In this lesson we are going to take a look at routing between VLANs. When we want communication between different VLANs we’ll need a device that can do routing. We could use an external router but it’s also possible to use a multilayer switch (aka layer 3 switches).
Let’s look at the different options!
Router on a Stick
SW1 has two VLANs so we have two different subnets. If we want communication between these VLANs we’ll have to use a device that can do routing. In this example we’ll use a router for the job. R1 will need access to both VLANs so we’ll create a 802.1Q trunk between SW1 and R1. Here’s how to configure this:
SW1(config)#interface fa0/3
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk allowed vlan 10,20
This is how we configure SW1. Make interface fa0/3 a trunk port and for security measures I made sure that only VLAN 10 and 20 are allowed.
R1(config)#interface fa0/0.10
R1(config-subif)#encapsulation dot1Q 10
R1(config-subif)#ip address 192.168.10.254 255.255.255.0
R1(config)#interface fa0/0.20
R1(config-subif)#encapsulation dot1Q 20
R1(config-subif)#ip address 192.168.20.254 255.255.255.0
Create two sub-interfaces on the router and tell it to which VLAN they belong. Don’t forget to add an IP address for each VLAN.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, FastEthernet0/0.10
C 192.168.20.0/24 is directly connected, FastEthernet0/0.20
The router will be able to route because these two networks are directly connected.
C:\Documents and Settings\H1>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.10.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.254C:\Documents and Settings\H2>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.20.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.254
Don’t forget to set your IP address and gateway on the computers.
Let’s try a ping:
C:\Documents and Settings\H1>ping 192.168.20.1
Pinging 192.168.20.1 with 32 bytes of data:
Reply from 192.168.20.1: bytes=32 time<1ms TTL=128
Reply from 192.168.20.1: bytes=32 time<1ms TTL=128
Reply from 192.168.20.1: bytes=32 time<1ms TTL=128
Reply from 192.168.20.1: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
That’s how you do it. So why would you want to use a solution like this? It’s cheap! You don’t need a multilayer switch for your routing. Any layer 2 switch will do.
The Cisco Catalyst 2960 is a layer 2 switch; the cheapest multilayer switch is the Cisco Catalyst 3560. Compare the price on those two and you’ll see what I’m talking about.
Some of the disadvantages of this solution is that your router is a single point of failure and that traffic flows up and down on the same link which might cause congestion.
hostname R1
!
interface fastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
!
interface fastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
!
endhostname SW1
!
interface fastEthernet0/1
switchport mode access
switchport access vlan 10
!
interface fastEthernet0/2
switchport mode access
switchport access vlan 20
!
interface fastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,20
end
So what other solutions do we have?
SVI (Switch Virtual Interface)
This is the picture of a multilayer switch. This switch has routing capabilities! I can configure something called a SVI (Switch Virtual Interface) for each VLAN and put an IP address on it. This IP address can be used for computers as their default gateway. Here’s how to configure it:
SW1(config)#ip routing
SW1(config)#interface vlan 10
SW1(config-if)#no shutdown
SW1(config-if)#ip address 192.168.10.254 255.255.255.0
SW1(config)#interface vlan 20
SW1(config-if)#no shutdown
SW1(config-if)#ip address 192.168.20.254 255.255.255.0
Start by enabling routing using the ip routing command. If you forget this your switch won’t build a routing table! Next step is to create a SVI for VLAN 10 and 20 and configure IP addresses on them. This configuration might look familiar if you worked with layer 2 switches before. On a layer 2 switch like the Cisco Catalyst 2950/2960 we also have a SVI but you can only use it for remote management.
Once you create a SVI and type no shutdown it will normally be “up” since it’s only a virtual interface, there are however a number of requirements or it will show up as “down”:
- The VLAN has to exist in the VLAN database and it should be active.
- At least one access or trunk port should use this VLAN actively and it should be in spanning-tree forwarding mode.
Simply said: the VLAN has to be active somehow or your SVI will go down.
I have two computers in VLAN 10 and created a SVI for VLAN 10.
SW1#show ip interface brief vlan 10
Interface IP-Address OK? Method Status Protocol
Vlan10 192.168.10.254 YES manual up up
You’ll see that the status says up/up so that’s good.
If I shutdown one interface nothing will change, my SVI will still show up/up because interface fa0/2 is still active.
SW1#show ip interface brief vlan 10
Interface IP-Address OK? Method Status Protocol
Vlan10 192.168.10.254 YES manual up down
Once I shut both interfaces we don’t have anything active anymore in VLAN 10. As a result the SVI will go to up/down.
Now if I want I can exclude an interface from the SVI state. Imagine I want to make sure that whatever happens to interface fa0/2 doesn’t influence the SVI state:
SW1(config)#interface fa0/2
SW1(config-if)#switchport autostate exclude
I can use the switchport autostate exclude command. This means it won’t influence the state of the SVI interface anymore. Fa0/1 is the only interface that can now influence the SVI state, as soon as it goes down you’ll see that SVI state go down as well, even though fa0/2 is still up and running.
Enough about the SVI, there’s another method we can use our multilayer switch for routing. By default all interfaces on a switch are switchports (layer 2) but we can change them to routed ports (layer 3). A routed port is the exact same interface as what we use on a router.
hostname SW1
!
ip routing
!
interface vlan 10
ip address 192.168.10.254 255.255.255.0
!
interface vlan 20
ip address 192.168.20.254 255.255.255.0
!
interface FastEthernet0/2
switchport autostate exclude
!
end
Enough about SVI, there’s another method we can use for routing on multilayer switches.
Routed Port
By default all interfaces on a switch are switchports (layer 2) but we can change them to routed ports (layer 3). A routed port is the exact same interface as what we use on a router.
Here’s an example of the routed port. SW2 is a layer 2 switch and SW3 is a multilayer switch. The fa0/16 interface on SW3 has been configured as a router port so it can be used as the default gateway for the clients in VLAN 10.
SW2(config)#interface fa0/16
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 10
I’m going to configure the fa0/16 interface to SW3 as a normal access port and put it in VLAN 10.
SW3(config)#interface fa0/16
SW3(config-if)#no switchport
SW3(config-if)#ip address 192.168.10.254 255.255.255.0
Make it a routed port by typing no switchport and put an IP address on it, it can now be used by the computers as a gateway!
There are two things you should remember about this routed port:
- It’s no longer a switchport so it’s not associated with any VLAN.
- It’s a routed port but it doesn’t support sub-interfaces like a router does.
hostname SW2
!
interface fa0/1
switchport mode access
switchport access vlan 10
!
interface fa0/2
switchport mode access
switchport access vlan 10
!
interface FastEthernet0/16
switchport mode access
switchport access vlan 10
!
endhostname SW3
!
interface fa0/16
no switchport
ip address 192.168.10.254 255.255.255.0
!
end
What should you use? The SVI or the routed port? If you only have one interface in a VLAN it’s fine to use the routed port, configure an IP address on it and you are ready to go. If you have multiple interfaces in a VLAN you should use the SVI.
Routing Protocols
Multilayer switches can use routing protocols. Let me show you an example:
I have two multilayer switches and the link in between is layer 2. Let’s configure these switches:
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunkSW3(config-if)#switchport trunk encapsulation dot1q
SW3(config-if)#switchport mode trunk
I’m creating a 802.1q trunk in between the switches but it doesn’t matter what you pick. I also could have used access interfaces and use a single VLAN.
SW2(config)#vlan 10
SW2(config)#interface vlan 10
SW2(config-if)#ip address 192.168.10.1 255.255.255.0SW3(config)#vlan 10
SW3(config)#interface vlan 10
SW3(config-if)#ip address 192.168.10.2 255.255.255.0
Create a SVI interface on each Switch and configure an IP address.
SW3#ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
The switches can reach each other so the SVI interfaces and trunk are working.
SW2(config)#ip routing
SW2(config)#router eigrp 10
SW2(config-router)#network 192.168.10.0SW2(config)#ip routing
SW3(config)#router eigrp 10
SW3(config-router)#network 192.168.10.0
Let’s configure EIGRP to see if we can form a neighbor adjacency.
SW2 %DUAL-5-NBRCHANGE: EIGRP-IPv4:(10) 10: Neighbor 192.168.10.2 (Vlan10) is up: new adjacency
There goes…the switches have found each other.
SW3#show ip eigrp neighbors
EIGRP-IPv4:(10) neighbors for process 10
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.10.1 Vl10 13 00:01:25 1 200 0 1
We have successfully configured EIGRP between these two switches using the SVI interfaces.
hostname SW2
!
ip routing
!
interface FastEthernet 0/16
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface vlan 10
ip address 192.168.10.1 255.255.255.0
!
router eigrp 10
network 192.168.10.0
!
endhostname SW3
!
ip routing
!
interface FastEthernet 0/16
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface vlan 10
ip address 192.168.10.2 255.255.255.0
!
router eigrp 10
network 192.168.10.0
!
end
We can also do this with the routed ports!
Same switches but now I’m going to make the link in between layer 3 by using the routed ports.
SW2(config)#no interface vlan 10
SW2(config)#interface fa0/16
SW2(config-if)#no switchport
SW2(config-if)#ip address 192.168.10.1 255.255.255.0SW3(config)#no interface vlan 10
SW3(config)#interface fa0/16
SW3(config-if)#no switchport
SW3(config-if)#ip address 192.168.10.2 255.255.255.0
Get rid of the SVI interfaces and change the interfaces to routed ports. Don’t forget to add an IP address.
SW2(config)#router ospf 10
SW2(config-router)#network 192.168.10.0 0.0.0.255 area 0SW#(config-if)#router ospf 10
SW3(config-router)#network 192.168.10.0 0.0.0.255 area 0
Let’s configure OSPF this time just for fun!
SW2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
192.168.10.2 1 FULL/DR 00:00:37 192.168.10.2 FastEthernet0/16
We have established an OSPF neighbor adjacency by using the routed ports!
hostname SW2
!
ip routing
!
interface FastEthernet0/16
no switchport
ip address 192.168.10.1 255.255.255.0
!
router ospf 10
network 192.168.10.0 0.0.0.255 area 0
!
endhostname SW3
!
ip routing
!
interface FastEthernet0/16
no switchport
ip address 192.168.10.2 255.255.255.0
!
router ospf 10
network 192.168.10.0 0.0.0.255 area 0
!
end
These are all the methods how you can configure routing on your multilayer switches. The router on a stick, SVI interfaces and the routed port. I hope this lesson has been useful to you!
No comments:
Post a Comment