CCNA Video: Inter-VLAN Routing

Hi, and welcome to this CertificationKits CCNA Training video on Inter VLAN Routing.  We are going to be talking about what a VLAN is, why we need a router in the first place, how we configure Inter VLAN Routing, Cisco calls it router on a stick, I did not make that up myself, and troubleshooting Inter VLAN Routing.

Let’s go in and talk about what a VLAN is a little bit further from a CCNA perspective.  So here is a switch and I have created some VLANs on it on the slide anyway.  It’s not a real switch, just a drawing of a switch.  We have got VLAN1 which is the management VLAN and that’s where the IP address of the switch is in existence and then I have put ports 1 through 4 so we have got VLAN2, and it’s the blue VLAN, and we have got ports 1 through 4 in VLAN2.  We have got VLAN3 which is the red VLAN and that’s got ports 5, 6, 7, 8 and 9.  And we have VLAN4 which is the green VLAN, notice the color coding going on here and ports 10, 11 and 12 are on VLAN4.  Now what a VLAN is and I talk about it in the VLAN slide, or VLAN video, is a broadcast domain.  So what that means is if computer B1 sends out a broadcast message, the switch will only forward that broadcast message to the other computers within the blue VLAN.  It will not allow traffic to pass from the blue VLAN to the red VLAN.

So all computers in their respective VLANs can talk to each other but their switch will not allow any communication between VLANs.  The only way we are going to be able to get some communication between the VLANs is by routing in between the VLANs.  So what we need to do is we have to get a router, here is a very realistic picture of a router, with an interface in each VLAN.  So we can do a router with an interface in each VLAN.  And what we could do is a few different ways, while there are a couple of different ways we can do this without a layer3 switch.  Some switches have the ability to be a router and a switch.  CCNA focuses on a switch that just does switching.  It’s not a router and a switch, it only does layer2 function, no routing.

Theoretically, I can have a router with an Ethernet0, an Ethernet1 and an Ethernet2 interface and maybe have an extra interface here in each VLAN and plug each one of these Ethernet interfaces on the router into a port on the switch that’s a part of each VLAN.  And so what would happen is this computer would have this gateway and red computers would have this as a gateway, blue computers would have that as a gateway, so if they want to talk to each other, they would send to their gateway, router would look at the IP and determine which interface to send it out of and that would perfectly fine.  The only thing is we would have to have a router with multiple Ethernet interfaces, and it’s not totally necessary.  We can configure what’s called a sub interface on a fast Ethernet port.  Let’s take a look at what the heck I mean by that.

I have drawn up another CCNA slide and I put another interface on there, interface 13 and it has a connection, this is just a cable right here, to interface FA00 on a router.  It’s a fast Ethernet interface.  Now, all these right here, this .1 .2 .3 .4, this whole thing is fast Ethernet 00.  These are what are called sub interfaces and I will show you how to configure those.  What happens is we assign .1 sub interface to VLAN1 and we would put an appropriate IP address there, .2 interface to VLAN2, .3 interface to VLAN3 and .4 interface to VLAN 4.  Let me throw some color in there so we can see what interface goes with what VLAN a little bit more easily.  So there is VLAN1.  Here is VLAN2 blue that’s VLAN2’s gateway or sub interface, here is VLAN3 sub interface, the red VLAN and VLAN4, the green VLAN.  So each sub interface here is associated with a particular VLAN.  What we would need to do is we would have to have an IP address and scheme that function appropriately with the way we have our VLANs laid out.  So VLAN1 might be 20.1.0.0.  And VLAN2 the blue VLAN might have a sub net of 20.2.0.0, just to make it easy, VLAN3 20.3.0.0 and VLAN4 20.4.0.0.

The router needs to have separate IP or separate subnets for each broadcast domain so it can actually route in between these broadcast domains.  Every broadcast domain needs to have a different subnet address.  That’s the only way the router knows if a packet needs to go out of sub interface1, sub interface2 or 3 or 4 is because the subnet address tells the router which interface a particular IP address is going to need to go out of.  So this IP address on the .1 interface here would be 20.1.0 and I could put .1.  For the .2 interface, I could put 20.2.0.1, 20.3.0.1, 20.4.0.1 down here and then each computer would need to have an IP address appropriate for the subnet that it’s in.

