VLAN's

I have a quick question about VLAN's. If a host in VLAN 2 sends a frame to a host in VLAN 1, the host logic tells it to send it to a router first correct? Then the router will check it's ARP table and send it to host in VLAN 1? I'm currently studying for CCENT so this may not be something I'm tested on, but I want to make sure that I understand it.

If that is the case...is it a good comparison to say that a VLAN is like a virtual LAN connection on a router? The only difference being that the VLAN's are implemented at Layer 2, so all Layer 3 addressing rules stay the same?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

APA

wtf? Where has my avatar gone.....

jbaello

A.P.A wrote: »

Just think of a VLAN as a virtual\logical segmentation of hosts over a L3 boundary.

If two sites were physically seperated you would have a router in between correct? Which also means you would seperate them at L3 meaning they would have two totally different subnets. Can have the same subnet mask but based on this subnet mask their network address\range would be given, which will be different between the two sites.

Why would this differ when creating a VLAN? You are essentially creating the same seperation as the above physical example... the hosts are living in the same location but you still want them logically seperated at L3.

To answer your question..... You would never have a subnet spanned across two VLANs... because to route between VLAN's you need a VLAN interface either living on a router or Multilayer switch, and if you tried to create two VLAN interfaces on these devices with the same subnet on each it will result in an EPIC FAIL!!!!

Now I'm not being critical here -> But get stuck into ICND2 and it will all make sense... I think you may be getting ahead of yourself as CCENT as basically all L1 and a bit of L2 stuff correct???

Okay don't go beyond CCENT boundary :P not yet, it's all imagination at this point...

APA

something I forgot to mentione is the use of Private Vlans.

This is a certain type of instance where you can find the same network range across multiple Vlans... It's a security\segmentation feature used when absolutely necessary.

But this is CCNP material and you should not worry about this now.

The basic gist of CCNA knowledge is that VLANs are a logical segmentation of hosts and a different network is associated with each VLAN. Unless of course you have no need to route between the two VLANs ever, which in that case you would be allowed to have the same network range assigned to each VLAN (no idea why you would want this in a production network...)

Kaminsky

A.P.A wrote: »

wtf? Where has my avatar gone.....

You should not mess with the TE / Internet human indexed database... You should know this by now...

Now ask Dynamik nicely if you can have your avatar back.... as long as you promise to behave....

jmc012

jbaello wrote: »

I believe I answered this already, and the answer is yes the router gets involved.

When both hosts are in the same subnet or the same VLAN (remember they can be in the same subnet but different VLAN, in this case router gets involved again)

Just trying to get this straight in my mind. If you were trying to configure two vlans to communicate on a router with the same subnet there would be no way the router would let you since you need to have a separate subnet for each interface. You would just get the overlap message. Just wondering how the router would get involved?
Thanks

jmc012

jmc012 wrote: »

Just trying to get this straight in my mind. If you were trying to configure two vlans to communicate on a router with the same subnet there would be no way the router would let you since you need to have a separate subnet for each interface. You would just get the overlap message. Just wondering how the router would get involved?
Thanks

Never mind, the experts chimed in while I was typing the message.

rwwest7

jmc012 wrote: »

Just trying to get this straight in my mind. If you were trying to configure two vlans to communicate on a router with the same subnet there would be no way the router would let you since you need to have a separate subnet for each interface. You would just get the overlap message. Just wondering how the router would get involved?
Thanks

It's not that the router wouldn't let you, it's just that VLANs are designed to seperate broadcast domains. Hosts on the same subnet use ARP broadcasts to communicate. If you're on seperate broadcast domains, then you cannot communicate. As someone pointed out earlier, the only time you would ever have one subnet on two seperate VLANs would be for very specific security reasons.

Routers don't "route" between VLANs. They use a routing table that is based off ports and IP address, no VLANs mentioned.

jmc012

rwwest7 wrote: »

It's not that the router wouldn't let you, it's just that VLANs are designed to seperate broadcast domains. Hosts on the same subnet use ARP broadcasts to communicate. If you're on seperate broadcast domains, then you cannot communicate. As someone pointed out earlier, the only time you would ever have one subnet on two seperate VLANs would be for very specific security reasons.

Routers don't "route" between VLANs. They use a routing table that is based off ports and IP address, no VLANs mentioned.

Yes, they do route between vlans. You need to use the encap dot1q trunking protocol set up on the router interface.

jbaello

Jesus I'm done here lol, adding in CCNP or even CCIE is game over haha, but I will stick with what I originally said INTERVLAN requires ROUTING.... kapish and adjourned...

rwwest7

jmc012 wrote: »

Yes, they do route between vlans. You need to use the encap dot1q trunking protocol set up on the router interface.

