0

Inter-VLAN Routing using Switch Virtual Interfaces

Posted on by bl4ckwidow

Introduction

Another way of configuring inter-VLAN routing is through the use of Switch Virtual Interfaces on a multilayer switch whereby we configure virtual interfaces on the switch. However, we will not require a Router to route traffic between multiple vlans. We only require a switch that can perform both L2/L3 functionalities.

In an earlier lab, we looked at how to configure Inter-VLAN routing (route based) where we have a Layer 3 device and we configure sub-interfaces on the physical interface to route traffic between multiple VLANs.

In this lab, we are going to configure Switch Virtual Interfaces in order to achieve inter-vlan routing. Our SVI will provide for a Layer 3 virtual interface to route traffic between vlans. We are then going to configure a routed interface between the two switches and lastly we will configure a static default route and verify full connectivity across the network.

Build the topology.

We will build our topology on EVE-NG, however, you can still use Packet Tracer to perform this lab successfully.
Add the following nodes in a new workspace and connect them as per the below image

  • Cisco vIOS Switch x2
  • 4 Workstations.

IP Addressing

VLAN10 – FINANCE – 10.1.10.0/24
VLAN20 – HUMANRESOURCE – 10.1.20.0/24
VLAN30 – INFRASTRUCTURE – 10.1.30.0/24
VLAN40 – MARKETING – 10.1.40.0/24

Configure IP Addressing on the workstations as per the topology

Once you have built the topology and connected the nodes, as above, we can now begin configuring our devices.

Configure VLANs on the Distribution Layer Switches

On DLS1 we are going to create VLAN 10 and VLAN 20 and configure our access ports.

DLS1(config)#
DLS1(config)#
DLS1(config)#vlan 10
DLS1(config-vlan)#
DLS1(config-vlan)#
DLS1(config-vlan)#name FINANCE
DLS1(config-vlan)#
DLS1(config-vlan)#
DLS1(config-vlan)#exi
DLS1(config)#
DLS1(config)#
DLS1(config)#vlan 20
DLS1(config-vlan)#
DLS1(config-vlan)#name HUMANRESOURCE
DLS1(config-vlan)#
DLS1(config-vlan)#exit
DLS1(config)#
DLS1(config)#
DLS1(config)#

Next, we are going to configure our access ports Interface GigabitEthernet0/1 and Interface GigabitEthernet0/2. We will set the switchport mode to access.

DLS1(config)#
DLS1(config)#int gig0/1
DLS1(config-if)#
DLS1(config-if)#
DLS1(config-if)#swi
DLS1(config-if)#switchport mo
DLS1(config-if)#switchport mode ac
DLS1(config-if)#switchport mode access
DLS1(config-if)#
DLS1(config-if)#swi
DLS1(config-if)#switchport acc
DLS1(config-if)#switchport access vlan 10
DLS1(config-if)#
DLS1(config-if)#exit
DLS1(config)#
DLS1(config)#int gig0/2
DLS1(config-if)#
DLS1(config-if)#swi
DLS1(config-if)#switchport mod
DLS1(config-if)#switchport mode acc
DLS1(config-if)#sw
DLS1(config-if)#switchport acc
DLS1(config-if)#switchport access vlan 20
DLS1(config-if)#exit
DLS1(config)#

Verify your configurations with show vlan brief command

DLS1#
DLS1#show vlan brie

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/0, Gi0/3, Gi1/0, Gi1/1
                                                Gi1/2, Gi1/3
10   FINANCE                          active    Gi0/1
20   HUMANRESOURCE                    active    Gi0/2
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
DLS1#

On DLS2 configure VLAN 30 and VLAN 40 and configure access ports in a similar fashion as DLS1

DLS2(config)#
DLS2(config)#vlan 30
DLS2(config-vlan)#
DLS2(config-vlan)#
DLS2(config-vlan)#name INFRASTRUCTURE
DLS2(config-vlan)#
DLS2(config-vlan)#
DLS2(config-vlan)#exit
DLS2(config)#
DLS2(config)#
DLS2(config)#vlan 40
DLS2(config-vlan)#
DLS2(config-vlan)#
DLS2(config-vlan)#name MARKETING
DLS2(config-vlan)#
DLS2(config-vlan)#
DLS2(config-vlan)#
DLS2(config-vlan)#exit
DLS2(config)#
DLS2(config)#exit
DLS2#

Configure access ports on DLS2 just as you configured on DLS1 then verify your configurations

