JT
JT Exams
Log inStart Free Trial
NetworkingCCNA

CCNA Inter-VLAN Routing: Router-on-a-Stick vs Layer 3 Switch SVIs

VLANs separate broadcast domains, but they also isolate devices in different VLANs from each other. Inter-VLAN routing is the mechanism that allows traffic to flow between VLANs. The CCNA 200-301 exam tests three approaches: legacy inter-VLAN routing (one physical router interface per VLAN), router-on-a-stick (sub-interfaces on one trunk port), and Layer 3 switch SVIs (routing on the switch itself). Each has specific configuration requirements and trade-offs.

8 min
4 sections · 5 exam key points
5 practice questions

Why inter-VLAN routing is needed

A VLAN boundary acts exactly like a router interface boundary — traffic cannot cross from one VLAN to another without passing through a Layer 3 device. A PC in VLAN 10 (192.168.10.0/24) cannot reach a server in VLAN 20 (192.168.20.0/24) by switching alone, just as a device in 192.168.10.0/24 cannot reach 192.168.20.0/24 without routing.

The options for providing inter-VLAN routing: connect a physical router to the switch, use router-on-a-stick sub-interfaces, or configure Switched Virtual Interfaces (SVIs) on a Layer 3 switch. Each option moves IP routing into the path between VLANs.

Router-on-a-stick (ROAS)

Router-on-a-stick uses a single physical link between a router and a switch, configured as a trunk, with logical sub-interfaces on the router — one per VLAN. Each sub-interface gets an IP address that becomes the default gateway for that VLAN.

Configuration on the router: create sub-interfaces on the physical interface (e.g., `interface GigabitEthernet0/0.10`), set the encapsulation to 802.1Q with the VLAN ID (`encapsulation dot1q 10`), and assign an IP address. The physical interface must be `no shutdown` and have no IP address itself — the sub-interfaces carry all traffic.

On the switch: configure the port connecting to the router as a trunk (`switchport mode trunk`). Traffic from each VLAN arrives tagged at the router, the sub-interface strips the tag and routes the packet, then re-tags it with the destination VLAN tag before sending back to the switch.

The limitation of ROAS: all inter-VLAN traffic passes through a single physical link, which becomes a bottleneck. For small networks this is fine; large networks need Layer 3 switching.

Layer 3 switch SVIs

A Switched Virtual Interface (SVI) is a virtual Layer 3 interface on a Layer 3 switch, associated with a VLAN. You create an SVI with `interface vlan <id>` and assign it an IP address — this IP becomes the default gateway for devices in that VLAN.

When a frame arrives at a Layer 3 switch from VLAN 10 destined for VLAN 20, the switch routes it internally between the two SVIs without sending traffic out any physical interface. This happens in hardware at wire speed — much faster than routing through an external router.

For SVIs to route traffic, the Layer 3 switch needs `ip routing` enabled globally. Without this command, the SVIs can have IP addresses for management purposes but cannot route between VLANs.

The SVI approach is the preferred method for large campus networks. The distribution layer Layer 3 switches handle all inter-VLAN routing for the access layer switches connected to them, keeping inter-VLAN traffic off the uplinks to the core.

Legacy inter-VLAN routing

The oldest approach: one physical router interface per VLAN, each interface in the same subnet as the VLAN it serves. A router with 4 VLANs needs 4 physical interfaces — one for each VLAN's subnet. This is wasteful of router interfaces and physical cabling.

Legacy inter-VLAN routing is rarely used today and is only tested conceptually on CCNA. It's useful to understand because it shows why router-on-a-stick was developed as an improvement (single physical link, logical sub-interfaces per VLAN).

Inter-VLAN routing methods

MethodHardware neededPhysical linksPerformanceBest for
Legacy (1 int/VLAN)Router with multiple interfacesOne per VLANLimited by interface countHistorical, rarely used
Router-on-a-stickRouter + trunk portOne trunk linkBottleneck on trunk linkSmall networks, labs
Layer 3 SVILayer 3 switchNone (internal)Wire-speed hardware routingEnterprise, large campus

Key exam facts — CCNA

  • ROAS: sub-interfaces on router, `encapsulation dot1q <vlan-id>`, switch port as trunk
  • Layer 3 SVI: `interface vlan <id>` + IP address + `ip routing` globally
  • SVIs route internally in hardware — no external physical link needed for inter-VLAN traffic
  • ROAS limitation: all inter-VLAN traffic shares one physical trunk link
  • Default gateway for VLAN 10 hosts = IP of the SVI or ROAS sub-interface for VLAN 10

Common exam traps

Router-on-a-stick requires one router interface per VLAN

ROAS uses one physical interface with multiple logical sub-interfaces (one per VLAN). Each sub-interface has an 802.1Q encapsulation and IP address. This is the point of ROAS — reuse one physical port for all VLANs.

