Are you sure you want to cancel your subscription?

If you cancel, your subscription will remain active through the paid term. You will be able to reactivate the subscription until that date.

Sorry to see you go

Your subscription will remain active until . If you change your mind, you may rectivate your subscription anytime before that date.

Are you sure you want to reactivate?
Welcome Back!

Your subscription has been reactivated and you will continue to be charged on .

Reactivate Subscription

Thank you for choosing to reactivate your subscription. In order to lock in your previous subscription rate, you owe: .

Your Subscription term is from - .

Questions? Call Sales.

541-284-5522
Payment Due:

OK
Auto-Renew Subscription

To auto-renew your subscription you need to select or enter your payment method in "Your Account" under Manage Payments.

Click continue to set up your payments.

CBT Nuggets License Agreement


Unless otherwise stated all references to “training videos” or to “videos” includes both individual videos within a series, entire series, series packages, and streaming subscription access to CBT Nuggets content. All references to CBT or CBT Nuggets shall mean CBT Nuggets LLC, a Delaware limited liability company located at 44 Country Club Road, Ste. 150, Eugene, Oregon.


A CBT Nuggets license is defined as a single user license. Accounts may purchase multiple users, and each user is assigned a single license.


  • GRANT OF LICENSE. CBT Nuggets grants you a non-transferable, non-exclusive license to use the training videos contained in this package or streaming subscription access to CBT content (the “Products”), solely for internal use by your business or for your own personal use. You may not copy, reproduce, reverse engineer, translate, port, modify or make derivative works of the Products without the express consent of CBT. You may not rent, disclose, publish, sell, assign, lease, sublicense, market, or transfer the Products or use them in any manner not expressly authorized by this Agreement without the express consent of CBT. You shall not derive or attempt to derive the source code, source files or structure of all or any portion of the Products by reverse engineering, disassembly, decompilation or any other means. You do not receive any, and CBT Nuggets retains all, ownership rights in the Products. The Products are copyrighted and may not be copied, distributed or reproduced in any form, in whole or in part even if modified or merged with other Products. You shall not alter or remove any copyright notice or proprietary legend contained in or on the Products.
  • TERMINATION OF LICENSE. Once any applicable subscription period has concluded, the license granted by this Agreement shall immediately terminate and you shall have no further right to access, review or use in any manner any CBT Nuggets content. CBT reserves the right to terminate your subscription if, at its sole discretion, CBT believes you are in violation of this Agreement. CBT reserves the right to terminate your subscription if, at its sole discretion, CBT believes you have exceeded reasonable usage. In these events no refund will be made of any amounts previously paid to CBT.
  • DISCLAIMER OF WARRANTY AND LIABILITY. The products are provided to you on an “as is” and “with all faults” basis. You assume the entire risk of loss in using the products. The products are complex and may contain some nonconformities, defects or errors. CBT Nuggets does not warrant that the products will meet your needs, “expectations or intended use,” that operations of the products will be error-free or uninterrupted, or that all nonconformities can or will be corrected. CBT Nuggets makes and user receives no warranty, whether express or implied, and all warranties of merchantability, title, and fitness for any particular purpose are expressly excluded. In no event shall CBT Nuggets be liable to you or any third party for any damages, claim or loss incurred (including, without limitation, compensatory, incidental, indirect, special, consequential or exemplary damages, lost profits, lost sales or business, expenditures, investments, or commitments in connection with any business, loss of any goodwill, or damages resulting from lost data or inability to use data) irrespective of whether CBT Nuggets has been informed of, knew of, or should have known of the likelihood of such damages. This limitation applies to all causes of action in the aggregate including without limitation breach of contract, breach of warranty, negligence, strict liability, misrepresentation, and other torts. In no event shall CBT Nuggets’ liability to you or any third party exceed $100.00.
  • REMEDIES. In the event of any breach of the terms of the Agreement CBT reserves the right to seek and recover damages for such breach, including but not limited to damages for copyright infringement and for unauthorized use of CBT content. CBT also reserves the right to seek and obtain injunctive relief in addition to all other remedies at law or in equity.
  • MISCELLANEOUS. This is the exclusive Agreement between CBT Nuggets and you regarding its subject matter. You may not assign any part of this Agreement without CBT Nuggets’ prior written consent. This Agreement shall be governed by the laws of the State of Oregon and venue of any legal proceeding shall be in Lane County, Oregon. In any proceeding to enforce or interpret this Agreement, the prevailing party shall be entitled to recover from the losing party reasonable attorney fees, costs and expenses incurred by the prevailing party before and at any trial, arbitration, bankruptcy or other proceeding and in any appeal or review. You shall pay any sales tax, use tax, excise, duty or any other form of tax relating to the Products or transactions. If any provision of this Agreement is declared invalid or unenforceable, the remaining provisions of this Agreement shall remain in effect. Any notice to CBT under this Agreement shall be delivered by U.S. certified mail, return receipt requested, or by overnight courier to CBT Nuggets at the following address: 44 Club Rd Suite 150, Eugene, OR 97401 or such other address as CBT may designate.

CBT Nuggets reserves the right, in its sole discretion, to change, modify, add, or remove all or part of the License Agreement at any time, with or without notice.

Billing Agreement


  • By entering into a Billing Agreement with CBT Nuggets, you authorize CBT Nuggets to use automatic billing and to charge your credit card on a recurring basis.
  • You agree to pay subscription charges on a monthly basis, under the following terms and conditions:
    • CBT Nuggets will periodically charge your credit card each monthly billing cycle as your subscription charges become due;
    • All payments are non-refundable and charges made to the credit card under this agreement will constitute in effect a "sales receipt" and confirmation that services were rendered and received;
    • To terminate the recurring billing process and/or arrange for an alternative method of payment, you must notify CBT Nuggets at least 24 hours prior to the end of the monthly billing cycle;
    • You will not dispute CBT Nugget’s recurring billing charges with your credit card issuer so long as the amount in question was for periods prior to the receipt and acknowledgement of a written request to cancel your account or cancel individual licenses on your account.
  • You guarantee and warrant that you are the legal cardholder for the credit card associated with the account, and that you are legally authorized to enter into this recurring billing agreement.
  • You agree to indemnify, defend and hold CBT Nuggets harmless, against any liability pursuant to this authorization.
  • You agree that CBT Nuggets is not obligated to verify or confirm the amount for the purpose of processing these types of payments. You acknowledge and agree that Recurring Payments may be variable and scheduled to occur at certain times.
  • If your payment requires a currency conversion by us, the amount of the currency conversion fee will be determined at the time of your payment. You acknowledge that the exchange rate determined at the time of each payment transaction will differ and you agree to the future execution of payments being based on fluctuating exchange rates.

CBT Nuggets reserves the right, in its sole discretion, to change, modify, add, or remove all or part of the Billing Agreement at any time, with or without notice.

Cisco CCNP SWITCH 642-813

L3 Switching: InterVLAN Routing Extraordinaire

This video is only available to subscribers.
Start your 7-day free trial today.

A free trial includes:

  • Unlimited 24/7 access to our entire IT training video library.
  • Ability to train on the go with our mobile website and iOS/Android apps.
  • Note-taking, bookmarking, speed control, and closed captioning features.

Welcome to Cisco Switch: Watch Me First!

