VLAN's

APA · February 2009

wtf? Where has my avatar gone.....

jbaello · February 2009

A.P.A wrote: »

Just think of a VLAN as a virtual\logical segmentation of hosts over a L3 boundary.

If two sites were physically seperated you would have a router in between correct? Which also means you would seperate them at L3 meaning they would have two totally different subnets. Can have the same subnet mask but based on this subnet mask their network address\range would be given, which will be different between the two sites.

Why would this differ when creating a VLAN? You are essentially creating the same seperation as the above physical example... the hosts are living in the same location but you still want them logically seperated at L3.

To answer your question..... You would never have a subnet spanned across two VLANs... because to route between VLAN's you need a VLAN interface either living on a router or Multilayer switch, and if you tried to create two VLAN interfaces on these devices with the same subnet on each it will result in an EPIC FAIL!!!!

Now I'm not being critical here -> But get stuck into ICND2 and it will all make sense... I think you may be getting ahead of yourself as CCENT as basically all L1 and a bit of L2 stuff correct???

Okay don't go beyond CCENT boundary :P not yet, it's all imagination at this point...

APA · February 2009

something I forgot to mentione is the use of Private Vlans.

This is a certain type of instance where you can find the same network range across multiple Vlans... It's a security\segmentation feature used when absolutely necessary.

But this is CCNP material and you should not worry about this now.

The basic gist of CCNA knowledge is that VLANs are a logical segmentation of hosts and a different network is associated with each VLAN. Unless of course you have no need to route between the two VLANs ever, which in that case you would be allowed to have the same network range assigned to each VLAN (no idea why you would want this in a production network...)

Kaminsky · February 2009

A.P.A wrote: »

wtf? Where has my avatar gone.....

You should not mess with the TE / Internet human indexed database... You should know this by now...

Now ask Dynamik nicely if you can have your avatar back.... as long as you promise to behave....

jmc012 · February 2009

jbaello wrote: »

I believe I answered this already, and the answer is yes the router gets involved.

When both hosts are in the same subnet or the same VLAN (remember they can be in the same subnet but different VLAN, in this case router gets involved again)

Just trying to get this straight in my mind. If you were trying to configure two vlans to communicate on a router with the same subnet there would be no way the router would let you since you need to have a separate subnet for each interface. You would just get the overlap message. Just wondering how the router would get involved?
Thanks

jmc012 · February 2009

jmc012 wrote: »

Just trying to get this straight in my mind. If you were trying to configure two vlans to communicate on a router with the same subnet there would be no way the router would let you since you need to have a separate subnet for each interface. You would just get the overlap message. Just wondering how the router would get involved?
Thanks

Never mind, the experts chimed in while I was typing the message.

rwwest7 · February 2009

jmc012 wrote: »

Just trying to get this straight in my mind. If you were trying to configure two vlans to communicate on a router with the same subnet there would be no way the router would let you since you need to have a separate subnet for each interface. You would just get the overlap message. Just wondering how the router would get involved?
Thanks

It's not that the router wouldn't let you, it's just that VLANs are designed to seperate broadcast domains. Hosts on the same subnet use ARP broadcasts to communicate. If you're on seperate broadcast domains, then you cannot communicate. As someone pointed out earlier, the only time you would ever have one subnet on two seperate VLANs would be for very specific security reasons.

Routers don't "route" between VLANs. They use a routing table that is based off ports and IP address, no VLANs mentioned.

jmc012 · February 2009

rwwest7 wrote: »

It's not that the router wouldn't let you, it's just that VLANs are designed to seperate broadcast domains. Hosts on the same subnet use ARP broadcasts to communicate. If you're on seperate broadcast domains, then you cannot communicate. As someone pointed out earlier, the only time you would ever have one subnet on two seperate VLANs would be for very specific security reasons.

Routers don't "route" between VLANs. They use a routing table that is based off ports and IP address, no VLANs mentioned.

Yes, they do route between vlans. You need to use the encap dot1q trunking protocol set up on the router interface.

jbaello · February 2009

Jesus I'm done here lol, adding in CCNP or even CCIE is game over haha, but I will stick with what I originally said INTERVLAN requires ROUTING.... kapish and adjourned...

rwwest7 · February 2009

jmc012 wrote: »

Yes, they do route between vlans. You need to use the encap dot1q trunking protocol set up on the router interface.

