📘 CCNA 200-301 v1.1
2.1 Configure and verify VLANs (normal range) spanning multiple switches
2.1.c InterVLAN connectivity
1. What is InterVLAN Connectivity?
- VLAN (Virtual Local Area Network) is used to separate a physical network into multiple logical networks.
Example: VLAN 10 = HR department, VLAN 20 = IT department. - By default, devices in different VLANs cannot communicate with each other.
- A device in VLAN 10 cannot send data to a device in VLAN 20 without help from a Layer 3 device (such as a router or Layer 3 switch).
✅ InterVLAN connectivity means enabling communication between different VLANs through routing.
🔹 2. Why Do We Need InterVLAN Routing?
In an organization, we may have:
- VLAN 10 – Sales
- VLAN 20 – IT
- VLAN 30 – Management
If these VLANs are isolated, they cannot share files, applications, or access shared services like a server or the Internet.
So, InterVLAN routing allows controlled communication between VLANs — for example, IT and Management can communicate, while Sales can be restricted using ACLs.
🔹 3. How Does InterVLAN Communication Work?
VLANs operate at Layer 2 (Data Link layer).
To communicate between VLANs, data must be passed to a Layer 3 (Network layer) device that can route IP packets between VLANs.
That means:
- Switches forward frames inside the same VLAN.
- Routers (or Layer 3 switches) forward packets between VLANs.
🔹 4. Methods of InterVLAN Routing
There are three main methods used in networks.
You must understand all three for the CCNA exam.
A. Legacy InterVLAN Routing (Router with multiple physical interfaces)
Concept:
Each VLAN is connected to a separate physical router interface.
Example setup:
| VLAN | Router Interface | Switch Port Connection |
|---|---|---|
| VLAN 10 | G0/0 | Access port in VLAN 10 |
| VLAN 20 | G0/1 | Access port in VLAN 20 |
Each router interface:
- Is assigned an IP address that acts as the default gateway for that VLAN.
Example Configuration:
Switch:
Switch(config)# interface fastEthernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config)# interface fastEthernet0/2
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 20
Router:
Router(config)# interface gigabitEthernet0/0
Router(config-if)# ip address 192.168.10.1 255.255.255.0
Router(config)# interface gigabitEthernet0/1
Router(config-if)# ip address 192.168.20.1 255.255.255.0
✅ Works fine but not scalable — requires one router port per VLAN.
B. Router-on-a-Stick (ROAS)
This is the most common method used in small to medium networks and is important for CCNA.
Concept:
- Uses one physical interface on the router.
- That interface is divided into multiple subinterfaces — each one represents a VLAN.
- The switch port connected to the router is configured as a trunk port to carry multiple VLANs.
Example setup:
| VLAN | Subinterface | IP Address | Gateway for VLAN |
|---|---|---|---|
| VLAN 10 | G0/0.10 | 192.168.10.1 | Yes |
| VLAN 20 | G0/0.20 | 192.168.20.1 | Yes |
Configuration Steps
Step 1 – Configure the Switch
Switch(config)# interface gigabitEthernet0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20
Step 2 – Configure the Router
Router(config)# interface gigabitEthernet0/0.10
Router(config-subif)# encapsulation dot1Q 10
Router(config-subif)# ip address 192.168.10.1 255.255.255.0
Router(config)# interface gigabitEthernet0/0.20
Router(config-subif)# encapsulation dot1Q 20
Router(config-subif)# ip address 192.168.20.1 255.255.255.0
Router(config)# interface gigabitEthernet0/0
Router(config-if)# no shutdown
Now:
- VLAN 10 devices use 192.168.10.1 as their default gateway.
- VLAN 20 devices use 192.168.20.1 as their default gateway.
- Router routes traffic between the VLANs.
✅ Advantages:
- Only one router interface needed.
- Cost-effective and scalable.
✅ Disadvantages:
- The router can become a bottleneck because all VLAN traffic goes through one physical interface.
C. Layer 3 Switch InterVLAN Routing (SVI – Switched Virtual Interface)
Modern networks commonly use Layer 3 switches that can perform routing functions directly.
Concept:
- Each VLAN has a Switched Virtual Interface (SVI) — a virtual Layer 3 interface on the switch.
- The switch performs routing between VLANs internally (no external router needed).
Example setup:
| VLAN | SVI Interface | IP Address | Gateway for VLAN |
|---|---|---|---|
| VLAN 10 | interface vlan 10 | 192.168.10.1 | Yes |
| VLAN 20 | interface vlan 20 | 192.168.20.1 | Yes |
Configuration Steps:
Step 1 – Create VLANs
Switch(config)# vlan 10
Switch(config-vlan)# name HR
Switch(config)# vlan 20
Switch(config-vlan)# name IT
Step 2 – Assign ports to VLANs
Switch(config)# interface fastEthernet0/2
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config)# interface fastEthernet0/3
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 20
Step 3 – Create SVIs (virtual interfaces)
Switch(config)# interface vlan 10
Switch(config-if)# ip address 192.168.10.1 255.255.255.0
Switch(config-if)# no shutdown
Switch(config)# interface vlan 20
Switch(config-if)# ip address 192.168.20.1 255.255.255.0
Switch(config-if)# no shutdown
Step 4 – Enable IP routing on the switch
Switch(config)# ip routing
✅ Advantages:
- Very fast (routing done in hardware).
- No external router needed.
- Scalable and efficient for enterprise networks.
✅ Disadvantages:
- Requires a Layer 3 switch (more expensive than a Layer 2 switch).
🔹 5. How to Verify InterVLAN Connectivity
Use these show commands to verify configuration:
| Command | Description |
|---|---|
show vlan brief | Shows VLANs configured on the switch |
show interfaces trunk | Verifies trunk ports |
show ip interface brief | Shows interface IP status |
show interfaces | Verifies interface operational status |
ping | Tests connectivity between VLANs |
traceroute | Traces packet path between VLANs |
show ip route | Shows routing table (useful for Layer 3 switch or router) |
🔹 6. Troubleshooting Tips
If InterVLAN routing is not working:
- Check VLAN membership – Is the device in the correct VLAN?
- Check IP addressing – Each VLAN must have a unique network.
- Check default gateways – End devices must have the correct gateway (the router or SVI IP address).
- Check trunk configuration – The trunk must allow all relevant VLANs.
- Check routing – Ensure
ip routingis enabled (for Layer 3 switches). - Check for shutdown interfaces – Use
no shutdownon router/subinterfaces.
🔹 7. Summary Table
| Method | Device Type | Connection | Scalability | Common Usage |
|---|---|---|---|---|
| Legacy Routing | Router | Multiple physical interfaces | Low | Rare (old networks) |
| Router-on-a-Stick | Router | One trunk interface, subinterfaces | Medium | Small/medium networks |
| Layer 3 Switch (SVI) | Multilayer switch | Internal routing | High | Modern enterprise networks |
✅ Key Points to Remember for the CCNA Exam
- VLANs isolate traffic at Layer 2; InterVLAN routing connects them at Layer 3.
- Router-on-a-Stick uses subinterfaces with 802.1Q encapsulation.
- SVIs provide routing capability directly on Layer 3 switches.
- Always ensure:
- VLANs exist on all switches.
- Trunks are configured correctly.
- Each VLAN has a unique subnet.
- Devices have correct default gateways.
