nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

VLAN Question

sentimetal

As I finish the Cisco Net Acad course 3... I have one question left that I can't seem to find any answer in the materials for. I suppose I could ask my instructor, but I won't see them 'til next week so here it goes:

How the &*%k do VLANs know what their ip address range should be? I mean, if I assign all devices for VLAN 5 within the address range of 192.168.2.0/24, ideally they'll be able to communicate, but how do the switches within the VTP domain know that range belongs to that vlan? For example, if I were setting up access layer ports interfaces fa0/1-11 on VLAN 5 but accidentally gave fa0/6 an address of 192.168.3.6 instead of 2.6, he wouldn't be able to communicate with devices on that VLAN. So what exactly tells the switches in the domain "this is the address range you should use for this vlan" ?

Actually, the more I think about it, I can kind of make sense of it myself. Seeing as typical layer 2 switches don't associate with ip addressing, the VLANs segment the network logically along with layer 3 addressing assigned to devices. With or without VLANs segmenting the network, if I were assign a device an ip address outside the LANs subnet, it still wouldn't be able to communicate without the help of a layer 3 routing device.

For some reason I was thinking switches associated vlans with subnetwork ranges and that would be the reason a device wouldn't be able to communicate with other [properly addressed] devices on the same vlan.

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

drkat

sentimetal wrote: »

As I finish the Cisco Net Acad course 3... I have one question left that I can't seem to find any answer in the materials for. I suppose I could ask my instructor, but I won't see them 'til next week so here it goes:

How the &*%k do VLANs know what their ip address range should be? I mean, if I assign all devices for VLAN 5 within the address range of 192.168.2.0/24, ideally they'll be able to communicate, but how do the switches within the VTP domain know that range belongs to that vlan? For example, if I were setting up access layer ports interfaces fa0/1-11 on VLAN 5 but accidentally gave fa0/6 an address of 192.168.3.6 instead of 2.6, he wouldn't be able to communicate with devices on that VLAN. So what exactly tells the switches in the domain "this is the address range you should use for this vlan" ?

Let me see if I can clear this up for you

Since a VLAN is layer 2 segmenting - the IP address is irrelevant. Layer 3 addressing only comes into play when doing inter-vlan routing right? so given this example:

You assigned switchports 1-11 in VLAN 5 on your layer 2 switch
- When hosts in vlan 5 try to communicate they obviously can only communicate within vlan 5
- so in the case of assigning switchport fa0/6 an IP address thats in VLAN 5 but the port isnt - since vlans operate only at layer 2 the frame would never forward. get it?

Try this:

R1 has router on a stick configured for vlan 5 and vlan 6
vlan 5 is fa0/1.5 and is assigned ip address 192.168.1.0/24
vlan 6 is fa0/1.6 and is assigned ip address 192.168.2.0/24

so we have a trunk from fa0/1 down to say fa0/24 of your layer 2 switch. In this scenario hosts in vlan 5 and communicate with vlan 6 and so forth.

Say we assigned a host in vlan 6 with 192.168.1.10 and it tried talking to 192.168.1.5 - the frame would never be forwarded because the arp is unanswered since vlan 5 cant see the arp. 192.168.1.10 wont arp for it's default gateway since they're on the same network.

EDIT:
Sorry for not being clear.

I'm assuming you configured the host in vlan 6 with 192.168.1.10 and a default gateway of 192.168.1.1 - when it arps for 192.168.1.5 it wont get an answer back since 192.168.1.5 is in vlan 5 - the default gateway statement of mine was just for explanation - you can disregard. Basically what I was saying was since they're in the same subnet 192.168.1.10 wont ever ask 192.168.1.1 to route its packet.

Hope i cleared myself up.

SteveO86

VTP works at layer 2 not layer 3. VTP just propagates VLAN information numbers and names it does not send IP information. VTP messages will be sent and accepted by all switches within the same VTP domain. So you would have VLANs created on other switches but no IP Addressed assigned to them.

