CIS 1885- Chapter 4
Layer 3 Switch Inter-VLAN Routing
-Inter-VLAN routing using the router-on-a-stick method is simple to implement for a small to medium-sized organization. However, a large enterprise requires a faster, much more scalable method to provide inter-VLAN routing. -Enterprise campus LANs use Layer 3 switches to provide inter-VLAN routing. Layer 3 switches use hardware-based switching to achieve higher-packet processing rates than routers. Layer 3 switches are also commonly implemented in enterprise distribution layer wiring closets.
Capabilities of a Layer 3 switch include the ability to do the following:
-route from one VLAN to another using multiple switched virtual interfaces (SVIs) -convert a Layer 2 switchport to a Layer 3 interface (i.e. a routed port). A routed port is similar to a physical interface on a Cisco IOS router. -To provide inter-VLAN routing, Layer 3 swtiches use SVIs. SVIs are configured using the same interface vlan vlan-id command used to created for each of the routable VLANs.
Legacy Inter-VLAN Routing
-the first inter-VLAN routing solution relied on using a router with multiple Ethernet interfaces. Each router interface was connected to a switch port in different VLANs. The router interfaces served as the default gateways to the local hosts on the VLAN subnet. -Legacy inter-VLAN routing using physical interfaces works, but it has a significant limitation. It is not reasonably scalable because routers have a limited number of physical interfaces. Requiring one physical router interface per VLAN quickly exhausts the physical interface capacity of a router. NOTE: this method of inter-VLAN routing is no longer implemented in switched networks and is included for explanation purposes only.
The following are advantages of using Laye 3 switches for inter-VLAN routing:
-they are much faster than router-on-a-stick because everything is hardware switched and routed -there is no need for external links from the switch to the router for routing -they are not limited to one link because Layer 2 EtherChannels can be used as trunk links between the switches to increase bandwidth -Latency is much lower because data does not need to leave the switch in order to be routed to a different network -they more commonly deployed in a campus LAN than routers -the only disadvantage is that Layer 3 switches are more expensive.
Router-on-a-Stick Inter-VLAN Routing
-this routing method overcomes the limitation of the legacy inter-VLAN routing method. It only requires one physical Ethernet interface to route traffic between multiple VLANs on a network. -A Cisco IOS router Ethernet interface is configured as an 802.1Q trunk and connected to a trunk port on a Layer 2 switch. Specifically, the router interface is configured using subinterfaces to identify routable VLANs. -the configured subinterfaces are software-based virtual interfaces. Each is associated with a single physical Ethernet Interface. Subinterfaces are configured in software on a router. Each subinterface is independently configured with an IP address and VLAN assignment. Subinterfaces are configured for different subnets that correspond to their VLAN assignment. This facilitates logical routing. -When VLAN-tagged traffic enters the router interface, it is forwarded to the VLAN subinterface. After a routing decision is made based on the destination IP network address, the router determines the exit interface for the traffic. If the exit interface is configured as an 802.1Q subinterface, the data frames are VLAN-tagged with the new VLAN and sent back out the physical interface. NOTE: the router-on-a-stick method of inter-VLAN routing does not scale beyond 50 VLANs
There are three inter-VLAN routing options:
1. Legacy Inter-VLAN routing- this is a legacy solution, it does not scale well. 2. Router-on-a-stick- this is an acceptable solution for a small to medium-sized network 3. Layer 3 switch using switched virtual interfaces (SVIs)- this is the most scalable solution for medium to large organizations.
Missing VLANs
An Inter-VLAN connectivity issue could be caused by a missing VLAN. The VLAN could be missing if it was not created, it was accidentally deleted ,or it is not allowed on the trunk link. When a VLAN is deleted, any ports assigned to that VLAN become inactive. They remain associated with the VLAN (and thus inactive) until you assign them to a new VLAN or recreate the missing VLAN. Recreating the missing VLAN would automatically reassign the hosts to it. Use the show interface interface-id switchport command to verify the VLAN membership of the port.
