What is VLAN1 Interface in Routers?

ciscoroutervlan

Yesterday I had a look at my router configuration, and I saw that my office's local LAN gateway's IP address is written on the router's VLAN1 interface.

What is a VLAN1 interface in a router?
Is it different from a switch's VLAN?
Why is it not configured on a gigabit interface?
Does it mean that all interfaces refer to VLAN1?
If yes, how can we assign each port to VLAN1?
How can we create VLANs?

Best Answer

Since you have not included the router model, I will assume it is a Cisco router, something like an ISR with a built-in switch module.

Some Cisco routers can have a built-in or optional, add-on switch modules. The interfaces for this module are switch interfaces, not router interfaces. You need to create VLAN interfaces to link the layer-2 switch to the layer-3 router.

You configure the switch interfaces the same way that you do for a layer-2 switch. They are switch interfaces, not router interfaces, so you cannot configure layer-3 on those interfaces. That is where the SVIs come in. You assign a VLAN to each switch interface, and create an SVI for each VLAN. The SVIs get configured with the layer-3 information for the VLAN. The layer-3 addresses configured on the SVIs will be the gateways for the VLANs.

The router will also have some router interfaces that get configured for layer-3. Routers will, by default, route everything between its layer-3 interfaces, including SVIs configured for layer-3.

Let's assume you have eight switch interfaces (GigabitEthernet0 - 7), and two router interfaces (GigabitEthernet8 - 9), like a Cisco 892 router. There are two connections to other routers, and there are four VLANs (two switch interfaces on each VLAN). The first eight interfaces are switch interfaces, and they are configured like a layer-2 switch. The last two interfaces are router interfaces, and they are configured with layer-3. The four VLAN interfaces are configured as layer-3 interfaces. Routing between the VLANs and the router interfaces will happen, as long as they are configured for layer-3, and there are no other configurations to block, e.g. ACLs. The gateways for the VLANs will be the addresses configured on the VLAN interfaces.

You could have something like this:

interface GigbitEthernet0
 description VLAN 1
 switchport access vlan 1
 switchport mode access
 no shutdown
!
interface GigbitEthernet1
 description VLAN 1
 switchport access vlan 1
 switchport mode access
 no shutdown
!
interface GigbitEthernet2
 description VLAN 2
 switchport access vlan 2
 switchport mode access
 no shutdown
!
interface GigbitEthernet3
 description VLAN 2
 switchport access vlan 2
 switchport mode access
 no shutdown
!
interface GigbitEthernet4
 description VLAN 3
 switchport access vlan 3
 switchport mode access
 no shutdown
!
interface GigbitEthernet5
 description VLAN 3
 switchport access vlan 3
 switchport mode access
 no shutdown
!
interface GigbitEthernet6
 description VLAN 4
 switchport access vlan 4
 switchport mode access
 no shutdown
!
interface GigbitEthernet7
 description VLAN 4
 switchport access vlan 4
 switchport mode access
 no shutdown
!
interface GigbitEthernet8
 description Link to Router 2
 ip address 10.2.0.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no shutdown
!
interface GigbitEthernet9
 description Link to Router 3
 ip address 10.3.0.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no shutdown
!
interface Vlan1
 description VLAN1
 ip address 192.168.1.0 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no shutdown
!
interface Vlan2
 description VLAN2
 ip address 192.168.2.0 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no shutdown
!
interface Vlan3
 description VLAN3
 ip address 192.168.3.0 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no shutdown
!
interface Vlan4
 description VLAN4
 ip address 192.168.4.0 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no shutdown
!

Related Solutions

Cisco SG-300 – Help with VLANs, ACLs, DHCP on Layer 3 Switch

You do not need the ip helper-address statement.

As I understand your requirement, you only want to allow printers on vl 2 to be accessed from vl 3. Nothing else on vl 2 can be accessed from vl 3.

ip access-list extended vlan3-in
 remark allow printers.  Repeat this line for each printer
 permit ip any host <printer address>
 remark alternatively, you can only allow the printer port on the VLAN, for ex.
 permit tcp any 192.168.2.0 0.0.0.255 eq 9100
 remark block the rest of vlan 2
 deny ip any 192.168.2.0 0.0.0.255
 remark permit Internet
 permit ip any any

interface vlan 3
service-acl input vlan3-in

If your AP can offer multiple SSIDs, then you can have one SSID for each VLAN. You tag the VLANs and set the switchport to trunk.

If your AP can't offer multiple SSIDs, then make the switch port an access port and don't tag the vlan.

Ethernet Interfaces – Understanding eth/in, eth/out, eth/local

Ethernet interfaces are named eth0, eth1, eth2, etc.

ethn/in and ethn/out, in firewall rules, identify respectively the ingress and egress point for a packet that travels through physical interface ethn.

If your LAN is on eth2 and your WAN on eth1, eth2/in receives packets from the LAN and eth2/out deals with packets destined to the LAN.

Best Answer

Related Solutions

Cisco SG-300 – Help with VLANs, ACLs, DHCP on Layer 3 Switch

Ethernet Interfaces – Understanding eth/in, eth/out, eth/local

Related Topic