A few links about VTP from Cisco

Understanding VLAN Trunk Protocol (VTP) - Cisco Systems

Edit: This a good article concerning VTP
http://www.bitmindframes.info/vtp-vlan-trunking-protocol

sentimetal

SteveO86 wrote: »

VTP works at layer 2 not layer 3. VTP just propagates VLAN information numbers and names it does not send IP information. VTP messages will be sent and accepted by all switches within the same VTP domain. So you would have VLANs created on other switches but no IP Addressed assigned to them.

A few links about VTP from Cisco

Understanding VLAN Trunk Protocol (VTP) - Cisco Systems

Edit: This a good article concerning VTP
VTP VLAN trunking protocol | bitmindframes

I suppose I should be a lot more precise/accurate with my terminology. I do understand what VTP does, I think I incorrectly used it to describe a LAN with multiple VLANs, however.

@ drkat I do understand the problem in your router on a stick scenario. With: "192.168.1.10 wont arp for it's default gateway since they're on the same network." Are you saying the host won't successfully complete ARP or it won't attempt to receive its default gateway's address? I'm guessing the former, but your statment kind of confused me and made me wonder if I'm missing something.

drkat

Sorry for not being clear.

I'm assuming you configured the host in vlan 6 with 192.168.1.10 and a default gateway of 192.168.1.1 - when it arps for 192.168.1.5 it wont get an answer back since 192.168.1.5 is in vlan 5 - the default gateway statement of mine was just for explanation - you can disregard. Basically what I was saying was since they're in the same subnet 192.168.1.10 wont ever ask 192.168.1.1 to route its packet.

Hope i cleared myself up.

Zartanasaurus

I'm not 100% sure I understand your question, but I will try.

VLANs don't "know" what their IP address range is. When a frame comes into a switch, it knows what VLAN that port is associated with. So imagine one L2 switch and 2 hosts. The hosts are assigned IPs in the same subnet. The ports the hosts are assigned to are in different VLANs. You try to ping host B from host A. Host A broadcasts an ARP asking for the hwaddr of host B. Switch forwards the broadcast to ports assigned to the same VLAN as host A. Host B never sees the ARP, and the ping fails.

None of that had anything to do with knowledge of what subnet belongs in what VLAN. All the switch knows is that broadcasts from one VLAN don't go to other VLANs.

If the ports were configured correctly, the ARP would resolve and host A could send a ping that is ultimately addressed to the hwaddr of host B. When the ping hits the switch, it sends the frame to the port it has in the CAM table. And since host A thinks host B is in the same subnet (ANDing process), it doesn't send the ping to it's default gateway.

pham0329

How the &*%k do VLANs know what their ip address range should be? I mean, if I assign all devices for VLAN 5 within the address range of 192.168.2.0/24, ideally they'll be able to communicate, but how do the switches within the VTP domain know that range belongs to that vlan? For example, if I were setting up access layer ports interfaces fa0/1-11 on VLAN 5 but accidentally gave fa0/6 an address of 192.168.3.6 instead of 2.6, he wouldn't be able to communicate with devices on that VLAN. So what exactly tells the switches in the domain "this is the address range you should use for this vlan" ?

Assuming we're talking about a L2 switch, it doesn't look at the L3 headers. The switch makes forwarding decision based on the destination mac address/vlan ID, not by the IP address. The mac address and the VLAN id of each port is used as a unique identifier in its mac address table

In your example, if you accidentally assigned 192.168.3.6 to fa0/6, the traffic flow would look something like this

Host B on fa0/6 needs to send traffic to host A on fa0/1, which has an IP of 192.168.2.5
Host B compares its own IP (3.6) to Host A's IP (2.5) and realize it's on a different subnet
Host B will attempt to ARP for the DG. Assuming the DG was correctly assigned, meaning 192.168.2.x, Host B will not be able to communicate with anything

However, suppose Host B is sending some broadcast, when the switch gets it, it's going to associate Host B's mac to port fa0/6/Vlan 5, and forward the frame out all other port on VLAN 5. So, to summarize, if you incorrectly assign Host B to a different subnet, it will not be because of the switch that communication isn't happening, it's because of the end-device themselves.

drkat

What pham said... my response was to the scenario that you put the host on the same network but different vlan id -- the actual opposite of your question

my bad.. but hey atleast you got it from 2 angles.

night