---

Inter-VLAN Communication

In the previous chapters, we discussed VLANs and VLAN configuration. You understand that networks use VLANs to group ports into separate broadcast domains, which minimizes unwanted traffic and enhances both efficiency and security. However, devices within different VLANs cannot communicate with each other. They act as if they are on separate physical switches, blocking any communication between devices from different VLANs.

While it is necessary to block unwanted broadcast or multicast traffic, we sometimes need to enable unicast communication between devices across different VLANs. A Layer 2 switch alone cannot facilitate this inter-VLAN communication, as it requires devices in different VLANs to be configured on different networks. Inter-VLAN communication, being essentially inter-network communication, necessitates the use of a router (“Router on a stick”) or a Layer 3 switch.

Inter-VLAN Communication Methods

There are two primary methods to achieve inter-VLAN communication:

1. Router on a stick ( Using a separate router)
2. Using a Layer 3 Switch

In this tutorial, we will cover the first method: “Router on a stick”.

What is Router on a Stick?

“Router on a stick” refers to a network configuration where a router uses a single physical interface to route traffic between multiple VLANs on a switch. To accomplish this, you create subinterfaces on the router’s physical interface, configuring each with an IP address and associating it with a different VLAN.

Topology for router on a stick configuration:

Understanding the Router on a Stick Topology:

In this setup, our switch contains two VLANs, 10 and 20, and connects to a router through a tagged port (trunk port). We have configured the PCs with IP addresses 10.1.1.1/8 and 20.1.1.1/8, respectively. For communication from PC1 to PC2, you must also configure their gateways. Let’s assign PC1’s gateway as 10.1.1.2 and PC2’s gateway as 20.1.1.2. The challenge arises in configuring both these IPs on the router’s interface since routers typically allow only one IP per interface. To resolve this issue, we employ subinterfaces. By creating subinterfaces, we can split a physical interface into multiple virtual interfaces, each configured with IP addresses from different networks.

Simply keeping the subinterfaces on different networks is not sufficient because the switch, when sending frames to the router, will tag them with either VLAN 10 or 20 and expect tagged frames in return from the router. Therefore, you must configure the router with the dot1q tagging protocol. It’s essential to set up this tagging protocol and the corresponding VLAN numbers on the subinterfaces. Let’s label these subinterfaces as FE 1/1.1 and FE 1/1.2. On the first subinterface, configure the IP address as 10.1.1.2 with VLAN 10. For the second subinterface, set the IP address to 20.1.1.2 with VLAN 20.

Summary of Router Configuration:

• Create subinterfaces on the router’s physical interface. Each subinterface corresponds to a different VLAN.
• Assign an IP address to each subinterface. These IP addresses will serve as the default gateway for devices in the corresponding VLAN.
• Enable 802.1Q encapsulation (VLAN tagging) on each subinterface.

Summary of Switch Configuration:

• Configure the switch port connected to the router as a trunk port. This port will carry traffic from all VLANs.
• Ensure the relevant VLANs are created and assigned to the appropriate switch ports.

Frame Flow in Router on a Stick Topology:

Now, let’s examine how frames travel from PC1 to PC2. When PC1 needs to send a frame, it transmits the frame using the gateway’s MAC address as the destination. The switch receives this frame and decides to forward it through the tagged port connected to the router, appending a VLAN tag with VLAN ID 10. Upon receiving the frame, the router processes and removes the Ethernet header, then inspects the IP header. Realizing that the packet is destined for another subinterface based on the destination IP address, the router forwards it accordingly. For outgoing transmission, the router attaches a new Ethernet header that includes a VLAN tag with VLAN ID 20, matching the configuration of the second subinterface with dot1q tagging for VLAN 20. Finally, the switch, upon receiving the frame back from the router, recognizes the VLAN tag and forwards the frame to PC2.

Router on a Stick Configuration using a Cisco router

With reference to the topology diagram provided, here are the commands you can use on Cisco devices to configure inter-VLAN communication

Router Configuration:

Router(config)# interface FastEthernet 1/1.1
Router(config-if)# encapsulation dot1Q 10
Router(config-if)# ip address 10.1.1.2 255.255.255.0
Router(config-if)# interface FastEthernet 1/1.2
Router(config-if)# encapsulation dot1Q 20
Router(config-if)# ip address 20.1.1.2 255.255.255.0

Switch Configuration:

Switch# vlan database
Switch(vlan)# vlan 10
Switch(vlan)# vlan 20
Switch (vlan)# exit
Switch# configure terminal
Switch(config)#interface Fastethernet 0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk allowed vlan all
Switch(config-if)#interface FastEthernet0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#interface FastEthernet0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20

Checking the configuration:

To verify the configuration, check whether ping works from PC1 to PC2. Additionally, verify the router’s routing table and interface status using the following commands:

Router# show ip route
Router# show ip interface brief

---

Next >>> OSPF Configuration Example 1: Adjacency Formation

Previous >>> VLAN Configuration Examples

Further Reading : Wikipedia