Wednesday, July 14, 2010

Inter Vlan Routing Without Layer 3 Device

It is always said that if single vlan wants to communicate with another vlan, inter vlan routing is required. But in the depicted scenario, vlan 10 is able to communicate with vlan 20 without any layer 3 device. The logic behind the working is very simple and it is totally based on tagged and untagged concept. Access ports always tagged the incoming traffic with vlan configured on port and make untagged the outgoing traffic. The same is happening in the given scenario, when the traffic is being forwarded by PC-1 and Switch A access port receives the traffic, mark that traffic with vlan 10 and look forwards for the vlan 10 ports. After that Switch A another port which is part of vlan 10 receives the traffic and forward it towards Switch B. During forwarding Switch A port untagged that vlan and forwards the traffic without any vlan tag. Switch B port receives the incoming traffic and tagged it with vlan 20 and forwards the traffic towards PC-2. This way end to end communication takes place without the use of router or any layer 3 device. So we can say inter vlan routing without any layer 3 device.

People who read this post also read :


Anonymous said...


What happen if more than one vlan 20 traffic exit. Lets say in vlan 10, five systems and for vlan 20 five systems are there. How the traffic would be forwarded ?

Really sorry if it is a novice question ?

shivlu jain said...

no prob nothing is novice. Teh tarffic forwarding will remain the same. Because the logic will not going to be changed.

Anonymous said...

what is the ip subnet used in that case .

both pc are in the same subnet or in different subnet .

shivlu jain said...

both pc are in same subnet. but if it is in different subnet then it shpuld work. i have not checked it before.

Anonymous said...

it should not be work in different subnet .

can you show some debug output for the same concept of tagging and untagging .

apart from this what is logic behind if we have two vlan as per ur scenario in same switch . they are not communicating if both pc are in same subnet but in different vlan in same switch why ?

Anonymous said...

I got the ingress packets getting tagged with the vlan id configured on the accees port,may be it 10 or 20 as you have shown.If the packets need to come as untagged out of tat switch,is that a special configuration or a property of the switch...?

shivlu jain said...

its property of access port.

Anonymous said...

What will happen if we have two different vlans on switch B? lets say vlan 20 & vlan 30.

Another scenerio will be when we have trunk in-between instead of access port.

shivlu jain said...

Yes in that case we need a trunk port between the switches and a router is also required.

Anonymous said...

Thanks for replying..

But can you please explain more..
As you said access port only consider the incoming vlan tag and just forwards it out of access port without a tag.

what i believe is broadcast address in the packet which makes it transvers over that particular port.

Anonymous said...

it's not a routing.. it is switching.. rather stupid switching..

this post is a joke? :))

Anonymous said...

Hey, the cocept Shivulu jain explained is actually wrong.

How can we connect vlan 10 access port to a vlan 20 access port...??
r u kidding?

KD Mittal said...

This scenario can work only if we have both the PCs in the same subnet

This will not work if the two PCs are in deiiferent IP subnet range. let me try to explain this using an example:

Let's say PC1 has an IP address and PC2 has an ip address Now, let's assume that PC1 tries to communicate to PC2. When PC1 generates a packet destined for and reaches the layer 3 of the IP stack in PC1, PC1 will check the route for There will be no route for on PC1, however PC1 might or might not have a default gateway set.

I doubt if there would be any default gateway set because we are not using any L3 device, so PC1 would not have a specific route for neither it would have any default gateway, thus the packet woulde be dropped and would never leave PC1.

However, if PC1 has some default gateway set, then it must have the MAC address of the default gateway. Now, the packet will be processed and before handing this packet/frame to the switch it will set the destination MAC address to the Default Gateway's MAC, which would again be a machine in the same subnet and will not have any knowledge about, hence packet would not be able to reach

Anonymous said...


in this case, it will work if both r native vlans only. it will reach at destination, but there will be vlan mismatch error message.

Narendra Prasad said...

i will work only if both the VLANs have same IP subnet and that is not usually used inside the network.