In a recent project I did I had a small ESXi infrastructure with SAN over iSCSI, two hosts, one UPS and two 3850 Cisco switches paired in a stack. This platform had several VLANs I had configured and I wanted some of these VLANs to route between them. You’d normally do this with a router through a concept I picked up called ”Router on a stick”.
I did not have a router so I scattered the web to find that the Cisco 3850 stack I had were layer 3 switches, and that I could use interVLAN routing for my mission.
The concept of router on a stick means you ”stick” a router onto your platform and use thise to route between the VLANs. The router is much more capable of routing specific routes hence this would be the best solution.
How to configure interVLAN routing on a Cisco layer 3 switch
It is quite simple actually, and I will do this step by step.
First enter the configure terminal.
VLABSWT01#conf t
Then create a VLAN 2.
VLABSWT01(config)#vlan 2
Exit and configure the new VLAN with an IP address and a subnet mask.
VLABSWT01(config-vlan)#exit
VLABSWT01(config)#int vlan 2
VLABSWT01(config-if)#ip address 172.18.33.1 255.255.255.0
Now exit and create a new VLAN but name it VLAN 3.
VLABSWT01(config-if)#exit
VLABSWT01(config)#vlan 3
VLABSWT01(config-vlan)#exit
VLABSWT01(config)#int vlan 3
VLABSWT01(config-if)#
VLABSWT01(config-if)#ip address 192.168.101.1 255.255.255.0
VLABSWT01(config-if)#exit
Enable ip routing. Remember the switch has to be a layer 3 switch to have this functionality.
VLABSWT01(config)#ip routing
Configure the port on which the 172.18.33.25 PC resides to be an access port in VLAN 2. Remember this was also the VLAN on which you configured a managed IP address in the form of 172.18.33.25.
VLABSWT01(config)#int fastEthernet 0/1
VLABSWT01(config-if)#switchport mode access
VLABSWT01(config-if)#switchport access vlan 2
VLABSWT01(config-if)#exit
Configure the port on which the 192.168.101.21 PC resides to be an access port in VLAN 3. This was also the VLAN on which you configured the managed IP address 192.168.101.21.
VLABSWT01(config)#int fastEthernet 0/2
VLABSWT01(config-if)#switchport mode access
VLABSWT01(config-if)#switchport access vlan 3
VLABSWT01(config-if)#exit
Now configure each client’s default gateway with the managed IP address of the VLAN on which the client PC resides.
Client 1:
Client 2:
Each client should be able to ping its default gateway:
And each client will be able to send ICMP packages to each other now:
If there is a client you wish not to be able to reach then simply remove its default gateway. If there is a VLAN you wish not to be able to reach then simply don’t create a managed IP address on that particular VLAN interface.
Here is the concept in picture form:
IT vlab 