CCNA vlan help please I'm studying for my ccna

mstephenmstephen Member Posts: 4 ■□□□□□□□□□
in CCNA & CCENT
Ok I have a router and two 2950 switches w/ two plug into port 1 on each switches


Setup
Router-A is connect to Sw-A via F0/1 on port 2 on the Switch, and SW-A is connect to SW-B via F0/12 trunk, F0/2 is also set as a trunk link

switch SW-A config
vlan1 192.168.10.10/24
default ip 192.168.10.1
vtp mode server
vtp domain TesT
vlan 100 on fa0/1
vlan 200

Host-A 192.168.100.6
default 192.168.100.1


SW-B
switch SW-B config
vlan1 192.168.10.11/24
default ip 192.168.10.1
vtp mode Client
vtp domain TesT
vlan 100
vlan 200 on fa0/1

Host-B
192.168.200.7
default 192.168.200.1

at this point Host-A cannot ping Host-B and that fine, because they're in Seperate broadcast, Ok
Router config

no ip address on F0/1, only on the subinterface
f0/1.1
encap dot1q 1
192.168.10.1/24
f0/1.100
encap dot1q 100
192.168.100.1 /24
f0/1.200
encap dot1q 200
192.168.200.1 /24

OK
now Host-A can ping Host-B, but if I plug a host into any ports on SW-A/SW-B w/ a 192.168.10. #, that host is able to ping eveytihing on the network including the Hosts in the Vlan, However, If I use a 192.168.200. # / 192.168.100.# they cannot ping the Vlan. I throught only Hosts in vlan should be able to communicate w/ each other.
· Share on FacebookShare on Twitter

Comments

  • remyforbes777remyforbes777 Member Posts: 499
    You are trunking right? If you are trunking and have trunking set up on the router its able to carry the information of all vlans and route traffic. So you have your default gateways set up on the subinterfaces so you should be able to ping other VLANs.
    Remington Forbes
    www.blacksintechnology.net
    · Share on FacebookShare on Twitter
  • mstephenmstephen Member Posts: 4 ■□□□□□□□□□
    I guest my question is, should hosts that arn't apart of my vlan have the ability to ping members of the Vlan (where's the Security ). I'm new to this two more weeks before I take this crazy test.
    · Share on FacebookShare on Twitter
  • remyforbes777remyforbes777 Member Posts: 499
    Yeah if you have a router that is routing the traffic they should be able to ping each other. If you are taking this in two weeks, you might need to reschedule if you haven't gotten this basic fact down. You have two switches. You have a router. Both the switch and the router has trunking enabled so that means you can send multiple vlans over the trunk to the router, thus routing the traffic.
    Remington Forbes
    www.blacksintechnology.net
    · Share on FacebookShare on Twitter
  • remyforbes777remyforbes777 Member Posts: 499
    The security lies in this, if you have 4 computers on VLAN 2 with an ip scheme of 10.x.x.x and you had a server on that same vlan and you wanted that subnet and that subnet alone to access it you can set up ACL's to block IP's from another VLAN. That wouldn't mean you couldn't ping unless of course you set up ACL's to block ICMP packets.
    Remington Forbes
    www.blacksintechnology.net
    · Share on FacebookShare on Twitter
  • mstephenmstephen Member Posts: 4 ■□□□□□□□□□
    OK, remyforbes777 I think I understand now, I just wasn't clear on something. I was thinking that if HostZ is some regular computer on a network and Host-B is a part of a vlan, HostZ wouldn't even know that Host-B existed. That was my question, thanks for the heads up
    · Share on FacebookShare on Twitter
Sign In or Register to comment.