InterVLAN Routing

lagapidis · March 4, 2023, 5:52am

Hello Ken

There are a few things that may result in your particular situation. I suggest you check the following:

Ensure that the port on the router is active by using the no shutdown command on the interface.
Ensure that the port on the switch is in access mode and is in VLAN 10
Ensure that you have created an SVI for VLAN 10 and have activated it using the no shutdown command on the VLAN interface itself.
Confirm that VLAN 10 has been successfully created in the switch by looking at the output of the show vlan command.
Make sure that the SVI has successfully come up by pinging 10.0.0.2 from the CLI of the switch itself.

Check the status of the SVI by using the show ip interface brief on the switch command to see its IP address and the state of the interface.

If you’re still having trouble, please send us the configs of your router interface, the switch interface, and the SVI interface so we can help you further.

I hope this has been helpful!

Laz

molnarattila1221 · May 13, 2023, 2:47am

Hello,

I thought about the differences between SVIs and routed interfaces and came up with the following. I’d love to know what you think:

An SVI is a single virtual interface (with an IP address), and it (the SVI) can be associated with several different physical interfaces. Which means that hosts (in the same VLAN) connected via different physical interfaces to the same switch can all use the same IP address as their default gateway.

A routed interface is a single physical interface (with an IP address), and it (the routed interface) can NOT be associated with several different physical interfaces. Only a single host could use it as its default gateway (unless that host is a switch, in which case, others hosts connected to that second switch can use the first switch’s routed interface as a default gateway).

Thanks.
Attila

lagapidis · May 17, 2023, 6:18am

Hello Attila

It looks good. The only thing I would suggest is not to use the phrase “can be associated with several different physical interfaces.” As far as an SVI goes, I would phrase it like so:

An SVI is a Layer 3 virtual interface on a particular VLAN, that can act as a default gateway for all devices on that VLAN.

Does that make sense?

I hope this has been helpful!

Laz

jbhosle · October 7, 2023, 12:36am

Hi Rene,

In the Router Port section, will the the Fa 0/16 port on SW2 be an access port or a trunk port? I also think there is a typo as the configuration shows that it is for SW2 but should be for SW3

lagapidis · October 9, 2023, 6:17am

Hello Janhavi

A routed port is a layer 3 port, which means it is assigned an IP address. This kind of port behaves the same as a port on a router. That means that the distinction of “access” or “trunk” port has no meaning. Once a port is configured as a routed port using the no switchport command, all switchport commands are disabled on that port, so even if you try to configure the port as an access or trunk port, the switch will tell you that it is an unrecognized command.

The “routed port” section of the lesson, shows the configuration of the Fa0/16 port on SW2, as well as the configuration of the Fa0/16 port on SW3. The configurations as they appear in the lesson are correct.

I hope this has been helpful!

Laz

thor.fjar · November 6, 2023, 5:43pm

Hi,
Picture 1.Router on Stick

If you have a host directly connected to R1. Can that host example be connected on a switchport to vlan 10 and use fa0/0.10 as default gateway?

lagapidis · November 13, 2023, 7:35am

Hello Thor

If you connect a host to another interface on the router, that host must have an IP address in a subnet other than those on VLAN 10 and 20. The reason for this is the very nature of routers.

Every interface on a router, by definition, must be configured with an IP address in a different subnet. You can’t configure two interfaces on a router in the same subnet. You will get an error message like so:

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#inter gig 0/0
R1(config-if)#ip address 10.255.1.235 255.255.255.0
R1(config-if)#exit
R1(config)#inter gig 0/1
R1(config-if)#ip address 10.255.1.236 255.255.255.0
% 10.255.1.0 overlaps with GigabitEthernet0/0
GigabitEthernet0/1: incorrect IP address assignment
R1(config-if)#

So to answer your question, if you have a host directly connected to R1, the default gateway must be the IP address of the interface of R1 that you are connected to. There is no such thing as a switchport on a router.

Take a look at this NetworkLessons note concerning IP addressing on a router.

If you want to use Fa0/0.10 as a default gateway, the host must be connected to an access port on VLAN10 on SW1.

I hope this has been helpful!

Laz

thor.fjar · November 14, 2023, 6:06am

Hi, If R1 is a multilayer switch or a router with a switchcard.
If you configure a port on switchport access vlan 10 and connect a host there. Can that host use a subinterface eks:

int gi0/0.10
encapsulation dont1q 10
ip add x.x.x.x

lagapidis · November 16, 2023, 6:23am

Hello Thor

No, the host on VLAN 10 would not be able to use the subinterface Gi0/0.10 as the default gateway. It does not have direct Layer 2 access to that subinterface.

