There are three methods of permitting traffic to flow between VLANs:
- Configure a router and connect a single interface to a switch per VLAN configured.
- Configure a router to use IEEE 802.1Q and connect to a switch via a trunk.
- Configure (and possibly purchase) a Layer 3–capable switch.
Option 1 is really only practical for companies that are very small, don’t require a large number of ports, and don’t anticipate growing quickly. This option’s only opportunity for growth is by using an expensive router port (per VLAN). Options 2 and 3 are appropriate for the majority of networks deployed over the last 15 years or so.
Figure 1 shows why option 1 is not scalable.
Figure 1 One VLAN per interface.
This example assumes that four different VLANs on SW1 need to be connected together. Using this option, a new interface is required per device per VLAN, all of which need to communicate, so four different interfaces are linked from the Layer 2 switch (SW1) to the router (R1). If the company wants to add another VLAN sometime in the future, it will need a new interface to link the new VLAN from SW1 to R1. This network design is inherently wasteful because many VLANs don’t have a lot of traffic passing between devices. (That’s the point of having the VLAN in the first place.) The ineffective design of option 1 explains why option 2 started getting attention.
Option 2 is popular with companies that need to connect multiple VLANs, but can’t afford Layer 3 switching options. When implementing this design, an 802.1Q trunk is configured between a Layer 2 switch and a router that supports 802.1Q. This trunk allows all of the traffic from the configured VLANs to be transmitted and routed via a single routed interface. The router manages and routes all traffic from one VLAN to another via this single interface. This type of configuration is typically referred to as router on a stick (ROAS). Figure 2 shows a common representation of this configuration.
Figure 2 All VLANs over a single interface.
The third option for routing traffic between VLANs is to use a Layer 3 switch. This switch is capable of routing traffic from VLAN to VLAN internally, but it tends to be quite a bit more expensive than a Layer 2 switch. Older-model switches performed this routing via a separate routing blade that was inserted into the switch, but on modern switches this functionality is typically built into the switch. Cisco IOS switches handle this functionality via the use of a switch virtual interface (SVI). Figure 3 shows a visual representation of the SVIs inside a Layer 3 switch.
Figure 3 All VLANs internal to the Layer 3 switch.