VLAN is the concept of using multiple LAN over switches or routers. Each VLAN has it's own broadcast domain and has different subnet id. So you can create multiple VLANs and allocate different subnets thus increases the security. I already mentioned that each VLAN has it's own subnets id so you need a layer 3 device namely router to send packets between these VLANs. This is called inter-VLAN routing, this can be done in three ways. Legacy inter-VLAN routing, the router on a stick and layer 3 switches.
configuring Legacy inter-VLAN routing.
As mentioned earlier, the Router is needed to set up the legacy inter-VLAN routing. Especially each plan has separated physical interfaces that connected to the router. So connection mode between router and switch should not be in the trunk. The problem here is the number of VLANs to be depended on the number of physical interfaces on the router. But it can access the full bandwidth of the physical interface. Here we didn't configure the Router as DHCP server. Let's see how to configure legacy inter-VLAN routing. if you are a beginner to networking then you can use this book called CCNA Routing and Switching Complete Study Guide: Exam 100-105, Exam 200-105, Exam 200-125 2nd Edition. This book will help you to pass the CCNA exams easily.
Switch configuration.
Firstly we need power on the switch and enable the switch in the ios command line
Switch>en
Switch#config
Now we need to create VLAN 10 and VLAN 20
Switch(config)#vlan 10
Switch(config)#vlan 20
Allocating fast Ethernet 0/1 for VLAN 10 and fast Ethernet 0/2 for VLAN 20.
Switch(config)#interface fastEthernet 0/1
Allocating fast gigabit ethernet 0/2 for VLAN 10 and gigabit Ethernet 0/1 for VLAN 20. so these interfaces will be in access mode.
Allocating fast Ethernet 0/1 for VLAN 10 and fast Ethernet 0/2 for VLAN 20.
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#switchport access vlan 10
Switch(config)#interface fastEthernet 0/2
Switch(config-if)#switchport access vlan 20Allocating fast gigabit ethernet 0/2 for VLAN 10 and gigabit Ethernet 0/1 for VLAN 20. so these interfaces will be in access mode.
Switch(config)#interface gigabitEthernet 0/2
Router configuration.
pc0 configurations.
pc1 configurations.
Switch(config-if)#switchport access vlan 10
Switch(config)#interface gigabitEthernet 0/1
Switch(config-if)#switchport access vlan 20
Router configuration.
Router>en
Assigning IP addresses for interfaces. Here gigabit Ethernet 0/1 belongs to VLAN 10 and gigabit Ethernet 0/0 belongs to VLAN 20.
Assigning IP addresses for interfaces. Here gigabit Ethernet 0/1 belongs to VLAN 10 and gigabit Ethernet 0/0 belongs to VLAN 20.
Router(config)#interface gigabitEthernet 0/1
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config)#interface gigabitEthernet 0/0
Router(config-if)#ip address 192.168.2.1 255.255.255.0
Router(config-if)#no shutdownpc0 configurations.
IP address 192.168.1.2
subnet mask 255.255.255.0
default gateway 192.168.1.1
pc1 configurations.
IP address 192.168.2.2
subnet mask 255.255.255.0
default gateway 192.168.2.1
Router>en
creating subinterfaces on gigabit ethernet0/0 according to the number of VLANs and setting up encapsulation protocol type with VLAN id.
no shutdown command should be given to gigabit Ethernet 0/0. so that interface will go up. router's interfaces are shut down by default because of the security purpose.
.
Assigning fast Ethernet 0/1as VLAN 10 and FastEthernet 0/24 as VLAN 20.
Switch(config)#interface fastEthernet 0/24
Switch(config-if)#switchport access vlan 20
Another important thing is VLAN 30 should be created in switch 1 even it doesn't have any host belong to VLAN 30. Otherwise, the switch will drop the packet.
Switch(config)#vlan 30
Switch 2 configurations
Configuring Router on a stick.
creating subinterfaces on gigabit ethernet0/0 according to the number of VLANs and setting up encapsulation protocol type with VLAN id.
