Try our training for free.

Gain instant access to our entire IT training library for 1 week. Train anytime on your desktop, tablet, or mobile devices.

Employers know that CCNP-certified job applicants have a real-world knowledge of networking.  They also know that Cisco awards big discounts to companies that hire Cisco-certified staff. 

After watching Jeremy Cioara's new CCNP 642-813 SWITCH training, you'll be a master-level consultant on Cisco switched networks. You'll also have brighter career prospects and be an important step closer to CCNP certification.

Jeremy covers everything you ever wanted to know about switching in this update to his existing BCMSN course.  In no time, you'll be designing your network for maximum uptime and preparing it for advanced services like WiFi, VoIP and Video over IP. 

Jeremy's training maps to Cisco CCNP certification exam 642-813....
Employers know that CCNP-certified job applicants have a real-world knowledge of networking.  They also know that Cisco awards big discounts to companies that hire Cisco-certified staff. 

After watching Jeremy Cioara's new CCNP 642-813 SWITCH training, you'll be a master-level consultant on Cisco switched networks. You'll also have brighter career prospects and be an important step closer to CCNP certification.

Jeremy covers everything you ever wanted to know about switching in this update to his existing BCMSN course.  In no time, you'll be designing your network for maximum uptime and preparing it for advanced services like WiFi, VoIP and Video over IP. 

Jeremy's training maps to Cisco CCNP certification exam 642-813.
1. Welcome to Cisco Switch: Watch Me First! (17 min)
2. The Switches Domain: Core Concepts and Design (42 min)
3. VLANs: Configuration and Verification (13 min)
4. VLANs: In-Depth Trunking (35 min)
5. VLANs: VLAN Trunking Protocol (33 min)
6. STP: Foundation Per-VLAN Spanning Tree Concepts, Part 1 (23 min)
7. STP: Foundation Per-VLAN Spanning Tree Concepts, Part 2 (34 min)
8. STP: Rapid Spanning Tree Concepts and Configuration (24 min)
9. EtherChannel: Aggregating Redundant Links (24 min)
10. L3 Switching: InterVLAN Routing Extraordinaire (28 min)
11. L3 Switching: Understanding CEF Optimization (16 min)
12. Redundancy in the Campus: HSRP, VRRP, and GLBP Part 1 (43 min)
13. Redundancy in the Campus: HSRP, VRRP, and GLBP Part 2 (23 min)
14. Campus Security: Basic Port Security and 802.1x (32 min)
15. Campus Security: VLAN and Spoofing Attacks (31 min)
16. Campus Security: STP Attacks and Other Security Considerations (15 min)
17. Campus VoIP: Overview, Considerations, and AutoQoS (44 min)
18. Wireless LAN: Foundation Concepts and Design Part 1 (26 min)
19. Wireless LAN: Foundation Concepts and Design Part 2 (22 min)
20. Wireless LAN: Frequencies and 802.11 Standards (34 min)
21. Wireless LAN: Understanding the Hardware (30 min)
22. The Switches Domain: Additional Life-Saving Technology (22 min)
23. Monitoring: Your Pulse on the Network (45 min)
24. Campus Security: VACLs (14 min)

Welcome to Cisco Switch: Watch Me First!

The Switches Domain: Core Concepts and Design

VLANs: Configuration and Verification

VLANs: In-Depth Trunking

VLANs: VLAN Trunking Protocol

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 1

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 2

STP: Rapid Spanning Tree Concepts and Configuration

EtherChannel: Aggregating Redundant Links

L3 Switching: InterVLAN Routing Extraordinaire

00:00:00

Inter VLAN routing extraordinaire. What would a switching course be without bringing some routing into the picture. It would just all be layer two. That's it. Nothing would move between VLANs and that's what we're going to talk about here. We're going to look at ways to move traffic

00:00:19

between different VLANs. We'll look at the first mechanism, the famous router on a stick, then we'll move into multi layer switching, some of the advantages of using a multi layer switch, and then the actual configuration. Well, let's start this video off as we do with most: A dilemma to be solved. We've talked all about VLANs up to this point,

00:00:41

and set up VLANs between our switches, but now our clients need to get between VLANs. The VLANs by design have isolated them into their own subnets to segment the networks, segment broadcast, put up security boundaries, but there's times when we need to route between those VLANs. So what are our solutions?

00:01:02

The first solution to this dilemma is one of my favorite technical concepts to talk about, because of the name. A router on a stick. Reminds me of a corndog. But this router is a router with a fast ethernet or greater interface, that has a trunk configuration set up to the switch. Now, the switch is going to send it all

00:01:22

the VLAN information as trunks do, across that trunk line, and the router is going to have more than one IP address assigned to the interface using sub interfaces, and we'll talk about that in the next slide when we get into the configuration of this. The advantages of using a router on a stick is it's very simple to set up. You can use your existing equipment and it's a lower

00:01:42

cost because you don't have to have any special switch hardware to do this. It's all on a router, which you typically have connecting to your WAN interface anyway. Now, the disadvantages of this config is, number one, you can have congestion on a link. Especially if this is not a multi

00:02:00

layer switch. Again, we'll talk about that as we expand on some of the hardware that the modern switches come with, because every single stream or conversation that's coming from this VLAN goes into this switch, through the router, back out, loops around, and out the other VLAN. So you're really eating up a full duplex

00:02:22

connection because the traffic goes in and comes back out into the switch. Now, a multi layer switch can ease that load greatly on the router, but still the congestion on that link can be one of the worries you have to think about. Second is that you have

00:02:36

a single point of failure, meaning if that router goes down you lose all of your routing for all of your VLANs. So the alternative is to set up a redundant router on a stick, which can end up being pointless, because of the style of connection that it is.

