CCNA 200-301 Chapter 2 Network Access Lab 023 Configure Inter-VLAN Routing Using SVI

Watch Full Demo on YouTube:

Lab Objective:

The primary objective of this lab is to provide a hands-on experience in configuring and verifying Inter-VLAN routing using SVIs on a Layer 3 switch. By the end of this lab, you will understand how to create and configure SVIs, assign IP addresses to these interfaces, and enable routing between VLANs.

You will also learn how to verify the configuration and ensure that devices in different VLANs can communicate with each other. This lab will enhance your understanding of Layer 3 switch capabilities and the importance of Inter-VLAN routing in modern network environments.

Lab Topology:

Equipment Required:

• 1 x Layer 3 Cisco switch (e.g., WS-C3560-24PS)
• 2 x PCs or laptops with Ethernet ports
• Console Cable
• Ethernet Cable for connections between devices
• Computer with Terminal emulation software e.g. PuTTY

IPv4 Address Table:

A. Switch VLAN Table:

Device Name	Interface ID	Interface Mode	Allowed VLANs
Layer3_Switch	Gig0/1	Access	10
Layer3_Switch	Gig0/2	Access	20

B. SVI Table:

Device Name	Interface ID	IP Address	Subnet-Mask
Layer3_Switch	VLAN 10	192.168.10.1	255.255.255.128
Layer3_Switch	VLAN 20	192.168.20.1	255.255.255.128

C. Hosts IP Address Table:

Device Name	Interface ID	IPv4 Address	Subnet-Mask	VLAN	Default-Gateway
PC1	Fa0	192.168.10.10	255.255.255.128	10	192.168.10.1
PC2	Fa0	192.168.20.10	255.255.255.128	20	192.168.20.1

List of Command Summary:

