Configuring routing between vlans with ieee 802

Chapter Description

In this sample chapter from CCNA 200-301 Official Cert Guide, Volume 1, Wendell Odom discusses the configuration & verification steps related khổng lồ three methods of routing between VLANs with three major sections: VLAN Routing with Router 802.1Q Trunks, VLAN Routing with Layer 3 Switch SVIs, and VLAN Routing with Layer 3 Switch Routed Ports.

Bạn đang xem: Configuring routing between vlans with ieee 802


From the Book

*

CCNA 200-301 Official Cert Guide, Volume 1

$35.99 (Save 20%)


VLAN Routing with Router 802.1Q Trunks

Almost all enterprise networks use VLANs. To route IPhường. packets in and out of those VLANs, some devices (either routers or Layer 3 switches) need to have sầu an IP address in each subnet & have a connected route khổng lồ each of those subnets. Then the IP addresses on those routers or Layer 3 switches can serve as the mặc định gateways in those subnets.

This chapter breaks down the LAN routing options inlớn four categories:

Use a router, with one router LAN interface & cable connected khổng lồ the switch for each and every VLAN (typically not used)

Use a router, with a VLAN trunk connecting khổng lồ a LAN switch (known as router-on-a-stick, or ROAS)

Use a Layer 3 switch with switched virtual interfaces (SVI)

Use a Layer 3 switch with routed interfaces (which may or may not be Layer 3 EtherChannels)

Of the items in the danh mục, the first option works, but lớn be practical, it requires far too many interfaces. It is mentioned here only lớn make the danh sách complete.

As for the other three options, this chapter discusses each in turn as the main focus of one of the three major sections in this chapter. Each feature is used in real networks today, with the choice to lớn use one or the other driven by the design và needs for a particular part of the network. Figure 17-1 shows cases in which these options could be used.


*

FIGURE 17-1 Layer 3 Switching at the Central Site


Figure 17-1 shows two switches, labeled A và B, which could act as Layer 3 switches—both with SVIs and routed interfaces. The figure shows a central site campus LAN on the left, with 12 VLANs. Switches A & B act as Layer 3 switches, combining the functions of a router và a switch, routing between all 12 subnets/VLANs, as well as routing to/from the Chip Core router. Those Layer 3 switches could use SVIs, routed interfaces, or both.

Figure 17-1 also shows a classic case for using a router with a VLAN trunk. Sites lượt thích the remote sites on the right side of the figure may have sầu a WAN-connected router and a LAN switch. These sites might use ROAS to take advantage of the router’s ability to lớn route over an 802.1Q trunk.

cảnh báo that Figure 17-1 just shows an example. The engineer could use Layer 3 switching at each site or routers with VLAN trunking at each site.

Configuring ROAS

This next topic discusses how routers route packets to lớn subnets associated with VLANs connected khổng lồ a router 802.1Q trunk. That long description can be a bit of a chore to lớn repeat each time someone wants lớn discuss this feature, so over time, the networking world has instead settled on a shorter and more interesting name for this feature: router-on-a-stiông chồng (ROAS).

ROAS uses router VLAN trunking configuration lớn give the router a logical router interface connected to each VLAN. Because the router then has an interface connected to each VLAN, the router can also be configured with an IPhường address in the subnet that exists on each VLAN.

Routers use subinterfaces as the means khổng lồ have an interface connected to a VLAN. The router needs to have sầu an IP address/mask associated with each VLAN on the trunk. However, the router has only one physical interface for the link connected to the trunk. Cisco solves this problem by creating multiple virtual router interfaces, one associated with each VLAN on that trunk (at least for each VLAN that you want the trunk to lớn support). Cisteo calls these virtual interfaces subinterfaces. The configuration can then include an ip address command for each subinterface.

Figure 17-2 shows the concept with Router B1, one of the branch routers from Figure 17-1. Because this router needs lớn route between only two VLANs, the figure also shows two subinterfaces, named G0/0.10 và G0/0.trăng tròn, which create a new place in the configuration where the per-VLAN configuration settings can be made. The router treats frames tagged with VLAN 10 as if they came in or out of G0/0.10 & frames tagged with VLAN đôi mươi as if they came in or out G0/0.đôi mươi.


*

*

FIGURE 17-2 Subinterfaces on Router B1


In addition, note that most Cisteo routers bởi not attempt khổng lồ negotiate trunking, so both the router and switch need to lớn manually configure trunking. This chapter discusses the router side of that trunking configuration; the matching switch interface would need to lớn be configured with the switchport mode trunk command.