00:02:51

It's essentially wasted equipment. Finally, the delay of routing. And this is something we're going to discover when we look at the solution number two. Routers compared to switches are very slow. Even though it feels fast as we're going through the router,

00:03:05

surfing the Internet and that sort of thing, it just can't hold a handle to a switch which does all of its movement of packets through the hardware. So comparatively speaking, a router on a stick is the slower solution. To set up a router on a stick, there's really two steps. Number

00:03:24

one, we need to configure a trunk on the switch that's connecting to the router. You can see I have fast ethernet 0/1 on the switch plugged over to the router. That needs to send all VLAN information to that direction so the router can route it. Step two is to

00:03:39

create sub interfaces on the router assign them IP addresses that respond to the VLAN that they belong to. So let's go ahead and work through these steps on live equipment. I'm going to bring up a switch right now. I'm going to go into interface fast ethernet 0/1 and I'll do switch port, trunk encapsulation, and depending on the router and IOS version you're using you can use either 802.12 or ISL. Cisco is trying to make ISL go away. So let's stick with their world and just do 802.1Q and type in switch port mode and trunk, enter. It's now hard coded as a trunk

00:04:19

port. I can go back here and do a show VLAN. I want to make sure the other pieces of the puzzle are in place. I've got VLAN 10 and VLAN 20 turned on right now, and they are a part of fast ethernet 11 and 12, which reflects our diagram right here. Host and VLAN 10. And host and VLAN 20. Now glancing at this config over here, the subnet I chose for VLAN 10 is 10.1.10.0 and 20 is 20.0. So that's the switch side of it. Now, once fast ethernet 0/1 negotiates a trunk, it will disappear from this VLAN list and not show up because trunks don't appear in the VLANs. Grabbing my console cable and switching it over to the

00:05:03

router, there we go, I'm on my router on a stick right now. And I'm going to go into global config mode, interface fast ethernet 0/0 and type in a command that we're all familiar with and done many times, I'm sure. No shutdown. I'm typing that just to make

00:05:20

sure you guys catch that that's all I do under the physical interface. If I were to assign an IP address to the physical interface to this router, it would be responding for VLAN 1. Now, Cisco's recommendation says try not to use VLAN 1 on production networks. It's just more secure that way, because everybody assumes most things are a part of VLAN 1 if you're an intruder of some sort and there's a lot of vulnerabilities with that. So we'll stay

00:05:46

away from that and not assign an IP address to the physical interface. I'll just go directly in. Look at that, duplex mismatch. I'm going to go in and type well, let's go with half. Just to fix that duplex mismatch for now. All right. So I'm going to go into fast ethernet 0/0 dot and this is how we create a sub interface. I'll do a question

00:06:18

mark. We can have up to four billion 294 million da da da some number of sub interfaces. If you actually had the motivation to create that many sub interfaces, the router I'm sure would run out of memory before you got there. The reason they give you that many numbers is because they want to give you flexibility with what you name it. So you can do logical names for yourself.

00:06:40

Now, in our case this sub interface is going to route for VLAN 10. So I'm going to put dot 10 after that and create that sub interface. Now, I didn't have to do that. That was just a logical term for myself. I could create any sub interface number I want

00:06:57

to. I could have made sub interface 100 route for VLAN 10, because the key command that links this to VLAN 10 is typing in this: Encapsulation dot 1 Q 10. Enter. At that point, oh, it's telling me I typed things out of order. But that's saying to that sub

00:07:18

interface: You will respond for VLAN 10. Now, it's mentioning that this, if the interface doesn't support baby giant frames and the maximum transmission unit, it's been reduced and all that, what that's trying to say is it's now going to insert the tag into that sub interface. So if the interface on the other

00:07:36

side isn't expecting that, you're not going to get any connectivity. Now, some routers you have to type in the IP address or, I'm sorry, the encapsulation before you assign the IP address otherwise it will reject it. I'm going to say on this sub interface, the

00:07:53

IP address is 10.1.10.1. Get my 10.1.10.1. Excellent. I'm going to then exit out and type in interface, fast ethernet 0/.20 and do the same thing here. Encapsulation dot 1 Q 20 and enter I'll type in the IP address 10.1.20.1. Good. At this point I can do a show IP interface brief. And I'll just

00:08:25

include fast ethernet interfaces. And you can see right here I have an unassigned IP address on fast ethernet 0/0.10 and .20 have been assigned those IP addresses. We should be good to go. Now I just need to go to my host and set them up for that. So let me pause the video. I'll go over to these hosts configure

00:08:47

them with IP address and do some trace routes to make sure we're going through the router. All right. The machine I'm recording on right now is this PC right here in VLAN 20. I've assigned it the IP address 10.1.20.50 and I've assigned this PC over here, the Dell laptop, 10.1.10.50. So that's going to be the remote host. So let's bring up my command

00:09:11

prompt. And I'm going to do a ping 10.1.20.1. And right there we're getting there. And actually let me do a trace route. Now, is that the D option, because otherwise it tries to resolve host names and just takes forever. So do a trace route and sure enough it's directly connected. You can see one

00:09:32

millisecond right there. That, by the way, is the router on a stick that we're reaching. Let's go step by step, let's see if we can reach 10.1.10.1 on the other side. Excellent. You can see just one hop away and scrolling off the bottom of my command prompt here. There we go. So 10.1.10.1 and let's step it up one more to 10.1.10.50, which is my laptop over there on the other end. There's 20.1. It's going through the router and reaching 10.1.10.50 over on the other side. So our router on a stick solution is

00:10:09

working. But as I mentioned, this is the slower of the solutions. We're having to leave the switch, go to the router. Loop back around. Be processed by a router in the middle, and then come back into the switch. So let's move on to solution number two. Now, solution number two is where we take a router and smoosh it into the switch. Literally. Inside of the switch, if we look

00:10:34

inside, there's a router board that is capable of doing layer three processing. Now, the advantages of doing this, you can see right on the screen, is you route at wire speed. Now, there's a catch to that. And I'll talk about that in just a moment. But they have a method of moving a lot of the stuff that happens in the IOS software, a lot of the routing pieces, into the hardware of the switch. And that's what allows it to happen, and I'll

