InterVLAN routing on Layer 3 Switch

Posted: July 28, 2015 in CISCO

VLANs divide one broadcast domains into multiple broadcrast domains,which are isolated so packets must be routed in order to pass between them.This is known as inter-VLAN routing. On Catalyst switches it is accomplished by creating Layer 3 interfaces (Switch virtual interfaces (SVI).VLANs are useful in situations where you need the functionality of multiple parallel physical networks but you’d rather not want to spend the money on buying additional hardware.

In this example we will create 2 VLANs on multilayer switch,router traffic between them and the internet

Untitled

Add 10.10.10.10/24 address to R1 f0/0 interface and create route to the internet

R1(config)#int fa0/0
R1(config-if)#ip add
R1(config-if)#ip address 10.10.10.10 255.255.255.255.0
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1

192.168.1.1 is Default gateway of my internet connection.For info how to connect GNS3 routers to the internet see

https://zarzyc.wordpress.com/2014/09/04/connecting-the-gns3-to-real-network-device/

Configure switch

SW(config)#int f1/0
SW(config-if)no switchport  !makes the interface Layer 3 capable
SW(config-if)#ip address 10.10.10.20 255.255.255.0    ! interface to R1's f0/0 interface SW(config-if)exit SW(config)#ip routing                                                !enable IP routing SW(config)ip route 0.0.0.0 0.0.0.0 10.10.10.10         !default route to the internet SW(config)int vlan 2 SW(config-if)#ip add 20.20.20.10 255.255.255.0  !IP address for VLAN2 (it would be gateway !for clients in VLAN2 SW(config-if)#no shut SW(config-if)exit SW(config)int vlan 3 SW(config-if)#ip add 30.30.30.10 255.255.255.0 ! IP address for VLAN3 (it would be gateway !for clients in VLAN3 SW(config-if)#no shut SW(config-if)exit SW(config)int f1/2 SW(config-if)switchport access vlan 2  !configure f1/2 to allow traffic for VLAN2 SW(config)int f1/1 SW(config-if)switchport access vlan 3  !configure f1/1 to allow traffic for VLAN3

Advertise VLANs routes on both router R1 and switch (I used OSPF routing protocol)

SW(config)#router ospf 20
SW(config-router)#network
SW(config-router)#network 10.10.10.0 0.0.0.255 area 0
SW(config-router)#network 20.20.20.0 0.0.0.255 area 0
SW(config-router)#network 30.20.20.0 0.0.0.255 area 0

R1(config)#router ospf 20
R1(config-router)#network
R1(config-router)#network 10.10.10.0 0.0.0.255 area 0
R1(config-router)#network 20.20.20.0 0.0.0.255 area 0
R1(config-router)#network 30.20.20.0 0.0.0.255 area 0

Configure client1’s IP address with some address in 20.20.20.0 range with 255.255.255.0 mask and 20.20.20.10 as default gateway and client2 with address in 30.30.30.0 range,255.255.255.0 mask and 30.30.30.10 as DG

For clients and switch to access the internet we need to configure NAT on R1.I explained NAT configuration in one of my prevoius post so i won’t go into details here.

R1(config)#int f0/1
R1(config-if)#ip nat outside
R1(config-if)#int f0/0
R1(config-if)#ip nat inside
R1(config)#access-list 1 permit 10.10.10.0 0.0.0.255
R1(config)#access-list 2 permit 20.20.20.0 0.0.0.255
R1(config)#access-list 3 permit 30.30.30.0 0.0.0.255
R1(config)#ip nat inside source list 1 int f0/1 overload
R1(config)#ip nat inside source list 2 int f0/1 overload
R1(config)#ip nat inside source list 2 int f0/1 overload

You shold be able to ping hosts in both VLANs and the internet

Untitled

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s