Making VLAN’s speak to others

In the previous post regarding VLAN’s and Trunking we went through what a vlan was and how to configure one. We also discussed how to communicate between switches with trunks. Now the time has come to establish communication between vlan’s and start creating our campus segregation.

I won’t be covering inter-vlan routing in regards to router-on-a-stick configurations. It doesn’t scale and it’s just not on. I will highlight why Layer 3 switching is better done on switches. Personal Preference.

Let’s get chatty.

Now we have some Vlan’s set up. 1 by default and 20, 21 and 22. Currently the switches in our network contain these  vlan’s and trunks interconnect the switches. STP is blocking redundant ports and everyone is happy. Now the time has come to make the vlan’s talk to one another.

By definition a vlan is a broadcast domain. It confines layer 2 traffic to the vlan. This vlan may be local or end to end. Generally vlan’s are associated with a subnet. For reference with this article here is the IP’s and vlan names I am going to use.

  • Vlan 1 – Default
  • Vlan 20 – Servers –
  • Vlan 21 – Marketing Switch –
  • Vlan 22 – Accounting Switch –
When you create a vlan on a layer 3 multi layer switch, the device creates a switched virtual interface or an SVI. This SVI becomes an interface. This is show like any other physical interface. It is like a loopback on a router. You can assign an IP address to this SVI and you can use it as a gateway.
By default, vlan1 has a SVI created for it that allows for remote management when an IP address is assigned. Please don’t use vlan 1 for switch management. Make a separate vlan and use access lists to control who and where people can access your infrastructure from.
The 3560 used in this example is my distribution layer switch with 2 2960’s downstream from gi0/1 and gi0/2
3560(config)# vlan 20
3560(config-vlan)# name SERVERS
3560(config-vlan)# exit

3560(config)#interface vlan 20
3560(config)#ip address
3560(config)#no shutdown

Here I have configured the Server vlan. I prefer to use capitals for vlan names, descriptions and access list names as it stands out in the show running config. I have created the vlan with the top two commands. Upon issuing the int vlan 20 command I have created a SVI that I mentioned earlier. This will be the gateway for our server vlan.

I will cover DHCP and the like in a later blog but for now static IP’s are the order for the day. (Servers generally have statics anyway but in this case all vlan’s will have static for todays example)

The SVI is now a gateway for traffic to leave the vlan and communicate with other Vlans.

3560(config)# vlan 21
3560(config-vlan)# name MARKETING_SWITCH
3560(config-vlan)# exit

3560(config)#interface vlan 21
3560(config)#ip address
3560(config)#no shutdown

Here is the secondary VLAN in which I want to communicate with. 2960-1 is the marketing department switch. Gi0/1 on each switch is a trunk. See my other blog mentioned at the top to configure the trunk. With VTP on at this stage and settings configured correctly my vlan’s will propagate from the 3560 to the 2960 quickly and without me configuring them. Thanks for that.

3560(config)# interface range gi0/10 - 20
3560(config-if)# switchport mode access
3560(config-if)# switchport access vlan 20
2960-1(config)# interface range gi0/2 - 24
2960-1(config-if)# switchport mode access
2960-1(config-if)# switchport access vlan 21

With some simple interface range commands I have configured and plugged in my devices. Servers into the distribution 3560 vlan 20 access ports and the marketing iMacs into the 2960-1 Marketing DERPartment switch.

Due to the fact that both SVI’s are connected interfaces they both now can connect to each other and talk. We have successfully enabled inter-vlan routing.

3560#sh ip route
Codes: <<!! Omitted for Brevity !! >>

C is directly connected, Vlan20
C is directly connected, Vlan21

Here we confirm the information regarding out SVI’s. Now to ping

IPv4 Address. . . . . . . . . . . :
 Subnet Mask . . . . . . . . . . . :
 Default Gateway . . . . . . . . . :


Pinging with 32 bytes of data:
Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128

Ping statistics for
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

With conformation from the devices in each vlan we can happily sign off that our inter-vlan routing configuration works.

Some additional notes

SVI autostate is where the conditions of the virtual interface have been met and the SVI status is up/up.
  • Vlan exists and is active in vlan.dat on that switch
  • Vlan interface exists and is not administratively down
  • One layer 2 port exists on the switch in the up state and is in spanning-tree forwarding state.




Leave a Reply

Your email address will not be published. Required fields are marked *