6 Inter-VLAN Routing

6.0 Chapter Introduction

6.0.1 Introduction

Page 1:
In the previous chapters of this course, we discussed how you can use VLANs and trunks to segment a network. Limiting the scope of each broadcast domain on the LAN through VLAN segmentation provides better performance and security across the network. You also learned how VTP is used to share the VLAN information across multiple switches in a LAN environment to simplify management of VLANs. Now that you have a network with many different VLANs, the next question is, "How do we permit devices on separate VLANs to communicate?"

In this chapter, you will learn about inter-VLAN routing and how it is used to permit devices on separate VLANs to communicate. You will learn different methods for accomplishing inter-VLAN routing, and the advantages and disadvantages of each. You will also learn how different router interface configurations facilitate inter-VLAN routing. Finally, you will explore the potential issues faced when implementing inter-VLAN routing, and how to identify and correct them.


6.0.1 - Chapter Introduction
The diagram depicts the chapter objectives.
- Explain how network traffic is routed between V LAN's in a converged network.
- Configure inter-V LAN routing on a router to enable communication between end-user devices on separate V LAN's.
- Troubleshoot common inter-V LAN connectivity issues.


6.1 Inter-VLAN Routing

6.1.1 Introducing Inter-VLAN Routing

Page 1:
Now that you know how to configure VLANs on a network switch, the next step is to allow devices connected to the various VLANs to communicate with each other. In a previous chapter, you learned that each VLAN is a unique broadcast domain, so computers on separate VLANs are, by default, not able to communicate. There is a way to permit these end stations to communicate; it is called inter-VLAN routing. In this topic, you will learn what inter-VLAN routing is and some of the different ways to accomplish inter-VLAN routing on a network.

In this chapter, we focus on one type of inter-VLAN routing using a separate router connected to the switch infrastructure. We define inter-VLAN routing as a process of forwarding network traffic from one VLAN to another VLAN using a router. VLANs are associated with unique IP subnets on the network. This subnet configuration facilitates the routing process in a multi-VLAN environment. When using a router to facilitate inter-VLAN routing, the router interfaces can be connected to separate VLANs. Devices on those VLANs send traffic through the router to reach other VLANs.

As you can see in the figure, traffic from PC1 on VLAN10 is routed through router R1 to reach PC3 on VLAN30.


6.1.1 - Introducing Inter-V LAN Routing
The diagram depicts the concept of inter-V LAN routing using a separate router connected to the switch infrastructure.

Network Topology:
Switch S2 has two PC's. PC1 is connected to port F0/11. PC 3 is connected to port F0/6. The PC1 IP address is 172.17.10.21, and the PC3 IP address is 172.17.30.23. PC1 is in V LAN 10, and PC3 is in V LAN 30.

Switch S2 is connected to router R1 using two links and two router interfaces. Switch S2 port F0/1 is connected to router R1 interface F0/0. Switch S2 port F0/2 is connected to Router R1 interface F0/1. This allows the router to route between V LAN 10 and V LAN 30.

Caption text: Router-based inter-V LAN routing is a process for forwarding network traffic from one V LAN to another V LAN using a router.


Page 2:
Traditionally, LAN routing has used routers with multiple physical interfaces. Each interface needed to be connected to a separate network and configured for a different subnet.

In a traditional network that uses multiple VLANs to segment the network traffic into logical broadcast domains, routing is performed by connecting different physical router interfaces to different physical switch ports. The switch ports connect to the router in access mode; in access mode, different static VLANs are assigned to each port interface. Each switch interface would be assigned to a different static VLAN. Each router interface can then accept traffic from the VLAN associated with the switch interface that it is connected to, and traffic can be routed to the other VLANs connected to the other interfaces.

Click the Play button in the figure to view traditional inter-VLAN routing.

As you can see in the animation:

1. PC1 on VLAN10 is communicating with PC3 on VLAN30 through router R1.

2. PC1 and PC3 are on different VLANs and have IP addresses on different subnets.

3. Router R1 has a separate interface configured for each of the VLANs.

4. PC1 sends unicast traffic destined for PC3 to switch S2 on VLAN10, where it is then forwarded out the trunk interface to switch S1.

5. Switch S1 then forwards the unicast traffic to router R1 on interface F0/0.

6. The router routes the unicast traffic through to its interface F0/1, which is connected to VLAN30.

7. The router forwards the unicast traffic to switch S1 on VLAN 30.

8. Switch S1 then forwards the unicast traffic to switch S2 through the trunk link, after which switch S2 can then forward the unicast traffic to PC3 on VLAN30.

In this example, the router was configured with two separate physical interfaces to interact with the different VLANs and perform the routing.


6.1.1 - Introducing Inter-V LAN Routing
The animation depicts traditional inter-V LAN routing using two router interfaces.

Network Topology:
Three switches, S1, S2 and S 3, are interconnected in a full mesh using dual trunk links between switches. Switch S1 is connected to router R1 using two links and two router interfaces. Device connections are as follows:
- Switch S1 Port F0/1 is connected to S2 Port F0/1 (Trunk).
- Switch S1 Port F0/2 is connected to S2 Port F0/2 (Trunk).
- Switch S1 Port F0/5 (V LAN 30) is connected to R1 Port F0/1.
- Switch S1 Port F0/6 (V LAN 10) is connected to R1 Port F0/0.
- Switch S2 Port F0/3 is connected to S 3 Port F0/1 (Trunk).
- Switch S2 Port F0/4 is connected to S 3 Port F0/2 (Trunk).
- Switch S2 Port F0/11 is connected to PC1 with IP address 172.17.10.21 (V LAN 10).
- Switch S2 Port F0/18 is connected to PC2 with IP address 172.17.20.22 (V LAN 20).
- Switch S2 Port F0/6 is connected to PC3 with IP address 172.17.30.23 (V LAN 30).
- Switch S 3 Port F0/4 is connected to S1 Port F0/4 (Trunk).
- Switch S 3 Port F0/3 is connected to S1 Port F0/3 (Trunk).

Scenario:
PC1 (in V LAN 10) sends a unicast frame to PC3 (in V LAN 30) via switches S2 and S1 and router R1, using two router interfaces.

Animation sequence:
One. PC1 sends unicast traffic destined for PC3 to switch S2 on V LAN 10. Switch S2 tags the frame with V LAN ID 10. S2 then forwards the frame through the trunk interface to switch S1.

Two. Switch S1 removes the V LAN tag and then forwards the unicast traffic to router R1 on interface F0/0.

Three. The router routes the unicast traffic to its interface F0/1, which is connected to V LAN 30.

Four. The router forwards the unicast traffic to switch S1 on V LAN 30.

Five. Switch S1 forwards the unicast traffic to switch S2 through the trunk link. S2 tags the frame with V LAN ID 30. S2 can then forward the unicast traffic to PC3 on V LAN 30.


Page 3:
Traditional inter-VLAN routing requires multiple physical interfaces on both the router and the switch. However, not all inter-VLAN routing configurations require multiple physical interfaces. Some router software permits configuring router interfaces as trunk links. This opens up new possibilities for inter-VLAN routing.

"Router-on-a-stick" is a type of router configuration in which a single physical interface routes traffic between multiple VLANs on a network. As you can see in the figure, the router is connected to switch S1 using a single, physical network connection.

The router interface is configured to operate as a trunk link and is connected to a switch port configured in trunk mode. The router performs the inter-VLAN routing by accepting VLAN tagged traffic on the trunk interface coming from the adjacent switch and internally routing between the VLANs using subinterfaces. The router then forwards the routed traffic-VLAN tagged for the destination VLAN-out the same physical interface.

Subinterfaces are multiple virtual interfaces, associated with one physical interface. These subinterfaces are configured in software on a router that is independently configured with an IP address and VLAN assignment to operate on a specific VLAN. Subinterfaces are configured for different subnets corresponding to their VLAN assignment to facilitate logical routing before the data frames are VLAN tagged and sent back out the physical interface. You will learn more about interfaces and subinterfaces in the next topic.

Click the Play button in the figure to view how a router-on-a-stick performs its routing function.

As you can see in the animation:

1. PC1 on VLAN10 is communicating with PC3 on VLAN30 through router R1 using a single, physical router interface.

2. PC1 sends its unicast traffic to switch S2.

3. Switch S2 then tags the unicast traffic as originating on VLAN10 and forwards the unicast traffic out its trunk link to switch S1.

4. Switch S1 forwards the tagged traffic out the other trunk interface on port F0/5 to the interface on router R1.

5. Router R1 accepts the tagged unicast traffic on VLAN10 and routes it to VLAN30 using its configured subinterfaces.

6. The unicast traffic is tagged with VLAN30 as it is sent out the router interface to switch S1.

7. Switch S1 forwards the tagged unicast traffic out the other trunk link to switch S2.

8. Switch S2 removes the VLAN tag of the unicast frame and forwards the frame out to PC3 on port F0/6.


6.1.1 - Introducing Inter-V LAN Routing
The animation depicts router-on-a-stick inter-V LAN routing, which uses a single router interface.

Network Topology:
Same as 6.1.1 Diagram 2, except that there is only a single trunk link from switch S1 port F0/5 to router R1 interface F0/1. This single physical router interface has three logical subinterfaces defined:
Subinterface F0/0 dot 10, IP address 172.17.10.1
Subinterface F0/0 dot 20, IP address 172.17.20.1
Subinterface F0/0 dot 30, IP address 172.17.30.1

Scenario:
PC1 (in V LAN 10) sends a unicast frame to PC3 (in V LAN 30) via switches S2 and S1 and router R1, using a single router interface.

Animation sequence:
One. PC1 sends its unicast traffic to switch S2.

Two. Switch S2 tags the unicast traffic as originating on V LAN 10, and then forwards the unicast traffic out its trunk link to switch S1.

Three. Switch S1 forwards the tagged traffic out the other trunk interface on port F0/5 to the interface on router R1.

Four. Router R1 accepts the tagged unicast traffic on V LAN 10 and routes it to V LAN 30 using its configured subinterfaces.

Five. The unicast traffic is tagged with V LAN 30 as it is sent out the router interface to switch S1.

Six. Switch S1 forwards the tagged unicast traffic out the other trunk link to switch S2.

Seven. Switch S2 removes the V LAN tag of the unicast frame and forwards the frame out to PC3 on port F0/6.