Command	Command Description
enable	enters privileged EXEC mode.
configure terminal	enters global configuration mode from privileged EXEC mode.
hostname [hostname]	assign a device name to router.
show interfaces [interface-ID] switchport	is used to display detailed information about the switchport configuration of a specific interface on a Cisco switch. It provides information such as the administrative and operational mode of the switchport, the VLAN membership of the switchport, trunking status, allowed VLANs, native VLAN, and other relevant details related to the switchport configuration.
vlan [vlan-id]	used to create a new VLAN with the specified VLAN ID. This command allows network administrators to segment the network into multiple virtual LANs (VLANs) for better traffic management and security. By assigning devices to different VLANs based on their network requirements, administrators can control broadcast domains, enforce security policies, and optimize network performance.
switchport mode access	used on Cisco switches to configure an interface as an access port. Access ports are used to connect end devices, such as computers or printers, to the switch. When configured as an access port, the switch treats all incoming frames on that interface as belonging to the VLAN assigned to the port. This command disables dynamic trunking protocol (DTP) negotiation on the interface, ensuring that it operates only as an access port and does not participate in VLAN trunking.
switchport access vlan [VLAN-ID]	used on Cisco switches to assign a specific VLAN to an access port. This command is typically used in conjunction with the “switchport mode access” command to configure an interface as an access port and specify the VLAN to which it belongs. By assigning a VLAN to an access port, the switch ensures that all incoming traffic on that port is tagged with the specified VLAN ID. This allows the switch to segregate traffic from different VLANs and control broadcast and multicast traffic within each VLAN.
interface vlan [VLAN ID]	used to create or configure a Switched Virtual Interface (SVI) for a specified VLAN on a Layer 3 switch. This interface allows the switch to perform Layer 3 routing functions for the VLAN, such as assigning an IP address and enabling inter-VLAN routing. It is essential for managing and routing traffic between different VLANs within a network.
ip address [IPv4] [Subnetmask]	used to assign a specific IPv4 address and subnet mask to a network interface on a device such as a router or Layer 3 switch. This configuration allows the interface to participate in the specified IP network, enabling it to communicate with other devices in that network and perform routing functions.
description “DESCRIPTION OF SOME SORT”	used to assign a descriptive text label to a network interface on a device such as a router or switch. This description helps administrators to identify the purpose or details of the interface more easily when managing and troubleshooting the network.
show ip interface brief | include lan	used on Cisco devices to display a summarized list of all IP interfaces configured on the device and filter the output to only show interfaces that contain the keyword “lan” in their configuration. This command is helpful for quickly identifying and troubleshooting interfaces related to LAN (Local Area Network) configurations within the device’s network environment
show interfaces vlan [VLAN-ID]	used on Cisco switches to display detailed information about the Switched Virtual Interface (SVI) configured for a specific VLAN. SVIs are virtual interfaces associated with VLANs on Layer 3 switches, used primarily for routing traffic between VLANs.
ip routing	The command ip routing is used in Cisco IOS to enable the routing functionality on a Layer 3 device, such as a router or a Layer 3 switch. Here’s what this command does and its significance: Enabling IP Routing: When you enter ip routing in global configuration mode on a Cisco device, it enables the device to forward IP packets between different networks or subnets based on their IP addresses. This is crucial for devices that need to communicate across multiple networks, as it allows them to make forwarding decisions based on the destination IP address. Routing Table: Once IP routing is enabled, the device builds and maintains a routing table. This table contains information about directly connected networks and remote networks learned through dynamic routing protocols or static routes. The routing table helps the device determine the best path (next hop) to forward packets towards their destination. Inter-VLAN Routing: On Layer 3 switches, enabling ip routing is essential for performing inter-VLAN routing. Each VLAN typically has a corresponding SVI (Switched Virtual Interface) configured with an IP address. ip routing allows the switch to route traffic between these VLANs using the SVIs. Default Behavior: By default, IP routing is enabled on Cisco routers, but on Layer 3 switches, it needs to be explicitly enabled using the ip routing command.
show ip route	is used on Cisco routers and Layer 3 switches to display the current IP routing table. Here’s what this command provides and its significance: Routing Table: The main purpose of show ip route is to show the IP routing table maintained by the device. This table contains information about networks and subnets that the device knows about and how to reach them. It includes entries for directly connected networks, routes learned dynamically through routing protocols (such as OSPF or EIGRP), and static routes configured manually. Routing Information: Each entry in the routing table typically includes: Destination network or subnet (e.g., 192.168.1.0/24) Next-hop IP address or exit interface to reach the destination Administrative distance (a metric used to determine the reliability of the route) Route type (e.g., connected, static, or learned via a routing protocol) Metric or cost associated with the route Routing Decisions: The show ip route command helps network administrators troubleshoot connectivity issues and verify the routing paths configured on the device. By examining the routing table, administrators can determine how traffic will be forwarded based on destination IP addresses and make adjustments as needed. Dynamic Updates: If routing protocols are enabled on the device, such as OSPF (Open Shortest Path First) or EIGRP (Enhanced Interior Gateway Routing Protocol), show ip route will display routes learned dynamically from neighboring routers participating in the same routing domain.
show interfaces status	provides a summary of the current status of all interfaces on a Cisco switch. This command displays important information about each interface, including: Port: The interface identifier (e.g., Gi1/0/1). Name: The name or description assigned to the interface, if any. Status: The operational status of the interface (e.g., connected, notconnect, err-disabled). Vlan: The VLAN that the interface is assigned to. Duplex: The duplex mode of the interface (e.g., full, half, auto). Speed: The speed of the interface (e.g., 10, 100, 1000 Mbps, auto). Type: The type of interface (e.g., 10/100/1000BaseTX, SFP). This command is useful for quickly assessing the operational state and configuration details of all interfaces on the switch.
show vlan brief	used on Cisco switches to display a summary of VLAN information. When you enter this command in the CLI interface of a Cisco switch, it provides a concise overview of the VLAN configuration on the switch. This includes details such as the VLAN ID, name, and interface membership status. The output of this command is often used to quickly verify the VLAN configuration and interface assignments on the switch.
ipconfig /all	used in Windows operating systems to display detailed information about all network interfaces and their configurations.
no shutdown	enables an interface.
show running-config	save the running configuration to the startup-configuration file.
show running-config | section interface GigabitEthernet0/*	used to display the configuration details of a specific GigabitEthernet interface (interface GigabitEthernet0/) within the running configuration of a Cisco device. This command allows you to view the configuration settings related to the specified interface only, filtering out other configuration sections. It provides a focused view of the configuration parameters associated with the specified interface, including its IP address, VLAN membership, trunking settings, and any other relevant configuration details. The asterisk (*) is a wildcard character that matches any character or sequence of characters. In this context, it is used to match any subinterface under GigabitEthernet0.
show running-config | section interface FastEthernet0/1$	The “show running-config | section interface FastEthernet0/1$” command is similar to the previous one, but it focuses specifically on the FastEthernet0/1 interface. The “$” symbol at the end of the interface name indicates that the command will match only the interface that ends with “FastEthernet0/1”. This command is helpful when you want to view the configuration details of a specific FastEthernet interface without displaying configurations for other interfaces.
copy running-config startup-config	used to save the currently running configuration (stored in the RAM) to the startup configuration (stored in the NVRAM)
end	exit configuration mode.
exit	exits one level in the menu structure command.