I am going to go into the CCNA simulator and we are going to set this up.  I go in and assign all the IPs to the computers even though I am not going to throw 12 of them in there and we will take a look at what we have to do to the router to get this to function appropriately and have communication passed back and forth between the VLANs.  So let me bring up my CCNA simulator.  Here is my trusty simulator.  I have gone in and let’s take a look at the switch.  I will do a show run config.  Again, I just type show run because I am lazy and I can see that fast Ethernet 01 port 1 on the switch is a part of VLAN2 which is the blue VLAN.  Port 2 is a part of VLAN3 which is the red VLAN and port 3 is a part of VLAN4 which is the green VLAN.  I have also configured an IP address on the switch to be a part of the management VLAN which is VLAN1.  If I do a show VLAN, I can see that I have VLAN1 which is the default and all the ports running as well as the switch IP which is an interface VLAN and I created a number 2 VLAN called blue and number 3 VLAN called red, number 4 VLAN called green.

Port 1 again, VLAN2, Port 2 is in VLAN3, Port 3 is in VLAN4 and I have plugged the corresponding computers in the appropriate ports.  Now I have also gone in and configured the router, not fully configured the router but I have gone in, given the router a name and left the interface blank because that’s where we are going to be going in and configuring.  So I guess I haven’t configured it too much yet.  The computers, PC blue, I have gone in and configured an IP address with this command 20.2.0.2 and this guy has an IP address it’s 20.3.0.2 for that appropriate VLAN and PC green has an 20.4.0.0 that’s inappropriate, 20.4.0.2 IP address.  And let’s take a look at what we are going to do to the router real quick in my CCNA slide.

I have redone my CCNA side here to show us what’s going on exactly.  Here is the switch, here is router Palaestra1 and this is the way it’s cabled.  Port 12 on the switch is connected to Port FA00 on the router.  This stuff does not exist yet.  So it connects directly to portFA000.  This is simply a cable here.  It’s just a really thick cable.  Now I have a PC and that’s the blue PC.  I went in and showed you the IP address 20.2.0.2 and it plugs into port 1 on the switch that port is a part of the blue VLAN.  The red PC 20.3.0.2 plugs into port 2 which is part of the red VLAN.  24.0.2 which I had to fix just now because I mistyped is a part of the green VLAN and that’s plugged into port 3.  What we are going to be doing is we are going to be turning on trunking.  And if you can remember from the VLAN video, trunking tells the switch to encapsulate the packet or frame I should say with VLAN tag headers and again, we can use ISL or 802.1Q if we are using ISL, it says hey, this package is a part of VLAN1 or if it’s a part of VLAN2, it will say hey this package is a part of VLAN2.  Whatever the case, we have to turn trunking on, on the switch and on the router.  We have to tell the router how to listen to the trunking information and repackage it appropriately.

So what’s going to happen when PC blue wants to talk to PC red, it can’t just go through the switch right here and loop back around, it’s got to go through the router.  We will type in just let’s say we do a ping.  We type in ping 20.3.0.2.  What’s going to happen with this machinery here; what’s it going to do?  First thing it’s going to do is it’s going to look at this IP address and compare it to a subnet mask and realize that the subnet that that machine is on is on the 20.3 subnet, not the 22 subnet.  So what does he do when the machine is not local to a subnet, he is going to send it to his gateway.  Now what we are going to have to do on the router is we are going to have to configure a gateway for each one of the machines, basically for each VLAN or each broadcast.  I mean there will be a .1 sub interface and what it is, is we actually chop FA00 here up into four parts.  Each part acts like a separate physical interface.  We can configure it with an IP and everything.