00:11:00

show you how in a moment. Second, is that you have the back plane bandwidth as your limiting factor. Remember when you had the router on a stick, we actually had this external router right here. Obviously you remember, previous slide, that we had to leave the switch on to the router. Now, this interface right

00:11:19

here was the bottleneck, because we have to go out and come back in on that same interface, which is typically 100 meg per second. Since we never leave the switch, since the router's inside of it, the back plane of the switch is the bandwidth, which is gigabits per second on tap. The back plane is the whole circuit board

00:11:37

if you will of the switch. Likewise, we have redundancy enabled meaning if we have multiple multi layer switches which most people do if they have an enterprise that's capable of supporting multi layer switching in the first place we can have another switch take over for another. Likewise, if you have, for instance, a

00:11:54

6500 or 4500 series switch, you will typically have redundant supervisor engines and redundant what's known as multi layer switch feature cards or MFC cards sitting on top of there. If one supervisor goes down, then the other one can take over for it. So all good things. Disadvantage, you can see it right there,

00:12:17

is cost. Just to give you this is modern day ballpark figures. Say a 2950 switch with no layered three support, you're probably looking at maybe, I don't know, three, 400 bucks or so for a 24 port switch. For a 3750, which has layer three support, you're probably looking somewhere in the range of $5,000. I kid you not, on the low end. So just to add that router inside

00:12:49

of the switch is a big deal. Now, the good news is not all switches need to support this. Before I dig any deeper into that, let's get into the how behind this. Multi layer switches support routing capabilities in one of two ways. The first and the more common

00:13:07

way is through something known as SVIs or switched virtual interfaces. Essentially these take the place of the, quote/unquote, router on a stick. They're the routers inside of the switch. And you can see I kind of diagrammed them here as just these little interfaces hanging out at the switch. But, remember, there is no physical

00:13:28

interface. When I create SVI 10, you're going to see that there's no physical port that it relates to. All I've done is I've created this mystical interface that all ports assigned to VLAN 10 can reach. So when I create this SVI 10, this PC will be able to reach it provided I give that interface an IP address in the same subnet as VLAN 10. Same thing with SVI 20 when I create that, VLAN 20 hosts or ports assigned to VLAN 20 will be able to reach that. So let me show you how that's done. I'm going

00:14:03

to go to the console connection of my switch. Got my interface coming up and down. So let's clear that out. I'm going to go and just do a show IP interface brief. And you can see right now this is pretty much a cleared switch. We've just got VLAN 1 interface which is currently shut down. I go down and I can see I've got interface fast ethernet

00:14:26

0/11 and 12 which are currently up. Because those are my hosts assigned to the VLAN. This is the same switch we were using before for the router on a stick. But this time we won't be using the router on a stick. I'll go into global config mode and type in

00:14:40

interface VLAN 10. Poof. Just like that I've created SVI 10 or interface VLAN 10. I'll do an IP address of 10.1.10.1, which I believe 10.1.10.1, correct, was the IP address I planned on assigning it 255255250. I usually do a no shut down to make sure it's up. I'll also do interface VLAN 20. IP address.

00:15:12

10.1.20.1. No shut. Shouldn't be necessary. Just because of that status message saying it's up. But just to be safe I'll do a no shut. Now I'll go back and do a show IP interface brief one more time. Hit enter. Now you can see these two mystical interfaces have appeared as I was mentioning. VLAN 10 and 20 are now existing on this switch. Every host that's assigned to VLAN 10 can reach this one and every host in VLAN 20 can reach this one, which are my two hosts I said before. The other key piece of turning on layer three

00:15:47

switching or multi layer switching is to go into global config mode and type in the command IP routing. I forget that all the time. Because if you don't do that, it's just going to say, okay, those are two interfaces but I'm not going to route between them.

00:16:02

On a router that command is in there by default. On a switch, if you went to turn on layer three switching, you need to enable it. So now I should be able to bring up my command prompt. Let me remove that into the window. Scrunch it down a little bit. And I'm going to do a ping 10.1.10.1, which, right, is not responding. Let me just make sure

00:16:30

my ARP good old Windows Vista locking me out of clearing my ARP table. Let me do a ARP A which prints my MAC address table looks like wait a second 10.20. Okay. There we go. That is the switch responding. As of right now I'm not too sure why 10.1.10 is not responding.

00:16:58

Right, then. You saw it here first, folks. I'm guessing that maybe I just got too impatient and killed it after the first ping could even come back. But, nonetheless, it's working right now. We've got 10.1.20.1, and 10.1.10.1, which is the two VLAN interfaces I just created on the switch right here. Now let me

00:17:19

just do the trace route. Let me do trace route dash D to 10.1.10.50 which is now reaching the Dell laptop I have connected over there in the separate VLAN. And let me just make sure we're all on the same page. I'm sitting in VLAN 20 right here pinging into the switch through the switch virtual interface and reaching the host over here in VLAN 10. So that is the layer three switching that is happening inside of that switch.

00:17:48

The other way I can turn on multi layer switching is by using routed ports. You can see that as my second part of my setup. Optional, I can create routed ports, meaning any interface, physical interface, I should say, of the switch, can be turned into a routed port. Let me demonstrate. I'm sitting on this switch right

00:18:08

now on fast ethernet 0/24 and right now it's a switch port. It's connected to an uplinked router, and I want to change that over into a routed port and give it an IP address to where, see if you can follow, this switch becomes a router with a fast ethernet interface. It just becomes like any other ethernet router at

00:18:28

that point at least on that one fast ethernet 0/24 port. Let me show you how it works and maybe it will be clearer. Bring up my terra term. I'm going to go into fast ethernet 0/24 and type in the command no switch port. As soon as I do that I turn off the switching capability on this interface and I turn on the routing features. Now, I'm going to assign it the IP address

00:18:53

10.1.24.1/30. So I'll say IP address 10.1.24.1, 2552552552. I want to add a side note, that doesn't change the physical characteristics of the port, meaning I don't need like a crossover cable now to connect two routers back to back. But that's essentially how it acts. It's almost as if you

00:19:16

had a crossover between two different devices. Now this, I should mention, this router over here is the .2 of the /30 subnet. So let's see if I can ping it. I'll do ping it 10.1.24.2. Enter. Voila. We have five now successful pings over to that router. And that router, by the way, is running EIGRP and connects

00:19:41

off to the Internet. So check this out. Look at this third step. Optional enable routing protocols. On a switch? No, it's not a switch anymore, it's a router. As a matter of fact, host name, SWOUTER because that's what it's become. It's a switch and a router all at once. So I'm going to go into router

00:20:02

EIGRP 1, which is the same autonomous system as the router over there. Do a no auto summary, and network. 10.0.0, which will run it for all the 10 network. Now that will actually form a neighbor relationship with the router. I'll do a show IP ERGP neighbor, and sure enough look at that, we have our first neighbor that's come up over fast ethernet 0/24. Do a show IP route.

00:20:32

Amazing. Look at that. You see that? I actually am learning routes on a switch. No, a swouter. That's learning about these are just a couple of loopback interfaces I created over on that router so it looks like it has more interfaces. This is the default

00:20:47

route that I'm advertising in from the Internet. So the switch should now be able to reach the Internet through that router. So amazing. I mean, it really is a swouter because we have full routing capabilities. I'm running routing cables, running virtual

00:21:03

interfaces, routing between VLANs all within a switch; and yet I haven't yet told you what the best benefit of doing this is. To do that, I have to enlist a few friends of mine to help. There's a little story behind this as you can imagine. When I first got

00:21:22

married to my wife, we found out that we were two very different people, as most people who get married find out. She is a dog person and I am a cat person. And she had this little dog that's a Lhasa Apso, kind of one of those on the screen there, kind of thinks it owns the world, has the attitude of like I'm a little princess, don't mess with me. And the dog and I just didn't get

00:21:47

along. So, anyway, after a few months of marital conversations about the dog, we sort of just disagreed on the whole dog thing on how this dog should be treated and disciplined and all of that, because it barks all the time. So, anyhow, let's imagine. This is where the real reality breaks off into my imagination.

00:22:11

Imagine that my wife, Sue, went ahead and went to the President of the United States and said, this is the little track here, up to the President of the United States and said: Mr. President, my husband and I are just disputing about this dog. It barks all the time. I think that gentle love is the best way to discipline,

00:22:31

and he thinks just abuse, beating the dog is the best way to discipline, and I need to protect this dog from my husband, can you pass a law, please, that will say this dog has the same rights as humans and we can take care of that, and just make sure everything's okay. The President of the United States looks at the bill and

00:22:52

it's like, why, yes, I think that's great. I have a dog of my own, and I think it should be protected. So the president puts his stamp of approval on it and the bill becomes a law. This is the law over here. The Lhasa Apso still now has the same rights as humans. I say still. It does. It really does in our home.

00:23:15

But, anyway, the president looks at this and the president says: I can see where this is going. Right now she's coming for a Lhasa Apso but there's other breeds. There's Bulldogs, and Golden Retrievers and Poodles, and I'll tell you what, because I don't want to be bothered with all this hassle of all these dogs getting the same rights as humans, I'll just pass this down to my secretary and say if you get any future bills from Susan about the rights of any breed of dog, just go ahead and put my stamp of approval on it, the golden seal, and that will become law. And that's

00:23:50

fine. So same thing happens. She comes in with Golden Retriever, much less bureaucratic, and just cuts straight through. And we have all these laws for all the dogs. You might be wondering what on earth does this have to do with anything switching. Here's

00:24:06

the deal. The President of the United States is really the router inside of the switch. The dog over here represents one host, a PC, and the law represents yet another host. We'll say a server. The secretary is the missing piece in this whole discussion.

00:24:27

We haven't talked about it. We'll call this Mrs. CEF for now. Okay. Here's the idea. When the very first packet goes from one host on one VLAN to another host in another VLAN or some other route, maybe it's a router, maybe it's the Internet. Maybe it's the server. Maybe it's a printer, could be anything. That first

00:24:50

packet is going to go to the router inside of the switch, which even though it's all dressed up in this beautiful switch chassis, it's still a router. It's still slow. There's a lot of bureaucratics that goes on inside that router. It's software based and so on.

00:25:04

But the key is once one packet has hit that router, the router passes it down to the switch side, or you could call it Mrs. CEF, CEF. Call her Mrs. ASICS. You could call her a lot of things. But that is the hardware piece of the switch. So all future packets

00:25:25

fly through without having to be checked by the router. Because that is known as multi layer switching. Now, a lot of people you see the title of this slide. Understanding layer three versus multi layer switching, a lot of people just kind of use those interchangeably. I do. I'm one of those people. It's a multi

00:25:42

layer switch, I mean layer three switch. What's the difference. Technically speaking, a layer three switch is a switch with a router inside. That's it. It's a switch that can do routing. It's got the president. A multi layer switch is a switch that has the ability to cache route information. That is Mrs. CEF

00:26:03

down here. Now, let me say this. Here's the fact of the day. Every layer three switch is also a multi layer switch. But not every multi layer switch is really a layer three switch. Did you follow that? Not every multi layer switch is really a layer three switch. What that means is not every switch has a

00:26:27

router inside, which leads to a network architecture that could look like this. Maybe you have a couple layer three switches, distribution layer, big pricey switches, then at the lower layer you have all these multi layer switches, things that can cache the information, meaning remember what the router told it but again do routing on its own. So here's the deal. You've got one

