Switching Networking Theory

Inter-VLAN Routing

Enabling communication between VLANs using Layer 3 routing methods including router-on-a-stick and SVIs

Inter-VLAN Routing

Inter-VLAN routing enables communication between devices in different VLANs, which are separate broadcast domains by default. Since VLANs create Layer 2 isolation, Layer 3 routing is required to forward traffic between them.

Why Inter-VLAN Routing is Needed

  • VLANs segment broadcast domains at Layer 2
  • Devices in VLAN 10 (192.168.10.0/24) cannot communicate with VLAN 20 (192.168.20.0/24) without routing
  • Each VLAN requires its own subnet/IP network
  • Default gateways must be configured for each VLAN to reach other networks

Methods of Inter-VLAN Routing

1. Legacy Inter-VLAN Routing (Physical Interfaces)

  • Uses separate physical router interfaces for each VLAN
  • Each interface connects to a different switch port in access mode
  • Router interface becomes the default gateway for that VLAN
  • Limitation: Requires one physical interface per VLAN (not scalable)

2. Router-on-a-Stick (Subinterfaces)

  • Single physical connection between router and switch using trunk link
  • Router creates subinterfaces (logical interfaces) for each VLAN
  • Each subinterface configured with VLAN ID using 802.1Q encapsulation
  • Example: Gi0/0.10 for VLAN 10, Gi0/0.20 for VLAN 20
  • Most common method for smaller networks with external router

3. Switch Virtual Interfaces (SVIs)

  • Layer 3 switch creates virtual interfaces for each VLAN
  • SVI acts as default gateway for devices in that VLAN
  • Requires ip routing command to enable routing functionality
  • Best practice for enterprise networks (faster than external router)

Configuration Examples

Router-on-a-Stick Configuration 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

interface GigabitEthernet0/0
 no shutdown
 no ip address

interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0

interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0

SVI Configuration (Layer 3 Switch) 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

ip routing
vlan 10
vlan 20

interface vlan 10
 ip address 192.168.10.1 255.255.255.0
 no shutdown

interface vlan 20
 ip address 192.168.20.1 255.255.255.0
 no shutdown

Comparison of Inter-VLAN Routing Methods

Method Scalability Performance Cost Use Case
Physical Interfaces Poor Good High Legacy/Lab only
Router-on-a-Stick Moderate Limited by single link Low Small networks
SVI (Layer 3 Switch) Excellent Best (hardware switching) Medium Enterprise networks

Vocabulary

VLAN (Virtual LAN): Logical segmentation of a physical network into separate broadcast domains

SVI (Switch Virtual Interface): Virtual Layer 3 interface created for a VLAN on a Layer 3 switch

Subinterface: Logical subdivision of a physical interface, allowing multiple VLANs on single trunk

802.1Q: IEEE standard for VLAN tagging on trunk links

Default Gateway: Router interface IP address that devices use to reach other networks

Trunk Link: Connection carrying traffic for multiple VLANs using VLAN tags

ROAS Flow Chart

This is an explanation of how a ping from S2 would reach S1 in a Router on a stick configuration.

![[Screenshot 2025-10-23 125945.png]]

Step 1: S2 sends packet
• S2 needs to reach 10.10.10.126 (S1)
• S2 checks: “Is this in my subnet?” (10.10.10.254/25) means network is  (10.10.10.128/25)
• S1 (10.10.10.126/25) is in the (10.10.10.0/25) network - different subnet
• S2 sends to its default gateway: R1’s Gi0/0.10 interface (10.10.10.129)

Step 2: Packet travels through switched fabric
• Frame goes out S2 • Arrives at SW2’s Fa0/11 interface
• SW2 sees destination MAC is R1, forwards out toward R1

Step 3: R1 routes the packet
• R1 receives on Gi0/0 (VLAN 10 subinterface)
• Checks routing table: 10.10.10.126 is in VLAN 1 subnet
• Routes packet to Gi0/0.10 subinterface for VLAN 1

Step 4: Return path through switches
• R1 sends frame back out Gi0/0 tagged for VLAN 1
• Frame travels to SW1 (likely R1 → SW2>SW1>S1 based on topology)
• SW1 receives and forwards to S1 on Fa0/11

Notes

  • Router-on-a-stick creates a bottleneck - all inter-VLAN traffic must traverse the single trunk link twice (to router and back)
  • SVI interfaces are shutdown by default - use no shutdown to activate
  • At least one active port must exist in a VLAN for its SVI to come up
  • Use show ip route to verify routing table includes connected networks for each VLAN
  • For router-on-a-stick, verify trunk is carrying all required VLANs with show interfaces trunk
  • Layer 3 switches require ip routing command or they act like Layer 2 switches only
  • Consider using routed ports (no switchport) on Layer 3 switches for point-to-point links instead of SVIs
  • Mission-critical networks often use redundant Layer 3 switches with HSRP/VRRP for gateway redundancy