Inter-VLAN Routing — Layer 3 Switch (SVI)

Router-on-a-Stick works well for small networks and labs, but all inter-VLAN traffic must pass through a single physical link — creating a bottleneck as traffic grows. A Layer 3 switch (also called a multilayer switch) eliminates this limitation by performing routing entirely in hardware, at wire speed, without a dedicated router. It does this using SVIs (Switch Virtual Interfaces) — one per VLAN — each serving as the default gateway for that VLAN's devices. This is the standard inter-VLAN routing method in enterprise networks.

Before starting, complete VLAN Creation and Management and Assigning VLANs to Switch Ports. Understanding Trunk Port Configuration is also helpful if your topology includes a second switch or an uplink router.

1. How Layer 3 Switch Inter-VLAN Routing Works

A standard Layer 2 switch only forwards frames based on MAC addresses — it has no concept of IP routing. A Layer 3 (multilayer) switch adds hardware-based IP routing capability. When ip routing is enabled, the switch can route packets between SVIs just as a router routes between interfaces — but entirely in hardware without any external device. For a conceptual overview see Inter-VLAN Routing and VLANs.

Component	Role in SVI Routing
SVI (`interface vlan [id]`)	A logical Layer 3 interface associated with a VLAN. Assigned an IP address that serves as the default gateway for all devices in that VLAN.
`ip routing`	Global command that enables Layer 3 routing on the switch. Without it, SVIs have IP addresses but the switch will not route between them.
Access ports	Physical ports assigned to each VLAN — connects end devices. No change from a Layer 2 switch.
Default gateway (PC)	Each PC points its default gateway to the SVI IP address for its VLAN.

Traffic Flow — VLAN 10 to VLAN 20 on a Layer 3 Switch

Step	What Happens
1	PC1 (VLAN 10) sends a packet destined for PC2 (VLAN 20) to its default gateway: the VLAN 10 SVI IP (`192.168.10.1`)
2	The switch receives the frame on PC1's access port and recognises it as destined for the Layer 3 SVI — not a Layer 2 forwarding decision
3	The switch's routing engine looks up the destination IP in the routing table and finds `192.168.20.0/24` is directly connected via the VLAN 20 SVI
4	The switch routes the packet internally to the VLAN 20 SVI and forwards it out the access port where PC2 is connected — all within the same device

SVI vs Router-on-a-Stick — Full Comparison

Feature	Router-on-a-Stick	Layer 3 Switch (SVI)
Routing location	External router via trunk link	Internal to the switch — hardware routing engine
Performance	Limited by single trunk link bandwidth	Wire-speed routing — no external bottleneck
Devices required	Router + Layer 2 switch (two devices)	One multilayer switch
Cost	Lower — reuses existing router	Higher — multilayer switch required
Scalability	Poor — all VLANs share one link	Excellent — internal backplane handles all VLANs
Configuration complexity	Moderate — subinterfaces + trunk	Simple — SVIs + `ip routing`
Best for	Small networks, CCNA labs	Enterprise networks, any production environment

2. Lab Topology & IP Addressing

In this lab, NetsTuts_SW1 is a Cisco Catalyst multilayer switch (e.g., 3560, 3650, or 3850). It handles both Layer 2 switching and Layer 3 routing for all three VLANs — no external router needed.

                    ┌──────────────────────────────────┐
                    │         NetsTuts_SW1             │
                    │      (Layer 3 / Multilayer)      │
                    │                                  │
                    │  SVI Vlan10 ── 192.168.10.1/24   │
                    │  SVI Vlan20 ── 192.168.20.1/24   │
                    │  SVI Vlan30 ── 192.168.30.1/24   │
                    │                                  │
                    │  Fa0/1 (VLAN 10) ─── PC1         │
                    │  Fa0/2 (VLAN 20) ─── PC2         │
                    │  Fa0/3 (VLAN 30) ─── PC3         │
                    └──────────────────────────────────┘

