Wednesday 16 October 2019

Inter Vlan Routing on Cisco | Routing between VLANs

Inter Vlan Routing on Cisco | Routing between VLANs 


A brief article on Inter Vlan Routing on Cisco or Routing between VLANs and sometimes know as router-on-a-stick routing. If you want to know what is Vlan and how to configure these vlans on Cisco Router, you can visit here.

Table of Contents

1. What is routing between VLANs?
2. Routing configuration between old VLAN
3. Configure a router on stick routing between VLANs

1. What is routing between VLANs?

VLANs are used to segment switched networks. Layer 2 switches, such as those of the Catalyst 2960 series, can be configured with more than 4000 VLANs. A VLAN is a broadcast domain , so computers in separate VLANs cannot communicate without the intervention of a routing device. Layer 2 switches have very limited functionality in IPv4 and IPv6, and cannot perform the dynamic routing functions of routers. While Layer 2 switches are increasingly acquiring IP functionality, such as the ability to perform static routing, this is not enough to address this large number of VLANs.
Any device that supports Layer 3 routing, such as a router or multilayer switch, can be used to achieve the necessary routing functionality. Regardless of the device used, the process of forwarding network traffic from one VLAN to another through routing is known as “routing between VLANs”.
There are three options for routing between VLANs:
  1. Routing between old VLAN
  2. Router on stick
  3. Layer 3 switching using SVIs

ROUTING BETWEEN OLD VLAN

Historically, the first solution for routing between VLANs used routers with several physical interfaces. It was necessary to connect each interface to a separate network and configure it for a different subnet.
In this old approach, routing between VLANs is done by connecting different physical interfaces of the router to different physical switch ports. The switch ports connected to the router are placed in access mode, and each physical interface is assigned to a different VLAN. Each router interface can then accept traffic from the VLAN associated with the switch interface that is connected and traffic can be routed to other VLANs connected to other interfaces.

THE EXAMPLE ROUTING BETWEEN OLD VLAN IS DESCRIBED 

  • PC1 in VLAN 10 communicates with PC3 in VLAN 30 through router R1.
  • PC1 and PC3 are on different VLANs and have IPv4 addresses on different subnets.
  • Router R1 has a separate interface configured for each of the VLANs.
  • PC1 sends the unicast traffic destined for PC3 to switch S2 on VLAN 10, from which it is then forwarded by the trunk interface to switch S1.
  • Switch S1 then forwards the unicast traffic through its F0 / 3 interface to the G0 / 0 interface of router R1.
  • The router routes unicast traffic through the G0 / 1 interface, which is connected to VLAN 30.
  • The router forwards unicast traffic to switch S1 on VLAN 30.
  • The switch S1 then forwards the unicast traffic to the switch S2 through the active trunk link, after which the switch S2 can forward the unicast traffic to the PC3 in the VLAN 30.
In this example, the router was configured with two separate physical interfaces to interact with the different VLANs and perform routing.

ROUTING BETWEEN VLANS WITH ROUTER-ON-A-STICK

Unlike routing between old VLANs, which requires several physical interfaces, both on the router and on the switch, the most common and current implementations of routing between VLANs do not have those requirements. Instead, some router softwares allow you to configure a router interface as a trunk link, which means that only one physical interface is necessary on the router and on the switch to route packets between several VLANs.
" Router-on-a-stick " is a type of router configuration in which a single physical interface routes traffic between several VLANs in a network. As can be seen in the illustration, the router is connected to switch S1 through a single physical network connection (a trunk link).
The router interface is configured to function as a trunk link and connects to a switch port configured in trunk mode. To perform routing between VLANs, the router accepts traffic with VLAN tags from the adjacent switch on the trunk interface and then routes it internally between the VLANs, using subinterfaces. The router forwards the routed traffic with VLAN tags to the destination VLAN through the same physical interface used to receive the traffic.
Subinterfaces are software-based virtual interfaces, associated with a single physical interface; they are configured in software on a router, and each subinterface is configured independently with an IP address and a VLAN assignment. Subinterfaces are configured for different subnets that correspond to your VLAN assignment to facilitate logical routing. After a routing decision is made according to the destination VLAN, the data frames receive VLAN tags and are sent back through the physical interface.

