Cisco Layer 3 Switch Inter-VLAN Routing Without Router
Layer 3 capable switch by default works as Layer 2, but it is possible to configure routed ports that act as router interfaces.
Also inter VLAN routing can be configured by using Layer 2 switches and routers, if the Layer 3 switch is not available (known as router-on-a-stick).
I will describe and build a simple topology with an L3 switch acting as Inter VLAN routing devices together with three L2 access switches, while as a server in my topology I will use Kali Linux on VM for connection testing (ping). Instead of PCs, I will use routers Cisco 1841.
The goal of this topology is to understand how to configure L2 and L3 switches to provide routing between VLANs.
Four VLANs need to be created on the L2 and L3 switches: 10, 20, 30, and 100 (only on the Core switch). On the Core switch for given VLANs, I will create the next SVIs:
VLAN 1–10.1.1.254/24
VLAN 10–10.1.10.254/24
VLAN 20–10.1.20.254/24
VLAN 30–10.1.30.254/24
VLAN 100 -10.1.100.254/24
These four IP addresses will serve as the default gateway addresses for hosts belonging to a certain VLAN. Traffic between those VLANs will be routed by the Core switch. All interfaces connecting switches must be configured as Trunk Ports to allow VLANs to pass between switches.
Access layer switches will only have management IP addresses in VLAN1:
Switch-1–10.1.1.1/24
Switch-2–10.1.1.2/24
Switch-3–10.1.1.3/24
End devices will assign the following IP addresses:
PC1 in VLAN 10–10.1.10.10/24
PC2 in VLAN 20–10.1.20.20/24
PC3 in VLAN 30–10.1.30.30/24
Server1 in VLAN 100–10.1.100.100/24
The configuration will be as follows:
Cisco Layer 2 switches
! Create VLANs 10, 20 and 30 on the switches.
Switch-1#configure terminal
Switch-1(config)#vlan 10
Switch-1(config-vlan)#name segmentA
Switch-1(config-vlan)#exit
Switch-2#configure terminal
Switch-2(config)#vlan 20
Switch-2(config-vlan)#name segmentB
Switch-2(config-vlan)#exit
Switch-3#configure terminal
Switch-3(config)#vlan 30
Switch-3(config-vlan)#name segmentC
Switch-3(config-vlan)#exit
! Assign Port Fe0/24 in VLAN 10
Switch-1(config)#interface fastEthernet 0/24
Switch-1(config-if)#switchport mode access
Switch-1(config-if)#switchport access vlan 10
Switch-1(config-if)#exit
! Assign Port Fe0/24 in VLAN 20
Switch-2(config)#interface fastEthernet 0/24
Switch-2(config-if)#switchport mode access
Switch-2(config-if)#switchport access vlan 20
Switch-2(config-if)#exit
! Assign Port Fe0/24 in VLAN 30
Switch-3(config)#interface fastEthernet 0/24
Switch-3(config-if)#switchport mode access
Switch-3(config-if)#switchport access vlan 30
Switch-3(config-if)#exit
! Create Trunk Port Fe0/1 (same configuration for all access switches)
Switch(config)# interface fastethernet 0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# exit
*on older switches only dot1q encapsulation is available.
! Assign IP address for VLAN 1 and default gateway (for all access layer switches)
Switch-1(config)#int vlan 1
Switch-1(config-if)#ip address 10.1.1.1 255.255.255.0
Switch-1(config-if)#no shutdown
Switch-1(config-if)#exit
Switch-1(config)#ip default-gateway 10.1.1.254
Switch-2(config)#int vlan 1
Switch-2(config-if)#ip address 10.1.1.2 255.255.255.0
Switch-2(config-if)#no shutdowns
Switch-2(config-if)#exit
Switch-2(config)#ip default-gateway 10.1.1.254
Switch-3(config)#int vlan 1
Switch-3(config-if)#ip address 10.1.1.3 255.255.255.0
Switch-3(config-if)#no shutdown
Switch-3(config-if)#exit
Switch-3(config)#ip default-gateway 10.1.1.254
Cisco Layer 3 Switch
! Enable Layer 3 routing
Core(config) # ip routing
! Create VLANs 10, 20, 30 and 100 on the Core switch database
Core(config)#vlan 10
Core(config-vlan)#name segmentA
Core(config-vlan)#exit
Core(config)#vlan 20
Core(config-vlan)#name segmentB
Core(config-vlan)#exit
Core(config)#vlan 30
Core(config-vlan)#name segmentC
Core(config-vlan)#exit
Core(config)#vlan 100
Core(config-vlan)#name server
Core(config-vlan)#exit
! Assign Port Fe1/0/24 in VLAN 100
Core(config)#interface fastEthernet 1/0/24
Core(config-if)#switchport mode access
Core(config-if)#switchport access vlan 100
Core(config-if)#exit
! Create Trunk Ports Fe1/0/1, Fe1/0/2, Fe1/0/3
Core(config)#int fa1/0/1
Core(config-if)#switchport trunk encapsulation dot1q
Core(config-if)#switchport mode trunk
Core(config-if)#int fa1/0/2
Core(config-if)#switchport trunk encapsulation dot1q
Core(config-if)#switchport mode trunk
Core(config-if)#int fa1/0/3
Core(config-if)#switchport trunk encapsulation dot1q
Core(config-if)#switchport mode trunk
Core(config-if)#exit
! Create SVIs
Core(config)#int vlan 1
Core(config-if)#no shut
Core(config-if)#ip address 10.1.1.254 255.255.255.0
Core(config-if)#int vlan 10
Core(config-if)#ip address 10.1.10.254 255.255.255.0
Core(config-if)#no shutdown
Core(config-if)#int vlan 20
Core(config-if)#ip address 10.1.20.254 255.255.255.0
Core(config-if)#no shutdown
Core(config-if)#int vlan 30
Core(config-if)#ip address 10.1.30.254 255.255.255.0
Core(config-if)#no shutdown
Core(config-if)#int vlan 100
Core(config-if)#ip address 10.1.100.254 255.255.255.0
Core(config-if)#no shutdown
Core(config-if)#exit
And some connection tests:
