nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

inter vlan routing #2

liven

Ok hope this is not a double post.

Last night I got (I think) the route on a stick thing working.

Here is the basic setup:

Router_A ->connected to ->switch_B

Switch B has 3 vlans.

Vlan 1 = management = .1.0/24 subnet
Vlan 5 = .2.0/24 subnet
Vlan 7 = .3.0/24 subnet

Route_A is addressed on the the .1.0/subnet
Vlan 1 is also on the same subnet

There are devices on vlans 5 and Vlans 7

Now after initially setting this up the router could ping everything. In this situation I used RIP on the router to route between the three different subnets. HOWEVER the devices on the non managment vlans (5, and 7) couldn't ping things out side of their vlan/subnet.

After some minimal routing, default gate way adjustments and assignments, every thing can communicate with everything.

So my question is:

Is this really inter vlan routing? Should the devices on the Vlans be able to communicate with each other because of the router? Or was it correct that I had to make them aware of the other subnets?

I know this is probably a beginner question, but I just want to make sure I have my head wrapped around this.

Thanks!

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

bighornsheep

Let me try and explain this. Inter-vlan wasn't making sense for me before either.
You can see this for reference.

I'm going to assume we're using dot1q encapsulation, your switch supports trunking, and your router supports dot1q trunks (ie. has a 100mb interface).

On your switch:
You setup the trunk port in your native vlan (by default, this is vlan 1)
You setup your ip default-gateway on the switch to be the ip address of the sub-interface for native vlan. If you want to be able to ping from the switch, you need to also assign an ip address to INTERFACE vlan 1 to be the same subnet as vlan 1.
Create your other vlans, and assign ports to them. I would also switch these ports to spanning-tree portfast for fasting operation.

On your router:
You can skip the native option if you assign ip for subnet in vlan to the physical interface, but I would create seperate sub-interfaces and apply native option to one of them. Make sure one of them is the trunk, and you have turned on dot1q encapsulation. Once you have created the subinterfaces, you should have a subnet for every vlan, and the router should have 1 subinterface in each of these subnets.

Workstations
Set ip addresses on workstations according to subnet/vlan they are connected to.
Assign default gateway to be the ip of the subinterface in that vlan/subnet.

Now, you should be able to ping within each subnet, and across all subnets, your router should be able to ping switch, workstations, and itself. Your switch should also be able to ping all subnets, same with your workstations.

note, intervlan-routing DOES NOT require a routing protocol, you are simply combining the functions of a router with a switch!

networker050184

You don't have to make the hosts aware of the other vlans, that is what the router is there for. Use the ip address on the sub interface (assuming you are using sub interfaces) of each vlan the gateway for the hosts. Anything not on the hosts local subnet will be sent to the router and it will route it out the correct interface. You shouldn't need to add any type of static routes. The subnets will all be directley connected. Is this a sim or real equipment? I hate sims..... When you say router A is addresed on .1.0 subnet what do you mean? Loopback interface or the sub interface?

liven

Well this is a dynampis router and a real catalyst switch.

I have 5 routers, but none of them support encapsulation on subinterfaces...... I have to have an IP address on the interface on the router that is connected to the switch. This is necessary because I wouldn't be able to communicate with real cisco gear with out this. The virtual router is dynamips running on linux. I have bridged the ethernet interface (tap/br0) and then the linux box (and my real network) can communicate with virtualized dynampisp routers.

Router A (virtual)
f0/0 192.168.1.1
f0/0.5 192.168.2.1
encapsulated dotQ1 5
f0/0.7 192.168.3.1
encapsulated dotq1 7

Switch B
port 22 trunked and connected to Router A
ip address 192.168.1.71
(this port is on vlan 1 which is management vlan)

port 23
no ip address
vlan 5

port 24
no ip address
vlan 7

Then I have devices pluged into port 23 and 24 on the switch.

From RouterA I can ping any and everything regardless of subnet and vlan.

If memory serves me correctly ( I dot this all working last night and I haven't been sleeping much) I could ping from the hosts to the other subnets, once I got the proper gateways setup. I set the hosts gateway to the ip of the sub interface on the router that the corresponding vlan is connected to.

For example a host on the 192.168.2.0/24 subnet has a default gateway of 192.168.2.1. And if I remember correctly after I did this the device could see the other subnets.

liven

Bighorn

per your description I think I got it right or pretty darn close.

The only thing left for me to try is to take the rip routing out of the picture and see what happens...

I will do this tonight.

This would have been much easier if one of my 2610s or my 3600 supported encapsulation on the sub interfaces...

I can create the sub interfaces but there is not encapsulation option available ( on my real routers)... WHich is a major frustration. I have the needed fast ethernet ports, and 3 catalyst swtiches, so the rest of the hardware is were it needs to be.

So I guess the routing protocol is not needed because all the subinterfaces are connected to one interface? So basically that interface should be able to see all networks connected to it?

networker050184

Its not the fact that they are all connected to the same interface. Its the fact that they are all connected directly to the router. If you do a sho ip route on the router you will see the subnets as connected to the appropriate interface. You only need a dynamic routing protocol or static routes when trying to reach remote (as on another router) subnets.

liven

networker050184 wrote:

Its not the fact that they are all connected to the same interface. Its the fact that they are all connected directly to the router. If you do a sho ip route on the router you will see the subnets as connected to the appropriate interface. You only need a dynamic routing protocol or static routes when trying to reach remote (as on another router) subnets.

ah this makes sense,

last night when I did

show ip route

I saw all three subnets. But the were all C, as in directly connected.

I ask if this seems correct, only because of the fact that I am running dynamips.

So should I see the networks on the sub interfaces as directly connected? Sorry for so many dumb questions.

networker050184

Yes they will show as connected to the sub interfaces.

liven

Cool well I think I got it then.

I am going to break what i got at home and see if I can set it up again.

I took a couple of hours last night to realize what I was doing wrong....

THanks again fellas!!!