Lab Task:

1. End host configuration:
   1. Configure the appropriate IP address, subnet-mask and default gateway on each PC from each department
   2. Verify that each PC has the appropriate IP address
2. Configure both VLANs 10 and 20 on Layer3_Switch according to the table and topology above:
   1. Create VLANs for data traffic.
   2. Verify your configuration.
3. Access port configuration:
   1. Assign Gig0/1 and Gig0/2 interfaces with the appropriate VLAN Access, include an interface description and force each port to operate in access mode
   2. Verify the step above with the appropriate command
4. SVI Configurations:
   1. Configure both SVIs on the Layer3_Switch please refer back to the SVI Table above
   2. Verify the SVI Configuration
5. Enable Routing on the Switch:
   1. Ensure IP routing is enabled on the Layer 3 switch.
6. Test connectivity:
   1. Ping the default gateway from each PC. Is the ping successful?
   2. Test data connectivity between PCs. Is the ping successful?

Lab Solution:

1- End host configuration:
a. Configure the appropriate IP address, subnet-mask and default gateway on each PC from each department

To configure the end host, simply follow the steps below:
1) Click on the stencil
2) Select Desktop from top menu
3) Select IP Configuration
4) Select Static radio button and then fill in the IP address information from the table provided in this document

b. Verify that each PC has the appropriate IP address

We can verify the IP configuration by issue this command “ipconfig” from the PC’s CLI

2- Configure both VLANs 10 and 20 on Layer3_Switch according to the table and topology above:
a. Create VLANs for data traffic.

Issue the following commands to create both VLANs 10 and 20

Layer3_Switch#configure terminal
Layer3_Switch(config)#vlan 10
Layer3_Switch(config-vlan)#vlan 20
Layer3_Switch(config-vlan)#end
Layer3_Switch#

b. Verify your configuration.

To verify the step above issue “show vlan brief”

3- Access port configuration:
a. Assign Gig0/1 and Gig0/2 interfaces with the appropriate VLAN Access, include an interface description and force each port to operate in access mode

Issue the following commands to complete task 3.a:
Layer3_Switch#configure terminal
Layer3_Switch(config)#interface gigabitEthernet 0/1
Layer3_Switch(config-if)#description “Link to PC1 – VLAN 10”
Layer3_Switch(config-if)#switchport mode access
Layer3_Switch(config-if)#switchport access vlan 10
Layer3_Switch(config-if)#exit
Layer3_Switch(config)#
Layer3_Switch(config)#
Layer3_Switch(config)#interface gigabitEthernet 0/2
Layer3_Switch(config-if)#description “Link to PC2 – VLAN 20”
Layer3_Switch(config-if)#switchport mode access
Layer3_Switch(config-if)#switchport access vlan 20
Layer3_Switch(config-if)#

b. Verify the step above with the appropriate command

To verify the current running configuration, issue this command “show running-config | section GigabitEthernet0/2$”

To verify VLAN interface assignment from the VLAN table you can issue this command “show vlan brief”

To display the layer2 configuration details of a specific interface then issue this command “show interfaces gigabitEthernet 0/1 switchport”

4- SVI Configurations:
a. Configure both SVIs on the Layer3_Switch please refer back to the SVI Table above

