InterVLAN connectivity

📘 CCNA 200-301 v1.1

2.1 Configure and verify VLANs (normal range) spanning multiple switches

2.1.c InterVLAN connectivity

1. What is InterVLAN Connectivity?

  • VLAN (Virtual Local Area Network) is used to separate a physical network into multiple logical networks.
    Example: VLAN 10 = HR department, VLAN 20 = IT department.
  • By default, devices in different VLANs cannot communicate with each other.
    • A device in VLAN 10 cannot send data to a device in VLAN 20 without help from a Layer 3 device (such as a router or Layer 3 switch).

InterVLAN connectivity means enabling communication between different VLANs through routing.

🔹 2. Why Do We Need InterVLAN Routing?

In an organization, we may have:

  • VLAN 10 – Sales
  • VLAN 20 – IT
  • VLAN 30 – Management

If these VLANs are isolated, they cannot share files, applications, or access shared services like a server or the Internet.
So, InterVLAN routing allows controlled communication between VLANs — for example, IT and Management can communicate, while Sales can be restricted using ACLs.

🔹 3. How Does InterVLAN Communication Work?

VLANs operate at Layer 2 (Data Link layer).
To communicate between VLANs, data must be passed to a Layer 3 (Network layer) device that can route IP packets between VLANs.

That means:

  • Switches forward frames inside the same VLAN.
  • Routers (or Layer 3 switches) forward packets between VLANs.

🔹 4. Methods of InterVLAN Routing

There are three main methods used in networks.
You must understand all three for the CCNA exam.

A. Legacy InterVLAN Routing (Router with multiple physical interfaces)

Concept:

Each VLAN is connected to a separate physical router interface.

Example setup:

VLANRouter InterfaceSwitch Port Connection
VLAN 10G0/0Access port in VLAN 10
VLAN 20G0/1Access port in VLAN 20

Each router interface:

  • Is assigned an IP address that acts as the default gateway for that VLAN.

Example Configuration:

Switch:

Switch(config)# interface fastEthernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10

Switch(config)# interface fastEthernet0/2
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 20

Router:

Router(config)# interface gigabitEthernet0/0
Router(config-if)# ip address 192.168.10.1 255.255.255.0

Router(config)# interface gigabitEthernet0/1
Router(config-if)# ip address 192.168.20.1 255.255.255.0

✅ Works fine but not scalable — requires one router port per VLAN.

B. Router-on-a-Stick (ROAS)

This is the most common method used in small to medium networks and is important for CCNA.

Concept:

  • Uses one physical interface on the router.
  • That interface is divided into multiple subinterfaces — each one represents a VLAN.
  • The switch port connected to the router is configured as a trunk port to carry multiple VLANs.

Example setup:

VLANSubinterfaceIP AddressGateway for VLAN
VLAN 10G0/0.10192.168.10.1Yes
VLAN 20G0/0.20192.168.20.1Yes

Configuration Steps

Step 1 – Configure the Switch

Switch(config)# interface gigabitEthernet0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20

Step 2 – Configure the Router

Router(config)# interface gigabitEthernet0/0.10
Router(config-subif)# encapsulation dot1Q 10
Router(config-subif)# ip address 192.168.10.1 255.255.255.0

Router(config)# interface gigabitEthernet0/0.20
Router(config-subif)# encapsulation dot1Q 20
Router(config-subif)# ip address 192.168.20.1 255.255.255.0

Router(config)# interface gigabitEthernet0/0
Router(config-if)# no shutdown

Now:

  • VLAN 10 devices use 192.168.10.1 as their default gateway.
  • VLAN 20 devices use 192.168.20.1 as their default gateway.
  • Router routes traffic between the VLANs.

Advantages:

  • Only one router interface needed.
  • Cost-effective and scalable.

Disadvantages:

  • The router can become a bottleneck because all VLAN traffic goes through one physical interface.

C. Layer 3 Switch InterVLAN Routing (SVI – Switched Virtual Interface)

Modern networks commonly use Layer 3 switches that can perform routing functions directly.

Concept:

  • Each VLAN has a Switched Virtual Interface (SVI) — a virtual Layer 3 interface on the switch.
  • The switch performs routing between VLANs internally (no external router needed).

Example setup:

VLANSVI InterfaceIP AddressGateway for VLAN
VLAN 10interface vlan 10192.168.10.1Yes
VLAN 20interface vlan 20192.168.20.1Yes

Configuration Steps:

Step 1 – Create VLANs

Switch(config)# vlan 10
Switch(config-vlan)# name HR
Switch(config)# vlan 20
Switch(config-vlan)# name IT

Step 2 – Assign ports to VLANs

Switch(config)# interface fastEthernet0/2
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10

Switch(config)# interface fastEthernet0/3
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 20

Step 3 – Create SVIs (virtual interfaces)

Switch(config)# interface vlan 10
Switch(config-if)# ip address 192.168.10.1 255.255.255.0
Switch(config-if)# no shutdown

Switch(config)# interface vlan 20
Switch(config-if)# ip address 192.168.20.1 255.255.255.0
Switch(config-if)# no shutdown

Step 4 – Enable IP routing on the switch

Switch(config)# ip routing

Advantages:

  • Very fast (routing done in hardware).
  • No external router needed.
  • Scalable and efficient for enterprise networks.

Disadvantages:

  • Requires a Layer 3 switch (more expensive than a Layer 2 switch).

🔹 5. How to Verify InterVLAN Connectivity

Use these show commands to verify configuration:

CommandDescription
show vlan briefShows VLANs configured on the switch
show interfaces trunkVerifies trunk ports
show ip interface briefShows interface IP status
show interfacesVerifies interface operational status
pingTests connectivity between VLANs
tracerouteTraces packet path between VLANs
show ip routeShows routing table (useful for Layer 3 switch or router)

🔹 6. Troubleshooting Tips

If InterVLAN routing is not working:

  1. Check VLAN membership – Is the device in the correct VLAN?
  2. Check IP addressing – Each VLAN must have a unique network.
  3. Check default gateways – End devices must have the correct gateway (the router or SVI IP address).
  4. Check trunk configuration – The trunk must allow all relevant VLANs.
  5. Check routing – Ensure ip routing is enabled (for Layer 3 switches).
  6. Check for shutdown interfaces – Use no shutdown on router/subinterfaces.

🔹 7. Summary Table

MethodDevice TypeConnectionScalabilityCommon Usage
Legacy RoutingRouterMultiple physical interfacesLowRare (old networks)
Router-on-a-StickRouterOne trunk interface, subinterfacesMediumSmall/medium networks
Layer 3 Switch (SVI)Multilayer switchInternal routingHighModern enterprise networks

✅ Key Points to Remember for the CCNA Exam

  • VLANs isolate traffic at Layer 2; InterVLAN routing connects them at Layer 3.
  • Router-on-a-Stick uses subinterfaces with 802.1Q encapsulation.
  • SVIs provide routing capability directly on Layer 3 switches.
  • Always ensure:
    • VLANs exist on all switches.
    • Trunks are configured correctly.
    • Each VLAN has a unique subnet.
    • Devices have correct default gateways.

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by