Re: Inter-VLAN Routing

sandro1 · ‎06-11-2019

Hi,

I was wondering what the purpose of Inter-VLAN routing is. Of course, it enables you to communicate with other VLANs.

In a simple example:

VLAN 10

VLAN 20

VLAN 30

Let's say Inter-VLAN routing should be enabled for VLAN 10 and VLAN 20 because those two networks need to communicate with each other. What's the purpose of having two separate VLANs after all? I might just consolidate those VLANs into one VLAN?

But maybe my other question might resolve my problem.

Given the network (see attachment).

All VLANs need to communicate with the two server clusters. Since there are different VLANs they cannot communicate with them right out of the box. I suppose this is when Inter-VLAN routing comes into play?

What's a good approach / best practice in this scenario?

I thought of making trunks between the switches and the servers too, and assign the servers to each VLAN?

help:)

ps. this is not a production environment. I'm just a student.

Regards,

Sandro

luis_cordova · ‎06-11-2019

Hi @sandro1 ,

What's the purpose of having two separate VLANs after all?

A:The purpose of VLANs is to separate the diffusion domains.

For example, in the same building you can have several diffusion domains working on the same LAN.
These domains could be:
-Administrators
-Employees
-Visits
-Support
-Services

You can connect several of these domains to the same switch and separate them through the VLANs.

Then, you can choose which VLAN you want to communicate with another through the inter-vlan.

I suppose this is when Inter-VLAN routing comes into play?

A: Correct, as the inter-vlan will also provide a gateway address to the VLAN through sub-interfaces.

What's a good approach / best practice in this scenario?

I thought of making trunks between the switches and the servers too, and assign the servers to each VLAN?

A: I recommend creating a different vlan for Cluster1 servers and another for Cluster2 servers.

Leave the switch ports in access mode, which connect to PCs and servers, and assign them the corresponding vlan.
In addition, you must leave in trunk mode all interfaces between the switches and those that connect the switches with the routers.
Then, configure sub-interfaces for vlan10, 20, 30 and the two new ones (vlan for cluster 1 and 2) in Router1.

As you have only one router, it will be enough to have the inter-vlan ready so there is communication between the vlan.

If you want to limit access between some vlan, you can achieve it through ACL.

Regards

Joseph W. Doherty · ‎06-11-2019

One major reason for having multiple VLANs (besides those mentioned by Luis) is for scalability. Within a single L2 domain, broadcasts are used for various purposes and broadcasts are sent to all hosts and all hosts must examine the content of the broadcast. Generally, because of broadcasts you only want about 128 (/25) to 512 (/23) hosts per L2 domain. By default, routing does not forward broadcasts.

Edwin Portillo · ‎06-11-2019

What's the purpose of having two separate VLANs after all?

When in your company or infrastructure are handled different areas for example: HR, Employees, Management is important to separate the resources that correspond, for example, data shared only by the Management and HR for the hiring of personnel or in the amount of decisions, Employees are not allowed to make decisions for them are other resources such as printers, system updates, management and traffic monitoring that generate for the production in their daily tasks, because it is good to separate each area by VLAN as the Layer two devices such as the SWITCH allow you to manage multiple ports for each area. This example divides VLAN 10 (RRHH), VLAN 20 (Employees), VLAN 30 (Management), each one assigned to a group of ports, for example, for VLAN 10, all that connect to the ports assigned to that area. To HR, look at the following example:

Vlan 10

name RRHH

VLAN 20

name Empleyoees

VLAN 30

name Management

interface range fa0/1-10

switchport mode access

switchport access vlan 10

interface range fa0/11-15

switchport mode access

switchport access vlan 20

interface range fa0/16-22

switchport mode access

switchport access vlan 30

interface range fa0/23-24

switchport mode trunk

***** (Generally the ports that are connected between SWITCH are trunk)

****** A trunk port is a port that is assigned to carry traffic for all the VLANs that are accessible by a specific switch, a process known as trunking. Trunk ports mark frames with unique identifying tags – either 802.1Q tags or Inter-Switch Link (ISL) tags – as they move between switches. Therefore, every single frame can be directed to its designated VLAN.

Could you simply consolidate those VLANs in a VLAN?

Of course you can not but you have better control when separating each area.

I thought of making trunks between the switches and the servers too, and assign the servers to each VLAN?

In your case you must truncate the interfaces that go from swicth to swith and also create in the Router1 subinterfaces so that the routing between VLANs makes sense:

int g0/0

no shutdown

int g0/0.10

encapsulation dot1q 10

ip address x.x.x.x x.x.x.x

int g0/0.20

encapsulation dot1q 20

ip address x.x.x.x x.x.x.x

int g0/0.30

encapsulation dot1q 30

ip address x.x.x.x x.x.x.x

To use a dynamic protocol such as EIGRP, you can do the following for internal VLANs.

router eigrp 1

network IDVLAN10

network IDVLAN20

network IDVLAN30

+++++To manage the clusters better do it from Router1