Page 4:
Some switches can perform Layer 3 functions, replacing the need for dedicated routers to perform basic routing on a network. Multilayer switches are capable of performing inter-VLAN routing.

Click the Play button in the figure to see how switch-based inter-VLAN routing occurs.

As you can see in the animation:

1. PC1 on VLAN10 is communicating with PC3 on VLAN30 through switch S1 using VLAN interfaces configured for each VLAN.

2. PC1 sends its unicast traffic to switch S2.

3. Switch S2 tags the unicast traffic as originating on VLAN10 as it forwards the unicast traffic out its trunk link to switch S1.

4. Switch S1 removes the VLAN tag and forwards the unicast traffic to the VLAN10 interface.

5. Switch S1 routes the unicast traffic to its VLAN30 interface.

6. Switch S1 then retags the unicast traffic with VLAN30 and forwards it out the trunk link back to switch S2.

7. Switch S2 removes the VLAN tag of the unicast frame and forwards the frame out to PC3 on port F0/6.

To enable a multilayer switch to perform routing functions, VLAN interfaces on the switch need to be configured with the appropriate IP addresses that match the subnet that the VLAN is associated with on the network. The multilayer switch also must have IP routing enabled. Multilayer switching is complex and beyond the scope of this course. For a good overview of multilayer switching, visit: http://cisco.com/en/US/docs/ios/12_0/switch/configuration/guide/xcmls.html.

Configuring inter-VLAN routing on a multilayer switch is beyond the scope of this course. However, the CCNP curriculum covers the concept comprehensively. Also, to explore additional information, visit: http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml.


6.1.1 - Introducing Inter-V LAN Routing
The animation depicts switch-based inter-V LAN routing, which uses a Layer 3 switch to perform the routing function.

Network Topology:
Same as 6.1.1 Diagram 2, except that there is no router present. Switch S1 has three logical V LAN interfaces defined to perform inter-V LAN routing:
Interface V LAN 10, IP address 172.17.10.1
Interface V LAN 20, IP address 172.17.20.1
Interface V LAN 30, IP address 172.17.30.1

Scenario:
PC1 on V LAN 10 is communicating with PC3 on V LAN 30 through switch S1 using V LAN interfaces configured for each V LAN.

Animation sequence:
One. PC1 sends its unicast traffic to switch S2.

Two. Switch S2 tags the unicast traffic as originating on V LAN 10. It then forwards the unicast traffic out its trunk link to switch S1.

Three. Switch S1 removes the V LAN tag and forwards the unicast traffic to the V LAN 10 interface.

Four. Switch S1 routes the unicast traffic to its V LAN 30 interface.

Five. Switch S1 then retags the unicast traffic with V LAN 30 and forwards it out the trunk link back to switch S2.

Six. Switch S2 removes the V LAN tag of the unicast frame and forwards the frame out to PC3 on port F0/6.

Seven. The process is then reversed. PC3 in V LAN 30 sends a packet back to PC1 in V LAN 10.


6.1.2 Interfaces and Subinterfaces

Page 1:
As we discussed, there are various inter-VLAN routing options to choose from. Each uses a different router configuration to accomplish the task of routing between VLANs. In this topic, we will look at how each type of router interface configuration routes between VLANs, and the advantages and disadvantages. We will begin by reviewing the traditional model.

Using the Router as a Gateway

Traditional routing requires routers to have multiple physical interfaces to facilitate inter-VLAN routing. The router accomplishes the routing by having each of its physical interfaces connected to a unique VLAN. Each interface is also configured with an IP address for the subnet associated with the particular VLAN that it is connected to. By configuring the IP addresses on the physical interfaces, network devices connected to each of the VLANs can communicate with the router using the physical interface connected to the same VLAN. In this configuration, network devices can use the router as a gateway to access the devices connected to the other VLANs.

The routing process requires the source device to determine if the destination device is local or remote to the local subnet. The source device accomplishes this by comparing the source and destination addresses against the subnet mask. Once the destination address has been determined to be on a remote network, the source device has to identify where it needs to forward the packet to reach the destination device. The source device examines the local routing table to determine where it needs to send the data. Typically, devices use their default gateway as the destination for all traffic that needs to leave the local subnet. The default gateway is the route that the device uses when it has no other explicitly defined route to the destination network. The router interface on the local subnet acts as the default gateway for the sending device.

Once the source device has determined that the packet must travel through the local router interface on the connected VLAN, the source device sends out an ARP request to determine the MAC address of the local router interface. Once the router sends its ARP reply back to the source device, the source device can use the MAC address to finish framing the packet before it sends it out on the network as unicast traffic.

Since the Ethernet frame has the destination MAC address of the router interface, the switch knows exactly which switch port to forward the unicast traffic out of to reach the router interface on that VLAN. When the frame arrives at the router, the router removes the source and destination MAC address information to examine the destination IP address of the packet. The router compares the destination address to entries in its routing table to determine where it needs to forward the data to reach its final destination. If the router determines that the destination network is a locally connected network, as would be the case in inter-VLAN routing, the router sends an ARP request out the interface physically connected to the destination VLAN. The destination device responds back to the router with its MAC address, which the router then uses to frame the packet. The router then sends the unicast traffic to the switch, which forwards it out the port where the destination device is connected.

Click the Play button in the figure to view how traditional routing is accomplished.

Even though there are many steps in the process of inter-VLAN routing when two devices on different VLANs communicate through a router, the entire process happens in a fraction of a second.


6.1.2 - Interfaces and Subinterfaces
The animation depicts more detailed information on how traditional inter-V LAN routing is accomplished using two router interfaces.

Network Topology:
Three switches, S1, S2 and S 3, are interconnected in a full mesh using dual trunk links between switches. Switch S1 is connected to router R1 using two links and two router interfaces. Device connections are as follows:
- Switch S1 Port F0/1 is connected to S2 Port F0/1 (Trunk).
- Switch S1 Port F0/2 is connected to S2 Port F0/2 (Trunk).
- Switch S1 Port F0/5 (V LAN 30) is connected to R1 Port F0/1.
- Switch S1 Port F0/6 (V LAN 10) is connected to R1 Port F0/0.
- Switch S2 Port F0/3 is connected to S 3 Port F0/1 (Trunk).
- Switch S2 Port F0/4 is connected to S 3 Port F0/2 (Trunk).
- Switch S2 Port F0/11 is connected to PC1 with IP address 172.17.10.21 (V LAN 10).
- Switch S2 Port F0/18 is connected to PC2 with IP address 172.17.20.22 (V LAN 20).
- Switch S2 Port F0/6 is connected to PC3 with IP address 172.17.30.23 (V LAN 20).
- Switch S 3 Port F0/4 is connected to S1 Port F0/4 (Trunk).
- Switch S 3 Port F0/3 is connected to S1 Port F0/3 (Trunk).

Scenario:
PC1 (in V LAN 10) sends a unicast frame to PC3 (in V LAN 30) via switches S2 and S1 and router R1, using two router interfaces.

Animation sequence:
One. PC1 sends out an ARP request broadcast on V LAN 10 to determine its gateway MAC address. The gateway for PC1 is the nearest interface of the router.

Two. The ARP request broadcast is forwarded by switch S2 out all ports assigned to V LAN 10 and the trunk link connected to switch S1.

Three. The ARP request broadcast frame is tagged with V LAN 10 as it traverses the trunk link between switches S2 and S1.

Four. Switch S1 removes the V LAN tag and forwards the frame out the ports configured for V LAN 10, including port F0/6, which is connected to router R1.

Five. Router R1 sends an ARP reply with the physical MAC address of the F0/0 interface back to PC1.

Six. PC1 frames the data and forwards it as unicast traffic to router R1 over switches S2 and S1. After router R1 accepts the frame, it removes the original source and destination MAC addresses and examines the destination IP address to determine where to forward the packet.

Seven. Router R1 compares the address with the routes configured in its local routing table. R1 identifies that the destination network is locally connected to interface F0/1, so it proceeds to send out an ARP request for PC3 on V LAN 30.

Eight. The ARP request broadcast traverses switches S1 and S2, going out all ports configured for V LAN 30, where it reaches PC3.

Nine. PC3 then sends an ARP reply back to R1 with its local MAC address.

Ten. When router R1 receives the ARP reply, the router frames the packet with the new source and destination MAC addresses and forwards the frame to the local V LAN, which is V LAN 30.

Eleven. Switch S1 forwards the frame to switch S2, where it is sent out port F0/6 to PC3.

Twelve. PC3 needs to respond to PC1 to confirm the receipt of the data sent from PC1. Because PC3 already has the MAC address of the router R1 F0/1 interface from the previous ARP request that the router sent, it does not need to resend an ARP request before it can frame the packet it is sending to PC1.

Thirteen. PC3 sends the framed packet destined for PC1 to router R1 with the destination MAC address of the F0/1 interface of R1 on V LAN 30.

Fourteen. Router R1 receives the frame and removes the original source and destination MAC addresses to examine the destination IP address (the IP address of PC1) to determine where to forward the packet.

Fifteen. Router R1 determines that the local F0/0 interface is connected to the correct subnet and that it should use that physical interface to send the packet back to PC1.

Sixteen. Router R1 frames the packet with the destination MAC address of PC1, which it still remembers from the original ARP exchange between PC1 and router R1. R1 then forwards the frame to switch S1. S1 then forwards it to switch S2, where the frame is finally delivered back to PC1.


Page 2:
Interface Configuration

Click the Interface Configuration button in the figure to see an example of router interfaces being configured.

Router interfaces are configured similarly to configuring VLAN interfaces on switches. In global configuration mode, switch to interface configuration mode for the specific interface you want to configure.

As you see in the example, interface F0/0 is configured with IP address 172.17.10.1 and subnet mask 255.255.255.0 using the ip address 172.17.10.1 255.255.255.0 command.

To enable a router interface, the no shutdown command needs to be entered for the interface. Notice also that interface F0/1 has been configured. After both IP addresses are assigned to each of the physical interfaces, the router is capable of performing routing.

Click the Routing Table button in the figure to see an example of a routing table on a Cisco router.

Routing Table

As you can see in the example, the routing table has two entries, one for network 172.17.10.0 and the other for network 172.17.30.0. Notice the letter C to the left of each route entry. This letter indicates that the route is local for a connected interface, which is also identified in the route entry. Using the output in this example, if traffic was destined for the 172.17.30.0 subnet, the router would forward the traffic out interface F0/1.

