VLANs and Default Gateways

Tricon7Tricon7 Inactive Imported Users Posts: 238
I'm creating three VLANs and I have three hosts. I have two switches connected to each other and switch 1 connects to a router (on a stick), which in turn connects to another router. My problem - which I know is basic but which confuses me - is remembering what IP to give the default gateways on each host. I have the VLANs divied up and addressed according to how many hosts I need (I'm using a basic private class C network). I get all this mixed up with what IP to give each switch, and where that falls into the IPs I've already handed out. (I'm also supposed to be configuring 802.1Q, but I don't want to muddy the water right now).

Can someone clarify things a bit for me? Thanks.

Comments

  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    okay so don't worry about that other router that is directly connected to your "inter-vlan" router.
    So on the "inter-vlan" router, you should put an IP on the physical interface like this:

    int fa0/0
    ip address 192.168.1.1 255.255.255.0
    encap dot1q 1 native

    ( i don;t think the Native keyword is mandatory in this case because dot1q knows it is native by default, but for learning purposes i like to do it)

    Now you will give your switches a VLAN1 interface IP of anything in the
    192.168.1.2 - 192.168.1.254 range. Also include ip default-gateway 192.168.1.1 on the switch and also note that any host in vlan1 will have this ip as their DG as well.

    int vlan1
    ip address 192.168.1.2 255.255.255.0
    no shut
    exit
    ip default-gateway 192.168.1.1

    Now, with your other hosts that are conected to the other VLANS, you need to give them the
    default gateway address which is the Router's subinterface IP.

    so on the router if you did
    int fa0/0.2
    ip address 172.16.1.1 255.255.255.0
    encap dot1q 2

    EVERY HOST that is in VLAN2 will need a default gateway address of 172.16.1.1.

    This goes for the two other vlans you have as well but their DG will be a different IP, it would be whatever IP you set on the router's other subinterfaces.

    So lets say you have 3 subinterfaces configured and the physical interface as well. you would then have 4 default gateways IP's ALL IN DIFFERENT SUBNETS.
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Keep in mind that when you place an IP address on the switch you put it on a "vlan interface" that is "interface vlan #". Now the nubr determines what VLAN the interface belongs to so if you were using:
    Interface vlan 2
     ip address a.b.c.d 255.255.255.0
    

    Then the IP address would need to be a valid host address on vlan 2 and your default gateway would become the IP address you assigned to the subinterface on vlan 2 of the router.
    The only easy day was yesterday!
  • Tricon7Tricon7 Inactive Imported Users Posts: 238
    Ok, I've created four VLANs:

    VLAN 1 - 6 hosts
    VLAN 2 - 20 hosts
    VLAN 3 - 80 hosts
    VLAN 4 - 2 hosts (my WAN connection)

    I'm using 192.168.1.0 as my network, so, using VLSM:

    VLAN 3 - 192.168.1.0 - 192.168.1.127
    VLAN 2 - 192.168.1.128 - 192.168.1.159
    VLAN 1 - 192.168.1.160 - 192.168.1.167
    VLAN 4 - 192.168.1.168 - 192.168.1.171 (WAN link)

    So VLAN 1 has six usable host addresses for switches connected to the router. My question is, what if I only had, say, three usable addresses and I had four switches? How would that work out? If the switch's IP is the IP of its VLAN 1, and VLAN 1 in my network only has a few usable IP addresses, then I can't add any more switches since I'd be out of usable host addresses? Is the switch's IP always whatever is assigned to the defalt (administrative) VLAN 1?This is the part that confuses me.

    I was also told that if I'm connecting to the router-on-a-stick, then the fa 0/0 on the router connected to the switch shouldn't have an IP; it will only have subinterfaces (in my case, the IP of the first usable IP address on each network). You're saying this isn't so?
  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    I don;t think that would ever happen. I mean most LANS use private addressing. But that is a good question. Could you have some switch's VLAN interface in one subnet and other switch's VLAN interface in another subnet. You could probably do it, you would just have to give the switches a different default gateways. So if you did run out of IP's in some given subnet, you could give the switches that need VLAN interface IP's an IP from another subnet. Then just give that switch the according default gateway for that subnet.

    Also can you provide the masks you are using for those ranges?
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
  • Tricon7Tricon7 Inactive Imported Users Posts: 238
    Netstudent wrote:
    I don;t think that would ever happen. I mean most LANS use private addressing. But that is a good question. Could you have some switch's VLAN interface in one subnet and other switch's VLAN interface in another subnet. You could probably do it, you would just have to give the switches a different default gateways. So if you did run out of IP's in some given subnet, you could give the switches that need VLAN interface IP's an IP from another subnet. Then just give that switch the according default gateway for that subnet.

    Also can you provide the masks you are using for those ranges?

    Sorry.

