Routing between LANs or Inter VLAN routing ... same
fight! For a router to route a packet from one broadcast domain to another it
must have an interface configured in each of them
I will try through this article to clarify this notion of
"Inter-Vlan routing". To do this, we will take as a base a router
connected to two broadcast domains, Subnet A (192.168.0.0/24) and Subnet B (192.168.1.0/24).
 |
| logical topology |
This is what we can call logical
topology. It takes up the subnets (broadcast domains) and the equipment that
interconnects them, the
router
From there, there are several ways to
realize Inter VLAN Routing
The physical method of Inter VLAN Routing
Undoubtedly the most obvious method.
It is enough to connect each interface of the router to a switch for example
and to configure him the appropriate address.
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address 192.168.0.1 255.255.255.0
Router(config-if)#no shutdown
Router(config)#interface fastEthernet 0/1
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Without any suprise, one notices that two connected roads appear in the routing table ...
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.0.0/24 is directly connected, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/1
Router#
Advantages:
·
Simplicity of implementation
·
Does not use any advanced technology and therefore can be
implemented on
almost any equipment (a Linux router and two unmanaged switches for example).
almost any equipment (a Linux router and two unmanaged switches for example).
Disadvantages:
·
It is difficult to adapt to a large number of subnets
(one physical interface
per subnet)
per subnet)
·
High cost of hardware, each subnet also requires an
additional switch.
Integration of
VLANs
VLANs
(Virtual LANs) allow, among other things, to divide the same switch into
several broadcast domains. In the present case, therefore, the previous
principle is recreated, namely two distinct scattering domains. In each of its
VLANs one places a part of the interfaces of the switch, and then one connects
each interface of the router to an
interface placed in the desired VLAN.
interface placed in the desired VLAN.
Switch
Configuration:
Switch(config)#vlan 10
Switch(config-vlan)#name SUBNET-A
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name SUBNET-B
Switch(config-vlan)#exit
Switch(config)#interface range fastEthernet 0/1 - 12
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#exit
Switch(config)#interface range fastEthernet 0/13 - 24
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#exit
Switch(config)#exit
Switch#
Router
Configuration:
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address 192.168.0.1 255.255.255.0
Router(config-if)#no shutdown
Router(config)#interface fastEthernet 0/1
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Result:
Router
side nothing changes ... (the configuration is identical)
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.0.0/24 is directly connected, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/1
Router#
On
the switch side, the interfaces are placed in two different VLANs. A machine
connected to the VLAN10 will therefore not be able to communicate directly with
a VLAN20 machine. It must go through the router ... as in the 100% physical
version.
Advantages:
·
Simplicity of positioning on the router side.
·
It is no longer necessary to have a switch per subnet.
Disadvantages:
·
It is difficult to adapt to a large number of subnets (it
takes a physical interface by subnet) on the router side but also on the switch
side!
·
You must use a manageable switch that supports VLAN
Router on-a-stick method:
The idea is that we want to limit the
number of physical connections and share them among several broadcast domains.
However on the switch side, it is impossible to place an interface in two VLANs
This is where the concept of Trunk comes in!
A trunk is a link on which the
Ethernet frames are tagged (or encapsulated according to the protocol used).
This tag (or additional header) contains, among other things, the identifier of
the VLAN from which the frame originates, so that the equipment which receives
it can reassign it to the correct broadcast domain.
A switch can be configured to
establish a trunk on an interface ... but not a router ... On this side, it is
necessary to respect the basic principle ... one interface per domain of
diffusion. From then on, the concept of sub-interface is used. To put it
simply, it's a bit like splitting the physical interface into several pieces.
Each of its pieces is then configured to accept frames tagged with a defined
VLAN ID.
Switch
Configuration:
Switch(config)#vlan 10
Switch(config-vlan)#name SUBNET-A
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name SUBNET-B
Switch(config-vlan)#exit
Switch(config)#interface range fastEthernet 0/2 - 12
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#exit
Switch(config)#interface range fastEthernet 0/13 - 24
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#exit
Switch(config)#int fastEthernet 0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#^Z
Switch#
Router
Configuration:
Router(config)#interface fastEthernet 0/0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fastEthernet 0/0.10
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 192.168.0.1 255.255.255.0
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.20
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip address 192.168.1.1 255.255.255.0
Router(config-subif)#^Z
Router#
Result:
Without the slightest surprise, the
router has an interface in each of the broadcast domains. However, this time it
is virtual interfaces, subdivisions of the physical interface.
Note: the name of the sub-interface
(Fa0 / 0.10 for example) has no link with the associated VLAN identifier, it is
the "encapsulation dot1q xxx" command that associates the VLAN xxx
with the sub-interface in question.
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.0.0/24 is directly connected, FastEthernet0/0.10
C 192.168.1.0/24 is directly connected, FastEthernet0/0.20
Router#
Advantages:
·
A single physical link for several broadcast domains
·
Easily expandable, just create a new sub-interface on the
router and a new vlan on the switch.
Disadvantages:
·
All broadcast domains go through the same physical link
that becomes the bottleneck
·
A manageable switch must be used that supports the dot1q
trunks and a router capable of supporting the dot1q protocol as well.
The
multi-layer switch
Definitely
the most used method for inter-vlan routing. To simplify to the limit of the
cartoon, it is a bit like setting up a router in a switch and connecting them
internally. Of course it is more complex than that, but the general idea is
easily understandable.
A
multi-layer switch is a switch (serious?). But capable of doing much more than
its level 2 job. By configuring it can activate IP routing which turns it into
a potential router.
For
the configuration, the original principle remains valid, we need an interface
per domain of diffusion ... but here, since everything is internal to the MLS (multi-layer
switch), one no longer uses the physical interfaces at all. We use SVIs
(Switched Virtual Interface) which are neither more nor less than "VLAN
interface". The access doors of the switch to send frames in the different
broadcast domains.
There
is not much to do if not:
·
Creating VLANs
·
Place switch interfaces in VLANs
·
Enable IP routing
·
Create and configure IVRs
Switch(config)#vlan 10
Switch(config-vlan)#name SUBNET-A
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name SUBNET-B
Switch(config-vlan)#exit
Switch(config)#interface range fastEthernet 0/1 - 12
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#exit
Switch(config)#interface range fastEthernet 0/13 - 24
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#exit
Switch(config)#ip routing
Switch(config)#interface vlan 10
Switch(config-if)#ip address 192.168.0.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#interface vlan 20
Switch(config-if)#ip address 192.168.1.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#^Z
Switch#
Finally, the MLS has an interface in each of the
broadcast domains and its routing table takes up the two connected routes.
Switch#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.0.0/24 is directly connected, Vlan10
C 192.168.1.0/24 is directly connected, Vlan20
Switch#
Note: For an SVI to be UP / UP (and consequently the associated
connected route appears in the routing table, there must be at least one active
interface in the VLAN concerned (or a Trunk that leaves Pass this VLAN).
Advantages:
·
Inter-vlan routing is no longer dependent on the
bandwidth of a physical link.
·
Easily expandable, it is enough to create a new VLAN and
a new SVI associated.
Disadvantages:
·
MLSs are much more expensive than a standard switch or
router (or even both).
Conclusion:
Whatever the method used, the equipment in charge of the
routing MUST have a connected interface in each of the diffusion domains, be it
physical or virtual!
0 comments:
Post a Comment