vlan routing question!

okay i was reading the sybex book and it informed me to use subinterfaces for different vlans on my switch to enable routing between the vlans. Kewl got that! however i noticed in the CPress books it told me when using 802.1q on the trunk i need to use the actual router interface (fa 0/0) for the native vlan (vlan1) and apply the ip addy to the interface itself and not the subint (fa 0/0.1). Did i read correctly? is this a conflict between the books?

Does the interface command work for a vlan as well as the subinterfaces? Essentailly can i apply an ip for vlan 1 (or any i guess) to the actual interface (fa 0/0) and then continue to use the subinterfaces (fa 0/0.1) for the next vlan?

I hope you can understand these questions

Thanks

john

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

rakem

If you want to route between VLAN's using either Dot1q or ISL you should create subinterfaces which will have IP addresses assinged to the subintface for each different VLAN.

You shouldnt assign a IP address to the main interface. Dot1q does use the native VLAN concecpt so native vlan frames do not get tagged.

jbkm

I'm going to have to re-read the CPress book and see if i misinterpreted it or something. Native Vlan doesn't get tagged so does that mean the Subinterface you use for it will not have either ISL or DOT1Q under its config? I'd imagine if it was looking for the trunk info and it wasn't there then there would be errors right? especially with ISL since it completely re-encaps the frame?

Thanks for the timely responce!

computerguy9355

They have a funny term for that, called "Router-On-A-Stick"

Anyway, that book is completely wrong. Yes you NEED to configure the trunking protocol (ISL, Dot1Q) under each of the subinterfaces. You would need to set the router's FA interface to 100mbps and configure dot1q under each of the subinterfaces for each VLANS.

Do not use ISL whenever you configure Router-On-A-Stick tho. Most of the new Cisco switches no longer support ISL. In other words, they are being phrased out. So just so you know.

mp3spy

rakem wrote:

If you want to route between VLAN's using either Dot1q or ISL you should create subinterfaces which will have IP addresses assinged to the subintface for each different VLAN.

You shouldnt assign a IP address tothe main interface. Dot1q does use the native VLAN concecpt so native vlan frames do not get tagged.

I agree with this. Correct me if I'm wrong....Essentially each sub interface address is the corresonding VLAN's gateway. All workstations on that specified VLAN will utilize this address to get to the router interface And of course you need to enable .1q for each sub int.

computerguy9355

mp3spy wrote:

rakem wrote:

If you want to route between VLAN's using either Dot1q or ISL you should create subinterfaces which will have IP addresses assinged to the subintface for each different VLAN.

You shouldnt assign a IP address tothe main interface. Dot1q does use the native VLAN concecpt so native vlan frames do not get tagged.

I agree with this. Correct me if I'm wrong....Essentially each sub interface address is the corresonding VLAN's gateway. All workstations on that specified VLAN will utilize this address to get to the router interface And of course you need to enable .1q for each sub int.

That is correct.

hectorjhrdz

you'll experiment problems if you set an ip address at the main interface. the addrs only are set at the sub-if, if not trunking will be not performed

Danman32

But I do understand his question, and I wonder the same thing.
dot1q supports untagged frames, and will automatically assign that frame to the native vlan. That's great for the switch, but how does the router deal with that? Granted, non-tagged packets won't happen if the only connection is between the trunked port of the switch and the router. Untagged packets only occur if you had a hub attached to the trunked port, and hosts that knew nothing about trunking connected to the hub.

viper75

computerguy9355 wrote:

mp3spy wrote:

rakem wrote:

If you want to route between VLAN's using either Dot1q or ISL you should create subinterfaces which will have IP addresses assinged to the subintface for each different VLAN.

You shouldnt assign a IP address tothe main interface. Dot1q does use the native VLAN concecpt so native vlan frames do not get tagged.

I agree with this. Correct me if I'm wrong....Essentially each sub interface address is the corresonding VLAN's gateway. All workstations on that specified VLAN will utilize this address to get to the router interface And of course you need to enable .1q for each sub int.

That is correct.

Here's a part of the config on my L3 3550 switch. I am doing InterVlan routing:

interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
!
interface Vlan130
ip address 192.168.130.1 255.255.255.0
!
interface Vlan200
description Connection to MAIN LAN <---This is my Native Vlan.
ip address 192.168.200.2 255.255.255.0

The switch provides DHCP for VLAN's 10, 20, 30, and 130.

ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server x.x.x.x x.x.x.x
!
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server x.x.x.x x.x.x.x
!
ip dhcp pool vlan30
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server x.x.x.x x.x.x.x
!
ip dhcp pool vlan130
network 192.168.130.0 255.255.255.0
default-router 192.168.130.1
dns-server x.x.x.x x.x.x.x

This connects to another 3650 via fiber. Fiber ports are trunked ISL.

interface GigabitEthernet0/1
description Connection to 3650_Lab
switchport trunk encapsulation isl
switchport mode trunk
channel-group 1 mode on

InterVlan routing accurs between 2x 2900XL, 1x 3650(L3) and 1x 3550(L3) and a 831 Router.