3.4 Configure, verify, and troubleshoot inter-VLAN routing

3.4.a Router on a stick

ROS or Router on a stick is a uncommon topology that involves a router connected to a single trunk port on a switch. If a packet needs to go from one VLAN to another it must flow into the trunk port of the switch into the router and then back into the switch.

This configuration does not have great performance as the single link creates a bottleneck.

Here is a simple ROS:

Screenshot_2018-04-02_14-34-37.png

In order to avoid manually configuring the IP addresses manually, create a DHCP pool for each subnet:

!
ip dhcp excluded-address 10.0.1.1
ip dhcp excluded-address 10.0.2.1
ip dhcp excluded-address 10.0.3.1
ip dhcp excluded-address 10.0.4.1
ip dhcp excluded-address 10.0.5.1
ip dhcp excluded-address 10.0.6.1
ip dhcp excluded-address 10.0.7.1
!
ip dhcp pool local1
 network 10.0.1.0 255.255.255.0
 default-router 10.0.1.1 
!
ip dhcp pool local2
 network 10.0.2.0 255.255.255.0
 default-router 10.0.2.1 
!
ip dhcp pool local3
 network 10.0.3.0 255.255.255.0
 default-router 10.0.3.1 
!
ip dhcp pool local4
 network 10.0.4.0 255.255.255.0
 default-router 10.0.4.1 
!
ip dhcp pool local5
 network 10.0.5.0 255.255.255.0
 default-router 10.0.5.1 
!
ip dhcp pool local6
 network 10.0.6.0 255.255.255.0
 default-router 10.0.6.1 
!
ip dhcp pool local7
 network 10.0.7.0 255.255.255.0
 default-router 10.0.7.1 
!

Next create the virtual interfaces on the Router with the correct VLAN ID. Also make sure to issue “no shutdown” more the physical interface:

interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.1
 encapsulation dot1Q 101
 ip address 10.0.1.1 255.255.255.0
!
interface Ethernet0/0.2
 encapsulation dot1Q 102
 ip address 10.0.2.1 255.255.255.0
!
interface Ethernet0/0.3
 encapsulation dot1Q 103
 ip address 10.0.3.1 255.255.255.0
!
interface Ethernet0/0.4
 encapsulation dot1Q 104
 ip address 10.0.4.1 255.255.255.0
!
interface Ethernet0/0.5
 encapsulation dot1Q 105
 ip address 10.0.5.1 255.255.255.0
!
interface Ethernet0/0.6
 encapsulation dot1Q 106
 ip address 10.0.6.1 255.255.255.0
!
interface Ethernet0/0.7
 encapsulation dot1Q 107
 ip address 10.0.7.1 255.255.255.0
!

Now we have the router all setup. Lets configure the switch:

interface Ethernet0/0
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Ethernet0/1
 switchport access vlan 101
 switchport mode access
!
interface Ethernet0/2
 switchport access vlan 102
 switchport mode access
!
interface Ethernet0/3
 switchport access vlan 103
 switchport mode access
!
interface Ethernet1/0
 switchport access vlan 104
 switchport mode access
!
interface Ethernet1/1
 switchport access vlan 105
 switchport mode access
!
interface Ethernet1/2
 switchport access vlan 106
 switchport mode access
!
interface Ethernet1/3
 switchport access vlan 107
 switchport mode access
!

After doing this configure the virtual PC’s to get their IP address from DHCP:

PC1> ip dhcp
DORA IP 10.0.1.2/24 GW 10.0.1.1

Verify that L3 routing works:

PC1> ping 10.0.2.2

84 bytes from 10.0.2.2 icmp_seq=1 ttl=63 time=2.773 ms
^C
PC1> ping 10.0.3.2

84 bytes from 10.0.3.2 icmp_seq=1 ttl=63 time=2.404 ms
^C
PC1> ping 10.0.4.2

84 bytes from 10.0.4.2 icmp_seq=1 ttl=63 time=3.054 ms
^C
PC1> ping 10.0.5.2

84 bytes from 10.0.5.2 icmp_seq=1 ttl=63 time=3.006 ms
^C
PC1> ping 10.0.6.2

84 bytes from 10.0.6.2 icmp_seq=1 ttl=63 time=2.923 ms
^C
PC1> ping 10.0.7.2

84 bytes from 10.0.7.2 icmp_seq=1 ttl=63 time=2.787 ms
^C
PC1>

Let’s have a look at some packet captures.

Here is the request packet sent from 10.0.1.2 => 10.0.2.2 – notice the 802.1Q ID of 101.0

Screenshot_2018-04-02_14-44-18

Here is the reply from 10.0.2.2 => 10.0.1.2. Note  the 802.1Q header is different  with an ID of 102.

Screenshot_2018-04-02_14-44-28

Trouble shooting is similar to the setup:

  1. Check the physical interfaces are UP/UP
  2. Check trunk status on Switch
  3. Check if VLAN ID’s are correct
  4. Check if netmasks are correct
  5. Make sure all devices have a default router configured and it is reachable

3.4.b SVI

SVI stand for Switched Virtual Interfaces, they are a Layer 3 addition to a switche’s L2 functionality. SVI’s can replace a ROAS.

To configure a Switched Virtual Interface:

ip routing
!
interface Ethernet0/0
 switchport access vlan 101
 switchport mode access
!
<snip>

After enabling each SVI for each VLAN you should have inter-vlan connectivity.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s