Traditional inter-VLAN routing using physical interfaces does have a limitation. As the number of VLANs increases on a network, the physical approach of having one router interface per VLAN quickly becomes hindered by the physical hardware limitations of a router. Routers have a limited number of physical interfaces that they can use to connect to different VLANs. Large networks with many VLANs must use VLAN trunking to assign multiple VLANs to a single router interface to work within the hardware constraints of dedicated routers.


6.1.2 - Interfaces and Subinterfaces
The diagram depicts the configuration of router R1 when using two router interfaces with traditional inter-V LAN routing. The output of the routing table after configuration is also provided.

Interface Configuration:
Some output omitted.
R1(config)#interface f0/0
R1(config-i f)#i p address 172.17.10.1 255.255.255.0
R1(config-i f)#no shutdown

R1(config-i f)#interface f0/1
R1(config-i f)#i p address 172.17.30.1 255.255.255.0
R1(config-i f)#no shutdown

Routing Table Output:
Some output omitted.
172.17.0.0 /24 is subnetted, 2 subnets.
C172.17.30.0 is directly connected, FastEthernet0/1
C172.17.10.0 is directly connected, FastEthernet0/0


Page 3:
To overcome the hardware limitations of inter-VLAN routing based on router physical interfaces, virtual subinterfaces and trunk links are used, as in the router-on-a-stick example described earlier. Subinterfaces are software-based virtual interfaces that are assigned to physical interfaces. Each subinterface is configured with its own IP address, subnet mask, and unique VLAN assignment, allowing a single physical interface to simultaneously be part of multiple logical networks. This is useful when performing inter-VLAN routing on networks with multiple VLANs and few router physical interfaces.

When configuring inter-VLAN routing using the router-on-a-stick model, the physical interface of the router must be connected to a trunk link on the adjacent switch. Subinterfaces are created for each unique VLAN/subnet on the network. Each subinterface is assigned an IP address specific to the subnet that it will be part of and configured to VLAN tag frames for the VLAN that the interface is to interact with. That way, the router can keep the traffic from each subinterface separated as it traverses the trunk link back to the switch.

Functionally, the router-on-a-stick model for inter-VLAN routing is the same as using the traditional routing model, but instead of using the physical interfaces to perform the routing, subinterfaces of a single interface are used.

Let's explore an example. In the figure, PC1 wants to communicate with PC3. PC1 is on VLAN10, and PC3 is on VLAN30. For PC1 to communicate with PC3, PC1 needs to have its data routed through router R1 using configured subinterfaces.

Click the Play button in the figure to see how subinterfaces are used to route between VLANs.


6.1.2 - Interfaces and Subinterfaces
The animation depicts more details about the operation of router-on-a-stick inter-V LAN routing using a single router interface.

Network Topology:
Same as 6.1.2 Diagram 2, except that there is only a single trunk link from switch S1 port F0/5 to router R1 interface F0/1. This single physical router interface has three logical subinterfaces defined:
Subinterface F0/1 dot 10, IP address 172.17.10.1
Subinterface F0/1 dot 20, IP address 172.17.20.1
Subinterface F0/1 dot 30, IP address 172.17.30.1

Scenario:
PC1 (in V LAN 10) sends a unicast frame to PC3 (in V LAN 30) via switches S2 and S1 and router R1, using a single router interface.

Animation sequence:
One. PC1 sends an ARP request for the MAC address of its default gateway, which is the V LAN subinterface on router R1.

Two. The ARP request is sent out for the IP address 172.16.10.1, which corresponds to the subnet that PC1 is connected to.

Three. The ARP request is sent to switch S2 on V LAN 10, and is tagged and forwarded out the trunk link to switch S1.

Four. Switch S1 maintains the V LAN tag on the broadcast frame as it forwards it out the other trunk link connected to router R1.

Five. Router R1 examines the V LAN tag on the broadcast and recognizes that it was sent on V LAN 10. Because subinterface F0/0 dot 10 has been configured for V LAN 10 and with the IP address specified in the ARP request, the router responds back to PC1 with the MAC address of the physical interface.

Six. PC1 uses the MAC address received from router R1 to frame the unicast packet before it is sent out on the network.

Seven. Switch S2 tags the frame on V LAN 10 as it traverses the trunk link to switch S1.

Eight. Switch S1 maintains the V LAN tag as it continues to forward the frame to router R1.

Nine. Router R1 examines the frame and sees the V LAN tag for V LAN 10. The router forwards the frame to subinterface F0/0 dot 10.

Ten. The router then examines the routing table to see if there is a defined route to use as a basis for forwarding the packet to its destination. The routing table indicates that the destination network is directly connected to subinterface F0/0 dot 30.

Eleven. The router then forwards the packet to subinterface F0/0 dot 30.

Twelve. R1 sends a new ARP request for the MAC address of PC3. The ARP request is sent out the physical interface tagged with V LAN 30.

Thirteen. PC3 receives the ARP request.

Fourteen. PC3 sends back an ARP reply with its MAC address.

Fifteen. Router R1 receives the ARP reply and finishes framing the packet before it sends it out onto the network.

Sixteen. Switch S1 forwards the frame to switch S2, which then finally delivers the frame to PC3.

Seventeen. PC3 sends a unicast frame back to PC1. However, this time, ARP broadcasts are not needed because the MAC addresses of the adjacent devices are already known.

Eighteen. R1 uses its routing table to determine that the destination network address of the unicast packet from PC3 is directly connected to F0/0 dot 10.

Nineteen. R1 forwards the packet to subinterface F0/0 dot 10.

Twenty. The unicast packet is delivered to PC1.


Page 4:
Subinterface Configuration

Configuring router subinterfaces is similar to configuring physical interfaces, except that you need to create the subinterface and assign it to a VLAN.

In the example, create the router subinterface by entering the interface f0/0.10 command in global configuration mode. The syntax for the subinterface is always the physical interface, in this case f0/0, followed by a period and a subinterface number. The subinterface number is configurable, but it is typically associated to reflect the VLAN number. In the example, the subinterfaces use 10 and 30 as subinterface numbers to make it easier to remember which VLANs they are associated with. The physical interface is specified because there could be multiple interfaces in the router, each of which could be configured to support many subinterfaces.

Before assigning an IP address to a subinterface, the subinterface needs to be configured to operate on a specific VLAN using the encapsulation dot1q vlan id command. In the example, subinterface Fa0/0.10 is assigned to VLAN10. After the VLAN has been assigned, the ip address 172.17.10.1 255.255.255.0 command assigns the subinterface to the appropriate IP address for that VLAN.

Unlike a typical physical interface, subinterfaces are not enabled with the no shutdown command at the subinterface configuration mode level of the Cisco IOS software. Instead, when the physical interface is enabled with the no shutdown command, all the configured subinterfaces are enabled. Likewise, if the physical interface is disabled, all subinterfaces are disabled.

Click the Routing Table button in the figure to see an example of a routing table when subinterfaces are configured.

Router Table Output

As you see in the figure, the routes defined in the routing table indicate that they are associated with specific subinterfaces, rather than separate physical interfaces.

One advantage of using a trunk link is that the number of router and switch ports used are reduced. Not only can this save money, it can also reduce configuration complexity. Consequently, the router subinterface approach can scale to a much larger number of VLANs than a configuration with one physical interface per VLAN design.


6.1.2 - Interfaces and Subinterfaces
The diagram depicts the configuration of router R1 subinterfaces when using a single router interface with router-on-a-stick inter-V LAN routing. The output of the routing table after configuration is also provided.

Subinterface Configuration:
Some output omitted.
R1(config)#interface f0/0 dot 10
R1(config-sub i f)#encapsulation dot 1 q 10
R1(config-sub i f)#i p address 172.17.10.1 255.255.255.0
R1(config-sub i f)#interface f0/0 dot 30
R1(config-sub i f)#encapsulation dot 1 q 30
R1(config-sub i f)#i p address 172.17.30.1 255.255.255.0
R1(config-sub i f)#interface f0/0
R1(config-i f)#no shutdown

Routing Table Output:
Some output omitted.
C172.17.10.0 is directly connected, FastEthernet 0/0 dot 10
C172.17.30.0 is directly connected, FastEthernet 0/0 dot 30


Page 5:
As we just discussed, both physical interfaces and subinterfaces are used to perform inter-VLAN routing. There are advantages and disadvantage to each method.

Port Limits

Physical interfaces are configured to have one interface per VLAN on the network. On networks with many VLANs, using a single router to perform inter-VLAN routing is not possible. Routers have physical limitations that prevent them from containing large numbers of physical interfaces. Instead, you could use multiple routers to perform inter-VLAN routing for all VLANs if avoiding the use of subinterfaces is a priority.

Subinterfaces allow a router to scale to accommodate more VLANs than the physical interfaces permit. Inter-VLAN routing in large environments with many VLANs can usually be better accommodated by using a single physical interface with many subinterfaces.

Performance

Because there is no contention for bandwidth on separate physical interfaces, physical interfaces have better performance when compared to using subinterfaces. Traffic from each connected VLAN has access to the full bandwidth of the physical router interface connected to that VLAN for inter-VLAN routing.

When subinterfaces are used for inter-VLAN routing, the traffic being routed competes for bandwidth on the single physical interface. On a busy network, this could cause a bottleneck for communication. To balance the traffic load on a physical interface, subinterfaces are configured on multiple physical interfaces resulting in less contention between VLAN traffic.

Access Ports and Trunk Ports

Connecting physical interfaces for inter-VLAN routing requires that the switch ports be configured as access ports. Subinterfaces require the switch port to be configured as a trunk port so that it can accept VLAN tagged traffic on the trunk link. Using subinterfaces, many VLANs can be routed over a single trunk link rather than a single physical interface for each VLAN.

Cost

Financially, it is more cost-effective to use subinterfaces over separate physical interfaces. Routers that have many physical interfaces cost more than routers with a single interface. Additionally, if you have a router with many physical interfaces, each interface is connected to a separate switch port, consuming extra switch ports on the network. Switch ports are an expensive resource on high performance switches. By consuming additional ports for inter-VLAN routing functions, both the switch and the router drive up the overall cost of the inter-VLAN routing solution.

Complexity

Using subinterfaces for inter-VLAN routing results in a less complex physical configuration than using separate physical interfaces, because there are fewer physical network cables interconnecting the router to the switch. With fewer cables, there is less confusion about where the cable is connected on the switch. Because the VLANs are being trunked over a single link, it is easier to troubleshoot the physical connections.