  PC1: 192.168.10.10/24  GW: 192.168.10.1
  PC2: 192.168.20.10/24  GW: 192.168.20.1
  PC3: 192.168.30.10/24  GW: 192.168.30.1

Interface	Type	IP Address	VLAN	Role
`Vlan10` (SVI)	Logical	192.168.10.1 /24	10	Default gateway for VLAN 10 (SALES)
`Vlan20` (SVI)	Logical	192.168.20.1 /24	20	Default gateway for VLAN 20 (HR)
`Vlan30` (SVI)	Logical	192.168.30.1 /24	30	Default gateway for VLAN 30 (IT)
`Fa0/1`	Physical (access)	N/A	10	PC1 connection
`Fa0/2`	Physical (access)	N/A	20	PC2 connection
`Fa0/3`	Physical (access)	N/A	30	PC3 connection

3. Step 1 — Create VLANs and Assign Access Ports

VLANs must exist in the VLAN database before SVIs can be brought up. An SVI for a VLAN that does not exist remains in a down state. Access ports must also be assigned so PCs have a path to their VLAN.

NetsTuts_SW1>en
NetsTuts_SW1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.

! ── Create and name VLANs ─────────────────────────────────
NetsTuts_SW1(config)#vlan 10
NetsTuts_SW1(config-vlan)#name SALES
NetsTuts_SW1(config-vlan)#vlan 20
NetsTuts_SW1(config-vlan)#name HR
NetsTuts_SW1(config-vlan)#vlan 30
NetsTuts_SW1(config-vlan)#name IT
NetsTuts_SW1(config-vlan)#exit

! ── Assign access ports ───────────────────────────────────
NetsTuts_SW1(config)#interface FastEthernet0/1
NetsTuts_SW1(config-if)#description PC1-VLAN10-SALES
NetsTuts_SW1(config-if)#switchport mode access
NetsTuts_SW1(config-if)#switchport access vlan 10
NetsTuts_SW1(config-if)#exit

NetsTuts_SW1(config)#interface FastEthernet0/2
NetsTuts_SW1(config-if)#description PC2-VLAN20-HR
NetsTuts_SW1(config-if)#switchport mode access
NetsTuts_SW1(config-if)#switchport access vlan 20
NetsTuts_SW1(config-if)#exit

NetsTuts_SW1(config)#interface FastEthernet0/3
NetsTuts_SW1(config-if)#description PC3-VLAN30-IT
NetsTuts_SW1(config-if)#switchport mode access
NetsTuts_SW1(config-if)#switchport access vlan 30
NetsTuts_SW1(config-if)#exit

VLANs 10, 20, and 30 created and named. Access ports assigned with descriptions. See VLAN Creation Lab and Assigning VLANs to Switch Ports for detailed explanations.

4. Step 2 — Enable IP Routing

This is the single most critical command for Layer 3 switch inter-VLAN routing. Without it, the switch has SVIs with IP addresses but behaves purely as a Layer 2 device — it will not route packets between VLANs.

NetsTuts_SW1(config)#ip routing

One command enables the full Layer 3 routing engine on the switch. This global command applies across all SVIs immediately.

Most common mistake in this lab: Configuring SVIs with correct IP addresses and connecting PCs with correct default gateways — but forgetting ip routing. The result is that pings to the SVI IP succeed (the switch responds to its own IP) but cross-VLAN pings fail entirely (the switch does not forward the packet to the other VLAN). Always verify with show ip routing or show running-config | include ip routing.

5. Step 3 — Create and Configure SVIs

Create one SVI per VLAN using interface vlan [id]. Assign the default gateway IP address for that VLAN's subnet and bring the SVI up with no shutdown. SVIs are administratively down by default.

