InterVLAN Routing

Lessons Discussion
21

Hi Rene,

for inter-vlan switching. does the switching mode always have to be trunking to the router and not access at all cost. As i believe i have seen somewhere were access was used? Thanks

Kind Regards

1 Like
22

Hi Adil,

This always has to be a trunk otherwise there’s no way for the router to differentiate to what VLAN the traffic belongs. If you use access mode then you only have one VLAN on the interface.

Rene

1 Like
23

Hi,

I have a question?

My network is currently in Production and I need to route VLAn’s without involving my router.

My question is this; I have multiple Layer 3 switches (Nexus 9000 series), if I turn on ip routing, will that disrupt my current traffic in anyway?

Also, if I turn a port into a routed port, will other layer 2 ports on the Nexus 9000 series be able to use that routed port for routing, or is it just between the port connected to the other switch(s)?

Thanks,

Curtis

24

Hi Curtis,

Your traffic should not be disrupted if you enable IP routing.

Once you turn an interface into a routed port and add an IP address on it then the network will be added to the routing table. It will behave exactly the same as an interface on a router so yes, you can use it for routing.

Keep in mind that your L2 “stuff” will be gone from the Interface: VLANs, port-security, etc.

Rene

25

Hey Renee,

And what is the difference between “no autostate” command and switchport autostate exclude

 

 

Daniel

26

Hi Dan,

There are three requirements for the SVI to be up/up:

  • The VLAN must exist and be active in the VLAN database.
  • At least one interface should be active for the VLAN.
  • That interface has to be in STP forwarding state.
The switchport autostate exclude command on the interface can be used to exclude interfaces from this check. The no autostate command on the vlan can be used to disable all checks completely. Not all IOS versions support these commands though.

Rene

3 Likes
27

Hi, I have a situation where my company installed ip cameras in our yard. These cameras are all operating on vlan 10. We also have a wifi network that use vlan 192. In a certain scenario one of the cameras is at a point in our yard where the 192 vlan only exists. So as you can imagine, the there is no communication to this camera because it has an vlan 10 ip but is on the vlan 192 network… How can i setup routing on the particular switch to allow this camera to communicate back and forth with vlan 10?

28

Hi Omar,

With two different subnets, this is not going to work. If your switch is configured for interVLAN routing then it will have one IP address on its VLAN 10 interface and another on the VLAN 192 interface. When your camera has the wrong IP address, it will be unable to communicate with the default gateway.

Better make sure your camera gets another IP address when you move it to another subnet.

Rene

29

So since this camera is has an vlan 10 ip address, yet is connected to an interface that is on vlan 192, there is no possible way to get the camera to communicate with the other cameras that are on vlan 10…mainly the camera server that has an address of 10.10.11.200?

30

That’s correct. Your camera thinks it can reach your camera server on 10.10.11.200 directly since it’s in the same subnet. It will send an ARP request but there is no device in VLAN 192 that will respond to it.

Normally you can use proxy arp for something like this:

https://networklessons.com/network-services/proxy-arp-explained/

But this is not going to work if you use two different subnets, it only works when for example the camera is in the 10.x.x.x/8 subnet and the camera server is in the 10.1.1.0/24 subnet. In that case, the router/switch can respond with a proxy ARP. It doesn’t work for two different subnets.

31

So I ran into something about secondary addresses on an interface. Could this be a possible solution? Adding a secondary address to an interface and have the camera point to that secondary address as its gateway?

32

Normally you can configure secondary IP address on the interface yes but this will only work when you are not using that subnet on another interface.

For example, let’s say you have interface VLAN 10 with IP address 192.168.1.1 /24. When you try to add IP address 192.168.1.2 on any other interface then the router/switch will not accept it since you can’t use the same subnet on two interfaces.

How come the camera requires a static IP? wouldn’t it be easier to use DHCP and a reservation perhaps?

33

Because the camera is located in distant part of the yard that was designed for our wifi network and is only provided connectivity via that 192 interface.

 

34

So if I was to let dhcp assign an ip , it will end up being a 192 address and therefore just wont be able to communicate with other vlan 10 devices, specifically the other cameras.

 

35

Ok but why not give it an IP address from the 192.x.x.x range then?

36

That’s no problem. When it gets the correct IP address, it can reach the default gateway and the traffic can be routed to other subnets, including the one where your cameras are.

The default gateway will be your switch (if it supports interVLAN routing) or a router.

37

So if it gets a 192 address, are you saying that it should be able to communicate with the camera server which is on vlan 10. Explain?

38

Take a look at the first “router on a stick part” of this lesson:

https://networklessons.com/switching/intervlan-routing/

It’s the same thing, computerA can reach computerB by using their default gateway.

39

19 posts were merged into an existing topic: InterVLAN Routing

40

Ok, will give it an attempt? Get back at you with the results. Thanks greatly appreciated!!!