VLAN question

outrunredoutrunred Banned Posts: 30 ■■□□□□□□□□
Hi.

I'm now studying for the second part - ICND2

and whilst the subject of VLANs is not unfamiliar to me, there is something I'd like to have cleared up if anyone can answer.

It is said that VLANs are like putting a machine onto a seperate subnet, yes, I get that....but in the CBT nuggets videos that I'm watching now it demonstrates configuring each VLAN client in it's own subnet. i.e. VLAN 10 devices might be on subnet 192.168.10.0 and VLAN 20 devices might be on subnet 192.168.20.0 etc.

Can I ask, is it necessary to be on different subnets? the switch isn't acting at layer 3 so why would it matter what subnet a device is on. For example is it not possible to have all machines in any VLAN on the same subnet, i.e VLAN 10 and VLAN 20 devices all configured with subnet 192.168.1.0?????

If you're following the router on a stick method, so setting up a trunk from the switch to a router, you wouldn't even need to create sub interfaces on the router would you? because they're on the same subnet, wouldn't the router just tag traffic say from VLAN 10 device to VLAN 20 device with that VLAN ID?

Have I gone insane, I'm sure this is how the VLANs at work, work? we only have a handful in the whole organisation and I'm sure we don't have to place each VLAN on a seperate subnet.

sorry for long quesiton for something I'm sure can be cleared up in a few words.

cheers.
«1

Comments

  • bermovickbermovick Member Posts: 1,135 ■■■■□□□□□□
    I'm just a little past studying vlans so everything below is probably wrong, so wait for better answers -- but my thoughts on this is - if all the vlans are on the same subnet, what's the point of having the vlans at all? Even if it would work (and I'm pretty sure it wouldn't), it would just add needless complexity to your network. Keep in mind too that vlans work at the data-link layer, so if they were in the same subnet, there'd be no need for a router to transfer them. The switch would be able to strip the old tag and apply the new tag.

    If it's for permissions that'll be handled with access lists (what I'm studying currently and you will shortly).
    Latest Completed: CISSP

    Current goal: Dunno
  • networker050184networker050184 Mod Posts: 11,962 Mod
    outrunred wrote: »
    If you're following the router on a stick method, so setting up a trunk from the switch to a router, you wouldn't even need to create sub interfaces on the router would you? because they're on the same subnet, wouldn't the router just tag traffic say from VLAN 10 device to VLAN 20 device with that VLAN ID?


    How would the router know what VLAN to put on the outgoing frames? The point of creating the sub interfaces with an encapsulation is so that it know which tag to put on the frames and which subinterface they belong to when they arrive. The router will not let you overlap address on the subinterfaces (well, not without some more complex configuration outside of the scope of the CCNA).

    You can technically have every VLAN on the same subnet. When you start tying to route the traffic is where you will start running into issues.
    An expert is a man who has made all the mistakes which can be made.
  • johnwest43johnwest43 Member Posts: 294
    to pass frames from 1 vlan to the next with a layer 2 switch you have to have a router. The router has to have a sub interface for every vlan it comunicates with. Now you can use private vlans (not covered in the CCNA) and have the hosts seperated but still on the same subnet. Hope this helps.
    CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014
  • outrunredoutrunred Banned Posts: 30 ■■□□□□□□□□
    Hi.

    Thanks for replying.

    think I see your point.

    But there'd still be a need for VLAN's as it would stop the broadcasts.

    I get what you mean about the switch being able to do the switching of the tags...I guess you're right on that one...

    I disagree about adding extra complexity...I mean keeping everything on one subnet is far easier to administer I would think

    I'm just trying to get my head round that concept I guess.... going to have to look at work tomorrow see for sure what we do....funny thing is, I thought I was ok on the subject of VLANs

    cheers
  • notgoing2failnotgoing2fail Member Posts: 1,138
    Well there are more reasons for VLAN's than what's given to you at the ICND2 level.

    One thing you hadn't brought up was broadcasts. That alone is one of the major reasons for subnetting your networks. Cisco's recommendation is about 500 hosts per network.

    So you in a large enterprise environment, that would be killer for you if you had more than 500 hosts per subnet.

    There's also security, you'll start to get into VLAN access maps as well which is different from PVLAN's.

