Cisco Express Forwarding Multilayer Switching, or MLS, is a fairly general term used to describe features that enable very efficient routing of traffic between VLANs and routed ports. Cisco Express Forwarding, or CEF, is the specific implementation of MLS Cisco uses on their multilayer switches.
Layer 2 Forwarding Process Input 1. 2. 3. 4. 5. 6.
Receive frame Verify integrity Apply inbound VLAN ACL Lookup destination MAC
Output Apply outbound VLAN ACL Apply outbound QoS ACL Select outbound port Place in port queue Rewrite Forward frame
Layer 3 Forwarding Process Input
ROUTING
1. Receive frame
Apply input ACL
2. Verify integrity 3. Apply inbound VLAN ACL
Switch if entry is in CEF cache Identify exit interface and next hop address using routing table Apply outbound ACL
4. Lookup destination MAC 5. 6.
Output Apply outbound VLAN ACL Apply outbound QoS ACL Select outbound port Place in port queue Rewrite Forward frame