VLANs divide broadcast domains in a LAN environment. Whenever hosts in
one VLAN need to communicate with hosts in another VLAN, the traffic must be
routed between them. This is known as inter-VLAN routing. On Catalyst switches
it is accomplished by creating Layer 3 interfaces (Switch virtual interfaces
(SVI) ). This document provides the configuration and troubleshooting steps
applicable to this capability.
Note: This document uses a Catalyst 3550 as an example. However, the
concepts can also be applied to other Layer 3 switches that run Cisco IOS® (for
example, Catalyst 3560, 3750, Catalyst 4500/4000 Series with Sup II+ or later,
or Catalyst 6500/6000 Series that run Cisco IOS System software).
Catalyst switch models 3560, 3750, Catalyst 4500/4000 Series with Sup
II+ or later, or Catalyst 6500/6000 Series that run Cisco IOS system software
support basic InterVLAN routing features in all their supported software
versions. Before you attempt this configuration on a 3550 series switch, ensure
that you meet these prerequisites:
InterVLAN routing on the Catalyst 3550 has certain software
requirements to support interVLAN routing on the switch. See this table to
determine whether your switch can support interVLAN routing.
Image Type and Version
InterVLAN Routing Capability
Enhanced Multilayer Image (EMI) - All
Standard Multilayer Image (SMI) - prior to Cisco IOS Software
Standard Multilayer Image (SMI) - Cisco IOS Software Release
12.1(11)EA1 and later
For more information on the differences between SMI and EMI, refer to
Software Images on Catalyst 3550 Series Switches Using the Command Line
Interface. This document also provides the procedure to upgrade the IOS
code to a version that supports interVLAN routing.
This document assumes that Layer 2 has been configured and that the
devices within the same VLAN connected to the 3550 communicate with one
another. If you need information on configuring VLANs, access ports and
trunking on the 3550, refer to
Ethernet VLANs on Catalyst Switches or the
3550 Software Configuration Guide for the specific IOS version you run
on the switch.
The information in this document is based on these software and
The information presented in this document was created from devices in
a specific lab environment. All of the devices used in this document started
with a cleared (default) configuration. If you are working in a live network,
ensure that you understand the potential impact of any command before using
For more information on document conventions, refer to the
Technical Tips Conventions.
In this section, you are presented with the information to configure
the features described in this document.
This logical diagram explains a simple interVLAN routing scenario. The
scenario can be expanded to include a multi-switch environment by first
configuring and testing inter-switch connectivity across the network before
configuring the routing capability. For such a scenario that uses a Catalyst
3550, refer to
InterVLAN Routing with Catalyst 3550 Series Switches.
Complete these steps to configure a switch to perform interVLAN
Enable routing on the switch by using the
command. Even if IP routing was previously
enabled, this step ensures that it is activated.
Note: If the switch does not accept the ip
routing command, upgrade to either SMI image Cisco IOS Software
Release12.1(11)EA1 or later, or an EMI image, and repeat this step. See the
Prerequisites section for more
Tip: Check the
. Verify whether ip
routing is enabled. The command, if enabled, appears towards the
top of the output.
vtp domain Cisco
vtp mode transparent
Make note of the VLANs that you want to route between. In this
example, you want to route traffic between VLANs 2, 3 and 10.
command to verify that the VLANs exist in the VLAN
database. If they do not exist, add them on the switch. This is an example of
adding VLANs 2, 3, and 10 to the switch VLAN database
VLAN 2 added:
VLAN 3 added:
VLAN 10 added:
Tip: You can use VLAN Trunking Protocol (VTP) to propagate these VLANs
to other switches. Refer to
and Configuring VLAN Trunk Protocol (VTP).
Determine the IP addresses you want to assign to the VLAN interface
on the switch. For the switch to be able to route between the VLANs, the VLAN
interfaces must be configured with an IP address. When the switch receives a
packet destined for another subnet/VLAN, the switch looks at the routing table
to determine where to forward the packet. The packet is then passed to the VLAN
interface of the destination. It is in turn sent to the port where the end
device is attached.
Configure the VLAN interfaces with the IP address identified in
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config-if)#ip address 10.1.2.1 255.255.255.0
Repeat this process for all VLANs identified in step
Configure the interface to the default router. In this scenario you
have a Layer 3 FastEthernet port.
Switch(config)#interface FastEthernet 0/1
Switch(config-if)#ip address 184.108.40.206 255.255.255.0
command makes the interface Layer 3 capable.
The IP address is in the same subnet as the default router.
Note: This step can be omitted if the switch reaches the default router
through a VLAN. In its place, configure an IP address for that VLAN interface.
Configure the default route for the switch.
Switch(config)#ip route 0.0.0.0 0.0.0.0 220.127.116.11
From the diagram in the Task section,
note that the IP address of the default router is 18.104.22.168. If the switch
receives a packet for a network not in the routing table, it forwards it to the
default gateway for further processing. From the switch, verify that you can
ping the default router.
command is used to specify the default
gateway when routing is not enabled. However, in this case, routing is enabled
(from step 1). Therefore, the ip default-gateway
command is unnecessary.
