Solved: Understanding routing between VLANs

levitan.eli · ‎07-10-2019

Hi there,

I hope this forum is ok for posts like this in which I ask for clearance in a topic...

So in order to send a packet between vlans i understand we need to change the switchport to trunk, But what is actually happening "behind the scenes" when I do that ?
Is the switch tagging the packet with the source vlan or the destination vlan ?

And what am I expected to do at work when such need occurs ? Do I need to revert it after the the sides communicated or It expires automatically ? I mean if the connection is temporary and I'll have 200 VLANs I could be all day encapsulating and reverting it ....

Thanks, Eli

Joseph W. Doherty · ‎07-11-2019

"(It's kind-of hard to 100% understand since english in not my first language)"

Your English is likely better than my use of any foreign language. If something I write is unclear, please let me know and I'll re-word it.

"I've been learning about router on a stick. . ."

Actually since L3 switches, you don't see many router-on-a-stick setups, and even then, if you had multiple switches, you might have a router routing between them versus a router routing between VLAN on the same switch.

"Q: If I have 5 VLANs spread across the network do I need to do (on the router) the encapsulation " int G0/0.1...int G0/0.2...int G0/0.3...int G0/0.4...int G0/0.5..." ??"

Maybe, maybe not. If using a link hosting multiple VLANs connected to a switch's trunk port, yes you commonly see subinterfaces that map to the individual VLANs. However, another option would be to have one interface on the router to connect to each VLAN.

"And (assuming they are on different VLANs) how does the router knows what VLAN needs to receive the message ? it's in the ip-destination and mac destination in the frame ?

It goes by IP. Actually a router only "knows" of VLANs when using subinterfaces which map a VLAN tag frame to a logical (i.e. subinterface). Within a router, all the packets are intermixed, again the router depends on IP addressing to decide where a packet should be directed to a particular interface. (BTW, don't want to confuse you, and not applicable to your question, but some routers now support VRF, which is a bit like VLANs for L3.)

View solution in original post

Mark Malone · ‎07-10-2019

Hi
Routing between vlans occurs on the layer 3 device where the SVIs or sub interfaces are depending on your setup , not on the layer 2 devices where the trunks are , that would be switching at layer 2 , vlans cannot communicate without some form of layer 3 device as there in there own broadcast domains , you can communicate internally in a vlan without a layer 3 device using arp though all on same subnet

If the vlans interfaces are all on 1 switch and routing is enabled it will automatically route between vlans in the router backplane ,once ip routing is enabled if its l3 switch , you may not see it in config as its default command now but show run all will have it if not in general config

I mean if the connection is temporary and I'll have 200 VLANs I could be all day encapsulating and reverting it ....
You shouldnt need to do anything really once its setup correctly

levitan.eli · ‎07-10-2019

Thanks for commenting, though it is not quite what I was asking,
I'll try clear the situation: A PC from VLAN10 on switch 1 needs to communicate with a PC from VLAN20 on switch 2 (layer 3 switching).
Now, "Is the switch tagging the packet with the source vlan or the destination vlan ?"

Joseph W. Doherty · ‎07-10-2019

From both you postings, I believe you need to better understand VLANs and routing.

What VLAN (virtual LANs) do on a switch, is keep traffic from different VLANs on the same switch logically separate. How this is done, on any switch is proprietary.

To allow different switches to "share" a link, frames from different VLANs are tagged (per some standard - tags are set by the transmitting switch and represent the VLAN # as defined on that switch). Such a link is call a "trunk" by Cisco.

As the purpose of VLANs is to keep traffic logically separate, you usually use a "router" (or a L3 switch) to "route" between networks (and VLANs are often mapped into a single IP network).

There's multiple ways your PC on switch 1's VLAN 10 might communicate with a PC on switch 2's VLAN 20. First you need to define whether VLANs 10 and 20 are only on the switch that hosts those two PCs. We also need to know whether one or both switches are L3 capable. We also need to know whether VLAN 10 and VLAN 20 or in separate L2 domains. We also need to know whether there's IP networks for VLANs 10 and 20.

Feel free to post more questions. When you understand what a VLAN is, and how it works at L2, we can then jump to inter-network (i.e. routing).

levitan.eli · ‎07-11-2019

Thanks for the explanation,
The 4th paragraph is way more advanced stuff than what I've learned so far.
I've been learning about router on a stick from pretty much all youtube has to offer (and cbtnuggets too)..

Q: If I have 5 VLANs spread across the network do I need to do (on the router) the encapsulation " int G0/0.1...int G0/0.2...int G0/0.3...int G0/0.4...int G0/0.5..." ??
And (assuming they are on different VLANs) how does the router knows what VLAN needs to receive the message ? it's in the ip-destination and mac destination in the frame ?

Thanks.
(It's kind-of hard to 100% understand since english in not my first language)

Joseph W. Doherty · ‎07-11-2019

"(It's kind-of hard to 100% understand since english in not my first language)"

Your English is likely better than my use of any foreign language. If something I write is unclear, please let me know and I'll re-word it.

"I've been learning about router on a stick. . ."

Actually since L3 switches, you don't see many router-on-a-stick setups, and even then, if you had multiple switches, you might have a router routing between them versus a router routing between VLAN on the same switch.

"Q: If I have 5 VLANs spread across the network do I need to do (on the router) the encapsulation " int G0/0.1...int G0/0.2...int G0/0.3...int G0/0.4...int G0/0.5..." ??"

Maybe, maybe not. If using a link hosting multiple VLANs connected to a switch's trunk port, yes you commonly see subinterfaces that map to the individual VLANs. However, another option would be to have one interface on the router to connect to each VLAN.

"And (assuming they are on different VLANs) how does the router knows what VLAN needs to receive the message ? it's in the ip-destination and mac destination in the frame ?

It goes by IP. Actually a router only "knows" of VLANs when using subinterfaces which map a VLAN tag frame to a logical (i.e. subinterface). Within a router, all the packets are intermixed, again the router depends on IP addressing to decide where a packet should be directed to a particular interface. (BTW, don't want to confuse you, and not applicable to your question, but some routers now support VRF, which is a bit like VLANs for L3.)

levitan.eli · ‎07-12-2019

" and even then, if you had multiple switches, you might have a router routing between them "

But isn't it super-unefficient ? Sounds like a waste of ports.

"However, another option would be to have one interface on the router to connect to each VLAN."

I must have misunderstood that, isn't routers have usually like 2-3 ports meant for connecting to switches(/devices) only ?

"the router depends on IP addressing to decide where a packet should be directed to a particular interface"

Got it finally, i think :)

Joseph W. Doherty · ‎07-12-2019

"But isn't it super-unefficient ? Sounds like a waste of ports."

Depends on bandwidth consumption. If light usage, having multiple VLANs on a single port is fine. If heavy usage, having more ports provides more bandwidth. Another solution is using Etherchannel.

Another reason to route directly between switches is to reduce switch latency. For example given sw1<>sw2<>sw3<>sw4<>rtr, you might route between sw1 VLANs with such a topology, but the traffic needs to cross 3 other switches (twice) to get to and from the router. If all switches has a direct connection to the router, the inter-switch latency would be avoided.

"I must have misunderstood that, isn't routers have usually like 2-3 ports meant for connecting to switches(/devices) only ?"

How many ports a router can host depends on the capacity of the router. Small routers have few ports because many struggle to even support one Ethernet port at high speed (most small routers are designed to route across a WAN link where maximum bandwidth is often much, much less than found within a LAN - that's another most reason LAN routing is done on a L3 switches).