Solved: How to route two vlans on two switches that are connected only on one router?

Edil Cajigas · ‎10-05-2014

Suppose that any of the trunk links fails or if you want, suppose that there is no link between SW1 (G0/1) and SW2 (G0/1). How can you make computers in Vlan 10 to see computers in Vlan 20 and viceversa?. I tried creating a bridge group on the router for G0/0.10-G1/0.10 and another for G0/0.20-G1/0.20. Then define interface BVI10 and BVI20. Interfaces came up but you can not configure dot1q on them and switches can not see them. Anyways with one interface on the bridge group going down the BVI interface goes down as well so that's not an option. Router should be 10.10.10.1 and 20.20.20.1 and each computer have that as gateway respectively.

ghostinthenet · ‎10-05-2014

Actually, all members of the bridge group have to go down before the BVI interface will... one won't do it, so this is still a workable router-on-a-stick solution.

With L3 switches, you can use HSRP, VRRP or GLBP on the router and the switches, with the switches' SVI interfaces taking high priority. If you increase the connections between the switches and run EtherChannel, you can forego the router-on-a-stick approach entirely.

View solution in original post

ghostinthenet · ‎10-05-2014

If you want to handle it at layer 2, you can do your dot1q encapsulation on the sub-interfaces rather than the BVI interfaces.

bridge irb
!
interface GigiabitEthernet0/0.10
 encapsulation dot1q 10
 bridge-group 10
|
interface GigiabitEthernet1/0.10
 encapsulation dot1q 10
 bridge-group 10
|
bridge 1 protocol ieee
bridge 1 route ip
!
int BVI10
 IP address 10.10.10.1 255.255.255.0

If you go this route, you'll also want to set the bridge costs high so that the higher-performing path between the switches is preferred over the router for traffic passing from one side to the other.

Ideally, running a routed connection makes more sense here, but this requires layer 3 switching capability. What models of switches are these?

Edil Cajigas · ‎10-05-2014

Jody thanks very much!

Indeed the encapsulation was done in the sub-interfaces, as posted in the OP you can not [encap dot1q X] on the BVI interface. Even though, the switches didn't established the trunk with the BVI. Anyways using bridge groups is not an acceptable solution because with the failure of any interface of the trunk links in the router, the BVI interface goes down as well.

You said "if I want to handle it at layer 2" How will you do it at layer 3? I though something like HSRP or VRRP but that doesn't apply since it is only one router. Remember, the router must be able to route between vlan10 and vlan20 for computers on both switches in case of one of the trunk link failure.

This is for learning purposes so I started with Packet Tracer but PT doesn't support bridge groups. Then I tried GNS3. I will try with the router in GNS3 with a switch module but I'm not clear. that will be like having a 3rd switch, right? What I mean is that I will not be using routed interfaces between the router and the switches, right?

ghostinthenet · ‎10-05-2014

Actually, all members of the bridge group have to go down before the BVI interface will... one won't do it, so this is still a workable router-on-a-stick solution.

With L3 switches, you can use HSRP, VRRP or GLBP on the router and the switches, with the switches' SVI interfaces taking high priority. If you increase the connections between the switches and run EtherChannel, you can forego the router-on-a-stick approach entirely.

Edil Cajigas · ‎10-05-2014

I will double check the BVI not going down when one interface in the router goes down. Perhaps is a limitation on GNS3. What I did was to remove the connection between R1-G0/0 and SW1-G3/1 without setting R1-G0/0 shut, then the BVI interfaces went down as well. But I will double check, possibly I did something wrong.

Thanks again I appreciate your comments.