vlan question, please help! THANKS

solnsusie

hi
I set up on Packet tracer a network with 1 router, 3 switches, 6 pc's, 2 pc's connected to each switch, (see image,) every switch has access to 2 different vlans, (every vlan is named, so you can understand the image,) so here is my question, when I ping let’s say from switch S5 to pc Accounting on Switch Switch3 which Accounting is in a different vlan then any vlan on Switch S5 the ping is not going trough, since it’s in a different vlan, but when I ping from the PC Shipping on S5 to PC accounting on Switch Switch3 the ping is working,
so basically my question is as follows: why is the ping from the switches not going from one vlan to another, and the ping from the pc’s, is going trough, even its different vlans,

networker050184

Default gateway set on the switches?

solnsusie

networker050184 wrote: »

Default gateway set on the switches?

yes, without a Default Gateway I wouldn’t be able to ping between 2 pc's between 2 switches in a different vlan, every vlan has its own Default Gateway and its own network range, so my question again: ping between all the pc's are going through, even different vlans, but the ping between switches and pc's from different vlans are not going through
thanks for your reply, I appreciate it,

mikej412

solnsusie wrote: »

yes, without a Default Gateway I wouldn’t be able to ping between 2 pc's

So you have the default gateways configured properly for the PCs. Any default gateway configured on the switch has no effect on the layer 2 path the PCs use to reach their default gateway (defined on the router subinterfaces, right?).

What's your configuration on the Switches? Which VLAN are you using for your admin IP on the switches? Which default gateway have you configured the switch to use when you ping from the switch to networks outside of the local VLAN you're using for your switch admin IPs?

solnsusie

mikej412 wrote: »

So you have the default gateways configured properly for the PCs. Any default gateway configured on the switch has no effect on the layer 2 path the PCs use to reach their default gateway (defined on the router subinterfaces, right?).

What's your configuration on the Switches? Which VLAN are you using for your admin IP on the switches? Which default gateway have you configured the switch to use when you ping from the switch to networks outside of the local VLAN you're using for your switch admin IPs?

the vlan 1 is the Admin IP on all the switches, but with no Default Gateway! Only the pc’s are having set with Default Gateways from the sub interface IP address on the router,

but my question is about the PC's, I understand why the switches can't ping in different vlan, because I exclude other vlans with the “switchport Trunk vlan allowed except command,” but my question is, how the pc's can ping in different vlans on different switches since its in different vlans, and the switch can’t pass data in other valn since the switch was excluded, so how can this switch send the data from the pc to the other switch, isn’t one of the purposes of a vlan that one pc in one department shouldn’t be able to get access in other vlan?

mikej412

solnsusie wrote: »

so basically my question is as follows: why is the ping from the switches not going from one vlan to another, and the ping from the pc’s, is going trough, even its different vlans,

This was your original question.

solnsusie wrote: »

but my question is about the PC's, I understand why the switches can't ping in different vlan, because I exclude other vlans with the “switchport Trunk vlan allowed except command,” but my question is, how the pc's can ping in different vlans on different switches since its in different vlans, and the switch can’t pass data in other valn since the switch was excluded, so how can this switch send the data from the pc to the other switch, isn’t one of the purposes of a vlan that one pc in one department shouldn’t be able to get access in other vlan?

Is this a new question?

Is that router in your diagram configured to do router on a stick?

Where or on what did you configure the “switchport Trunk vlan allowed except command” -- if you don't post configs (and your network addressing) we can only guess at what you're doing.

solnsusie

mikej412 wrote: »

This was your original question.


Is this a new question?

Is that router in your diagram configured to do router on a stick?

Where or on what did you configure the “switchport Trunk vlan allowed except command” -- if you don't post configs (and your network addressing) we can only guess at what you're doing.

sorry, i will post all of this tomorrow,
thanks

CodeBlox

The interface on the switch that connects to the router should be configured with

switchport mode trunk

also, you'll want to use sub-interfaces on the router. And the type of encapsulation would be 802.1q on the routers sub-interfaces. There should be a sub-interface for each vlan including the native vlan with IP addresses on each.


Here is an example of router on a stick I just made that will allow for the type of inter-vlan communication you were wanting. It's a packet tracer file. So if you don't have that, sorry.

[URL]http://www.mediafire.com/?s3h8k2k9xq33kcw[/URL]

solnsusie

CodeBlox wrote: »

The interface on the switch that connects to the router should be configured with

switchport mode trunk

also, you'll want to use sub-interfaces on the router. And the type of encapsulation would be 802.1q on the routers sub-interfaces. There should be a sub-interface for each vlan including the native vlan with IP addresses on each.


Here is an example of router on a stick I just made that will allow for the type of inter-vlan communication you were wanting. It's a packet tracer file. So if you don't have that, sorry.

[URL="http://www.mediafire.com/?s3h8k2k9xq33kcw"]rtr_on_stick.pkt[/URL]

please check out all the configurations, and let me know what you think about it,

IRONMONKUS

solnsusie wrote: »

hi
I set up on Packet tracer a network with 1 router, 3 switches, 6 pc's, 2 pc's connected to each switch, (see image,) every switch has access to 2 different vlans, (every vlan is named, so you can understand the image,) so here is my question, when I ping let’s say from switch S5 to pc Accounting on Switch Switch3 which Accounting is in a different vlan then any vlan on Switch S5 the ping is not going trough, since it’s in a different vlan, but when I ping from the PC Shipping on S5 to PC accounting on Switch Switch3 the ping is working,
so basically my question is as follows: why is the ping from the switches not going from one vlan to another, and the ping from the pc’s, is going trough, even its different vlans,

The ping from shipping on S5 is going through to account on Switch3, because you have sub-interfaces setup on the router to route between the different vlans and you are allowing that vlan traffic on your trunks.

