Show
The advent of VLAN brought about security, simplicity, and flexibility to the LAN. It also led to a reduction in the amount of administrative overhead required to manage a multi-switch environment. Imagine the enormous complexity that would have characterized today’s LAN – more switches, access points, routers, and of course more cables. This obviously leads to a higher total cost of ownership for every LAN setup. A VLAN is a broadcast domain, which means computers on separate VLANs are unable to communicate without the intervention of a routing device. Whenever hosts in one VLAN need to communicate with hosts in another VLAN, the traffic must be routed through a routing device. This process is known as inter-VLAN routing. To successfully exchange information between VLANs, you need a router or a Layer 3 switch. There are three possible ways to implement inter-VLAN routing:
We will explain each of them in detail, and show you how to configure them in your network. Traditional Inter-VLAN RoutingThis method of inter-VLAN routing relies on a router with multiple physical interfaces. Each interface is usually connected to the switch, one for each VLAN. The switch ports connected to the router are placed in access mode and each router interface can then accept traffic from the VLAN associated with the switch interface that it is connected to, and traffic can be routed to the other VLANs connected to the other interfaces. This means that each of the routers’ interface IP addresses would then become the default gateway address for each host in each VLAN. Let’s take a look at the diagram shown in Figure 1.0 below. If Host A on VLAN 10, wants to send a message to Host B on VLAN 20, it would take the following steps:
To configure traditional inter-VLAN routing on a Cisco device, in accordance with the diagram shown in Figure 1.0 above, use the IP addresses shown in Table 1.0 and follow the steps below:
Table 1.0 IP address details for Figure 1.0 Step 1: Create VLANs (VLANs 10 and 20) on the switch
Step 2: Assign the VLANs to switch port
Now at this stage, when you try to ping between Host A and Host B, the ping fails because the two PCs are on separate networks and the router is not yet configured for inter-VLAN routing, so they cannot communicate with one another. Our next step is to configure inter-VLAN routing to enable communication between the VLANs. Step 3: Configure the IP addresses on the router
Now at this juncture, if you try to ping between Host A and Host B, it will be successful because the two VLANs are now interconnected through the router. Traditional inter-VLAN routing happens to be the earliest form of inter-VLAN routing. However, this method of inter-VLAN routing is not efficient. It is archaic, and no longer employed in today’s switched networks. This is because routers have a limited number of physical interfaces that can be used to connect to different VLANs. Therefore, as the number of VLANs increases on a network, the approach of having one router physical interface per VLAN becomes unsustainable due to the inherent hardware limitations of a router. In order to overcome some of the issues associated with traditional inter-VLAN routing, a new method known as router-on-a-stick was invented. Router-on-a-Stick Inter-VLAN RoutingA router-on-a-stick is a method of inter-VLAN routing in which the router is connected to the switch using a single physical interface, hence the name router-on-a-stick. Most modern inter-VLAN routing implementations are designed using this method. Unlike the traditional inter-VLAN routing method, router-on-stick does not require multiple physical interfaces on both the router and the switch. Instead, the router’s operating system makes it possible to configure the router interface to operate as a trunk link, which is then connected to a switch port that is configured in trunk mode. This implies that only one physical interface is required on the router and the switch to route packets between multiple VLANs. IEEE 802.1Q (Dot1q) protocol—which defines a system of VLAN tagging for Ethernet frames, is used to provide multi-vendor VLAN support. Prior to the introduction of the 802.1Q standard, several proprietary protocols such as Cisco Inter-Switch Link (ISL) and 3Com’s Virtual LAN Trunk (VLT), were used. The single physical interface on the router is linked to logical (virtual) subinterfaces, which can be configured with multiple IP addresses that correspond to the VLANs on the switch. Each subinterface is configured for different subnets corresponding to their VLAN assignment to facilitate logical routing. The router performs inter-VLAN routing by accepting traffic from all the VLANs. It then determines the destination network based on the source and destination IP in the packets. After a routing decision is made based on the destination VLAN, it then forwards the data frames to the switch with the correct VLAN information through the same physical interface used to receive the traffic. Let’s take a look at the diagram shown in Figure 2.0 below. If Host A on VLAN 10, wants to send a message to Host B on VLAN 20, the steps it would take are as follows:
To configure router-on-a-stick inter-VLAN routing on a Cisco device, in accordance with the diagram shown in Figure 2.0 above, use the IP addresses shown in Table 2.0 and follow the steps below:
Table 2.0 IP address details for Figure 2.0 Step 1: Create VLANs (VLANs 10 and 20) on the switch
Step 2: Assign the VLANs to switch ports
Step 3: Configure the IP addresses on the router
A ping between Host A and Host B will be successful because the two VLANs are now interconnected through the router. The router-on-a-stick method of inter-VLAN routing also has some limitations, such as scalability and latency issues. To overcome these issues, Cisco developed a better alternative: The Multilayer Switch Inter-VLAN Routing. Multilayer Switch Inter-VLAN RoutingMultilayer Switch Inter-VLAN Routing is a method of inter-VLAN routing in which a different kind of switch known as a multilayer switch is used to perform routing functions. A multilayer switch is a hybrid device that combines the functions of a switch with a router, which enables it to operate on both Layer 2 (L2) and Layer 3 (L3) of the OSI model, hence the name multilayer. Unlike the router-on-a-stick inter-VLAN routing method, a multilayer switch inter-VLAN routing does not require a dedicated router—everything happens inside the switch. Multilayer switches perform all VLAN routing functions on the network, thereby replacing the need for dedicated routers or trunk links. To enable a multilayer switch to perform routing functions, logical (virtual) interfaces known as Switch Virtual Interface (SVI) are used, one for each VLAN. SVI, also known as the VLAN interface, is a virtual routed interface that connects a VLAN on the device to the Layer 3 routing engine within the same device and can be configured with multiple IP addresses that correspond to the VLANs on the switch. Each SVI is configured for different subnets corresponding to their assigned VLAN to facilitate logical routing. When the multilayer switch receives a packet in a VLAN intended at the Layer 2 switch, the multilayer switch performs routing. Let’s take a look at the diagram shown in Figure 3.0 below: If Host A in VLAN 10, wants to send a message to Host B in VLAN 20, the steps it would take are as follows:
To configure multi-layer switch inter-VLAN routing on a Cisco device, in accordance with the diagram shown in Figure 3.0 above, use the IP addresses shown in Table 3.0 and follow the steps below:
Table 3.0 IP address detail for Figure 3.0 Step 1: Create VLANs (VLANs 10 and 20) on the L2 switch
Step 2: Assign the VLANs to the L2 switch ports
Step 3: Enable L3 routing and create VLANs (VLANs 10 and 20) on the L3 switch
Step 4: Configure Switch VLAN Interfaces (SVI)
Step 5: Configure a routed port for connecting to the firewall on the L3 switch
Again, a ping between Host A and Host B will be successful because the two VLANs are now interconnected through the multi-layer switch. Multilayer switch inter-VLAN routing is faster and more scalable than any other inter-VLAN routing implementation. This is because routers are limited by the number of available physical interfaces or ports, as well as the amounts of traffic that can be accommodated on the trunk link at one time. However, a multilayer switch does not totally replace the functionality of a router, as routers support a wide range of other supplementary features and capabilities. The table below is a comparison of the various inter-VLAN routing methods discussed.
Table 4.0 Comparison of the various inter-VLAN routing method Inter-VLAN Routing FAQsYou can forward traffic from one virtual LAN to another and this technique is called inter-VLAN routing. VLANs can be used to enforce security, creating different zones of security levels for different users or applications. However, in many cases, it is still necessary for traffic to pass from one VLAN to another. For example, imagine that you want to maintain two separate networks on your site because you need strong security for one and restricted access. However, imagine that you have one administrator for both networks and you put that admin account on the top security network. That administrator will still need access to the other network. By virtualizing the two networks onto the same infrastructure you cut costs and you can still have the same types of traffic throughput thanks to inter-VLAN routing. What are the three methods for inter-VLAN routing?There are three types of inter-VLAN routing and these are:
|