DLS2(config)#
DLS2(config)#int gig0/1
DLS2(config-if)#
DLS2(config-if)#
DLS2(config-if)#
DLS2(config-if)#swi
DLS2(config-if)#switchport mo
DLS2(config-if)#switchport mode acc
DLS2(config-if)#switchport mode access
DLS2(config-if)#
DLS2(config-if)#swi
DLS2(config-if)#switchport ac
DLS2(config-if)#switchport access vlan
DLS2(config-if)#switchport access vlan 30
DLS2(config-if)#
DLS2(config-if)#exit
DLS2(config)#
DLS2(config)#
DLS2(config)#int gig0/2
DLS2(config-if)#
DLS2(config-if)#swi
DLS2(config-if)#switchport mod
DLS2(config-if)#switchport mode acc
DLS2(config-if)#switchport mode access
DLS2(config-if)#
DLS2(config-if)#swi
DLS2(config-if)#switchport acc
DLS2(config-if)#switchport access vlan 40
DLS2(config-if)#
DLS2(config-if)#
DLS2(config-if)#exit
DLS2(config)#

Verify your configurations on DLS2

DLS2#
DLS2#show vlan brie

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/0, Gi0/3, Gi1/0, Gi1/1
                                                Gi1/2, Gi1/3
30   INFRASTRUCTURE                   active    Gi0/1
40   MARKETING                        active    Gi0/2
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
DLS2#

Configure Switch Virtual Interfaces

In this step, we are going to configure SVIs on the two switches. Each vlan must have its gateway which will be the SVI interface we will configure on the switch.

On DLS1, configure SVI 10 and SVI 20 for VLANs 10 and 20 as below.

DLS1(config)#
DLS1(config)#int vlan 10
DLS1(config-if)#
DLS1(config-if)#
DLS1(config-if)#
DLS1(config-if)#ip add 10.1
*Jun 15 13:55:25.052: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down
DLS1(config-if)#ip add 10.1.10.1 255.255.255.0
DLS1(config-if)#
DLS1(config-if)#
DLS1(config-if)#no shut
DLS1(config-if)#
DLS1(config-if)#exit
DLS1(config)#
DLS1(config)#int vlan
*Jun 15 13:55:42.582: %LINK-3-UPDOWN: Interface Vlan10, changed state to up
*Jun 15 13:55:43.590: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
DLS1(config)#int vlan 20
DLS1(config-if)#
DLS1(config-if)#ip add
*Jun 15 13:55:49.044: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down
DLS1(config-if)#ip add 10.1.20.1 255.255.255.0
DLS1(config-if)#
DLS1(config-if)#no shut
DLS1(config-if)#
DLS1(config-if)#exit
DLS1(config)#
DLS1(config)#
*Jun 15 13:56:03.895: %LINK-3-UPDOWN: Interface Vlan20, changed state to up
DLS1(config)#
*Jun 15 13:56:04.898: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
DLS1(config)#

Verify your configuration using the command show ip int brie

DLS1#show ip int brie
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0     unassigned      YES unset  up                    up
GigabitEthernet0/1     unassigned      YES unset  up                    up
GigabitEthernet0/2     unassigned      YES unset  up                    up
GigabitEthernet0/3     unassigned      YES unset  up                    up
GigabitEthernet1/0     unassigned      YES unset  up                    up
GigabitEthernet1/1     unassigned      YES unset  up                    up
GigabitEthernet1/2     unassigned      YES unset  up                    up
GigabitEthernet1/3     unassigned      YES unset  up                    up
Vlan10                 10.1.10.1       YES manual up                    up
Vlan20                 10.1.20.1       YES manual up                    up
DLS1#

On DLS2 configure SVI 30 and SVI 40 for VLANs 30 and 40 and verify your configurations.

DLS2(config)#
DLS2(config)#int vlan 30
DLS2(config-if)#
DLS2(config-if)#
DLS2(config-if)#ip add 10
*Jun 15 14:05:28.247: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to down
DLS2(config-if)#ip add 10.1.30.1 255.255.255.0
DLS2(config-if)#
DLS2(config-if)#no shut
DLS2(config-if)#
DLS2(config-if)#exit
DLS2(config)#
DLS2(config)#int vla
*Jun 15 14:05:39.176: %LINK-3-UPDOWN: Interface Vlan30, changed state to up
*Jun 15 14:05:40.208: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to upn
DLS2(config)#int vlan 40
DLS2(config-if)#
DLS2(config-if)#ip add 10
*Jun 15 14:05:43.500: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan40, changed state to down
DLS2(config-if)#ip add 10.1.40.1 255.255.255.0
DLS2(config-if)#
DLS2(config-if)#no shut
DLS2(config-if)#
*Jun 15 14:05:58.244: %LINK-3-UPDOWN: Interface Vlan40, changed state to up
*Jun 15 14:05:59.257: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan40, changed state to up
DLS2(config-if)#exit
DLS2(config)#
DLS2(config)#