Any host connected to the switch module must use the corresponding SVI as the default gateway. In your particular case, you would have to create an SVI on VLAN 10 for this purpose.

The subinterface Gi0/0.10 is using dot1q encapsulation and is being assigned a VLAN of 10. However, that VLAN is only accessible to any switch directly connected to that port (in a router on a stick arrangement.) In order for a host on VLAN 10 on the switch module to reach any networks beyond interface Gi0/0, routing must be used, and this can only be done by sending traffic to the SVI VLAN 10 interface as the default gateway. Does that make sense?

I hope this has been helpful!

Laz

iffy_jiffy · January 23, 2024, 4:15pm

Hi Rene,
For example 3, do we not need to configure the default gateway on H1 and H2? If not on these, then on SW2? Just to send the traffic to SW3…?
Thanks

lagapidis · January 24, 2024, 6:29am

Hello Irfan

Yes indeed, and not only in example 3, but in all cases, the hosts H1 and H2 must be configured with the correct default gateway. In the case of interVLAN routing, this is typically the IP address assigned to the SVI of the VLAN on which that particular host is connected.

In the lesson, the default gateway for H1 and H2 was set in section 1. However, in sections 2 and 3 of the lesson, H2 changes its subnet, and should thus change its default gateway as well. Rene states in section 3 that the routed port of SW3 must be used as the default gateway by the clients in VLAN 10 which is the VLAN to which both H1 and H2 are connected. SW2 would not have any IP addressing configured for this communication since it is operating at Layer 2. Does that make sense?

I hope thishas been helpful!

Laz

davidilles · February 9, 2024, 3:41pm

Hello, everyone.

What is the purpose of configuring the native VLAN on a router in a ROAS scenario by using the encapsulation dot1q x native command?

Even if I purposely mismatch the native VLAN between the router and the switch, no error message is displayed in the CLI. Is this command even necessary? Because I am not quite wrapping my head around how it works. What if I never created a subinterface associated with the native VLAN? Would that cause any problems?

And one more thing. When a router receives a packet on a subinterface, what exactly does it do in terms of processing? Does it first check whether there is a subinterface matching the VLAN tag and then check the routing table, or?

Because I’ve had a router that had subinterfaces for VLAN 10 and 20. The switch had the native VLAN set to 20, so it sent any frames coming from VLAN 20 as untagged. I’ve pinged the VLAN 20 subinterface on my router from a VLAN 20 host. Even though my router had a route for the destination network (VLAN 20), it didn’t reply because there was no subinterface which would match the native VLAN.

That’s all, thank you

lagapidis · February 17, 2024, 6:15am

Hello David

Take a look at this thread discussing this very issue:

If you have any further questions, let us know!

I hope this has been helpful!

Laz

shivam0367 · May 11, 2024, 9:54pm

Hi Laz ,

I’d appreciate your thoughtful response regarding the scenario shown in the below snap explanation of intervlan routing. Specifically, I’m assuming that I have two distinct subnets of different networks with vlans 10 and 20, and that I’ve allowed both vlans 10 & 20 on trunk port of Fa0/16 on switch 2. However, I’m not sure what the configuration on multilayer switches should be; is it necessary to create a sub interface on SW 3 and make a route port? Could you please share the configuration on multilayer switches and explain how to create a trunk port on multilayer switches?

How are the default gateway addresses in switch 3 known to the hosts in vlans 10 and 20?
I am not sure if this is correct, but in my opinion, SVI should be created on Fa 0/16 on the multiplayer switch for vlans 10 and 20 and provide the default address appropriately.

Is there any chance to configure multilayer switch as routed port on subinterface and provide default address for the host of vlan 10 and vlan 20 ?

Thanks in advance

Regards
Shivam Chaudhary

shivam0367 · May 14, 2024, 5:47pm

Hello Laz & Team ,

Quick question Is there any chance to perform intervlan routing between PCVLAN 10 and PCVLAN 20 by configuring SVI on trunk port of SW3 i.e g0/1 & g0/0 , shall we configure SVI on trunk port by providing Default gateway 10.254 and 20.254 as same gateway address are also provide by PC 10 and PC 20 on g3/0 and g3/1 for intervlan routing b/w pc 20 and PC 10 Any chance to communicate host through intervlan routing between pc 20 and PCVLAN 10 , i understand the topic just assuming what ways we can reproduce here to communicate host in what ways .

