The ability to create VLANs and establish multiple networks on a switch is useless if you cannot allow the separate VLANs to communicate with each other. For separate VLANs to communicate you need to have routing, you accomplish this by adding a router or a layer 3 switch to the network. The Cisco CCNA curriculum expects you to know how to configure inter-vlan routing using a router connected to a switch through a trunked link. Configuring Layer 3 switching is a CCNP topic and not expected in the CCNA.
To configure a router for inter-vlan routing the router’s ethernet port needs to be converted to a trunked link. As a trunk, multiple VLANs (networks) can travel across the one ethernet port. To do this the ethernet port needs to use sub-interfaces in order to become the gateway for multiple networks. The sub-interfaces also need to have the 802.1Q trunking protocol enabled and the VLAN ID or number specified in the configuration. When multiple VLANs (networks) can communicate with the router over one trunked link the configuration is called “Router on a Stick.”
In the video tutorials, below I cover the entire process of configuring VLANs, switchports and a trunk on a switch, and inter-vlan routing on a router, using Cisco’s Packet Tracer program to simulate a real network environment.
In part 1, I discuss the need for VLANs and Inter-VLAN routing in a network
If you want to follow along in Packet Tracer with the parts 2 & 3. Click here to download the start file: inter-vlan-routing-start.zip
In part 2, I lay out the “Router on a Stick” topology and begin configuring the switch for VLANs
In part 3, I configure sub-interfaces, 802.1Q encapsulation with VLAN IDs, and the native VLAN on the router
In this video, I setup inter-VLAN routing by configuring the switch VLANs, switchports, and trunk, then I configure the router the subinterfaces on the router with IP addresses and the 802.1Q protocol.
VLANs – A switches is used to set up a local area network (LAN). A VLAN stands for a virtual local area network. By default, all of the ports on a Cisco switch are part of the same default VLAN (VLAN1) and therefore the same network. A VLAN is a network and a network is a broadcast domain. If you configure various switch ports for separate VLANs, then the devices on those ports will belong to separate VLANs and therefore, will be segmented into separate broadcast domains and networks. This is effectively like dividing a switch into multiple switches. This is cost effective, because instead of having multiple switches, each for a different network, you can have one switch configured for multiple VLANs and you can assign the ports on that switch to belong to whatever VLAN you need the host to belong to.
Data VLAN – A data VLAN carries only user data not management data, control data or voice data.
Default VLAN – On a Cisco switch the default VLAN is VLAN1. This means that by default, when a Cisco switch boots up for the first time all the ports are automatically assigned to the default VLAN, VLAN1. You cannot delete or rename VLAN1 but you can assign the ports on the switch to a different VLAN. It is considered best practice to make all of the user ports on the switch belong to a different default VLAN, one other than VLAN1. In this way, control data such as CDP and STP (spanning tree protocol) which are by default carried on VLAN1 would be on a separate VLAN from user data.
Native VLAN – The native VLAN, if not explicitly configured, will default to the default VLAN, (VLAN1). The Native VLAN is configured for an 802.1Q Trunk port. 802.1Q trunks carry traffic from multiple VLANs by tagging the traffic with VLAN identifiers (Tagged Traffic) which identifies which packets are associated with which VLANs, and they can also carry non VLAN traffic from legacy switches or non 802.1Q compliant switches (Untagged Traffic). The switch will place untagged traffic on the Native VLAN by using a PVID identifier. Native VLAN traffic is not tagged by the switch. It is a best practice to configure the Native VLAN to be different than VLAN1 and to configure it on both ends of the trunk.
Management VLAN – The management VLAN is any VLAN you configure to allow a host to connect to the switch and remotely manage it. The management VLAN will need to be configured with an IP address and subnet mask to allow a manager to connect to the switch by either a web interface (HTTP), Telnet, SSH, or SNMP.
Trunks – If you have a switch that has ports variously configured on four different VLANs, then that switch has four different networks on it. When you connect that switch to a router or to another switch you will need four ethernet connections or links, one for each VLAN/network. A more cost effective way to connect a switch with multiple VLANs to a router or switch would be to configure a Trunk. A Trunk is a special kind of port configuration which allows multiple VLANs to travel over one link. This way multiple networks can travel over one trunk instead of wasting valuable ports to connect from switch to switch or switch to router. A Cisco trunk by default uses the 802.1Q protocol. The 802.1Q protocol places and strips VLAN tags on packets to identify which VLAN they belong to.
switch#show interfaces trunk
switch(config)#vlan <vlan number>
switch(config-vlan)#name <vlan name>
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan <1-4096>
switch(config-if)#switchport mode trunk
switch(config-if)#switchport trunk allowed vlan <1-1005>
switch(config-if)#switchport trunk native vlan <1-1005>
In the video tutorials below I demonstrate how to configure VLANs and Trunks on a Cisco switch using Packet Tracer.