Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3723
Views
0
Helpful
3
Replies

Inter-VLAN Routing and VTP Domain

Tang-Suan Tan
Level 1
Level 1

‎07-30-2012 09:49 AM - edited ‎03-07-2019 08:03 AM

Hi all :

I have a question that how to inter connect certain VLAN to certain VLAN? I just only want to use inter VLAN routing and no Private VLAN Routing.

For example, I have 6 VLAN : VLAN 1 to VLAN 6.

The requirement :

VLAN 1, VLAN 2 and VLAN 3 are inter routing each other.

VLAN 4 and VLAN 5 are inter routing each other.

VLAN 6 is stand alone VLAN without any routing.

Below is my steps, please give me advice, correction and suggestion if you have any:

First, I have to creat 6 VLANs : VLAN 1 to VLAN 6.

Second, I creat VLAN 1 to VLAN 3 in VTP Domain 1.

Third, I creat VLAN 4 and VLAN 5 in VTP Domain 2.

Fourth, I creat VLAN 6 in VTP Domain 3.

Fifth, I use interface VLAN command to set inter VLAN routing of all the 6 VLANs.

After the above 5 steps, can the network works as per my above three requirements? Any better idea or any problem on above steps?

Thanks and best regards,

tangsuan             

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-30-2012 10:29 AM

Hello Tang-Suan,

configuring different VTP domains has no influence on IP connectivity, it just provides 3 different administrative domains for configuration and propagation of Vlans on a population of switches.

If you build a trunk manually between switches in different VTP domains layer 2 and layer3 communication can take place.

To build separate routing tables so that different sets of SVI interfaces route between them you should use VRF lite.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/vrf.html

You need two VRFs

ip vrf DOMAIN1

rd 1000:100

!

ip vrf DOMAIN2

rd 1000:101

!

int vlan 4

ip vrf forwarding DOMAIN1

! retype ip address and mask

ip address x.y.z.k 255.255.255.w

int vlan 5

ip vrf forwarding DOMAIN1

! retype ip address and mask

ip address x5.y5.z5.k5 255.255.255.w

int vlan 6

ip vrf forwarding DOMAIN2

! retype ip address and mask

ip address x6.y6.z6.k6 255.255.255.w

show ip route vrf DOMAIN1

ping vrf DOMAIN1

are the commands to be used to see the different IP routing tables and to test IP connectivity in VRF

Hope to help

Giuseppe

0 Helpful

randerson
Level 1
Level 1

‎07-30-2012 10:32 AM

VTP is really only intended to distribute vlan information between switches, not necessarily limit routing between vlans. Inter-vlan routing is really controlled via ACLs on the L3 vlan interfaces, so if you are routing on your core switches, for example, you would block routing between the associated VLAN's subnets.

You can certainly separate switches into different VTP domains but that only limits which vlans get inserted into the switch's VLAN database - it does not preclude a device connected to that switch from being able to connect to another VLAN provided that the uplink trunk is allowing that VLAN.

Your steps above are fine for minimizing VLANs on certain switches but you'll need ACLs on the VLAN SVIs (switch) or sub-interfaces (router) if you want to limit traffic between VLANs. If you don't want any routing at all, you won't have an SVI or sub-interface for that particular VLAN so that only ports on VLAN 6 will be able to communicate with one another.

HTH

0 Helpful

Tang-Suan Tan
Level 1
Level 1
In response to randerson

‎08-04-2012 10:35 PM

Hi Ross and all:

Thanks to your reply!

After your suggestion, I went on to study the VLAN ACCESS CONTROL from Cisco website. I have gained the knowledge how to implement it but I have one question below.

As the VLAN ACCESS CONTROL can block different subnet and so at the same time it applies to different VLAN if the VLAN represents by the same subnet. The problem is where are the switches this VLAN ACCESS CONTROL applies ?

For exaple as for  typical Cisco Hierarchical Network, all the different VLAN scattering on different access switches under different distribution switches.

The same requirement that VLAN 1, 2, 3 are inter-routing each other while VLAN 4, 5 are inter-routing each other.

After I create the access lists and then create the VLAN access maps for all the requirement. How do I apply the vlan access maps to the switches?

Are the VLAN access maps to be applied on all the access layer switches since different PC in different VLANs will pass through the access layer switches in the first place before the distribution and core switches?

Or I can apply to one of VTP server (for example at one of the core layer switch), then this VTP server will propogate the VLAN ACCESS MAP to all the switches (in VTP client mode)?

Please help to provide your advise if you or anyone know the answer.

Many thanks!

best regards,

tangsuan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card