Routage inter-VLAN Layer 3 : SVI, routed ports and bonnes pratiques
·2 min read·238 words
Routage inter-VLAN via SVI (Switch Virtual Interface) sur switch L3 : alternative moderne au 'router on a stick'. Performance wire-speed, configuration simple. Guide pratique config Cisco/Juniper/Aruba + dimensionnement + pièges.
SVI vs Router-on-a-stick
Router-on-a-stick (legacy)
- Switch L2 + router externe
- Trunk 802.1Q entre switch and router
- Sub-interfathese of router : 1 par VLAN
- Bottleneck : capacity lien unique
- Configuration plus complexe
SVI (moderne)
- Switch L3 integrated (Catalyst 9300, Aruba CX 6300, EX4300)
- Interface VLAN : 1 SVI par VLAN
- Routing hardware wire-speed
- Pas de bottleneck
- Config simple
Configuration Cisco
- ip routing : activer L3
- interface vlan 10
- ip address 192.168.10.1 255.255.255.0
- no shutdown
- interface Gi1/0/1
- switchport mode access
- switchport access vlan 10
Configuration Juniper EX
- set interfathese irb unit 10 family inet address 192.168.10.1/24
- set vlans DATA vlan-id 10 l3-interface irb.10
Configuration Aruba CX
- vlan 10 ; exit
- interface vlan 10 ; ip address 192.168.10.1/24
HSRP/VRRP sur SVI
For HA entre 2 switchs L3 :
- 2× switchs L3 distribution
- HSRP actif-standby or VRRP
- Priority : 110 primaire, 100 backup
- Preempt activé
ACL inter-VLAN
- ACL appliquée sur SVI input or output
- ip access-list extended BLOCK-DATA-TO-SERVERS
- deny ip 192.168.10.0 0.0.0.255 192.168.50.0 0.0.0.255
- permit ip any any
- interface vlan 10 ; ip access-group BLOCK-DATA-TO-SERVERS in
DHCP relay
Si serveur DHCP centralisé :
- interface vlan 10
- ip helper-address 10.0.0.50 (DHCP server IP)
Commander chez OPTINOC
Switchs L3 Cisco Catalyst 9300, Aruba CX 6300, Juniper EX4300. Config SVI + HSRP. Devis sous 48h.