Home > InterVLAN Routing Tutorial

InterVLAN Routing Tutorial

February 22nd, 2012 Go to comments

In the previous VLAN tutorial we learned how to use VLAN to segment the network and create “logical” broadcast domains. In this tutorial we will learn about InterVLAN Routing.

What is InterVLAN routing?

As we learned, devices within a VLAN can communicate with each other without the need of Layer 3 routing. But devices in separate VLANs require a Layer 3 routing device to communicate with one another. For example, in the topology below host A and B can communicate with each other without a router in the same VLAN 10; host C and D can communicate in the same VLAN 20. But host A can’t communicate with host C or D because they are in different VLANs.


To allow hosts in different VLANs communicate with each other, we need a Layer 3 device (like a router) for routing:


The routing traffic from one VLAN to another VLAN is called InterVLAN routing.

Now host A can communicate with host C or D easily. Now let’s see how the traffic is sent from host A to host D. First, host A knows the destination host is in a different VLAN so it sends traffic to its default gateway (on the router) through the switch. The switch tags the frame as originating on VLAN 10 and forwards to the router. In turn, the router makes routing decision from VLAN 10 to VLAN 20 and sends back that traffic to the switch, where it is forwarded out to host D.


Notice that the routing decision to another VLAN is done by the router, not the switch. When frames leave the router (step 3 in the picture above), they are tagged with VLAN 20.

Also notice that receiving ends (host A & D in this case) are unaware of any VLAN information. Switch attaches VLAN information when receiving frames from host A and removes VLAN information before forwarding to host D.

But there is one disadvantage in the topology above: for each VLAN we need a physical connection from the router to the switch but in practical, the interfaces of the router are very limited. To overcome this problem, we can create many logical interfaces in one physical interface. For example from a physical interface fa0/0 we can create many sub-interfaces like fa0/0.0, fa0/0.1 … Now this router is often called “router on a stick” (maybe because there is only one physical link connecting from router so it looks like a router on a stick ^^)


The router treats each sub-interface as a separate physical interface in routing decisions -> data can be sent and received in the same physical interface (but different sub-interfaces) without being dropped by the split-horizon rule in the case you want to send routing updates through the router from one VLAN to another.


Configuring InterVLAN routing

Now you understand how InterVLAN works. To accomplish InterVLAN routing, some configuration must be implemented on both router and switch. Let’s see what actions need to be completed when we want to configure InterVLAN in “router on a stick” model using the above topology.

+ The switch port connected to the router interface must be configured as trunk port.
+ The router sub-interfaces must be running a trunking protocol. Two popular trunking protocols in CCNA are 802.1q (open standard) and InterSwitch Link (ISL, a Cisco propriety protocol).
+ Set IP address on each sub-interface.


To help you understand more clearly about InterVLAN, the main configuration of router & switch are shown below:

Configure trunk port on switch:

Switch(config)#interface f0/0
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode trunk

Create sub-interfaces, set 802.1Q trunking protocol and ip address on each sub-interface

Router(config)#interface f0/0
Router(config-if)#no shutdown

(Note: The main interface f0/0 doesn’t need an IP address but it must be turned on)

Router(config)#interface f0/0.0
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address
Router(config-subif)#interface f0/0.1
Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip address

(Note: In the “encapsulation dot1q 10” command, 10 is the VLAN ID this interface operates in)

I also list the full configuration of the above topology for your reference:

Configure VLAN

Switch(config)#vlan 10
Switch(config-vlan)#name SALES
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name TECH

Set ports to access mode & assign ports to VLAN

Switch(config)#interface range fa0/1-2
Switch(config-if)#no shutdown
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)#interface range fa0/3-4
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode access
Switch(config-if)# switchport access vlan 20

In practical, we often use a Layer 3 switch instead of a switch and a “router on the stick”, this helps reduce the complexity of the topology and cost.


Note: With this topology, we don’t need to use a trunking protocol and the “switchport mode trunk” command. The full configuration of Layer 3 switch is listed below:

Switch configuration

ip routing
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
interface FastEthernet0/2
switchport access vlan 20
switchport mode access

interface Vlan10
ip address
interface Vlan20
ip address

And on hosts just assign IP addresses and default gateways (to the corresponding interface VLANs) -> hosts in different VLANs can communicate.

