EdgeSwitch - VLANs and Inter-VLAN Routing (Layer 3 Switching)

 Overview


Readers will learn how to configure Inter-VLAN routing on an EdgeSwitch through the use of Switch Virtual Interfaces (SVI), which is a routable VLAN interface.

book_25x25.png  Notes & Requirements:

Applicable to EdgeSwitch 1.7.1 + firmware in all EdgeSwitch models. Knowledge of the Command Line Interface (CLI) and basic networking knowledge is required. Please see the Related Articles below for more information and see the attachments for the configurations used in this article.

 

Equipment used in this article:

- EdgeSwitch-8-150W (ES-8-150W)

- EdgeRouter-X (ER-X)

- UniFi AC-Lite (UAP-AC-Lite)

- Test clients (Host, Phone and Server)


Table of Contents


  1. Network Diagram
  2. Steps - VLANs and VLAN-Interfaces
  3. Steps - Testing & Verification
  4. Related Articles

Network Diagram


Back to Top

The network topology is shown below. The following interfaces are in use on the EdgeSwitch (ES) and the EdgeRouter (ER).

ER-X

  • eth0 (WAN)
  • eth1 (LAN) - 10.255.12.1/30

ES-8

  • 0/1 (tagged) - VLAN10
  • 0/1 (untagged) - VLAN99
  • 0/2 (untagged) - VLAN20
  • 0/3 (untagged) - VLAN10
  • 0/8 (routed) - 10.255.12.2/30

The UAP will tag the wireless network with VLAN10. The management traffic of the UAP itself will arrive untagged on the 0/1 port and will be placed in VLAN99 (native VLAN). The host and the server will be placed in VLAN10 and VLAN20. Each client will receive a DHCP address from the ES and will route all traffic through the switch to the ER.


Steps - VLANs and VLAN-Interfaces


Back to Top

In this example the ES is running in the default configuration with the addition of SSH management access. The first step is to create the VLANs and associate them to specific ports (tagged or untagged).

 

CLI_circle.png  CLI STEPS: Access the command line interface (CLI). You can do this by using a program such as PuTTY to connect via SSH, Telnet or the console.

1. Enter privileged mode.

enable

2. Create the VLANs and VLAN-Interfaces (SVIs).

vlan database 
vlan 10,20,99
vlan routing 10 1
vlan routing 20 2
vlan routing 99 3
exit
info_i_25x25.png Note: The format is vlan routing <vlan-id> <interface-id (1-15)>. The interface-id does not need to match the VLAN number and is used to separate the VLAN-Interfaces in the internal switch architecture.

3. Enter configuration mode.

configure

4. Assign the ports to the VLANs created above.

The configuration below untags port 0/2 for VLAN20 and 0/3 for VLAN10 (pvid). Port 0/1 will be tagged for VLAN10 (tagging) with VLAN99 as the native VLAN (pvid) Afterwards unneeded VLANs are excluded from participating on the ports.

interface 0/1
description UAP
vlan tagging 10
vlan pvid 99
vlan participation exclude 1,20
vlan participation include 10,99
exit

interface 0/2
description Server
vlan pvid 20
vlan participation exclude 1,10,99
vlan participation include 20
exit

interface 0/3
description Host
vlan pvid 10
vlan participation exclude 1,20,99
vlan participation include 10
exit

4. Enable routing functionality on the uplink port (0/8) and assign it an IP address.

interface 0/8
description ER-X
routing
ip address 10.255.12.2 255.255.255.252
exit

5. Associate the SVIs with IP addresses and enable routing.

interface vlan 10
ip address 10.0.10.2 255.255.255.0
routing
exit

interface vlan 20
ip address 10.0.20.2 255.255.255.0
routing
exit

interface vlan 99
ip address 10.0.99.2 255.255.255.0
routing
exit

6. Globally enable routing functionality and create a default route to the ER.

ip routing
ip route 0.0.0.0 0.0.0.0 10.255.12.1
info_i_25x25.png Note: It is recommended to create the default route (and all other routes) using the ip route <network> <mask> <next-hop> statement instead of the ip default-gateway <next-hop> statement. The latter command is intended for EdgeSwitches that operate purely in Layer 2 mode without any added routing functionality.

 

info_i_25x25.png Note: If you are following this guide exactly and want to provide internet access to these clients. Then don't forget that the EdgeRouter (ER) also needs to know how to reach the 10.0.10.0/24, 10.0.20.0/24 and 10.0.99.0/24 networks. For example, 3 static routes pointing to the 10.255.12.2 address.