Switch Trunk Port Issues
Another issue for inter-VLAN routing includes misconfigured switch ports. In a legacy inter-VLAN solution, this could be caused when the connecting router port is not assigned to the correct VLAN. However, with a router-on-a-stick solution, the most common cause is a misconfigured trunk port. -Verify that the port connecting to the router is correctly configured as a trunk link using the show interface trunk command -if that port is missing from the output, examine the configuration of the port with the show running-config interface X command to see how the port is configured.
Layer 3 Switch Configuration
Complete the following steps to configure S1 with VLANs and trunking: 1. Create the VLANs. In the example, VLANs 10 and 20 are used. 2. Create the SVI VLAN interfaces. The IP address configured will serve as the default gateway for hosts in the respective VLAN. 3. Configure access ports. Assign the appropriate port to the required VLAN 4. Enable IP routing. Issue the ip routing global configuration command to allow traffic to be exchanged between VLANs 10 and 20. This command must be configured to enable inter-VAN routing on Layer 3 switch for IPv4
Troubleshoot Inter-VLAN Routing Scenario
Examples of some of these inter-VLAN routing problems will now be covered in more detail. This topology will be used for all of these issues.
Router-on-a-stick Inter-VLAN Routing Verification
In addition to using ping between devices, the following show commands can be used to verify and troubleshoot the router-on-a-stick -show ip route -show ip interface brief -show interfaces -show interfaces trunk
R1 Subinterface Configuration
In the configuration, the R1 G0/0/1 subinterfaces are configured for VLANs 10,20, and 99
Layer 3 Switch Scenario
In the figure, the Layer 3 switch, D1, is connected to two hosts on different VLANs. PC1 is in VLAN 10 and PC2 is in VLAN 20, as shown. The Layer 3 switch will provide inter-VLAN routing services to the two hosts.
Inter-VLAN Routing on a Layer 3 switch
Inter-VLAN SVIs are created the same way that the management VLAN interface is configured. The SVI is created for a VLAN that exists on the switch. Although virtual, the SVI performs the same functions for the VLAN as a router interface would. Specifically, it provides Layer 3 processing for packets that are sent to or from all switch ports associated with that VLAN,
Router Configuration Issues
Router-on-a-stick configuration problems are usually related to subinterface misconfigurations -Verify the subinterfaces states using the show ip interface brief command -Verify which VLANs each of the subinterfaces is on. To do so, the show interfaces command is useful but it generate a great deal of additional unrequired output. The command output can be reduced using IOS command filters. In this example, use the include keyword to identify that only lines containing the letters "Gig" or "802.1Q"
S2 VLAN and Trunking Configuration
The configuration for S2 is similar to S1
Verify Connectivity Between PC1 and PC2
The router-on-a-stick configuration is complete after the switch trunk and the router subinterfaces have been configured. The configuration can be verified from the hosts, router, and switch. From a host, verify connectivity to a host in another VLAN using the ping command. It is a good idea to first verify the current host OP configuration using the ipconfig Windows host command. Next, use ping to verify connectivity with PC2 and S1, as shown in the figure. The ping output successfully confirms inter-VLAN routing is operating.
What is Inter-VLAN Routing?
VLANs are used to segment switched Layer 2 networks for a variety of reasons. Regardless of the reason, hosts in one VLAN cannot communicate with hosts in another VLAN unless there is a router or a Layer 3 switch to provide routing services. Inter-VLAN routing is the process of forwarding network traffic from one VLAN to another VLAN.
Switch Access Port Issues
When a problem is suspected with a switch access port configuration, use verification commands to examine the configuration and identify the problem. A common indicator of this issue is the PC having the correct address configuration (IP Address, Subnet Mask, Default Gateway), but being unable to ping its default gateway --use the show vlan brief, show interface X switchport or show running-config Interface X command to verify the interface VLAN assignment.
