This tutorial explains how to configure InterVLAN routing on Cisco routers. InterVLAN routing allows communication between Virtual LANs. The first part of the tutorial explains how to configure VLAN on the switch and the second part explains how to configure InterVLAN routing on a router.
The following is the connectivity of the switch
fastEthernet 0/1 - Router fastEthernet 1/1 (VLAN 2) - PC0 fastEthernet 2/1 (VLAN 2) - PC1 fastEthernet 3/1 (VLAN 3) - PC2 fastEthernet 4/1 (VLAN 3) - PC3 fastEthernet 5/1 (VLAN 4) - PC4 fastEthernet 6/1 (VLAN 4) - PC5
The image below shows the topology of the network.
Configuring VLAN on the switch
Enter the following commands on the Cisco switch to assign the ports to different VLANs.
Switch>enable Switch#configure terminal Switch(config)#interface fastEthernet 0/1 Switch(config-if)#switchport mode trunk Switch(config-if)#exit Switch(config)#interface range fastEthernet 1/1, fastEthernet 2/1 Switch(config-if-range)#switchport access vlan 2 Switch(config-if-range)#exit Switch(config-if-range)#interface range fastEthernet 3/1, fastEthernet 4/1 Switch(config-if-range)#switchport access vlan 3 Switch(config-if-range)#exit Switch(config-if-range)#interface range fastEthernet 5/1, fastEthernet 6/1 Switch(config-if-range)#switchport access vlan 4 Switch(config-if-range)#exit
The fastEthernet 0/1 port is connected to the router so its mode should be changed to trunk. Use the show command in privileged mode to see the VLAN configuration.
Switch#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1 2 VLAN0002 active Fa1/1, Fa2/1 3 VLAN0003 active Fa3/1, Fa4/1 4 VLAN0004 active Fa5/1, Fa6/1 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active
Configuring InterVLAN routing on the Cisco router
Enter the following commands on the router.
Router>enable Router#configure terminal Router(config)#interface fastEthernet 0/0 Router(config-if)#no shutdown Router(config-if)#interface fastEthernet 0/0.2 Router(config-subif)#encapsulation dot1Q 2 Router(config-subif)#ip add 192.168.0.1 255.255.255.0 Router(config-subif)#interface fastEthernet 0/0.3 Router(config-subif)#encapsulation dot1Q 3 Router(config-subif)#ip add 192.168.1.1 255.255.255.0 Router(config-subif)#interface fastEthernet 0/0.4 Router(config-subif)#encapsulation dot1Q 4 Router(config-subif)#ip add 192.168.2.1 255.255.255.0 Router(config-subif)#exit
The subinterface number should be the VLAN number. Example if you’re configuring a subinterface for VLAN 5 the subinterface should be fastEthernet 0/0.5 and the following command show be encapsulation dot1Q 5. Configure IP addresses for the systems in the network and set the gateway IP as the IP of the router subinterface in that VLAN. Let me give you an example, take a look at the topology image above, if you were to configure IP settings for PC2 it should be
IP Address - 192.168.1.2 Subnet Mask - 255.255.255.0 Gateway - 192.168.1.1
Check whether all computers are communicating now. If you’re doing this on a simulator like Cisco Packet Tracer, turn on simulation mode and see how the packets are traveling. Suppose we ping PC4 from PC1 it takes the ICMP packet takes the following path
PC1 to Switch Switch to Router Router to Switch Switch to PC4 Reply packet: PC4 to Switch Switch to Router Router to Switch Switch to PC1
What about configuring Inter-Vlan routing from real switches that can ping real Internet IP addresses with the use of GNS3? I’ve been trying to set this up and would like to do it, but I’m sure sometype of NAT will be involved as well as static routes
Hi Allen,
Yes you can do that too. Read this post on connecting GNS3 to the Internet.
