1. Introduction
Section, we covered all of the layer two configuration for VLANs, but when we left off, our clients that were in different VLANs weren’t able to communicate with each other at layer three, so you’ll learn how to do that. In this section, there are three different options you can use for your inter VLAN routing. The first is to use a router with separate interfaces in the different VLANs. Second option is Router on a Stick, where we just use one interface on the router, but we configure sub interfaces on there for the separate VLANs. And the third and last option is to use a layer three switch. This section will cover the details of all three options the advantages and disadvantages of each, how they compare with each other, and you’ll learn how to configure and verify them as well. So we’ll.
2. Router with Separate Interfaces
In this lecture you’ll learn about our first option for interview land routing, which is to use a router with separate interfaces acting as the default gateway for each of the different VLANs. Before we get into the interview land routing, a quick review. There’s typically a one to one relationship between an iPad IP subnet and VLAN in the land campus. For example, we’ll have engineering hosts in IP subnet ten 1010 00:24 and that will be associated with VLAN ten. And then we’ve got a different IP subnet for sales of 1010 24 that’s also going to have its own associated VLAN VLAN 24.
Example, hosts are segregated at layer three by being in different IP subnets and they’re segregated at layer two into separate broadcast domains by being in different VLANs. So hosts and different IP subnets need to send traffic via a router to be able to communicate with each other. So in the last section you saw how to do all of the layer to VLAN configuration, but hosts and different VLANs weren’t able to communicate with each other. So let’s look at how to fix that. So first option, a router with separate physical interfaces in each VLAN. So here we have got the engine VLAN PCs. They’re represented by the purple color and our sales PCs are yellow. So on this switch we’ve configured our access ports to put the correct host into the correct VLAN. Then we are adding a router now as well.
In the example, the router Interface Fast ethernet zero one is going to be the default gateway for the engineering VLAN. So we give it an IP address in the same subnet ten one in that example here and we configure our engineering hosts to use 1010 one as their default gateway on the switch it’s interface Fastevent zero one that is connected to that interface on the router. So we put that in the engineering VLAN. So that’s the engineering side done. We also need to configure the sales side as well. So we’re using Interface fast zero two on the router is the default gateway. There IP address 1010 21. And on the switch it’s Interface Fast ethernet two. On the other side of the link we configure that as an access port in VLAN 24 sales. In our example, I’m also going to show you how you do the external routing as well. So here we’ve got Interface Fast zero slash three on the router which is connected out to the wide area network. It’s got IP address 203 01131 and the next hop address over on the wide area network side is going to be 203 01132. So I’ll configure a static default route pointing to 203 01132 as the next top address. So let’s have a look and see how to do the actual configuration.
So on our router we’ve got Interface Fast ethernet zero one, IP address 1010 one with a 24 subnet mask. Remember to do a no shutdown as well and interface fast ethernet zero two. The IP address on there is 1010 21 and then our default static route to get out of the local area network IP route O with the next hop address of 203 01132. So that’s the router config. We need to make sure we put a matching config on the switch as well. So on the switch I’ve got interface fast ethernet zero one switch port mode access, switch port access VLAN ten for the engineering VLAN and interface fast ethernet zero two switch port mode access and switchport access VLAN 20 for sales.
So when you use the option of router with separate interfaces for different VLANs, the configuration on the switch is just like it was a normal end host, a normal PC that was plugged into that port. Now some disadvantages exist with using a router with separate interfaces. You need a separate physical interface for every VLAN. So unless you’ve got very few VLANs, it’s likely that you’re going to run out of available physical interfaces on the router. Also, traffic being routed between different IP subnets within the campus has to go up and down physical ethernet cables to the router. You’ll see, when we get to option three using a layer three switch, it’s slower sending it up and down the physical cables than routing it across the back plane of the switch.
That will make more sense when you see option three. Okay, so that’s all the information about our first option. Next up, let’s configure it in the lab. So you can see the topology diagram here. It’s the same setup we were using in the VLAN section. So I’ve got my switch one and switch three, which I’ve got some engineering and sales PCs attached. Engine VLAN is ten. The sales VLAN is VLAN 20. The difference is that we’ve now added our router R one, which is connected into switch two. Fast zero is going to be configured as the engineering gateway with 1010 one. It connects to fast one on the switch and fast zero one under router will be the sales gateway at 1010 21. The switch interface on the other side is fast zero two. I’ve already configured all the layer to VLAN configuration. So we’ve got trunks going end to end from switch one to switch three, and I’ve put the PCs into the correct VLAN. Let’s just verify that first.