    Hope that helps somewhat???

  • outrunredoutrunred Banned Posts: 30 ■■□□□□□□□□
    Cheers everyone.......

    ok - got it.... just got to the bit about the sub interfaces and the encapsulation...

    think i've got it

    and...I've just remembered the scenario at work....pretty sure they're on the same subnet, it's just not required to route between VLANS...but I'll check that.

    ok, think it makes sense now....hmmm does it?...yeah, pretty sure

    well unless there's a way to say to the router that the fa 0/0 int. for example was part of every VLAN? guess that's not possible.

    ok...I'm done...

    cheers again guys
  • notgoing2failnotgoing2fail Member Posts: 1,138
    outrunred wrote: »
    well unless there's a way to say to the router that the fa 0/0 int. for example was part of every VLAN? guess that's not possible.

    That's a good question. Technically it is a trunk port so it does have access to all the vlan's.

    It's your sub-interfaces that are applied to individual vlan's...

    This is something I'd need to put a little more thought into....

  • outrunredoutrunred Banned Posts: 30 ■■□□□□□□□□
    haha....see, it's easy to throw yourself off isn't it....even with something you're certain you know fairly well.....

    I mean as far as the exam goes, sure...even without understanding it I'd use the concept of seperate subnets...but that's not how I wanna pass...I want a perfect understanding of why...

    so thanks again peeps....

    guess it's STP next...something I'm supposed to be already familiar with....watch me ask a stupid question on this tomorrow

    icon_lol.gif
  • networker050184networker050184 Mod Posts: 11,962 Mod
    When the switch sends the frames out of a trunk port they will have a VLAN tag. Unless the router is configured to process those tagged frames (with encapsulated sub interfaces) the router will not know what to do with them. The same thing would happen in the other direction. If the router didn't know which tag to put on them the switch will not be able to associate them with the correct VLAN.
    An expert is a man who has made all the mistakes which can be made.
  • phoeneousphoeneous Go ping yourself... Member Posts: 2,333 ■■■■■■■□□□
    outrunred wrote: »
    I disagree about adding extra complexity...I mean keeping everything on one subnet is far easier to administer I would think


    How many hosts do you have on a /8 network compared to a /24? Which one do you think is easier to manage? Think broadcasts.
  • notgoing2failnotgoing2fail Member Posts: 1,138
    outrunred wrote: »
    haha....see, it's easy to throw yourself off isn't it....even with something you're certain you know fairly well.....

    I mean as far as the exam goes, sure...even without understanding it I'd use the concept of seperate subnets...but that's not how I wanna pass...I want a perfect understanding of why...

    so thanks again peeps....

    guess it's STP next...something I'm supposed to be already familiar with....watch me ask a stupid question on this tomorrow

    icon_lol.gif


    Well I've said it many times here, passing an exam doesn't really mean you know the topic and I've been honest about that with myself since the beginning.

    All it does is means you were prepared to study the topics to what the exam covered.

    You do not want to understand VLAN's 1000% if you are just starting out because there's way too much to understand.

    What I do is study the topics well enough to pass the exams, and then find time to go back and go deeper into the topics.

    There are BOOKS on STP alone...do yo want to read all of them before taking your CCNA?

    icon_mrgreen.gif

  • bermovickbermovick Member Posts: 1,135 ■■■■□□□□□□
    This is what I like about these forums; really good conversations going on.

    Regarding needing a router still even if the vlans are on the same subnet - would you really? I mean the router is dealing with the layer 3 packet, so it doesn't really know which vlan the data is for; only what IP address it needs to go out on. That doesn't seem necessary if both vlans are in the same subnet. I'm not even sure you can assign a subinterface to the same subnet as another (sub)interface.

    R1(config-if)#int e0/0.99
    R1(config-subif)#encapsulation dot1Q 99
    R1(config-subif)#ip address 192.168.1.54 255.255.255.0
    192.168.1.0 overlaps with Ethernet0/0

    So I still think the switch itself would be the device responsible for removing the vlan tag and applying a new one if the 2 vlans were in the same subnet. I'm just not sure if switches are capable of doing such a thing.
    Latest Completed: CISSP

    Current goal: Dunno
  • networker050184networker050184 Mod Posts: 11,962 Mod
    bermovick wrote: »
    I mean the router is dealing with the layer 3 packet, so it doesn't really know which vlan the data is for; only what IP address it needs to go out on.