However if you use real switches you’ll not be able to configure NAT unless you have a Catalyst 5XXX or 6XXX series model.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a008011c629.shtml
But you can connect the switch to your modem (if it has an Ethernet connection) and make it communicate with the internet.
Ok thanks……….I have (2/Distribution) 3550 and 2950 (2/Access), I was just wondering because I have a 2691 (GNS) Router-on-a-stick setup that is running, I can ping all Sub-interface addresses from either switch…..I also have a 4-port NIC adapter……was assuming I can plug a RJ-45 from the port adapter to the Linksys and then create another cloud to form the link between the Virtual Router and Linksys to ping to the internet from the different Vlan’s. But I imagine I would have to create another sub-int with my Linksys Private IP address, but with an address that isn’t conflicting…..does that sound right?
Is Linksys the modem which connects to the internet?
After creating a cloud and linking it to with the appropriate NIC adapter interface you can let the 2691 get the IP address via DHCP.
The router will get a private IP in the same subnet as Linksys.
Then you’ll have to configure NAT on this interface and on the subinterfaces.
Finally configure NAT
Yes the Linksys is connected to the internet…BOOM you are a genius, I’m going to config it and report back…thanks again sir.
Sure, glad to help Allen.
I did what you stated and was able to ping the linksys from a laptop that was connected to an access switch, but I still couldn’t access the internet……laptop is using a 172.16.200.X address, while the linksys is using the normal 192.168.1.X address……I thought the NAT would have taken care of that, but I’m still satisfied that I could ping the Linksys….just wanted to feel accomplished by getting on the internet from Laptop–>switch—>GNS3 Router——>Linksys Router
HAHA I take that back….I configured the DNS Server Addresses on the laptop and BOOM….I have internet, thanks for your help…….this was something that I conjured from a previous lab and wanted to see if it would work…and it DID! I’m giddy…thanks for your help
Awesome dude..
Can i got to know that how to give secure access like:-
ip:- 198.168.0.2 cannot access ip:- 198.168.2.3
hope you understand
i want a particular pc connection can i do this ?
Hi Dilip,
You have to configure an ACL to deny access from that source to the destination.
Then apply it on the correct sub interface. Assuming 192.168.0.2 is in VLAN 10
Jesin can i have your email address i would like more to discuss on this since i am a beginner in this field and my project for final semester i a college network design . so i can directly mail you and you can reply me faster..
thank you
Hi Jesin
i said ip 198.168.0.2 cannot access ip:- 198.168.2.3
but vice versa should be done
or i say ip 198.168.2.3 can access 198.162.0.2
what should i do for this ?
and can i more webpages to server so that i can open other website in server
Have a look at this document which explains ACL for one way TCP traffic initiation.
A great place to ask for support is the Cisco forums. Choose the category that best describes your need and start a discussion.
Dear Jesin.
We use BA-System 2000serious router. we need to confider one ip address two ports. Any idea to configure to this scenario
Sorry Mohammed I have no idea about this router. What Operating System does it run?
hi jesin,
can you send me step by step frame relay concept and practical i mean by commands so i can do it in packet tracer.
Hi Durgarao,
There is already a tutorial on this site for that – https://websistent.com/how-to-configure-frame-relay-in-cisco-packet-tracer/
Not pinging from any PC to router in this configuration
i.e for PC1 I have given
IP: 192.168.0.2
SUB:255.255.255.0
DG:192.168.0.1
but still its not pinging to gateway
in switch i am not able tp ping any ip
Hi jesin
Need your help, I just study for using Router on Stick use GNS3 , my topology:
Switch1—R1–R2–Switch2 and R1 connect to internet
On switch (SW1 and SW2_have 3 vlan and connect to Router use Route On Stick
and R1 and R2 apply OSPF routing protocol
The problem I can not reach Sub interface (ROAS) in R1 from R2 and vice vesra, but I can connect to internet from R2 if direct connect host to R2..
Hope my explanation is clear..
Thank you