00:26:49

PC represented by the Lhasa Apso over there and another server over here represented by the law. The very first packet has to go up here and to the router component of the distribution layer switch and the router sees, oh, I need to cross over here, I need to pass it down here. We're into the switching piece and

00:27:05

we hit the server. And then from there on out, maybe this is on one VLAN, this is on another, all future packets from that host to that server can just pass through the layer two engine, if you will, or just be CEFed across the way. Now, we're going to talk a lot in the next video about how that works and the technology behind CEF, but that is a big piece of why using those switches, like we just did, we set up those layer three interfaces is so much better than just using a router on a stick, and that is the foundation of routing between VLANs, enter VLAN routing extraordinaire. What we saw was first off the famous router on

00:27:47

a stick. It truly is famous. It's been around for eons. I think they've even passed it down to the CC and A level now as a way to move between VLANs. Then we stepped into the advantages of using multi layer switches. Some of which I just talked about and others we talked about beforehand using those switch virtual interfaces and finally we walked through the configuration of multi layer switching two methods, switch virtual interfaces which are those logical interfaces that can be reached by any port assigned to the VLAN, and then the routed port, which is enabled by using that no switch port command, and literally turns that port of your switch into a router. I hope this has been

00:28:28

informative for you and I'd like to thank you for viewing. Inter VLAN routing extraordinaire. What would a switching course be without bringing some routing into the picture. It would just all be layer two. That's it. Nothing would move between VLANs and that's what we're going to talk about here. We're going to look at ways to move traffic

00:00:19

between different VLANs. We'll look at the first mechanism, the famous router on a stick, then we'll move into multi layer switching, some of the advantages of using a multi layer switch, and then the actual configuration. Well, let's start this video off as we do with most: A dilemma to be solved. We've talked all about VLANs up to this point,

00:00:41

and set up VLANs between our switches, but now our clients need to get between VLANs. The VLANs by design have isolated them into their own subnets to segment the networks, segment broadcast, put up security boundaries, but there's times when we need to route between those VLANs. So what are our solutions?

00:01:02

The first solution to this dilemma is one of my favorite technical concepts to talk about, because of the name. A router on a stick. Reminds me of a corndog. But this router is a router with a fast ethernet or greater interface, that has a trunk configuration set up to the switch. Now, the switch is going to send it all

00:01:22

the VLAN information as trunks do, across that trunk line, and the router is going to have more than one IP address assigned to the interface using sub interfaces, and we'll talk about that in the next slide when we get into the configuration of this. The advantages of using a router on a stick is it's very simple to set up. You can use your existing equipment and it's a lower

00:01:42

cost because you don't have to have any special switch hardware to do this. It's all on a router, which you typically have connecting to your WAN interface anyway. Now, the disadvantages of this config is, number one, you can have congestion on a link. Especially if this is not a multi

00:02:00

layer switch. Again, we'll talk about that as we expand on some of the hardware that the modern switches come with, because every single stream or conversation that's coming from this VLAN goes into this switch, through the router, back out, loops around, and out the other VLAN. So you're really eating up a full duplex

00:02:22

connection because the traffic goes in and comes back out into the switch. Now, a multi layer switch can ease that load greatly on the router, but still the congestion on that link can be one of the worries you have to think about. Second is that you have

00:02:36

a single point of failure, meaning if that router goes down you lose all of your routing for all of your VLANs. So the alternative is to set up a redundant router on a stick, which can end up being pointless, because of the style of connection that it is.

00:02:51

It's essentially wasted equipment. Finally, the delay of routing. And this is something we're going to discover when we look at the solution number two. Routers compared to switches are very slow. Even though it feels fast as we're going through the router,

00:03:05

surfing the Internet and that sort of thing, it just can't hold a handle to a switch which does all of its movement of packets through the hardware. So comparatively speaking, a router on a stick is the slower solution. To set up a router on a stick, there's really two steps. Number

00:03:24

one, we need to configure a trunk on the switch that's connecting to the router. You can see I have fast ethernet 0/1 on the switch plugged over to the router. That needs to send all VLAN information to that direction so the router can route it. Step two is to

00:03:39

create sub interfaces on the router assign them IP addresses that respond to the VLAN that they belong to. So let's go ahead and work through these steps on live equipment. I'm going to bring up a switch right now. I'm going to go into interface fast ethernet 0/1 and I'll do switch port, trunk encapsulation, and depending on the router and IOS version you're using you can use either 802.12 or ISL. Cisco is trying to make ISL go away. So let's stick with their world and just do 802.1Q and type in switch port mode and trunk, enter. It's now hard coded as a trunk

00:04:19

port. I can go back here and do a show VLAN. I want to make sure the other pieces of the puzzle are in place. I've got VLAN 10 and VLAN 20 turned on right now, and they are a part of fast ethernet 11 and 12, which reflects our diagram right here. Host and VLAN 10. And host and VLAN 20. Now glancing at this config over here, the subnet I chose for VLAN 10 is 10.1.10.0 and 20 is 20.0. So that's the switch side of it. Now, once fast ethernet 0/1 negotiates a trunk, it will disappear from this VLAN list and not show up because trunks don't appear in the VLANs. Grabbing my console cable and switching it over to the

00:05:03

router, there we go, I'm on my router on a stick right now. And I'm going to go into global config mode, interface fast ethernet 0/0 and type in a command that we're all familiar with and done many times, I'm sure. No shutdown. I'm typing that just to make

00:05:20

sure you guys catch that that's all I do under the physical interface. If I were to assign an IP address to the physical interface to this router, it would be responding for VLAN 1. Now, Cisco's recommendation says try not to use VLAN 1 on production networks. It's just more secure that way, because everybody assumes most things are a part of VLAN 1 if you're an intruder of some sort and there's a lot of vulnerabilities with that. So we'll stay

00:05:46

away from that and not assign an IP address to the physical interface. I'll just go directly in. Look at that, duplex mismatch. I'm going to go in and type well, let's go with half. Just to fix that duplex mismatch for now. All right. So I'm going to go into fast ethernet 0/0 dot and this is how we create a sub interface. I'll do a question

00:06:18

mark. We can have up to four billion 294 million da da da some number of sub interfaces. If you actually had the motivation to create that many sub interfaces, the router I'm sure would run out of memory before you got there. The reason they give you that many numbers is because they want to give you flexibility with what you name it. So you can do logical names for yourself.