THE ROUTER-ON-A-STICK EXAMPLE IS DESCRIBED (IMAGE)

  • PC1 in VLAN 10 communicates with PC3 in VLAN 30 through router R1 through a single physical interface of the router.
  • PC1 sends unicast traffic to switch S2.
  • Then, switch S2 labels unicast traffic as originating in VLAN 10 and forwards it over the trunk link to switch S1.
  • Switch S1 forwards the traffic tagged by the other trunk interface on port F0 / 3 to the interface on router R1.
  • Router R1 accepts unicast traffic tagged on VLAN 10 and routes it to VLAN 30 through its configured subinterfaces.
  • Unicast traffic is tagged with VLAN 30 while sending through the router interface to switch S1.
  • Switch S1 forwards unicast traffic labeled by the other trunk link to switch S2.
  • Switch S2 removes the VLAN tag from the unicast frame and forwards the frame to PC3 on port F0 / 23.

2. Routing configuration between old VLAN

Routing between old VLANs requires that routers have multiple physical interfaces. The router performs routing by connecting each of its physical interfaces to a single VLAN. In addition, each interface is configured with an IPv4 address for the subnet associated with the specific VLAN to which it is connected. By configuring IPv4 addresses on the physical interfaces, network devices connected to each of the VLANs can communicate with the router through the physical interface connected to the same VLAN. In this configuration the network devices can use the router as a gateway to access the devices connected to the other VLANs.
The routing process requires the source device to determine if the destination device is local or remote from the local subnet. The source device makes this determination by comparing the source and destination IPv4 addresses with the subnet mask. Once it is determined that the destination IPv4 address is on a remote network, the source device must identify where it needs to forward the packet to reach the destination device. The source device examines the local routing table to determine where it is necessary to send the data. The devices use their default gateways as a Layer 2 destination for all traffic that the local subnet must leave.

PREPARATION

Once the source device determines that the packet must travel through the local router interface on the connected VLAN, it sends an ARP request to determine the MAC address of the local router interface. Once the router sends its ARP response to the source device, it can use the MAC address to finalize the packet framing before sending it to the network as unicast traffic.
Since the Ethernet frame has the destination MAC address of the router interface, the switch knows exactly to which port of the switch to forward the unicast traffic to reach the router interface of that VLAN. When the frame reaches the router, the router removes the information from the source and destination MAC address to examine the destination IPv4 address of the packet. The router compares the destination address with the entries in the routing table to determine where it is necessary to forward the data to reach the final destination. If the router determines that the destination network is a locally connected network, as would be the case with VLAN routing, it sends an ARP request through the interface that is physically connected to the destination VLAN. The destination device responds to the router with the MAC address, which then uses the router to pack the packet. The router sends unicast traffic to the switch, which forwards it through the port where the destination device is connected.
Although there are many steps in the VLAN routing process, when two devices in different VLANs communicate through a router, the entire process takes place in a fraction of a second.

SWITCH CONFIGURATION

To configure routing between old VLANs, start with the switch configuration.

As shown in Image 4, router R1 is connected to switch ports F0 / 4 and F0 / 5, which were configured for VLANs 10 and 30 respectively.
Use the global configuration command  vlan  vlan_id  to create the VLANs. In this example, VLANs 10 and 30 were created on switch S1.

S1 (config) # vlan 10
S1 (config-vlan) # vlan 30
S1 (config-vlan) # interface f0 / 11
S1 (config-if) # switchport access vlan 10
S1 (config-if) # interface f0 / 4
S1 (config-if) # switchport access vlan 10
S1 (config-if) # interface f0 / 6
S1 (config-if) # switchport access vlan 30
S1 (config-if) # interface f0 / 5
S1 (config-if) # switchport access vlan 30
S1 (config-if) # end </div>
* Mar 20 01: 22: 56.751:% SYS-5-CONFIG_I: Configured 
from console by console
S1 # copy running-config startup-config
Destination filename [startup-config]? 
Building configuration ...
[OKAY]
Once the VLANs are created, the switch ports are assigned to the appropriate VLANs. The switchport access vlan  id_de_vlan  command  is executed from the interface configuration mode on the switch for each interface to which the router is connected.
In this example, the F0 / 4 and F0 / 11 interfaces were assigned to VLAN 10 with the switchport access vlan 10 command  . The same process was used to assign interface F0 / 5 and F0 / 6 on switch S1 to VLAN 30.
Finally, to protect the configuration and not lose it after a reload of the switch, the copy running-config startup-config command is executed   to save a backup copy of the running configuration in the startup configuration.

ROUTER INTERFACE CONFIGURATION

You can then configure the router to perform routing between VLANs.
Router interfaces are configured similarly to VLAN interfaces on switches. To configure a specific interface, enter interface configuration mode from global configuration mode.