So PC blue’s gateway is going to be 20.2.0.1 and it’s going to be part of the blue VLAN.  So what happens is he sends it to his gateway.  So it goes here, goes through switch and then the switch is going to send it over to the router.  But before he does, he would throw some packaging on the information there.  It says, hey, here is my package, it’s going to the gateway which is a MAC address of the router here but there is trunking turned on, on this interface so I have to tell the device what VLAN this is a part of; this package is a part of VLAN2.  CRC stuff at the back here fully encapsulates it, sends it out.  The router sees this VLAN2 information, goes okay, that’s got to go in through this sub interface right here, pulls it in through this sub interface.  Then he goes in and strips that information off, looks at his Mac address, strips that information off and gets to the IP address information on the inside, gets rid of all this extra junk, gets the IP information.  And he sees that 20.3.0.2 IP is a part of the red VLAN 23.02 and he will actually have a full routing table here and it will say 20.3 subnet, that’s got to go out of interface FA0/0.3.  And so he will go okay that’s got to go out of this interface.

So will package it up again in layer 2, he will get this machine’s Mac address and put it in there so it’s all packaged up ready to go and he goes oh wait, this is a trunk, I also have to tell the switch that’s going to receive this what VLAN it’s a part of.  And so he knows now that VLAN, the red VLAN is VLAN3 so he will put VLAN3 on there, package it up fully and send it out to the switch.  The switch gets it, says oh this is VLAN3 traffic, strips that information off, looks at the layer2 frame, goes oh that’s got to go out Port 2, sends it to the switch.  So a bunch of extra stuff has to happen here for this to function.  Let’s go in and configure it on the switch and on the router.  All we have to do to the switch is turn trunking on right here and then on the router we have got to create 4 sub interfaces and make sure that they are trunking appropriately.  Let me bring up that simulator.

I have my CCNA simulator up here and on the switch so far I have pre-configured it.  If I do a show running configuration, I can see that interface1 is a part of VLAN2 which is the blue VLAN, Interface2 is a part of VLAN3 which is red VLAN, interface3 is a part of VLAN4 which is the green VLAN.  I have also configured an IP address for VLAN1 on the switch.  Remember the switches IP can be in VLAN1 and that IP address is 20.1.0.1 for the switch.  And I have created VLAN2, VLAN3 and VLAN4.  The computers are plugged into the appropriate ports and I have given the IP address of the blue machine 20.2.0.1 and actually I want that to be 20.2.0.2 because the gateway is going to be .1 so I just changed that.  Red machine has an IP address of 20.3.0.2, green machine has an IP address of 20.4.0.02 and the sub interfaces on the routers which will be their gateways will be .1 addresses instead of .2.

So the first thing I want to do is I want to go to the switch interface that’s plugged into the router.  If I do a show run again, I can see that interface FA012 has no configuration on it and that’s the one that connects to the router.  I need to go in and turn trunking on.  If I wanted to verify that that’s the interface that’s plugged into the router, I could do show CDP neighbors and right now the router is probably not turned on so it’s not showing up.  But if the router was turned on and I hadn’t turned trunking on yet I could do show CDP neighbor and verify that that’s the connection.  I happen to know that’s the connection because I just set it up that way.  So we are going to go in interface FA0/12 and we are going to turn this into a trunk, meaning before it sends any information out of this interface, it’s going to put some VLAN information, add it on to that particular package.  So we are going to go switch port mode trunk, and turn the trunk On.  So the trunk is now on.

If I do show interfaces trunk, I can look at that information.  And it’s showing me here, here is my trunk, FA0/12 is a trunk, it’s allowing all the VLANs 1 through 4094, here are the ones that are actually functioning 2, 3 and 4 and the encapsulation is 802.1Q, not the Cisco proprietary ISL.  So the way it’s putting the VLAN information on there is using the 802.1Q set of rules.  That means when I go to the router, I have to make sure that the router uses the same set of rules.  If I use something different, it wouldn’t function.  So all we have to do now is go to the router and configure the sub interfaces on the router.