So I’ll go on to switch one and if I do a show interface gig zero one switchport, you can see that that is configured as a trunk. We’re using VLAN 199 as the native VLAN show VLAN brief. I can see that I’ve got my engine and my sales VLANs configured and the PCs have been put into the correct access parts as well. Let’s check the connectivity works. So I’ll go on to engine one. I’ll ping ten 1011, which is inch two which is connected to the same switch, and ping ten 1012 that is inch three over on switch three on the far end. So our layer two configuration is all up and working.
But if I try to ping a sales PC, so I’ll try to ping ten 2012 which is on the same switch, this is going to fail because I haven’t configured my routing yet and obviously if I ping ten 2010 on switch three that’s going to fail as well. Okay, so layer two all good. Let’s configure our layer three routing now. So I’ll do the router first. So I need to go on to R one. So let me just open up packet tracer here and connect to R one. And at the command line I need to configure my interface for my engineering VLAN. So I got a global config and that was interface fast zero IP address will be ten 1010 125-525-52550 and no shutdown and interface fast zero slash one for the sales VLAN IP address, ten dot 1021 with a 24 mask and no shutdown. That’s all I need to do on the router.
I need to configure the switch with a matching configuration so it’s connected to switch two. And in global config it’s interfacefast zero one which is connected to the engineering VLAN interface. So I’ll make that switchport mode access and switchport access VLAN ten and then interface fast two for sales I’ll hit the up arrow to get switchport mode access and set that to switchport access VLAN 20. So that’s it, that should be my intervalan routing working now let’s go back onto my engine PC. If I do an IP config you can see it is set for 1010 one is the default gateway and hopefully if all the interfaces have come up, if I ping ten dot 1010 dot 20 dot twelve on the same switch, it looks like the ping is going to fail.
Probably just a packet tracer quirk again here. Let’s check and see if our interfaces are up on the router. So on R one I’ll do a show IP interface brief and the interfaces are up up. Let’s also check the switch. Well it should be fine on the switch. If there was a problem on the switch it would show up here on the router as well. But let’s just double check show IP interface brief and it was fast zero one and two. They’re up up as well. Let’s try the ping again because maybe it just took a minute. There we go. As you can see it was the last ping that came through so everything was fine.
That is our interview and routing working and I can ping to the sales PC over on the other side of the network on the other switch that’s at 1010 2010. This might drop a few pings while it’s doing ARP and stuff like that as well. There we go. We can see we get a reply there too. And I know this is going to work for sure, but let’s just double check. Let’s also go into our sales PC and check that it can ping across the edge. Let’s make this 1010 1011 now and wait for the arc to resolve. And then hopefully there we go. The second ping works. Okay, so that’s how we configure interview and routing using a router with separate interfaces. See you in the next lecture for the next option.
3. Router on a Stick
In this lecture you’ll learn about our second option for interviewland routing which is router on a stick. And out of the three options this is probably the one that you’re most likely to get tested on on the CCNA exam. So make sure you understand this and know how to do the configuration for it. This is how it’s going to look. We’ve got our switch here in the middle and we’ve got our access ports configured on here for our engineering VLAN PCs and our sales PCs. In the previous option we were using a separate physical interface on the router for each of our different viewings. But a problem with that is you’re going to run out of interfaces. So a way that we can resolve that is by using virtual sub interfaces on the router which are all on the same underlying physical interface.
So that’s what we’re doing here. So going down from the router to the switch, there’s actually just one physical interface here and one physical cable. The physical interface we’re using on the router is interface fast zero slash one here. So we configure that interface with no IP address, but we do a no shut down on it to bring the interface up. Then we add the interface fast zero 110 just by putting in the command interface fast zero 110 that will create the virtual subinterface for us. We then specify that that sub interface is going to be in VLAN ten and we give it the IP address 1010 One that is going to act as the default gateway address for our engineering PCs.
We then also create a sub interface for the sales VLAN. We’re going to use Interface fast 120 for this example. With your sub interfaces. It’s the main physical interface name and then a dot and then the sub interface number. And you don’t have to number them sequentially like one, two, three and so on. So that’s why I’ve used ten and 20 here because it’s more logical, it ties up with the actual VLAN number. So an interface fast zero 120 I specify that is for VLAN 20 and give it IP address 1010 21. Now, what’s going to happen is my engineering PCs when they want to send traffic to another IP subnet, I’ve already configured them with their default gateway address of 1010 one.
So if an engineering PC wants to send traffic to a different subnet, it will send out an ARP request for the Mac address of its default gateway. The switch will forward that to everything that is in the engineering VLAN, all the other engineering PCs and it will also get sent up the fast zero one interface going towards the router. And we’ve configured that interface on the switch as a trunk port. So when the switch sends it up to the router it will tag it with VLAN ten. So it will hit the VLAN ten sub interface. The router can then reply back to the ARP request and we’re going to have routing going through there. So whenever the switch sends traffic up to the router, because that Fast Ethernet zero one port is configured as a trunk, it will tag it with the dot one Q tag. When it reaches the router, it looks at the dot one Q tag and that’s how it knows which sub interface this traffic is for. So the configuration to do this on the router interface Fast Ethernet one.