Example 17-1 shows a full example of the 802.1Q trunking configuration required on Router B1 in Figure 17-2. More generally, these steps detail how to configure 802.1Q trunking on a router:


*

Step 1. Use the interface type number.subint commvà in global configuration mode to lớn create a unique subinterface for each VLAN that needs lớn be routed.

Step 2.

Xem thêm: Ar Là Viết Tắt Của Từ Gì, Nghĩa Của Từ A/R, Ar Là Viết Tắt Của Từ Gì

Use the encapsulation dot1q vlan_id command in subinterface configuration mode to lớn enable 802.1Q & associate one specific VLAN with the subinterface.

Step 3. Use the ip address address mask commvà in subinterface configuration mode to configure IP.. settings (address & mask).

Example 17-1 Router Configuration for the 802.1Q Encapsulation Shown in Figure 17-2

B1# show running-config! Only pertinent lines showninterface gigabitethernet 0/0! No IPhường address up here! No encapsulation up here!!interface gigabitethernet 0/0.10 encapsulation dot1q 10 ip address 10.1.10.1 255.255.255.0!interface gigabitethernet 0/0.trăng tròn encapsulation dot1q đôi mươi ip address 10.1.trăng tròn.1 255.255.255.0First, look at the subinterface numbers. The subinterface number begins with the period, lượt thích .10 và .đôi mươi in this case. These numbers can be any number from 1 up through a very large number (over 4 billion). The number just needs to lớn be quality ahy vọng all subinterfaces associated with this one physical interface. In fact, the subinterface number does not even have sầu to lớn match the associated VLAN ID. (The encapsulation commvà, và not the subinterface number, defines the VLAN ID associated with the subinterface.)


NOTE

Although not required, most sites do choose to make the subinterface number match the VLAN ID, as shown in Example 17-1, just khổng lồ avoid confusion.


Each subinterface configuration lists two subcommands. One command (encapsulation) enables trunking & defines the VLAN whose frames are considered to be coming in và out of the subinterface. The ip address command works the same way it does on any other interface. Note that if the physical Ethernet interface reaches an up/up state, the subinterface should as well, which would then let the router add the connected routes shown at the bottom of the example.

Now that the router has a working interface, with IPv4 addresses configured, the router can route IPv4 packets on these subinterfaces. That is, the router treats these subinterfaces lượt thích any physical interface in terms of adding connected routes, matching those routes, và forwarding packets to/from those connected subnets.

The configuration và use of the native VLAN on the trunk require a little extra thought. The native VLAN can be configured on a subinterface, or on the physical interface, or ignored as in Example 17-1. Each 802.1Q trunk has one native VLAN, and if the router needs to route packets for a subnet that exists in the native sầu VLAN, then the router needs some configuration lớn tư vấn that subnet. The two options to lớn define a router interface for the native sầu VLAN are


*

Configure the ip address commvà on the physical interface, but without an encapsulation command; the router considers this physical interface lớn be using the native VLAN.

Configure the ip address commvà on a subinterface và use the encapsulation dot1q vlan-id native subcommand to tell the router both the VLAN ID & the fact that it is the native sầu VLAN.

Example 17-2 shows both native sầu VLAN configuration options with a small change to lớn the same configuration in Example 17-1. In this case, VLAN 10 becomes the native VLAN. The top part of the example shows the option to configure the router physical interface to use native VLAN 10. The second half of the example shows how to configure that same native sầu VLAN on a subinterface. In both cases, the switch configuration also needs lớn be changed khổng lồ make VLAN 10 the native sầu VLAN.

Example 17-2 Router Configuration Using Native sầu VLAN 10 on Router B1

! First option: put the native VLAN IP address on the physical interfaceinterface gigabitethernet 0/0 ip address 10.1.10.1 255.255.255.0!interface gigabitethernet 0/0.đôi mươi encapsulation dot1q trăng tròn ip address 10.1.20.1 255.255.255.0! Second option: lượt thích Example 17-1, but add the native keywordinterface gigabitethernet 0/0.10 encapsulation dot1q 10 native ip address 10.1.10.1 255.255.255.0!interface gigabitethernet 0/0.đôi mươi encapsulation dot1q 20 ip address 10.1.đôi mươi.1 255.255.255.0

Verifying ROAS

Beyond using the show running-config commvà, ROAS configuration on a router can be best verified with two commands: show ip route <connected> and show vlans. As with any router interface, as long as the interface is in an up/up state and has an IPv4 address configured, IOS will put a connected (and local) route in the IPv4 routing table. So, a first và obvious kiểm tra would be to lớn see if all the expected connected routes exist. Example 17-3 lists the connected routes per the configuration shown in Example 17-1.