The Switches Domain: Core Concepts and Design

VLANs: Configuration and Verification

VLANs: In-Depth Trunking

VLANs: VLAN Trunking Protocol

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 1

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 2

STP: Rapid Spanning Tree Concepts and Configuration

EtherChannel: Aggregating Redundant Links

L3 Switching: InterVLAN Routing Extraordinaire

00:00:00 - Inter VLAN routing extraordinaire.
00:00:04 - What would a switching course be without bringing some routing
00:00:09 - into the picture. It would just all be layer two. That's it.
00:00:13 - Nothing would move between VLANs and that's what we're going
00:00:16 - to talk about here. We're going to look at ways to move traffic
00:00:19 - between different VLANs. We'll look at the first mechanism, the
00:00:24 - famous router on a stick, then we'll move into multi layer switching,
00:00:28 - some of the advantages of using a multi layer switch, and then
00:00:31 - the actual configuration.
00:00:34 - Well, let's start this video off as we do with most: A dilemma
00:00:37 - to be solved. We've talked all about VLANs up to this point,
00:00:41 - and set up VLANs between our switches, but now our clients need
00:00:46 - to get between VLANs. The VLANs by design have isolated them
00:00:50 - into their own subnets to segment the networks, segment broadcast,
00:00:54 - put up security boundaries, but there's times when we need to
00:00:57 - route between those VLANs. So what are our solutions?
00:01:02 - The first solution to this dilemma is one of my favorite technical
00:01:06 - concepts to talk about, because of the name. A router on a stick.
00:01:10 - Reminds me of a corndog. But this router is a router with a fast
00:01:14 - ethernet or greater interface, that has a trunk configuration
00:01:19 - set up to the switch. Now, the switch is going to send it all
00:01:22 - the VLAN information as trunks do, across that trunk line, and
00:01:27 - the router is going to have more than one IP address assigned
00:01:30 - to the interface using sub interfaces, and we'll talk about that
00:01:33 - in the next slide when we get into the configuration of this.
00:01:36 - The advantages of using a router on a stick is it's very simple
00:01:39 - to set up. You can use your existing equipment and it's a lower
00:01:42 - cost because you don't have to have any special switch hardware
00:01:45 - to do this. It's all on a router, which you typically have connecting
00:01:49 - to your WAN interface anyway.
00:01:52 - Now, the disadvantages of this config is, number one, you can
00:01:56 - have congestion on a link. Especially if this is not a multi
00:02:00 - layer switch. Again, we'll talk about that as we expand on some
00:02:04 - of the hardware that the modern switches come with, because every
00:02:08 - single stream or conversation that's coming from this VLAN goes
00:02:13 - into this switch, through the router, back out, loops around,
00:02:18 - and out the other VLAN. So you're really eating up a full duplex
00:02:22 - connection because the traffic goes in and comes back out into
00:02:24 - the switch. Now, a multi layer switch can ease that load greatly
00:02:28 - on the router, but still the congestion on that link can be one
00:02:33 - of the worries you have to think about. Second is that you have
00:02:36 - a single point of failure, meaning if that router goes down you
00:02:39 - lose all of your routing for all of your VLANs. So the alternative
00:02:43 - is to set up a redundant router on a stick, which can end up
00:02:47 - being pointless, because of the style of connection that it is.
00:02:51 - It's essentially wasted equipment. Finally, the delay of routing.
00:02:56 - And this is something we're going to discover when we look at
00:02:58 - the solution number two. Routers compared to switches are very
00:03:02 - slow. Even though it feels fast as we're going through the router,
00:03:05 - surfing the Internet and that sort of thing, it just can't hold
00:03:08 - a handle to a switch which does all of its movement of packets
00:03:12 - through the hardware. So comparatively speaking, a router on
00:03:17 - a stick is the slower solution.
00:03:20 - To set up a router on a stick, there's really two steps. Number
00:03:24 - one, we need to configure a trunk on the switch that's connecting
00:03:27 - to the router. You can see I have fast ethernet 0/1 on the switch
00:03:32 - plugged over to the router. That needs to send all VLAN information
00:03:35 - to that direction so the router can route it. Step two is to
00:03:39 - create sub interfaces on the router assign them IP addresses
00:03:43 - that respond to the VLAN that they belong to. So let's go ahead
00:03:47 - and work through these steps on live equipment. I'm going to
00:03:49 - bring up a switch right now. I'm going to go into interface fast
00:03:54 - ethernet 0/1 and I'll do switch port, trunk encapsulation, and
00:04:00 - depending on the router and IOS version you're using you can
00:04:03 - use either 802.12 or ISL. Cisco is trying to make ISL go away.
00:04:09 - So let's stick with their world and just do 802.1Q and type in
00:04:14 - switch port mode and trunk, enter. It's now hard coded as a trunk
00:04:19 - port. I can go back here and do a show VLAN. I want to make sure
00:04:22 - the other pieces of the puzzle are in place. I've got VLAN 10
00:04:25 - and VLAN 20 turned on right now, and they are a part of fast
00:04:30 - ethernet 11 and 12, which reflects our diagram right here. Host
00:04:34 - and VLAN 10. And host and VLAN 20. Now glancing at this config
00:04:38 - over here, the subnet I chose for VLAN 10 is 10.1.10.0
00:04:43 - and 20 is 20.0. So that's the switch side of it. Now, once fast
00:04:50 - ethernet 0/1 negotiates a trunk, it will disappear from this
00:04:53 - VLAN list and not show up because trunks don't appear in the
00:04:58 - VLANs. Grabbing my console cable and switching it over to the
00:05:03 - router, there we go, I'm on my router on a stick right now. And
00:05:07 - I'm going to go into global config mode, interface fast ethernet
00:05:12 - 0/0 and type in a command that we're all familiar with and done
00:05:16 - many times, I'm sure. No shutdown. I'm typing that just to make
00:05:20 - sure you guys catch that that's all I do under the physical interface.
00:05:24 - If I were to assign an IP address to the physical interface to
00:05:27 - this router, it would be responding for VLAN 1. Now, Cisco's
00:05:32 - recommendation says try not to use VLAN 1 on production networks.
00:05:36 - It's just more secure that way, because everybody assumes most
00:05:39 - things are a part of VLAN 1 if you're an intruder of some sort
00:05:43 - and there's a lot of vulnerabilities with that. So we'll stay
00:05:46 - away from that and not assign an IP address to the physical interface.
00:05:49 - I'll just go directly in. Look at that, duplex mismatch. I'm
00:05:55 - going to go in and
00:05:57 - type well, let's go with half. Just to fix that duplex mismatch
00:06:10 - for now. All right. So I'm going to go into fast ethernet 0/0
00:06:15 - dot and this is how we create a sub interface. I'll do a question
00:06:18 - mark. We can have up to four billion 294 million da da da some
00:06:24 - number of sub interfaces. If you actually had the motivation
00:06:27 - to create that many sub interfaces, the router I'm sure would
00:06:31 - run out of memory before you got there. The reason they give
00:06:34 - you that many numbers is because they want to give you flexibility
00:06:37 - with what you name it. So you can do logical names for yourself.
00:06:40 - Now, in our case this sub interface is going to route for VLAN
00:06:44 - 10. So I'm going to put dot 10 after that and create that sub
00:06:49 - interface. Now, I didn't have to do that. That was just a logical
00:06:52 - term for myself. I could create any sub interface number I want
00:06:57 - to. I could have made sub interface 100 route for VLAN 10, because
00:07:01 - the key command that links this to VLAN 10 is typing in this:
00:07:07 - Encapsulation dot 1 Q 10. Enter. At that point, oh, it's telling
00:07:14 - me I typed things out of order. But that's saying to that sub
00:07:18 - interface: You will respond for VLAN 10. Now, it's mentioning
00:07:22 - that this, if the interface doesn't support baby giant frames
00:07:25 - and the maximum transmission unit, it's been reduced and all
00:07:28 - that, what that's trying to say is it's now going to insert the
00:07:31 - tag into that sub interface. So if the interface on the other
00:07:36 - side isn't expecting that, you're not going to get any connectivity.
00:07:41 - Now, some routers you have to type in the IP address or, I'm
00:07:45 - sorry, the encapsulation before you assign the IP address otherwise
00:07:48 - it will reject it. I'm going to say on this sub interface, the
00:07:53 - IP address is 10.1.10.1. Get my 10.1.10.1.
00:07:59 - Excellent. I'm going to then exit out and type in interface,
00:08:07 - fast ethernet 0/.20 and do the same thing here. Encapsulation
00:08:11 - dot 1 Q 20 and enter I'll type in the IP address 10.1.20.1.
00:08:17 - Good. At
00:08:22 - this point I can do a show IP interface brief. And I'll just
00:08:25 - include fast ethernet interfaces. And you can see right here
00:08:31 - I have an unassigned
00:08:33 - IP address on fast ethernet 0/0.10
00:08:37 - and .20 have been assigned those IP addresses. We should be good
00:08:40 - to go. Now I just need to go to my host and set them up for that.
00:08:44 - So let me pause the video. I'll go over to these hosts configure
00:08:47 - them with IP address and do some trace routes to make sure we're
00:08:50 - going through the router.
00:08:52 - All right. The machine I'm recording on right now is this PC
00:08:56 - right here in VLAN 20. I've assigned it the IP address 10.1.20.50
00:09:01 - and I've assigned this PC over here, the Dell laptop, 10.1.10.50.