R1 (config) # interface g0 / 0 
R1 (config-if) # ip address 172.17.10.1 255.255.255.0 
R1 (config-if) # no shutdown
* Mar 20 01: 42: 12.951:% LINK-3-UPDOWN: Interface 
GigabitEthernet0 / 0, changed state to up
* Mar 20 01: 42: 13.951:% LINEPROTO-5-UPDOWN: Line protocol on
Interface GigabitEthernet0 / 0, changed state to up
R1 (config-if) # interface g0 / 1 
R1 (config-if) # ip address 172.17.30.1 255.255.255.0 
R1 (config-if) # no shutdown
* Mar 20 01: 42: 54.951:% LINK-3-UPDOWN: Interface 
GigabitEthernet0 / 1, changed state to up
* Mar 20 01: 42: 55.951:% LINEPROTO-5-UPDOWN: Line protocol on
Interface GigabitEthernet0 / 1, changed state to up
R1 (config-if) # end 
R1 # copy running-config startup-config
As shown in the example, the G0 / 0 interface was configured with IPv4 address 172.17.10.1 and subnet mask 255.255.255.0 using theip address command  172.17.10.1 255.255.255.0 .
Router interfaces are disabled by default and must be enabled with the command no shutdown before using them. After the command is issued no shutdown In the interface configuration mode, a notification is displayed indicating that the status of the interface changed to active (up). This indicates that the interface is now enabled.
The process is repeated for all router interfaces. It is necessary to assign each router interface to a single subnet for routing to occur. In this example, the other router interface, G0 / 1, was configured to use IPv4 address 172.17.30.1, which is located on a different subnet than the G0 / 0 interface.
Once the IPv4 addresses are assigned to the physical interfaces and the interfaces are enabled, the router is capable of routing between VLANs.

EXAMINE THE ROUTING TABLE USING SHOW IP ROUTE.

Next, it is shown that there are two visible routes in the routing table. One route is the 172.17.10.0 subnet, which is connected to the local G0 / 0 interface. The other route is the 172.17.30.0 subnet, which is connected to the local G0 / 1 interface. The router uses the routing table to determine where to send the traffic it receives. For example: if the router receives a packet in the G0 / 0 interface destined for the 172.17.30.0 subnet, the router will identify that it must send the packet through the G0 / 1 interface to reach the hosts in the 172.17.30.0 subnet.

R1 # show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile,
 B - BGP, D - EIGRP, EX - EIGRP external, O - OSPF,
 IA - OSPF inter area, N1 - OSPF NSSA external type 1,
 N2 - OSPF NSSA external type 2, E1 - OSPF external type 1,
 E2 - OSPF external type 2, i - IS-IS, su - IS-IS summary,
 L1 - IS-IS level-1, L2 - IS-IS level-2,
 ia - IS-IS inter area, * - candidate default,
 U - per-user static route, or - ODR,
 P - periodic downloaded static route, H - NHRP, l - LISP,
 + - replicated route,% - next hop override

Gateway of last resort is not set

172.17.0.0/16 is variably subnetted, 4 subnets, 2 masks
C 172.17.10.0/24 is directly connected, GigabitEthernet0 / 0 
L 172.17.10.1/32 is directly connected, GigabitEthernet0 / 0 
C 172.17.30.0/24 is directly connected, GigabitEthernet0 / 1 
L 172.17.30.1/32 is directly connected, GigabitEthernet0 /one
Look at the letter C  to the left of each of the route entries for the VLANs. This letter indicates that the route is local to a connected interface, which is also identified in the route entry.


3. Configure a router on stick routing between VLANs

Routing between old VLANs with physical interfaces has an important limitation. Routers have a limited number of physical interfaces to connect to different VLANs. As the amount of VLAN in a network increases, having a physical router interface over VLAN quickly depletes the physical interface capability of a router. An alternative in larger networks is to use subinterfaces and VLAN trunks. VLAN trunks allow a single physical router interface to route traffic from several VLANs. This technique is called " router-on-a-stick " and uses virtual subinterfaces on the router to overcome the limitations of physical hardware interfaces.
Subinterfaces are software-based virtual interfaces assigned to physical interfaces. Each subinterface is configured independently with its own IP address and prefix length. This allows a single physical interface to be part of several logical networks simultaneously.

