January 2011 | Reading time: 11 min
Inter-VLAN routing is the foundation of multi-subnet communication in enterprise LANs. Two dominant methods for achieving this are Layer 3 switching and the classic router-on-a-stick (ROAS) model. While both approaches accomplish the same goal, their performance characteristics, design implications, and scalability differ significantly.
Understanding Inter-VLAN Routing
In VLAN-based designs, each VLAN represents a separate broadcast domain. Devices on one VLAN cannot communicate with devices on another VLAN without a Layer 3 device forwarding the traffic. This is where inter-VLAN routing comes in—forwarding packets between VLANs based on IP routing logic.
What is Router-on-a-Stick (ROAS)?
ROAS is a legacy design where a single physical link between a router and a Layer 2 switch is trunked with 802.1Q encapsulation. The router has subinterfaces, each assigned to a VLAN. It receives tagged frames, routes them, and sends them back out the same interface.
ROAS Configuration Example
interface FastEthernet0/0
no shutdown
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
What is Layer 3 Switching?
Modern multilayer switches can perform both Layer 2 and Layer 3 functions. Inter-VLAN routing is handled directly within the switch hardware using Switched Virtual Interfaces (SVIs). This allows for line-rate routing performance, eliminating the bottleneck of the single trunk link in ROAS.
SVI Configuration Example
interface Vlan10
ip address 192.168.10.1 255.255.255.0
no shutdown
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
no shutdown
!
ip routing
Performance and Scalability
ROAS is simple but does not scale well. All inter-VLAN traffic must traverse a single trunk, potentially oversaturating the link and introducing latency. In contrast, Layer 3 switches use ASICs to perform routing at wire speed, supporting hundreds of VLANs and routing instances concurrently.
Design Considerations
- Use ROAS in small environments or for lab/testing purposes where budget is limited.
- Use Layer 3 Switching in production networks requiring high throughput, HA, and reduced broadcast impact.
- Ensure your switch supports IP routing and has sufficient CPU/ASIC resources for dynamic routing if needed.
Security Implications
With ROAS, all routed traffic flows through a central point, making it easier to apply ACLs and policies. However, it also introduces a single point of failure. Layer 3 switches support distributed policies (e.g., VACLs or port-based ACLs), offering more granular control but requiring more configuration effort.
Monitoring and Troubleshooting
show ip route
show ip interface brief
show interfaces trunk
show interfaces vlan
These commands help verify routing table entries, SVI states, and trunk status. Monitor CPU load when routing via software on older switches to ensure routing doesn't impact overall performance.
Conclusion
While ROAS remains a valid technique for basic networks, Layer 3 switching is the standard for modern enterprises. It improves performance, simplifies design, and supports advanced features like HSRP, VRRP, OSPF, and more—all within a single chassis. Choose the method that aligns with your scale, performance goals, and architectural flexibility.