00:09:06 - So that's going to be the remote host. So let's bring up my command
00:09:11 - prompt. And I'm going to do a ping 10.1.20.1.
00:09:18 - And right there we're getting there. And actually let me do a
00:09:21 - trace route. Now, is that the D option, because otherwise it
00:09:25 - tries to resolve host names and just takes forever. So do a trace
00:09:29 - route and sure enough it's directly connected. You can see one
00:09:32 - millisecond right
00:09:34 - there. That, by the way, is the router on a stick that we're
00:09:37 - reaching. Let's go step by step, let's see if we can reach 10.1.10.1
00:09:42 - on the other side.
00:09:46 - Excellent. You can see just one hop away and scrolling off the
00:09:50 - bottom of my command prompt here. There we go. So 10.1.10.1 and
00:09:55 - let's step it up one more to 10.1.10.50,
00:09:58 - which is my laptop over there on the other end. There's 20.1.
00:10:02 - It's going through the router and reaching 10.1.10.50
00:10:06 - over on the other side. So our router on a stick solution is
00:10:09 - working. But as I mentioned, this is the slower of the solutions.
00:10:14 - We're having to leave the switch, go to the router. Loop back
00:10:18 - around. Be processed by a router in the middle, and then come
00:10:21 - back into the switch. So let's move on to solution number two.
00:10:26 - Now, solution number two is where we take a router and smoosh
00:10:31 - it into the switch. Literally. Inside of the switch, if we look
00:10:34 - inside, there's a router board that is capable of doing layer
00:10:38 - three processing. Now, the advantages of doing this, you can
00:10:42 - see right on the screen, is you route at wire speed. Now, there's
00:10:46 - a catch to that. And I'll talk about that in just a moment. But
00:10:50 - they have a method of moving a lot of the stuff that happens
00:10:54 - in the IOS software, a lot of the routing pieces, into the hardware
00:10:58 - of the switch. And that's what allows it to happen, and I'll
00:11:00 - show you how in a moment. Second, is that you have the back plane
00:11:04 - bandwidth as your limiting factor. Remember when you had the
00:11:07 - router on a stick, we actually had this external router right
00:11:11 - here. Obviously you remember, previous slide, that we had to
00:11:15 - leave the switch on to the router. Now, this interface right
00:11:19 - here was the bottleneck, because we have to go out and come back
00:11:22 - in on that same interface, which is typically 100 meg per second.
00:11:26 - Since we never leave the switch, since the router's inside of
00:11:29 - it, the back plane of the switch is the bandwidth, which is gigabits
00:11:34 - per second on tap. The back plane is the whole circuit board
00:11:37 - if you will of the switch. Likewise, we have redundancy enabled
00:11:41 - meaning if we have multiple multi layer switches which most people
00:11:45 - do if they have an enterprise that's capable of supporting multi
00:11:48 - layer switching in the first place we can have another switch
00:11:51 - take over for another. Likewise, if you have, for instance, a
00:11:54 - 6500 or 4500 series switch, you will typically have redundant
00:12:00 - supervisor engines and redundant what's known as multi layer
00:12:04 - switch feature cards or MFC cards sitting on top of there. If
00:12:08 - one supervisor goes down, then the other one can take over for
00:12:11 - it. So all good things. Disadvantage, you can see it right there,
00:12:17 - is cost.
00:12:19 - Just to give you this is modern day ballpark figures. Say a 2950
00:12:24 - switch with no layered three support, you're probably looking
00:12:28 - at maybe, I don't know, three, 400 bucks or so for a 24 port
00:12:33 - switch. For a 3750,
00:12:37 - which has layer three support, you're probably looking somewhere
00:12:41 - in the range of $5,000.
00:12:45 - I kid you not, on the low end. So just to add that router inside
00:12:49 - of the switch is a big deal. Now, the good news is not all switches
00:12:53 - need to support this. Before I dig any deeper into that, let's
00:12:57 - get into the how behind this. Multi layer switches support routing
00:13:02 - capabilities in one of two ways. The first and the more common
00:13:07 - way is through something known as SVIs or switched virtual interfaces.
00:13:13 - Essentially these take the place of the, quote/unquote, router
00:13:16 - on a stick. They're the routers inside of the switch. And you
00:13:20 - can see I kind of diagrammed them here as just these little interfaces
00:13:24 - hanging out at the switch. But, remember, there is no physical
00:13:28 - interface. When I create SVI 10, you're going to see that there's
00:13:32 - no physical port that it relates to. All I've done is I've created
00:13:36 - this mystical interface that all ports assigned to VLAN 10 can
00:13:42 - reach. So when I create this SVI 10, this PC will be able to
00:13:48 - reach it provided I give that interface an IP address in the
00:13:51 - same subnet as VLAN 10. Same thing with SVI 20 when I create
00:13:55 - that, VLAN 20 hosts or ports assigned to VLAN 20 will be able
00:14:00 - to reach that. So let me show you how that's done. I'm going
00:14:03 - to go to the console
00:14:07 - connection of my switch. Got my interface coming up and down.
00:14:10 - So let's clear that out. I'm going to go and just do a show IP
00:14:13 - interface brief. And you can see right now this is pretty much
00:14:17 - a cleared switch. We've just got VLAN 1 interface which is currently
00:14:22 - shut down. I go down and I can see I've got interface fast ethernet
00:14:26 - 0/11 and 12 which are currently up. Because those are my hosts
00:14:31 - assigned to the VLAN. This is the same switch we were using before
00:14:34 - for the router on a stick. But this time we won't be using the
00:14:37 - router on a stick. I'll go into global config mode and type in
00:14:40 - interface VLAN 10.
00:14:45 - Poof. Just like that I've created SVI 10 or interface VLAN 10.
00:14:50 - I'll do an IP address of 10.1.10.1,
00:14:54 - which I believe 10.1.10.1, correct, was the IP address I planned
00:14:59 - on assigning it 255255250. I usually do a no shut down
00:15:03 - to make sure it's up. I'll also do interface VLAN 20.
00:15:10 - IP address.
00:15:12 - 10.1.20.1. No
00:15:16 - shut. Shouldn't be necessary. Just because of that status message
00:15:20 - saying it's up. But just to be safe I'll do a no shut. Now I'll
00:15:23 - go back and do a show IP interface brief one more time. Hit enter.
00:15:27 - Now you can see these two mystical interfaces have appeared as
00:15:31 - I was mentioning. VLAN 10 and 20 are now existing on this switch.
00:15:36 - Every host that's assigned to VLAN 10 can reach this one and
00:15:39 - every host in VLAN 20 can reach this one, which are my two hosts
00:15:42 - I said before. The other key piece of turning on layer three
00:15:47 - switching or multi layer switching is to go into global config
00:15:51 - mode and type in the command IP routing. I forget that all the
00:15:56 - time. Because if you don't do that, it's just going to say, okay,
00:15:59 - those are two interfaces but I'm not going to route between them.
00:16:02 - On a router that command is in there by default. On a switch,
00:16:06 - if you went to turn on layer three switching, you need to enable
00:16:09 - it. So now I should be able to bring up my command prompt. Let
00:16:14 - me remove that into the window. Scrunch it down a little bit.
00:16:18 - And I'm going to do a ping 10.1.10.1,
00:16:23 - which, right, is not responding. Let me just make sure
00:16:30 - my ARP good old Windows Vista locking me out of clearing my ARP
00:16:36 - table. Let me do a ARP A which prints my MAC address table looks
00:16:41 - like wait a second 10.20.
00:16:47 - Okay. There we go. That is the switch responding.
00:16:51 - As of right now I'm not too sure why 10.1.10
00:16:56 - is not responding.
00:16:58 - Right, then. You saw it here first, folks. I'm guessing that
00:17:03 - maybe I just got too impatient and killed it after the first
00:17:08 - ping could even come back. But, nonetheless, it's working right
00:17:11 - now. We've got 10.1.20.1, and 10.1.10.1, which is the two VLAN
00:17:16 - interfaces I just created on the switch right here. Now let me
00:17:19 - just do the trace route. Let me do trace route dash D to 10.1.10.50
00:17:26 - which is now reaching the Dell laptop I have connected over there
00:17:30 - in the separate VLAN. And let me just make sure we're all on
00:17:32 - the same page. I'm sitting in VLAN 20 right here pinging into
00:17:36 - the switch through the switch virtual interface and reaching
00:17:39 - the host over here in VLAN 10. So that is the layer three switching
00:17:44 - that is happening inside of that switch.
00:17:48 - The other way I can turn on multi layer switching is by using
00:17:52 - routed ports. You can see that as my second part of my setup.
00:17:55 - Optional, I can create routed ports, meaning any interface, physical
00:18:00 - interface, I should say, of the switch, can be turned into a
00:18:04 - routed port. Let me demonstrate. I'm sitting on this switch right
00:18:08 - now on fast ethernet 0/24 and right now it's a switch port. It's
00:18:12 - connected to an uplinked router, and I want to change that over
00:18:15 - into a routed port and give it an IP address to where, see if
00:18:19 - you can follow, this switch becomes a router with a fast ethernet
00:18:26 - interface. It just becomes like any other ethernet router at
00:18:28 - that point at least on that one fast ethernet 0/24 port. Let
00:18:33 - me show you how it works and maybe it will be clearer. Bring
00:18:36 - up my terra term. I'm going to go into fast ethernet 0/24 and
00:18:42 - type in the command no switch port. As soon as I do that I turn
00:18:47 - off the switching capability on this interface and I turn on