Router(config)#interface gigabitEthernet 0/0.10
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 192.168.1.1 255.255.255.0
Router(config)#interface gigabitEthernet 0/0.20
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip address 192.168.2.1 255.255.255.0
Router(config)#interface gigabitEthernet 0/0.30
Router(config-subif)#encapsulation dot1Q 30
Router(config-subif)#ip address 192.168.3.1 255.255.255.0
no shutdown command should be given to gigabit Ethernet 0/0. so that interface will go up. router's interfaces are shut down by default because of the security purpose.
Router(config)#interface gigabitEthernet 0/0
Router(config-if)#no shutdown
Switch 1 configuration
Switch>en
Changing these two interfaces to trunk mode.
Switch(config)#interface range gigabitethernet 0/1-2
Switch(config-if)#switchport mode trunk
Assigning fast Ethernet 0/1as VLAN 10 and FastEthernet 0/24 as VLAN 20.
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#switchport access vlan 10Switch(config)#interface fastEthernet 0/24
Switch(config-if)#switchport access vlan 20
Another important thing is VLAN 30 should be created in switch 1 even it doesn't have any host belong to VLAN 30. Otherwise, the switch will drop the packet.
Switch(config)#vlan 30
Switch>en
Switch(config)#interface fastEthernet 0/24
Switch(config-if)#switchport access vlan 20
pc4 configurations.
pc5 configurations.
layer 3 Switch configurations
Switch>en
Creating a virtual interface for each VLAN and assigning IP addresses.
Switch(config)#interface vlan 10
Switch(config-if)#ip address 192.168.1.1 255.255.255.0
Switch(config)#interface vlan 20
Switch(config-if)#ip address 192.168.2.1 255.255.255.0
Switch(config)#interface vlan 30
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#switchport access vlan 10
Switch(config)#interface fastEthernet 0/2
Switch(config-if)#switchport access vlan 20
Switch(config)#interface fastEthernet 0/3
Switch(config-if)#switchport access vlan 30
enabling IP routing on layer 3 switches. ( IP routing is not enabled in layer 3 switch by default .)
Switch(config-if)#ip routing
pc1 configurations.
Switch(config)#interface gigabitethernet 0/2
Switch(config-if)#switchport mode trunk
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#switchport access vlan 10Switch(config)#interface fastEthernet 0/24
Switch(config-if)#switchport access vlan 20
Switch(config)#interface fastEthernet 0/2
Switch(config-if)#switchport access vlan 30
pc1 configurations.
IP address 192.168.1.2
subnet mask 255.255.255.0
default gateway 192.168.1.1
pc2 configurations.
IP address 192.168.2.2
subnet mask 255.255.255.0
default gateway 192.168.2.1
pc3 configurations.
IP address 192.168.1.3
subnet mask 255.255.255.0
default gateway 192.168.1.1pc4 configurations.
IP address 192.168.2.3
subnet mask 255.255.255.0
default gateway 192.168.2.1pc5 configurations.
IP address 192.168.3.2
subnet mask 255.255.255.0
default gateway 192.168.3.1Configuring inter-VLAN routing with layer 3 switch.
Switch>en
Creating a virtual interface for each VLAN and assigning IP addresses.
Switch(config)#interface vlan 10
Switch(config)#interface vlan 20
Switch(config-if)#ip address 192.168.2.1 255.255.255.0
Switch(config)#interface vlan 30
Switch(config-if)#ip address 192.168.3.1 255.255.255.0
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#switchport access vlan 10
Switch(config)#interface fastEthernet 0/2
Switch(config-if)#switchport access vlan 20
Switch(config)#interface fastEthernet 0/3
Switch(config-if)#switchport access vlan 30
enabling IP routing on layer 3 switches. ( IP routing is not enabled in layer 3 switch by default .)
Switch(config-if)#ip routing
pc1 configurations.
IP address 192.168.1.2
subnet mask 255.255.255.0
default gateway 192.168.1.1
pc2 configurations.
IP address 192.168.2.2
subnet mask 255.255.255.0
default gateway 192.168.2.1
pc3 configurations.
IP address 192.168.3.2
subnet mask 255.255.255.0
default gateway 192.168.3.1