! ── SVI for VLAN 10 (SALES) ──────────────────────────────
NetsTuts_SW1(config)#interface vlan 10
NetsTuts_SW1(config-if)#description SVI-Gateway-VLAN10-SALES
NetsTuts_SW1(config-if)#ip address 192.168.10.1 255.255.255.0
NetsTuts_SW1(config-if)#no shutdown
NetsTuts_SW1(config-if)#exit

! ── SVI for VLAN 20 (HR) ─────────────────────────────────
NetsTuts_SW1(config)#interface vlan 20
NetsTuts_SW1(config-if)#description SVI-Gateway-VLAN20-HR
NetsTuts_SW1(config-if)#ip address 192.168.20.1 255.255.255.0
NetsTuts_SW1(config-if)#no shutdown
NetsTuts_SW1(config-if)#exit

! ── SVI for VLAN 30 (IT) ─────────────────────────────────
NetsTuts_SW1(config)#interface vlan 30
NetsTuts_SW1(config-if)#description SVI-Gateway-VLAN30-IT
NetsTuts_SW1(config-if)#ip address 192.168.30.1 255.255.255.0
NetsTuts_SW1(config-if)#no shutdown
NetsTuts_SW1(config-if)#exit

NetsTuts_SW1(config)#end
NetsTuts_SW1#wr
Building configuration...
[OK]
NetsTuts_SW1#

Three SVIs configured — each serves as the default gateway for its VLAN. no shutdown is required on each SVI individually.

SVI Command Breakdown

Command	What It Does	Why It Matters
`interface vlan 10`	Creates or enters the SVI for VLAN 10	The SVI is the Layer 3 logical interface for this VLAN — it represents the VLAN on the routing engine
`description SVI-Gateway-VLAN10-SALES`	Labels the SVI for documentation	Makes each SVI's purpose immediately clear — essential in production with many VLANs
`ip address 192.168.10.1 255.255.255.0`	Assigns the gateway IP for the VLAN 10 subnet	All PCs in VLAN 10 use this IP as their default gateway — must match the PC network configuration
`no shutdown`	Brings the SVI up administratively	SVIs are down by default — must be explicitly enabled. The SVI also requires at least one active access port in the VLAN to reach "up/up" state.

SVI up/up requirements: For an SVI to reach the fully operational "up/up" state, three things must be true:

no shutdown has been entered on the SVI
The VLAN exists in the VLAN database (show vlan brief)
At least one access port assigned to that VLAN is physically connected and up

If an SVI shows "up/down", the VLAN likely has no active ports. If it shows "down/down", no shutdown was not entered. Verify with show ip interface brief.

6. Complete Layer 3 Switch Configuration

! ══════════════════════════════════════════════════════════
! NetsTuts Layer 3 SVI Routing Baseline — NetsTuts_SW1
! ══════════════════════════════════════════════════════════

NetsTuts_SW1>en
NetsTuts_SW1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.

! ── Enable IP routing ─────────────────────────────────────
NetsTuts_SW1(config)#ip routing

! ── Create and name VLANs ─────────────────────────────────
NetsTuts_SW1(config)#vlan 10
NetsTuts_SW1(config-vlan)#name SALES
NetsTuts_SW1(config-vlan)#vlan 20
NetsTuts_SW1(config-vlan)#name HR
NetsTuts_SW1(config-vlan)#vlan 30
NetsTuts_SW1(config-vlan)#name IT
NetsTuts_SW1(config-vlan)#exit

! ── Access port assignments ───────────────────────────────
NetsTuts_SW1(config)#interface FastEthernet0/1
NetsTuts_SW1(config-if)#description PC1-VLAN10-SALES
NetsTuts_SW1(config-if)#switchport mode access
NetsTuts_SW1(config-if)#switchport access vlan 10
NetsTuts_SW1(config-if)#exit

NetsTuts_SW1(config)#interface FastEthernet0/2
NetsTuts_SW1(config-if)#description PC2-VLAN20-HR
NetsTuts_SW1(config-if)#switchport mode access
NetsTuts_SW1(config-if)#switchport access vlan 20
NetsTuts_SW1(config-if)#exit

