InterVLAN Routing and SVI
Recall that a Layer 2 network is defined as a broadcast domain. A Layer 2 network can also exist as a VLAN inside one or more switches. VLANs essentially are isolated from each other so that packets in one VLAN cannot cross into another VLAN.
To transport packets between VLANs, you must use a Layer 3 device. Traditionally, this has been a router’s function. The router must have a physical or logical connection to each VLAN so that it can forward packets between them. This is known as interVLAN routing.
InterVLAN routing can be performed by an external router that connects to each of the VLANs on a switch. Separate physical connections can be used, or the router can access each of the VLANs through a single trunk link. The external router also can connect to the switch through a single trunk link, carrying all the necessary VLANs.
----------------------------------
Multilayer switches can perform both Layer 2 switching and interVLAN routing, as appropriate. Layer 2 switching occurs between interfaces that are assigned to Layer 2 VLANs or Layer 2 trunks. Layer 3 switching can occur between any type of interface, as long as the interface can have a Layer 3 address assigned to it.
As with a router, a multilayer switch can assign a Layer 3 address to a physical interface. It also can assign a Layer 3 address to a logical interface that represents an entire VLAN. This is known as a switched virtual interface (SVI). Keep in mind that the Layer 3 address you configure becomes the default gateway for any hosts that are connected to the inter- face or VLAN. The hosts will use the Layer 3 interface to communicate outside of their local broadcast domains.
----------------------------------
Configuring InterVLAN Routing
InterVLAN routing first requires that routing be enabled for the Layer 3 protocol. In the case of IP, you would enable IP routing. In addition, you must configure static routes or a dynamic routing protocol. These topics are covered fully in the CCNP ROUTE course. By default, every switch port on most Catalyst switch platforms is a Layer 2 interface, whereas every switch port on a Catalyst 6500 is a Layer 3 interface. If an interface needs to operate in a different mode, you must explicitly configure it.
An interface is either in Layer 2 or Layer 3 mode, depending on the use of the switchport interface configuration command. You can display a port’s current mode with the following command:
Switch# show interface type mod/num switchport
If the Switchport: line in the command output is shown as enabled, the port is in Layer 2 mode. If this line is shown as disabled, as in the following example, the port is in Layer 3 mode:
Switch# show interface gigabitethernet 0/1 switchport Name: Gi0/1
Switchport: Disabled
Switch#
----------------------------------
Layer 2 Port Configuration
If an interface is in Layer 3 mode and you need to reconfigure it for Layer 2 functionality instead, use the following command sequence:
Switch(config)# interface type mod/num
Switch(config-if)# switchport
The switchport command puts the port in Layer 2 mode. Then you can use other switchport command keywords to configure trunking, access VLANs, and so on. As dis- played in Figure 11-2, several Layer 2 ports exist, each assigned to a specific VLAN. A Layer 2 port also can act as a trunk, transporting multiple Layer 2 VLANs.
Tip: Whenever you see the word switchport, think Layer 2. So if switchport is disabled, it must be Layer 3.
Physical switch ports also can operate as Layer 3 interfaces, where a Layer 3 network ad- dress is assigned and routing can occur, as shown previously in Figure 11-2. For Layer 3 functionality, you must explicitly configure switch ports with the following command sequence:
Switch(config)# interface type mod/num
Switch(config-if)# no switchport
Switch(config-if)# ip address ip-address mask [secondary]
The no switchport command takes the port out of Layer 2 operation. You then can assign a network address to the port, as you would to a router interface.
Note: Keep in mind that a Layer 3 port assigns a network address to one specific physical interface. If several interfaces are bundled as an EtherChannel, the EtherChannel can also become a Layer 3 port. In that case, the network address is assigned to the port-channel interface—not to the individual physical links within the channel.
----------------------------------
On a multilayer switch, you also can enable Layer 3 functionality for an entire VLAN on the switch. This allows a network address to be assigned to a logical interface—that of the VLAN itself. This is useful when the switch has many ports assigned to a common VLAN, and routing is needed in and out of that VLAN.
In Figure 11-2, you can see how an IP address is applied to the switched virtual interface called VLAN 10. Notice that the SVI itself has no physical connection to the outside world; to reach the outside, VLAN 10 must extend through a Layer 2 port or trunk to the outside.
The logical Layer 3 interface is known as an SVI. However, when it is configured, it uses the much more intuitive interface name vlan vlan-id, as if the VLAN itself is a physical interface. First, define or identify the VLAN interface; then assign any Layer 3 functionality to it with the following configuration commands:
Switch(config)# interface vlan vlan-id
Switch(config-if)# ip address ip-address mask [secondary]
The VLAN must be defined and active on the switch before the SVI can be used. Make sure that the new VLAN interface also is enabled with the no shutdown interface configu- ration command.
----------------------------------
Note: The VLAN and the SVI are configured separately, even though they interoperate. Creating or configuring the SVI doesn’t create or configure the VLAN; you still must define each one independently.
As an example, the following commands show how VLAN 100 is created and then defined as a Layer 3 SVI:
Switch(config)# vlan 100
Switch(config-vlan)# name Example_VLAN Switch(config-vlan)# exit
Switch(config)# interface vlan 100
Switch(config-if)# ip address 192.168.100.1 255.255.255.0 Switch(config-if)# no shutdown
