Inter-VLAN Routing question

Hi there,

Just studying for my ICND2 and hit VLAN's. Now I know what I need to know about them for the exam, but I was just wondering about something; If VLAN's are there to isolate say sections inside a building i.e Account, Marketing etc and to increase the number of broadcast domains.. Why do we use Inter-VLAN routing to help those VLAN's communicate with eachother, if we made the VLAN's originally to stop them from communicating.

Im guessing even with Inter-VLAN routing, the broadcast will stay in that VLAN from which it originated from?

Just something that made me wonder, sorry if its easy!

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

mamono

I, myself, don't know all the details since I'm sure that will appear in my future CCNP studies, but I believe that you'll be able to control the level of access between inter-VLAN routing. Though not discussed much in CCNA studies, I'm sure that it will pop-up in CCNP/CCSP.

kenny504

Why do we use Inter-VLAN routing to help those VLAN's communicate with eachother, if we made the VLAN's originally to stop them from communicating.

Here's the thing.

The primary purposes of a VLAN is to constrict broadcast to one part of the network an to create security domains for proper area isolation.

For example our company may have 3 departments

Marketing, Sales, Engineering

Marketing VLAN 10, Sales VLAN 20, Engineering VlAN 30

All this means for example is that the sales and engineering departments will never see broadcast from the marketing department. That way, we have broadcast control without the use of Layer 3 routing.

Now. If we want communication between these 3 broadcat zones. which is more than likely, we can use a router and make these broadcast domains actually logical subnets and allow communication between different networks.

Please bear in mind that this does not bridge all the vlans together is simply allows for the router to route packets tagged from a certain vlan number to a different vlan number.

So all in all vlans are not to stop people from comminicating on a network but rather they aid in security by consolidating certain areas or departments in zones that way filtering can be easier if you may to use routing and may need some persons to communicate accross vlans and some persons not to communicate. Lets just say by way of an access-list.

Hope this helps

mattrgee

What he said ^

tech-airman

stevi3 wrote:

Hi there,

Just studying for my ICND2 and hit VLAN's. Now I know what I need to know about them for the exam, but I was just wondering about something; If VLAN's are there to isolate say sections inside a building i.e Account, Marketing etc and to increase the number of broadcast domains.. Why do we use Inter-VLAN routing to help those VLAN's communicate with eachother, if we made the VLAN's originally to stop them from communicating.

Im guessing even with Inter-VLAN routing, the broadcast will stay in that VLAN from which it originated from?

Just something that made me wonder, sorry if its easy!

stevi3,

You are limiting your scope too narrowly to understand the benefits of inter-VLAN routing. Imagine the following network diagram...

 THE BOSS
       O  ++                                                             ++
       +  ++--[Switch]-----(Router)--------z-----(Router)----[Switch]----++
      / \


HEADQUARTERS                                                             BRANCH

Legend
--------
++ 
++ = PC

See, security applied to Inter-VLAN routing may establish and maintain security at the Branch site but what if the department head of each department represented by a VLAN still needed to report upstream directly to a boss? So by allowing routing in general, including Inter-VLAN routing, you're permitting communications to other locations, like in this example, to the Boss located at the Headquarters site. Does this help?

kelargo

you can use separate VLANs along with routing and access lists to restrict who can talk to who.

IT Man

God Bless Layer 3 Switches!!!!