The S5 switch is working as a layer 2 device that does not know how to route an IP address, so your pings are not going through. To get the ping to work, you have to setup a sub-interface on the router to route vlan1 traffic and then set an ip default-gateway on S5 to point to the IP of the sub-interface you just created on the router to route vlan1 traffic.

Also, I don't think you need IPs set on every switch for every VLAN (Just VLAN1 for management purposes). Though, I would change the IPs for VLAN1 on S4 and S5, because they are the same and should be different for management purposes. IPs set for your VLANs would be used on a L3 switch to do your routing between VLANs instead of the Router-On-A-Stick method you are using.

solnsusie

IRONMONKUS wrote: »

The ping from shipping on S5 is going through to account on Switch3, because you have sub-interfaces setup on the router to route between the different vlans and you are allowing that vlan traffic on your trunks.

The S5 switch is working as a layer 2 device that does not know how to route an IP address, so your pings are not going through. To get the ping to work, you have to setup a sub-interface on the router to route vlan1 traffic and then set an ip default-gateway on S5 to point to the IP of the sub-interface you just created on the router to route vlan1 traffic.

Also, I don't think you need IPs set on every switch for every VLAN (Just VLAN1 for management purposes). Though, I would change the IPs for VLAN1 on S4 and S5, because they are the same and should be different for management purposes. IPs set for your VLANs would be used on a L3 switch to do your routing between VLANs instead of the Router-On-A-Stick method you are using.

thanks for your help!
isn’t the purpose from vlans to block "pc's" in one vlan from entering into another vlan? so if it is like you just said that the reason the pc can go through is because it uses ip routing, and the switches cant is because they are only layer 2 devices, how do you set up vlans? I don’t see where and what information I’m missing, on the pc, or on the switch, or on both, can you please clarify it for me, I think that I set up this network beautiful,

and

IRONMONKUS wrote: »

The ping from shipping on S5 is going through to account on Switch3, because you have sub-interfaces setup on the router to route between the different vlans and you are allowing that vlan traffic on your trunks.

the interfaces connecting directly to the pc's are not trunk link’s, they are access links, so how can one pc in one vlan enter-ping to another pc in another vlan,
but let me ask, maybe the ping command isnt the right way how to test vlans in a network, what I mean to say is, that when you can ping a host, doesn’t mean that I have access to that host-data-server in that vlan, so if this is right, how can I test my network in Packet Tracer if the vlans are working properly?

thanks agin for your reply

solnsusie

CodeBlox wrote: »

The interface on the switch that connects to the router should be configured with

switchport mode trunk

also, you'll want to use sub-interfaces on the router. And the type of encapsulation would be 802.1q on the routers sub-interfaces. There should be a sub-interface for each vlan including the native vlan with IP addresses on each.


Here is an example of router on a stick I just made that will allow for the type of inter-vlan communication you were wanting. It's a packet tracer file. So if you don't have that, sorry.

[url=http://www.mediafire.com/?s3h8k2k9xq33kcw]rtr_on_stick.pkt[/url]

sorry, i cant open this link, its blocked by my firewall, any other options?

hasitha257

solnsusie, Have you tried using the same config but on a high end Cat Switch ? may be a 3500 series?

Edit: Have you set the default GW on the PCs as the 2960Switches ? or the router ?

solnsusie

thanks to all for trying to help me!

as I see now (which answers my original question), that without a router I can ping from one pc only to a pc in the same vlan, but with the router I could ping to every pc in any vlan, so now im asking? so what is the purpose of vlans when using a router, if the router lets you pass from one vlan to another what is the purpose of vlans???

Chris:/*

solnsusie wrote: »

thanks for your help!
isn’t the purpose from vlans to block "pc's" in one vlan from entering into another vlan?

No a VLAN's purpose is traffic control not traffic blocking.

hasitha257

solnsusie wrote: »

thanks to all for trying to help me!

as I see now (which answers my original question), that without a router I can ping from one pc only to a pc in the same vlan, but with the router I could ping to every pc in any vlan, so now im asking? so what is the purpose of vlans when using a router, if the router lets you pass from one vlan to another what is the purpose of vlans???

Role of VLANS and router :

:- VLANS segments your network by breaking up the broadcast domains

:- You need a router even when you have VLANs because you need a Layer 3 device for Inter VLAN communication

:- You don't need a router if you define SVI interfaces ( like you did) on the switches.

1. I did simulate your lab ( using same configs you uploaded) I wasn't able to ping from host to host in same VLAN

2. You defined SVI interfaces on each switch but routing ( Layer 3) wasn't enabled , proof is do a "sh ip route" ( this might be a limitation on Packet Tracer's simulation software )

3. S4 and S5 have same IP 192.168.1.1 for SVI VLAN 1

4. I replaced the 2960 Cat Switches with a 3550 (I think) and the configurations were working ( host to host in same VLAN and different VLANs) and you can remove the 2620XM router as its not serving any purpose.

mikej412

hasitha257 wrote: »

you can remove the 2620XM router as its not serving any purpose.

It's doing Router On A Stick -- which is a CCNA topic.

Layer 3 switches are mentioned, but not tested (or configured) in the CCNA -- at least not in the current version of the CCNA (but hopefully in the next update/upgrade).