In Chapter 14, “Configuring Switches,” you learned that when switches are configured with VLANs, hosts in different VLANs cannot communicate without the help of a router. Consider the router and switch in Figure 15.2.
SW 1 is configured with two VLANs: VLAN 10 and VLAN 20. The switch ports Fa0/20 and Fa0/21 have been added to VLAN 20. The switch ports Fa0/10 and Fa0/11 have been added to VLAN 10.
The computers connected to those switch ports will not be able to communicate with one another until inter-VLAN routing is configured on R1. The first step is to connect the router to the switch with a straight-through cable, connecting the Fa0/1 interface on the router to the Fa0/1 interface on the switch, as shown in Figure 15.2.
To configure the router to route between the VLANs, the following steps must be taken:
These steps are explained in the following sections.
The link that exists between the switch and the router must be specified as a trunk link, because it will be carrying traffic from both VLAN 10 and VLAN 20. Starting on the switch end of the connection, at the interface configuration prompt for the Fa0/1 interface, two commands need to be executed. The first command is as follows:
SW1(config-if)switchport trunk encapsulation isl
This command instructs the router to set the interface as a trunk link and to use the Inter-Switch Link (ISL) encapsulation protocol. This is one of two trunking protocols available. The other is IEEE 802.1q. Either will work fine, but the same protocol must be set on both the switch end and the router end. Keep these factors in mind when you choose between the two:
When configuring the trunk link for 802.1q, the command is executed as follows: SWl(config-if) switchport trunk encapsulation dotlq.
The second command to execute on the switch will set the trunking mode of the interface to trunk, which will prevent it from acting in any other mode. This command is executed while still in interface configuration mode, as shown here:
SW1(config-if)switchport mode trunk
TRUNK MODES
Links can be set as either access or trunk (they default to access). But they can also be set to automatically negotiate with the other end of the link to become a trunk link under certain conditions. For example, the following command will set the link to become a trunk link if the other end requests that the link become a trunk link:
For more information on how this works, see this link: www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/command/reference/cli3.html#wp1948171.
The router end of the connection must be set as a trunk link with the correct encapsulation as well. However, this step cannot be completed without first creating subinterfaces for each VLAN. The next section explains what subinterfaces are and how to configure them on the router.
When traffic from multiple VLANs will traverse the same physical connection, there must be some way to segregate the VLANs for the purpose of assigning a default gateway to each. Remember that VLANs create Network Access layer segmentation, but the devices will also need to be segregated at the Internet layer with IP subnets.
IP addresses are applied to interfaces on a router. Therefore, to apply two IP addresses (in different IP subnets) to the same physical interface, the interface must be logically subdivided. This is done with subinterfaces. Then one IP address (located in one IP subnet) can be applied to one subinterface, and another IP address (located in a different IP subnet) can be applied to the other subinterface.
When subinterfaces are created, they are named after the physical interface of which they are a part, and then a dot is added, followed by a number to identify the subinterface. For example, a subinterface of the Fa0/1 physical interface might be Fa0/1.1 or Fa0/1.2.
After the subinterface has been created, you will immediately be placed into subinterface configuration mode for that subinterface. While you are in that mode, you should do the following:
Before we get started, consider Figure 15.3. It has been labeled with the IP addresses that the computers in each VLAN will have and the IP address that will be applied to the router interface for each subinterface. There will be a sub-interface for each VLAN. Note that computers must be set with the IP address of the router subinterface that has been associated with the host's VLAN as their default gateway.
To create the first subinterface, execute the following command at the global configuration prompt on the router:
R1(config)#interface Fa0/1.1 R1(config-subif)#
Notice that the prompt changed, indicating that you are now in configuration mode for the subinterface Fa0/1.1. Now set the encapsulation to match what was set on the switch (ISL). The 10 that follows identifies the VLAN:
R1(config-subif)# encapsulation isl 10
Finally, set the IP address just as you would on any other interface:
R1(config-subif# ip address 10.0.0.1 255.255.255.0
The complete set of commands for the other subinterface is as follows:
R1(config)#interface Fa0/1.2 R1(config-subif)# encapsulation isl 20 R1(config-subif# ip address 20.0.0.1 255.255.255.0
Because the two networks are directly connected to the router, the routes will automatically be placed in the routing table of R1. Its table is shown here:
R1>show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP <output omitted> C 10.0.0.0/8 is directly connected, FastEthernet0/1.1 C 20.0.0.0/8 is directly connected, FastEthernet0/1.2
When a host in one of the VLANs needs to send something to a host in the other VLAN, the host will send the packet to its default gateway, which will be the IP address that was assigned to the subinterface associated with its VLAN. The router will then locate the network in its table and route the packet back out the interface to the VLAN on which the destination machine is located.
Cisco routers use routing tables to maintain the information required for them to direct the packets they receive to the proper destination. Routes can be placed into the routing table in one of two ways: static routing and dynamic routing. Entries are added to the routing table by using the ip route command. To verify the completion of the ip route command or the existence of a route in the routing table, the table can be viewed with the show ip route command. To configure a router to route between VLANs, you create a trunk link between the router and the switch, configure an encapsulation protocol on the trunk link, and create subinterfaces for each VLAN on the physical link.
ADDITIONAL EXERCISES
In this exercise, you will create static routes that link the networks in Figure 15.4. It assumes that you have connected three routers, as shown in the diagram. The interfaces must also be assigned the IP addresses as shown, and the interfaces should be enabled.
For router R1, perform these steps:
R1>enab1e R1>Password: <enter password> R1#config t R1(config)#
R1>show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP <output omitted> C 192.168.5.0 is directly connected, FastEthernet0/1 C 172.16.0.0 is directly connected, FastEthernet0/2 S 10.0.0.0/8 via 172.16.5.2
Note that for FastEthernet0/1 and FastEthernet0/2, your interface may be different.
For router R3, perform these steps:
R3>enab1e R3>Password: <enter password> R3#config t R3(config)#
R1>show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP <output omitted> C 10.0.0.0 is directly connected, FastEthernet0/1 C 15.0.0.0 is directly connected, FastEthernet0/2 S 192.168.5.0/24 via 15.0.0.2
Note that for FastEthernet0/1 and FastEthernet0/2, your interface may be different.
REVIEW QUESTIONS
Codes: I - IGRP derived, R - RIP derived, O - OSPF derived, C - connected, S - static <output omitted> C 10.0.0.0 is directly connected, FastEthernet 0/1 C 192.168.5.0 is directly connected, FastEthernet 0/2 S 15.0.0.0/8 via 192.168.5.5
C 10.0.0.0 is directly connected, FastEthernet 0/1 C 192.168.5.0 is directly connected, FastEthernet 0/2 D 25.0.0.0/8 via 17.6.0.0 S 15.0.0.0/8 via 192.168.5.5