    That is not true. The router needs to know the L2 information to send the frame back to the switch. If the router did not specifically tag the VLAN the switch would not know which VLAN the incoming frame belonged to.
    An expert is a man who has made all the mistakes which can be made.
  • bermovickbermovick Member Posts: 1,135 ■■■■□□□□□□
    That's a good point; I even entered it in my example above with the 2nd line. I never thought that the router would alter the layer 2 information, but it would have to so the switch knows what the 'new' vlan is when it gets it back from the router.
    Latest Completed: CISSP

    Current goal: Dunno
  • notgoing2failnotgoing2fail Member Posts: 1,138
    bermovick wrote: »
    I'm not even sure you can assign a subinterface to the same subnet as another (sub)interface.

    I don't think you can.

    The router will complain about ip addressing overlap....

    Is that what you meant?

  • phoeneousphoeneous Go ping yourself... Member Posts: 2,333 ■■■■■■■□□□
    bermovick wrote: »
    That's a good point; I even entered it in my example above with the 2nd line. I never thought that the router would alter the layer 2 information, but it would have to so the switch knows what the 'new' vlan is when it gets it back from the router.

    Have you studied vtp yet? Just curious.
  • bermovickbermovick Member Posts: 1,135 ■■■■□□□□□□
    I've done the CBTNuggets portion of it, but haven't done Odom's.

    If I read Odom's first, it's just too much new information, and too in-depth for me to be able to grasp much if any of it. Watching CBTNuggets let's me get 'the gist of it', so that when I open up Odom's book I have some idea what he's talking about and am more comfortable with the material.
    Latest Completed: CISSP

    Current goal: Dunno
  • alan2308alan2308 CISSP, MCSA 2008, MCSA 2012, CCNA R&S, CCNA Security Ann Arbor, MIMember Posts: 1,854 ■■■■■■■■□□
    That is not true. The router needs to know the L2 information to send the frame back to the switch. If the router did not specifically tag the VLAN the switch would not know which VLAN the incoming frame belonged to.

    The native VLAN's frames are untagged. So the switch would have to assume EVERY incoming frame belongs to the native VLAN if the router wasn't tagging them.
  • notgoing2failnotgoing2fail Member Posts: 1,138
    bermovick wrote: »
    I've done the CBTNuggets portion of it, but haven't done Odom's.

    If I read Odom's first, it's just too much new information, and too in-depth for me to be able to grasp much if any of it. Watching CBTNuggets let's me get 'the gist of it', so that when I open up Odom's book I have some idea what he's talking about and am more comfortable with the material.


    That is a good idea. I try to go CBTNuggets as well. Wendell is the man, but he can really go in depth that you simply know won't be on the exam.

    icon_mrgreen.gif

  • thehourmanthehourman Member Posts: 723
    That is a good idea. I try to go CBTNuggets as well. Wendell is the man, but he can really go in depth that you simply know won't be on the exam.

    icon_mrgreen.gif
    Yep, I am starting to like his books, because he always explain what exactly the things are. He wants us to understand the concept not just knowing it.
    The only complain that I have is sometimes it gets boring, and feels dry, but his books are awesome.
    I am glad that I bought his books. I also like Todd Lammle's Book because it is straight to the point. I am using Todd's book for review, but my main book is Odom's.
    Studying:
    Working on CCNA: Security. Start date: 12.28.10
    Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
    Reading:
    Network Warrior - Currently at Part II
    Reading IPv6 Essentials 2nd Edition - on hold
  • alan2308alan2308 CISSP, MCSA 2008, MCSA 2012, CCNA R&S, CCNA Security Ann Arbor, MIMember Posts: 1,854 ■■■■■■■■□□
    thehourman wrote: »
    Yep, I am starting to like his books, because he always explain what exactly the things are. He wants us to understand the concept not just knowing it.
    The only complain that I have is sometimes it gets boring, and feels dry, but his books are awesome.
    I am glad that I bought his books. I also like Todd Lammle's Book because it is straight to the point. I am using Todd's book for review, but my main book is Odom's.