00:18:50 - the routing features. Now, I'm going to assign it the IP address
00:18:53 - 10.1.24.1/30. So I'll say IP address 10.1.24.1,
00:19:02 - 2552552552. I want to add a side note, that doesn't
00:19:06 - change the physical characteristics of the port, meaning I don't
00:19:10 - need like a crossover cable now to connect two routers back to
00:19:13 - back. But that's essentially how it acts. It's almost as if you
00:19:16 - had a crossover between two different devices. Now this, I should
00:19:21 - mention, this router over here is the .2 of the /30 subnet. So
00:19:26 - let's see if I can ping it. I'll do ping it 10.1.24.2.
00:19:30 - Enter. Voila. We have five now successful pings over to that
00:19:37 - router. And that router, by the way, is running EIGRP and connects
00:19:41 - off to the Internet. So check this out. Look at this third step.
00:19:44 - Optional enable routing protocols. On a switch? No, it's not
00:19:48 - a switch anymore, it's a router. As a matter of fact, host name,
00:19:51 - SWOUTER because that's what it's become. It's a switch and a
00:19:55 - router all at once. So I'm going to go into router
00:20:02 - EIGRP 1, which is the same autonomous system as the router over
00:20:06 - there. Do a no auto summary, and network.
00:20:11 - 10.0.0, which will run it for all the 10 network. Now that will
00:20:16 - actually form a neighbor relationship with the router. I'll do
00:20:19 - a show IP ERGP neighbor, and sure enough look at that, we have
00:20:24 - our first neighbor that's come up over fast ethernet 0/24.
00:20:30 - Do a show IP route.
00:20:32 - Amazing. Look at that. You see that? I actually am learning routes
00:20:36 - on a switch. No, a swouter. That's learning about these are just
00:20:41 - a couple of loopback interfaces I created over on that router
00:20:44 - so it looks like it has more interfaces. This is the default
00:20:47 - route that I'm advertising in from the Internet. So the switch
00:20:53 - should now be able to reach the Internet through that router.
00:20:56 - So amazing. I mean, it really is a swouter because we have full
00:21:01 - routing capabilities. I'm running routing cables, running virtual
00:21:03 - interfaces, routing between VLANs all within a switch; and yet
00:21:08 - I haven't yet told you what the best benefit of doing this is.
00:21:13 - To do that, I have to enlist a few friends of mine to help. There's
00:21:18 - a little story behind this as you can imagine. When I first got
00:21:22 - married to my wife, we found out that we were two very different
00:21:26 - people, as most people who get married find out. She is a dog
00:21:31 - person and I am a cat person. And she had this little dog that's
00:21:36 - a Lhasa Apso, kind of one of those on the screen there, kind
00:21:39 - of thinks it owns the world, has the attitude of like I'm a little
00:21:43 - princess, don't mess with me. And the dog and I just didn't get
00:21:47 - along. So, anyway, after a few months of marital conversations
00:21:53 - about the dog, we sort of just disagreed on the whole dog thing
00:21:59 - on how this dog should be treated and disciplined and all of
00:22:02 - that, because it barks all the time. So, anyhow, let's imagine.
00:22:07 - This is where the real reality breaks off into my imagination.
00:22:11 - Imagine that my wife, Sue, went ahead and went to the President
00:22:15 - of the United States and said, this is the little track here,
00:22:19 - up to the President of the United States and said: Mr. President,
00:22:24 - my husband and I are just disputing about this dog. It barks
00:22:27 - all the time. I think that gentle love is the best way to discipline,
00:22:31 - and he thinks just abuse, beating the dog is the best way to
00:22:36 - discipline, and I need to protect this dog from my husband, can
00:22:41 - you pass a law, please, that will say this dog has the same rights
00:22:45 - as humans and we can take care of that, and just make sure everything's
00:22:50 - okay. The President of the United States looks at the bill and
00:22:52 - it's like, why, yes, I think that's great. I have a dog of my
00:22:57 - own, and I think it should be protected. So the president puts
00:23:00 - his stamp of approval on it and the bill becomes a law. This
00:23:07 - is the law over here. The Lhasa Apso still now has the same rights
00:23:11 - as humans. I say still. It does. It really does in our home.
00:23:15 - But, anyway, the president looks at this and the president says:
00:23:19 - I can see where this is going. Right now she's coming for a Lhasa
00:23:24 - Apso but there's other breeds. There's Bulldogs, and Golden Retrievers
00:23:28 - and Poodles, and I'll tell you what, because I don't want to
00:23:31 - be bothered with all this hassle of all these dogs getting the
00:23:35 - same rights as humans, I'll just pass this down to my secretary
00:23:38 - and say if you get any future bills from Susan about the rights
00:23:43 - of any breed of dog, just go ahead and put my stamp of approval
00:23:46 - on it, the golden seal, and that will become law. And that's
00:23:50 - fine. So same thing happens. She comes in with Golden Retriever,
00:23:54 - much less bureaucratic, and just cuts straight through. And we
00:23:58 - have all these laws for all the dogs. You might be wondering
00:24:02 - what on earth does this have to do with anything switching. Here's
00:24:06 - the deal. The President of the United States
00:24:10 - is really the router inside of the switch. The dog over here
00:24:17 - represents one host,
00:24:19 - a PC, and the law represents yet another host. We'll say a server.
00:24:24 - The secretary is the missing piece in this whole discussion.
00:24:27 - We haven't talked about it. We'll call this Mrs. CEF for now.
00:24:33 - Okay. Here's the idea. When the very first packet goes from one
00:24:39 - host on one VLAN to another host in another VLAN or some other
00:24:43 - route, maybe it's a router, maybe it's the Internet. Maybe it's
00:24:45 - the server. Maybe it's a printer, could be anything. That first
00:24:50 - packet is going to go to the router inside of the switch, which
00:24:54 - even though it's all dressed up in this beautiful switch chassis,
00:24:58 - it's still a router. It's still slow. There's a lot of bureaucratics
00:25:01 - that goes on inside that router. It's software based and so on.
00:25:04 - But the key is once one packet has hit that router, the router
00:25:09 - passes it down to the switch side, or you could call it Mrs.
00:25:14 - CEF, CEF. Call her Mrs. ASICS. You could call her a lot of things.
00:25:20 - But that is the hardware piece of the switch. So all future packets
00:25:25 - fly through without having to be checked by the router. Because
00:25:29 - that is known as multi layer switching. Now, a lot of people
00:25:34 - you see the title of this slide. Understanding layer three versus
00:25:36 - multi layer switching, a lot of people just kind of use those
00:25:39 - interchangeably. I do. I'm one of those people. It's a multi
00:25:42 - layer switch, I mean layer three switch. What's the difference.
00:25:45 - Technically speaking, a layer three switch is a switch with a
00:25:51 - router inside. That's it. It's a switch that can do routing.
00:25:55 - It's got the president. A multi layer switch is a switch that
00:25:59 - has the ability to cache route information. That is Mrs. CEF
00:26:03 - down here. Now, let me say this. Here's the fact of the day.
00:26:08 - Every layer three switch is also a multi layer switch. But
00:26:15 - not every multi layer switch is really a layer three switch.
00:26:20 - Did you follow that? Not every multi layer switch is really a
00:26:23 - layer three switch. What that means is not every switch has a
00:26:27 - router inside, which leads to a network architecture that could
00:26:30 - look like this. Maybe you have a couple layer three switches,
00:26:34 - distribution layer, big pricey switches, then at the lower layer
00:26:38 - you have all these multi layer switches, things that can cache
00:26:41 - the information, meaning remember what the router told it but
00:26:45 - again do routing on its own. So here's the deal. You've got one
00:26:49 - PC represented by the Lhasa Apso over there and another server
00:26:53 - over here represented by the law. The very first packet has to
00:26:57 - go up here and to the router component of the distribution layer
00:27:00 - switch and the router sees, oh, I need to cross over here, I
00:27:03 - need to pass it down here. We're into the switching piece and
00:27:05 - we hit the server. And then from there on out, maybe this is
00:27:09 - on one VLAN, this is on another, all future packets from that
00:27:13 - host to that server can just pass through the layer two engine,
00:27:16 - if you will, or just be CEFed across the way. Now, we're going
00:27:22 - to talk a lot in the next video about how that works and the
00:27:25 - technology behind CEF, but that is a big piece of why using those
00:27:30 - switches, like we just did, we set up those layer three interfaces
00:27:33 - is so much better than just using a router on a stick, and that
00:27:38 - is the foundation of routing between VLANs, enter VLAN routing
00:27:42 - extraordinaire. What we saw was first off the famous router on
00:27:47 - a stick. It truly is famous. It's been around for eons. I think
00:27:51 - they've even passed it down to the CC and A level now as a way
00:27:55 - to move between VLANs. Then we stepped into the advantages of
00:27:59 - using multi layer switches. Some of which I just talked about
00:28:02 - and others we talked about beforehand using those switch virtual
00:28:05 - interfaces and finally we walked through the configuration of
00:28:09 - multi layer switching two methods, switch virtual interfaces
00:28:13 - which are those logical interfaces that can be reached by any
00:28:16 - port assigned to the VLAN, and then the routed port, which is