00:06:40

Now, in our case this sub interface is going to route for VLAN 10. So I'm going to put dot 10 after that and create that sub interface. Now, I didn't have to do that. That was just a logical term for myself. I could create any sub interface number I want

00:06:57

to. I could have made sub interface 100 route for VLAN 10, because the key command that links this to VLAN 10 is typing in this: Encapsulation dot 1 Q 10. Enter. At that point, oh, it's telling me I typed things out of order. But that's saying to that sub

00:07:18

interface: You will respond for VLAN 10. Now, it's mentioning that this, if the interface doesn't support baby giant frames and the maximum transmission unit, it's been reduced and all that, what that's trying to say is it's now going to insert the tag into that sub interface. So if the interface on the other

00:07:36

side isn't expecting that, you're not going to get any connectivity. Now, some routers you have to type in the IP address or, I'm sorry, the encapsulation before you assign the IP address otherwise it will reject it. I'm going to say on this sub interface, the

00:07:53

IP address is 10.1.10.1. Get my 10.1.10.1. Excellent. I'm going to then exit out and type in interface, fast ethernet 0/.20 and do the same thing here. Encapsulation dot 1 Q 20 and enter I'll type in the IP address 10.1.20.1. Good. At this point I can do a show IP interface brief. And I'll just

00:08:25

include fast ethernet interfaces. And you can see right here I have an unassigned IP address on fast ethernet 0/0.10 and .20 have been assigned those IP addresses. We should be good to go. Now I just need to go to my host and set them up for that. So let me pause the video. I'll go over to these hosts configure

00:08:47

them with IP address and do some trace routes to make sure we're going through the router. All right. The machine I'm recording on right now is this PC right here in VLAN 20. I've assigned it the IP address 10.1.20.50 and I've assigned this PC over here, the Dell laptop, 10.1.10.50. So that's going to be the remote host. So let's bring up my command

00:09:11

prompt. And I'm going to do a ping 10.1.20.1. And right there we're getting there. And actually let me do a trace route. Now, is that the D option, because otherwise it tries to resolve host names and just takes forever. So do a trace route and sure enough it's directly connected. You can see one

00:09:32

millisecond right there. That, by the way, is the router on a stick that we're reaching. Let's go step by step, let's see if we can reach 10.1.10.1 on the other side. Excellent. You can see just one hop away and scrolling off the bottom of my command prompt here. There we go. So 10.1.10.1 and let's step it up one more to 10.1.10.50, which is my laptop over there on the other end. There's 20.1. It's going through the router and reaching 10.1.10.50 over on the other side. So our router on a stick solution is

00:10:09

working. But as I mentioned, this is the slower of the solutions. We're having to leave the switch, go to the router. Loop back around. Be processed by a router in the middle, and then come back into the switch. So let's move on to solution number two. Now, solution number two is where we take a router and smoosh it into the switch. Literally. Inside of the switch, if we look

00:10:34

inside, there's a router board that is capable of doing layer three processing. Now, the advantages of doing this, you can see right on the screen, is you route at wire speed. Now, there's a catch to that. And I'll talk about that in just a moment. But they have a method of moving a lot of the stuff that happens in the IOS software, a lot of the routing pieces, into the hardware of the switch. And that's what allows it to happen, and I'll

00:11:00

show you how in a moment. Second, is that you have the back plane bandwidth as your limiting factor. Remember when you had the router on a stick, we actually had this external router right here. Obviously you remember, previous slide, that we had to leave the switch on to the router. Now, this interface right

00:11:19

here was the bottleneck, because we have to go out and come back in on that same interface, which is typically 100 meg per second. Since we never leave the switch, since the router's inside of it, the back plane of the switch is the bandwidth, which is gigabits per second on tap. The back plane is the whole circuit board

00:11:37

if you will of the switch. Likewise, we have redundancy enabled meaning if we have multiple multi layer switches which most people do if they have an enterprise that's capable of supporting multi layer switching in the first place we can have another switch take over for another. Likewise, if you have, for instance, a

00:11:54

6500 or 4500 series switch, you will typically have redundant supervisor engines and redundant what's known as multi layer switch feature cards or MFC cards sitting on top of there. If one supervisor goes down, then the other one can take over for it. So all good things. Disadvantage, you can see it right there,

00:12:17

is cost. Just to give you this is modern day ballpark figures. Say a 2950 switch with no layered three support, you're probably looking at maybe, I don't know, three, 400 bucks or so for a 24 port switch. For a 3750, which has layer three support, you're probably looking somewhere in the range of $5,000. I kid you not, on the low end. So just to add that router inside

00:12:49

of the switch is a big deal. Now, the good news is not all switches need to support this. Before I dig any deeper into that, let's get into the how behind this. Multi layer switches support routing capabilities in one of two ways. The first and the more common

00:13:07

way is through something known as SVIs or switched virtual interfaces. Essentially these take the place of the, quote/unquote, router on a stick. They're the routers inside of the switch. And you can see I kind of diagrammed them here as just these little interfaces hanging out at the switch. But, remember, there is no physical

00:13:28

interface. When I create SVI 10, you're going to see that there's no physical port that it relates to. All I've done is I've created this mystical interface that all ports assigned to VLAN 10 can reach. So when I create this SVI 10, this PC will be able to reach it provided I give that interface an IP address in the same subnet as VLAN 10. Same thing with SVI 20 when I create that, VLAN 20 hosts or ports assigned to VLAN 20 will be able to reach that. So let me show you how that's done. I'm going