If I do a show run, I can see that fast Ethernet is 00, no IP address, switch is good, it’s showing us fast Ethernet speed, and it’s shutdown.  We need to go turn that on.  So let’s go in and interface FA0/0, no shut, and I want to configure the sub interfaces.  You don’t see sub interfaces in here right now.  All I have to do is go interface FA0/0.1 and notice, it creates the sub interface and takes me to configure the sub interface, all with that one command.  So now that I am at the sub interface, I want to go in and configure it.  Encapsulation command, and here is where I specify I could do ISL, which is Cisco Proprietary, but we are going to be using .11 because I have to match what the switch is using.  So I go .1q and then I have to say hey this is going to be a sign associated with VLAN1 so interface Fa0/0 is a part of VLAN1.  IP address 20.1.0.1 that’s the gateway for the switch.

Now I will go back to Fa0/0.2 now and I created another sub interface.  This is going to be associated with VLAN2 and I will go in and give this an IP address of 20.2.0.1 and that’s for the blue VLAN.  Same thing, I can use my up-arrow to bring up my previous command or Ctrl P, makes it real easy for me to go in and configure this.  Interface Fa0.3 is associated with VLAN3.  Specify the IP address of 20.3.0.1 and configure the last sub interface for VLAN4 with the appropriate the gateway IP address of 20.4.0.1.  Show run, check it out, I see everything there.  So I can see that interface fa0/0.1 is associated with VLAN1 and has this particular IP address.  So that looks good and I can see it's appropriate for every sub interface.  It’s very important to verify the IPs, verify to make sure the appropriate VLAN is associated with the right interface, otherwise it's not going to be able to communicate.

Show IP route, can’t hurt to check out my routing table, make sure I see all my subnets.  If I don’t see all my subnets in here, how is it going to route?  I do not have to put in a routing protocol now, I don’t have to do anything because since they are all directly connected subnets and IP routing is On by default, it will automatically route.  So I see 20.1 because I will do this sub interface, 20.2 subnet appropriate sub interface, 20.3 subnet and 20.4 subnet.  So I know that the routing should be functioning.  Now what I am going to do is go back to my switch and make sure that my switch can ping the router, 20.1.0.1, see if it can ping its own gateway if I have even set it there.  So I haven't actually set the switch gateway yet but I am only going to have to do that if I want the computers to be able to ping the switch.  I will go in and set the switches gateway right now, IP default gateway 20.1.0.1 which is the router.  And again, it can't hurt to do a show run.  I will click again, make sure I can see my gateway there, I see my IP address, it was pinging itself.  Again, very important to make sure you have got the right IPs.  If you don’t, you are going to run into problem, so pay attention to that.  Don’t make simple mistakes like the ones I make in here otherwise you are going to run into problems.  IP address 20.1.0.2, very important to check those IPs.  I see a lot of problems with IP and people not being careful as far as what IPs they are typing in.  Can I still ping my gateway 20.1.0.1?  Alright.

Now that I can ping the router and I know the switch’s IP is 20.1.0.2 I know that trunking is functioning.  If we look at our NetMap here, I can see that there is a trunk between the switch and Palaestra1 and it is working because I can ping from here to here.  If trunking wasn’t working or the ISL encapsulation or 802.1q encapsulation didn’t match then I wouldn’t be able to ping back and forth.  So I know I can ping.  Now let’s check out some computers here, PC blue, check out the IP addressing information and for instant function, I will have to set the gateways because that is not an appropriate gateway.  So as a CCNA I am going to go in and configure the gateways on these machines real quick.  I have gone in and I set the gateway on the machines and since I have a gateway set on every machine, everything is configured now, I should be able to ping from one machine to another.  So I am on, let’s go to PC Blue right here.  I am on PC blue; I should be able to ping any of the other machines.  So 20.3.0.2 which is the red PC, I should be able to ping that.  I can ping it 20.4.0.2 which is the green PC, I can ping that and I should also be able to ping the switch which is 20.1.0.2, excellent.  So I can ping throughout my network here.

