03-Inter-VLAN-Routing-(CML-+-PKT)

⬅️ Back to Table of Contents

---

Lab 03 - Inter-VLAN Routing (Router-on-a-Stick) (PKT + CML)

Topology

This lab builds on Lab 02A - VLAN Trunking (Default Allow All).

All VLANs are already allowed on the trunk between switches, ensuring Layer 2 connectivity before implementing inter-VLAN routing. A router is added and connected to the switch using a trunk link.

📸 Screenshot:

(I used router to act like a client)

---

Goal

• Understand inter-VLAN routing concepts
• Configure router-on-a-stick using subinterfaces
• Enable communication between different VLANs
• Verify Layer 3 connectivity between VLANs

---

VLAN Design

Switch

• VLAN 10 - SALES
• VLAN 20 - IT
• VLAN 30 - HR

Router

• One physical interface
• One subinterface per VLAN
• Acts as the default gateway for all VLANs

---

IP Addressing Plan (Example)

VLAN	Subnet	Default Gateway
10	192.168.1.0/24	192.168.1.1
20	192.168.2.0/24	192.168.2.1
30	192.168.3.0/24	192.168.3.1

📸 Screenshot:

---

Key Configuration

• Reuse VLAN and access port configuration from Lab 02A
• Keep trunk configuration unchanged (all VLANs allowed)
• Configure a trunk link between the switch and the router
• Create router subinterfaces for each VLAN
• Assign IP addresses to subinterfaces
• Configure end devices with the correct default gateway

---

Example Configuration

Switch (Trunk to Router)

SWITCH(config)# interface <interface-to-router>
SWITCH(config-if)# switchport mode trunk

📸 Screenshot:

Router (Router-on-a-Stick)

ROUTER(config)# interface <physical-interface>.10
ROUTER(config-subif)# encapsulation dot1Q 10
ROUTER(config-subif)# ip address 192.168.1.1 255.255.255.0

ROUTER(config)# interface <physical-interface>.20
ROUTER(config-subif)# encapsulation dot1Q 20
ROUTER(config-subif)# ip address 192.168.2.1 255.255.255.0

ROUTER(config)# interface <physical-interface>.30
ROUTER(config-subif)# encapsulation dot1Q 30
ROUTER(config-subif)# ip address 192.168.3.1 255.255.255.0

📸 Screenshot:

(Physical router interface is enabled by default)

---

Verification

• Verify router subinterfaces:
  • show ip interface brief
• Verify trunk configuration on the switch:
  • show interfaces trunk
• Test connectivity using ping:
  • VLAN 10 -> VLAN 20

📸 Screenshot:

(You can use Wireshark to capture icmp packet)

• VLAN 20 -> VLAN 10

📸 Screenshot:

• VLAN 10, 20 -> VLAN 30

📸 Screenshot:

---

Result

• Devices in different VLANs can communicate successfully
• Inter-VLAN routing is performed by the router
• Layer 2 VLAN segmentation is preserved

---

Troubleshooting / Common Mistakes

• Router physical interface is administratively down
  • Enable it using no shutdown
• Incorrect VLAN encapsulation on router subinterfaces
  • Verify encapsulation dot1Q values
• Missing or incorrect default gateway on end devices
  • Verify IP configuration on PCs
• VLAN traffic not reaching the router
  • Verify trunk configuration between switch and router

---

Notes

Note

• Inter-VLAN routing requires a Layer 3 device.
• In this lab, a single router interface is used with multiple subinterfaces, each associated with a VLAN using IEEE 802.1Q tagging.
• Only one router is required, as inter-VLAN routing is performed per VLAN, not per switch.
• This lab demonstrates how Layer 3 routing enables communication between separate VLANs while maintaining Layer 2 segmentation.

---

⬅️ Previous Lab	🏠 Main Menu	Next Lab ➡️