00:28:21 - enabled by using that no switch port command, and literally turns
00:28:24 - that port of your switch into a router. I hope this has been
00:28:28 - informative for you and I'd like to thank you for viewing.
00:00:00 - Inter VLAN routing extraordinaire.
00:00:04 - What would a switching course be without bringing some routing
00:00:09 - into the picture. It would just all be layer two. That's it.
00:00:13 - Nothing would move between VLANs and that's what we're going
00:00:16 - to talk about here. We're going to look at ways to move traffic
00:00:19 - between different VLANs. We'll look at the first mechanism, the
00:00:24 - famous router on a stick, then we'll move into multi layer switching,
00:00:28 - some of the advantages of using a multi layer switch, and then
00:00:31 - the actual configuration.
00:00:34 - Well, let's start this video off as we do with most: A dilemma
00:00:37 - to be solved. We've talked all about VLANs up to this point,
00:00:41 - and set up VLANs between our switches, but now our clients need
00:00:46 - to get between VLANs. The VLANs by design have isolated them
00:00:50 - into their own subnets to segment the networks, segment broadcast,
00:00:54 - put up security boundaries, but there's times when we need to
00:00:57 - route between those VLANs. So what are our solutions?
00:01:02 - The first solution to this dilemma is one of my favorite technical
00:01:06 - concepts to talk about, because of the name. A router on a stick.
00:01:10 - Reminds me of a corndog. But this router is a router with a fast
00:01:14 - ethernet or greater interface, that has a trunk configuration
00:01:19 - set up to the switch. Now, the switch is going to send it all
00:01:22 - the VLAN information as trunks do, across that trunk line, and
00:01:27 - the router is going to have more than one IP address assigned
00:01:30 - to the interface using sub interfaces, and we'll talk about that
00:01:33 - in the next slide when we get into the configuration of this.
00:01:36 - The advantages of using a router on a stick is it's very simple
00:01:39 - to set up. You can use your existing equipment and it's a lower
00:01:42 - cost because you don't have to have any special switch hardware
00:01:45 - to do this. It's all on a router, which you typically have connecting
00:01:49 - to your WAN interface anyway.
00:01:52 - Now, the disadvantages of this config is, number one, you can
00:01:56 - have congestion on a link. Especially if this is not a multi
00:02:00 - layer switch. Again, we'll talk about that as we expand on some
00:02:04 - of the hardware that the modern switches come with, because every
00:02:08 - single stream or conversation that's coming from this VLAN goes
00:02:13 - into this switch, through the router, back out, loops around,
00:02:18 - and out the other VLAN. So you're really eating up a full duplex
00:02:22 - connection because the traffic goes in and comes back out into
00:02:24 - the switch. Now, a multi layer switch can ease that load greatly
00:02:28 - on the router, but still the congestion on that link can be one
00:02:33 - of the worries you have to think about. Second is that you have
00:02:36 - a single point of failure, meaning if that router goes down you
00:02:39 - lose all of your routing for all of your VLANs. So the alternative
00:02:43 - is to set up a redundant router on a stick, which can end up
00:02:47 - being pointless, because of the style of connection that it is.
00:02:51 - It's essentially wasted equipment. Finally, the delay of routing.
00:02:56 - And this is something we're going to discover when we look at
00:02:58 - the solution number two. Routers compared to switches are very
00:03:02 - slow. Even though it feels fast as we're going through the router,
00:03:05 - surfing the Internet and that sort of thing, it just can't hold
00:03:08 - a handle to a switch which does all of its movement of packets
00:03:12 - through the hardware. So comparatively speaking, a router on
00:03:17 - a stick is the slower solution.
00:03:20 - To set up a router on a stick, there's really two steps. Number
00:03:24 - one, we need to configure a trunk on the switch that's connecting
00:03:27 - to the router. You can see I have fast ethernet 0/1 on the switch
00:03:32 - plugged over to the router. That needs to send all VLAN information
00:03:35 - to that direction so the router can route it. Step two is to
00:03:39 - create sub interfaces on the router assign them IP addresses
00:03:43 - that respond to the VLAN that they belong to. So let's go ahead
00:03:47 - and work through these steps on live equipment. I'm going to
00:03:49 - bring up a switch right now. I'm going to go into interface fast
00:03:54 - ethernet 0/1 and I'll do switch port, trunk encapsulation, and
00:04:00 - depending on the router and IOS version you're using you can
00:04:03 - use either 802.12 or ISL. Cisco is trying to make ISL go away.
00:04:09 - So let's stick with their world and just do 802.1Q and type in
00:04:14 - switch port mode and trunk, enter. It's now hard coded as a trunk
00:04:19 - port. I can go back here and do a show VLAN. I want to make sure
00:04:22 - the other pieces of the puzzle are in place. I've got VLAN 10
00:04:25 - and VLAN 20 turned on right now, and they are a part of fast
00:04:30 - ethernet 11 and 12, which reflects our diagram right here. Host
00:04:34 - and VLAN 10. And host and VLAN 20. Now glancing at this config
00:04:38 - over here, the subnet I chose for VLAN 10 is 10.1.10.0
00:04:43 - and 20 is 20.0. So that's the switch side of it. Now, once fast
00:04:50 - ethernet 0/1 negotiates a trunk, it will disappear from this
00:04:53 - VLAN list and not show up because trunks don't appear in the
00:04:58 - VLANs. Grabbing my console cable and switching it over to the
00:05:03 - router, there we go, I'm on my router on a stick right now. And
00:05:07 - I'm going to go into global config mode, interface fast ethernet
00:05:12 - 0/0 and type in a command that we're all familiar with and done
00:05:16 - many times, I'm sure. No shutdown. I'm typing that just to make
00:05:20 - sure you guys catch that that's all I do under the physical interface.
00:05:24 - If I were to assign an IP address to the physical interface to
00:05:27 - this router, it would be responding for VLAN 1. Now, Cisco's
00:05:32 - recommendation says try not to use VLAN 1 on production networks.
00:05:36 - It's just more secure that way, because everybody assumes most
00:05:39 - things are a part of VLAN 1 if you're an intruder of some sort
00:05:43 - and there's a lot of vulnerabilities with that. So we'll stay
00:05:46 - away from that and not assign an IP address to the physical interface.
00:05:49 - I'll just go directly in. Look at that, duplex mismatch. I'm
00:05:55 - going to go in and
00:05:57 - type well, let's go with half. Just to fix that duplex mismatch
00:06:10 - for now. All right. So I'm going to go into fast ethernet 0/0
00:06:15 - dot and this is how we create a sub interface. I'll do a question
00:06:18 - mark. We can have up to four billion 294 million da da da some
00:06:24 - number of sub interfaces. If you actually had the motivation
00:06:27 - to create that many sub interfaces, the router I'm sure would
00:06:31 - run out of memory before you got there. The reason they give
00:06:34 - you that many numbers is because they want to give you flexibility
00:06:37 - with what you name it. So you can do logical names for yourself.
00:06:40 - Now, in our case this sub interface is going to route for VLAN
00:06:44 - 10. So I'm going to put dot 10 after that and create that sub
00:06:49 - interface. Now, I didn't have to do that. That was just a logical
00:06:52 - term for myself. I could create any sub interface number I want
00:06:57 - to. I could have made sub interface 100 route for VLAN 10, because
00:07:01 - the key command that links this to VLAN 10 is typing in this:
00:07:07 - Encapsulation dot 1 Q 10. Enter. At that point, oh, it's telling
00:07:14 - me I typed things out of order. But that's saying to that sub
00:07:18 - interface: You will respond for VLAN 10. Now, it's mentioning
00:07:22 - that this, if the interface doesn't support baby giant frames
00:07:25 - and the maximum transmission unit, it's been reduced and all
00:07:28 - that, what that's trying to say is it's now going to insert the
00:07:31 - tag into that sub interface. So if the interface on the other
00:07:36 - side isn't expecting that, you're not going to get any connectivity.
00:07:41 - Now, some routers you have to type in the IP address or, I'm
00:07:45 - sorry, the encapsulation before you assign the IP address otherwise
00:07:48 - it will reject it. I'm going to say on this sub interface, the
00:07:53 - IP address is 10.1.10.1. Get my 10.1.10.1.
00:07:59 - Excellent. I'm going to then exit out and type in interface,
00:08:07 - fast ethernet 0/.20 and do the same thing here. Encapsulation
00:08:11 - dot 1 Q 20 and enter I'll type in the IP address 10.1.20.1.
00:08:17 - Good. At
00:08:22 - this point I can do a show IP interface brief. And I'll just
00:08:25 - include fast ethernet interfaces. And you can see right here
00:08:31 - I have an unassigned
00:08:33 - IP address on fast ethernet 0/0.10
00:08:37 - and .20 have been assigned those IP addresses. We should be good
00:08:40 - to go. Now I just need to go to my host and set them up for that.
00:08:44 - So let me pause the video. I'll go over to these hosts configure
00:08:47 - them with IP address and do some trace routes to make sure we're
00:08:50 - going through the router.
00:08:52 - All right. The machine I'm recording on right now is this PC
00:08:56 - right here in VLAN 20. I've assigned it the IP address 10.1.20.50
00:09:01 - and I've assigned this PC over here, the Dell laptop, 10.1.10.50.
00:09:06 - So that's going to be the remote host. So let's bring up my command
00:09:11 - prompt. And I'm going to do a ping 10.1.20.1.
00:09:18 - And right there we're getting there. And actually let me do a