How to configure router on Stick 

When configuring inter VLAN routing using the router-on-a-stick model, the router's physical interface must be connected to the trunk link on the adjacent switch. On the router, subinterfaces are created for each unique VLAN in the network. Each subinterface is assigned a specific IP address for its subnet / VLAN and is also configured to tag the frames for that VLAN. That way, the router can keep traffic from each subinterface separate as it traverses the trunk link to the switch.
In terms of operation, using the router-on-a-stick model is the same as using the old VLAN routing model, but instead of using the physical interfaces to perform the routing, the subinterfaces of a single physical interface are used .
The use of trunks and subinterfaces decreases the amount of switch and router ports that are used. This not only allows money savings but also reduces the complexity of the configuration. As a consequence, the router's subinterface approach can be extended to a much higher number of VLANs than a configuration with a physical interface per VLAN design.

SWITCH CONFIGURATION

To enable VLAN routing using the router-on-a stick method, start by enabling the trunk link on the switch port that is connected to the router.

In Image, router R1 is connected to switch S1 on trunk link port F0 / 5. VLANs 10 and 30 were added to switch S1.
S1 (config) # vlan 10
S1 (config-vlan) # vlan 30
S1 (config-vlan) # interface f0 / 5
S1 (config-if) # switchport mode trunk
S1 (config-if) # end
S1 #
Because the F0 / 5 switch port is configured as a trunk link port, it does not need to be assigned to any VLAN. To configure the F0 / 5 switch port as a trunk port, run the switchport mode trunk command in interface configuration mode for port F0 / 5.

ROUTER SUBINTERFACE CONFIGURATION

When a router-on-a-stick configuration is used, the router configuration is different compared to routing between old VLANs. Next, it is shown that there are several subinterfaces configured.

R1 (config) # interface g0 / 0.10
R1 (config-subif) # encapsulation dot1q 10
R1 (config-subif) # ip address 172.17.10.1 255.255.255.0
R1 (config-subif) # interface g0 / 0.30
R1 (config-subif) # encapsulation dot1q 30
R1 (config-subif) # ip address 172.17.30.1 255.255.255.0
R1 (config) # interface g0 / 0
R1 (config-if) # no shutdown
* Mar 20 00: 20: 59.299:% LINK-3-UPDOWN: Interface GigabitEthernet0 / 0, 
 changed state to down
* Mar 20 00: 21: 02.919:% LINK-3-UPDOWN: Interface GigabitEthernet0 / 0,
 changed state to up
* Mar 20 00: 21: 03.919:% LINEPROTO-5-UPDOWN: Line protocol on 
 Interface GigabitEthernet0 / 0, changed state to up
Each subinterface is created with the command interface  interface - ID id_subinterfaz  global command configuration mode. The syntax for the subinterface is the physical interface, in this case g0 / 0, followed by a period and a subinterface number. As shown in the figure, the GigabitEthernet0 / 0.10 subinterface is created with the global configuration mode command  interface g0 / 0.10 . The subinterface number is usually set to reflect the VLAN number.
Before assigning an IP address to a subinterface, it is necessary to configure the subinterface to work on a specific VLAN using the command encapsulation dot1q  vlan_id . In this example, subinterface G0 / 0.10 was assigned to VLAN 10.
Next, assign the IPv4 address for the subinterface using the interface configuration mode command ip address  ipaddress_network_mask  . In this example, subinterface G0 / 0.10 was assigned to IPv4 address 172.17.10.1 through ip address command  172.17.10.1 255.255.255.0 .

PROCESS FOR THE OTHER SUBINTERFACES

This process is repeated for all router subinterfaces necessary for routing between VLANs configured in the network. It is necessary to assign an IP address to each subinterface of the router in a single subnet for routing to occur. In this example, the other router subinterface (G0 / 0.30) was configured with IPv4 address 172.17.30.1, which is on a different subnet than subinterface G0 / 0.10.
After enabling a physical interface, subinterfaces will be automatically enabled with the configuration. It is not necessary to enable subinterfaces with the command no shutdown at the level of the Cisco IOS software subinterface configuration mode.
If the physical interface is disabled, all subinterfaces are disabled. In this example, the command no shutdown it is entered in the interface configuration mode for the G0 / 0 interface, which in turn enables all configured subinterfaces.
Individual subinterfaces can be deactivated administratively with the shutdown command . In addition, individual subinterfaces can be enabled independently with the command no shutdown in the subinterface configuration mode.

SUBINTERFACE VERIFICATION

Cisco routers are configured by default to route traffic between local subinterfaces. Therefore, it is not necessary that routing be enabled.
The show vlan command   displays information about the Cisco IOS VLAN subinterfaces. The result shows the two VLAN subinterfaces, GigabitEthernet0 / 0.10 and GigabitEthernet0 / 0.30.