Example 17-3 Connected Routes Based on Example 17-1 Configuration

B1# show ip route connectedCodes: L - local, C - connected, S - static, R - RIP, M - di động, B - BGP! Legkết thúc omitted for brevity 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masksC 10.1.10.0/24 is directly connected, GigabitEthernet0/0.10L 10.1.10.1/32 is directly connected, GigabitEthernet0/0.10C 10.1.đôi mươi.0/24 is directly connected, GigabitEthernet0/0.20L 10.1.đôi mươi.1/32 is directly connected, GigabitEthernet0/0.20As for interface & subinterface state, note that the ROAS subinterface state does depover khổng lồ some degree on the physical interface state. In particular, the subinterface state cannot be better than the state of the matching physical interface. For instance, on Router B1 in the examples so far, physical interface G0/0 is in an up/up state, & the subinterfaces are in an up/up state. But if you unplugged the cable from that port, the physical port would fail to a down/down state, & the subinterfaces would also fail khổng lồ a down/down state. Example 17-4 shows another example, with the physical interface being shut down, with the subinterfaces then automatically changed to lớn an administratively down state as a result.

Example 17-4 Subinterface State Tied to lớn Physical Interface State

B1# configure terminalEnter configuration commands, one per line. End with CNTL/Z.B1(config)# interface g0/0B1(config-if)# shutdownB1(config-if)# ^ZB1# show ip interface brief | include 0/0GigabitEthernet0/0 unassigned YES manual administratively down downGigabitEthernet0/0.10 10.1.10.1 YES manual administratively down downGigabitEthernet0/0.trăng tròn 10.1.20.1 YES manual administratively down downAdditionally, the subinterface state can also be enabled & disabled independently from the physical interface, using the no shutdownshutdown commands in subinterface configuration mode.

Another useful ROAS verification command, show vlans, spells out which router trunk interfaces use which VLANs, which VLAN is the native sầu VLAN, plus some packet statistics. The fact that the packet counters are increasing can be useful when verifying whether traffic is happening or not. Example 17-5 shows a sample, based on the Router B1 configuration in Example 17-2 (bottom half), in which native VLAN 10 is configured on subinterface G0/0.10. lưu ý that the output identifies VLAN 1 associated with the physical interface, VLAN 10 as the native VLAN associated with G0/0.10, & VLAN trăng tròn associated with G0/0.20. It also lists the IP.. addresses assigned lớn each interface/subinterface.

Xem thêm: Nghĩa Của Từ Expire Là Gì, Nghĩa Của Từ Expire, Expiry Date Là Gì

Example 17-5 Sample show vlans Commvà khổng lồ Match Sample Router Trunking Configuration

R1# show vlansVirtual LAN ID: 1 (IEEE 802.1Q Encapsulation) vLAN Trunk Interface: GigabitEthernet0/0 Protocols Configured: Address: Received: Transmitted: Other 0 83 69 packets, 20914 bytes đầu vào 147 packets, 11841 bytes outputVirtual LAN ID: 10 (IEEE 802.1Q Encapsulation) vLAN Trunk Interface: GigabitEthernet0/0.10 This is configured as native sầu Vlan for the following interface(s) :GigabitEthernet0/0 Native-vlan Tx-type: Untagged Protocols Configured: Address: Received: Transmitted: IP.. 10.1.10.1 2 3 Other 0 1 3 packets, 722 bytes đầu vào 4 packets, 264 bytes outputVirtual LAN ID: đôi mươi (IEEE 802.1Q Encapsulation) vLAN Trunk Interface: GigabitEthernet0/0.20 Protocols Configured: Address: Received: Transmitted: IPhường. 10.1.20.1 0 134 Other 0 1 0 packets, 0 bytes input 135 packets, 10498 bytes output

Troubleshooting ROAS

The biggest challenge when troubleshooting ROAS has khổng lồ do with the fact that if you misconfigure only the router or misconfigure only the switch, the other device on the trunk has no way lớn know that the other side is misconfigured. That is, if you check the show ip routeshow vlans commands on a router, và the output looks like it matches the intended configuration, và the connected routes for the correct subinterfaces show up, routing may still fail because of problems on the attached switch. So, troubleshooting ROAS often begins with checking the configuration on both the router và switch because there is no status output on either device that tells you where the problem might be.

First, khổng lồ check ROAS on the router, you need to lớn start with the intended configuration & ask questions about the configuration:


Chuyên mục: Blogs