VLAN questions

darwinism · August 2006

Since I come from an ISP background I have very little experience with VLANs. Lets say I have a switch with 3 VLANs. I also have a router connected to the switch. Since you can't assign more than one VLAN to an interface, except for VLAN trunking, would I need to trunk the port that goes to my router so that the 3 VLAN's can communicate with the gateway router? Then use subinterfaces on the router? This is known as router on a stick. The reason I am asking is that my gateway router is a non-cisco router, with the rest of my lab behind it and I am not sure if the router supports subinterfaces much like the cisco does. Any help will be appreciated.

garv221 · August 2006

Typicaly a inner Cisco switch network you need to trunk ports with multiple VLANS to each other to communicate, however I don't know what kind of setup you have. My router doesn't dole out IP's, my smart switches do that and they need certain trunk ecapsulations to see one another. What kind of router do you have?

darwinism · August 2006

Its a linux based router called mikrotik. I have 3 VLAN assigned to a 2924 switch, I didnt think the VLANs would be able to access the internet via the gateway router if the router wasnt a member of the VLAN. Maybe the question I am trying to ask is, can VLAN'ed ports on a switch talk to other ports on the switch that are not VLAN based? I am not doleing out IP's everything is static, I just need them to get out to the internet. I also dont want the VLANs to be able to communicate to each other.

Internet

Gateway Router

2924 Cisco switch

VLANs are connected directoy to the 2924. Users on each VLAN have a default GW of the gateways inner interface, will they be able to communicate to the internet without trunking the port from the 2924 to the gateway router. I guess the link from the switch to the router would effectively be on the default VLAN of VLAN1.

I think I have pretty much answered my own question. I will just have to see if I can trunk the port from the 2924 to the router and create the equivilant of a subinterface in the mikrotik. I think what hung me up was thinking that the link from the switch to the router wasnt in a VLAN, but it reality its just on the default VLAN of VLAN1. Or am I missing something?

Danman32 · August 2006

802.1Q is an IEEE standard, so if your router supports trunking/VLAN at all, there's a good chance it will work with the switch.
But even if it doesn't support VLAN trunking, you can dedicate a port for each VLAN and tie the ports to the appropriate interface on the router. So if you have 4 VLANs, you'll have 5 physical connections between the router and the switch. It woundn't be much different than if you had a separate switch for each v(Lan).

rossonieri#1 · August 2006

hello,

i dont have much experience with mikrotik - but
after you trunk this switch to the router - pls tell me if it is working.

cheers : )

pannupandit · August 2006

Users on each VLAN have a default GW of the gateways inner interface, will they be able to communicate to the internet without trunking the port from the 2924 to the gateway router. I guess the link from the switch to the router would effectively be on the default VLAN of VLAN1.

Well brother without trunking, only the hosts which are in Vlan 1 would be able to access the internet.Yeah the link will surely be in Vlan1 , if u haven't assigned any vlan to this particular port.

Other vlan members wont be able to access the internet unless you divide the fastethernet port of router into subinterfaces or connect the particular ports of switch to different port of routers as DANMAN is saying.

If u can divide the fastethenet port into subinterfaces then assign each subinterface of the router an ip from the corresponding vlans.However the gateway address of hosts will also be of that particular sub-interfaces.Also the port which is connecting to Router should be made as Trunk Port ,otherwise it wud only carry information of native VLAN.

however the ip addresses u er using for all vlans should be of public range.however u can also use NAT/PAT.

You can use access lists in order to denied hosts of one VLAN to access other VLANS.

thanx

mp3spy · August 2006

pannupandit wrote:

Users on each VLAN have a default GW of the gateways inner interface, will they be able to communicate to the internet without trunking the port from the 2924 to the gateway router. I guess the link from the switch to the router would effectively be on the default VLAN of VLAN1.

Well brother without trunking, only the hosts which are in Vlan 1 would be able to access the internet.Yeah the link will surely be in Vlan1 , if u haven't assigned any vlan to this particular port.

Other vlan members wont be able to access the internet unless you divide the fastethernet port of router into subinterfaces or connect the particular ports of switch to different port of routers as DANMAN is saying.

If u can divide the fastethenet port into subinterfaces then assign each subinterface of the router an ip from the corresponding vlans.However the gateway address of hosts will also be of that particular sub-interfaces.Also the port which is connecting to Router should be made as Trunk Port ,otherwise it wud only carry information of native VLAN.

however the ip addresses u er using for all vlans should be of public range.however u can also use NAT/PAT.

You can use access lists in order to denied hosts of one VLAN to access other VLANS.

thanx

Well Said

Danman32 · August 2006

Nobody noticed my mistake of 5 physical connections between the router and the switch for 4 VLANs. Assuming the default VLAN 1 is included in the count of 4 VLANs, it would be 4 physical connections.

garv221 · August 2006

A good rule of thumb is not to use VLAN1 for anything. Choose a seperate vlan for telnet or managment. Layer 3 creates an exception if done correctly.

VLAN questions

Comments