Making VLAN’s speak to others
In the previous post regarding VLAN’s and Trunking we went through what a vlan was and how to configure one. We also discussed how to communicate between switches with trunks. Now the time has come to establish communication between vlan’s and start creating our campus segregation.
I won’t be covering inter-vlan routing in regards to router-on-a-stick configurations. It doesn’t scale and it’s just not on. I will highlight why Layer 3 switching is better done on switches. Personal Preference.
Let’s get chatty.
Now we have some Vlan’s set up. 1 by default and 20, 21 and 22. Currently the switches in our network contain these vlan’s and trunks interconnect the switches. STP is blocking redundant ports and everyone is happy. Now the time has come to make the vlan’s talk to one another.
By definition a vlan is a broadcast domain. It confines layer 2 traffic to the vlan. This vlan may be local or end to end. Generally vlan’s are associated with a subnet. For reference with this article here is the IP’s and vlan names I am going to use.
- Vlan 1 – Default
- Vlan 20 – Servers – 192.168.20.0/24
- Vlan 21 – Marketing Switch – 192.168.21.0/24
- Vlan 22 – Accounting Switch – 192.168.22.0/24
3560(config)# vlan 20 3560(config-vlan)# name SERVERS 3560(config-vlan)# exit 3560(config)#interface vlan 20 3560(config)#ip address 192.168.20.1 255.255.255.0 3560(config)#no shutdown
Here I have configured the Server vlan. I prefer to use capitals for vlan names, descriptions and access list names as it stands out in the show running config. I have created the vlan with the top two commands. Upon issuing the int vlan 20 command I have created a SVI that I mentioned earlier. This will be the gateway for our server vlan.
I will cover DHCP and the like in a later blog but for now static IP’s are the order for the day. (Servers generally have statics anyway but in this case all vlan’s will have static for todays example)
The SVI is now a gateway for traffic to leave the vlan and communicate with other Vlans.
3560(config)# vlan 21 3560(config-vlan)# name MARKETING_SWITCH 3560(config-vlan)# exit 3560(config)#interface vlan 21 3560(config)#ip address 192.168.21.1 255.255.255.0 3560(config)#no shutdown
Here is the secondary VLAN in which I want to communicate with. 2960-1 is the marketing department switch. Gi0/1 on each switch is a trunk. See my other blog mentioned at the top to configure the trunk. With VTP on at this stage and settings configured correctly my vlan’s will propagate from the 3560 to the 2960 quickly and without me configuring them. Thanks for that.
3560(config)# interface range gi0/10 - 20 3560(config-if)# switchport mode access 3560(config-if)# switchport access vlan 202960-1(config)# interface range gi0/2 - 24 2960-1(config-if)# switchport mode access 2960-1(config-if)# switchport access vlan 21
With some simple interface range commands I have configured and plugged in my devices. Servers into the distribution 3560 vlan 20 access ports and the marketing iMacs into the 2960-1 Marketing DERPartment switch.
Due to the fact that both SVI’s are connected interfaces they both now can connect to each other and talk. We have successfully enabled inter-vlan routing.
3560#sh ip route Codes: <<!! Omitted for Brevity !! >> C 192.168.20.0/24 is directly connected, Vlan20 C 192.168.21.0/24 is directly connected, Vlan21
Here we confirm the information regarding out SVI’s. Now to ping
IPv4 Address. . . . . . . . . . . : 192.168.21.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.21.1 ping 192.168.20.10 Pinging 192.168.20.10 with 32 bytes of data: Reply from 192.168.20.10: bytes=32 time<1ms TTL=128 Reply from 192.168.20.10: bytes=32 time<1ms TTL=128 Reply from 192.168.20.10: bytes=32 time<1ms TTL=128 Reply from 192.168.20.10: bytes=32 time<1ms TTL=128 Ping statistics for 192.168.20.10: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
With conformation from the devices in each vlan we can happily sign off that our inter-vlan routing configuration works.
Some additional notes
- Vlan exists and is active in vlan.dat on that switch
- Vlan interface exists and is not administratively down
- One layer 2 port exists on the switch in the up state and is in spanning-tree forwarding state.