2.8 Inter-VLAN Routing — Deep Dive
Key Takeaways
- Layer 3 switches with SVIs are the preferred method for inter-VLAN routing in modern networks.
- Router-on-a-stick uses sub-interfaces with 802.1Q encapsulation on a single trunk link.
- The 'ip routing' command must be enabled on Layer 3 switches for inter-VLAN routing to function.
- Each SVI needs an IP address that serves as the default gateway for hosts in that VLAN.
- Verify inter-VLAN routing with 'show ip route' and 'show ip interface brief' on the Layer 3 device.
Inter-VLAN Routing — Deep Dive
Devices in different VLANs cannot communicate at Layer 2. Traffic between VLANs must pass through a Layer 3 device. The CCNA tests two methods: Layer 3 switch SVIs and router-on-a-stick.
Method 1: Layer 3 Switch with SVIs (Preferred)
A Switch Virtual Interface (SVI) is a virtual Layer 3 interface on a Layer 3 switch, one per VLAN. The SVI IP address serves as the default gateway for all hosts in that VLAN.
Full Configuration Example
! Enable Layer 3 routing
Switch(config)# ip routing
! Create VLANs
Switch(config)# vlan 10
Switch(config-vlan)# name SALES
Switch(config)# vlan 20
Switch(config-vlan)# name ENGINEERING
Switch(config)# vlan 30
Switch(config-vlan)# name MANAGEMENT
! Configure SVIs (default gateways)
Switch(config)# interface vlan 10
Switch(config-if)# ip address 192.168.10.1 255.255.255.0
Switch(config-if)# no shutdown
Switch(config)# interface vlan 20
Switch(config-if)# ip address 192.168.20.1 255.255.255.0
Switch(config-if)# no shutdown
Switch(config)# interface vlan 30
Switch(config-if)# ip address 192.168.30.1 255.255.255.0
Switch(config-if)# no shutdown
! Assign access ports to VLANs
Switch(config)# interface range Gi0/1 - 8
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 10
Switch(config)# interface range Gi0/9 - 16
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 20
SVI Troubleshooting
An SVI will show "up/up" only when:
- The VLAN exists in the VLAN database
- At least one access port or trunk is up/up in that VLAN
- The SVI has not been administratively shut down
Method 2: Router-on-a-Stick
Used when a Layer 3 switch is not available. A single router interface is divided into sub-interfaces, one per VLAN.
Full Configuration Example
Switch Configuration:
Switch(config)# interface GigabitEthernet0/24
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20,30
Router Configuration:
Router(config)# interface GigabitEthernet0/0
Router(config-if)# no shutdown
Router(config)# interface GigabitEthernet0/0.10
Router(config-subif)# encapsulation dot1Q 10
Router(config-subif)# ip address 192.168.10.1 255.255.255.0
Router(config)# interface GigabitEthernet0/0.20
Router(config-subif)# encapsulation dot1Q 20
Router(config-subif)# ip address 192.168.20.1 255.255.255.0
Router(config)# interface GigabitEthernet0/0.30
Router(config-subif)# encapsulation dot1Q 30
Router(config-subif)# ip address 192.168.30.1 255.255.255.0
Comparison
| Feature | Layer 3 Switch (SVI) | Router-on-a-Stick |
|---|---|---|
| Performance | Wire-speed (hardware ASIC) | Limited by single link bandwidth |
| Scalability | Excellent | Limited (single physical link) |
| Cost | Higher (L3 switch) | Lower (basic router) |
| Bottleneck | None | The single trunk link |
| Best for | Enterprise networks | Small offices, labs |
On the Exam: Know both methods. Simulation questions may ask you to configure router-on-a-stick (sub-interfaces with
encapsulation dot1Q) or Layer 3 switch SVIs (withip routingenabled). Don't forget tono shutdownthe physical interface and the SVIs.
Which command must be enabled on a Layer 3 switch for inter-VLAN routing to work?
An SVI for VLAN 20 shows status "up/down". What is the most likely cause?
In a router-on-a-stick configuration, what does the "encapsulation dot1Q 20" command do on a sub-interface?