00:09:21 - trace route. Now, is that the D option, because otherwise it
00:09:25 - tries to resolve host names and just takes forever. So do a trace
00:09:29 - route and sure enough it's directly connected. You can see one
00:09:32 - millisecond right
00:09:34 - there. That, by the way, is the router on a stick that we're
00:09:37 - reaching. Let's go step by step, let's see if we can reach 10.1.10.1
00:09:42 - on the other side.
00:09:46 - Excellent. You can see just one hop away and scrolling off the
00:09:50 - bottom of my command prompt here. There we go. So 10.1.10.1 and
00:09:55 - let's step it up one more to 10.1.10.50,
00:09:58 - which is my laptop over there on the other end. There's 20.1.
00:10:02 - It's going through the router and reaching 10.1.10.50
00:10:06 - over on the other side. So our router on a stick solution is
00:10:09 - working. But as I mentioned, this is the slower of the solutions.
00:10:14 - We're having to leave the switch, go to the router. Loop back
00:10:18 - around. Be processed by a router in the middle, and then come
00:10:21 - back into the switch. So let's move on to solution number two.
00:10:26 - Now, solution number two is where we take a router and smoosh
00:10:31 - it into the switch. Literally. Inside of the switch, if we look
00:10:34 - inside, there's a router board that is capable of doing layer
00:10:38 - three processing. Now, the advantages of doing this, you can
00:10:42 - see right on the screen, is you route at wire speed. Now, there's
00:10:46 - a catch to that. And I'll talk about that in just a moment. But
00:10:50 - they have a method of moving a lot of the stuff that happens
00:10:54 - in the IOS software, a lot of the routing pieces, into the hardware
00:10:58 - of the switch. And that's what allows it to happen, and I'll
00:11:00 - show you how in a moment. Second, is that you have the back plane
00:11:04 - bandwidth as your limiting factor. Remember when you had the
00:11:07 - router on a stick, we actually had this external router right
00:11:11 - here. Obviously you remember, previous slide, that we had to
00:11:15 - leave the switch on to the router. Now, this interface right
00:11:19 - here was the bottleneck, because we have to go out and come back
00:11:22 - in on that same interface, which is typically 100 meg per second.
00:11:26 - Since we never leave the switch, since the router's inside of
00:11:29 - it, the back plane of the switch is the bandwidth, which is gigabits
00:11:34 - per second on tap. The back plane is the whole circuit board
00:11:37 - if you will of the switch. Likewise, we have redundancy enabled
00:11:41 - meaning if we have multiple multi layer switches which most people
00:11:45 - do if they have an enterprise that's capable of supporting multi
00:11:48 - layer switching in the first place we can have another switch
00:11:51 - take over for another. Likewise, if you have, for instance, a
00:11:54 - 6500 or 4500 series switch, you will typically have redundant
00:12:00 - supervisor engines and redundant what's known as multi layer
00:12:04 - switch feature cards or MFC cards sitting on top of there. If
00:12:08 - one supervisor goes down, then the other one can take over for
00:12:11 - it. So all good things. Disadvantage, you can see it right there,
00:12:17 - is cost.
00:12:19 - Just to give you this is modern day ballpark figures. Say a 2950
00:12:24 - switch with no layered three support, you're probably looking
00:12:28 - at maybe, I don't know, three, 400 bucks or so for a 24 port
00:12:33 - switch. For a 3750,
00:12:37 - which has layer three support, you're probably looking somewhere
00:12:41 - in the range of $5,000.
00:12:45 - I kid you not, on the low end. So just to add that router inside
00:12:49 - of the switch is a big deal. Now, the good news is not all switches
00:12:53 - need to support this. Before I dig any deeper into that, let's
00:12:57 - get into the how behind this. Multi layer switches support routing
00:13:02 - capabilities in one of two ways. The first and the more common
00:13:07 - way is through something known as SVIs or switched virtual interfaces.
00:13:13 - Essentially these take the place of the, quote/unquote, router
00:13:16 - on a stick. They're the routers inside of the switch. And you
00:13:20 - can see I kind of diagrammed them here as just these little interfaces
00:13:24 - hanging out at the switch. But, remember, there is no physical
00:13:28 - interface. When I create SVI 10, you're going to see that there's
00:13:32 - no physical port that it relates to. All I've done is I've created
00:13:36 - this mystical interface that all ports assigned to VLAN 10 can
00:13:42 - reach. So when I create this SVI 10, this PC will be able to
00:13:48 - reach it provided I give that interface an IP address in the
00:13:51 - same subnet as VLAN 10. Same thing with SVI 20 when I create
00:13:55 - that, VLAN 20 hosts or ports assigned to VLAN 20 will be able
00:14:00 - to reach that. So let me show you how that's done. I'm going
00:14:03 - to go to the console
00:14:07 - connection of my switch. Got my interface coming up and down.
00:14:10 - So let's clear that out. I'm going to go and just do a show IP
00:14:13 - interface brief. And you can see right now this is pretty much
00:14:17 - a cleared switch. We've just got VLAN 1 interface which is currently
00:14:22 - shut down. I go down and I can see I've got interface fast ethernet
00:14:26 - 0/11 and 12 which are currently up. Because those are my hosts
00:14:31 - assigned to the VLAN. This is the same switch we were using before
00:14:34 - for the router on a stick. But this time we won't be using the
00:14:37 - router on a stick. I'll go into global config mode and type in
00:14:40 - interface VLAN 10.
00:14:45 - Poof. Just like that I've created SVI 10 or interface VLAN 10.
00:14:50 - I'll do an IP address of 10.1.10.1,
00:14:54 - which I believe 10.1.10.1, correct, was the IP address I planned
00:14:59 - on assigning it 255255250. I usually do a no shut down
00:15:03 - to make sure it's up. I'll also do interface VLAN 20.
00:15:10 - IP address.
00:15:12 - 10.1.20.1. No
00:15:16 - shut. Shouldn't be necessary. Just because of that status message
00:15:20 - saying it's up. But just to be safe I'll do a no shut. Now I'll
00:15:23 - go back and do a show IP interface brief one more time. Hit enter.
00:15:27 - Now you can see these two mystical interfaces have appeared as
00:15:31 - I was mentioning. VLAN 10 and 20 are now existing on this switch.
00:15:36 - Every host that's assigned to VLAN 10 can reach this one and
00:15:39 - every host in VLAN 20 can reach this one, which are my two hosts
00:15:42 - I said before. The other key piece of turning on layer three
00:15:47 - switching or multi layer switching is to go into global config
00:15:51 - mode and type in the command IP routing. I forget that all the
00:15:56 - time. Because if you don't do that, it's just going to say, okay,
00:15:59 - those are two interfaces but I'm not going to route between them.
00:16:02 - On a router that command is in there by default. On a switch,
00:16:06 - if you went to turn on layer three switching, you need to enable
00:16:09 - it. So now I should be able to bring up my command prompt. Let
00:16:14 - me remove that into the window. Scrunch it down a little bit.
00:16:18 - And I'm going to do a ping 10.1.10.1,
00:16:23 - which, right, is not responding. Let me just make sure
00:16:30 - my ARP good old Windows Vista locking me out of clearing my ARP
00:16:36 - table. Let me do a ARP A which prints my MAC address table looks
00:16:41 - like wait a second 10.20.
00:16:47 - Okay. There we go. That is the switch responding.
00:16:51 - As of right now I'm not too sure why 10.1.10
00:16:56 - is not responding.
00:16:58 - Right, then. You saw it here first, folks. I'm guessing that
00:17:03 - maybe I just got too impatient and killed it after the first
00:17:08 - ping could even come back. But, nonetheless, it's working right
00:17:11 - now. We've got 10.1.20.1, and 10.1.10.1, which is the two VLAN
00:17:16 - interfaces I just created on the switch right here. Now let me
00:17:19 - just do the trace route. Let me do trace route dash D to 10.1.10.50
00:17:26 - which is now reaching the Dell laptop I have connected over there
00:17:30 - in the separate VLAN. And let me just make sure we're all on
00:17:32 - the same page. I'm sitting in VLAN 20 right here pinging into
00:17:36 - the switch through the switch virtual interface and reaching
00:17:39 - the host over here in VLAN 10. So that is the layer three switching
00:17:44 - that is happening inside of that switch.
00:17:48 - The other way I can turn on multi layer switching is by using
00:17:52 - routed ports. You can see that as my second part of my setup.
00:17:55 - Optional, I can create routed ports, meaning any interface, physical
00:18:00 - interface, I should say, of the switch, can be turned into a
00:18:04 - routed port. Let me demonstrate. I'm sitting on this switch right
00:18:08 - now on fast ethernet 0/24 and right now it's a switch port. It's
00:18:12 - connected to an uplinked router, and I want to change that over
00:18:15 - into a routed port and give it an IP address to where, see if
00:18:19 - you can follow, this switch becomes a router with a fast ethernet
00:18:26 - interface. It just becomes like any other ethernet router at
00:18:28 - that point at least on that one fast ethernet 0/24 port. Let
00:18:33 - me show you how it works and maybe it will be clearer. Bring
00:18:36 - up my terra term. I'm going to go into fast ethernet 0/24 and
00:18:42 - type in the command no switch port. As soon as I do that I turn
00:18:47 - off the switching capability on this interface and I turn on
00:18:50 - the routing features. Now, I'm going to assign it the IP address
00:18:53 - 10.1.24.1/30. So I'll say IP address 10.1.24.1,
00:19:02 - 2552552552. I want to add a side note, that doesn't
