Back to Dashboard
Module 8
Inter-VLAN Routing
โ Previous Module
Next Module โ
# ๐ CCNA 200-301 - Video 8: Inter-VLAN Routing ## Deep Study Notes --- ## ๐ Learning Objectives By the end of this video, you should understand: - Why inter-VLAN routing is needed - Router-on-a-stick configuration - Layer 3 switch inter-VLAN routing (SVI) - Subinterfaces and VLAN tagging - Routing between VLANs verification - Common troubleshooting scenarios --- ## ๐ง Core Concepts ### 1. The Problem: VLAN Isolation **Recall:** VLANs create separate broadcast domains and isolate traffic for security and performance. However, this isolation means devices in different VLANs cannot communicate by default. **Analogy:** Think of VLANs like separate buildings on a university campus. Students in the Engineering building (VLAN 10) and Business building (VLAN 20) cannot talk to each other unless there's a pathway (router) connecting the buildings. ``` โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ NO INTER-VLAN ROUTING โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ VLAN 10 (Engineering) VLAN 20 (Business) โ โ โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ โ โ โ PC1 โ โ PC2 โ โ โ โ 192.168.10.2 โ โ 192.168.20.2 โ โ โ โ โ โ โ โ โ โโโโโโโโโโฌโโโโโโโโโ โโโโโโโโโโฌโโโโโโโโโ โ โ โ โ โ โ โโโโโโโโโโผโโโโโโโโโ โโโโโโโโโโผโโโโโโโโโ โ โ โ Switch A โ โ Switch B โ โ โ โ VLAN 10 โ โ VLAN 20 โ โ โ โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ โ โ โ โ PROBLEM: PC1 (10.10.10.2) cannot ping PC2 (10.20.20.2) โ โ No router exists to forward traffic between VLANs โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ ``` **Solution:** Inter-VLAN routing allows communication between different VLANs using a router or Layer 3 switch. --- ### 2. Inter-VLAN Routing Methods | Method | Description | Best For | Complexity | |--------|-------------|----------|------------| | **Legacy (Multiple Interfaces)** | Each VLAN has dedicated router interface | Small networks (2-3 VLANs) | Low | | **Router-on-a-Stick** | Single router interface with subinterfaces | Medium networks, limited router ports | Medium | | **Layer 3 Switch (SVI)** | Switch Virtual Interfaces on Layer 3 switch | Large networks, high performance | Medium-High | --- ### 3. Method 1: Legacy Inter-VLAN Routing **Concept:** Each VLAN connects to a dedicated physical router interface. ``` โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ LEGACY INTER-VLAN ROUTING โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ โโโโโโโโโโโโโโโ โ โ โ Router โ โ โ โ โ โ โ Fa0/0 โโโโโค โโโโโ Fa0/1 โ โ 10.10.10.1 โ โ 10.20.20.1 โ โ โโโโโโโโโโโโโโโ โ โ โ โ โ โโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโ โ โ โ โ โ โ โ โผ โ โผ โ โ โโโโโโโโโโโโโโโ โ โโโโโโโโโโโโโโโ โ โ โ Switch A โ โ โ Switch B โ โ โ โ VLAN 10 โ โ โ VLAN 20 โ โ โ โโโโโโโโโโโโโโโ โ โโโโโโโโโโโโโโโ โ โ โ โ โ โ โ โผ โ โผ โ โ โโโโโโโโโโโโโโโ โ โโโโโโโโโโโโโโโ โ โ โ PC1 โ โ โ PC2 โ โ โ โ10.10.10.2 โ โ โ10.20.20.2 โ โ โ โโโโโโโโโโโโโโโ โ โโโโโโโโโโโโโโโ โ โ โ โ PROS: Simple, easy to configure โ โ CONS: Consumes router ports, not scalable โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ ``` **Configuration:** ```cisco ! Router configuration Router> enable Router# configure terminal Router(config)# interface fastEthernet 0/0 Router(config-if)# ip address 192.168.10.1 255.255.255.0 Router(config-if)# no shutdown Router(config-if)# exit Router(config)# interface fastEthernet 0/1 Router(config-if)# ip address 192.168.20.1 255.255.255.0 Router(config-if)# no shutdown Router(config-if)# exit ``` --- ### 4. Method 2: Router-on-a-Stick **Definition:** Router-on-a-stick uses a single physical router interface with multiple logical