The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
Inter-VLAN Routing
1. Lesson 04: Analyzing Inter-VLAN
Routing
Overview
◦ Routing is the process of determining where to send data packets destined for
addresses outside of the network.
◦ Routers gather and maintain routing information to enable the transmission and receipt
of data packets.
◦ For traffic to cross from one VLAN to another, a Layer 3 process is necessary.
Understanding Inter-VLAN Routing
◦ Inter-VLAN communication occurs between broadcast domains via a Layer 3 device.
◦ In a VLAN environment, frames are switched only between ports within the same
broadcast domain.
◦ VLANs perform network partitioning and traffic separation at Layer 2.
◦ Inter-VLAN communication cannot occur without a Layer 3 device, such as a router.
◦ This process uses IEEE 802.1Q to enable trunking on a router subinterface. See the
following diagram for a VLAN-to-VLAN overview.
2. VLAN-to-VLAN Overview
Obtained from Cisco.com.
Router on a Stick
◦ The diagram illustrates a router attached to a core switch.
◦ The configuration between a router and a core switch is sometimes referred to as a
router on a stick.
◦ The router can receive can receive packets on one VLAN and forward them to another
VLAN.
◦ To perform inter-VLAN routing functions, the router must know how to reach all
interconnected VLANs.
◦ There must be a separate connection on the router for each VLAN, or you must enable
802.1Q trunking on those connections.
◦ The router already knows about directly connected networks.
◦ The router must learn routes to networks to which it is not directly connected.
3. Overview of Subinterfaces
◦ To support 802.1Q trunking, you must subdivide the physical Fast Ethernet interface of
the router into multiple, logical, addressable interfaces, one per VLAN.
◦ The resulting logical interfaces are called Subinterfaces.
◦ Without this subdivision, you would to dedicate a separate physical interface to each
VLAN.
Example: Subinterfaces
Obtained from Cisco.com.
◦ In the figure, the FastEthernet0/0 interface is divided multiple subinterfaces:
FastEthernet0/0.1
FastEthernet0/0.2
FastEthernet0/0.3
4. Configuring Inter-VLAN Routing
Obtained from Cisco.com.
Example: Inter-VLAN routing with 802.1Q
◦
In the figure, the fastEthernet0/0 interface is divided into multiple subinterfaces.
◦
Each subinterface represents the router in each of the VLANs for which it routes, except in the native
VLAN (in this example there is only one subinterface).
◦
The 802.1Q native VLAN frames do not carry a tag.
◦
The native VLAN here is represented by the major interface of the trunk; therefore the FastEthernet0/0
interface has an IP address in the native VLAN address space.
5. Example: Inter-VLAN routing with 802.1Q
continues…
◦ Use the encapsulation dot1q vlan identifier IOS command (where vlan identifier is the
VLAN number) on each subinterface to enable 802.1Q encapsulation trunking.
◦ The subinterface number does not have to be the same as the VLAN
number, however, management is easier when the two numbers are the same.
◦ Alternatively, the native VLAN can be configured on a subinterface by using the
encapsulation dot1Q vlan identifier native IOS command on the subinterface.
◦ Ensure that the VLAN assigned as the native VLAN matches the native VLAN on the
switch to which the router connects.
6. Inter-VLAN Routing Using an Internal Router
Internal Router Using a Core 6500 Multilayer switch
◦
◦
Your organization’s Core 6500 switch employs Multilayer Switch Feature Card (MSFC) for inter-VLAN
routing.
◦
While inter-VLAN routing with a router on a tick uses an external router, your own organization
accomplishes the same VLAN routing functionality using a router built in to the Core 6500 switch.
In your organization, the router for inter-VLAN routing resides as a module inside the Core 6500 switch.
Example: Inter-VLAN routing with 802.1Q on a 6500
◦
The is no needs for subinterfaces for inter-VLAN routing in this environment
◦
To configure inter-VLAN routing on your Core 6500 environment you need to do the following:
You need to create a VLAN management interface on the Core 6500 switch to be used as the default
gateway for switches in the vtp client mode.
Assign an IP address to the management interface.
For switches in the vtp client mode, create inter-VLAN routing based on the Core management VLAN ID.
Assign a unique management IP address to each switch on the campus network that are trunking.
Use the Core management IP address as the default gateway for all other switches in the organization.
Configure uplink interfaces as trunking interfaces.
Use encapsulation dot1q.
Use native VLAN 100
Set uplink interface modes to trunk
The following diagram figure show an overview of the process:
8. Lesson 04: Wrap-up
Summary
◦ Inter-VLAN routing using a router on a stick
utilizes an external router to pass traffic between
VLANs.
◦ Inter-VLAN routing using a Core 6500 switch
utilizes an internal to pass traffic between VLANs
◦ A router on a stick is configured with a
subinterface for each VLAN (except possibly for
the native VLAN) and 802.1Q trunk
encapsulation.
9. Summary of Training
Lesson 01 provided an analysis overview of campus
networks as well your own enterprise campus network .
Lesson 02 provided a deep understanding of VLANs and
VLAN implementation in your organization.
Lesson 03 addressed knowledge and skills required to plan
and implement switch interfaces in your organization.
Lesson 04 addressed the concept of Inter-VLAN routing with
a router on a stick and a router as a multilayer switch.
Lesson 05 provided an overview of Layer 2 switch security
best practices for your organization enterprise network.
Lesson 06 provided you with an opportunity to employ the
knowledge and skills acquired in previous lessons to develop
a configuration template for your organization.