Regards
Shivam Chaudhary

lagapidis · May 15, 2024, 7:26am

Hello Shivam

From what I understand, you are describing this topology right?:

And you want to know the configuration on SW3. Well you must create a trunk between SW2 and SW3 and you must include both VLAN10 and VLAN20. You will also create two SVIs in SW3, one for VLAN 10 and one for VLAN 20 and these will act as the default gateways for each VLAN/subnet. For this reason, you must assign them IP addresses in the correct subnet range. For example:

SVI VLAN 10 → 192.168.10.1
SVI VLAN 20 → 192.168.20.1

You must manually assign the default gateway to each host when you configure them. Or you would assign the default gateway using DHCP. In both cases, you simply know those addresses because you’ve assigned them to the SVIs as part of your network design.

An SVI is not created on a physical interface. It is a virtual interface that exists within the L3 switch.

The creation of subinterfaces is something that is typically configured on a router. I don’t know if a routed port on a L3 switch can be configured to function with subinterfaces. I have never tried it because on a L3 switch, you will typically configure ports as L2 ports, and use SVIs as the L3 ports for each VLAN. You can try it, and if the L3 switch does support subinterfaces, then it will work. But in that case, you are essentially configuring router on a stick.

I hope this has been helpful!

Laz

lagapidis · May 16, 2024, 6:56am

Hello Shivam

An SVI is not configured on a trunk port. It is configured as a virtual interface that is internal on the switch. It is a Layer 3 virtual port that acts as the default gateway for all hosts on that VLAN, and the IP addressing must be configured correctly on the hosts and the SVIs themselves.

Assuming the topology I have depicted in my post above, if you configure two SVIs, for VLANs 10 and 20 on SW3 and you create a tunk link between SW2 and SW3 that include both of those VLANs, then yes, the two PCs will be able to reach their respective gateways, and the SVIs will perform inter-VLAN routing between the two subnets. Does that make sense?

I hope this has been helpful!

Laz

premswan · May 28, 2024, 5:38am

Hi @lagapidis,

I have some questions on packet processing in a l3 switch. How switch decides whether to bridge or route or consume itself.

ping from HOST A to HOST C (ping will go to CPU?)
ping from HOST A to HOST B (Ping will go to CPU?)

What are all the packets to be consumed (process by CPU).

ajay7d · May 28, 2024, 3:33pm

Hi Community, Please can someone give a clear insight on interface vlans? I am particularly confused when it comes to routing. Ours is an enterprise network. In our core switch, when searched the default route entry, it says:

Routing entry for 10.0.1.0/25
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Redistributing via ospf 1
  Routing Descriptor Blocks:
  * directly connected, via Vlan100
      Route metric is 0, traffic share count is 1

but there is no interfaces belongs to vlan 100 though. Please can you explain what does it exactly mean? Thanks in advance.

lagapidis · May 30, 2024, 6:06am

Hello Premkumar

The details of packet processing on a L3 switch can be quite complicated, and are often specific to the vendor and even the model of switch that is being used. Let me try to clarify:

Let’s take the first situation as an example. Host A pings Host B. When the L3 switch receives the packet, it begins decapsulation. It reads the destination MAC address and it looks up that MAC address in the MAC address table for VLAN 10. If that address exists in the MAC address table, then the frame can be switched to the proper port and egress that port to reach Host C.

Strictly speaking, just for the processes described, further decapsulation should not be necessary. However, the packet will typically be further decapsulated so that the information in the IP header can be read and used in processes such as ACLs, QoS. Or it may just want to confirm that the packet is indeed to be switched and not routed, so it checks the destination IP address to ensure it is in the same subnet (and matches the information it determined from the frame header).

Now the question of what physical hardware performs all of this processing also depends on the architecture of the device. Typically, this is done by Application-Specific Integrated Circuits (ASICs), but some lower-end devices may have the central CPU perform these functions.

Let’s now take a look at your second situation. Host A pings Host B. In that case, the frame is received, and the destination MAC address is determined and compared with the MAC address table. It will not find the MAC address in VLAN 10’s MAC address table, and it would need to further decapsulate the packet to determine the destination IP. It sees that the destination IP is in a different subnet, so it is then routed (i.e. destination IP address is compared to entries in the routing table to determine the egress port). The egress port is determined, it is re-encapsulated and sent to host C on VLAN 20.

Now where this is processed physically, again depends upon the architecture of the switch. Some higher-end switches will also have Network Processors, which are dedicated CPUs for performing such processing. Another thing to keep in mind is whether or not processes such as Cisco Express Forwarding (CEF) are used or not.

So, unfortunately, there’s no clear-cut answer, but it depends upon the switch architecture. Does that make sense?

I hope this has been helpful!

Laz