On the other hand, using subinterfaces with a trunk port results in a more complex software configuration, which can be difficult to troubleshoot. In the router-on-a-stick model, only a single interface is used to accommodate all the different VLANs. If one VLAN is having trouble routing to other VLANs, you cannot simply trace the cable to see if the cable is plugged into the correct port. You need to check to see if the switch port is configured to be a trunk and verify that the VLAN is not being filtered on any of the trunk links before it reaches the router interface. You also need to check that the router subinterface is configured to use the correct VLAN ID and IP address for the subnet associated with that VLAN.


6.1.2 - Interfaces and Subinterfaces
The diagram compares the difference between using multiple physical interfaces and a single physical interface that has subinterfaces for inter-V LAN routing.

Physical Interface: One physical interface per V LAN.
Subinterface: One physical interface for many V LAN's.

Physical Interface: No bandwidth contention.
Subinterface: Bandwidth contention.

Physical Interface: Connected to access mode switch port.
Subinterface: Connected to trunk mode switch port.

Physical Interface: More expensive.
Subinterface: Less expensive.

Physical Interface: More complex connection configuration.
Subinterface: Less complex connection configuration.


6.2 Configuring Inter-VLAN Routing

6.2.1 Configure Inter-VLAN Routing

Page 1:
In this topic, you will learn how to configure a Cisco IOS router for inter-VLAN routing, as well as review the commands needed to configure a switch to support inter-VLAN routing.

Before configuring the router, configure the switch that it will be connected to. As you see in the figure, Router R1 is connected to switch ports F0/4 and F0/5, which have been configured for VLANs 10 and 30, respectively.

Click the Switch Configuration button in the figure to see the example switch configuration.

To review, VLANs are created in global configuration mode using the vlan vlan id command. In this example, VLANs 10 and 30 were created on switch S1.

After the VLANs have been created, they are assigned to the switch ports that the router will be connecting to. To accomplish this task, the switchport access vlan vlan id command is executed from interface configuration mode on the switch for each interface that the router will connect to.

In this example, interfaces F0/4 and F0/11 has been configured on VLAN 10 using the switchport access vlan 10 command. The same process is used to assign VLAN 30 to interface F0/5 and F0/6 on switch S1.

Finally, to protect the configuration so that it is not lost after a reload of the switch, the copy running-config startup-config command is executed in privileged EXEC mode to back up the running configuration to the startup configuration.

Click the Router Interface Configuration button in the figure to see the example router configuration.

Next, the router can be configured to perform the inter-VLAN routing.

As you see in the figure, each interface is configured with an IP address using the ip address ip_address subnet_mask command in interface configuration mode.

Router interfaces are disabled by default and need to be enabled using the no shutdown command before they are used.

In this example, interface F0/0 has been assigned the IP address of 172.17.10.1 using the ip address 172.17.10.1 255.255.255.0 command. You will also notice that after the no shutdown interface configuration mode command has been executed a notification is displayed indicating that the interface state has changed to up. This indicates that the interface is now enabled.

The process is repeated for all router interfaces. Each router interface needs to be assigned to a unique subnet for routing to occur. In this example, the other router interface, F0/1, has been configured to use IP address 172.17.30.1, which is on a different subnet than interface F0/0.

By default, Cisco routers are configured to route traffic between the local interfaces. As a result, routing does not specifically need to be enabled. However, if multiple routers are being configured to perform inter-VLAN routing, you may want to enable a dynamic routing protocol to simplify routing table management. If you have not taken the course CCNA Exploration: Routing Protocols and Concepts, you can learn more at this Cisco site: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca760.html.


6.2.1 - Configure Inter-V LAN Routing
The diagram depicts the switch and router configuration for the traditional inter-V LAN routing using two router interfaces.

Network Topology:
Switch S1 has two PC's. PC1 is connected to Port F0/11, and PC3 is connected to F0/6. The PC1 IP address is 172.17.10.21. The PC3 IP address is 172.17.30.23. PC1 is in V LAN 10, and PC3 is in V LAN 30.

Switch S1 is connected to router R1 using two links and two router interfaces. Switch S1 port F0/4 is connected to router R1 interface F0/0 with IP address 172.17.10.1 /24. Switch S1 port F0/5 is connected to router R1 interface F0/1 with IP address 172.17.30.1 /24. This allows the router to route between V LAN 10 and V LAN 30. Switch S1 ports F0/4 and F0/11 are in V LAN 10. Switch S1 ports F0/5 and F0/6 are in V LAN 30.

Switch Configuration:
S1(config)#v lan 10
S1(config-v lan)#v lan 30
S1(config-v lan)#exit
S1(config)#interface f0/11
S1(config-i f)#switchport access v lan 10
S1(config-i f)#interface f0/4
S1(config-i f)#switchport access v lan 10
S1(config-i f)#interface f0/6
S1(config-i f)#switchport access v lan 30
S1(config-i f)#interface f0/5
S1(config-i f)#switchport access v lan 30
S1(config-i f)#end

Router Interface Configuration:
R1(config)#interface f0/0
R1(config-i f)#i p address 172.17.10.1 255.255.255.0
R1(config-i f)#no shutdown

R1(config-i f)#interface f0/1
R1(config-i f)#i p address 172.17.30.1 255.255.255.0
R1(config-i f)#no shutdown


Page 2:
Routing Table

Now examine the routing table using the show ip route privileged EXEC mode command.

In the example, there are two routes in the routing table. One route is to the 172.17.10.0 subnet, which is attached to the local interface F0/0. The other route is to the 172.17.30.0 subnet, which is attached to the local interface F0/1. The router uses this routing table to determine where to send the traffic it receives. For example, if the router receives a packet on interface F0/0 destined for the 172.17.30.0 subnet, the router would identify that it should send the packet out interface F0/1 to reach hosts on the 172.17.30.0 subnet.

Click the Verify Router Configuration button in the figure to see an example router configuration.

Verify Router Configuration

To verify the router configuration, use the show running-config privileged EXEC mode command. This command displays the current operating configuration of the router. You can see which IP addresses have been configured for each of the router interfaces, as well as the operational status of the interface.

In this example, notice that interface F0/0 is configured correctly with the 172.17.10.1 IP address. Also, notice the absence of the shutdown command below the F0/0 interface. The absence of the shutdown command confirms that the no shutdown command has been issued and that the interface is enabled.

You can get more detailed information about the router interfaces, such as diagnostic information, status, MAC address, and transmit or receive errors, using the show interface command in privileged EXEC mode.


6.2.1 - Configure Inter-V LAN Routing
The diagram depicts the verification of the routing table and the router running-config with traditional inter-V LAN routing using two router interfaces.

Verify Routing Table:
Some output omitted.
172.17.0.0 /24 is subnetted, 2 subnets
C172.17.10.0 is directly connected, FastEthernet0/0
C172.17.30.0 is directly connected, FastEthernet0/1

Verify Router Configuration:
R1#show run
Some output omitted.

hostname R1

interface FastEthernet0/0
i p address 172.17.10.1 255.255.255.0

interface FastEthernet0/1
i p address 172.17.30.1 255.255.255.0

i p classless

line con 0
line v t y 0 4
login

end


6.2.2 Configure Router-on-a-Stick Inter-VLAN Routing

Page 1:
Before configuring the router, configure the switch that it will be connected to.

As you see in the figure, Router R1 is connected to switch S1 on trunk port F0/5. VLANs 10 and 30 have also been added to switch S1.

Click the Switch Configuration button in the figure to see the example switch configuration.

To review, VLANs are created in global configuration mode using the vlan vlan id command. In this example, VLANs 10 and 30 were created on switch S1 using the vlan 10 and vlan 30 commands.

Because switch port F0/5 will be configured as a trunk port, you do not have to assign any VLANs to the port. To configure switch port F0/5 as a trunk port, execute the switchport mode trunk command in interface configuration mode on the F0/5 interface. You cannot use the switchport mode dynamic auto or switchport mode dynamic desirable commands because the router does not support dynamic trunking protocol.

Finally, to protect the configuration so that it is not lost after a reload of the switch, the copy running-config startup-config command is executed in privileged EXEC mode to back up the running configuration to the startup configuration.

Click the Router Configuration button in the figure to see the example router configuration.

Router Configuration

Next, the router can be configured to perform the inter-VLAN routing.

As you see in the figure, the configuration of multiple subinterfaces is different than when physical interfaces are used.

Each subinterface is created using the interface interface_id.Subinterface_id global configuration mode command. In this example, the subinterface Fa0/0.10 is created using the interface fa0/0.10 global configuration mode command. After the subinterface has been created, the VLAN ID is assigned using the encapsulation dot1q vlan_id subinterface configuration mode command.

Next, assign the IP address for the subinterface using the ip address ip_address subnet_mask subinterface configuration mode command. In this example, subinterface F0/0.10 is assigned the IP address 172.17.10.1 using the ip address 172.17.10.1 255.255.255.0 command. You do not need to execute a no shutdown command at the subinterface level because it does not enable the physical interface.

This process is repeated for all the router subinterfaces that are needed to route between the VLANs configured on the network. Each router subinterface needs to be assigned an IP address on a unique subnet for routing to occur. In this example, the other router subinterface, F0/0.30, is configured to use IP address 172.17.30.1, which is on a different subnet from subinterface F0/0.10.

Once all subinterfaces have been configured on the router physical interface, the physical interface is enabled. In the example, interface F0/0 has the no shutdown command executed to enable the interface, which enables all of the configured subinterfaces.

By default, Cisco routers are configured to route traffic between the local subinterfaces. As a result, routing does not specifically need to be enabled.


6.2.2 - Configure Router-on-a-Stick Inter-V LAN Routing
The diagram depicts the switch and router configuration with router-on-a-stick inter-V LAN routing using a single router interface.

Network Topology:
Switch S1 has two PC's. PC1 is connected to Port F0/11, and PC3 is connected to F0/6. The PC1 IP address is 172.17.10.21. The PC3 IP address is 172.17.30.23. PC1 is in V LAN 10, and PC3 is in V LAN 30.

Switch S1 is connected to router R1 using a single link and one router interface. Switch S1 port F0/5, labeled Trunk, is connected to router R1 interface F0/0. Switch S1 port F0/11 is in V LAN 10. Switch S1 port F0/6 is in V LAN 30.