00:14:03

to go to the console connection of my switch. Got my interface coming up and down. So let's clear that out. I'm going to go and just do a show IP interface brief. And you can see right now this is pretty much a cleared switch. We've just got VLAN 1 interface which is currently shut down. I go down and I can see I've got interface fast ethernet

00:14:26

0/11 and 12 which are currently up. Because those are my hosts assigned to the VLAN. This is the same switch we were using before for the router on a stick. But this time we won't be using the router on a stick. I'll go into global config mode and type in

00:14:40

interface VLAN 10. Poof. Just like that I've created SVI 10 or interface VLAN 10. I'll do an IP address of 10.1.10.1, which I believe 10.1.10.1, correct, was the IP address I planned on assigning it 255255250. I usually do a no shut down to make sure it's up. I'll also do interface VLAN 20. IP address.

00:15:12

10.1.20.1. No shut. Shouldn't be necessary. Just because of that status message saying it's up. But just to be safe I'll do a no shut. Now I'll go back and do a show IP interface brief one more time. Hit enter. Now you can see these two mystical interfaces have appeared as I was mentioning. VLAN 10 and 20 are now existing on this switch. Every host that's assigned to VLAN 10 can reach this one and every host in VLAN 20 can reach this one, which are my two hosts I said before. The other key piece of turning on layer three

00:15:47

switching or multi layer switching is to go into global config mode and type in the command IP routing. I forget that all the time. Because if you don't do that, it's just going to say, okay, those are two interfaces but I'm not going to route between them.

00:16:02

On a router that command is in there by default. On a switch, if you went to turn on layer three switching, you need to enable it. So now I should be able to bring up my command prompt. Let me remove that into the window. Scrunch it down a little bit. And I'm going to do a ping 10.1.10.1, which, right, is not responding. Let me just make sure

00:16:30

my ARP good old Windows Vista locking me out of clearing my ARP table. Let me do a ARP A which prints my MAC address table looks like wait a second 10.20. Okay. There we go. That is the switch responding. As of right now I'm not too sure why 10.1.10 is not responding.

00:16:58

Right, then. You saw it here first, folks. I'm guessing that maybe I just got too impatient and killed it after the first ping could even come back. But, nonetheless, it's working right now. We've got 10.1.20.1, and 10.1.10.1, which is the two VLAN interfaces I just created on the switch right here. Now let me

00:17:19

just do the trace route. Let me do trace route dash D to 10.1.10.50 which is now reaching the Dell laptop I have connected over there in the separate VLAN. And let me just make sure we're all on the same page. I'm sitting in VLAN 20 right here pinging into the switch through the switch virtual interface and reaching the host over here in VLAN 10. So that is the layer three switching that is happening inside of that switch.

00:17:48

The other way I can turn on multi layer switching is by using routed ports. You can see that as my second part of my setup. Optional, I can create routed ports, meaning any interface, physical interface, I should say, of the switch, can be turned into a routed port. Let me demonstrate. I'm sitting on this switch right

00:18:08

now on fast ethernet 0/24 and right now it's a switch port. It's connected to an uplinked router, and I want to change that over into a routed port and give it an IP address to where, see if you can follow, this switch becomes a router with a fast ethernet interface. It just becomes like any other ethernet router at

00:18:28

that point at least on that one fast ethernet 0/24 port. Let me show you how it works and maybe it will be clearer. Bring up my terra term. I'm going to go into fast ethernet 0/24 and type in the command no switch port. As soon as I do that I turn off the switching capability on this interface and I turn on the routing features. Now, I'm going to assign it the IP address

00:18:53

10.1.24.1/30. So I'll say IP address 10.1.24.1, 2552552552. I want to add a side note, that doesn't change the physical characteristics of the port, meaning I don't need like a crossover cable now to connect two routers back to back. But that's essentially how it acts. It's almost as if you

00:19:16

had a crossover between two different devices. Now this, I should mention, this router over here is the .2 of the /30 subnet. So let's see if I can ping it. I'll do ping it 10.1.24.2. Enter. Voila. We have five now successful pings over to that router. And that router, by the way, is running EIGRP and connects

00:19:41

off to the Internet. So check this out. Look at this third step. Optional enable routing protocols. On a switch? No, it's not a switch anymore, it's a router. As a matter of fact, host name, SWOUTER because that's what it's become. It's a switch and a router all at once. So I'm going to go into router

00:20:02

EIGRP 1, which is the same autonomous system as the router over there. Do a no auto summary, and network. 10.0.0, which will run it for all the 10 network. Now that will actually form a neighbor relationship with the router. I'll do a show IP ERGP neighbor, and sure enough look at that, we have our first neighbor that's come up over fast ethernet 0/24. Do a show IP route.

00:20:32

Amazing. Look at that. You see that? I actually am learning routes on a switch. No, a swouter. That's learning about these are just a couple of loopback interfaces I created over on that router so it looks like it has more interfaces. This is the default

00:20:47

route that I'm advertising in from the Internet. So the switch should now be able to reach the Internet through that router. So amazing. I mean, it really is a swouter because we have full routing capabilities. I'm running routing cables, running virtual

00:21:03

interfaces, routing between VLANs all within a switch; and yet I haven't yet told you what the best benefit of doing this is. To do that, I have to enlist a few friends of mine to help. There's a little story behind this as you can imagine. When I first got

00:21:22

married to my wife, we found out that we were two very different people, as most people who get married find out. She is a dog person and I am a cat person. And she had this little dog that's a Lhasa Apso, kind of one of those on the screen there, kind of thinks it owns the world, has the attitude of like I'm a little princess, don't mess with me. And the dog and I just didn't get

00:21:47

along. So, anyway, after a few months of marital conversations about the dog, we sort of just disagreed on the whole dog thing on how this dog should be treated and disciplined and all of that, because it barks all the time. So, anyhow, let's imagine. This is where the real reality breaks off into my imagination.