NetsTuts_SW1(config)#interface FastEthernet0/3
NetsTuts_SW1(config-if)#description PC3-VLAN30-IT
NetsTuts_SW1(config-if)#switchport mode access
NetsTuts_SW1(config-if)#switchport access vlan 30
NetsTuts_SW1(config-if)#exit

! ── SVIs (default gateways per VLAN) ─────────────────────
NetsTuts_SW1(config)#interface vlan 10
NetsTuts_SW1(config-if)#description SVI-Gateway-VLAN10-SALES
NetsTuts_SW1(config-if)#ip address 192.168.10.1 255.255.255.0
NetsTuts_SW1(config-if)#no shutdown
NetsTuts_SW1(config-if)#exit

NetsTuts_SW1(config)#interface vlan 20
NetsTuts_SW1(config-if)#description SVI-Gateway-VLAN20-HR
NetsTuts_SW1(config-if)#ip address 192.168.20.1 255.255.255.0
NetsTuts_SW1(config-if)#no shutdown
NetsTuts_SW1(config-if)#exit

NetsTuts_SW1(config)#interface vlan 30
NetsTuts_SW1(config-if)#description SVI-Gateway-VLAN30-IT
NetsTuts_SW1(config-if)#ip address 192.168.30.1 255.255.255.0
NetsTuts_SW1(config-if)#no shutdown
NetsTuts_SW1(config-if)#exit

NetsTuts_SW1(config)#end
NetsTuts_SW1#wr
Building configuration...
[OK]
NetsTuts_SW1#

7. Bonus: Routed Port — Connecting to an Upstream Router

In many enterprise designs, the Layer 3 switch also needs to forward traffic to an upstream router for internet or WAN access. Rather than using a trunk link with a subinterface, you can convert a physical switch port into a routed port — a Layer 3 port with an IP address, behaving exactly like a router interface.

Use the no switchport command to convert a switchport to a routed port:

! ── Convert Gi0/1 to a routed port (uplink to router) ────
NetsTuts_SW1(config)#interface GigabitEthernet0/1
NetsTuts_SW1(config-if)#description Uplink-to-Router
NetsTuts_SW1(config-if)#no switchport
NetsTuts_SW1(config-if)#ip address 10.0.0.2 255.255.255.252
NetsTuts_SW1(config-if)#no shutdown
NetsTuts_SW1(config-if)#exit

! ── Default route pointing to the router ─────────────────
NetsTuts_SW1(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.1
NetsTuts_SW1(config)#end
NetsTuts_SW1#wr
Building configuration...
[OK]
NetsTuts_SW1#

no switchport removes all Layer 2 switching capability from the port and converts it to a Layer 3 routed port. A static default route points all internet-bound traffic to the upstream router at 10.0.0.1. See Static Route Configuration and show ip route for details.

Feature	SVI	Routed Port
Associated with	A VLAN — logical interface	A specific physical port — no VLAN
Use case	Inter-VLAN routing gateway for end devices	Point-to-point uplink to a router or another Layer 3 device
Command to create	`interface vlan [id]`	`no switchport` on a physical interface
IP address assigned?	✅ Yes	✅ Yes

8. Verification

show ip interface brief

Confirms all SVIs are up/up with correct IP addresses:

NetsTuts_SW1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
Vlan10                 192.168.10.1    YES manual up                    up
Vlan20                 192.168.20.1    YES manual up                    up
Vlan30                 192.168.30.1    YES manual up                    up
FastEthernet0/1        unassigned      YES unset  up                    up
FastEthernet0/2        unassigned      YES unset  up                    up
FastEthernet0/3        unassigned      YES unset  up                    up

All three SVIs show "up/up" — routing is active and PCs have reachable gateways. Physical ports show "unassigned" — correct, they are Layer 2 access ports.

show ip route

Confirms connected routes for all VLAN subnets — no static routes needed for local VLANs:

NetsTuts_SW1#show ip route
Codes: C - connected, S - static, L - local

      192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.10.0/24 is directly connected, Vlan10
L        192.168.10.1/32 is directly connected, Vlan10
      192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.20.0/24 is directly connected, Vlan20
L        192.168.20.1/32 is directly connected, Vlan20
      192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.30.0/24 is directly connected, Vlan30
L        192.168.30.1/32 is directly connected, Vlan30

Three connected (C) routes — one per VLAN subnet. The switch knows all three networks and routes between them automatically. If ip routing was not entered, this output would be empty.

show interfaces vlan 10

NetsTuts_SW1#show interfaces vlan 10
Vlan10 is up, line protocol is up
  Hardware is EtherSVI, address is 0012.3456.7890
  Description: SVI-Gateway-VLAN10-SALES
  Internet address is 192.168.10.1/24
  MTU 1500 bytes, BW 1000000 Kbit/sec

Verify ip routing is enabled

NetsTuts_SW1#show running-config | include ip routing
ip routing

If this returns no output, ip routing is not configured. Enter global configuration mode and add it immediately.

Cross-VLAN Ping Test

NetsTuts_SW1#ping 192.168.10.10 source vlan 20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

Pinging from VLAN 20's perspective to a VLAN 10 host — confirms inter-VLAN routing is working. The source vlan 20 option simulates traffic originating from VLAN 20's SVI.

Verification Summary

Command	What It Confirms
`show ip interface brief`	All SVIs are up/up with correct IP addresses
`show ip route`	Connected routes exist for all VLAN subnets — routing table populated
`show interfaces vlan [id]`	Individual SVI status, IP, description, and MTU
`show running-config \| include ip routing`	Confirms `ip routing` is enabled globally
`show vlan brief`	Confirms VLANs exist and access ports are assigned
`ping [IP] source vlan [id]`	Simulates cross-VLAN traffic from a specific VLAN's perspective

9. Troubleshooting Layer 3 Switch Inter-VLAN Routing

Problem	Symptom	Cause	Fix
Cross-VLAN pings fail — SVI ping succeeds	PC can ping its own gateway (SVI IP) but not hosts in other VLANs	`ip routing` not enabled on the switch	Enter global config and run `ip routing`. Verify with `show running-config \| include ip routing`
SVI stays down/down	`show ip interface brief` shows Vlan10 down/down	`no shutdown` not entered on the SVI	Enter `interface vlan 10` and run `no shutdown`
SVI shows up/down	`show ip interface brief` shows Vlan10 up/down	VLAN 10 has no active access ports — either no ports assigned, or all assigned ports are disconnected	Check `show vlan brief` — verify at least one port is assigned to VLAN 10 and the cable is connected
SVI does not appear	VLAN SVI not shown in `show ip interface brief`	VLAN does not exist in the VLAN database — SVI for a non-existent VLAN is not created	Create the VLAN first: `vlan 10` in global config. See VLAN Creation Lab
PC cannot reach gateway	Ping to SVI IP fails from PC	PC's default gateway set to wrong IP, or PC is in wrong VLAN	Verify PC IP config matches the topology — correct gateway for its VLAN. Check `show vlan brief` to confirm port VLAN assignment
No routes in routing table	`show ip route` shows no connected routes	`ip routing` not enabled, or all SVIs are down	Enable `ip routing` and bring all SVIs up with `no shutdown`

Key Points & Exam Tips

ip routing is the single most critical command for Layer 3 switch inter-VLAN routing. Without it, the switch will not route between SVIs — even if all SVIs are up/up with correct IPs.
An SVI (interface vlan [id]) is a logical Layer 3 interface associated with a VLAN. It has an IP address and serves as the default gateway for devices in that VLAN.
For an SVI to reach "up/up": (1) no shutdown must be entered, (2) the VLAN must exist in the database, and (3) at least one active access port must be assigned to that VLAN.
SVIs are administratively down by default — always enter no shutdown on each one.
The VLAN must exist in the VLAN database before its SVI can become active. Creating the SVI does not automatically create the VLAN.
Each PC's default gateway must be set to the SVI IP address for its VLAN — the most common misconfiguration in this lab. Ensure the PC's IP address and subnet mask match the VLAN's configured subnet.
show ip route confirms routing is working — connected routes (C) appear automatically for each SVI subnet once ip routing is enabled and SVIs are up.
A routed port (no switchport on a physical interface) is used for point-to-point uplinks to a router — it has an IP address but is not associated with any VLAN.
Layer 3 switch SVI routing is faster and more scalable than Router-on-a-Stick because routing is done in hardware — no external bottleneck.
On the CCNA exam, know both SVI routing and Router-on-a-Stick — understand when each is used and be able to identify missing commands (ip routing, no shutdown on SVI) from a broken configuration.

