cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1095
Views
5
Helpful
5
Replies

InterVLAN Routing

vj_vignesh
Level 1
Level 1

Hi

I just don't seem to understand the concept of inter Vlan routing in L3 Switches. I am already 1 year into networking, and planning to take my switching CCNP paper in a month, i Just feel embarresed when i realise that i am not clear with Inter Vlan routing at this stage, i am comfartable with eveything else though.I would be thankful if someone could explain.

I have a Cisco 6509 multilayer switch, with about 20 Vlans. and the vlan interface IP in this switch is the gateway for each VLan. There are no routing protocols being used in the switch, all i have is a Default route to my Firewall.

I always read that "IP routing" is the command that enables InterVlan routing. But there isn't any other command other that the default route to my firewall that talks about routing in the switch.

Now i need to know the following

1. How am i able to communcicate with all other vlans when there is no "Ip routing" command

2. How do i limit Access to particular vlans, i.e. i need only some Vlans to be able to access My server VLAN.

3.Everything else i need to know about inter Vlan routing on L3 switches.

Thanks in advance.

1 Accepted Solution

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Vignesh,

1) ip routing is a global command that enables the multilayer switching on C6509. Without it the C6509 becomes a L2 LAN device and you need an external router to perform inter-vlan routing.

You don't see ip routing because it is probably enabled by default on Cat6509 and IOS config doesn't show default commands (it is so also on my Cat6509), however if you do sh ip route you see a static to 0.0.0.0/0 via the firewall and not a default-gateway.

Inter-vlans : you don't need any routing protocol to route traffic between connected interfaces on a single node.

The firewall in its turn has one or more static routes that describes your 20 Vlan subnets for the return path

2) you can use ACLs to limit access . You can apply them under interface Vlan X

3) inter vlan routing is one thing, multilayer switching is hardware based and use TCAM table to define what action to perform to a packet with a given destination.

modern switches populate the TCAM table using CEF so I would go to study it.

Hope to help

Giuseppe

View solution in original post

5 Replies 5

Marwan ALshawi
VIP Alumni
VIP Alumni

ok

L3 switches also known as multilayer switches

are switches with layer three intelegant and capablities, it have routing engin and proceser as the router

but these switches by default is not enabled to do rouitng u have to inter the comman ip routing

moreover its port by default layer two ports

u have to disable this is with the no switch port command to get work as a layer three port like a router and u give this interface ip address

no with Cat6500 with IOS software the ports comes layer three enabled

and eenthough u can make ethier layer three or two port

and about rouing

lets say in ur case u have 20 VLANs u need to make a virtuale interface

by intering

interface vlan [vlan No.]

ip address x.x.x.x x.x.x.x

no shut

no this Vlan is converted from layer two to a layer three

then after u finish makeing vlan interfaces for all vlans

the switch will route between vlans without any rouitn protocols

because it similar whenu have router with defrent subnets and all these subnets directly connected

all u need to do is make the default gateway for each host connected to that swich the ip address of the vlan it belong to SVI

let say u made vlan 5 as follow

interface vlan 5

ip address 10.10.10.10 255.255.255.0

no shut

this ip must be the default gateway for all hosts in vlan 5

and the same idea apply to all vlans

after u finish makeing SVIs in switch

enter show ip route u will see all vlan interfaces apeared as directly conncted

about filltering

u can use routed ACLs RACL to fillter between VLANs

as normal ACL make ACLs and apply it to the VLAN interface as u aply it to layer three interface in a router

and also u can use vlan ACL VACL to fillter traffic within the same vlan

i wish these information will be go guidance to u

good luck and if u have any more questions just ask

Rate if helpful

" How am i able to communcicate with all other vlans when there is no "Ip routing" command?"

Here are the possible reasons :

- IP routing is enabled by default on the SW. To verify that check your SW running config for the "ip routing" statement.

- As you have mentioned there is default GW towards a Firewall. If you don't have VLAN interfaces with IP's configured on the SW, its quite possible the Firewall is doing the Intervlan routing.

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Vignesh,

1) ip routing is a global command that enables the multilayer switching on C6509. Without it the C6509 becomes a L2 LAN device and you need an external router to perform inter-vlan routing.

You don't see ip routing because it is probably enabled by default on Cat6509 and IOS config doesn't show default commands (it is so also on my Cat6509), however if you do sh ip route you see a static to 0.0.0.0/0 via the firewall and not a default-gateway.

Inter-vlans : you don't need any routing protocol to route traffic between connected interfaces on a single node.

The firewall in its turn has one or more static routes that describes your 20 Vlan subnets for the return path

2) you can use ACLs to limit access . You can apply them under interface Vlan X

3) inter vlan routing is one thing, multilayer switching is hardware based and use TCAM table to define what action to perform to a packet with a given destination.

modern switches populate the TCAM table using CEF so I would go to study it.

Hope to help

Giuseppe

Ok that makes everything clear, I am clear with the CEF and Multilayer switching, but only the Inter Vlan Communication thing was bugging me. I think everything is clear now, This big doubt crept in only because i was wondering how i could stop communication betwrrn certain VLAn's. If it is possible only through ACL's then i think everything else is clear.

Thankyou very much all of you.

hope my description clearfied all things to u

by the way here we use rating for helpful posts !

thank you

Review Cisco Networking for a $25 gift card