This article will discuss routing between VLANs using a layer 3 switch. There are two ways general ways to route in between VLANs, one is a ROAS (router on a stick) method and the other requires setting up SVIs for each VLAN and pointing the hosts on each VLAN subnet to the SVI IP address.
Enable IP Routing on a Layer 3 Switch
A. Use the sdm prefer lanbase-routing command (or similar) in global configuration mode to change the switch forwarding ASIC settings to make space for IPv4 routes at the next reload of the switch.
B. Use the reload EXEC command in enable mode to reboot the switch.
C. Once the switch boots up, use the ip routing command in global configuration mode to enable the IPv4 routing function in IOS software. Doing so will give you useful commands like show ip route
Configure Switch Virtual Interfaces (SVI)
A. Use the interface vlan vlan_id command in global configuration mode to create a VLAN interface. This also gives the switch’s routing logic a layer 3 interface connected into the VLAN of the same number.
B. Use the ip address address mask command in VLAN interface configuration mode to configure an IP address and mask on the VLAN interface, enabling IPv4 routing on that VLAN interface.
C. If a VLAN interface is down, use the no shutdown command in interface configuration mode to enable the VLAN interface
Verifying Routing with SVIs
Use the show ip route command. In the example below, I configured (2) VLANs:
Vlan 1: 10.0.0.0/24
Vlan 10: 10.0.10.0/24
You can see that the switch is ready to route packets between VLANs because it has each VLAN as a directly connected route.
You can now connect hosts to different VLAN access ports. You can use DHCP for both subnets. It’s easy if DHCP is running on the multilayer switch because DHCP broadcast messages will respond on both VLANs at the SVI IP address. If you are running an external DHCP server on one subnet, use the ip helper-address on the VLAN interface that doesn’t have DHCP and point it to the DHCP IP address on the other subnet. Once hosts on both VLANs have IPs, they should be able to ping eachother.
Routing Out the Layer 3 Switch
Set the Gateway of last resort on the layer 3 switch specifying the next hop router/ASA.
ip route 0.0.0.0 0.0.0.0 nextHopIP
If you are doing NAT for both VLANs so they can access the internet, make sure to set the correct ACLs for both subnets.