Next Steps: With inter-VLAN routing in place, continue to Spanning Tree Protocol — Root Bridge Election to understand how the switch prevents Layer 2 loops across your VLAN topology. For routing traffic beyond the local network, see Static Route Configuration or OSPF Single-Area Configuration. For providing IP addresses to hosts on each VLAN, see DHCP Server Configuration. For controlling inter-VLAN traffic, see ACL Overview.

TEST WHAT YOU LEARNED

1. All SVIs on NetsTuts_SW1 are configured with correct IPs and show "up/up". PC1 (VLAN 10) can ping the VLAN 10 SVI (192.168.10.1) but cannot ping PC2 (VLAN 20). What is the most likely cause?

A. The SVI for VLAN 20 is missing an IP address B. ip routing is not enabled — the switch has Layer 3 interfaces but is not routing between them C. The VLAN 20 SVI needs a no shutdown command D. PC2's access port is in the wrong VLAN

Correct answer is B. The fact that PC1 can reach the VLAN 10 SVI confirms the SVI is up and the access port is correct. The fact that cross-VLAN pings fail — despite both SVIs being up/up — is the classic symptom of missing ip routing. Without it, the switch processes SVI traffic but does not route packets between different VLAN subnets.

2. `show ip interface brief` shows `Vlan10 up/down`. `no shutdown` was entered on the SVI. What is the most likely remaining cause?

A. ip routing is not enabled B. The IP address on the SVI is incorrect C. No active access port is assigned to VLAN 10 — the SVI requires at least one up/up physical port in the VLAN D. The VLAN 10 SVI was created before the VLAN itself

Correct answer is C. "up/down" means the SVI is administratively up (no shutdown was entered) but the line protocol is down. For an SVI's line protocol to come up, at least one physical port assigned to that VLAN must be connected and active. Check show vlan brief to verify port assignments and confirm a cable is plugged in.

3. An engineer creates `interface vlan 40` and assigns it an IP, but VLAN 40 was never created in the VLAN database. What will `show ip interface brief` show for Vlan40?

A. up/up — the SVI automatically creates the VLAN B. up/down — the SVI is up but has no ports C. The SVI does not appear at all in the output D. down/down — the SVI cannot become active because the underlying VLAN does not exist

Correct answer is D. An SVI requires the VLAN to exist in the VLAN database to operate. If VLAN 40 was never created with the vlan 40 command, the SVI remains down/down even with no shutdown and a valid IP address. Always create the VLAN first, then configure its SVI.

4. What is the difference between an SVI and a routed port on a Layer 3 switch?

A. An SVI is a logical interface associated with a VLAN used for gateway routing. A routed port is a physical port converted to Layer 3 with no switchport, used for point-to-point uplinks — it has no VLAN association. B. A routed port is faster than an SVI because it uses hardware forwarding C. SVIs can only be used for management — routed ports handle all inter-VLAN traffic D. They are functionally identical — the terms are interchangeable

Correct answer is A. An SVI (interface vlan [id]) is a logical interface tied to a specific VLAN — it provides the Layer 3 gateway for all devices in that VLAN. A routed port (no switchport on a physical port) is a physical interface with Layer 3 capability, behaving like a router interface — used for uplinks between network devices, not for end-device connectivity.