00:22:11

Imagine that my wife, Sue, went ahead and went to the President of the United States and said, this is the little track here, up to the President of the United States and said: Mr. President, my husband and I are just disputing about this dog. It barks all the time. I think that gentle love is the best way to discipline,

00:22:31

and he thinks just abuse, beating the dog is the best way to discipline, and I need to protect this dog from my husband, can you pass a law, please, that will say this dog has the same rights as humans and we can take care of that, and just make sure everything's okay. The President of the United States looks at the bill and

00:22:52

it's like, why, yes, I think that's great. I have a dog of my own, and I think it should be protected. So the president puts his stamp of approval on it and the bill becomes a law. This is the law over here. The Lhasa Apso still now has the same rights as humans. I say still. It does. It really does in our home.

00:23:15

But, anyway, the president looks at this and the president says: I can see where this is going. Right now she's coming for a Lhasa Apso but there's other breeds. There's Bulldogs, and Golden Retrievers and Poodles, and I'll tell you what, because I don't want to be bothered with all this hassle of all these dogs getting the same rights as humans, I'll just pass this down to my secretary and say if you get any future bills from Susan about the rights of any breed of dog, just go ahead and put my stamp of approval on it, the golden seal, and that will become law. And that's

00:23:50

fine. So same thing happens. She comes in with Golden Retriever, much less bureaucratic, and just cuts straight through. And we have all these laws for all the dogs. You might be wondering what on earth does this have to do with anything switching. Here's

00:24:06

the deal. The President of the United States is really the router inside of the switch. The dog over here represents one host, a PC, and the law represents yet another host. We'll say a server. The secretary is the missing piece in this whole discussion.

00:24:27

We haven't talked about it. We'll call this Mrs. CEF for now. Okay. Here's the idea. When the very first packet goes from one host on one VLAN to another host in another VLAN or some other route, maybe it's a router, maybe it's the Internet. Maybe it's the server. Maybe it's a printer, could be anything. That first

00:24:50

packet is going to go to the router inside of the switch, which even though it's all dressed up in this beautiful switch chassis, it's still a router. It's still slow. There's a lot of bureaucratics that goes on inside that router. It's software based and so on.

00:25:04

But the key is once one packet has hit that router, the router passes it down to the switch side, or you could call it Mrs. CEF, CEF. Call her Mrs. ASICS. You could call her a lot of things. But that is the hardware piece of the switch. So all future packets

00:25:25

fly through without having to be checked by the router. Because that is known as multi layer switching. Now, a lot of people you see the title of this slide. Understanding layer three versus multi layer switching, a lot of people just kind of use those interchangeably. I do. I'm one of those people. It's a multi

00:25:42

layer switch, I mean layer three switch. What's the difference. Technically speaking, a layer three switch is a switch with a router inside. That's it. It's a switch that can do routing. It's got the president. A multi layer switch is a switch that has the ability to cache route information. That is Mrs. CEF

00:26:03

down here. Now, let me say this. Here's the fact of the day. Every layer three switch is also a multi layer switch. But not every multi layer switch is really a layer three switch. Did you follow that? Not every multi layer switch is really a layer three switch. What that means is not every switch has a

00:26:27

router inside, which leads to a network architecture that could look like this. Maybe you have a couple layer three switches, distribution layer, big pricey switches, then at the lower layer you have all these multi layer switches, things that can cache the information, meaning remember what the router told it but again do routing on its own. So here's the deal. You've got one

00:26:49

PC represented by the Lhasa Apso over there and another server over here represented by the law. The very first packet has to go up here and to the router component of the distribution layer switch and the router sees, oh, I need to cross over here, I need to pass it down here. We're into the switching piece and

00:27:05

we hit the server. And then from there on out, maybe this is on one VLAN, this is on another, all future packets from that host to that server can just pass through the layer two engine, if you will, or just be CEFed across the way. Now, we're going to talk a lot in the next video about how that works and the technology behind CEF, but that is a big piece of why using those switches, like we just did, we set up those layer three interfaces is so much better than just using a router on a stick, and that is the foundation of routing between VLANs, enter VLAN routing extraordinaire. What we saw was first off the famous router on

00:27:47

a stick. It truly is famous. It's been around for eons. I think they've even passed it down to the CC and A level now as a way to move between VLANs. Then we stepped into the advantages of using multi layer switches. Some of which I just talked about and others we talked about beforehand using those switch virtual interfaces and finally we walked through the configuration of multi layer switching two methods, switch virtual interfaces which are those logical interfaces that can be reached by any port assigned to the VLAN, and then the routed port, which is enabled by using that no switch port command, and literally turns that port of your switch into a router. I hope this has been

L3 Switching: Understanding CEF Optimization

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 1

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 2

Campus Security: Basic Port Security and 802.1x

Campus Security: VLAN and Spoofing Attacks

Campus Security: STP Attacks and Other Security Considerations

Campus VoIP: Overview, Considerations, and AutoQoS

Wireless LAN: Foundation Concepts and Design Part 1

Wireless LAN: Foundation Concepts and Design Part 2

Wireless LAN: Frequencies and 802.11 Standards

Wireless LAN: Understanding the Hardware

The Switches Domain: Additional Life-Saving Technology

Monitoring: Your Pulse on the Network

Campus Security: VACLs

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Intermediate 11 hrs 24 videos

COURSE RATING

Basic Plan Features


Speed Control
Included in this course
Play videos at a faster or slower pace.

Bookmarks
Included in this course
Pick up where you left off watching a video.

Notes
Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Included in this course
Follow what the trainers are saying with ease.

NuggetLab
Files/materials that supplement the video training

Premium Plan Features


Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Included in this course
Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Included in this course
Develop and maintain a study plan with assistance from coaches.
Jeremy Cioara
Nugget trainer since 2003