The single router physical interface F0/0 has two logical subinterfaces defined:
Subinterface F0/0 dot 10, IP address 172.17.10.1
Subinterface F0/0 dot 30, IP address 172.17.30.1

Switch V LAN Configuration:
S1(config)#v lan 10
S1(config-v lan)#v lan 30
S1(config-v lan)#exit
S1(config)#interface f0/5
S1(config-i f)#switchport mode trunk

Router Interface Configuration:
R1(config)#interface f0/0 dot 10
R1(config-sub i f)#encapsulation dot 1 q 10
R1(config-sub i f)#i p address 172.17.10.1 255.255.255.0
R1(config-sub i f)#interface f0/0 dot 30
R1(config-sub i f)#encapsulation dot 1 q 30
R1(config-sub i f)#i p address 172.17.30.1 255.255.255.0
R1(config-sub i f)#interface f0/0
R1(config-i f)#no shutdown routing using a single router interface.


Page 2:
Routing Table

Next, examine the routing table using the show ip route command from privileged EXEC mode. In the example, there are two routes in the routing table. One route is to the 172.17.10.0 subnet, which is attached to the local subinterface F0/0.10. The other route is to the 172.17.30.0 subnet, which is attached to the local subinterface F0/0.30. The router uses this routing table to determine where to send the traffic it receives. For example, if the router received a packet on subinterface F0/0.10 destined for the 172.17.30.0 subnet, the router would identify that it should send the packet out subinterface F0/0.30 to reach hosts on the 172.17.30.0 subnet.

Click the Verify Router Configuration button in the figure to see an example router configuration.

Verify Router Configuration

To verify the router configuration, use the show running-config command in privileged EXEC mode. The show running-config command displays the current operating configuration of the router. Notice which IP addresses have been configured for each router subinterface, as well as whether the physical interface has been left disabled or enabled using the no shutdown command.

In this example, notice that interface F0/0.10 has been configured correctly with the 172.17.10.1 IP address. Also, notice the absence of the shutdown command below the F0/0 interface. The absence of the shutdown command confirms that the no shutdown command has been issued and the interface is enabled.

You can get more detailed information about the router interfaces, such as diagnostic information, status, MAC address, and transmit or receive errors, using the show interface command in privileged EXEC mode.


6.2.2 - Configure Router-on-a-Stick Inter-V LAN Routing
The diagram depicts the verification of the routing table and the router running-config with router-on-a-stick inter-V LAN routing using a single router interface.

Routing Table:
Some output omitted.
R1#show i p route
172.17.0.0 /24 is subnetted, 2 subnets
C 172.17.10.0 is directly connected, FastEthernet0/0 dot 10
C 172.17.30.0 is directly connected, FastEthernet0/0 dot 30


Verify Router Configuration:
R1#show running-config
Some output omitted.

hostname R1

interface FastEthernet0/0
no i p address

interface FastEthernet0/0 dot 10
encapsulation dot 1 Q 10
i p address 172.17.10.1 255.255.255.0

interface FastEthernet0/0 dot 30
encapsulation dot 1 Q 30
i p address 172.17.30.1 255.255.255.0

Some output omitted.


Page 3:
After the router and switch have been configured to perform the inter-VLAN routing, the next step is to verify that the router is functioning correctly. You can test access to devices on remote VLANs using the ping command.

For the example shown in the figure, you would initiate a ping and a tracert from PC1 to the destination address of PC3.

The Ping Test

The ping command sends an ICMP echo request to the destination address. When a host receives an ICMP echo request, it responds with an ICMP echo reply to confirm that it received the ICMP echo request. The ping command calculates the elapsed time using the difference between the time the ping was sent and the time the echo reply was received. This elapsed time is used to determine the latency of the connection. Successfully receiving a reply confirms that there is a path between the sending device and the receiving device.

The Tracert Test

Tracert is a useful utility for confirming the routed path taken between two devices. On UNIX systems, the utility is specified by traceroute. Tracert also uses ICMP to determine the path taken, but it uses ICMP echo requests with specific time-to-live values defined on the frame.

The time-to-live value determines exactly how many router hops away the ICMP echo is allowed to reach. The first ICMP echo request is sent with a time-to-live value set to expire at the first router on route to the destination device.

When the ICMP echo request times out on the first route, a confirmation is sent back from the router to the originating device. The device records the response from the router and proceeds to send out another ICMP echo request, but this time with a greater time-to-live value. This allows the ICMP echo request to traverse the first router and reach the second device on route to the final destination. The process repeats until finally the ICMP echo request is sent all the way to the final destination device. After the tracert utility finishes running, you are presented with a list of every router interface that the ICMP echo request reached on its way to the destination.

Click the Device Outputs button in the figure to see a sample ping and tracert command output.

In the example, the ping utility was able to send an ICMP echo request to the IP address of PC3. Also, the tracert utility confirms that the path to PC3 is through the 172.17.10.1 subinterface IP address of router R1.


6.2.2 - Configure Router-on-a-Stick Inter-V LAN Routing
The diagram depicts the verification of router-on-a-stick inter-V LAN routing using the ping and trace rt commands.

Network Topology:
Same as 6.2.2 Diagram 1.

The successful results of the ping command issued from PC1 in V LAN 10 to PC3 in V LAN 30 verifies that inter-V LAN routing is taking place.

PC1> ping 172.17.30.23

Pinging 172.17.30.23 with 32 bytes of data:

Reply from 172.17.30.23: bytes=32 time=17 ms TTL=127
Reply from 172.17.30.23: bytes=32 time=15 ms TTL=127
Reply from 172.17.30.23: bytes=32 time=18 ms TTL=127
Reply from 172.17.30.23: bytes=32 time=19 ms TTL=127

Ping statistics for 172.17.30.23:
Packets: Sent = 4, Received = 4, Lost = 0 (0 percent loss),
Approximate round trip times in milli-seconds:
Minimum = 15 ms, Maximum = 19 ms, Average = 17 ms

The output from the trace rt commands is also successful:
PC1 trace rt 172.17.30.23

Tracing route to 172.17.30.23 over a maximum of 30 hops:
1 9 ms 7 ms 9 ms 172.17.10.1
2 16 ms 15 ms 16 ms 172.17.30.23

Trace complete.


Page 4:
In this activity, you will configure traditional inter-VLAN routing simply by configuring the Fast Ethernet interface on a router. R1 has two connections to S1, one for each of the two VLANs. S1 and R1 already have basic configurations. You will complete the configuration by adding VLANs to S1 and assigning VLANs to the correct ports. Then you will configure R1 with IP addressing. In traditional inter-VLAN routing, there are no additional VLAN-related configurations needed on R1.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.


6.2.2 - Configure Router-on-a-Stick Inter-V LAN Routing
Link to Packet Tracer Exploration: Configuring Traditional Inter-V LAN Routing


Page 5:
In this activity, you will configure Router-on-a-Stick inter-VLAN routing. R1 has one connection to S1. S1 and R1 already have basic configurations. You will complete the configuration by adding VLANs to S1 and assigning VLANs to the correct ports. Then you will configure R1 with subinterfaces, 802.1Q encapsulation, and IP addressing.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.


6.2.2 - Configure Router-on-a-Stick Inter-V LAN Routing
Link to Packet Tracer Exploration: Configuring Router-on-a-Stick Inter-V LAN Routing


6.3 Troubleshooting Inter-VLAN Routing

6.3.1 Switch Configuration Issues

Page 1:
In this topic, we discuss the challenges associated with configuring multiple VLANs on a network. This topic explores common issues and describes troubleshooting methods to identify and correct those issues.

When using the traditional routing model for inter-VLAN routing, ensure that the switch ports that connect to the router interfaces are configured on the correct VLANs. If the switch ports are not configured on the correct VLAN, devices configured on that VLAN cannot connect to the router interface, and therefore, are unable to route to the other VLANs.

Click the Topology 1 button in the figure.

As you can see in Topology 1, PC1 and router R1 interface F0/0 are configured to be on the same logical subnet, as indicated by their IP address assignment. However, the switch port F0/4 that connects to router R1 interface F0/0 has not been configured and remains in the default VLAN. Because router R1 is on a different VLAN than PC1, they are unable to communicate.

To correct this problem, execute the switchport access vlan 10 interface configuration command on switch port F0/4 on switch S1. When the switch port is configured for the correct VLAN, PC1 can communicate with router R1 interface F0/0, which allows it to access the other VLANs connected to router R1.

Click the Topology 2 button in the figure to see another switch configuration issue.

In Topology 2, the router-on-a-stick routing model has been chosen. However, the F0/5 interface on switch S1 is not configured as a trunk and subsequently left in the default VLAN for the port. As a result, the router is not able to function correctly because each of its configured subinterfaces is unable to send or receive VLAN tagged traffic. This prevents all configured VLANs from routing through router R1 to reach the other VLANs.

To correct this problem, execute the switchport mode trunk interface configuration command on switch port F0/5 on switch S1. This converts the interface to a trunk, allowing the trunk to successfully establish a connection with router R1. When the trunk is successfully established, devices connected to each of the VLANs are able to communicate with the subinterface assigned to their VLAN, allowing inter-VLAN routing to occur.

Click the Topology 3 button in the figure to see another switch configuration issue.

In Topology 3, the trunk link between switch S1 and switch S2 is down. Because there is no redundant connection or path between the devices, all devices connected to switch S2 are unable to reach router R1. As a result, all devices connected to switch S2 are unable to route to other VLANs through router R1.

To reduce the risk of a failed inter-switch link disrupting inter-VLAN routing, redundant links and alternate paths should be configured between switch S1 and switch S2. Redundant links are configured in the form of an EtherChannel that protects against a single link failure. Cisco EtherChannel technology enables you to aggregate multiple physical links into one logical link. This can provide up to 80 Gb/s of aggregate bandwidth for with 10 Gigabit EtherChannel.

Additionally, alternate paths through other interconnected switches could be configured. This approach is dependent on the Spanning Tree Protocol (STP) to prevent the possibility of loops within the switch environment. There would also be a slight disruption in router access while STP determines whether the current link is down and finds an alternate route.

The CCNP curriculum addresses EtherChannel technology; also, to learn more about Cisco EtherChannel technology, visit: http://www.cisco.com/en/US/tech/tk389/tk213/technologies_white_paper09186a0080092944.shtml.

