cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3069
Views
10
Helpful
10
Replies

Inter VLAN Routing Using a Multilayer Switch

Stuart D
Level 1
Level 1

Hi,

I've been trying to setup inter vlan routing using a multilayer switch, however I'm having some trouble getting it working.

I've followed a couple of tutorials I've read online but still can't get it to work. It will ping within the same vlan, but not across different vlans. 

One thing I've been unable to do is use the 'switchport trunk encapsulation dot1q' command on the layer 2 switch trunk ports. I'm not sure what this command does though, so I don't know if it's needed.

help1.jpg

Can anyone help with this?

 

Here are the configs for the two layer 2 switches and the multilayer switch:

Switch1:

interface Port-channel1

switchport mode trunk

!

interface FastEthernet0/1

switchport mode trunk

channel-group 1 mode active

!

interface FastEthernet0/2

switchport mode trunk

channel-group 1 mode active

!

interface FastEthernet0/10

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 20

switchport mode access

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

mac-address 0001.97c3.a001

ip address 192.168.10.1 255.255.255.0

!

interface Vlan20

mac-address 0001.97c3.a002

ip address 192.168.20.1 255.255.255.0

!

interface Vlan30

mac-address 0001.97c3.a004

ip address 192.168.30.1 255.255.255.0

!

interface Vlan40

mac-address 0001.97c3.a005

ip address 192.168.40.1 255.255.255.0

!

 

 

Switch 2:

interface Port-channel2

switchport mode trunk

!

interface FastEthernet0/1

switchport mode trunk

channel-group 2 mode active

!

interface FastEthernet0/2

switchport mode trunk

channel-group 2 mode active

!

interface FastEthernet0/10

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 30

switchport mode access

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

mac-address 0007.ecc6.3901

ip address 192.168.10.1 255.255.255.0

!

interface Vlan20

mac-address 0007.ecc6.3902

ip address 192.168.20.1 255.255.255.0

!

interface Vlan30

mac-address 0007.ecc6.3903

ip address 192.168.30.1 255.255.255.0

!

interface Vlan40

mac-address 0007.ecc6.3904

ip address 192.168.40.1 255.255.255.0

!

 

 

Multilayer Switch:

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Port-channel2

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Port-channel3

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Port-channel4

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode active

!

interface FastEthernet0/2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode active

!

interface FastEthernet0/3

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 2 mode active

!

interface FastEthernet0/4

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 2 mode active

!

interface FastEthernet0/5

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 3 mode active

!

interface FastEthernet0/6

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 3 mode active

!

interface FastEthernet0/7

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 4 mode active

!

interface FastEthernet0/8

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 4 mode active

!

interface GigabitEthernet0/1

no switchport

ip address 10.1.1.1 255.255.255.252

duplex auto

speed auto

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

mac-address 0002.1658.5d01

ip address 192.168.10.1 255.255.255.0

!

interface Vlan20

mac-address 0002.1658.5d02

ip address 192.168.20.1 255.255.255.0

!

interface Vlan30

mac-address 0002.1658.5d03

ip address 192.168.30.1 255.255.255.0

!

interface Vlan40

mac-address 0002.1658.5d04

ip address 192.168.40.1 255.255.255.0

!

 

Here's the section of the topology I'm configuring:

 

help2.jpg

Thanks,

-Stuart

1 Accepted Solution

Accepted Solutions

Hi @Stuart D ,

 

Review your exercise and I found these details about concepts:
-The VLAN interface of the L2 switches is only for administration, so you should not assign the VLAN gateway in that interface.
In the administration interface, a valid ip of the VLAN must be assigned, as well as a gateway for the switch:

HSRP1.jpg

 

As you see in the image, I deleted all the VLAN interfaces that were not the administration one and assigned it the VLAN gateway(I changed the gateway IP, I'll explain why later).

I replicated this process on all the L2 switches in your topology.

-In the two switch L3 you had the same IP configured in the VLAN interfaces.
If you want to achieve redundancy, this is incorrect, since the devices do not know which of these L3 is his gateway.

To achieve redundancy in this topology, you must use the HSRP protocol, which assigns a virtual gateway to the devices (192.168.x.100) and assigns roles (active / standby) to the L3 switches:

HSRP2.jpg

 

The L3 switch on the left will remain as active, so in the L3 switch on the right the same commands are entered, except the priority one, since it is already 100 by default:

HSRP3.jpg

 

Sorry if I went long, but I wanted to explain the concepts.
I enclose the exercise with the changes.

 

Regards

View solution in original post

10 Replies 10

Alan Ng'ethe
Level 3
Level 3

@Stuart D wrote:

Hi,

I've been trying to setup inter vlan routing using a multilayer switch, however I'm having some trouble getting it working.