So again, taking a look at this what we have done is I can ping from PC Blue to the switch, PC Red, PC Green and it's going through the VLAN motions.  Let’s go back to our diagram and do a recap to that real quick.  Here is our diagram.  We have got three machines down here with different IP addresses so here is machine 1, it's part of VLAN2, remember this is the Blue VLAN.  I am going to write Blue.  This is the Red VLAN, it's part of the Red VLAN and this is the Green VLAN, it's part of the Green VLAN.  So we have got VLAN2, VLAN3, VLAN4, appropriate IP addresses configured and the port on the switch for Port 1 is part of VLAN2 which is Blue, Port 2 part of the VLAN3 which is Red, Port 3 part of VLAN4 which is Green and that’s why I did that little color coding there.  It would help us remember what VLAN each of this is a part of.  And then on the switch we turned trunking on and that used 802.1q encapsulation.  So we did switch port mode trunk.  That’s the only thing we configured on the switch because the VLANs were already present.

Then on the router we went to Fa0/0 and we typed in .1 and created the sub interface right here and we typed encapsulation 802.1q and then 1 for VLAN1.  We did the same thing here, encapsulation 802.1q2 for VLAN2, encapsulation 802.1q3 and 4 for the appropriate VLANs.  So what we did was we associated a VLAN with each interface by typing in that encapsulation 802.1q command and then the VLAN number has nothing to do with the number of the sub interface.  This number VLAN number, number 2 does not have to match the sub interface of 2, it just makes it easier.  This could be 200 or whatever.  You can create as many sub interfaces as you want.  I have created sub interface 30,976 before just to see if I can do it, it allows me to do that.  So we associated the sub-interfaces with the VLANs and we gave them appropriate IPs, so 20.2.0.2 machine’s gateway is 20.2.0.1 IP.  And then we test connectivity.  For this machine to be able to ping the Red machine right here, it's going to have to go through the router.  It's going to get routed.

So again what happens is when this machine types ping 20.3.0.2, this Blue machine is going to go well that’s not in my subnet, that’s in the 20.3 subnet, I better send it to my gateway.  So he takes this IP package with that IP address in there and puts the routers Fa0/0 MAC address on there and sends it out.  The switch takes it and goes oh that MAC address has to go out the trunk port.  Before I send it out on the trunk port, I better put some more information on it.  This is coming from VLAN2 it tells the router.  So the router is bringing it into the interface and looks at this information, goes oh that’s got to go in through this sub interface right here and he strips that data off, reads the Mac address, strips it off, looks at the IP information and goes wow, that’s 20.3.0.0 subnet and that’s got to go out of this sub interface right here.  Okay let me repackage it up.

So it takes the IP packet, finds Red machine’s Mac address, puts the Mac address in there and then before he sends it out to the interface, puts the 802.1q information on it and it says hey this is coming from VLAN3 and it's going to VLAN3.  So the switch knows it's coming from the router sub interface that’s a part of VLAN3 and it's destined for VLAN3 so it goes in there.  Switch sees this information, goes okay that’s VLAN3.  It can only go out other ports that are part of VLAN3, strips the data off, checks the Mac address and goes hey, do I have a Mac address in my forwarding table, it's got to go out, that’s a part of one of the ports, or associated with a port that’s in VLAN3 and it goes I do, Port 2 here is associated with VLAN3 and its Mac address is associated with that port so let me send that information out.  So he sends it out.  The computer just looks for his Mac address and he sees it, opens it up, gets to the data, sends a response back.  If you will notice, all of the VLAN information is stripped off before it hits the computer.  These guys are oblivious to the fact that they are a part of a VLAN.  They do not know what a VLAN is.  They are ignorant of the fact that a VLAN exists and that they are a part of one.

Very important to remember that because if I take this computer, computer 2 and I unplug it from port 1, then I plug it into another port.  Let’s pretend that this is port 4 right here if it’s numbered in that order.  And port 4 was a part of the red VLAN, VLAN3.  This computer would no longer be in VLAN2; it would now be a part of VLAN3.  So it’s the port that the computer plugs into with static VLAN membership that determines what VLAN the machine is a part of.  Let’s go back into the CCNA simulator and use our show commands and figure out what steps we would take if we were having trouble with this Inter VLAN routing.  In my CCNA sim, if I was having trouble with this Inter VLAN routing, I wouldn’t necessarily check this in my simulator, I would have this written down somewhere, but the first thing I would check is my documentation and I would verify that the machines are plugged into the right ports and I would try to ping the gateways.  The machines couldn’t ping the gateways.  Then I would go in and figure out why they couldn’t ping the gateway.  And an area of concern would be this trunk.  If the trunk was not upright, then blue, red, green machines could not ping their gateway.