To learn more about configuring EtherChannel on a Cisco Catalyst 2960 switch, visit: http://www.cisco.com/en/US/products/ps6406/products_configuration_guide_chapter09186a00808752d9.html.


6.3.1 - Switch Configuration Issues
The diagram depicts switch configuration issues.

Topology One:
Switch S1 has two PC's. PC1 is connected to Port F0/11, and PC3 is connected to F0/6. The PC1 IP address is 172.17.10.21. The PC3 IP address is 172.17.30.23. PC1 is in V LAN 10, and PC3 is in V LAN 30.

Switch S1 is connected to router R1 using two links and two router interfaces. Switch S1 port F0/4 is connected to router R1 interface F0/0 with IP address 172.17.10.1 /24. Switch S1 port F0/5 is connected to router R1 interface F0/1 with IP address 172.17.30.1 /24. This allows the router to route between V LAN 10 and V LAN 30. Switch S1 ports F0/4 and F0/11 are in V LAN 10. Switch S1 ports F0/5 and F0/6 are in V LAN 30.

Topology One illustrates an issue with traditional inter-V LAN routing. If the switch port F0/4 is in the default V LAN, it must be configured to be in V LAN 10 so that PC1 can communicate with the router R1 interface F0/0 and allow routing to occur.

Topology Two:
Same as Topology One, except that switch S1 F0/5 has only one link to router R1 interface F0/0. The single router physical interface F0/0 has two logical subinterfaces defined:
Subinterface F0/0 dot 10, IP address 172.17.10.1
Subinterface F0/0 dot 30, IP address 172.17.30.1

Topology Two illustrates an issue with router-on-a-stick routing. If the switch port F0/5 is not configured as a trunk and then left in the default V LAN for the port, the router does not function correctly because its configured subinterfaces cannot send or receive V LAN tagged traffic. This situation prevents all configured V LAN's from routing through router R1 to reach the other V LAN's.

Topology Three:
Two switches, S1 and S2, are connected using a trunk. Switch S2 has PC1 and PC3 connected. Switch S1 has PC3 connected. The PC1 IP address is 172.17.10.21. The PC3 IP address is 172.17.30.23. PC1 is in V LAN 10, and PC3 is in V LAN 30.

Switch S1 is connected to router R1 using a single link and one router interface. Switch S1 port F0/5 is connected to router R1 interface F0/0. The single router physical interface F0/0 has two logical subinterfaces defined:
Subinterface F0/0 dot 10, IP address 172.17.10.1
Subinterface F0/0 dot 30, IP address 172.17.30.1

This allows the router to route between V LAN 10 and V LAN 30. Switch S1 ports F0/4 and F0/11 are in V LAN 10. Switch S1 port F0/2 is a trunk link to S2 F0/2. The S2 link to PC1 is in V LAN 10.

Topology Three illustrates what occurs when the trunk link between switch S1 and switch S2 is down. Because there is no redundant connection or path between the devices, all devices connected to switch S2 are unable to reach router R1. As a result, all devices connected to switch S2 cannot route to other V LAN's through router R1.


Page 2:
Switch Cisco IOS Commands

When you suspect that there is a problem with a switch configuration, use the various verification commands to examine the configuration and identify the problem.

Click the Incorrect VLAN Assignment button in the figure.

The screen output shows the results of the show interface interface-id switchport command. Assume that you have issued these commands because you suspect that VLAN 10 has not been assigned to port F0/4 on switch S1. The top highlighted area shows that port F0/4 on switch S1 is in access mode, but it does not show that it has been directly assigned to VLAN 10. The bottom highlighted area confirms that port F0/4 is still set to the default VLAN. The show running-config and the show interface interface-id switchport commands are useful for identifying VLAN assignment and port configuration issues.

Click the Incorrect Access Mode button in the figure.

After device configuration has changed, communication between router R1 and switch S1 has stopped. The link between the router and the switch is supposed to be a trunk link. The screen output shows the results of the show interface interface-id switchport and the show running-config commands. The top highlighted area confirms that port F0/4 on switch S1 is in access mode, not trunk mode. The bottom highlighted area also confirms that port F0/4 has been configured for access mode.


6.3.1 - Switch Configuration Issues
The diagram depicts how to use Cisco I O S commands to examine the configuration and identify the issue when you suspect that there is a problem with a switch configuration.

Incorrect V LAN Assignment:
In the output, the administrative mode and the access mode V LAN lines are highlighted.

S1#show interfaces fastEthernet0/4 switchport
Name: FA0/4
Switchport: Enabled
Administrative Mode: static access
Operational Mode: up
Administrative Trunking Encapsulation: dot 1Q
Operational Trunking Encapsulation: native
Negotiation of Trunking: on
Access Mode V LAN: 1 (default)
Trunking Native Mode V LAN: 1 (default)
Output omitted.
S1#

Incorrect Access Mode:
In the output, the administrative mode line is highlighted.

S1#show interface f0/4 switchport
Name: FA0/4
Switchport: enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot 1Q
Operational Trunking Encapsulation: native
Output omitted.

S1#show run
In the output, the switchport mode access line is highlighted.
Output omitted.

interface FastEthernet0/4
switchport mode access

Output omitted.


6.3.2 Router Configuration Issues

Page 1:
One of the most common inter-VLAN router configuration errors is to connect the physical router interface to the wrong switch port, placing it on the incorrect VLAN and preventing it from reaching the other VLANs.

As you can see in Topology 1, router R1 interface F0/0 is connected to switch S1 port F0/9. Switch port F0/9 is configured for Default VLAN, not VLAN10. This prevents PC1 from being able to communicate with the router interface, and it is therefore unable to route to VLAN30.

To correct this problem, physically connect router R1 interface F0/0 to switch S1 port F0/4. This puts the router interface on the correct VLAN and allows inter-VLAN routing to function. Alternatively, you could change the VLAN assignment of switch port F0/9 to be on VLAN10. This also allows PC1 to communicate with router R1 interface F0/0.

Click the Topology 2 button in the figure to see another router configuration issue.

In Topology 2, router R1 has been configured to use the wrong VLAN on subinterface F0/0.10, preventing devices configured on VLAN10 from communicating with subinterface F0/0.10. This subsequently prevents those devices from being able to route to other VLANs on the network.

To correct this problem, configure subinterface F0/0.10 to be on the correct VLAN using the encapsulation dot1q 10 subinterface configuration mode command. When the subinterface has been assigned to the correct VLAN, it is accessible by devices on that VLAN and can perform inter-VLAN routing.


6.3.2 - Router Configuration issues
The diagram depicts router configuration issues.

Topology One:
Switch S1 has two PC's. PC1 is connected to Port F0/11, and PC3 is connected to F0/6. The PC1 IP address is 172.17.10.21. The PC3 IP address is 172.17.30.23. PC1 is in V LAN 10, and PC3 is in V LAN 30.

Switch S1 is connected to router R1 using two links and two router interfaces. Switch S1 port F0/4 is connected to router R1 interface F0/0 with IP address 172.17.10.1 /24. Switch S1 port F0/5 is connected to router R1 interface F0/1 with IP address 172.17.30.1 /24. This allows the router to route between V LAN 10 and V LAN 30. Switch S1 ports F0/4 and F0/11 are in V LAN 10. Switch S1 ports F0/5 and F0/6 are in V LAN 30. Switch S1 port F0/9 is in the default V LAN.

Topology One illustrates an issue with traditional inter-V LAN routing. Router interface F0/0 is connected to the wrong switch port. Switch port F0/9 is in default V LAN 1. The R1 router interface F0/0 should be connected to switch port F0/4, which is in V LAN 10, for PC1 to communicate with the router R1 interface F0/0 and allow routing to occur.

Topology Two:
Same as Topology One, except that there is only one link from switch S1 F0/5 to router R1 interface F0/0. The single router physical interface F0/0 has two logical subinterfaces defined:
Subinterface F0/0 dot 10, IP address 172.17.10.1 /24, encapsulation dot 1Q 1
Subinterface F0/0 dot 30, IP address 172.17.30.1 /24, encapsulation dot 1Q 30

Topology Two illustrates an issue with router-on-a-stick routing. Subinterface F0/0 dot 10 has been configured to use the wrong V LAN, preventing devices configured on V LAN 10 from communicating with subinterface F0/0.10. The encapsulation on subinterface F0/0 dot 10 should be dot 1Q 10.


Page 2:
Verify Router Configuration

In this troubleshooting scenario, you suspect a problem with the router R1. The subinterface F0/0.10 should allow access to VLAN 10 traffic, and the subinterface F0/0.30 should allow VLAN 30 traffic. The screen capture shows the results of running the show interface and the show running-config commands.

The top highlighted section shows that the subinterface F0/0.10 on router R1 uses VLAN 100. The show interface command produces a lot of output, making it sometimes hard to see the problem.

The show running-config confirms that the subinterface F0/0.10 on router R1 has been configured to allow access to VLAN 100 traffic and not VLAN 10. Perhaps this was a typing mistake.

With proper verification, router configuration problems are quickly addressed, allowing for inter-VLAN routing to function again properly. Recall that the VLANs are directly connected, which is how they enter the routing table.


6.3.2 - Router Configuration issues
The diagram depicts how to use Cisco I O S commands to examine the configuration and identify the issue when you suspect that there is a problem with a router configuration.

Verifying Router Configuration:
In the output, the encapsulation line is highlighted.
R1#show interface
Output omitted.
FastEthernet 0 /0.10 is up, line protocol is down (disabled)
Encapsulation 8 0 2 dot 1Q Virtual LAN, V LAN ID 100
ARP type: ARPA, ARP Timeout 04:00:00,
Last clearing of show interface counters never
Output omitted.

R1#show run
In the output, the first encapsulation line is highlighted.
Output omitted.

interface FastEthernet 0 /0.10
encapsulation dot 1Q 100
i p address 172.17.10.1 255.255.255.0

interface FastEthernet 0 /0.30
encapsulation dot 1Q 30
i p address 172.17.30.1 255.255.255.0


6.3.3 IP Addressing Issues

Page 1:
As we have discussed, subnets are the key to implementing inter-VLAN routing. VLANs correspond to unique subnets on the network. For inter-VLAN routing to operate, a router needs to be connected to all VLANs, either by separate physical interfaces or trunked subinterfaces. Each interface, or subinterface, needs to be assigned an IP address that corresponds to the subnet for which it is connected. This permits devices on the VLAN to communicate with the router interface and enable the routing of traffic to other VLANs connected to the router.