Here are the steps to configure SVIs for both VLANs 10 and 20:
Layer3_Switch#configure terminal
Layer3_Switch(config)#interface vlan 10
Layer3_Switch(config-if)#description “SVI 10”
Layer3_Switch(config-if)#ip address 192.168.10.1 255.255.255.128
Layer3_Switch(config-if)#exit
Layer3_Switch(config)#
Layer3_Switch(config)#interface vlan 20
Layer3_Switch(config-if)#description “SVI 20”
Layer3_Switch(config-if)#ip address 192.168.20.1 255.255.255.128
Layer3_Switch(config-if)#
Layer3_Switch(config-if)#end
Layer3_Switch#

b. Verify the SVI Configuration

To verify the current running configuration, issue this command “show running-config | section lan10$”

To verify the interface status of each VLAN interface issue this command “show ip interface brief | include lan”

To view the VLAN interface (SVI) for more detailed information, you can use this command “show interfaces vlan 10”

5- Enable Routing on the Switch:
a. Ensure IP routing is enabled on the Layer 3 switch.

We need to issue the command “ip routing” in global configuration mode from the CLI to enable IP routing.

Layer3_Switch#configure terminal
Layer3_Switch(config)#ip routing
Layer3_Switch(config)#end
Layer3_Switch#

Perform in-flight checks:
Check configuration by issuing this command “show running-config | include ip routing”

Check the routing table on the Switch by issuing this command “show ip route”

6- Test connectivity:
a. Ping the default gateway from each PC. Is the ping successful?

Yes, ping was successful, see screenshots below:

b. Test data connectivity between PCs. Is the ping successful?

Yes, this was also successful.

Troubleshooting Steps:

1. Verify VLAN Configuration:
   • Check VLAN Existence
   • Check VLAN Assignment
2. Verify SVI Configuration:
   • Check SVI Status
   • Check SVI Configuration
3. Verify IP Routing Configuration
   • Check if IP Routing is Enabled
     Ensure that IP routing is enabled on the switch.
     Switch# show running-config | include ip routing
     If not present, enable IP routing
     Switch(config)# ip routing
4. Verify Interface Status
   • Check Interface Status
   • Check Interface VLAN Assignment
5. Verify Device Configuration
   • Check Device IP Configuration
   • Check Connectivity within the Same VLAN
6. Verify Routing Table
   • Check Routing Table on the Switch
     Verify that the routing table includes routes for all VLANs
     Switch# show ip route
7. Check for ACLs and Security Settings
   • Check Access Control Lists (ACLs)
8. Additional Troubleshooting
   • Check for Spanning Tree Issues
   • Check for Duplex and Speed Mismatches

Note:

Inter-VLAN routing using SVI (Switched Virtual Interface) is a method that allows communication between different VLANs within a network. VLANs (Virtual Local Area Networks) are used to segment network traffic for improved performance, security, and management. However, devices in different VLANs cannot communicate with each other without a routing mechanism. This is where Inter-VLAN routing comes in.

SVI is a logical interface configured on a network switch, typically a Layer 3 switch, that provides Layer 3 processing for packets to and from all switch ports associated with that VLAN. Each SVI is assigned an IP address that acts as the default gateway for devices in that VLAN. By configuring SVIs for each VLAN, a Layer 3 switch can route traffic between VLANs. This eliminates the need for a dedicated router for VLAN communication, simplifying the network architecture and reducing latency.

To set up Inter-VLAN routing using SVIs, the network administrator configures an SVI for each VLAN with an IP address. The switch then uses these SVIs to route traffic between VLANs. For example, if VLAN 10 and VLAN 20 need to communicate, SVIs are configured for both VLANs, and the switch uses these interfaces to forward traffic between the VLANs based on their IP addresses. This setup is efficient and scalable, making it a preferred solution for many enterprise networks.

Conclusion:

This lab has demonstrated the configuration and verification of Inter-VLAN routing using SVIs on a Layer 3 switch. By setting up SVIs and enabling routing, you have learned how to facilitate communication between VLANs, an essential skill for managing modern networks. The knowledge gained from this lab will be valuable in designing and maintaining efficient and secure network environments, ensuring seamless communication across different network segments.

Packet Tracer Lab (Pre/Post configuration):

Download the file below and open the word document to access the Packet Tracer labs.