R1 # show vlan

 Virtual LAN ID: 10 (IEEE 802.1Q Encapsulation)

 vLAN Trunk Interface: GigabitEthernet0 / 0.10

 Protocols Configured: Address: Received: Transmitted:
 IP 172.17.10.1 11 18

 Virtual LAN ID: 30 (IEEE 802.1Q Encapsulation)

 vLAN Trunk Interface: GigabitEthernet0 / 0.30

 Protocols Configured: Address: Received: Transmitted:
 IP 172.17.30.1 11 8 Examine the routing table using the command show ip route . In the example, the routes defined in the routing table indicate that they are associated with specific subinterfaces, rather than separate physical interfaces. There are two routes in the routing table: one route goes to subnet 172.17.10.0, which is connected to the local subinterface G0 / 0.10; the other route goes to subnet 172.17.30.0, which is connected to the local subinterface G0 / 0.30. The router uses the routing table to determine where to send the traffic it receives. For example, if the router receives a packet in subinterface G0 / 0.10 destined for subnet 172.17.30.0, it will identify that it must send the packet through subinterface G0 / 0.30 to reach the hosts in subnet 172.17.30.0.

R1 # show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, 
 B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, 
 IA - OSPF inter area 
 N1 - OSPF NSSA external type 1, 
 N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, 
 L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, 
 U - per-user static route
 or - ODR, P - periodic downloaded static route, H - NHRP,
 l - LISP
 + - replicated route,% - next hop override

 Gateway of last resort is not set

 172.17.0.0/16 is variably subnetted, 4 subnets, 2 masks
C 172.17.10.0/24 is directly connected, GigabitEthernet0 / 0.10
L 172.17.10.1/32 is directly connected, GigabitEthernet0 / 0.10
C 172.17.30.0/24 is directly connected, GigabitEthernet0 / 0.30
L 172.17.30.1/32 is directly connected, GigabitEthernet0 / 0.30

ROUTING VERIFICATION

After configuring the router and switch to perform VLAN routing, the next step is to verify host-to-host connectivity. Access to devices in remote VLANs can be tested with the command ping.
PING TEST
The ping Send an ICMP echo request to the destination address. When a host receives an ICMP echo request, it responds with an ICMP echo response to confirm that it received that request. The ping calculates the elapsed time, for which it uses the time difference between the moment the echo request was sent and the moment the echo response was received. The elapsed time is used to determine the latency of the connection. Upon receiving a successful response, confirm that there is a route between the sending device and the receiving device.

PC1> ping 172.17.30.23
Pinging 172.17.30.23 with 32 bytes of data:
Reply from 172.17.30.23: bytes = 32 time = 17ms TTL = 127>
Reply from 172.17.30.23: bytes = 32 time = 15ms TTL = 127>
Reply from 172.17.30.23: bytes = 32 time = 18ms TTL = 127>
Reply from 172.17.30.23: bytes = 32 time = 19ms TTL = 127>

Ping statistics for 172.17.30.23:>
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 19ms, Average = 17ms
TRACERT TEST
Tracert is a practical utility used to confirm the routed route taken between two devices. On UNIX systems, the utility is specified as traceroute . Tracert also uses the ICMP to determine the route taken, but uses the ICMP echo requests with specific lifetime values ​​defined in the frame.

PC1> tracert 172.17.30.23
Tracing route to 172.17.30.23 over a maximum of 30 hops:
 9 ms 7 ms 9 ms 172.17.10.1
 16 ms 15 ms 16 ms 172.17.30.23
Trace complete.
The lifetime value accurately determines the amount of router hops that the ICMP echo can reach. The first ICMP echo request is sent with a lifetime value configured to expire on the first router on the route to the destination device.
When the ICMP echo request on the first route is exceeded, an ICMP message is forwarded from the router to the source device. The device registers the response from the router and proceeds to send another echo request from the ICMP, but this time with a longer lifetime value. This allows the ICMP echo request to traverse the first router and reach the second device on the route to the final destination. The process is repeated recursively until, finally, the ICMP echo request is sent to the final destination device. After the command is issued tracert After running, a list of the router's input interfaces reached by the ICMP echo request on its way to the destination is displayed.
In the example, the utility ping could send an ICMP echo request to the IP address of PC3. In addition, the utility tracert confirms that the path to PC3 is through the IP address of subinterface 172.17.10.1 of router R1.
on
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)