Configure your end devices to use the respective Catalyst 3550 VLAN
interface as their default gateway. For example, devices in VLAN 2 should use
the interface VLAN 2 IP address as its default gateway. Refer to the
appropriate client configuration guide for more information on how to designate
the default gateway.
(Optional) When you implement Inter-VLAN
routing, you can also isolate some VLANs from being routed. Refer to the
Between Two Layer 3 VLANs section of
Ethernet VLANs on Catalyst Switches for more
This video on the
demonstrates how to configure the InterVLAN routing on
Catalyst 3550 Series Switch:
To Configure InterVLAN Routing On Layer 3
This section provides the information to confirm that your
configuration works properly.
Certain show commands are supported by the
Output Interpreter Tool
(registered customers only)
. This allows you to view an
analysis of show command output.
- Provides a snapshot of the routing table
Cat3550#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2,
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, * - candidate default, U - per-user static route,
o - ODR, P - periodic downloaded static route
Gateway of last resort is 22.214.171.124 to network 0.0.0.0
126.96.36.199/30 is subnetted, 1 subnets
C 188.8.131.52 is directly connected, FastEthernet0/48
10.0.0.0/24 is subnetted, 3 subnets
C 10.1.10.0 is directly connected, Vlan10
C 10.1.3.0 is directly connected, Vlan3
C 10.1.2.0 is directly connected, Vlan2
S* 0.0.0.0/0 [1/0] via 184.108.40.206
Note that the routing table has an entry for each VLAN interface
subnet. Therefore, devices in VLAN 3 can communicate with devices in VLAN 10,
VLAN 2 and vice versa. The default route with the next hop 220.127.116.11 allows the
switch to forward traffic to the gateway of last resort (for traffic the switch
ip interface brief
- Lists a brief summary of an
interface's IP information and status. This command is used to verify that the
VLAN interfaces and ports on the switch are up/up.
This section provides the information used to troubleshoot your
Here is troubleshooting information relevant to this configuration.
Follow the instructions to troubleshoot your configuration.
Issue Internet Control Message Protocol (ICMP) pings in order to
verify whether you have Layer 2 connectivity.
If you are not able to ping between two devices on the same VLAN
on the same switch, verify that your source and destination ports have devices
connected to them and are assigned to the same VLAN. For more information,
Ethernet VLANs on Catalyst Switches.
If you are not able to ping between two devices on the same VLAN
but not on the same switch, verify that trunking is configured properly and
that the native VLAN matches on both sides of the trunk.
Initiate an ICMP ping from an end device connected to the Catalyst
3550 to its corresponding VLAN interface. In this example, you can use a host
on VLAN 2 (10.1.2.2) and ping interface VLAN 2 (10.1.2.1). If you are not able
to ping the interface, verify that the host's default gateway points to the
corresponding VLAN interface IP address and that the subnet masks match. For
example, the default gateway of the device on VLAN 2 should point to Interface
VLAN 2 (10.1.2.1). Also verify the interface VLAN status by issuing the
ip interface brief
If the interface status is administratively down, issue the
no shutdown command in the VLAN interface
If the interface status is down/down, verify the VTP
configuration and that the VLANs have been added to the VLAN database. Check to
see if a port is assigned to the VLAN and whether it is in the Spanning Tree
Initiate a ping from an end device in one VLAN to the interface
VLAN on another VLAN to verify that the switch routes between VLANs. In this
example, ping from VLAN 2 (10.1.2.1) to Interface VLAN 3 (10.1.3.1) or
Interface VLAN 10 (10.1.10.1). If the ping fails, verify that IP routing is
enabled and that the VLAN interfaces status is up by issuing the
ip interface brief
Initiate a ping from the end device in one VLAN to the end device
in another VLAN. For example, a device on VLAN 2 should be able to ping a
device on VLAN 3. If the ping test is successful in step 3, but fails to reach
the end device on other the VLAN, verify that the default gateway on the
connected device is configured correctly.
If you are not able to reach the Internet or corporate network,
verify that the default route on the 3550 points to the correct IP address on
the default router. Also verify that the IP address and subnet mask on the
switch are configured correctly.
There is no set recommended value of bandwidth on a VLAN interface
(SVI). The default is BW 1000000 Kbit (1
Gigabit), because the route processor internal inband is only 1 Gigabit by
design. The bandwidth parameter on the
output is not fixed bandwidth used by SVI
as traffic is routed on the switch backplane. The bandwidth number can be used
in order to manipulate routing metrics, calculate interface load statistics,
and so forth.
The Catalyst 6500 switch platform mostly forwards traffic in hardware
with the exception of control/special traffic, for example, SNMP, Telnet, SSH,
Routing protocols, and ARP, which has to be processed by the Supervisor, which
is done in the software.