I've followed a couple of tutorials I've read online but still can't get it to work. It will ping within the same vlan, but not across different vlans. 

 


ISL encapsulation which would be the other type of encapsulation in addition to dot1q, is deprecated. Therefore when you configure encapsulation, dot1q is the only encapsulation supported. You can verify the encapsulation type by using the command show interfaces trunk.

 

As for not being able to ping across vlans, please ensure the ip routing command is enabled on the multi-layer switch

 

 

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.

Hi Alan,
Thanks for the response. I've just double checked an I do have ip routing enabled. Both vlans are configured on the multilayer switch and the ports are both set to trunk. I can't think what else could be wrong. I'm fairly new to this, so I could be missing something

Hello

This is a duplicate post  with the below and you have marked that has solved? 

https://community.cisco.com/t5/switching/implementing-vlans-in-a-hierarchical-design/m-p/3846450#M464604


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Paul,
Sorry for the confusion. Previously I was trying to communicate within the same VLAN which I was able to get working. Now I'm playing around with trying to get PCs within different VLANs to communicate with each other. I'm still very new to this, so I may have used the wrong terminology. This is the first network I've attempted to setup outside of the Cisco lessons.

Thanks
-Stuart

Hi @Stuart D ,

 

Could you compress your exercise (with Winzip, for example) and attach it to review your settings?

 

Regards

Here it is, I'm currently working on the two left most switches.

Thanks

Hi @Stuart D ,

 

Review your exercise and I found these details about concepts:
-The VLAN interface of the L2 switches is only for administration, so you should not assign the VLAN gateway in that interface.
In the administration interface, a valid ip of the VLAN must be assigned, as well as a gateway for the switch:

HSRP1.jpg

 

As you see in the image, I deleted all the VLAN interfaces that were not the administration one and assigned it the VLAN gateway(I changed the gateway IP, I'll explain why later).

I replicated this process on all the L2 switches in your topology.

-In the two switch L3 you had the same IP configured in the VLAN interfaces.
If you want to achieve redundancy, this is incorrect, since the devices do not know which of these L3 is his gateway.

To achieve redundancy in this topology, you must use the HSRP protocol, which assigns a virtual gateway to the devices (192.168.x.100) and assigns roles (active / standby) to the L3 switches:

HSRP2.jpg

 

The L3 switch on the left will remain as active, so in the L3 switch on the right the same commands are entered, except the priority one, since it is already 100 by default:

HSRP3.jpg

 

Sorry if I went long, but I wanted to explain the concepts.
I enclose the exercise with the changes.

 

Regards

Thanks, this is really helpful. I'd been messing around with HSRP but had been unable to get it working so gave up. Thanks for the explanation as well, helps me to understand it too! :)

You need to remove all VLAN interfaces from both L2 switches (and leave just one, for management. I created Vlan 101 for that purpose, as it is not recommended to use Vlan 1 for manegement).

Your PCs need to have the default gateway set to the IP addresses of the VLAN interfaces on the L3 switch. So the configs would look like below:

 

Switch1:

interface Port-channel1
switchport mode trunk
!
interface FastEthernet0/1
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/2
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/10
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 20
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
interface Vlan101
description Management Vlan
ip address 192.168.101.1 255.255.255.0

 

Switch 2:

interface Port-channel2
switchport mode trunk
!
interface FastEthernet0/1
switchport mode trunk
channel-group 2 mode active
!
interface FastEthernet0/2
switchport mode trunk
channel-group 2 mode active
!
interface FastEthernet0/10
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 30
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
interface Vlan101
description Management Vlan
ip address 192.168.101.2 255.255.255.0

 

Multilayer Switch:

interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel4
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode active
!
interface FastEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode active
!
interface FastEthernet0/5
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode active
!
interface FastEthernet0/6
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode active
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 4 mode active
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 4 mode active
!
interface GigabitEthernet0/1
no switchport
ip address 10.1.1.1 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
mac-address 0002.1658.5d01
ip address 192.168.10.1 255.255.255.0
!
interface Vlan20
mac-address 0002.1658.5d02
ip address 192.168.20.1 255.255.255.0
!
interface Vlan30
mac-address 0002.1658.5d03
ip address 192.168.30.1 255.255.255.0
!
interface Vlan40
mac-address 0002.1658.5d04
ip address 192.168.40.1 255.255.255.0
!
interface Vlan101
description Management Vlan
ip address 192.168.101.254 255.255.255.0

 

 

Hello

Not to worry but FTI - if you look back at that post , I did provide you will a solution that should enable to allow host-host communication within a vlan and between vlans  


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco