How to Configure Inter VLAN Routing on Cisco Layer 3 Switch - Netizzan

How to Configure Inter VLAN Routing on Cisco Layer 3 Switch

In any network, a VLAN is used to segment the network. Users in a particular VLAN will not have access to resources in other VLANs.

Normally, devices in the same VLAN can communicate with each other without the traffic having to traverse the router. However, for packet to flow from a host in one VLAN to a host in another VLAN, the IP address header of the packet needs to be decapsulated, and Layer 3 devices like a router or layer 3 switch will help to do this.

Even though routers are traditionally used to forward traffic from one VLAN to another, a Layer 3 switch can also handle this. For a layer 3 switch to handle this, IP routing functionality just needs to be enabled on the Layer 3 switch, and an SVI also be created for each of the VLANs. The IP address assigned to this SVIs will be used as the default gateway IP address for each of the host devices existing in each VLAN.

In this post, I will show you Configure Inter VLAN Routing on Cisco Layer 3 Switch

Network Topology

The network topology that I will be using for this demonstration is shown below. As you can see, it consists of a Layer 3 switch and then two routers, which will serve as the host devices existing in different VLANs.

In this demonstration, we will be enabling inter-VLAN routing on the Layer 3 switch, and we will be sending traffic from R1, which is in VLAN 10, to R2, which is in VLAN 20.

network topology for inter vlan routing

How to Configure Inter VLAN Routing on Cisco Layer 3 Switch

Here are steps to Configure Inter VLAN Routing on Cisco Layer 3 Switch

Step 1: Enable IP routing on the Layer 3 switch

Enter the following command to enable IP routing on the layer 3 switch;

L3-Switch(config)#ip routing

 Step 2: Create the Necessary VLANs

As shown in the network topology, there is two VLANS, VLAN10 for sales and VLAN20 for Engineers. So, we create it with the following commands.

L3-Switch(config)#vlan 10
L3-Switch(config-vlan)#name Sales
L3-Switch(config-vlan)#exit
L3-Switch(config)#vlan 20
L3-Switch(config-vlan)#name Engineer
L3-Switch(config-vlan)#exit

Step 3: Create the SVIs for VLAN10 and VLAN20

To create a switch virtual interface (SVI), we simply enter the vlan interface and assign an IP address to it.

L3-Switch(config)#interface vlan 10
L3-Switch(config-if)#ip address 192.168.12.1 255.255.255.0
L3-Switch(config-if)#no shutdown
L3-Switch(config-if)#exit

L3-Switch(config)#interface vlan 20
L3-Switch(config-if)#ip address 192.168.21.1 255.255.255.0
L3-Switch(config-if)#no shutdown
L3-Switch(config-if)#exit

Step 4: Create the Access ports

Access ports assign the interfaces of a switch to a particular VLAN. If an interface is assigned to VLAN20, it means it can only receive and forward traffic within VLAN20. The gigabitEthernet0/0 interface of the Layer 3 switch will be given access to VLAN10, and the gigabitEthernet0/1 interface will be given access to VLAN20.

L3-Switch(config)#interface gigabitEthernet0/0
L3-Switch(config-if)#switchport mode access
L3-Switch(config-if)#switchport access vlan 10 
L3-Switch(config-if)#no shutdown 
L3-Switch(config-if)#exit
L3-Switch(config)#interface gigabitEthernet0/1
L3-Switch(config-if)#switchport mode access  
L3-Switch(config-if)#switchport access vlan 20
L3-Switch(config-if)#no shutdown 
L3-Switch(config-if)#exit

Step 5: Check routing table on L3-Switch

We can check for routing table on the layer 3 switch by using the following show command;

L3-Switch#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.12.0/24 is directly connected, Vlan10		<--
L        192.168.12.1/32 is directly connected, Vlan10
      192.168.21.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.21.0/24 is directly connected, Vlan20		<--
L        192.168.21.1/32 is directly connected, Vlan20

As seen in the output of the show command above, the Layer 3 switch now has a connected route, which means it is handling IP routing.

Step 6: Configure the host devices

The two routers in the network topology will act as the two host devices that are in different vlans. To make a router act as a host device, we need to disable IP routing and then configure a default gateway IP address for the router. The IP address of the default gateway is the IP address assigned to the SVI for the VLAN on which the router is located.

Router 1

Disable the routing table, configure the IP address on Ethernet0/0, set the IP gateway on R1, and try to ping the gateway.

R1(config)#no ip routing 

R1(config)#interface ethernet0/0
R1(config-if)#ip address 192.168.12.254 255.255.255.0
R1(config-if)#no shutdown 
R1(config-if)#exit   

R1(config)#ip default-gateway 192.168.12.1

R1#ping 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1008 ms 

Router 2

Disable the routing table, configure the IP address on Ethernet0/0, set the IP gateway on R2, and try to ping the gateway.

R2(config)#no ip routing

R2(config)#interface ethernet0/0
R2(config-if)#ip address 192.168.21.254 255.255.255.0
R2(config-if)#no shutdown 
R2(config-if)#exit

R2(config)#ip default-gateway 192.168.21.1

R2#ping 192.168.21.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.21.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/203/1009 ms

Step 7: Test the configuration

From R1 pings R2 and also the IP gateway of VLAN20.

R1#ping 192.168.21.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.21.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R1#ping 192.168.21.1  
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.21.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms

From R2 pings R1 and the IP gateway of VLAN10.

R2#ping 192.168.12.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/5 ms
R2#ping 192.168.12.1  
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms

 

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top