subinterfaces, each assigned to a different VLAN using 802.1Q tagging. **Analogy:** Think of a single physical highway (trunk) with multiple lanes (subinterfaces). Each lane is dedicated to traffic from a specific VLAN, but they all share the same physical road. ``` โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ ROUTER-ON-A-STICK โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ Router โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ Physical Interface: Gi0/0 โ โ โ โ โโโ Subinterface: Gi0/0.10 (VLAN 10) - 192.168.10.1/24 โ โ โ โ โโโ Subinterface: Gi0/0.20 (VLAN 20) - 192.168.20.1/24 โ โ โ โ โโโ Subinterface: Gi0/0.30 (VLAN 30) - 192.168.30.1/24 โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โ โ โ Trunk (802.1Q) โ โ โผ โ โ Switch โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ Trunk Port: Gi0/24 โ โ โ โ Allowed VLANs: 10, 20, 30 โ โ โ โ โ โ โ โ Access Ports: โ โ โ โ โโโ Fa0/1 - VLAN 10 โโโโโโบ PC1 (192.168.10.2) โ โ โ โ โโโ Fa0/2 - VLAN 20 โโโโโโบ PC2 (192.168.20.2) โ โ โ โ โโโ Fa0/3 - VLAN 30 โโโโโโบ PC3 (192.168.30.2) โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ ``` **Router-on-a-Stick Configuration:** ```cisco ! ========== ROUTER CONFIGURATION ========== Router> enable Router# configure terminal Router(config)# interface gigabitEthernet 0/0 Router(config-if)# no ip address Router(config-if)# no shutdown Router(config-if)# exit ! Subinterface for VLAN 10 Router(config)# interface gigabitEthernet 0/0.10 Router(config-subif)# encapsulation dot1Q 10 Router(config-subif)# ip address 192.168.10.1 255.255.255.0 Router(config-subif)# exit ! Subinterface for VLAN 20 Router(config)# interface gigabitEthernet 0/0.20 Router(config-subif)# encapsulation dot1Q 20 Router(config-subif)# ip address 192.168.20.1 255.255.255.0 Router(config-subif)# exit ! Subinterface for VLAN 30 Router(config)# interface gigabitEthernet 0/0.30 Router(config-subif)# encapsulation dot1Q 30 Router(config-subif)# ip address 192.168.30.1 255.255.255.0 Router(config-subif)# exit ! ========== SWITCH CONFIGURATION ========== Switch> enable Switch# configure terminal ! Create VLANs Switch(config)# vlan 10 Switch(config-vlan)# name Engineering Switch(config-vlan)# exit Switch(config)# vlan 20 Switch(config-vlan)# name Sales Switch(config-vlan)# exit Switch(config)# vlan 30 Switch(config-vlan)# name IT Switch(config-vlan)# exit ! Configure trunk port to router Switch(config)# interface gigabitEthernet 0/24 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk allowed vlan 10,20,30 Switch(config-if)# no shutdown Switch(config-if)# exit ! Configure access ports Switch(config)# interface fastEthernet 0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 10 Switch(config-if)# no shutdown Switch(config-if)# exit Switch(config)# interface fastEthernet 0/2 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 20 Switch(config-if)# no shutdown Switch(config-if)# exit Switch(config)# interface fastEthernet 0/3 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 30 Switch(config-if)# no shutdown Switch(config-if)# exit ``` **Subinterface Naming Convention:** - Format: `interface [type][slot/port].