CCNP Switch Notes InterVLAN Routing

CCNP Switch Notes InterVLAN Routing

VLANs divide the network into smaller broadcast domains but also prohibit communication between domains. To enable communication between those groups–without also passing broadcasts–routing is used.

InterVLAN Routing Using an External Router

A Layer 2 switch can connect to a router to provide reachability between VLANs. This can be done either via separate physical links for each VLAN or via a trunk link from the switch to the router. A trunk link is most common and this type of setup is frequently called Router on a Stick.

When using a trunk link you must create separate subinterfaces on the router’s physical interface—one subinterface for each VLAN plus one for the native VLAN. This can work with any kind of switch and the implementation is straightforward, but the router becomes a single point of failure for all users, and the trunk link might become congested.

The router’s configuration would look similar to the following:

InterVLAN Routing Using Multilayer Switches

A multilayer switch can do both Layer 2 switching and Layer 3 routing between VLANs. This section walks you through the switching process and focuses on order of operations. The order in which things happen is extremely important for two reasons. First, the order of events is good test material. Second, understanding the processing order allows you to evaluate how the various filtering and forwarding mechanisms interact. (Examples include error checking, access-lists, VLAN access-lists, routing, and QoS.)

The Layer 2 and Layer 3 Forwarding Process
A multilayer switch does Layer 2 forwarding when the destination MAC address is mapped to one of its interfaces. The steps involved in Layer 2 forwarding are as follows:


  1. Receive frame
  2. Verify frame integrity
  3. Apply inbound VLAN ACL (VLAN Access Control List)
  4. Look up destination MAC (Media Address Code)


  1. Apply outbound VLAN ACL
  2. Apply outbound QoS ACL
  3. Select output port
  4. Place in port queue
  5. Rewrite
  6. Forward

A multilayer switch does Layer 3 forwarding when the destination MAC address is one of the switch’s own addresses. The steps involved in Layer 3 forwarding are as follows:


  1. Receive frame.
  2. Verify frame integrity.
  3. Apply inbound VLAN ACL.
  4. Look up destination MAC.


Apply input ACL
Switch if entry is in CEF cache
Identify exit interface and next-hop address using routing table
Apply output ACL


  1. Apply outbound VLAN ACL.
  2. Apply outbound QoS ACL.
  3. Select output port.
  4. Place in interface queue.
  5. Rewrite source and destination MAC, IP checksum and frame check sequence, and decrement TTL (Time to Live field in the IP header).
  6. Forward.

Understanding the Switching Table
Multilayer switches use Application Specific Integrated Circuits (ASIC) to forward packets at wire speed. The Content Addressable Memory (CAM) table, used for Layer 2 switching, is created by recording the source MAC address and ingress port of each frame. It contains binary values (0 or 1) and must find an exact match to have a hit.

In comparison, Multilayer Switching (MLS) uses aa Ternary Content Addressable Memory (TCAM) table to store information needed by Layer 3 and higher processing. This might include QoS and ACLs. Values in the TCAM table include ternary values (0, 1, or wildcard). An exact match is not required—the longest match is considered a hit.

MLS Interfaces
A multilayer switch can have the following types of interfaces:

  • Layer 2 Interface: Either an access port assigned to a VLAN or a trunk port.
  • Switch Virtual Interface (SVI): A virtual, software interface for the VLAN itself. Can be either a Layer 2 interface or a Layer 3 interface.
  • Routed Interface: A physical interface that is not associated with a VLAN and acts like a router port.

SVI Configuration

A default SVI for VLAN 1 is automatically created in the switch. To create an SVI use the command interface vlan#.Configure an IP address on the SVI to make it a Layer 3 interface.SVIs are used to:

  • Route or fallback bridge between VLANs.
  • Provide a default gateway for users in that VLAN.
  • Route traffic into or out of its associated VLAN.
  • Provide an IP address for connectivity to the switch itself.
  • Provide an interface for routing protocols

An SVI is considered “up” as long as at least one port in its associated VLAN is active and forwarding. If all ports in the VLAN are down, the interface goes down to avoid creating a routing black hole. You might not want the status of a particular port (one not connected to a host) to affect the SVI’s status. Some Cisco switches enable you to use the following command on that interface.

To configure InterVLAN routing using a Layer 3 SVI, you need to:

  • Enable IP routing.
  • Create the VLANs.
  • Create the SVIs.
  • Associate an IP address with each SVI.
  • Configure a dynamic routing protocol if needed.
Routed Switch Port Configuration
To configure an interface as a routed port, you must remove the Layer 2 functionality with the no switch port interface command. Then you can add an IP address and configure routing as needed:
To verify your configuration, use the commands show ip interface brief,show interface, or show running-config interfaceint-#.

Understanding Switch Forwarding Architectures
Packets entering a router or multilayer switch are handled by one of three types of switching:

  • Process Switching: Each packet must be examined by the CPU and handled in software. Slowest method, used in routers only.
  • Fast Switching: CPU process switches the first packet in each flow, then caches that information, and switches subsequent packets in hardware. Faster than process switching, used in routers and multilayer switches. Also called route caching.
  • Cisco Express Forwarding (CEF): A table is prebuilt with adjacency information for all destinations in the routing table. Fastest method, is the default for Cisco routers and multilayer switches. Also called topology-based switching.

CEF Switching
Multilayer Switching (MLS) is a switch feature that enables the switch to route traffic between VLANs and routed interfaces in a highly optimized and efficient manner. Cisco Express Forwarding (CEF) is used to facilitate MLS (see Figure 4-1). Cisco Express Forwarding (CEF) does the following:

  • Separates control plane hardware from data plane hardware.
  • Controls plane runs in software and builds FIB and adjacency table.
  • The data plane uses hardware to forward most IP unicast traffic.
  • Uses TCAM table.
  • Can be centralized or distributed.

Not all types of traffic can be handled by CEF. Some types that arepunted(sent to the processor for handling) are:

  • Packets with IP header options
  • Tunneled traffic
  • 802.3 (IPX) or other unsupported encapsulation types
  • Packets with an expiring TTL
  • Packets that must be fragmented

Configuring and Troubleshooting CEF
By default, CEF is on and supports per destination load sharing.
To disable CEF

  • 4500: Use(config)#no ip cef.
  • 3500/3700: On each interface, use(config)#no ip route-cache cef.
  • 6550 with policy feature card, distributed FC, and multilayer switch FC: cannot be disabled.

View CEF information with the following:

View switching statistics with the following:
View FIB with the following:
View detailed CEF FIB entry with the following:
Troubleshoot CEF drops with the following:
Troubleshoot CEF adjacencies with the following:

About the author


Leave a Comment