Yes,but are VLAN numbers used in routing decisions. The router doesn't say "This packet needs to go to VLAN 20, what interface is on VLAN 20?"

Isn't is more like " This packet needs to go 10.10.10.80. What interface will get me to the 10.10.10.0 network?" and it just so happens that the 10.10.10.0 network is off the VLAN 20 interface, if we've set up the VLANs correctly?

jmc012 · February 2009

rwwest7 wrote: »

Yes,but are VLAN numbers used in routing decisions. The router doesn't say "This packet needs to go to VLAN 20, what interface is on VLAN 20?"

Isn't is more like " This packet needs to go 10.10.10.80. What interface will get me to the 10.10.10.0 network?" and it just so happens that the 10.10.10.0 network is off the VLAN 20 interface, if we've set up the VLANs correctly?

Here is an example of a config on a router, notice the vlan ID on the encap statement.

interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!

rwwest7 · February 2009

That's great. Now show me a routing table (what the router actually uses to route) that has vlan numbers in it.

georgemc · February 2009

dynamik wrote: »

You can't have /21 on a class C. I thought it was a typo the first time, but you did it again. Wait, am I being too critical too?

HAHA...I just thought he was bringing supernetting into the conversation in order to confuse the OP even more.

jbaello · February 2009

To all the experts and CCNP, I just wish you guys would realize that this is CCNA/CCENT thread :P I mean some ideas we have might sound convoluted that's because it's theory it's never going to be used at a production environment, I don't think there's alot of people that got a network engineer position with a CCENT certification and actually configured the companies network, so it would be nice to limit your post beyond the scope, cause it's driving noob people like me crazy lol... just my 2 cents... I know you guys are really experts right?

jmc012 · February 2009

rwwest7 wrote: »

That's great. Now show me a routing table (what the router actually uses to route) that has vlan numbers in it.

I know what your saying, but that's how you configure router on a stick and you need the vlan Id on the config or it won't work. Anyway, that's how you set up intervlan communications and you have to use ISL or dot1q. Like any router it routes with ip addresses and subnets. The router needs to tag the frames properly to get to the right vlan correct? So that must be taken care of by the interface with the encap command.

This has been a interesting thread.

jmc012 · February 2009

jbaello wrote: »

To all the experts and CCNP, I just wish you guys would realize that this is CCNA/CCENT thread :P I mean some ideas we have might sound convoluted that's because it's theory it's never going to be used at a production environment, I don't think there's alot of people that got a network engineer position with a CCENT certification and actually configured the companies network, so it would be nice to limit your post beyond the scope, cause it's driving noob people like me crazy lol... just my 2 cents... I know you guys are really experts right?

Actually I think we need the experts to keep us noobs straight.

ColbyG · February 2009

jbaello wrote: »

To all the experts and CCNP, I just wish you guys would realize that this is CCNA/CCENT thread :P I mean some ideas we have might sound convoluted that's because it's theory it's never going to be used at a production environment, I don't think there's alot of people that got a network engineer position with a CCENT certification and actually configured the companies network, so it would be nice to limit your post beyond the scope, cause it's driving noob people like me crazy lol... just my 2 cents... I know you guys are really experts right?

So you just want to learn what's on the test? For me, a deeper understanding of things always helped me see the bigger picture and grasp things better.

mikej412 · February 2009

rwwest7 wrote: »

Isn't is more like " This packet needs to go 10.10.10.80. What interface will get me to the 10.10.10.0 network?" and it just so happens that the 10.10.10.0 network is off the VLAN 20 interface, if we've set up the VLANs correctly?

Correct.

And.....
Usually you will assign one subnet to 1 VLAN..... but as I stated in another post...

mikej412 wrote: »

While it makes sense to have each VLAN be a single subnet -- there is no networking rule or law that requires it.

So while someday you may see a subnet split between a couple VLANs or multiple subnets assigned to the same VLAN -- it won't be on the CCENT exam. The use of "colorful language" is only authorized in the first instance, not the second.

mikej412 · February 2009

Official Moderator Post

If you drink, don't post. And if you post, don't drink.

jbaello · February 2009

mikej412 wrote: »

Correct.

And.....
Usually you will assign one subnet to 1 VLAN..... but as I stated in another post...

So while someday you may see a subnet split between a couple VLANs or multiple subnets assigned to the same VLAN -- it won't be on the CCENT exam. The use of "colorful language" is only authorized in the first instance, not the second.

Seriously was this hard?

VLAN's

Comments