So what I would do on the switch is I would do a show interfaces trunk command and I would make sure that the trunk is on and it says it’s on.  I could even do a show interfaces fa0/12 and make sure the interface is up and the line protocol is up.  It looks good, so that’s a good sign.  So I would want to make sure if this was down or the trunk wasn’t on, we want to go and figure out why.  I can also do a show Mac address table and check to make sure that the Mac address for the computer was associated with the right port.  That’s kind of a way for me to make sure that the computer is plugged into the right interface.  If it wasn’t, it wouldn’t work.  So your cabling can be very important.

I can do a show VLAN and make sure I have the VLANs setup right and that the appropriate interface was in the appropriate VLAN.  So you have got to make sure your computer is plugged into the right port and that the interface is in the right broadcast domain.  So I can go in here, check that information out.  I can also do a show run, just check out all my configuration down here, interface VLAN1, okay the IP is good, check out my VLANs that are created.  Now it's important I think to keep the switch in interface VLAN1, something that’s separate from your computers because that way I can use that for troubleshooting purposes.  And again, since I can ping 20.1.0.1, I can ping that IP address which is the gateway, I know that that trunk is good.  If the trunk wasn’t good, I could also go over to the router, check that out.  Show run.  I usually just do a show run on the router or show interface Fa0/0 on the router to make sure the interface is up and up.  As a CCNA, I always want to check to make sure interfaces are up and up.  If they are not, it's a problem there.  Show run allows me to go in and I got to look carefully here.  If the IP is wrong, it won’t function; the machine won’t be able to ping its gateway.

Encapsulation .1q has to match the trunk on the switch.  So if I do show interfaces trunk, a switch using .1q, we have got to make sure it matches.  I have got to make sure that the sub interfaces have associated with the appropriate VLANs and again, documentation is key here and have it written down well because you want to be referring to your documentation because once it’s configured, you might not touch it for a while so that way, very important to have it well-documented so when you do have a trouble, go back in, check in with documentation, make sure everything is right, IPs, VLAN information, everything.  And also make sure your computers, sometimes people might go in, mess their computer up.  Just because their computer can’t communicate doesn’t mean the VLANs are down.  Maybe the IP problem is that the computer or the gateway IP address isn’t typed in right, things like that.  So again, very important to check everything out.  VLAN, IPs, all that, any of those things being off could cause a problem.

Let’s go back to our CCNA slide and do a recap of what we have gone over.  So we went in and configured our VLANS and we used some commands here on the switch, switch port mode trunk, turned trunking on, and again, when we did that, we did a show interfaces trunk command and made sure that the encapsulation was 802.1q, it was, made sure the trunk was on, all that.  Show Mac address table allows to do some troubleshooting, verified that the machines are plugged into the right ports.  Show VLAN allows to check out our VLANs, make sure that they are created in the right interfaces or in the right VLAN.  And then on the router, we went in and used the interface fa0/0.x, I didn’t actually type in x, I put a number there.  Again, 1234 from VLAN 1, 2, 3, 4 does not have to directly relate to the VLAN but just makes it nice.  Again, that creates the sub interface, says config subif, stands for sub interface in the router when we do that.  After we typed in interface fa0/0. whatever, we type in the command encapsulation.1q and then the VLAN number.  So that associated the appropriate VLAN what the right sub interface and then we gave it an IP address.

In this video, we have talked about Inter VLAN Routing, did a little refresh of what a VLAN was, why a router is needed again so we can have communication between those machines, we configured router on a stick and we did some troubleshooting.  I hope you have enjoyed this CertificationKits CCNA Training video on Inter VLAN Routing.