[subinterface-number]` - Example: `gigabitEthernet 0/0.10` - Subinterface number typically matches VLAN ID (for clarity) **Encapsulation Command:** ```cisco encapsulation dot1Q [vlan-id] [native] ! Native keyword for native VLAN ``` --- ### 5. Method 3: Layer 3 Switch Inter-VLAN Routing (SVI) **Definition:** Switch Virtual Interfaces (SVIs) are virtual Layer 3 interfaces on a switch that represent entire VLANs. The switch can route between VLANs internally without external router. **Analogy:** A Layer 3 switch is like a city with internal bridges connecting different districts. Traffic never leaves the city limits; it's routed internally. ``` โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ LAYER 3 SWITCH SVI โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ LAYER 3 SWITCH โ โ โ โ โ โ โ โ SVIs (Virtual Interfaces): โ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โ โ interface vlan 10 โ โ โ โ โ โ ip address 192.168.10.1 255.255.255.0 โ โ โ โ โ โ no shutdown โ โ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โ โ interface vlan 20 โ โ โ โ โ โ ip address 192.168.20.1 255.255.255.0 โ โ โ โ โ โ no shutdown โ โ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โ โ interface vlan 30 โ โ โ โ โ โ ip address 192.168.30.1 255.255.255.0 โ โ โ โ โ โ no shutdown โ โ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โ โ โ โ โ ip routing โโโโ Enables Layer 3 routing โ โ โ โ โ โ โ โ Access Ports: โ โ โ โ โโโ Fa0/1 - VLAN 10 โโโโโโบ PC1 (192.168.10.2) โ โ โ โ โโโ Fa0/2 - VLAN 20 โโโโโโบ PC2 (192.168.20.2) โ โ โ โ โโโ Fa0/3 - VLAN 30 โโโโโโบ PC3 (192.168.30.2) โ โ โ โ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ ``` **Layer 3 Switch Configuration:** ```cisco ! ========== LAYER 3 SWITCH CONFIGURATION ========== Switch> enable Switch# configure terminal ! Enable IP routing (critical step!) Switch(config)# ip routing ! Create VLANs Switch(config)# vlan 10 Switch(config-vlan)# name Engineering Switch(config-vlan)# exit Switch(config)# vlan 20 Switch(config-vlan)# name Sales Switch(config-vlan)# exit Switch(config)# vlan 30 Switch(config-vlan)# name IT Switch(config-vlan)# exit ! Configure SVIs (Switch Virtual Interfaces) Switch(config)# interface vlan 10 Switch(config-if)# ip address 192.168.10.1 255.255.255.0 Switch(config-if)# no shutdown Switch(config-if)# exit Switch(config)# interface vlan 20 Switch(config-if)# ip address 192.168.20.1 255.255.255.0 Switch(config-if)# no shutdown Switch(config-if)# exit Switch(config)# interface vlan 30 Switch(config-if)# ip address 192.168.30.1 255.255.255.0 Switch(config-if)# no shutdown Switch(config-if)# exit ! Configure access ports Switch(config)# interface fastEthernet 0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 10 Switch(config-if)# no shutdown Switch(config-if)# exit Switch(config)# interface fastEthernet 0/2 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 20 Switch(config-if)# no shutdown Switch(config-if)# exit Switch(config)# interface fastEthernet 0/3 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 30 Switch(config-if)# no shutdown Switch(config-if)# exit ! Verify routing Switch# show ip route Switch# show ip interface brief ``` --- ### 6. SVI vs. Routed Ports **Switch Virtual Interface (SVI):** - Virtual interface associated with a VLAN - Requires VLAN to exist - Used for inter-VLAN routing - Default gateway for devices in that VLAN **Routed Port:** - Physical port configured as Layer 3 - No VLAN association - Directly configured with IP address - Similar to router interface ```cisco ! Configure a routed port (Layer 3) Switch(config)# interface gigabitEthernet 0/1 Switch(config-if)# no switchport ! Remove Layer 2 functionality Switch(config-if)# ip address 10.1.1.1 255.255.255.0 Switch(config-if)# no shutdown ``` **Comparison:** | Feature | SVI | Routed Port | |---------|-----|-------------| | **Layer** | Virtual Layer 3 | Physical Layer 3 | | **VLAN Required** | Yes | No | | **Multiple VLANs** | One VLAN per SVI | One network per port | | **Use Case** | Inter-VLAN routing | Connecting to router/other switch | --- ### 7. Native VLAN with Router-on-a-Stick **Concept:** Native VLAN traffic is untagged. Configure native VLAN on subinterface if needed. ```cisco ! Configure native VLAN subinterface Router(config)# interface gigabitEthernet 0/0.1 Router(config-subif)# encapsulation dot1Q 1 native Router(config-subif)# ip address 192.168.1.1 255.255.255.0 ``` **Important:** Native VLAN must match on both ends of trunk. --- ### 8. Verification Commands | Command | Purpose | |---------|---------| | `show ip route` | View routing table | | `show ip interface brief` | View interface IP status | | `show interfaces trunk` | View trunk status | | `show vlan brief` | View VLAN assignments | | `show running-config` | Verify configuration | | `ping [ip]` | Test connectivity | | `traceroute [ip]` | Trace path between VLANs | **Example Verification Outputs:** ```cisco ! Router-on-a-stick verification Router# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area Gateway of last resort is not set C 192.168.10.0/24 is directly connected, GigabitEthernet0/0.10 C 192.168.20.0/24 is directly connected, GigabitEthernet0/0.20 C 192.168.30.0/24 is directly connected, GigabitEthernet0/0.30 ! Layer 3 switch verification Switch# show ip interface brief Interface IP-Address OK? Method Status Protocol Vlan1 unassigned YES manual administratively down down Vlan10 192.168.10.1 YES manual up up Vlan20 192.168.20.1 YES manual up up Vlan30 192.168.30.1 YES manual up up GigabitEthernet0/1 unassigned YES unset up up Switch# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area C 192.168.10.0/24 is directly connected, Vlan10 C 192.168.20.0/24 is directly connected, Vlan20 C 192.168.30.0/24 is directly connected, Vlan30 ``` --- ### 9. Troubleshooting Inter-VLAN Routing | Problem | Symptom | Solution | |---------|---------|----------| | **No trunk** | Devices can't ping default gateway | Verify trunk mode, allowed VLANs, native VLAN match | | **Wrong default gateway** | Ping within VLAN works, to other VLAN fails | Check PC default gateway matches router SVI/subinterface IP | | **Subinterface down** | Router not responding | Verify encapsulation, VLAN ID, no shutdown | | **Missing IP routing** | Layer 3 switch not routing | Enable `ip routing` global command | | **ACL blocking** | Some traffic works, some doesn't | Check access-lists on router/switch | | **VLAN not created** | Switch ports in inactive VLAN | Create VLAN on switch | **Troubleshooting Flow:** ``` โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ TROUBLESHOOTING FLOW โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ START: Can PC ping default gateway? โ โ โ โ โ โโโโ NO โโโบ Check: โ โ โ โข PC IP configuration (correct subnet) โ โ โ โข Switch port in correct VLAN โ โ โ โข VLAN exists on switch โ โ โ โข Router subinterface/SVI configured and up โ โ โ โข Trunk established (if router-on-a-stick) โ โ โ โ โ โโโโ YES โโโบ Can PC ping PC in different VLAN? โ โ โ โ โ โโโโ NO โโโบ Check: โ โ โ โข Router has routes to both networks โ โ โ โข No ACLs blocking traffic โ โ โ โข Firewall rules on PCs โ โ โ โข Verify `show ip route` โ โ โ โ โ โโโโ YES โโโบ Inter-VLAN routing working! โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ ``` --- ### 10. Method Comparison | Feature | Legacy | Router-on-a-Stick | Layer 3 Switch | |---------|--------|-------------------|----------------| | **Hardware** | Router + Switch | Router + Switch | Layer 3 Switch | | **Router Ports** | 1 per VLAN | 1 total | 0 (internal) | | **Scalability** | Poor | Good | Excellent | | **Performance** | Limited by router | Limited by single link | Wire-speed | | **Cost** | Higher (more ports) | Lower (single port) | Higher (L3 switch) | | **Complexity** | Low | Medium | Medium-High | | **Best For** | Small networks | Medium networks | Large/Enterprise | --- ## ๐ง Complete