7. (Optional) Globally enable DHCP services.

service dhcp

8. (Optional) Exclude IP addresses that should not be assigned by the DHCP server.

ip dhcp excluded-address 10.0.10.0 10.0.10.10
ip dhcp excluded-address 10.0.20.0 10.0.20.10
ip dhcp excluded-address 10.0.99.0 10.0.99.10

9. (Optional) Create the DHCP pools.

ip dhcp pool VLAN10
lease 0 12 0
dns-server 10.0.20.11
default-router 10.0.10.2
network 10.0.10.0 255.255.255.0
exit

ip dhcp pool VLAN20
lease 0 12 0
dns-server 10.0.20.11
default-router 10.0.20.2
network 10.0.20.0 255.255.255.0
exit

ip dhcp pool VLAN99
lease 0 12 0
dns-server 10.0.20.11
default-router 10.0.99.2
network 10.0.99.0 255.255.255.0
exit
info_i_25x25.png Note: In this example the server at 10.0.20.11 provides DNS services for all the VLANs.

 

10. Exit back to privileged mode and write the changes to the startup configuration.

exit
write memory

www.png   (ALTERNATIVE) GUI STEPS: Access the switch Web-Management Portal (GUI).

1. Create the VLANs.

Basic > VLAN > VLAN Wizard > Add VLAN  

Enter 10,20,99 and select 'Add' 

2. Assign the ports to the VLANs created above using the wizard.

Port 0/1: Excluded (E) for VLAN1 / VLAN20
Port 0/1: Untagged (U) for VLAN99
Port 0/1: Tagged (T) for VLAN10

Port 0/2: Excluded (E) for VLAN1 / VLAN10 / VLAN99
Port 0/2: Untagged (U) for VLAN20

Port 0/3: Excluded (E) for VLAN1 / VLAN20 / VLAN99
Port 0/3: Untagged (U) for VLAN10

3. Create the SVIs and enable IP routing functionality.

Routing > IP > Interface Configuration

Type: VLAN
VLAN: VLAN 10
Routing Mode: Enable
Admin Mode: Enable
IP Address Configuration Method: Manual
IP Address: 10.0.10.2
Subnet Mask: 255.255.255.0

Type: VLAN
VLAN: VLAN 20
Routing Mode: Enable
Admin Mode: Enable
IP Address Configuration Method: Manual
IP Address: 10.0.20.2
Subnet Mask: 255.255.255.0

Type: VLAN
VLAN: VLAN 99
Routing Mode: Enable
Admin Mode: Enable
IP Address Configuration Method: Manual
IP Address: 10.0.99.2
Subnet Mask: 255.255.255.0

4. Globally enable routing functionality and create a default route to the ER.

Routing > IP > Configuration

Routing Mode: Enabled 

Routing > Router > Configured Routes > Add

Route Type: Static
Network Address: 0.0.0.0
Subnet Mask: 0.0.0.0
Next Hop IP Address: 10.255.12.1
Preference: 1

5. (Optional) Globally enable DHCP services.

System > Advanced Configuration > DHCP Server > Global

Admin Mode: Enable

6. (Optional) Create the DHCP pools.

System > Advanced Configuration > DHCP Server > Pool Summary > Add

Pool Name: VLAN10
Type of Binding: Dynamic
Network Base Address: 10.0.10.0
Network Mask: 255.255.255.0
Range Start: 10.0.10.11
Range Stop: 10.0.10.255
Lease Expiration: Enable
Lease Duration: 12 Hours
Default Router Address 10.0.10.2
DNS Server Address 1: 10.0.20.11

Pool Name: VLAN20
Type of Binding: Dynamic
Network Base Address: 10.0.20.0
Network Mask: 255.255.255.0
Range Start: 10.0.20.11
Range Stop: 10.0.20.255
Lease Expiration: Enable
Lease Duration: 12 Hours
Default Router Address 10.0.20.2
DNS Server Address 1: 10.0.20.11

Pool Name: VLAN99
Type of Binding: Dynamic
Network Base Address: 10.0.99.0
Network Mask: 255.255.255.0
Range Start: 10.0.99.11
Range Stop: 10.0.99.255
Lease Expiration: Enable
Lease Duration: 12 Hours
Default Router Address 10.0.99.2
DNS Server Address 1: 10.0.99.11

Steps - Testing & Verification


Back to Top

After configuring the ports and VLANs, verify the connections/state using the following commands:

1. The VLAN port state of the switchport interfaces:

show interfaces switchport general 
Intf PVID Ingress Acceptable Untagged Tagged Forbidden Dynamic
Filtering Frame Type Vlans Vlans Vlans Vlans
--------- ----- ---------- ---------- --------- --------- --------- ---------
0/1 99 Disabled Admit all 99 10 1,20
0/2 20 Disabled Admit all 20 1,10,99
0/3 10 Disabled Admit all 10 1,20,99

show interfaces switchport 0/1
VLAN Membership Mode: General
General Mode PVID: 99
General Mode Untagged VLANs: 99
General Mode Tagged VLANs: 10
General Mode Forbidden VLANs: 1,20

show interfaces switchport 0/2
VLAN Membership Mode: General
General Mode PVID: 20
General Mode Untagged VLANs: 20
General Mode Tagged VLANs:
General Mode Forbidden VLANs: 1,10,99

show interfaces switchport 0/3
VLAN Membership Mode: General
General Mode PVID: 10
General Mode Untagged VLANs: 10
General Mode Tagged VLANs:
General Mode Forbidden VLANs: 1,20,99

