Revision Record Do Not Print this Page

Course Code Product Product Version Course Version

V5R2 V1R1

Author/ID Date Reviewer/ID New/ Update

Shi Miaomiao/swx791350 2019.10.23

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Inter-VLAN Communication

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
● By default, a Layer 2 switching network is a broadcast domain, which brings many
problems. Virtual local area network (VLAN) technology isolates such broadcast
domains, preventing users in different VLANs from communicating with each other.
However, such users sometimes need to communicate.
● This course describes how to implement inter-VLAN communication.

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
● On completion of this course, you will be able to understand:
🞐 Methods of implementing inter-VLAN communication.

🞐 How to use routers (physical interfaces or sub-interfaces) to implement inter-VLAN

communication.
🞐 How to use Layer 3 switches to implement inter-VLAN communication.

🞐 How Layer 3 packets are forwarded.

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Background
2. Using Routers' Physical Interfaces or Sub-interfaces to Implement Inter-VLAN
Communication
3. Using VLANIF Interfaces to Implement Inter-VLAN Communication
4. Layer 3 Communication Process

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Inter-VLAN Communication (1)
● In real-world network deployments, different IP address segments are assigned to different VLANs.

● PCs on the same network segment in the same VLAN can directly communicate with each other without the need for
Layer 3 forwarding devices. This communication mode is called Layer 2 communication.

● Inter-VLAN communication belongs to Layer 3 communication, which requires Layer 3 devices.

Layer 2 switch

Layer 2 Layer 2
communication communication

VLAN 10 VLAN 20
192.168.10.0/24 192.168.20.0/24

Layer 3 communication

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Inter-VLAN Communication (2)
● Common Layer 3 devices: routers, Layer 3 switches, firewalls, etc.

● Inter-VLAN communication is implemented by connecting a Layer 2 switch to a Layer 3 interface

of a Layer 3 device. The communication packets are routed by the Layer 3 device.
3
3
2 Layer 2 interface
Router 2
3 Layer 3 interface 2
Layer 2 switch 2
2
2 2

VLAN 10 VLAN 20
192.168.10.0/24 192.168.20.0/24

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Background
2. Using Routers' Physical Interfaces or Sub-interfaces to Implement Inter-VLAN
Communication
3. Using VLANIF Interfaces to Implement Inter-VLAN Communication
4. Layer 3 Communication Process

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Using Physical Using Sub-
Interfaces interfaces

Using a Router's Physical Interfaces

Physical Connection
• The Layer 3 interfaces of the router function as
R
1 gateways to forward traffic from the local network
GE 0/0/1 GE 0/0/2 segment to other network segments.
192.168.10.254 192.168.20.254 • The Layer 3 interfaces of the router cannot process
data frames with VLAN tags. Therefore, the interfaces
GE 0/0/3 GE 0/0/4
of the switch connected to the router must be set to the
Access (VLAN 10) Access (VLAN 20) access type.
• One physical interface of the router can function as the
GE 0/0/1 GE 0/0/2 gateway of only one VLAN, meaning that the number
Access (VLAN 10) Access (VLAN 20)
SW1 of required physical interfaces are determined by the
quantity of the deployed VLANs.
VLAN 10 VLAN 20
• A router, mainly forwarding packets at Layer 3,
provides only a small number of physical interfaces.
PC1 PC2
192.168.10.2/24 192.168.20.2/24
Therefore, the scalability of this solution is poor.
Default gateway: Default gateway:
192.168.10.254 192.168.20.254

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Using Physical Using Sub-
Interfaces interfaces

Using a Router's Sub-interfaces

Physical Connection
● A sub-interface is a logical interface created on a
R router's Ethernet interface and is identified by a
1
physical interface number and a sub-interface number.
GE 0/0/1.10 GE 0/0/1.20 Similar to a physical interface, a sub-interface can
192.168.10.254 192.168.20.254
perform Layer 3 forwarding.

G 0/0/24 ● Different from a physical interface, a sub-interface can

Trunk VLANs 10 20
terminate data frames with VLAN tags.