Configuration Examples ### Lab 1: Router-on-a-Stick (Full Topology) **Topology:** ``` โโโโโโโโโโโโโโโโโโโ โ Router โ โ Gi0/0.10 โ โ Gi0/0.20 โ โ Gi0/0.30 โ โโโโโโโโโโฌโโโโโโโโโ โ Trunk (802.1Q) โโโโโโโโโโผโโโโโโโโโ โ Switch โ โ Gi0/24 (Trunk)โ โโโโโโโโโโฌโโโโโโโโโ โ โโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโ โ โ โ โโโโโโผโโโโโ โโโโโโผโโโโโ โโโโโโผโโโโโ โ PC1 โ โ PC2 โ โ PC3 โ โ VLAN 10 โ โ VLAN 20 โ โ VLAN 30 โ โ10.10.10.2โ โ10.20.20.2โ โ10.30.30.2โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ ``` **Complete Router Configuration:** ```cisco hostname Router ! interface GigabitEthernet0/0 no ip address no shutdown ! interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip address 192.168.10.1 255.255.255.0 ! interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip address 192.168.20.1 255.255.255.0 ! interface GigabitEthernet0/0.30 encapsulation dot1Q 30 ip address 192.168.30.1 255.255.255.0 ! end ``` **Complete Switch Configuration:** ```cisco hostname Switch ! vlan 10 name Engineering ! vlan 20 name Sales ! vlan 30 name IT ! interface GigabitEthernet0/24 switchport mode trunk switchport trunk allowed vlan 10,20,30 ! interface FastEthernet0/1 switchport mode access switchport access vlan 10 ! interface FastEthernet0/2 switchport mode access switchport access vlan 20 ! interface FastEthernet0/3 switchport mode access switchport access vlan 30 ! end ``` **PC Configurations:** | Device | IP Address | Subnet Mask | Default Gateway | |--------|------------|-------------|-----------------| | PC1 | 192.168.10.2 | 255.255.255.0 | 192.168.10.1 | | PC2 | 192.168.20.2 | 255.255.255.0 | 192.168.20.1 | | PC3 | 192.168.30.2 | 255.255.255.0 | 192.168.30.1 | --- ### Lab 2: Layer 3 Switch SVI (Full Topology) **Topology:** ``` โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ Layer 3 Switch โ โ โ โ SVI 10: 192.168.10.1 โ โ SVI 20: 192.168.20.1 โ โ SVI 30: 192.168.30.1 โ โ โ โ ip routing (enabled) โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โโโโโโผโโโโโ โโโโโโผโโโโโ โโโโโโผโโโโโ โ PC1 โ โ PC2 โ โ PC3 โ โ VLAN 10 โ โ VLAN 20 โ โ VLAN 30 โ โ10.10.10.2โ โ10.20.20.2โ โ10.30.30.2โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ ``` **Complete Layer 3 Switch Configuration:** ```cisco hostname Layer3-Switch ! ip routing ! vlan 10 name Engineering ! vlan 20 name Sales ! vlan 30 name IT ! interface Vlan10 ip address 192.168.10.1 255.255.255.0 no shutdown ! interface Vlan20 ip address 192.168.20.1 255.255.255.0 no shutdown ! interface Vlan30 ip address 192.168.30.1 255.255.255.0 no shutdown ! interface FastEthernet0/1 switchport mode access switchport access vlan 10 ! interface FastEthernet0/2 switchport mode access switchport access vlan 20 ! interface FastEthernet0/3 switchport mode access switchport access vlan 30 ! end ``` --- ## ๐ Text-Based Diagrams ### Packet Flow: Router-on-a-Stick ``` โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ PACKET FLOW (PC1 to PC2) โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ PC1 (VLAN 10) wants to send to PC2 (VLAN 20) โ โ โ โ STEP 1: PC1 sends frame to default gateway (192.168.10.1) โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ Untagged Frame (VLAN 10) โ โ โ โ Src MAC: PC1, Dst MAC: Router Gi0/0 MAC, Data: PC2 IP โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โ โ โผ โ โ STEP 2: Switch receives, tags frame with VLAN 10, forwards to trunk โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ Tagged Frame (802.1Q VLAN 10) โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โ โ โผ โ โ STEP 3: Router receives on subinterface Gi0/0.10 โ โ โข Removes VLAN tag โ โ โข Checks routing table: PC2 (192.168.20.2) is on VLAN 20 โ โ โข ARP