Verify your configurations

DLS2#show ip  int brie
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0     unassigned      YES unset  up                    up
GigabitEthernet0/1     unassigned      YES unset  up                    up
GigabitEthernet0/2     unassigned      YES unset  up                    up
GigabitEthernet0/3     unassigned      YES unset  up                    up
GigabitEthernet1/0     unassigned      YES unset  up                    up
GigabitEthernet1/1     unassigned      YES unset  up                    up
GigabitEthernet1/2     unassigned      YES unset  up                    up
GigabitEthernet1/3     unassigned      YES unset  up                    up
Vlan30                 10.1.30.1       YES manual up                    up
Vlan40                 10.1.40.1       YES manual up                    up
DLS2#

At this juncture, PC in vlan 20 can ping PC in vlan 10 and vice versa. PC in vlan 30 can ping PC in vlan 40 and vice versa. However, PC in vlan 10 on DLS1 cannot ping any PC on any vlan on DLS2. In the next step, we will configure the switches to allow full connectivity across the network.

Successful ping to VLAN 20
Successful ping to VLAN10
Successful ping to VLAN 40
Successful ping to VLAN 30

Configure Routing for Full connectivity across all VLANs on both Distribution layer switches

In order to have full connectivity across all VLANs, we are going to configure interfaces GigabitEthernet0/0 on DLS1 as well as GigabitEthernet0/0 on DLS2 as routed interfaces.
By default, they are switchports, since these are Multilayer Switches, performing both L2/L3 functions, we will convert these interfaces to be routed interfaces, in that, we can configure an ip address on those interface as well as routing protocols e.t.c.
As a first step, we are going to configure ip routing globally to give us L3 functionalities.
Let’s jump into the configurations now.

On DLS1, configure the interface as below;

DLS1(config)#
DLS1(config)#ip routing
DLS1(config)#
DLS1(config)#int gig0/0
DLS1(config-if)#
DLS1(config-if)#
DLS1(config-if)#no switchport
DLS1(config-if)#
DLS1(config-if)#d
*Jun 15 15:31:03.825: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Jun 15 15:31:04.827: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
DLS1(config-if)#desc LINK-TO-DS2
DLS1(config-if)#
DLS1(config-if)#ip add 10.1.1.1 255.255.255.252
DLS1(config-if)#
DLS1(config-if)#no shut
DLS1(config-if)#
DLS1(config-if)#exit
DLS1(config)#
DLS1(config)#

At the interface configuration level, we used the command no switchport to convert to an L3 interface and then we configured an ip address.

On DLS2, we can do the same as above and finally confirm ping is successful from DLS2 to DLS1

DLS2(config)#
DLS2(config)#ip routing
DLS2(config)#
DLS2(config)#int gig0/0
DLS2(config-if)#
DLS2(config-if)#
DLS2(config-if)#no sw
DLS2(config-if)#no switchport
DLS2(config-if)#
DLS2(config-if)#
DLS2(config-if)#desc LIN
*Jun 15 15:36:59.472: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Jun 15 15:37:00.473: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
DLS2(config-if)#desc LINK-TO-DS1
DLS2(config-if)#
DLS2(config-if)#ip add 10.1.1.2 255.255.255.252
DLS2(config-if)#
DLS2(config-if)#
DLS2(config-if)#no shut
DLS2(config-if)#
DLS2(config-if)#
DLS2(config-if)#exit
DLS2(config)#exit
DLS2#ping
*Jun 15 15:38:33.644: %SYS-5-CONFIG_I: Configured from console by console
DLS2#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 3/3/4 ms
DLS2#

Next, we are going to configure a static default route for full connectivity across the entire network.
With the use of CEF, it is recommended that you use a next-hop address instead of an exit interface while configuring static and default routes.

On DLS1 configure the static default route.

DLS1(config)#
DLS1(config)#
DLS1(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2
DLS1(config)#

Configure the static default route on DLS2 as well.

DLS2(config)#
DLS2(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1
DLS2(config)#

Notice, that we have specified the IP address of the GigabitEthernet interfaces as the next hop address.

Verify Full Connectivity

Verify that from PC in vlan 10, you can ping all the PCs in other vlans across the two Switches.
Troubleshoot if your pings are unsuccessful.

All pings are successful

We have now come to the end of another exciting lab.

bl4ckwidow

Co-Founder of Labing Overload. I am a Web Developer/Network Engineer turned CyberSecurity Engineer. FOSS enthusiast. Cisco Technologies enthusiast. Network Penetration Tester.

More Posts

Leave a Reply

Your email address will not be published. Required fields are marked *