In summary, InterVLAN routing is used to permit devices on separate VLANs to communicate. In this tutorial you need to remember these important terms:

+ Router-on-a-stick: single physical interface routes traffic between multiple VLANs on a network.
+ Subinterfaces are multiple virtual interfaces, associated with one physical interface. These subinterfaces are configured in software on a router that is independently configured with an IP address and VLAN assignment.

Comments (28) Comments
Comment pages
1 2 3 1061
  1. Anonymous
    May 19th, 2016

    use the command prompet

  2. irigyel
    May 23rd, 2016

    i think the native vlan command is missing. i also tried this configuration but different vlans cant communicate to each other. but then i put native vlans on both ends and it works. i set my vlan 10 as native. here’s the command

    Router(config)# int fa0/1.1
    Router(config-if)#encapsulation dot1q 10 native

    Switch(config-if)#switchport native vlan 10

  3. the boss
    July 4th, 2016

    i think here the native vlan is not necessary

  4. Ibrahim Miah
    August 13th, 2016

    This tutorial is definitely very helpful for us..

  5. Rej
    August 28th, 2016

    If we add another two vlan to this topology, for example vlan 30 (for Pc) and vlan 40( for webserver).
    Vlan 40 wants to talk only vlan 40
    Vlan 30 wants to talk to all vlans.

    How can we configure this? Looking forward for your advise

  6. 9tut
    August 29th, 2016

    @Rej: In this case Vlan 40 can communicate to Vlan 30 so your request should be understand like this:
    Vlan 40 wants to talk only vlan 30,40
    Vlan 30 wants to talk to all vlans.
    InterVlan cannot fully fulfill your request. In practical we should filter traffic based on IP at Layer 3 (with Access-list). VLAN should only be used to separate traffic on different Vlan.
    Another way to do this in Layer 2 is Private VLAN. Configure ports in Vlan 30 as promiscuous ports and Vlan 40 ports in Community ports.

  7. Rej
    August 29th, 2016

    Thank you :)

  8. Obieizy
    October 3rd, 2016

    in a process where there is vlan 10,20,30,40,50 can clan 20 communicate with all vlans.?

  9. jack
    October 9th, 2016

    Someone please send me latest dumps for 200-125
    {email not allowed}

  10. JAAH
    October 28th, 2016

    Thank you for your help. What you are doing is a great service to mankind because it is helping us to progress in our education and life.

    Since I cannot thank you enough, I pray to God to bless you and grant you more progress in whatever you do.

  11. theshi
    November 15th, 2016

    sir im not familiar wth configurations on spanning tree protocol and RSTP

  12. Anonymous
    November 18th, 2016


  13. meu
    December 3rd, 2016

    this is very helpful

  14. john
    December 22nd, 2016

    please correction for command line in router with int f0/0.0

  15. ezhil
    December 29th, 2016

    In inter vlan, we are using same network or different network.Like vlan 2,3,4,5 etc are comes under same network or different network.

  16. ezhil
    December 29th, 2016

    In this example vlan 10 using and vlan using then what is the vlan.

    concept of vlan,logical broadcast domain which is derived from physical broadcast domain.

    pls clear me

  17. ezhil
    December 29th, 2016

    correct me if i am wrong

    January 25th, 2017

    what is the router commant that a router stand on two stick?????

  19. Anonymous
    February 11th, 2017

    What is inter VLAN routing defination properly ????

  20. como investir no tesouro direto bradesco
    March 2nd, 2017

    Do lado do Tesouro Рátrio, é possível qսe ter maior interesse ᥱm vender certos tipos
    ɗe títulos em momentos Ԁe crise օu instabilidade política oս ainda pode-se aspirar alçar maiѕ grandes recursos ρara limitado օu longo prazo. http://s499686891.mialojamiento.es/index.php/component/k2/itemlist/user/106696

  21. Anonymous
    August 7th, 2017

    Cool stuff

  22. Anonymous
    February 1st, 2018

    anyone please upload the latest dumps for ccna 200-125

  23. nigh
    February 5th, 2018

    hello guys newbie here in 9tut. Someone can help me for my incoming ccna exam.

  24. can anyone share the latest dumps ccna 200-125? amankosov23@
    February 19th, 2018


  25. Abrahim Satti
    April 18th, 2018

    Outstanding tutorials

  26. jahdiur
    April 29th, 2018

    Thanks for your explanation that you provide with easy way.

  27. bruno
    August 7th, 2018


  28. Mamun from BD
    February 26th, 2020

    Useful articles. Thanks a lot !!!

Comment pages
1 2 3 1061
Add a Comment