GE 0/0/1 GE 0/0/2 ● You can create multiple sub-interfaces on one physical

Access (VLAN 10) SW1 Access (VLAN 20)
interface. After connecting the physical interface to the
trunk interface of the switch, the physical interface can
VLAN 10 VLAN 20
provide Layer 3 forwarding services for multiple
PC1 PC2
192.168.10.2/24 192.168.20.2/24
VLANs.
Default gateway: Default gateway:
192.168.10.254 192.168.20.254

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Using Physical Using Sub-
Interfaces interfaces

Sub-Interface Processing
● The interface connecting the switch to the router is set to a trunk interface. The router forwards the
received packets to the corresponding sub-interfaces according to the VLAN tags in the packets.

GE 0/0/1.10 GE 0/0/1.20 Packets carrying VLAN 10

Packets carrying VLAN 20

GE 0/0/1 R1 GE 0/0/1.10
R1 GE 0/0/1
GE 0/0/1.20

SW1 • Based on the VLAN ID carried in a

VLAN 10 VLAN 20 packet, the device forwards the
packet to the corresponding sub-
Trunk interface (for example, GE 0/0/1.10)
GE 0/0/1 GE 0/0/24 GE 0/0/2 for processing.
• Through sub-interfaces, the device
Trunk can implement inter-VLAN
GE 0/0/24 communication at Layer 3.
SW1
192.168.10.2/24 192.168.20.2/24
Default gateway: Default gateway:
192.168.10.254 192.168.20.254

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Using Physical Using Sub-
Interfaces interfaces

Example for Configuring Sub-interfaces

[R1]interface GigabitEthernet0/0/1.10
[R1-GigabitEthernet0/0/1.10]dot1q termination vid 10
[R1-GigabitEthernet0/0/1.10]ip address 192.168.10.254 24
R1 [R1-GigabitEthernet0/0/1.10]arp broadcast enable

The VLAN IDs to be terminated need to be

configured on the sub-interfaces.
GE 0/0/1.10
The router selects proper sub-interfaces based on
GE 0/0/1 the VLAN IDs of the received packets. (The sub-
GE 0/0/1.20
interfaces accept tagged packets.)
The packets sent by the sub-interfaces carry the
configured termination VLAN IDs.

Trunk
GE0/0/24 [R1]interface GigabitEthernet0/0/1.20
[R1-GigabitEthernet0/0/1.20]dot1q termination vid 20
SW1 [R1-GigabitEthernet0/0/1.20]ip address 192.168.20.254 24
[R1-GigabitEthernet0/0/1.20]arp broadcast enable

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Background
2. Using Routers' Physical Interfaces or Sub-interfaces to Implement Inter-VLAN
Communication
3. Using VLANIF Interfaces to Implement Inter-VLAN Communication
4. Layer 3 Communication Process

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Layer 3 Switch and VLANIF Interfaces

• A Layer 2 switch provides only Layer 2 switching

functions.
Layer 3 switch • A Layer 3 switch provides routing functions through
Routing module Layer 3 interfaces (such as VLANIF interfaces) as well
VLANIF 10 Direct internal VLANIF 20 as the functions of a Layer 2 switch.
communication
• A VLANIF interface is a Layer 3 logical interface that
can remove and add VLAN tags. VLANIF interfaces
VLAN 10 Switching VLAN 20
module
therefore can be used to implement inter-VLAN
communication.

• A VLANIF interface number is the same as the ID of its

corresponding VLAN. For example, VLANIF 10 is
created based on VLAN 10.

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring VLANIF Interfaces
Basic configurations:
• VLANIF 10 192.168.10.254/24
• VLANIF 20 192.168.20.254/24 [SW1]vlan batch 10 20

[SW1] interface GigabitEthernet 0/0/1

SW1 [SW1-GigabitEthernet0/0/1] port link-type access
GE 0/0/1 GE 0/0/2
[SW1-GigabitEthernet0/0/1] port default vlan 10

[SW1] interface GigabitEthernet 0/0/2

[SW1-GigabitEthernet0/0/2] port link-type access

VLAN 10 VLAN 20
[SW1-GigabitEthernet0/0/2] port default vlan 20
PC1 PC2
192.168.10.2/24 192.168.20.2/24 Configure VLANIF interfaces:
Default gateway: Default gateway:
192.168.10.254 192.168.20.254 [SW1]interface Vlanif 10

• Configuration Requirements [SW1-Vlanif10]ip address 192.168.10.254 24

Configure VLANs 10 and 20 for the interfaces connecting to PC1 [SW1]interface Vlanif 20
and PC2, respectively. Configure the Layer 3 switch to allow the
[SW1-Vlanif20]ip address 192.168.20.254 24
two PCs to communicate with each other.