What is required to perform router-on-a-stick inter-VLAN routing?
a router that is configured with multiple subinterfaces
A small college uses VLAN 10 for the classroom network and VLAN 20 for the office network. What is needed to enable communication between these two VLANs while using legacy inter-VLAN routing?
a router with at least two LAN interfaces should be used
Which sentence correctly describes the SVI inter-VLAN routing method?
an SVI is needed for each VLAN
What is a disadvantage of using router-on-a-stick inter-VLAN routing?
does not scale well beyond 50 VLANs
A PC is to access a web server on another network. Which inter-VLAN method will provide the highest bandwidth at Layer 3 and also provide a default gateway for the PC?
multilayer switch with routing enabled
What is a disadvantage of using multilayer switches for inter-VLAN routing?
multilayer switches are more expensive than router-on-a-stick implementations
Which type of inter-VLAN communication design requires the configuration of multiple subinterfaces?
router on a stick
Which scalable method must be implemented in order to provide inter-VLAN routing on a switched network with more than 1000 VLANs?
routing traffic internally to a Layer 3 switch device
You are troubleshooting an inter-VLAN issue on a router and need to verify the status of an access port and its access mode VLAN. Which troubleshooting command would you use to do this?
show interfaces interface-id switchport
You are troubleshooting an inter-VLAN issue on a router and need to verify the status and IP address of all interfaces in a condensed format. Which inter-VLAN routing troubleshooting command would you use to do this?
show ip interface brief
You are troubleshooting an inter-VLAN issue on a switch and need to verify that the subinterfaces are in the routing table. Which inter-VLAN routing troubleshooting command would you use to do this?
show ip route
An administrator was troubleshooting a router-on-a-stick topology and concluded that the problem was related to the configuration of VLANs on the router subinterfaces. Which two commands can the administrator use in the router to identify the problem?
show running-config show ip interface
You are troubleshooting an inter-VLAN issue on a switch and need to check the list of VLANs and their assigned ports. Which inter-VLAN routing troubleshooting command would you use to do this?
show vlan
What is the meaning of the number 10 in the encapsulation dot1q native router subinterface command?
the VLAN ID
Inter-VLAN Routing on a Layer 3 Switch
the modern method of performing inter-VLAN routing is to use Layer 3 switches and witched virtual interfaces (SVI). An SVI is a virtual interface that is configured on a Layer 3 switch as showing in the figure. NOTE: a Layer 3 switch is also called a multilayer switch as it operates at Layer 2 and Layer 3. However, in this course we use the term Layer 3 switch.
While configuring inter-VLAN routing on a multilayer switch, a network administrator issues the no switchport command on an interface that is connected to another switch. What is the purpose of this command?
to create a routed port for a single network
A network administrator enters the following command sequence on a Cisco 3560 switch. What is the purpose of these commands? Switch(config)# interface gigabitethernet0/1 Switch(config-if)# no switchport
to make the Gi0/1 port a routed port
When configuring a router as part of a router-on-a-stick inter-VLAN routing topology, where should the IP address be assigned?
to the subinterface
How is traffic routed between multiple VLANs on a multilayer switch?
traffic is routed via internal VLAN interfaces
What operational mode should be used on a switch port to connect it to a router for router-on-a-stick inter-VLAN routing?
trunk
S1 VLAN and Trunking Configuration
Complete the following steps to configure S1 with VLANs and trunking: 1. Create and name the VLANs 2. Create the management interface 3. Configure access ports 4. Configure trunking ports
R1 Subinterface Configuration
The router-on-a-stick method requires you to create a subinterface for each VLAN to be routed. A subinterface is created using the interface interface_id subinterface_id global configuration mode command. The subinterface syntax is the physical interface followed by a period and a subinterface number. Although not required, it is customary to match the subinterface number with the VLAN number -Each subinterface is then configured with the following two commandds: --encapsulation dot1q vlan_id [native]-this command configures the subinterface to respond to 802.1Q encapsulated traffic from the specified vlan-id. The native keyword option is only apprehended to set the native VLAN to something other than VLAN 1. --ip address ip-address subnet-mask-this command configures the IPv4 address of the subinterface. This address typically serves as the default gateway for the identified VLAN. Repeat the process for each VLAN to be routed. Each router subinterface must be assigned an IP address on a unique subnet for routing to occur. When all subinterface must have been created, enable the physical interface using the no shutdown interface configuration command. If the physical interface is disabled, all subinterfaces are disabled.
Common Inter-VLAN Issues
There are a number of reasons why an inter-VAN configuration may not work. All are related to connectivity issues. First, check the physical layer to resolve any issues where a cable might be connected to the wrong port. If the connections are correct, then use the list in the table for other common reasons why inter_VLAN connectivity may fail.
