Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Intervlan routing using a layer-3 switch

I have the following scenario:

A layer 3 switch with two connected computers, each one corresponding to a different vlan (200 and 300). The switch is connected to a router using only one fast Ethernet port. How can i configure intervlan routing, with the gateway for vlan 200 in the switch and the gateway for the vlan 300 in the router? I guess I have to enable a routing protocol for the link between the router and the switch. Can someone help me? Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Intervlan routing using a layer-3 switch

Hello eduardo,

I assume below topology

                      ------PC1 (vlan200)

router--->Switch

                      ------PC2 (Vlan300)

For intervaln routing one option is to create two sub-interface(of your single ethernet interface) on routers and taking switch as pure l2. Both sub-interface will be in diferent vlan

with dot1q as encapsulation.

Now If you want your switch to work as l3, ideally you don't need router. just give IP address by creating vlan interface (int vlan200, int vlan300)

But if you have terminated any serial link on router you need to have router .

Your requirement is to have one l3 interface on router and one l3 interface on switch, yes possible

> create interface vlan for vlan200 and give ip to it

> keep vlan300 as it is and terminate it on router

> configure default gateway as a router ip.

But i will prefer the second option (creating both vlan interfrace on switch and passing everything else to router)

Hope this helps

Regards

Mahesh

3 REPLIES

Re: Intervlan routing using a layer-3 switch

Hello eduardo,

I assume below topology

                      ------PC1 (vlan200)

router--->Switch

                      ------PC2 (Vlan300)

For intervaln routing one option is to create two sub-interface(of your single ethernet interface) on routers and taking switch as pure l2. Both sub-interface will be in diferent vlan

with dot1q as encapsulation.

Now If you want your switch to work as l3, ideally you don't need router. just give IP address by creating vlan interface (int vlan200, int vlan300)

But if you have terminated any serial link on router you need to have router .

Your requirement is to have one l3 interface on router and one l3 interface on switch, yes possible

> create interface vlan for vlan200 and give ip to it

> keep vlan300 as it is and terminate it on router

> configure default gateway as a router ip.

But i will prefer the second option (creating both vlan interfrace on switch and passing everything else to router)

Hope this helps

Regards

Mahesh

New Member

Re: Intervlan routing using a layer-3 switch

Hello magesh,

Thanks for your reply. Following the policies of my problem, the fact that i need GW in different devices is to ensure high availability and security for one of my vlans.

Being more specific im using a CISCO 3560 layer-3 switch and a 2811 router. My 2 subnets are 192.168.1.0/26 (vlan 200) and 192.168.1.64/26(vlan 300).

At this point, im pretty sure im doing right, but i think im missing some commands, could you help me please?

1.Already created VLAN 200 and 300 in the switch and assigned them ports (switchport access vlan)

2.Only gave ip address to interface vlan 200 in the switch and it is the default gateway for PC belonging to vlan 200

Sorry if it seems too basic, this is part of a project im doing at university and also sorry for my ugly english,

regards from PERU!

Hall of Fame Super Blue

Re: Intervlan routing using a layer-3 switch

Eduardo

There is no redundancy gained by doing this. If the switch fails then you cannot get to the router anyway, so having vlan 300 default-gateway on the router is useless.

It also depends on whether the 2 vlans need to talk to each other. If they do then your config becomes very non-standard because the router has to be able to route back to vlan 200. The only way you could do this would be to have a vlan 300 L3 interface on the switch ie.

client in vlan 300 sends a packet to client in vlan 200. Packet goes from client via switch in vlan 300 to router inteface. The router then looks up the destination and needs to find a route to vlan 200. The next-hop for that route has to be in vlan 300 so you would have to create a L3 vlan interface on the switch. So the route would look something like -

ip route 192.168.1.0 255.255.255.192

As i say there is no redundancy/high availability if you are going to connect clients to the same switch. Also this is a very non-standard configuration and really makes little sense. As Mahesh says, either route the vlans off the switch or off the router but not both. Personally i would do it off the switch. If you want security for vlan 300 then use an access-list on the L3 vlan 300 interface on the switch.

If the vlans do not need to talk to each other then you wouldn't need the vlan 300 interface on the switch but you still haven't got redundancy/high availability.

Jon

512
Views
0
Helpful
3
Replies