    This is the same way that I did it. I had no illusion of taking Wendell's book all in the first time through, but after reading through them both, nothing that I have encountered was completely new.

    I also really like Wendell's blog. He seems like a great guy who genuinely cares about people. Lammle's blog and forum seem more like a non-stop sales pitch.
  • notgoing2failnotgoing2fail Member Posts: 1,138
    thehourman wrote: »
    Yep, I am starting to like his books, because he always explain what exactly the things are. He wants us to understand the concept not just knowing it.
    The only complain that I have is sometimes it gets boring, and feels dry, but his books are awesome.
    I am glad that I bought his books. I also like Todd Lammle's Book because it is straight to the point. I am using Todd's book for review, but my main book is Odom's.


    He's good, but dry. But he's too good not to read his books, no matter how dry. He's just one of those guys that really knows his stuff and anything else like jokes or comic timing, just isn't his thing. And that's ok.

    :D

    alan2308 wrote: »
    This is the same way that I did it. I had no illusion of taking Wendell's book all in the first time through, but after reading through them both, nothing that I have encountered was completely new.

    I also really like Wendell's blog. He seems like a great guy who genuinely cares about people. Lammle's blog and forum seem more like a non-stop sales pitch.

    You know Lammle posted here awhile back, about a couple month's ago. And then never came back. I was curious if it was really him, it seemed like it was though.

    I've never seen his blog site, I've enjoyed two of his books so he is pretty good but one thing that irks me the most are authors or individuals who have blogs but never communicate back with their own community.

  • thehourmanthehourman Member Posts: 723
    alan2308 wrote: »
    This is the same way that I did it. I had no illusion of taking Wendell's book all in the first time through, but after reading through them both, nothing that I have encountered was completely new.

    I also really like Wendell's blog. He seems like a great guy who genuinely cares about people. Lammle's blog and forum seem more like a non-stop sales pitch.
    Yep the blog.
    I am following Odom's and Bryant's blog. These two look like they really do care about people. Chris Bryant has a youtube channel where he post some clips about Cisco, explain stuff, some short advice, and many good stuff.
    Studying:
    Working on CCNA: Security. Start date: 12.28.10
    Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
    Reading:
    Network Warrior - Currently at Part II
    Reading IPv6 Essentials 2nd Edition - on hold
  • alan2308alan2308 CISSP, MCSA 2008, MCSA 2012, CCNA R&S, CCNA Security Ann Arbor, MIMember Posts: 1,854 ■■■■■■■■□□

    You know Lammle posted here awhile back, about a couple month's ago. And then never came back. I was curious if it was really him, it seemed like it was though.

    Yea, he has 3 posts here, pitching his book and pitching his video. icon_mrgreen.gif
  • outrunredoutrunred Banned Posts: 30 ■■□□□□□□□□
    I need to get hold of Odems book.... I have only a few training resources....

    But the CBT nuggets are the best ever.....does anyone ever listen them on 'fast' mode? I thought his voice was funny before, but on fast it's brilliant
  • fly351fly351 Member Posts: 360
    outrunred wrote: »
    I need to get hold of Odems book.... I have only a few training resources....

    But the CBT nuggets are the best ever.....does anyone ever listen them on 'fast' mode? I thought his voice was funny before, but on fast it's brilliant

    Lol yes I have, simply because he rambles sometimes and goes a bit slow at other times. But also a 40 minute video on setting a basic router config is better in 20 minutes.
    CCNP :study:
  • megatran808megatran808 Member Posts: 53 ■■■□□□□□□□
    outrunred wrote: »
    Hi.

    I'm now studying for the second part - ICND2

    and whilst the subject of VLANs is not unfamiliar to me, there is something I'd like to have cleared up if anyone can answer.

    It is said that VLANs are like putting a machine onto a seperate subnet, yes, I get that....but in the CBT nuggets videos that I'm watching now it demonstrates configuring each VLAN client in it's own subnet. i.e. VLAN 10 devices might be on subnet 192.168.10.0 and VLAN 20 devices might be on subnet 192.168.20.0 etc.