Let's examine some common errors.

As you can see in Topology 1, router R1 has been configured with an incorrect IP address on interface F0/0. This prevents PC1 from being able to communicate with router R1 on VLAN10.

To correct this problem, assign the correct IP address to router R1 interface F0/0 using the ip address 172.17.10.1 255.255.255.0 interface command in configuration mode. After the router interface has been assigned the correct IP address, PC1 can use the interface as a default gateway for accessing other VLANs.

Click the Topology 2 button in the figure to see another IP address configuration issue.

In Topology 2, PC1 has been configured with an incorrect IP address for the subnet associated with VLAN10. This prevents PC1 from being able to communicate with router R1 on VLAN10.

To correct this problem, assign the correct IP address to PC1. Depending on the type of PC being used, the configuration details may be different.

Click the Topology 3 button in figure to see another IP address configuration issue.

In Topology 3, PC1 has been configured with the incorrect subnet mask. According to the subnet mask configured for PC1, PC1 is on the 172.17.0.0 network. This results in PC1 determining that PC3, with IP address 172.17.30.23, is on the local subnet. As a result, PC1 does not forward traffic destined for PC3 to router R1 interface F0/0. Therefore, the traffic never reaches PC3.

To correct this problem, change the subnet mask on PC1 to 255.255.255.0. Depending on the type of PC being used, the configuration details may be different.


6.3.3 - IP Addressing Issues
The diagram depicts router and PC IP addressing issues.

Topology One:
Switch S1 has two PC's. PC1 is connected to Port F0/11, and PC3 is connected to F0/6 The PC1 IP address is 172.17.10.21. The PC3 IP address is 172.17.30.23. PC1 is in V LAN 10, and PC3 is in V LAN 30.

Switch S1 is connected to router R1 using two links and two router interfaces. Switch S1 port F0/4 is connected to router R1 interface F0/0 with IP address 172.17.10.1 /24. Switch S1 port F0/5 is connected to router R1 interface F0/1 with IP address 172.17.30.1 /24. This allows the router to route between V LAN 10 and V LAN 30. Switch S1 ports F0/4 and F0/11 are in V LAN 10. Switch S1 ports F0/5 and F0/6 are in V LAN 30.

Topology One illustrates an issue with traditional inter-V LAN routing. The IP address for router R1 interface F0/0 is configured incorrectly as 172.17.100.1/24. This prevents PC1 from communicating with router R1 on V LAN 10.

Topology Two:
Same as Topology One, except that the router R1 IP address is 172.17.10.1, and the PC1 IP address is 172.17.20.21.

Topology Two illustrates an issue with traditional inter-V LAN routing. The IP address for PC1 is configured incorrectly as 172.17.20.21/24. This places PC1 on a different network and prevents it from communicating with router R1 on V LAN 10.

Topology Three:
Same as Topology One, except that the router R1 IP address is 172.17.10.1/24, and the PC1 IP address is 172.17.10.21/16.

Topology Three illustrates what happens if PC1 has been configured with the incorrect subnet mask. According to the subnet mask configured for PC1 (/16), PC1 is on the 172.17.0.0 network. This causes PC1 to determine that PC3, with IP address 172.17.30.23, is on the local subnet. As a result, PC1 does not forward traffic destined for PC3 to router R1 interface F0/0. Therefore, the traffic never reaches PC3.


Page 2:
Verification Commands

Earlier you learned that each interface, or subinterface, needs to be assigned an IP address that corresponds to the subnet for which it is connected. A common error is to incorrectly configure an IP address for a subinterface. The screen capture shows the results of the show running-config command. The highlighted area shows that the subinterface F 0/0.10 on router R1 has an IP address of 172.17.20.1. The VLAN for this subinterface should allow VLAN 10 traffic. There is an IP address that has been incorrectly configured. The show ip interface is another useful command. The second highlight shows the incorrect IP address.

Click PC IP Addressing Issue button.

Sometimes it is the end-user device, such as a personal computer, that is the culprit. In the screen output configuration of the computer PC1, the IP address is 172.17.20.21, with a subnet mask of 255.255.255.0. But in this scenario, PC1 should be in VLAN10, with an address of 172.17.10.21 and a subnet mask of 255.255.255.0.


6.3.3 - IP Addressing Issues
The diagram depicts using Cisco I O S commands to examine the configuration and identify the issue when you suspect that there is a problem with a router configuration. The i p config PC command is also used to verify the PC IP configuration.

Router Issue:
In the output, the F0/0 dot 10 IP address line is highlighted.

R1#show run
Building configuration...
Output omitted.

interface FastEthernet0/0
no i p address
duplex auto
speed auto

interface FastEthernet0/0 dot 10
encapsulation dot 1Q 10
i p address 172.17.20.1 255.255.255.0

interface FastEthernet0/0 dot 30
Output omitted.


R1#show i p interface
In the output, the F0/0 dot 10 Internet address line is highlighted.
Output omitted.
FastEthernet0/0 dot 10 is up, line protocol is up
Internet address is 172.17.20.1 /24
Broadcast address is 255.255.255.255
Output omitted.

PC IP Addressing Issue:
In the output, the IP address and subnet mask lines are highlighted.

PC1 i p config
Invalid command.

PC1 i p config

IP Address: 172.17.20.21
Subnet Mask: 255.255.255.0
Default Gateway: 172.17.10.1

PC1 should be in V LAN 10, with an address of 172.17.10.21 and a subnet mask of 255.255.255.0.


Page 3:
In this activity, you will troubleshoot connectivity problems between PC1 and PC3. The activity is complete when you achieve 100% and the two PCs can ping each other. Any solution you implement must conform to the topology diagram.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.


6.3.3 - IP Addressing Issues
Link to Packet Tracer Exploration: Troubleshooting Inter-V LAN Routing


6.4 Chapter Labs

6.4.1 Basic Inter-VLAN Routing

Page 1:
It is necessary to break up large broadcast domains created by the physical topology of a switched network using VLANs. It is also necessary for users on one VLAN to be able to communicate with each other. This communication is possible because of Inter-VLAN routing. This lab will teach you how to configure it.


6.4.1 - Basic Inter-V LAN Routing
Link to Hands-on Lab: Basic Inter-V LAN Routing


Page 2:
This activity is a variation of Lab 6.4.1. Packet Tracer may not support all the tasks specified in the hands-on lab. This activity should not be considered equivalent to completing the hands-on lab. Packet Tracer is not a substitute for a hands-on lab experience with real equipment.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.


6.4.1 - Basic Inter-V LAN Routing
Link to Packet Tracer Exploration: Basic Inter-V LAN Routing


6.4.2 Challenge Inter-VLAN Routing

Page 1:
Given a network topology and a set of requirements, are you able to set up Inter-VLAN routing? This lab will test your abilities. Be sure to verify your answers with your instructor.


6.4.2 - Challenge Inter-V LAN Routing
Link to Hands-on Lab: Challenge Inter-V LAN Routing


Page 2:
This activity is a variation of Lab 6.4.2. Packet Tracer may not support all the tasks specified in the hands-on lab. This activity should not be considered equivalent to completing the hands-on lab. Packet Tracer is not a substitute for a hands-on lab experience with real equipment.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.


6.4.2 - Challenge Inter-V LAN Routing
Link to Packet Tracer Exploration: Challenge Inter-V LAN Routing


6.4.3 Troubleshooting Inter-VLAN Routing

Page 1:
The network has been designed and configured to support five VLANs and a separate server network. Inter-VLAN routing is being provided by an external router in a router-on-a-stick configuration, and the server network is routed across a separate Fast Ethernet interface. However, it is not working as designed, and complaints from your users have not given much insight into the source of the problems. You must first define what is not working as expected, and then analyze the existing configurations to determine and correct the source of the problems.

This lab is complete when you can demonstrate IP connectivity between each of the user VLANs and the external server network, and between the switch management VLAN and the server network.


6.4.3 - Troubleshooting Inter-V LAN Routing
Link to Hands-on Lab: Troubleshooting Inter-V LAN Routing


Page 2:
This activity is a variation of Lab 6.4.3. Packet Tracer may not support all the tasks specified in the hands-on lab. This activity should not be considered equivalent to completing the hands-on lab. Packet Tracer is not a substitute for a hands-on lab experience with real equipment.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.


6.4.3 - Troubleshooting Inter-V LAN Routing
Link to Packet Tracer Exploration: Troubleshooting Inter-V LAN Routing


6.5 Chapter Summary

6.5.1 Chapter Summary

Page 1:
Inter-VLAN routing is the process of routing traffic between different VLANs, using either a dedicated router or a multilayer switch. Inter-VLAN routing facilitates communication between devices isolated by VLAN boundaries.

The inter-VLAN routing topology using an external router with subinterfaces trunked to a Layer 2 switch is called router-on-a-stick. With this option, it is important to configure an IP address on each logical subinterface as well as the associated VLAN number.

Modern switched networks use switch virtual interfaces on multilayer switches to enable inter-VLAN routing.

Catalyst 2960 switches can be used in a router-on-a-stick scenario, while Catalyst 3560 switches can be used for the multilayer switching option for inter-VLAN routing.


6.5.1 - Summary and Review
In this chapter, you have learned:
- Inter-V LAN routing is accomplished using a dedicated router or a multilayer switch. Inter-V LAN routing facilitates communication between devices isolated by V LAN boundaries.
- Traditional inter-V LAN routing requires that a router be configured with multiple physical interfaces, each connected physically to separate V LAN's on a switch.
- The router-on-a-stick model provides similar functionality to the traditional inter-V LAN routing at reduced cost but provides lower performance on busy networks.
- Traditional inter-V LAN routing uses the physical interfaces of the router, while router-on-a-stick inter-V LAN routing uses logical subinterfaces of the physical interface.
- It is important to configure switch ports connected to the router for the appropriate V LAN's. Configure each router interface with the subnet associated with each V LAN.
- It is important to configure each subinterface on a router-on-a-stick with a unique V LAN ID and corresponding IP address to match the subnet associated with the V LAN.
- To reduce the risk of switch, router, or IP address configuration problems, verify the configuration of each device.


Page 2:


6.5.1 - Summary and Review
This is a review and is not a quiz. Questions and answers are provided.
Question One. How many physical interfaces are required to perform inter-V LAN routing with each method indicated?
Answer:
A. Traditional inter-V LAN routing: One port per V LAN.
B. Router-on-a-stick: One trunk port.
C. Multilayer switching: No physical interfaces.