00:19:06 - change the physical characteristics of the port, meaning I don't
00:19:10 - need like a crossover cable now to connect two routers back to
00:19:13 - back. But that's essentially how it acts. It's almost as if you
00:19:16 - had a crossover between two different devices. Now this, I should
00:19:21 - mention, this router over here is the .2 of the /30 subnet. So
00:19:26 - let's see if I can ping it. I'll do ping it 10.1.24.2.
00:19:30 - Enter. Voila. We have five now successful pings over to that
00:19:37 - router. And that router, by the way, is running EIGRP and connects
00:19:41 - off to the Internet. So check this out. Look at this third step.
00:19:44 - Optional enable routing protocols. On a switch? No, it's not
00:19:48 - a switch anymore, it's a router. As a matter of fact, host name,
00:19:51 - SWOUTER because that's what it's become. It's a switch and a
00:19:55 - router all at once. So I'm going to go into router
00:20:02 - EIGRP 1, which is the same autonomous system as the router over
00:20:06 - there. Do a no auto summary, and network.
00:20:11 - 10.0.0, which will run it for all the 10 network. Now that will
00:20:16 - actually form a neighbor relationship with the router. I'll do
00:20:19 - a show IP ERGP neighbor, and sure enough look at that, we have
00:20:24 - our first neighbor that's come up over fast ethernet 0/24.
00:20:30 - Do a show IP route.
00:20:32 - Amazing. Look at that. You see that? I actually am learning routes
00:20:36 - on a switch. No, a swouter. That's learning about these are just
00:20:41 - a couple of loopback interfaces I created over on that router
00:20:44 - so it looks like it has more interfaces. This is the default
00:20:47 - route that I'm advertising in from the Internet. So the switch
00:20:53 - should now be able to reach the Internet through that router.
00:20:56 - So amazing. I mean, it really is a swouter because we have full
00:21:01 - routing capabilities. I'm running routing cables, running virtual
00:21:03 - interfaces, routing between VLANs all within a switch; and yet
00:21:08 - I haven't yet told you what the best benefit of doing this is.
00:21:13 - To do that, I have to enlist a few friends of mine to help. There's
00:21:18 - a little story behind this as you can imagine. When I first got
00:21:22 - married to my wife, we found out that we were two very different
00:21:26 - people, as most people who get married find out. She is a dog
00:21:31 - person and I am a cat person. And she had this little dog that's
00:21:36 - a Lhasa Apso, kind of one of those on the screen there, kind
00:21:39 - of thinks it owns the world, has the attitude of like I'm a little
00:21:43 - princess, don't mess with me. And the dog and I just didn't get
00:21:47 - along. So, anyway, after a few months of marital conversations
00:21:53 - about the dog, we sort of just disagreed on the whole dog thing
00:21:59 - on how this dog should be treated and disciplined and all of
00:22:02 - that, because it barks all the time. So, anyhow, let's imagine.
00:22:07 - This is where the real reality breaks off into my imagination.
00:22:11 - Imagine that my wife, Sue, went ahead and went to the President
00:22:15 - of the United States and said, this is the little track here,
00:22:19 - up to the President of the United States and said: Mr. President,
00:22:24 - my husband and I are just disputing about this dog. It barks
00:22:27 - all the time. I think that gentle love is the best way to discipline,
00:22:31 - and he thinks just abuse, beating the dog is the best way to
00:22:36 - discipline, and I need to protect this dog from my husband, can
00:22:41 - you pass a law, please, that will say this dog has the same rights
00:22:45 - as humans and we can take care of that, and just make sure everything's
00:22:50 - okay. The President of the United States looks at the bill and
00:22:52 - it's like, why, yes, I think that's great. I have a dog of my
00:22:57 - own, and I think it should be protected. So the president puts
00:23:00 - his stamp of approval on it and the bill becomes a law. This
00:23:07 - is the law over here. The Lhasa Apso still now has the same rights
00:23:11 - as humans. I say still. It does. It really does in our home.
00:23:15 - But, anyway, the president looks at this and the president says:
00:23:19 - I can see where this is going. Right now she's coming for a Lhasa
00:23:24 - Apso but there's other breeds. There's Bulldogs, and Golden Retrievers
00:23:28 - and Poodles, and I'll tell you what, because I don't want to
00:23:31 - be bothered with all this hassle of all these dogs getting the
00:23:35 - same rights as humans, I'll just pass this down to my secretary
00:23:38 - and say if you get any future bills from Susan about the rights
00:23:43 - of any breed of dog, just go ahead and put my stamp of approval
00:23:46 - on it, the golden seal, and that will become law. And that's
00:23:50 - fine. So same thing happens. She comes in with Golden Retriever,
00:23:54 - much less bureaucratic, and just cuts straight through. And we
00:23:58 - have all these laws for all the dogs. You might be wondering
00:24:02 - what on earth does this have to do with anything switching. Here's
00:24:06 - the deal. The President of the United States
00:24:10 - is really the router inside of the switch. The dog over here
00:24:17 - represents one host,
00:24:19 - a PC, and the law represents yet another host. We'll say a server.
00:24:24 - The secretary is the missing piece in this whole discussion.
00:24:27 - We haven't talked about it. We'll call this Mrs. CEF for now.
00:24:33 - Okay. Here's the idea. When the very first packet goes from one
00:24:39 - host on one VLAN to another host in another VLAN or some other
00:24:43 - route, maybe it's a router, maybe it's the Internet. Maybe it's
00:24:45 - the server. Maybe it's a printer, could be anything. That first
00:24:50 - packet is going to go to the router inside of the switch, which
00:24:54 - even though it's all dressed up in this beautiful switch chassis,
00:24:58 - it's still a router. It's still slow. There's a lot of bureaucratics
00:25:01 - that goes on inside that router. It's software based and so on.
00:25:04 - But the key is once one packet has hit that router, the router
00:25:09 - passes it down to the switch side, or you could call it Mrs.
00:25:14 - CEF, CEF. Call her Mrs. ASICS. You could call her a lot of things.
00:25:20 - But that is the hardware piece of the switch. So all future packets
00:25:25 - fly through without having to be checked by the router. Because
00:25:29 - that is known as multi layer switching. Now, a lot of people
00:25:34 - you see the title of this slide. Understanding layer three versus
00:25:36 - multi layer switching, a lot of people just kind of use those
00:25:39 - interchangeably. I do. I'm one of those people. It's a multi
00:25:42 - layer switch, I mean layer three switch. What's the difference.
00:25:45 - Technically speaking, a layer three switch is a switch with a
00:25:51 - router inside. That's it. It's a switch that can do routing.
00:25:55 - It's got the president. A multi layer switch is a switch that
00:25:59 - has the ability to cache route information. That is Mrs. CEF
00:26:03 - down here. Now, let me say this. Here's the fact of the day.
00:26:08 - Every layer three switch is also a multi layer switch. But
00:26:15 - not every multi layer switch is really a layer three switch.
00:26:20 - Did you follow that? Not every multi layer switch is really a
00:26:23 - layer three switch. What that means is not every switch has a
00:26:27 - router inside, which leads to a network architecture that could
00:26:30 - look like this. Maybe you have a couple layer three switches,
00:26:34 - distribution layer, big pricey switches, then at the lower layer
00:26:38 - you have all these multi layer switches, things that can cache
00:26:41 - the information, meaning remember what the router told it but
00:26:45 - again do routing on its own. So here's the deal. You've got one
00:26:49 - PC represented by the Lhasa Apso over there and another server
00:26:53 - over here represented by the law. The very first packet has to
00:26:57 - go up here and to the router component of the distribution layer
00:27:00 - switch and the router sees, oh, I need to cross over here, I
00:27:03 - need to pass it down here. We're into the switching piece and
00:27:05 - we hit the server. And then from there on out, maybe this is
00:27:09 - on one VLAN, this is on another, all future packets from that
00:27:13 - host to that server can just pass through the layer two engine,
00:27:16 - if you will, or just be CEFed across the way. Now, we're going
00:27:22 - to talk a lot in the next video about how that works and the
00:27:25 - technology behind CEF, but that is a big piece of why using those
00:27:30 - switches, like we just did, we set up those layer three interfaces
00:27:33 - is so much better than just using a router on a stick, and that
00:27:38 - is the foundation of routing between VLANs, enter VLAN routing
00:27:42 - extraordinaire. What we saw was first off the famous router on
00:27:47 - a stick. It truly is famous. It's been around for eons. I think
00:27:51 - they've even passed it down to the CC and A level now as a way
00:27:55 - to move between VLANs. Then we stepped into the advantages of
00:27:59 - using multi layer switches. Some of which I just talked about
00:28:02 - and others we talked about beforehand using those switch virtual
00:28:05 - interfaces and finally we walked through the configuration of
00:28:09 - multi layer switching two methods, switch virtual interfaces
00:28:13 - which are those logical interfaces that can be reached by any
00:28:16 - port assigned to the VLAN, and then the routed port, which is
00:28:21 - enabled by using that no switch port command, and literally turns
00:28:24 - that port of your switch into a router. I hope this has been
00:28:28 - informative for you and I'd like to thank you for viewing.