Yes,but are VLAN numbers used in routing decisions. The router doesn't say "This packet needs to go to VLAN 20, what interface is on VLAN 20?"

Isn't is more like " This packet needs to go 10.10.10.80. What interface will get me to the 10.10.10.0 network?" and it just so happens that the 10.10.10.0 network is off the VLAN 20 interface, if we've set up the VLANs correctly?

jmc012

rwwest7 wrote: »

Yes,but are VLAN numbers used in routing decisions. The router doesn't say "This packet needs to go to VLAN 20, what interface is on VLAN 20?"

Isn't is more like " This packet needs to go 10.10.10.80. What interface will get me to the 10.10.10.0 network?" and it just so happens that the 10.10.10.0 network is off the VLAN 20 interface, if we've set up the VLANs correctly?

Here is an example of a config on a router, notice the vlan ID on the encap statement.

interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!

rwwest7

That's great. Now show me a routing table (what the router actually uses to route) that has vlan numbers in it.

georgemc

dynamik wrote: »

You can't have /21 on a class C. I thought it was a typo the first time, but you did it again. Wait, am I being too critical too?

HAHA...I just thought he was bringing supernetting into the conversation in order to confuse the OP even more.

jbaello

To all the experts and CCNP, I just wish you guys would realize that this is CCNA/CCENT thread :P I mean some ideas we have might sound convoluted that's because it's theory it's never going to be used at a production environment, I don't think there's alot of people that got a network engineer position with a CCENT certification and actually configured the companies network, so it would be nice to limit your post beyond the scope, cause it's driving noob people like me crazy lol... just my 2 cents... I know you guys are really experts right?

jmc012

rwwest7 wrote: »

That's great. Now show me a routing table (what the router actually uses to route) that has vlan numbers in it.

I know what your saying, but that's how you configure router on a stick and you need the vlan Id on the config or it won't work. Anyway, that's how you set up intervlan communications and you have to use ISL or dot1q. Like any router it routes with ip addresses and subnets. The router needs to tag the frames properly to get to the right vlan correct? So that must be taken care of by the interface with the encap command.

This has been a interesting thread.

jmc012

jbaello wrote: »

To all the experts and CCNP, I just wish you guys would realize that this is CCNA/CCENT thread :P I mean some ideas we have might sound convoluted that's because it's theory it's never going to be used at a production environment, I don't think there's alot of people that got a network engineer position with a CCENT certification and actually configured the companies network, so it would be nice to limit your post beyond the scope, cause it's driving noob people like me crazy lol... just my 2 cents... I know you guys are really experts right?

Actually I think we need the experts to keep us noobs straight.

ColbyG

jbaello wrote: »

To all the experts and CCNP, I just wish you guys would realize that this is CCNA/CCENT thread :P I mean some ideas we have might sound convoluted that's because it's theory it's never going to be used at a production environment, I don't think there's alot of people that got a network engineer position with a CCENT certification and actually configured the companies network, so it would be nice to limit your post beyond the scope, cause it's driving noob people like me crazy lol... just my 2 cents... I know you guys are really experts right?

So you just want to learn what's on the test? For me, a deeper understanding of things always helped me see the bigger picture and grasp things better.

mikej412

rwwest7 wrote: »

Isn't is more like " This packet needs to go 10.10.10.80. What interface will get me to the 10.10.10.0 network?" and it just so happens that the 10.10.10.0 network is off the VLAN 20 interface, if we've set up the VLANs correctly?

Correct.

And.....
Usually you will assign one subnet to 1 VLAN..... but as I stated in another post...

mikej412 wrote: »

While it makes sense to have each VLAN be a single subnet -- there is no networking rule or law that requires it.

So while someday you may see a subnet split between a couple VLANs or multiple subnets assigned to the same VLAN -- it won't be on the CCENT exam. The use of "colorful language" is only authorized in the first instance, not the second.

mikej412

Official Moderator Post

If you drink, don't post. And if you post, don't drink.

jbaello

mikej412 wrote: »

Correct.

And.....
Usually you will assign one subnet to 1 VLAN..... but as I stated in another post...

So while someday you may see a subnet split between a couple VLANs or multiple subnets assigned to the same VLAN -- it won't be on the CCENT exam. The use of "colorful language" is only authorized in the first instance, not the second.

Seriously was this hard?