simple configuration question <communication 2 vlan across the switch>

sebeeth-h · ‎08-24-2025

1. How computers in vlan 10 in sw1 and sw2 communicate ,

2. How computers in vlan 10 and vlan 20 communicate

Enes Simnica · ‎08-24-2025

@sebeeth-h that is a great question my Cisco friend. And let me dive deep here. So, when two computers are in VLAN 10, one connected to SW1 and the other to SW2, they communicate purely at Layer 2. Since both switches are configured with VLAN 10 on their access ports, and the uplinks towardd the device acting as the “gateway for VLAN 10” are trunk links carrying VLAN 10 traffic, the switches forward Ethernet frames directly between the hosts. The gateway is not involved because the traffic stays in the same subnet; the switches only need to learn the MAC addresses of the devices and forward accordinglyg,/. So as long as VLAN 10 is consistently configured across both switches, devices in SW1 and SW2 can exchange traffic seamlessly.

Now, if a computer in VLAN 10 wants to talk to a computer in VLAN 20, the situation changes. VLANs by design are separate broadcast domains, so communication between them requires a Layer 3 device, in this case, the routers or multilayer switches where the gateways are configured. The computer in VLAN 10 sends the packet to its default gateway (the SVI for VLAN 10 on the left-hand gateway). That device looks at the destination IP, realizes it belongs to VLAN 20, and then routes the packet toward the other gateway device connected to VLAN 20. Once it reaches the right-hand gateway, the packet is re-encapsulated into VLAN 20 and sent down to SW3 or SW4, dependingg on where the destination computer is connected. At that point, the packet is delivered to the host in VLAN 20. and I would suggest u to use Packet tracer and like that u will understand and learn better. ALso ping me if u have more questions....

hope it helps and PEACE!

-Enes

more Cisco?!
more Gym?!

If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!

sebeeth-h · ‎08-24-2025

so between layer 3 swithed do we needs to add a another network right ?

then configure static route <<<172.16.10.1 and 10.2 between gateway >>>to vlan 20 traffic <<ip route 192.168.20.0 255.255.255.0 172.16.10.2 >>>.is this static route enough

Enes Simnica · ‎08-24-2025

if u want i can Build a network topology on Packet tracer for u, just let me know...

more Cisco?!
more Gym?!

If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!

sebeeth-h · ‎08-24-2025

How to avoid this ,also can i make all the vlan gateway in core switch ,and make trunk allowed all vlan .14,20,10 will it communicate each other

Enes Simnica · ‎08-24-2025

and now we see the BIG picture. U have a core switch handling the main internet connection, and when it failed, Switch 5, which has a backup internet link, had to take over. This is an excellent question about building redundancy and resilience into a network.

The core issue here is one of dynamic path selection. U client devices point to their default gateway ( L3-SW1 for VLAN 10), but those Layer 3 switches need to know how to find the internet themselves. When their primary path vanished, they had no automatic mechanism to switch to the backup path via Switch 5. The most effective and common way to solve this is by using a floating static route. This is a brilliant feature that allows u to configure a backup route that remains dormant until the primary route fails. It's perfect for this scenario and works excellently in Packet Tracer.

The concept relies on a value called Administrative Distance (AD). This is a measure of a route's trustworthiness. A lower AD is preferred. A directly connected network has an AD of 0, a static route has an AD of 1, and we can manually configure a static route with a higher AD (like 5 or 200) to make it a backup. Here is how you would implement this solution on your Layer 3 switches, L3-SW1 and L3-SW2.

layer 3sw1 layer3 sw2:

U would log into each of your distribution layer switches (L3-SW1 and L3-SW2) and enter the following commands. Let's assume the Core Switch's IP address is 192.168.1.1 and Switch 5's IP address is 192.168.1.5. These addresses would be on a shared network segment, perhaps a dedicated VLAN for switch management and routing.

and dont forget that this is the primary default route pointing to the Core Switch.
It uses the default Administrative Distance of 1, making it the most preferred path.
ip route 0.0.0.0 0.0.0.0 192.168.1.1

now this is the backup floating static route pointing to switch5
the administrative distance of 5 makes it less trusted than the primary route.
 It will only appear in the routing table if the primary route fails.
ip route 0.0.0.0 0.0.0.0 192.168.1.5 5

and why this works great! Because under normal conditions L3-SW1 sends all internet traffic to the Core Switch (next-hop 192.168.1.1). If the Core Switch link fails, L3-SW1 automatically switches to the backup floating static route (next-hop 192.168.1.5). When the Core Switch comes back online, traffic automatically returns to the primary route. This setup ensures seamless failover without manual intervention.

NOW ALL U HAVE TO DO IS TAKE THE NETWORK TOPOLOGY THAT I DID FOR U, AND ADD THE OTHER PART OF THE CORE SWITCH, AND ADD THE CONFIGS THAT I TOLD U, AND ULL BE GOOD.

thats all from me today my Cisco friend, will enjoy some sunlight after a veryy veryy veryy looooooong week.

Im out!

-Enes

more Cisco?!
more Gym?!

If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!

MHM Cisco World · ‎08-24-2025

Config inter-vlan routing in each SW is bad bad idea with above topology

Config inter vlan in only one device (edge router)

All other SW only have L2 Vlan allow in trunk between SW/R

That it.