for PC2 (if not in ARP cache) โ โ โ โ โ โผ โ โ STEP 4: Router forwards frame out subinterface Gi0/0.20 โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ Tagged Frame (802.1Q VLAN 20) โ โ โ โ Src MAC: Router Gi0/0 MAC, Dst MAC: PC2 MAC โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โ โ โผ โ โ STEP 5: Switch receives, removes tag, forwards to PC2 (VLAN 20) โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ Untagged Frame (VLAN 20) delivered to PC2 โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ ``` --- ## โ Exam Tips (For CCNA 200-301) | Topic | What Cisco Tests | |-------|------------------| | **Router-on-a-Stick** | Subinterfaces, encapsulation dot1Q, native VLAN | | **Layer 3 Switch** | ip routing, SVI configuration | | **Default Gateway** | PC must point to correct router/SVI IP | | **Trunk Required** | Router-on-a-stick requires trunk between router and switch | | **SVI Requirements** | VLAN must exist, SVI must have no shutdown | ### Common Exam Scenarios: **Scenario 1:** "PC1 in VLAN 10 cannot ping PC2 in VLAN 20. PC1 can ping its default gateway (192.168.10.1). What is the issue?" - **Answer:** Router is missing route to VLAN 20, or routing not enabled on Layer 3 switch **Scenario 2:** "A router-on-a-stick configuration is implemented. The router subinterface for VLAN 10 is up, but VLAN 10 devices cannot reach the router. What is the issue?" - **Answer:** Switch trunk port missing VLAN 10 in allowed list, or native VLAN mismatch **Scenario 3:** "What command enables routing on a Layer 3 switch?" - **Answer:** `ip routing` ### Mnemonics: **Router-on-a-Stick Commands:** **"N.E.I." - No Encapsulation, IP** 1. **N**o IP address on physical interface 2. **E**ncapsulation dot1Q on subinterface 3. **I**P address on subinterface --- ## ๐ Summary (1-Minute Revision) ``` INTER-VLAN ROUTING: METHODS: โโโ Legacy: Physical router per VLAN (not scalable) โโโ Router-on-a-Stick: Subinterfaces + 802.1Q trunk โโโ Layer 3 Switch: SVIs + ip routing ROUTER-ON-A-STICK: โโโ Physical interface: no ip address โโโ Subinterfaces: encapsulation dot1Q [vlan] โโโ IP address per subinterface โโโ Switch trunk to router LAYER 3 SWITCH: โโโ ip routing (enable) โโโ Create VLANs โโโ Configure SVI: interface vlan [id] โโโ IP address on SVI โโโ Access ports to VLANs VERIFICATION: โโโ show ip route โโโ show ip interface brief โโโ show interfaces trunk โโโ ping / traceroute TROUBLESHOOTING: โโโ Check default gateway on PCs โโโ Verify trunk allowed VLANs โโโ Check subinterface/SVI status โโโ Verify routing table ``` --- ## ๐งช Practice Questions **1. Which method of inter-VLAN routing uses subinterfaces on a single router interface?** - A) Legacy routing - B) Router-on-a-stick - C) Layer 3 switch SVI - D) Static routing <details> <summary>Answer</summary> <b>B) Router-on-a-stick</b> - This method uses subinterfaces with 802.1Q encapsulation on a single physical interface. </details> **2. What command enables routing on a Layer 3 switch?** - A) `ip routing` - B) `router-on-a-stick` - C) `enable routing` - D) `switchport routing` <details> <summary>Answer</summary> <b>A) `ip routing`</b> - This global configuration command enables Layer 3 routing on a switch. </details> **3. In a router-on-a-stick configuration, what command configures the VLAN on a subinterface?** - A) `vlan [id]` - B) `switchport access vlan [id]` - C) `encapsulation dot1Q [id]` - D) `ip vlan [id]` <details> <summary>Answer</summary> <b>C) `encapsulation dot1Q [id]`</b> - This command associates the subinterface with a specific VLAN. </details> **4. PC1 (VLAN 10, 192.168.10.2) can ping its default gateway (192.168.10.1) but cannot ping PC2 (VLAN 20, 192.168.20.2). What is the most likely issue?