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLANIF Forwarding Process (1)

interface Vlanif10 interface Vlanif20

ip address 192.168.10.254 ip address 192.168.20.254
24 24 This example assumes that the required ARP or
(MAC: MAC2) (MAC: MAC2)
MAC address entries already exist on the PCs and
the Layer 3 switch.
Routing
VLANIF 10 VLANIF 20
module
The communication process between PC1 and PC2
is as follows:
Switching
VLAN 10 VLAN 20 1. PC1 performs calculation based on its local IP
module
address, local subnet mask, and destination IP
1 address, and finds that the destination device
Access interface
PC2 is not on its network segment. PC1 then
determines that Layer 3 communication is
PC1 PC2
IP: 192.168.10.2/24 IP: 192.168.20.2/24 required and sends the traffic destined for PC2 to
Default gateway: Default gateway:
192.168.10.254 192.168.20.254 its gateway. Data frame sent by PC1: source
MAC: MAC1 MAC: MAC3
MAC = MAC1, destination MAC = MAC2
Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLANIF Forwarding Process (2)

interface Vlanif10 3 interface Vlanif20

ip address 192.168.10.254 ip address 192.168.20.254
24 24 2. After receiving the packet sent from PC1 to PC2,
(MAC: MAC2) (MAC: MAC2)
the switch decapsulates the packet and finds that
the destination MAC address is the MAC address
VLANIF 10 VLANIF 20 Routing
module of VLANIF 10. The switch then sends the packet to
the routing module for further processing.
2
Switching
VLAN 10 VLAN 20 3. The routing module finds that the destination IP
module
address is 192.168.20.2, which is not the IP
address of its local interface, and determines that
Access interface this packet needs to be forwarded at Layer 3. By
searching the routing table, the routing module
PC1 PC2
IP: 192.168.10.2/24 IP: 192.168.20.2/24
finds a matching route – the direct route generated
Default gateway: Default gateway: by VLANIF 20 – for this packet.
192.168.10.254 192.168.20.254
MAC: MAC1 MAC: MAC3

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLANIF Forwarding Process (3)

interface Vlanif10 interface Vlanif20

ip address 192.168.10.254 ip address 192.168.20.254
24 24 4. Because the matching route is a direct route, the
(MAC: MAC2) (MAC: MAC2)
switch determines that the packet has reached the
last hop. It searches its ARP table for 192.168.20.2,
VLANIF 10 VLANIF 20 Routing
module obtains the corresponding MAC address, and sends

4 the packet to the switching module for re-

VLAN 10 VLAN 20
Switching encapsulation.
module
5. The switching module searches its MAC address
5 table to determine the outbound interface of the
Access interface frame and whether the frame needs to carry a VLAN
tag. Data frame sent by the switching module:
PC1 PC2
IP: 192.168.10.2/24 IP: 192.168.20.2/24
source MAC = MAC2, destination MAC = MAC3,
Default gateway: Default gateway: VLAN tag = None
192.168.10.254 192.168.20.254
MAC: MAC1 MAC: MAC3

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Background
2. Using Routers' Physical Interfaces or Sub-interfaces to Implement Inter-VLAN
Communication
3. Using VLANIF Interfaces to Implement Inter-VLAN Communication
4. Layer 3 Communication Process

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Logical Communication
Topology Connection Process

Network Topology

VLAN 10
PC1
IP: 192.168.10.2/24 R1
Default gateway:
SW1 SW2 NAT
192.168.10.254
GE 0/0/1
IS
GE 0/0/24 GE 0/0/2 GE 0/0/0 1.2.3.4
P
Server
2.3.4.
VLAN 20 5
• VLANIF 10: 192.168.10.254 24
PC2
IP: 192.168.20.2/24 • VLANIF 20: 192.168.20.254 24
Default gateway:
192.168.20.254 • VLANIF 30: 192.168.30.1 24

This topology is used as an example to describe the communication process from PC1 in VLAN
10 to the server (2.3.4.5) on the Internet.