Question Two. Refer to the following diagram description to answer the question.

Network Topology:
Switch S1 port F0/5 is connected to router R1 interface F0/0 as an 8 0 2 dot 1Q trunk. PC1 is connected to switch S1 port F0/11, has an IP address of 172.17.10.21, and is part of V LAN 10. PC3 is connected to switch S1 port F0/6, has an IP address of 172.17.30.23, and is part of V LAN 30.

Logical subinterfaces defined on R1 interface F0/0:
Subinterface F0/0 dot 10, IP address 172.17.10.1
Subinterface F0/0 dot 30, IP address 172.17.30.1

Assume that V LAN's 10 and 30 are defined on switch S1. To enable inter-V LAN routing for V LAN's 10 and 30, list the appropriate configurations for interface F0/0 on router R1 and interface F0/5 on switch S1.

Answer:
R1(config)#interface f0/0 dot 10
R1(config-sub i f)#encapsulation dot 1Q 10
R1(config-sub i f)#i p address 172.17.10.1 255.255.255.0
R1(config-sub i f)#interface f 0/0.30
R1(config-sub i f)#encapsulation dot 1Q 30
R1(config-sub i f)#i p address 172.17.30.1 255.255.255.0

S1 (config) # interface f0/8
S1 (config-i f) # switchport mode trunk

Question Three. Refer to the following diagram description to answer the question.

Network Topology:
Switch S1 port F0/5 is connected to router R1 interface F0/0 as an 8 0 2 dot 1Q trunk. PC1 is connected to switch S1 port F0/11, has an IP address of 172.17.10.21, and is part of V LAN 10. PC3 is connected to switch S1 port F0/6, has an IP address of 172.17.30.23, and is part of V LAN 30.

Logical subinterfaces defined on R1:
Subinterface F0/0 dot 10, IP address 172.17.10.1
Subinterface F0/0 dot 30, IP address 172.17.30.1

PC1 cannot communicate with PC3. List some issues that may be causing the lack of communication.

Answer:
A. There is a native V LAN mismatch on the trunk link.
B. The wrong IP address is configured on a particular subinterface on interface F0/0 on router R1.
C. Trunking is not enabled on interface F0/5 of switch S1.
D. The TCP/IP settings on PC1 or PC3 are wrong.
E. Interface F0/11 or F0/6 is assigned to the wrong V LAN on switch S1.
F. The encapsulation command is missing on one of the subinterfaces of F0/0 on router R1.
G. Interface V LAN 1 is not configured as a subinterface on interface F0/0 of router R1.


Page 3:
In this activity, you will demonstrate and reinforce your ability to configure switches and routers for inter-VLAN communication. Among the skills you will demonstrate are configuring VLANs, VTP, and trunking on switches. You will also administer STP on switches and configure a router-on-a-stick using subinterfaces.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.


6.5.1 - Summary and Review
Link to Packet Tracer Exploration: Packet Tracer Skills Integration Challenge


6.6 Chapter Quiz

6.6.1 Chapter Quiz

Page 1:


6.6.1 - Chapter Quiz
1.Match the properties associated with interfaces to the appropriate interface type.
Properties:
A. One physical interface for many V LAN's.
B. Bandwidth contention.
C. Access mode switch port connection.
D. Complex cable configuration.
E. Trunk mode switch port connection.
F. One physical interface per V LAN.

Interface Types:
One. Physical.
Two. Subinterface.

2.Refer to the following diagram description to answer the question.

Network Topology:
Switch S1 is connected to router R1 interface FA0/0 as an 8 0 2 dot 1 Q trunk. PC1 is connected to switch S1 port FA0/1 and is in V LAN 10. PC2 is connected to switch S1 port FA0/2 and is in V LAN 20.

The logical subinterfaces defined on R1 interface FA0/0 are:
FA0/0 dot 10 - V LAN 10
FA0/0 dot 20 - V LAN 20

PC1 wants to send data to PC2, but does not know the MAC address of PC2. When PC1 sends an ARP request, which interface returns a MAC address?
A.Because PC1 and PC2 are connected to the same switch, PC2 supplies its MAC address.
B.The switch provides the MAC address of the FA0/1 interface.
C.Because the subinterfaces on the router have unique MAC addresses, subinterface FA0/0.10 supplies its MAC address.
D.The router supplies the MAC address of physical interface FA0/0.

3.Refer to the following diagram description to answer the question.

Network Topology:
Switch S1 is connected to router R1 using three interfaces: FA0/0 (V LAN 2), FA0/1 (V LAN 3), and FA0/2 (V LAN 4). Host A in V LAN 2 is connected to the switch. Host B in V LAN 3 is connected to the switch, and Host C in V LAN 4 is connected to the switch.

What are three advantages of replacing the individual V LAN links between the switches and the router with a trunk line and subinterfaces? (Choose three.)
A.It would free up two switch and router ports.
B.It would reduce the complexity of the cabling runs.
C.It would increase the amount of bandwidth available for inter-V LAN routing.
D.It would allow for less complex troubleshooting of inter-V LAN routing issues.
E.It would allow adding more V LAN's without requiring more cabling or switch ports.
F.It would allow for a less complex configuration of inter-V LAN routing.

4.What condition is required to enable Layer 3 switching?
A.The Layer 3 switch must have IP routing enabled.
B.All participating switches must have unique V LAN numbers.
C.All routed subnets must be on the same V LAN.
D.Inter-V LAN portions of Layer 3 switching must use router-on-a-stick.

5.When implementing router-on-a-stick, what is necessary for establishing communication between V LAN's?
A.Multiple switch port to connect to a single router interface.
B.Native V LAN IP address that is configured on the router physical interface.
C.All trunk ports configured in access mode.
D.Router subinterfaces.

6.Which two methodologies could be employed to reduce the risk of a failed inter-switch link disrupting inter-V LAN routing? (Choose two.)
A.Configure and enable EtherChannel.
B.Disable trunking on all switch ports.
C.Configure and enable alternate paths between switches.
D.Assign all switch ports to separate V LAN's.
E.Configure and enable Dynamic Tree Protocol.

7.Refer to the following diagram description to answer the question.

Network Topology:
Switch S1 is connected to router R1 using three interfaces: FA0/0 (V LAN 2), FA0/1 (V LAN 3), and FA0/2 (V LAN 4). Host A in V LAN 2 is connected to the switch. Host B in V LAN 3 is connected to the switch, and Host C in V LAN 4 is connected to the switch.

Which three statements are true regarding this configuration? (Choose three.)
A.This configuration will not scale easily.
B.This configuration limits the number of V LAN's because the router can support only a fixed number of physical interfaces.
C.The connections between the switch and router are trunk links.
D.All traffic between the router and the switch must be tagged with its V LAN ID.
E.This configuration is not the most cost-effective.
F.The switch serves as the gateway for the hosts.

8.How does the router-on-a-stick model for inter-V LAN routing differ from traditional routing?
A.It uses multiple physical interfaces on the router, each configured with a different Layer 3 address.
B.It uses a single physical interface on the switch with only the no shutdown command issued.
C.It uses the subinterfaces on the router with only the no shutdown command issued on the physical interface.
D.It uses the subinterfaces on the switch with only the no shutdown command issued on the physical interface.

9.Which command does the network administrator use to determine whether inter-V LAN communication is functioning?
A.show v lan.
B.ping.
C.i p config.
D.show interface.

10.Refer to the following command output to answer the question.

R1#show interfaces fastEthernet 0/0.1
FastEthernet 0 /0.1 is up, line protocol is up
Hardware is AmdFE, address is 0003.e36f.41e0 (bia 0003.e36f.41e0).
Internet address is 10.10.10.1 /24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255

R1#show interfaces fastEthernet 0/0.2
FastEthernet 0 /0.2 is up, line protocol is up
Hardware is AmdFE, address is 0003.e36f.41e0 (bia 0003.e36f.41e0).
Internet address is 10.10.11.1 /24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255

What statement is true regarding the output?
A.Each subinterface returns a unique address in response to ARP requests.
B.This inter-V LAN routing configuration is not the most cost-effective or scalable.
C.The router is properly configured for router-on-a-stick inter-V LAN routing between the 10.10.10.0.24 and 10.10.11.0/24 subnetworks.
D.The trunk link was dynamically negotiated.
E.Layer 3 addressing is not properly configured.

11.In a router-on-a-stick configuration, which two items are required to support connectivity between the router and the switch? (Choose two.)
A.All ports on the switch must be configured as access ports.
B.The router-to-switch physical interface must be configured with an IP address.
C.Router subinterfaces must be configured with unique addresses in different subnets.
D.The switch port that connects to the router must be configured as a trunk.
E.Each subinterface must be configured with the no shutdown command.

12.Refer to the following diagram description to answer the question.

Network Topology:
Switch S1 is connected to router R1 using three interfaces: FA0/0 (V LAN 2), FA0/1 (V LAN 3), and FA0/2 (V LAN 4). Host A in V LAN 2 is connected to the switch. Host B in V LAN 3 is connected to the switch, and Host C in V LAN 4 is connected to the switch.

Which three statements are true regarding this configuration? (Choose three.)
A.The links between the router and switch are access mode links.
B.Each router interface requires a unique IP address on separate subnets for each V LAN.
C.Each switch interface requires a unique IP address on separate subnets for each V LAN.
D.Each router interface requires the no shutdown command.
E.A routing protocol must be configured on the router.
F.The router is configured with the interface fast ethernet 0 /0.2 command.

13.Which of the following are valid inter-V LAN routing types?

A. Traditional routing.
B. Spanning-tree routing.
C. Router-on-a-stick.
D. 8 0 2 dot 1 Q routing.
E. Switch-based routing.

14.A network technician is configuring a router to support inter-V LAN routing. After entering C L I global configuration mode on R1 and selecting Fast Ethernet interface F0 /0/1, the network administrator attempts to enter the command encapsulation dot 1q 10. The router refuses to accept this command. What could account for this failure?
A.Router port F0/0/1 is not physically connected to the switch.
B.V LAN 0001 has been renamed.
C.The R1 interface F0/0/1 was configured for subinterface operation.
D.This command can only be configured on router subinterfaces.
E.Interface F0/0/1 on the switch is shutdown.

0 comments:

Post a Comment