Any switch can route between VLANs using SVIs

Only Layer 3 switches can route between VLANs using SVIs. A Layer 2 switch can have a management SVI (for SSH/Telnet access) but cannot route between VLANs — it lacks the IP routing capability.

`interface vlan` on a Layer 3 switch automatically enables routing

You must also run `ip routing` globally on the Layer 3 switch. Without `ip routing`, the SVIs have IP addresses but the switch won't route packets between them.

Practice questions — Inter-VLAN Routing

These questions are representative of what you will see on CCNA exams. The correct answer and explanation are shown immediately below each question.

Q1.A router has a single interface connected to a switch trunk port. Sub-interfaces G0/0.10 and G0/0.20 serve VLAN 10 and VLAN 20. Which command on G0/0.10 specifies that it carries VLAN 10 traffic?

A.switchport access vlan 10
B.encapsulation dot1q 10
C.ip vlan 10
D.vlan 10 native

Explanation: On a router sub-interface, `encapsulation dot1q <vlan-id>` configures 802.1Q tagging for the specified VLAN. This tells the router to associate tagged frames with VLAN 10 with this sub-interface.

Q2.What command must be enabled globally on a Layer 3 switch before SVIs can route traffic between VLANs?

A.vlan routing
B.ip routing
C.no switchport
D.interface vlan enable

Explanation: The `ip routing` command enables Layer 3 routing on a Cisco Layer 3 switch. Without it, SVI interfaces have IP addresses but the switch does not route packets between VLANs.

Q3.Which inter-VLAN routing method uses a single physical link between a router and a switch?

A.Legacy inter-VLAN routing
B.Layer 3 SVI routing
C.Router-on-a-stick
D.OSPF inter-VLAN

Explanation: Router-on-a-stick uses one physical trunk link between the router and switch, with logical sub-interfaces on the router — one per VLAN. Legacy routing requires one physical interface per VLAN.

Q4.A PC in VLAN 30 needs to reach a server in VLAN 40 on a Layer 3 switch. SVIs exist for both VLANs with IPs 192.168.30.1 and 192.168.40.1. What must the PC use as its default gateway?

A.192.168.40.1
B.192.168.30.1
C.The IP of the upstream router
D.No gateway is needed

Explanation: The PC in VLAN 30 must use the SVI IP for VLAN 30 (192.168.30.1) as its default gateway. Traffic sent to the gateway is received by the VLAN 30 SVI, which the Layer 3 switch then routes to VLAN 40 via the 192.168.40.1 SVI.

Q5.Which statement correctly identifies a limitation of router-on-a-stick inter-VLAN routing?

A.It requires a Layer 3 switch
B.It cannot support more than two VLANs
C.All inter-VLAN traffic shares one physical trunk link, creating a potential bottleneck
D.It does not support 802.1Q tagging

Explanation: With ROAS, all inter-VLAN traffic must traverse the single physical trunk link between the router and switch. This link becomes a bottleneck as the number of VLANs and traffic volume grows.

Frequently asked questions — Inter-VLAN Routing

What is router-on-a-stick and when would you use it?

Router-on-a-stick is a method where a single router physical interface connects to a switch trunk port and uses logical sub-interfaces (one per VLAN) for inter-VLAN routing. It's used in small networks or labs where a separate Layer 3 switch isn't available. The limitation is that all inter-VLAN traffic shares the single trunk link.

What is an SVI and how does it enable inter-VLAN routing?

A Switched Virtual Interface (SVI) is a logical Layer 3 interface on a VLAN, created with `interface vlan <id>`. When a Layer 3 switch has SVIs for multiple VLANs and `ip routing` is enabled, it routes packets between the VLANs internally in hardware — much faster than routing through an external router.

Why does my Layer 3 switch SVI not route traffic even though it has an IP address?

The most common cause is missing `ip routing` globally. Without this command, the switch doesn't perform IP routing between SVIs. Also check: is the VLAN active (created and not shut down)? Is there at least one active port in that VLAN? Is the SVI itself not shut down?

What is the difference between a management SVI and a routing SVI?

Both use `interface vlan <id>` syntax. A management SVI on a Layer 2 switch has an IP address for SSH/Telnet access to the switch — it can only communicate with one VLAN. A routing SVI on a Layer 3 switch (with `ip routing` enabled) actively forwards packets between VLANs. The SVI type depends on the switch capability.

What does `encapsulation dot1q` do on a router sub-interface?

The `encapsulation dot1q <vlan-id>` command on a router sub-interface configures it to process 802.1Q-tagged frames for the specified VLAN. Frames arriving tagged with that VLAN ID are processed by this sub-interface; frames routed out are tagged with that VLAN ID before being sent to the switch.

Practice this topic

CCNApractice questions

Test yourself on Inter-VLAN Routing

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice testStart 7-Day Free Trial

No credit card · Cancel anytime

Related certification topics

VLAN Types

CCNA

Network Components

CCNA

Routing Table

CCNA

Spanning Tree Protocol

CCNA