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Logical Communication
Topology Connection Process

Logical Connection
Logical Connection

Routing
• Configure a default route on
VLANIF VLANIF VLANIF
10 20 30 module SW2 to allow intranet users
to access the Internet.

SW2 Switching R1
module NAT
VLAN 30
Internet
Access interface

Trunk interface
VLAN 10 VLAN 20 SW1 • On R1, configure static routes to the
user network segments of VLAN 10
Trunk and VLAN 20.
GE 0/0/1 GE 0/0/24 GE 0/0/2 • To enable intranet PCs using private
IP addresses to access the Internet,
configure Network Address and Port
Translation (NAPT) on R1.

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Logical Communication
Topology Connection Process

Communication Process (1)

VLANIF 10
IP: 192.168.10.254/24
MAC: MAC2

VLANIF 30
IP: 192.168.30.1/24
IP: 192.168.10.2/24 MAC: MAC2
Default gateway:
192.168.10.254 R1
MAC: MAC1 SW1 SW2 NAT
GE 0/0/1 GE 0/0/1
IS
GE 0/0/24 GE 0/0/2 GE 0/0/0 1.2.3.4
VLAN 10 P
192.168.30.2 Server
MAC: MAC3 2.3.4.
Source MAC: MAC1 5
PC Processing Destination MAC: MAC2
Before sending a packet to VLAN tag: None
2.3.4.5, the PC sends the
Source IP: 192.168.10.2
packet to its gateway after
determining that the destination Destination IP: 2.3.4.5
IP address is not on its network
segment.

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Logical Communication
Topology Connection Process

Communication Process (2)

VLANIF 10
IP: 192.168.10.254/24
MAC: MAC2

VLANIF 30
IP: 192.168.30.1/24
IP: 192.168.10.2/24 MAC: MAC2
Default gateway:
192.168.10.254 R1
MAC: MAC1 SW1 SW2 NAT
GE 0/0/1 GE 0/0/1
IS
GE 0/0/24 GE 0/0/2 GE 0/0/0 1.2.3.4
VLAN 10 P
192.168.30.2 Server
MAC: MAC3 2.3.4.
MAC Address VLAN Interface 5
MAC1 10 GE 0/0/1
Source MAC: MAC1
MAC2 10 GE 0/0/24
Destination MAC: MAC2

SW1 Processing VLAN tag: 10

Source IP: 192.168.10.2
After receiving the frame, SW1 searches the
MAC address table for the destination MAC Destination IP: 2.3.4.5
address and forwards the frame.

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Logical Communication
Topology Connection Process

Communication Process (3)

VLANIF 10
IP: 192.168.10.254/24
MAC: MAC2

VLANIF 30
IP: 192.168.30.1/24
IP: 192.168.10.2/24 MAC: MAC2
Default gateway:
192.168.10.254 R1
MAC: MAC1 SW1 SW2 NAT
GE 0/0/1 GE 0/0/1
IS
GE 0/0/24 GE 0/0/2 GE 0/0/0 1.2.3.4
VLAN 10 P
192.168.30.2 Server
Operational data of a Destination Network Next Hop Outbound Interface
MAC: MAC3 2.3.4.
routing table. 5
0.0.0.0/0 192.168.30.2 Vlanif30

SW2 Processing
After SW2 receives the frame, it finds that the destination MAC address is the MAC
address of its VLANIF 10 and sends the frame to the routing module, which then
searches the routing table for a route matching the destination IP address 2.3.4.5.
After finding that the matching route is a default route, the outbound interface is VLANIF
30, and the next hop is 192.168.30.2, SW2 searches its ARP table to obtain the MAC
address corresponding to 192.168.30.2.