So I’m using a different interface number here, zero slash one for this configuration, that is the physical interface that is connected to the switch. I don’t need an IP address on here, so I say no IP address, but I do need to bring it up, so I say no shutdown. I then create my first sub interface with the command interface Fast Ethernet zero 110 because it starts Fast Ethernet zero one. It knows it’s a sub interface attached to this physical interface. And then dot ten is the sub interface number. Encapsulation one Q ten by saying that whenever any traffic comes up and hits the interface, which has got a dot one Q tag on there, if it’s dot one Q tag ten, the router knows it is for this sub interface.
Whenever I send traffic in the other direction, sending it down to the switch when it comes from this sub interface, I will tag it again with one Q tag ten. I put my IP address on here, IP address 1010 one with a 24 mask. So that is my engineering VLAN sub interface configured. I do exactly the same config for my sales VLAN sub interface. So Interface Fast Ethernet zero 120 encapsulation one Q 20 for the sales VLAN IP Address 1010 two 1255-255-2550 if I just go back a slide, you see we’ve got the connection to the wide area network again. Available interface fast ethernet two with IP address 203 01131. The next top address in our example is 203 01132. I want my PCs on the inside to be able to get outside the local area network as well. So that’s why I’m configuring a static default route here. So the command is IP route zero zero the next top address of 203 01132. Okay, that’s the entire router configuration. I need to put a matching configuration on the other side of the link on the switch. So on the switch I say interface Fast Ethernet zero slash one switch port mode trunk. So now whenever the switch sends any traffic up to the router, it will tag it with the one Q tag. So then it will hit the correct sub interface on the router.
Some considerations here you don’t need a separate physical interface for every VLAN, so this is better than option one where we did that. You’re less likely to run out of interfaces here. However, traffic being routed within the campus still has to go up and down a physical Ethernet cable to the router. And here you’ve got traffic for multiple VLANs all using the same cable. So there’s more contention for bandwidth than when we were using separate interfaces in option one. Okay, so that’s the theory. Next up, let’s configure this in the lab. We’ve got the same topology as in the last lecture when we did option one. The only difference is we’ve only got one link going between the switch and the router.
Here again, I’ve already configured all of the layer two configuration. So I’ve configured my trunking going through from switch one to switch three and I’ve configured my access ports and put the correct PC into the correct VLAN. So if I go on to my engine one PC, you’ll be able to see it can ping other engine PC so I can ping 1011 the other PC on the same switch and ping ten 1012 over on switch three. But if I try to ping a sales PC, this isn’t going to work because I haven’t configured the routing yet. So let’s do that. Now I’ll configure the router first. So again I need to open this in packet tracer. I’ll open up R one, go to the command line and go to global configuration. So the switch is attached to interface fast zero here, no IP addresses, the default anyway and I need to do a no shutdown to bring the physical interface up.
Then I’ll create my first sub interface. So interface fast zero slash zero dot ten and then I will say encapsulation dot one Q for VLAN ten, the IP address ten, dot ten, dot ten dot one with a slash 24 subnet mask. I don’t need to do a no shut here because it’s a virtual interface. As long as the underlying physical interface is up, this will be up to I need to configure my sub interface for the sales VLAN as well. So that’s also an interface fast zero and it’s going to be 20. I’ll say encapsulation one Q 20 and IP address 1010 2125-525-5255. Or I’m also going to do my default static route to allow them to route out to the one as well. So IP route, the next top was 203 two. Okay, that is my router config done. Next up, I need to configure a matching configuration on the other side of the link.
So that was on switch to on switch to a global config. The router is connected to interface fast zero one here and I need to say switchport trunk. Encapsulation is one Q and switchport mode trunk. Okay, that’s all the configuration done. All I need to do now is test it. So I’ll go back onto engineering one and let’s try pinging the sales PC that’s on the same switch here. So that was 1010 2012 and it will probably miss a few pings while the interfaces and everything’s coming up and it’s doing the ARP. So let’s just wait for this in real world. It’s probably going to be successful a bit quicker. This is because I’m using packet tracer here. So looks like maybe all the pings are going to fail. Let’s try it again.
And there we go, the ping is working. Now let’s try pinging Ten 2010 over on the switch on the other side of the network. And this should hopefully work fine too. Yet there we go. That’s all good. So that was the theory and configuration and verification for router on stick. See you in the next lecture. For the last option, which is using our layer three switch.