** - A) PC1 has wrong subnet mask - B) Trunk not established - C) Routing not configured between VLANs - D) Switch port is down <details> <summary>Answer</summary> <b>C) Routing not configured between VLANs</b> - Since default gateway is reachable, trunk is working; routing between VLANs is the issue. </details> **5. Which type of port connects a router to a switch in a router-on-a-stick configuration?** - A) Access port - B) Trunk port - C) Routed port - D) Console port <details> <summary>Answer</summary> <b>B) Trunk port</b> - The switch port must be a trunk to carry multiple VLANs to the router. </details> **6. What is an SVI?** - A) Simple VLAN Interface - B) Switch Virtual Interface - C) Serial VLAN Interface - D) Static VLAN Interface <details> <summary>Answer</summary> <b>B) Switch Virtual Interface</b> - SVI is a virtual Layer 3 interface associated with a VLAN on a Layer 3 switch. </details> **7. Which command removes Layer 2 functionality from a switch port to make it a routed port?** - A) `no switchport` - B) `ip routing` - C) `switchport mode routed` - D) `ip address` <details> <summary>Answer</summary> <b>A) `no switchport`</b> - This command converts a Layer 2 port to a Layer 3 routed port. </details> **8. In a router-on-a-stick, what is the purpose of the native VLAN?** - A) Carries management traffic - B) Carries untagged traffic on the trunk - C) Carries only broadcast traffic - D) Carries routing updates <details> <summary>Answer</summary> <b>B) Carries untagged traffic on the trunk</b> - Native VLAN frames are not tagged with 802.1Q. </details> **9. What command verifies trunk status on a switch?** - A) `show vlan` - B) `show interfaces trunk` - C) `show trunk` - D) `show switchport` <details> <summary>Answer</summary> <b>B) `show interfaces trunk`</b> - This command displays all trunk ports and allowed VLANs. </details> **10. A Layer 3 switch has VLANs configured but devices cannot communicate between VLANs. What is the most likely missing command?** - A) `ip default-gateway` - B) `ip routing` - C) `router rip` - D) `no switchport` <details> <summary>Answer</summary> <b>B) `ip routing`</b> - Without this command, the switch does not perform Layer 3 routing. </details> **11. Which inter-VLAN routing method provides the highest performance?** - A) Legacy routing - B) Router-on-a-stick - C) Layer 3 switch SVI - D) All are equal <details> <summary>Answer</summary> <b>C) Layer 3 switch SVI</b> - Layer 3 switches route at wire-speed, much faster than external routers. </details> **12. PC1 is in VLAN 10 with IP 192.168.10.2/24. The router subinterface for VLAN 10 is 192.168.10.1. PC1 cannot ping the router. What should you check first?** - A) Router routing table - B) Switch port VLAN assignment - C) Router subinterface encapsulation - D) PC default gateway <details> <summary>Answer</summary> <b>B) Switch port VLAN assignment</b> - Since PC1 cannot reach the gateway, check if the switch port is in the correct VLAN. </details> --- ## ๐ Next Steps After completing Video 8, you should be ready for: - **Video 9:** EtherChannel - **Video 10:** DHCP (Dynamic Host Configuration Protocol) **Lab Practice:** 1. Configure router-on-a-stick with 3 VLANs 2. Configure Layer 3 switch with SVIs for same VLANs 3. Verify connectivity between VLANs 4. Troubleshoot common issues (wrong VLAN, trunk down, missing routes) 5. Compare performance using ping/traceroute --- **Ready for Video 9?** Share the link or say "next" and I'll continue with EtherChannel (Link Aggregation). I'll create comprehensive deep notes for **Video 9: EtherChannel** based on the standard CCNA 200-301 curriculum. ---