    Can I ask, is it necessary to be on different subnets? the switch isn't acting at layer 3 so why would it matter what subnet a device is on. For example is it not possible to have all machines in any VLAN on the same subnet, i.e VLAN 10 and VLAN 20 devices all configured with subnet 192.168.1.0?????

    If you're following the router on a stick method, so setting up a trunk from the switch to a router, you wouldn't even need to create sub interfaces on the router would you? because they're on the same subnet, wouldn't the router just tag traffic say from VLAN 10 device to VLAN 20 device with that VLAN ID?

    Have I gone insane, I'm sure this is how the VLANs at work, work? we only have a handful in the whole organisation and I'm sure we don't have to place each VLAN on a seperate subnet.

    sorry for long quesiton for something I'm sure can be cleared up in a few words.

    cheers.


    Different VLANs has to be on different subnets/networks.

    Think of VLANs as splitting up the One Switch into 2 different switches, I'll just call it LAN 10 and LAN 20. Switch1 (LAN10) on the 192.168.10.0/24 network and Switch2 (LAN20) 192.168.20.0/24. Two separated LANs on two different physical switches. If you put everyone on a 192.168.1.0/24 network then it would have to be on the same LAN/Switch.

    But with VLANs you can eliminate the need to on have 2 physical switches. Assign half the port on VLAN10 and the other on VLAN20 or however ports you need to be in each network.

    Now back to the two different switches. To get LAN10 to talk to LAN20 you would need Router/Layer 3 device in between to allow you to talk to the different networks.

    Lets say on Router we have Fastethernet Ports 1 and 2. You can assign LAN10 (192.168.10.1/24) to FastEther 1 and (192.168.20.1/24) to FastEther 2.

    But to eliminate the waste of using 2 fast ether ports on the router. We can assign a Sub interface for FastEther1. That would take us into the topic of router on a stick.

    I hope I didn't confuse you. This was the best way I could explain it in a nutshell.
    "Love your Job, but never fall in love with your company....because you never know when your company stops loving you!"
  • outrunredoutrunred Banned Posts: 30 ■■□□□□□□□□
    No Confusion, not at all.

    I guess what I was struggling with, was the 'need' for the router to route VLANs...not the concept of them....I understood what was being said...but I think my main issue at time of post was why did it 'need' the router to do this, why did the VLANs have to be on seperate subnets....

    But I get it now. If we're talking about a switch (being layer 2), of course if it could send traffic over to the other VLAN without going through a router then I guess it would also send broadcasts, completely defeating one of the main reasons for it's existance....something needs bridge the vlans together and a router does that, by routing....and of course they need to be on seperate subnets for this that's how routing works....and then of course it appends the little vlan tag as it routes out of it's sub interface....

    It's all clear now.... but I'm sure many of you can understand that questioning why when VLANs are a layer 2 technology, does a router need to get involved....but to get out of it's VLAN onto another VLAN it needs Layer 3, which needs a router, which needs sub interfaces....all ties together beautifully....
  • notgoing2failnotgoing2fail Member Posts: 1,138
    outrunred wrote: »
    No Confusion, not at all.

    I guess what I was struggling with, was the 'need' for the router to route VLANs...not the concept of them....I understood what was being said...but I think my main issue at time of post was why did it 'need' the router to do this, why did the VLANs have to be on seperate subnets....

    But I get it now. If we're talking about a switch (being layer 2), of course if it could send traffic over to the other VLAN without going through a router then I guess it would also send broadcasts, completely defeating one of the main reasons for it's existance....something needs bridge the vlans together and a router does that, by routing....and of course they need to be on seperate subnets for this that's how routing works....and then of course it appends the little vlan tag as it routes out of it's sub interface....

    It's all clear now.... but I'm sure many of you can understand that questioning why when VLANs are a layer 2 technology, does a router need to get involved....but to get out of it's VLAN onto another VLAN it needs Layer 3, which needs a router, which needs sub interfaces....all ties together beautifully....


    Unless you're a little mischievous and do some vlan hopping....but that's for another topic... :D

  • outrunredoutrunred Banned Posts: 30 ■■□□□□□□□□
    oh man, don't be throwing that sort of stuff out there....... icon_smile.gif
Sign In or Register to comment.