This lesson discusses the most basic method of forwarding data between VLANs using a router with multiple Interfaces. Each VLAN connects to a separate physical interface on the router. This method is older and not common today. However,  it is fundamental to use the most modern methods, which we will see in the following lessons. 

Connectivity between VLANs

Recall that LAN switches forward frames based on Layer 2 logic. This means that when a switch receives an Ethernet frame, it looks at the destination MAC address and forwards the frame out to another interface or multiple interfaces if it is a BUM frame. This type of switch is often called a Layer 2 switch

Figure 1. Connectivity between VLANs, physical view. (animated)
Figure 1. Connectivity between VLANs, physical view.

Layer 2 forwarding logic is performed per VLAN. For example, in the diagram above, all end-hosts on the left are configured in VLAN10, which is a separate broadcast domain and different subnet. The servers on the right are configured in VLAN20, which is also in its own broadcast domain and a different subnet from VLAN10. 

Because VLAN10 and VLAN20 are different broadcast domains, frames from one VLAN will never leak over to the other. Therefore, the switch acts like two separate switches, as shown in the diagram below.

Figure 2. Connectivity between VLANs, logical view. (animated)
Figure 2. Connectivity between VLANs, logical view. (animated)

A Layer 2 switch cannot forward traffic between VLANs. It only sends frames within the same VLAN. To send data from one VLAN to another, we need a device that can route traffic — like a router or a Layer 3 switch.

Routing between VLANs with a router

Ultimately, when we design networks, we want to have any-to-any connectivity between all devices. Following the logic that we have learned in the previous lessons, that

VLAN = Broadcast Domain = Subnet

Enabling connectivity between two VLANs means enabling connectivity between IP subnets. Therefore, we need to have a device that acts as a router. There are two possible solutions: we can use an actual router to do the routing, or the switch itself can perform routing functionalities. Switches that can perform Layer 3 routing functions are called Layer 3 switches or Multilayer switches. 

Figure 3. Routing between VLANs with a router, physical view.
Figure 3. Routing between VLANs with a router, physical view.

In the following example, we are using a router to route data between VLAN10 and VLAN20. The router has one physical interface connected to the switchport in VLAN10 and one physical interface connected to the switchport in VLAN20. Thus, the router has one interface in subnet 192.168.1.0/24 and one interface in subnet 10.1.0.0/24, and it does what all routers do - route IP packets between subnets.

Figure 4. Routing between VLANs with a router, logical view.
Figure 4. Routing between VLANs with a router, logical view.

The downside of this approach for forwarding data between VLANs is that the router must have physical interfaces for every VLAN. The above example is a feasible design option, but if we have 10+ VLANs, for example, it will obviously not scale well because we will use 10+ interfaces on both the router and the switch. Routers typically have only a few routing interfaces, so this approach is only applicable in very small-scale deployments.

Configuring and Verifying InterVLAN routing

Let's first check if everything is configured correctly on the switch. We have four clients in VLAN10 (Users) and for servers in VLAN20 (Servers) connected as shown in Figure 3.

SW1# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig0/1, Gig0/2
10   USERS                            active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
20   SERVERS                          active    Fa0/15, Fa0/16, Fa0/17, Fa0/18
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    

Router# conf t
Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)# interface gi0/0
Router(config-if)# no shutdown 
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

Router(config-if)# ip address 192.168.1.1 255.255.255.0
Router(config-if)#description USERS
Router(config-if)# exit

Router(config)# int gigabitEthernet 0/1
Router(config-if)# no shutdown 
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

Router(config-if)# ip address 10.1.0.1 255.255.255.0
Router(config-if)# description SERVERS
Router(config-if)# end

gdgdfgfd

Router#sh ip interface brief
Interface            IP-Address      OK? Method Status                Protocol 
GigabitEthernet0/0   192.168.1.1     YES manual up                    up 
GigabitEthernet0/1   10.1.0.1        YES manual up                    up 
GigabitEthernet0/2   unassigned      YES unset  administratively down down 
Vlan1                unassigned      YES unset  administratively down down