5. `show ip route` on NetsTuts_SW1 shows no connected routes for any VLAN subnet. All SVIs are up/up. What is the cause?

A. The VLANs are not created in the VLAN database B. The SVI IP addresses are incorrect C. ip routing is not enabled — the switch does not populate a routing table without it D. The switch needs to be reloaded after SVI configuration

Correct answer is C. show ip route displays the Layer 3 routing table. Without ip routing enabled, the switch does not maintain a routing table and this command returns nothing (or just the default route). The routing table — including connected routes — is only populated after ip routing is enabled.

6. Why is Layer 3 switch SVI routing considered superior to Router-on-a-Stick for enterprise networks?

A. Layer 3 switches support more VLANs than a router B. Routing is performed in hardware at wire speed inside the switch — eliminating the single physical trunk link bottleneck that limits Router-on-a-Stick throughput C. Layer 3 switches do not require VLANs to route between subnets D. Router-on-a-Stick requires a separate license on Cisco routers

Correct answer is B. In Router-on-a-Stick, all inter-VLAN traffic must physically travel up the trunk to the router and back — the single link becomes a bottleneck as traffic scales. On a Layer 3 switch, routing is done by a hardware ASIC inside the switch backplane at wire speed. No traffic leaves the switch for inter-VLAN routing — it is far more efficient and scalable.

7. Which command converts a Layer 3 switch port from a Layer 2 switchport to a Layer 3 routed port capable of having an IP address?

A. switchport mode routed B. ip routing interface C. no switchport access D. no switchport

Correct answer is D. no switchport entered under a physical interface on a multilayer switch removes all Layer 2 switching functionality from that port and converts it into a Layer 3 routed port. After this, you can assign an IP address directly to the physical interface just like a router interface.

8. A network engineer adds a new VLAN 50 to NetsTuts_SW1 but forgets to create the corresponding SVI. Devices in VLAN 50 are assigned a default gateway of 192.168.50.1. What will happen?

A. Devices in VLAN 50 can communicate within VLAN 50 at Layer 2, but cannot route to other VLANs — the gateway 192.168.50.1 does not exist on the switch B. The switch automatically creates a default SVI for every VLAN in the database C. Devices cannot communicate at all — Layer 2 also requires an SVI D. ip routing will detect the missing SVI and disable itself

Correct answer is A. VLANs operate at Layer 2 independently of SVIs — devices in VLAN 50 can switch frames to each other without any SVI. However, without the interface vlan 50 SVI configured with 192.168.50.1, that gateway IP does not exist on the switch. Any traffic destined outside VLAN 50 will be sent to the non-existent gateway and dropped.

9. Which single command verifies whether `ip routing` is currently enabled on a Layer 3 switch?

A. show interfaces vlan B. show ip interface brief C. show running-config | include ip routing D. show vlan brief

Correct answer is C. show running-config | include ip routing filters the running configuration to show only lines containing "ip routing". If the command is enabled, the output shows ip routing. If the output is empty, the command is not in the configuration. This is the quickest targeted verification for this specific setting.

10. NetsTuts_SW1 is a Layer 3 switch performing inter-VLAN routing. An upstream router at 10.0.0.1 provides internet access. Which configuration on the switch allows VLAN devices to reach the internet?

A. Add ip routing — no other configuration is needed B. Convert the uplink port to a routed port with no switchport, assign it an IP in the same subnet as the router, and add a default route: ip route 0.0.0.0 0.0.0.0 10.0.0.1 C. Configure the uplink port as a trunk and add subinterfaces on the router D. SVIs automatically forward unknown traffic to the default gateway — no additional configuration needed

Correct answer is B. To reach external networks, the Layer 3 switch needs a path to the upstream router. The correct approach is: (1) use no switchport on the uplink interface to make it a routed port, (2) assign it an IP in the same /30 subnet as the router's interface, and (3) add a default static route (ip route 0.0.0.0 0.0.0.0 10.0.0.1) so all non-local traffic is sent to the router.

Back to Home