    VLAN1 - /29
    VLAN2 - /27
    VLAN3 - /25 (80 hosts needed, hence I borrowed only one bit for the network)
    VLAN4 - /30
  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    thats a nice little VLSM scheme..good job
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    Tricon7 wrote:
    I was also told that if I'm connecting to the router-on-a-stick, then the fa 0/0 on the router connected to the switch shouldn't have an IP; it will only have subinterfaces (in my case, the IP of the first usable IP address on each network). You're saying this isn't so?

    there is more than 1 way to skin a cat is what I have learned. I have heard people say not to waste a subinterface for the native vlan. I don't really think it matters. The router sees each subinterface as a separate interface anyways.

    Some people here that have their CCNA(edthelad) hinted to use a physical interface. I just take the little hints and clues that I pick up from people who have taken cisco exams. I'm pretty sure both ways will create successful inter-vlan routing, so both ways "should" be acceptable on the exam. NOT 100% sure on what exacly is acceptable on the exam though.
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    I've always learned for inter vlan routing you leave the physical interface with no ip address but obviously make sure it has the no shut command on it. I always make the switch management IP address and default gateway on the same subnet as the Native VLAN on the router config.

    The way I'd lab it out going on your addressing scheme is as follows:

    On router
    FA sub-if 0.1 corresponds to VLAN 1 192.168.1.160 /29 on switch 1 & 2
    ip address - 192..168.1.161

    FA sub if 0.2 corresponds to VLAN 2
    ip address 192.168.1.129 255.255.255.224

    FA sub if 0.3 corresponds to VLAN 3
    ip address 192.168.1.1 255.255.255.128

    FA sub if 0.2 corresponds to VLAN 4


    Switch 1
    int vlan 1
    ip address 192.168.1.162 255.255.255.248
    ip default-gateway 192.168.1.161

    assign ports to VLAN 2, 3 and 4

    Switch 2
    int vlan 1
    ip address 192.168.1.163 255.255.255.248
    ip default-gateway 192.168.1.161
    assign ports to VLAN 2, 3 and 4

    Then your host addressing goes on from there for example the next usable host in VLAN 2 is 192.168.1.130 and you would assign this to a PC with s/m of 255.255.255.224 and default gateway of 192.168.1.129

    I hope the above makes sense and I've not made any typos......correct me if i have :D
  • Tricon7Tricon7 Inactive Imported Users Posts: 238
    malcybood wrote:
    I've always learned for inter vlan routing you leave the physical interface with no ip address but obviously make sure it has the no shut command on it. I always make the switch management IP address and default gateway on the same subnet as the Native VLAN on the router config.

    The way I'd lab it out going on your addressing scheme is as follows:

    On router
    FA sub-if 0.1 corresponds to VLAN 1 192.168.1.160 /29 on switch 1 & 2
    ip address - 192..168.1.161

    FA sub if 0.2 corresponds to VLAN 2
    ip address 192.168.1.129 255.255.255.224

    FA sub if 0.3 corresponds to VLAN 3
    ip address 192.168.1.1 255.255.255.128

    FA sub if 0.2 corresponds to VLAN 4


    Switch 1
    int vlan 1
    ip address 192.168.1.162 255.255.255.248
    ip default-gateway 192.168.1.161

    assign ports to VLAN 2, 3 and 4

    Switch 2
    int vlan 1
    ip address 192.168.1.163 255.255.255.248
    ip default-gateway 192.168.1.161
    assign ports to VLAN 2, 3 and 4

    Then your host addressing goes on from there for example the next usable host in VLAN 2 is 192.168.1.130 and you would assign this to a PC with s/m of 255.255.255.224 and default gateway of 192.168.1.129

    I hope the above makes sense and I've not made any typos......correct me if i have :D

    Ok, I followed most of this. I noticed that you have both switches on the same subnet. At least in dealing with a router-on-a-stick, is this usually the case, whether it's two or five switches?

    Also, the whole I-have-to-figure-out-this-entire-network scheme knocks me in the head and my brain just sits there, fibrillating and doing nothing. I need to do things in a particular order, and I have a feeling that I'm getting something out of order.

    Here's what I've ground out as far as what order I think things should be in to work the best:

    1. Discover what hardware I have
    2. How many networks do I need?
    3. Decide how many hosts will be on each network/VLAN and VLSM it
    4. Decide which hosts will be on which VLAN
    5. Assign an IP/mask/default gateway on each host, according to the network address range of
    the network/VLAN it belongs to
    6. The IP of VLAN 1 is a switch's IP, so assign a different IP for each switch from network/VLAN 1
    7. Assign sub-interfaces on the router; example:
    Sub-interface 1 is the IP of the first usable host in VLAN 1
    Sub-interface 2 is the IP of the first usable host in VLAN 2
    Etc.
    [Note - these will be the IP addresses of the default gateway belonging to its respective host]
    8. Assign ports to the VLANs
    9. Configure trunks on switches
    10. Details
  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    What helped me was constant subnetting practice and thought, plus taking things one step at a time. I did this until I found a way that worked for me and I could remember. Just keep at it until you get a "rhythm" if you will. Do it untill you are breezing through the configs and you can disect all the show commands and their meaning. And then your very close, i think!
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    Tricon7 wrote:
    Ok, I followed most of this. I noticed that you have both switches on the same subnet. At least in dealing with a router-on-a-stick, is this usually the case, whether it's two or five switches?

