Inter-VLAN Routing

VLANs separate a network into different broadcast domains. That separation improves organization and security, but it also means devices in different VLANs cannot communicate at Layer 2 alone. Inter-VLAN routing provides Layer 3 forwarding between VLANs.

By the end of this module, you should be able to:

• Explain why routing is needed between VLANs.
• Compare legacy inter-VLAN routing, router-on-a-stick, and Layer 3 switch routing.
• Configure router-on-a-stick subinterfaces.
• Configure switched virtual interfaces on a Layer 3 switch.
• Troubleshoot common inter-VLAN routing problems.

Devices in the same VLAN can communicate through switching. Devices in different VLANs need a router or Layer 3 switch to forward traffic between their IP networks.

For example:

• VLAN 10 uses 192.168.10.0/24.
• VLAN 20 uses 192.168.20.0/24.
• A host in VLAN 10 must send traffic to its default gateway before reaching VLAN 20.

Legacy Inter-VLAN Routing

A router uses a separate physical interface for each VLAN. Each router interface connects to a switch access port in a different VLAN. This works but does not scale well because each VLAN needs a physical router interface.

Router-on-a-Stick

A router uses one physical interface configured with multiple logical subinterfaces. The switch port connected to the router is a trunk. Each subinterface is assigned to a VLAN using 802.1Q encapsulation and acts as that VLAN's default gateway.

Layer 3 Switch Inter-VLAN Routing

A Layer 3 switch uses SVIs as VLAN gateways and routes internally between them. This is common in larger LANs because it is faster and more scalable than sending all inter-VLAN traffic to an external router.

In router-on-a-stick, the router receives tagged frames from a trunk link. The tag identifies the VLAN. The router processes traffic through the matching subinterface and routes it to the destination VLAN.

Each subinterface needs:

• a subinterface number,
• an 802.1Q VLAN ID,
• an IP address that serves as the default gateway for that VLAN,
• optional native VLAN handling if required.

A Layer 3 switch can route between VLANs using SVIs. Each VLAN interface receives an IP address and becomes the default gateway for hosts in that VLAN. Routing must be enabled with ip routing.

Common issues include:

• VLAN does not exist on the switch.
• Access port is assigned to the wrong VLAN.
• Trunk is not formed or does not allow the required VLAN.
• Native VLAN mismatch.
• Router subinterface has the wrong VLAN ID.
• Default gateway on the host is incorrect.
• SVI is down because no active port exists in the VLAN.
• ip routing is missing on a Layer 3 switch.

Inter-VLAN routing allows communication between separate VLANs. Router-on-a-stick uses router subinterfaces over a trunk link. A Layer 3 switch uses SVIs and internal routing. Most failures come from mismatched VLANs, trunk problems, missing gateways, or incorrect interface configuration.