VLANs are great for segmenting the network, but they also have their limitations. Inter-VLAN routing addresses some of those shortcomings. You’ll need to configure VLAN routing to enable some form of communication and share resources between different VLANs.
In a Layer 2 switched environment, VLANs separate devices into different collision domains and Layer 3 subnets. Devices in the same VLAN can communicate without any routing, and devices in different VLANs require routing to communicate with each other.
L2 switches require an L3 routing device to communicate between different VLANs, and the device is either an external router or Layer 3 module on the same chassis. Most of the Cisco switches have routing capabilities within the switch. When the switch receives a packet, it determines that it belongs to another VLAN, and the switch sends the packet to the appropriate port on the other VLAN.
In this article, we will discuss the following:
- Inter-VLAN routing configuration examples in Cisco routers and switches.
- Basic inter-VLAN routing commands.
- Where to find solutions to your router needs.
Download the guide and refer back to it at any time!
Not the article you were looking for today? Try these out:
- Supersizing Ethernet: Tech Vendors Are Looking To Lead The Way
- The Future Of Ethernet: What To Expect
- Tips And Tricks On Maximizing Return On Every Network Device
What Is Inter-VLAN Routing?
VLANs are used to segment Layer 2 networks. Hosts from one VLAN cannot communicate with hosts in another VLAN unless a router or a Layer 3 switch provides routing services (inter-VLAN routing on a Layer 3 switch).
Inter-VLAN routing is the technology for communicating network traffic from one VLAN to another VLAN.
There are two well-known inter-VLAN routing options:
- Router-on-a-Stick VLAN Routing: This is a suitable solution for small- to medium-sized networks.
- Switched Virtual Interfaces (SVIs): This is the most scalable solution for medium to large organizations, and this solution needs a Layer 3 switch.
Understanding The Need For VLANs
Before we discuss inter-VLAN routing configuration examples with commands, it’s important to understand some basics about switches' roles, limitations, and how they create the need for VLANs.
Before switches, hubs were the primary means for devices in a network to connect. However, hubs sent packets to all the connected ports, which was inefficient. Switches solved this issue.
A switch can identify the destination device or traffic based on MAC addresses. That way, the traffic only went to the intended destination, reducing network congestion that hubs were notorious for.
Still, switches posed one issue, which is broadcast traffic. While they send packets to the desired port, they send broadcast traffic to all ports. That creates broadcast traffic congestion on the network.
One possible solution to this problem is to use separate switches and divide the network. But that’s expensive, especially in large networks. So, VLANs were created as a practical and cost-effective solution for dealing with broadcast traffic.
VLANs are software-based or virtual LANs that segment the network, essentially allowing the same switch to create distinct broadcast domains.
It helps to equate VLANs to analogous radios on different channels to understand them better. The devices on the same VLAN can hear the broadcasts with their designated segment, much like friends communicating on the same radio channel.
The segmentation that VLAN offers helps to reduce broadcast congestion. More importantly, this is also good from a security perspective. Certain segments can be isolated and exist on separate VLANs entirely.
Thanks to their efficiency and better security proposition, VLANs are super common in enterprise networks today.
The Limitations Of VLAN
Ok, so VLAN successfully segments the network and eliminates broadcast congestion. But what if you need inter-VLAN communication? That can be tricky if they’re wholly separate.
You may consider putting a DHCP server for each VLAN. However, that’s not the most optimal solution.
What’s best is a solution where VLANs can communicate with each other while remaining separate. That’s where VLAN routing comes in.
Legacy Inter-VLAN Routing
Although this method is outdated and no longer used, we’re sharing it to showcase how much better router-on-a-stick VLAN routing is.
Early on, traditional VLAN routing used a router with multiple Ethernet interfaces. Every interface was connected to a switch port on a different VLAN. The router interface was the default gateway for the local hosts of the VLAN subnets.
While this method does the trick, it also poses serious limitations. For starters, routers have a limited number of physical interfaces. If there are many VLANs in the network, the interfaces on a router will likely be quickly consumed, requiring an additional router.
So, this legacy method had scalability issues, rendering it inefficient for large networks in enterprise settings.
Router-on-a-Stick Inter-VLAN Routing Method With a Cisco Router
The "router-on-a-stick" inter-VLAN routing technique needs only one physical interface to route traffic among multiple VLANs on a network. A router's physical interface is configured as an 802.1Q trunk and connected to the Layer 2 switch's trunk interface.
The router interface is configured using subinterfaces for passing multiple VLANs in one interface. The configured subinterfaces are software-based virtual interfaces, and each subinterface is associated with a single physical Ethernet interface. Each sub-interface is configured for different subnets that correspond to their VLAN assignment, which facilitates logical routing.
When VLAN-tagged traffic enters the router interface, the traffic is forwarded to the VLAN subinterface according to the VLAN tag ID. After a routing decision is performed based on the destination address, the router determines the egress interface for the traffic.
NOTE: The router-on-a-stick inter-VLAN method does not scale beyond 50 VLANs.
Router-on-a-Stick Inter-VLAN Routing Configuration Example
This section describes how to configure the router-on-a-stick inter-VLAN routing method. You can see in the image below that the router is connected with a switch using a single interface, and can pass multiple VLANs using that interface via a router-on-a-stick inter-VLAN routing configuration.
The router GigabitEthernet 0/0/0 interface is connected to the Layer 2 switch Ethernet 1/1 port. The Ethernet 1/1 is a trunk link that is required to forward traffic within and between VLANs.
To route between VLANs, the Router GigabitEthernet 0/0/0 interface is logically divided into two subinterfaces, as shown in the table below. The table also shows the two VLANs that will be configured on the switch.
| Subinterface | VLAN | IP Address |
|
G0/0/0.100 |
100 |
10.1.100.1/24 |
|
G0/0/0.200 |
200 |
10.1.200.1/24 |
Assume that the Router and Switch have basic configurations. Currently, PC1 and PC2 cannot ping each other because they are on different networks.
To enable the PCs to communicate, we need to configure VLANs and trunking in the switch level, and the router must be configured for inter-VLAN routing.
VLAN and Trunking Configuration in Switch
Complete the following steps to configure Switch with VLANs and trunking:
VLAN Configuration
- Step 1: VLANs Creation: First, the VLANs are created and named, as shown in the below configuration.
- Step 2: Configure Access Ports: Next, port Eth1/2 connecting to PC1 is configured as an access port in VLAN 100, as shown below. Assume PC1 has been configured with the correct IP address, netmask, and default gateway1.100.1.
Access Port Configuration
- Step 3: Trunking Port Configuration: Configure the port Eth1/1 as a trunk port like the below configuration.
Trunking Port Configuration
Router Subinterface Configuration
For each VLAN, you need to create a subinterface in the router-on-a-stick method. A subinterface can be created using the interface_id.subinterface_id format in the global configuration mode. The subinterface syntax is the physical interface followed by a period and a subinterface number. Although not required, it is common to match the subinterface number with the VLAN number.
After creating the subinterface, enable the interface with the "no shutdown" command in the interface configuration mode. All the subinterfaces are disabled if the physical interface is disabled.
In the below configuration, the Router G0/0/0 subinterfaces are configured for VLANs 100 and 200.
Verify Connectivity Between PC1 and PC2
After the switch trunk and the router subinterface configurations, the router-on-a-stick configuration is complete. The configuration can be verified from the PC, router, and switch.
From PC1, verify connectivity to a host in another VLAN using the ping command.
Windows PC IP Address
The output confirms the IPv4 address and default gateway of PC1. Next, use ping to verify connectivity with PC2, as shown in the below output. The ping reply confirms that inter-VLAN routing is working.
Router-on-a-Stick Inter-VLAN Routing Verification
Use the below show commands to verify and troubleshoot the router-on-a-stick configuration.
- Show ip route
- Show ip interface brief
- Show interfaces
As shown in the below output, verify that the subinterfaces appear in the router's routing table by using the "show ip route" command. Notice that there are two connected routes (C) and their respective exit interfaces for each routable VLAN. The output confirms that the subnets, VLANs, and subinterfaces are active.
Another useful router command is to show the ip interface brief, as shown below. The output confirms that the subinterfaces have the correct IPv4 address configured and that they are operational.
Subinterfaces can be verified using the show interfaces subinterface-command, as shown in the below output.
Routers For Inter-VLAN Routing
While you can set up a Layer 3 module for inter-VLAN routing, the most suitable solution is a router. These nifty devices solve a big network optimization challenge.
At PivIT, you can find the latest routers from Cisco and other major vendors like Juniper at great prices. Reliable equipment can ensure your network performs best and traffic moves seamlessly between different departments or offices.
With a large network of manufacturers, PivIT offers an extensive selection of routers — both new and legacy — to help connect virtually any kind of network. Whether you need routers to improve your WAN, LAN, SD-WAN, or cloud infrastructure, PivIT has what you need. Our team is ready to meet your routing needs through high data transfer capacity applications, core to edge routing, and network scalability. You can find your fit here.
Learn more about routing infrastructure!
Inter-VLAN Routing FAQs
What is inter-VLAN routing?
Inter-VLAN routing enables routers or Layer 3 switches to route traffic between VLANs.
Why is inter-VLAN routing necessary?
While it’s sometimes necessary to isolate VLANs and disallow any traffic between them, often some traffic needs to flow between VLANs so certain services and systems are available on any network segment. That’s where inter-VLAN routing comes in.
What are the benefits of inter-VLAN routing?
Inter-VLAN routing allows for communication between different VLANs, which is necessary for certain services and systems to be available across network segments. It also helps in managing network traffic efficiently.
What devices are used in inter-VLAN routing?
Routers or Layer 3 switches are typically used to implement Inter-VLAN routing. These devices can route traffic between VLANs while preserving broadcast domains.
What is the ‘Router-on-a-Stick’ model in inter-VLAN routing?
The ‘Router-on-a-Stick’ model is a common design pattern for Inter-VLAN routing. In this model, a single interface on a router is used to route traffic between multiple VLANs.
How Does Inter-VLAN Routing Improve Network Security?
By segregating the network into different VLANs and controlling the traffic between them using Inter-VLAN routing, network administrators can add an additional layer of security. This can help prevent unauthorized access and contain potential threats within a single VLAN.
What are the practical applications of inter-VLAN routing?
Inter-VLAN routing is commonly used in large enterprise networks to manage network traffic efficiently and securely. It allows for the segregation of different types of traffic (e.g., voice, data, video) into separate VLANs, improving network performance and security.