L3 Switching: Understanding CEF Optimization

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 1

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 2

Campus Security: Basic Port Security and 802.1x

Campus Security: VLAN and Spoofing Attacks

Campus Security: STP Attacks and Other Security Considerations

Campus VoIP: Overview, Considerations, and AutoQoS

Wireless LAN: Foundation Concepts and Design Part 1

Wireless LAN: Foundation Concepts and Design Part 2

Wireless LAN: Frequencies and 802.11 Standards

Wireless LAN: Understanding the Hardware

The Switches Domain: Additional Life-Saving Technology

Monitoring: Your Pulse on the Network

Campus Security: VACLs

This forum is for community use – trainers will not participate in conversations. Share your thoughts on training content and engage with other members of the CBT Nuggets community. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Community Standards

We encourage you to share your wisdom, opinions, and questions with the CBT Nuggets community. To keep things civil, we have established the following policy.

We reserve the right not to post comments that:
contain obscene, indecent, or profane language; contain threats or defamatory statements; contain personal attacks; contain hate speech directed at race, color, sex, sexual orientation, national origin, ethnicity, age, religion, or disability; contributes to a hostile atmosphere; or promotes or endorses services or products. Non-commercial links, if relevant to the topic, are acceptable. Comments are not moderated, however, all comments will automatically be filtered for content that might violate our comment policies. If your comment is flagged by our filter, it will not be published.

We will be continually monitoring published comments and any content that violates our policies will be removed. Users who repeatedly violate our comments policy may be prohibited from commenting.

Course Features

Speed Control

Play videos at a faster or slower pace.

Bookmarks

Pick up where you left off watching a video.

Notes

Jot down information to refer back to at a later time.

Closed Captions

Follow what the trainers are saying with ease.

MP3 Downloads

Listen to videos anytime, anywhere

Annual Course Features

Transcender Practice Exams

These practice tests help you review your knowledge and prepare you for exams.
Available only with the annual subscription.
Jeremy Cioara

Jeremy Cioara

CBT Nuggets Trainer

Certifications:
Cisco CCNA, CCDA, CCNA Security, CCNA Voice, CCNP, CCSP, CCVP, CCDP, CCIE R&S; Amazon Web Services CSA; Microsoft MCP, MCSE, Novell CNA, CNE; CompTIA A+, Network+, iNet+

Area Of Expertise:
Cisco network administration and development. Author or coauthor of numerous books, including: CCNA Voice 640-461 Official Cert Guide; CCNA Voice Official Exam Certification Guide (640-460 IIUC); CCENT Exam Prep (Exam 640-822); CCNA Exam Cram (Exam 640-802) 3rd Edition; and CCNA Voice 640-461 Official Cert Guide.

Add training to a playlist
or create a new list
Add to current playlist
or add to an existing list
Add to new playlist
Add New Bookmark

L3 Switching: InterVLAN Routing Extraordinaire
Bookmark Title:
Whoops

Login is required to access this feature.

Your browser cannot access Virtual Labs
Video Options

This advanced buffering is applied to all streams regardless if you installed the doublespeed control or not. Sometimes the advanced buffering causes the video to hang or behave erratically. If you are experienceing issues with video playback please disable the doublespeed buffer.

Remember to re-enable the buffer if you want to use the doublespeed control.

If you are experiencing problems with our content delivery, please click here to switch to our alternate content delivery network or go to our network FAQ.
For other common video playback issues, including firewall and corporate network issues, please visit our Tech Support forum.