Skip to content
TEQcloud Knowledge base

Inter-VLAN Routing

VLANs can’t talk to each other by default - you need a Layer 3 device (router or multilayer switch) to route between them.

Why Use Inter-VLAN Routing?

Section titled “Why Use Inter-VLAN Routing?”

You need inter-VLAN routing when:

  • Devices in different VLANs need to communicate (e.g., Sales VLAN needs to access a server in IT VLAN)
  • Users need to access resources on other VLANs
  • You want VLANs for security but still need controlled connectivity between them

Inter-VLAN Routing Diagram

Section titled “Inter-VLAN Routing Diagram”
Without Inter-VLAN Routing:
┌─────────────┐      ┌─────────────┐
│  VLAN 10    │      │  VLAN 20    │
│  PC1        │ XXX  │  PC2        │  Can't communicate!
│192.168.10.10│      │192.168.20.10│
└─────────────┘      └─────────────┘


With Inter-VLAN Routing (Layer 3 Switch/Router):
┌─────────────┐      ┌──────────────────┐      ┌─────────────┐
│  VLAN 10    │      │  Layer 3 Switch  │      │  VLAN 20    │
│  PC1        ├──────┤ VLAN 10: .10.1   ├──────┤  PC2        │
│192.168.10.10│      │ VLAN 20: .20.1   │      │192.168.20.10│
│GW: .10.1    │      │  (Routes between)│      │GW: .20.1    │
└─────────────┘      └──────────────────┘      └─────────────┘
                            Traffic routed between VLANs!

Method 1: Switch Virtual Interface (SVI)

Section titled “Method 1: Switch Virtual Interface (SVI)”

When to use: When you have a multilayer switch (Layer 3 switch). This is the BEST method - fastest and most efficient.

Use on multilayer switches - the switch itself routes between VLANs using hardware.

Requirements:

  • Multilayer switch (Layer 3 switch)
  • VLAN must exist in VLAN database
  • At least one port assigned to the VLAN in up/up state

Configuration:

! Create VLANs
Switch(config)# vlan 10
Switch(config-vlan)# name Sales
Switch(config-vlan)# exit


Switch(config)# vlan 20
Switch(config-vlan)# name Engineering
Switch(config-vlan)# exit


! Enable IP routing on the switch
Switch(config)# ip routing


! Create SVIs (one per VLAN)
Switch(config)# interface vlan 10
Switch(config-if)# ip address 192.168.10.1 255.255.255.0
Switch(config-if)# no shutdown
Switch(config-if)# exit


Switch(config)# interface vlan 20
Switch(config-if)# ip address 192.168.20.1 255.255.255.0
Switch(config-if)# no shutdown

Parameters:

  • 10, 20 - VLAN numbers. Replace with your VLANs.
  • Sales, Engineering - VLAN names. Replace with your names (optional).
  • 192.168.10.1, 192.168.20.1 - SVI IP addresses (default gateways). Replace with your addressing scheme.

Note: ip routing enables Layer 3 routing on the switch - this is REQUIRED for SVIs to route between VLANs.

The switch is now the default gateway for devices in VLAN 10 (192.168.10.1) and VLAN 20 (192.168.20.1).

Method 2: Router-on-a-Stick (Subinterfaces)

Section titled “Method 2: Router-on-a-Stick (Subinterfaces)”

When to use: When you DON’T have a multilayer switch - only a regular Layer 2 switch and a router. Or when you’re routing VLANs from an external device.

Drawback: Slower than SVIs because all traffic must go through one physical interface to the router.

Use when you only have a router (not a multilayer switch). One physical router interface handles multiple VLANs using subinterfaces.

Configuration:

On the switch (trunk to router):

Switch(config)# interface GigabitEthernet0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20,30

Parameters:

  • GigabitEthernet0/1 - Replace with the switch port connected to the router.
  • 10,20,30 - VLAN list. Replace with your VLANs.

On the router (subinterfaces with 802.1Q encapsulation):

Router(config)# interface GigabitEthernet0/0
Router(config-if)# no shutdown
Router(config-if)# exit


! Subinterface for VLAN 10
Router(config)# interface GigabitEthernet0/0.10
Router(config-subif)# encapsulation dot1q 10
Router(config-subif)# ip address 192.168.10.1 255.255.255.0
Router(config-subif)# exit


! Subinterface for VLAN 20
Router(config)# interface GigabitEthernet0/0.20
Router(config-subif)# encapsulation dot1q 20
Router(config-subif)# ip address 192.168.20.1 255.255.255.0
Router(config-subif)# exit


! Subinterface for VLAN 30
Router(config)# interface GigabitEthernet0/0.30
Router(config-subif)# encapsulation dot1q 30
Router(config-subif)# ip address 192.168.30.1 255.255.255.0

Parameters:

  • GigabitEthernet0/0 - Replace with your router’s physical interface connected to the switch.
  • GigabitEthernet0/0.10, .20, .30 - Subinterface numbers. Typically match VLAN numbers for clarity.
  • 10, 20, 30 - VLAN numbers for dot1q encapsulation. Must match actual VLAN numbers.
  • 192.168.10.1, 192.168.20.1, 192.168.30.1 - Default gateway IPs. Replace with your addressing scheme.

Note: The physical interface must be no shutdown or the subinterfaces won’t work. The number after dot1q MUST match the VLAN number.

Subinterface numbering: The .10, .20, .30 can be any number, but matching the VLAN ID makes it easier to manage (e.g., subinterface .10 for VLAN 10).

When to Use Which Method

Section titled “When to Use Which Method”
MethodUse Case
SVIMultilayer switch doing inter-VLAN routing (most common, fastest)
Router-on-a-stickOnly have a router, or routing VLANs from external switch

If you have a multilayer switch, always use SVIs - it’s hardware-based routing, much faster than router-on-a-stick.

Verify Configuration

Section titled “Verify Configuration”

For SVIs:

Switch# show ip interface brief
Switch# show vlan brief
Switch# show ip route
Switch# show interfaces vlan 10

For Router-on-a-stick:

Router# show ip interface brief
Router# show vlans
Router# show ip route
Router# show interfaces GigabitEthernet0/0.10

Test routing:

Router# ping 192.168.20.1 source 192.168.10.1