No need static route or IGP

Only you need default route in edge router and NAT to access internet

MHM

Joseph W. Doherty · ‎08-24-2025

@sebeeth-h wrote:

How to avoid this ,also can i make all the vlan gateway in core switch ,and make trunk allowed all vlan .14,20,10 will it communicate each other

Unclear what's meant by Internet going down causes SW5 to become "main switch". Could you clarify that? Such as, do you mean the core switch failed? Otherwise, failure to Internet would normally just mean you don't have Internet connectivity, local/internal networking shouldn't have been impacted.

Yes, you could host all gateway SVIs in core switch, which is what you had to do when using L2 VLAN switches. Then you have implicit routing between all your VLAN subnets without needing to provide static or dynamic routing (except for the Internet). However, with L3 switches, L3 topologies are generally better. If you're using static routing and you find it's a PIA, try using a dynamic routing protocol. Which makes for some nice options if you can add redundant links, such as a link between the gateway V10 switch and the core switch or possibly SW5.

Enes Simnica · ‎08-24-2025

also this one is sick:

more Cisco?!
more Gym?!

If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!

MHM Cisco World · ‎08-24-2025

1. How computers in vlan 10 in sw1 and sw2 communicate , <<- this need trunk between SW allow both vlan10 and vlan20

2. How computers in vlan 10 and vlan 20 communicate <<- this need add vlan30 and run ospf in both SW' under ospf add vlan10'20'30 subnet

MHM

sebeeth-h · ‎08-24-2025

i wants to make it static ,and same time between can i make it trunk link,with simple ip routing command will the issue resolved ?
just asking

MHM Cisco World · ‎08-24-2025

Trunk is need for both points

You can use static

Use VLAN 30 IP as next-hop of static route

MHM

Enes Simnica · ‎08-24-2025

@sebeeth-h my Cisco friend, i had some free time and thought id take a CRACK at ur vlan routing question. BEcause it a classic challange that trips up a lot of folks, so I built this PAcket tracer lab from 0 to 100, and hope it helps..... Also i kept the design simple on purpose, just a single link between the two Layer 3 switches, so we can focus on the routing concepts without getting bogged down in extra stuff like EtherChannel. Here’s what I put together for u...

Design Summary:

L3-SW1 is the gateway for VLAN 10 (192.168.10.1).
L3-SW2 is the gateway for VLAN 20 (192.168.20.1).
The two switches are connected via a simple point-to-point Layer 3 link (172.16.10.0/30), chosen for simplicity over a multi-link EtherChannel.

How It Works:

Communication within VLAN 10: Traffic between PCs in VLAN 10 on SW1 and SW2 is switched at Layer 2 through L3-SW1's trunk ports. The routing engine is not involved.
Communication between VLANs (The Key Part):
- Traffic from VLAN 10 to VLAN 20 is sent to its gateway, L3-SW1.
- L3-SW1 uses a static route (ip route 192.168.20.0 255.255.255.0 172.16.10.2) to forward the traffic to L3-SW2.
- L3-SW2 then delivers the traffic to VLAN 20.
- For the reply to get back, a reverse static route on L3-SW2 (ip route 192.168.10.0 255.255.255.0 172.16.10.1) is essential. This ensures bidirectional communication.

The most important command is ip routing, entered on both Layer 3 switches. This enables the routing functionality. Without it, the switch will not route traffic, and the static routes will be ignored...........

So the lab is fully tested. PCs in VLAN 10 can ping each other, and PCs in VLAN 10 can successfully ping PCs in VLAN 20, proving both intra-VLAN and inter-VLAN communication work correctly. Use some show commands, do some ping-ing and just mess around G, ull have fun!!!!

The attached Packet Tracer file contains the complete working configuration.

-Enes

more Cisco?!
more Gym?!

If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!

Joseph W. Doherty · ‎08-24-2025

In your OP diagram, the two gateway devices can be L3 switches (or possibly a hub/switch with a router, but we'll assume the former). The edge devices, can be hubs, non-VLAN capable switches, or VLAN switches.

From the edge devices connected to the L3 switch, those switches host VLAN 10 and VLAN 20, respectively. The edges devices, if hubs or non-VLAN capable switches, switches connect to the gateway device access ports in VLANs 10 and 20. If the edge devices are VLAN switches, they can do the same as just described, or as both @Enes Simnica and @MHM Cisco World described, use a trunk port on both sides supporting either VLAN 10 or 20. In either case, you now have a L2 broadcast domain for VLAN 10 or VLAN 20 between the 3 devices and hosts can intercommunicate using just L2.

For hosts to intercommunicate between the two L2 domains, you need to route between the subnets hosted on VLANs 10 and 20.

Basically, each subnet would direct its off local subnet to the SVI allocated in that subnet (or use proxy, but we'll assume the former). Once the SVI, the gateway for the subnet, receives the off local subnet destinations, it tries to routes toward them. In your example, this might be accomplished a couple of ways.

If you trunk between the two L3 switches, such that both of them have VLANs 10 and 20, and if both L3 switches have SVIs in both VLANs, each L3 switch can directly/locally route between the two VLANs.

Or, if you setup a routed link between the two L3 switches, you need to assign that link its own subnet, and somehow make the subnets for VLANs 10 and 20 known to the other L3 switch which might be accomplished via static or dynamic routing. Then each L3 switch can route packets received on its SVI to the other L3 switch using the L3 link between the two L3 switches.