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Logical Communication
Topology Connection Process

Communication Process (4)

VLANIF 10
IP: 192.168.10.254/24
MAC: MAC2

VLANIF 30
IP: 192.168.30.1/24
IP: 192.168.10.2/24 MAC: MAC2
Default gateway:
192.168.10.254 R1
MAC: MAC1 SW1 SW2 NAT
GE 0/0/1 GE 0/0/1
IS
GE 0/0/24 GE 0/0/2 GE 0/0/0 1.2.3.4
VLAN 10 P
192.168.30.2 Server
MAC: MAC3 2.3.4.
Destination Network MAC Outbound Interface 5
ARP entry
192.168.30.2 MAC3 GE 0/0/2 Source MAC: MAC2
Destination MAC: MAC3
SW2 Processing
VLAN tag: None
After finding the MAC address corresponding to 192.168.30.2,
SW2 replaces the source MAC address of the packet with the Source IP: 192.168.10.2
MAC address of VLANIF 30, and forwards the packet to the Destination IP: 2.3.4.5
switching module. The switching module searches the MAC
address table for the outbound interface and determines whether
the packet carries a VLAN tag.

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Logical Communication
Topology Connection Process

Communication Process (5)

VLANIF 10
IP: 192.168.10.254/24
MAC: MAC2

VLANIF 30
IP: 192.168.30.1/24
IP: 192.168.10.2/24 MAC: MAC2
Default gateway:
192.168.10.254 R1
MAC: MAC1 SW1 SW2 NAT
GE 0/0/1 GE 0/0/1
IS
GE 0/0/24 GE 0/0/2 GE 0/0/0 1.2.3.4
VLAN 10 P
192.168.30.2 Server
MAC: MAC3 2.3.4.
5
Source IP: 1.2.3.4
R1 Processing
Destination IP: 2.3.4.5
Checks the destination MAC address of the data packet
and finds that the MAC address belongs to its interface.
Checks the destination IP address and finds that it is not a
local IP address. Searches the routing table, finds a default
matching route, and forwards the packet to a carrier device
while performing NAT to translate the source IP address
and port number of the packet.

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. When a sub-interface is used to implement inter-VLAN communication, how does the switch
interface connected to the router need to be configured?
2. How are packets changed when being forwarded at Layer 3?

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
● This course describes three methods of implementing inter-VLAN communication:
through physical interfaces, sub-interfaces, and VLANIF interfaces.
● It also elaborates the Layer 3 communication process, and device processing
mechanism and packet header changes during the communication.

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 More Information
● Comparison between Layer 2 and Layer 3 interfaces

Layer 2 Interface Layer 3 Interface

An IP address cannot be configured for a Layer 2 interface. An IP address can be configured for a Layer 3 interface
A Layer 2 interface does not have a MAC address. A Layer 3 interface has a MAC address.

After a Layer 2 interface receives a data frame, it searches its MAC After a Layer 3 interface receives a data frame, if the destination MAC address of
address table for the destination MAC address of the frame. If a the data frame is the same as the local MAC address, it decapsulates the data
matching MAC address entry is found, it forwards the frame according frame and looks up the destination IP address of the data packet in the routing
to the entry. If no matching MAC address entry is found, it floods the table. If a matching route is found, it forwards the data frame according to the
frame. instruction of the route. If no matching route is found, it discards the packet.

A Layer 3 interface on a router is a typical Layer 3 interface.

A physical interface on a Layer 2 switch (has only Layer 2 switching
Physical interfaces on some Layer 3 switches can be switched to Layer 3 mode.
capabilities) is a typical Layer 2 interface. By default, the physical
In addition to Layer 3 physical interfaces, there are Layer 3 logical interfaces, such
interfaces of most Layer 3 switches (have both Layer 2 and Layer 3
as VLANIF interfaces on switches or logical sub-interfaces on other network
switching capabilities) work at Layer 2.
devices, such as GE 0/0/1.10.

Layer 2 interfaces do not isolate broadcast domains. They flood Layer 3 interfaces isolate broadcast domains. They directly terminate received
received broadcast frames. broadcast frames instead of flooding them.

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.