In any network, a VLAN is used to segment the network. Users in a particular VLAN will not have access to resources in other VLANs.
Normally, devices in the same VLAN can communicate with each other without the traffic having to traverse the router. However, for packet to flow from a host in one VLAN to a host in another VLAN, the IP address header of the packet needs to be decapsulated, and Layer 3 devices like a router or layer 3 switch will help to do this.
Even though routers are traditionally used to forward traffic from one VLAN to another, a Layer 3 switch can also handle this. For a layer 3 switch to handle this, IP routing functionality just needs to be enabled on the Layer 3 switch, and an SVI also be created for each of the VLANs. The IP address assigned to this SVIs will be used as the default gateway IP address for each of the host devices existing in each VLAN.
In this post, I will show you Configure Inter VLAN Routing on Cisco Layer 3 Switch
Network Topology
The network topology that I will be using for this demonstration is shown below. As you can see, it consists of a Layer 3 switch and then two routers, which will serve as the host devices existing in different VLANs.
In this demonstration, we will be enabling inter-VLAN routing on the Layer 3 switch, and we will be sending traffic from R1, which is in VLAN 10, to R2, which is in VLAN 20.
How to Configure Inter VLAN Routing on Cisco Layer 3 Switch
Here are steps to Configure Inter VLAN Routing on Cisco Layer 3 Switch
Step 1: Enable IP routing on the Layer 3 switch
Enter the following command to enable IP routing on the layer 3 switch;
L3-Switch(config)#ip routing
Step 2: Create the Necessary VLANs
As shown in the network topology, there is two VLANS, VLAN10 for sales and VLAN20 for Engineers. So, we create it with the following commands.
L3-Switch(config)#vlan 10
L3-Switch(config-vlan)#name Sales
L3-Switch(config-vlan)#exit
L3-Switch(config)#vlan 20
L3-Switch(config-vlan)#name Engineer
L3-Switch(config-vlan)#exit
Step 3: Create the SVIs for VLAN10 and VLAN20
To create a switch virtual interface (SVI), we simply enter the vlan interface and assign an IP address to it.
L3-Switch(config)#interface vlan 10
L3-Switch(config-if)#ip address 192.168.12.1 255.255.255.0
L3-Switch(config-if)#no shutdown
L3-Switch(config-if)#exit
L3-Switch(config)#interface vlan 20
L3-Switch(config-if)#ip address 192.168.21.1 255.255.255.0
L3-Switch(config-if)#no shutdown
L3-Switch(config-if)#exit
Step 4: Create the Access ports
Access ports assign the interfaces of a switch to a particular VLAN. If an interface is assigned to VLAN20, it means it can only receive and forward traffic within VLAN20. The gigabitEthernet0/0 interface of the Layer 3 switch will be given access to VLAN10, and the gigabitEthernet0/1 interface will be given access to VLAN20.
L3-Switch(config)#interface gigabitEthernet0/0
L3-Switch(config-if)#switchport mode access
L3-Switch(config-if)#switchport access vlan 10
L3-Switch(config-if)#no shutdown
L3-Switch(config-if)#exit
L3-Switch(config)#interface gigabitEthernet0/1
L3-Switch(config-if)#switchport mode access
L3-Switch(config-if)#switchport access vlan 20
L3-Switch(config-if)#no shutdown
L3-Switch(config-if)#exit
Step 5: Check routing table on L3-Switch
We can check for routing table on the layer 3 switch by using the following show command;
L3-Switch#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, Vlan10 <--
L 192.168.12.1/32 is directly connected, Vlan10
192.168.21.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.21.0/24 is directly connected, Vlan20 <--
L 192.168.21.1/32 is directly connected, Vlan20
As seen in the output of the show command above, the Layer 3 switch now has a connected route, which means it is handling IP routing.
Step 6: Configure the host devices
The two routers in the network topology will act as the two host devices that are in different vlans. To make a router act as a host device, we need to disable IP routing and then configure a default gateway IP address for the router. The IP address of the default gateway is the IP address assigned to the SVI for the VLAN on which the router is located.
Router 1
Disable the routing table, configure the IP address on Ethernet0/0, set the IP gateway on R1, and try to ping the gateway.
R1(config)#no ip routing
R1(config)#interface ethernet0/0
R1(config-if)#ip address 192.168.12.254 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#ip default-gateway 192.168.12.1
R1#ping 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1008 ms
Router 2
Disable the routing table, configure the IP address on Ethernet0/0, set the IP gateway on R2, and try to ping the gateway.
R2(config)#no ip routing
R2(config)#interface ethernet0/0
R2(config-if)#ip address 192.168.21.254 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#ip default-gateway 192.168.21.1
R2#ping 192.168.21.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.21.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/203/1009 ms
Step 7: Test the configuration
From R1 pings R2 and also the IP gateway of VLAN20.
R1#ping 192.168.21.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.21.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R1#ping 192.168.21.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.21.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms
From R2 pings R1 and the IP gateway of VLAN10.
R2#ping 192.168.12.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/5 ms
R2#ping 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
I am a passionate Networking Associate specializing in Telecommunications.
With a degree in Electronic engineering, I possess a strong understanding of electronic systems and the intricacies of telecommunications networks. I gained practical experience and valuable insights working for a prominent telecommunications company.
Additionally, I hold certifications in networking, which have solidified my expertise in network architecture, protocols, and optimization.
Through my writing skills, I aim to provide accurate and valuable knowledge in the networking field.
Connect with me on social media using the links below for more insights.
You can contact me using [email protected] or connect with me using any of the social media account linked below