    Yes you are correct, for router on a stick or if you want to manage any switch you have to have the switches on a common subnet the same as your default gateway (in this case 192.168.1.160 /24icon_cool.gif wether it is 2 or 5 switches on the same stack. Therefore you have to account for the number of switches that will be implemented on the stack when deciding on your addressing scheme.

    Remember the switches all have to go to the same place (router) to ask for directions as layer 2 switches can't do it themselves, so if they all have to go to the same default gateway, they all have to be on the same subnet to communicate with that gateway....then the inter-VLAN routing 802.1Q encapsulation and config on the router takes care of any routing between different subnets/VLANS.

    If you were routing traffic to a different router (as mentioned in your earlier post) then forget the intervlan routing, this is where a routing protocol would take over such as RIP, IGRP, EIGRP or OSPF which would have to be configured on both routers. I'm sure you know that but just trying to paint the picture and clear any confusion.

    Does this help?
  • Tricon7Tricon7 Inactive Imported Users Posts: 238
    One other niggling question I need answered - if I, say, have two switches connected to a router on a stick, I'll have both switches on the same subnet - VLAN 1 - and they'll have different IPs. Ok, if I have three hosts connected to the switches and they're on VLAN 2, VLAN 3, and VLAN 4 respectively, all the hosts will have a different default gateway than what's on the switches, right? The host default gateway has to belong to the VLAN networking range it belongs to, correct?
  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    Tricon7 wrote:
    One other niggling question I need answered - if I, say, have two switches connected to a router on a stick, I'll have both switches on the same subnet - VLAN 1 - and they'll have different IPs. Ok, if I have three hosts connected to the switches and they're on VLAN 2, VLAN 3, and VLAN 4 respectively, all the hosts will have a different default gateway than what's on the switches, right? The host default gateway has to belong to the VLAN networking range it belongs to, correct?

    Tricon, you got it.......

    If you plug a host into switch port 2 on switch 2 and you have manually assigned that port to VLAN 2 with the switchport access vlan 2 command going on the addressing scheme you gave the host on vlan 2 will have the following setup in Windows TCP/IP properties - notice the default gw is the vlan "router on a stick" sub-if address:

    ip address 192.168.1.130
    subnet mask 255.255.255.224
    default gateway 192.168.1.129

    For VLAN 3 an example would be:

    ip address 192.168.1.50 (random)
    subnet mask 255.255.255.128
    default gateway 192.168.1.1

    For a port you have not specifically assigned to a VLAN group, this will remain in VLAN 1, therefore a host plugged into this should probably have something like

    ip address 192.168.1.165
    subnet mask 255.255.255.248
    default gateway 192.168.1.161

    comprende?
  • Tricon7Tricon7 Inactive Imported Users Posts: 238
    Well, I took my final and I did ok, though I wasn't able to get the hosts to ping the distant ISP router icon_sad.gif My issue is, if you have a router-on-a-stick scenario and you aren't given the IPs of the switches, and the hosts are in VLANs two and three, how do you know what IP to assign to VLAN 1 or to the switches? That part threw me, since in my practice tests at least one host was in VLAN 1.
  • he-manhe-man Member Posts: 49 ■■□□□□□□□□
    Why is there even a need for a default gateway to be set on a switch/VLAN interface? Surely the only gateway that needs to be set is on the hosts sending data to a different subnet from its own?

    I have 2 switches with 4 VLANS accross them, none of these have dg set and hosts in the vlans can talk to each other without any trouble and they can get out to the rest of the network also?

    Cheers,
    Dan
  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    can you telnet into those switches Dan? I think the DG comand allows you to make an IP conection with the switch. Also the DG comand is set in global configuration mode, not VLAN interface mode. Even though it is a layer2 device, you still must give the switch the layer3 information to establish a Telnet session. Good Luck!

    Tricon, you can use any subnet for vlan 1. Just as long as the default gateway for the switch is in the same subnet as the vlan interface IP. If you are given access to the stick router, do a show run to see what ip's are set for each VLAN. Once you know what subnet is assigned to vlan1, then you know that the switches probably have a vlan int ip in that range.
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
Sign In or Register to comment.