2. The state of the routed interface and SVIs:

show ip interface 0/8
Routing interface status....................... Up
Primary IP address............................. 10.255.12.2/255.255.255.252
Method......................................... Manual
Routing Mode................................... Enable
Administrative Mode............................ Enable
Active State................................... Active
Encapsulation Type............................. Ethernet
IP MTU......................................... 1500

show ip interface brief
Interface State IP Address IP Mask TYPE Method
---------- ----- --------------- --------------- --------------- ------
0/8 Up 10.255.12.2 255.255.255.252 Primary Manual
vlan 10 Up 10.0.10.2 255.255.255.0 Primary Manual
vlan 20 Up 10.0.20.2 255.255.255.0 Primary Manual
vlan 99 Up 10.0.99.2 255.255.255.0 Primary Manual

show ip route
Route Codes: C - Connected, S - Static
Default Gateway is 10.255.12.1

S 0.0.0.0/0 [1/0] via 10.255.12.1, 00h:04m:36s, 0/8
C 10.0.10.0/24 [0/0] directly connected, 4/1
C 10.0.20.0/24 [0/0] directly connected, 4/2
C 10.0.99.0/24 [0/0] directly connected, 4/3
C 10.255.12.0/30 [0/0] directly connected, 0/8

3. The globally configured DHCP options and pools (if configured):

show ip dhcp global configuration
Service DHCP................................... Enable
Number of Ping Packets......................... 2
Excluded Address............................... 10.0.10.0 to 10.0.10.10
                                                10.0.20.0 to 10.0.20.10
                                                10.0.99.0 to 10.0.99.10
Conflict Logging............................... Enable
Bootp Automatic................................ Disable

show ip dhcp pool configuration all
Pool: VLAN10
Pool Type...................................... Dynamic
Network........................................ 10.0.10.0 255.255.255.0
Lease Time..................................... 0 days 12 hrs 0 mins
DNS Servers.................................... 10.0.20.11
Default Routers................................ 10.0.10.2

Pool: VLAN20
Pool Type...................................... Dynamic
Network........................................ 10.0.20.0 255.255.255.0
Lease Time..................................... 0 days 12 hrs 0 mins
DNS Servers.................................... 10.0.20.11
Default Routers................................ 10.0.20.2

Pool: VLAN99
Pool Type...................................... Dynamic
Network........................................ 10.0.99.0 255.255.255.0
Lease Time..................................... 0 days 12 hrs 0 mins
DNS Servers.................................... 10.0.20.11
Default Routers................................ 10.0.99.2

show ip dhcp binding
IP address Hardware Address Lease Expiration Type
--------------- ----------------- ----------------- ------------------
10.0.10.11 80:2a:a8:8b:bd:01 00:11:51 Automatic (Phone)
10.0.10.12 80:2a:a8:00:80:dc 00:11:46 Automatic (Host)
10.0.20.11 80:2a:a8:a5:a8:99 00:11:50 Automatic (Server)
10.0.99.11 80:2a:a8:99:92:d5 00:11:50 Automatic (UAP)

4. Verify reachability on the hosts themselves:

Server> tracert -d 10.255.12.1
Tracing route to 10.255.12.1 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 10.0.20.2
2 1 ms <1 ms <1 ms 10.255.12.1

Server> tracert -d 10.0.10.11
Tracing route to 10.0.10.11 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 10.0.20.2
2 <1 ms <1 ms <1 ms 10.0.10.11

Server> tracert -d 10.0.99.11
Tracing route to 10.0.99.11 over a maximum of 30 hops

1 1 ms 1 ms 2 ms 10.0.20.2
2 <1 ms <1 ms <1 ms 10.0.99.11

Host> tracert -d 10.255.12.1
Tracing route to 10.255.12.1 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 10.0.10.2
2 1 ms <1 ms <1 ms 10.255.12.1

Host> tracert -d 10.0.20.11
Tracing route to 10.0.20.11 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 10.0.10.2
2 4 ms 3 ms 6 ms 10.0.20.11

Host> tracert -d 10.0.99.11
Tracing route to 10.0.99.11 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 10.0.10.2
2 2 ms 1 ms 1 ms 10.0.99.11

Related Articles


Back to Top