VLAN Routing Configuration

Jason Fraioli · ‎02-28-2008

I've seen some configs showing the use of subinterfaces to perform vlan routing. If I am using a layer 3 switch, is it a safe practice to create a vlan interface and put an IP on it?

I guess I don't understand the difference between the two. On a layer 3, couldn't I take the trunk from another switch and plug it into the layer 3 switch, then put an IP on that interface and issue the "no switchport" command?

What's the difference between creating the vlan subnet on a physical interface as opposed to creating an svi vlan interface?

lamav · ‎02-28-2008

Jason:

The first scenario you give is called a "router-on-a-stick" and that consists of connecting a layer 2 switch, with multiple vlans configured on it, to a L3 switch or router via a trunk.

The router will be responsible for inter-vlan routing. The ethernet interface of the router will be configured with subinterfaces to support a routed connection for each vlan. One of the benefits of this is that you only need to use one router interface to support multiple vlans.

Here is a sample router-on-a-stick configuration:

Switch Config:

vlan 100

HR_vlan

vlan 200

First_Floor_users

interface fastethernet 1/0/1

description To_router_fa0/0

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

Router config:

interface fastethernet 0/0

description To_L2_Switch_fa1/0/1

no ip address

interface fastethernet 0/0.1

encapsulation dot1q 1 native

interface fastethernet 0/0.100

encapsulation dot1q 100

ip address 192.168.100.1 255.255.255.0

interface fastethernet 0/0.200

encapsulation dot1q 200

ip address 192.168.200.1 255.255.255.0

=============================================

And the you have the SVI method, as follows:

L2 switch config:

vlan 100

HR_users

vlan 200

First_floor_users

interface gigabitethernet 0/48

description Trunk_to_L3_Switch_Gi1/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

L3 Switch config:

vlan 100

HR_vlan

vlan 200

First_floor_users

interface gigabitethernet 1/1

description Trunk_to_User_switch_Gi0/48

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

inetrface vlan 100

description HR vlan

ip address 192.168.100.1 255.255.255.0

interface vlan 200

description First_floor_users

ip address 192.168.200.1 255.255.255.0

Router eigrp 100

network 192.168.100.0 0.0.0.255

network 192.168.200.0 0.0.0.255

=============================================

HTH

Please rate this post if you found it informative and helpful.

Victor

Istvan_Rabai · ‎02-28-2008

Hi Jason,

When you make a physical interface a routed port with the "no switchport" command, you have a port like a normal router has.

The exception to this is that on layer3 switches you cannot create subinterfaces on physical ports.

When you leave your physical port in the layer2 state, then that port may function as a layer2 access port or a layer2 trunk port, depending on the switchport configuration.

So your layer2 ports will be participating in layer2 switching, and you can even configure a set of ports as access ports on your switch and they will function as a separate layer2 switch with their own vlan.

In this case you can create the vlan interfaces and use them for routing safely. They behave very much like a physical interface.

For example, if you have vlan 1, vlan 2 and vlan 3, then you can create interfaces vlan1, vlan2 and vlan3.

When one of your physical interfaces are configured for trunking and carries vlan1, vlan2 and vlan3 traffic, then the traffic of different vlans will be separated and directed to the appropriate vlan interfaces for routing if necessary.

So traffic from vlan1 will be routed by interface vlan1, and so on.

You can apply routing, access-lists, qos, and other features to vlan interfaces as with normal physical interfaces.

This gives you more flexibilty in your configurations.

Cheers:

Istvan