Options
VLAN question
outrunred
Banned Posts: 30 ■■□□□□□□□□
in CCNA & CCENT
Hi.
I'm now studying for the second part - ICND2
and whilst the subject of VLANs is not unfamiliar to me, there is something I'd like to have cleared up if anyone can answer.
It is said that VLANs are like putting a machine onto a seperate subnet, yes, I get that....but in the CBT nuggets videos that I'm watching now it demonstrates configuring each VLAN client in it's own subnet. i.e. VLAN 10 devices might be on subnet 192.168.10.0 and VLAN 20 devices might be on subnet 192.168.20.0 etc.
Can I ask, is it necessary to be on different subnets? the switch isn't acting at layer 3 so why would it matter what subnet a device is on. For example is it not possible to have all machines in any VLAN on the same subnet, i.e VLAN 10 and VLAN 20 devices all configured with subnet 192.168.1.0?????
If you're following the router on a stick method, so setting up a trunk from the switch to a router, you wouldn't even need to create sub interfaces on the router would you? because they're on the same subnet, wouldn't the router just tag traffic say from VLAN 10 device to VLAN 20 device with that VLAN ID?
Have I gone insane, I'm sure this is how the VLANs at work, work? we only have a handful in the whole organisation and I'm sure we don't have to place each VLAN on a seperate subnet.
sorry for long quesiton for something I'm sure can be cleared up in a few words.
cheers.
I'm now studying for the second part - ICND2
and whilst the subject of VLANs is not unfamiliar to me, there is something I'd like to have cleared up if anyone can answer.
It is said that VLANs are like putting a machine onto a seperate subnet, yes, I get that....but in the CBT nuggets videos that I'm watching now it demonstrates configuring each VLAN client in it's own subnet. i.e. VLAN 10 devices might be on subnet 192.168.10.0 and VLAN 20 devices might be on subnet 192.168.20.0 etc.
Can I ask, is it necessary to be on different subnets? the switch isn't acting at layer 3 so why would it matter what subnet a device is on. For example is it not possible to have all machines in any VLAN on the same subnet, i.e VLAN 10 and VLAN 20 devices all configured with subnet 192.168.1.0?????
If you're following the router on a stick method, so setting up a trunk from the switch to a router, you wouldn't even need to create sub interfaces on the router would you? because they're on the same subnet, wouldn't the router just tag traffic say from VLAN 10 device to VLAN 20 device with that VLAN ID?
Have I gone insane, I'm sure this is how the VLANs at work, work? we only have a handful in the whole organisation and I'm sure we don't have to place each VLAN on a seperate subnet.
sorry for long quesiton for something I'm sure can be cleared up in a few words.
cheers.
Comments
-
Optionsbermovick Member Posts: 1,135 ■■■■□□□□□□I'm just a little past studying vlans so everything below is probably wrong, so wait for better answers -- but my thoughts on this is - if all the vlans are on the same subnet, what's the point of having the vlans at all? Even if it would work (and I'm pretty sure it wouldn't), it would just add needless complexity to your network. Keep in mind too that vlans work at the data-link layer, so if they were in the same subnet, there'd be no need for a router to transfer them. The switch would be able to strip the old tag and apply the new tag.
If it's for permissions that'll be handled with access lists (what I'm studying currently and you will shortly).Latest Completed: CISSP
Current goal: Dunno -
Optionsnetworker050184 Mod Posts: 11,962 ModIf you're following the router on a stick method, so setting up a trunk from the switch to a router, you wouldn't even need to create sub interfaces on the router would you? because they're on the same subnet, wouldn't the router just tag traffic say from VLAN 10 device to VLAN 20 device with that VLAN ID?
How would the router know what VLAN to put on the outgoing frames? The point of creating the sub interfaces with an encapsulation is so that it know which tag to put on the frames and which subinterface they belong to when they arrive. The router will not let you overlap address on the subinterfaces (well, not without some more complex configuration outside of the scope of the CCNA).
You can technically have every VLAN on the same subnet. When you start tying to route the traffic is where you will start running into issues.An expert is a man who has made all the mistakes which can be made. -
Optionsjohnwest43 Member Posts: 294to pass frames from 1 vlan to the next with a layer 2 switch you have to have a router. The router has to have a sub interface for every vlan it comunicates with. Now you can use private vlans (not covered in the CCNA) and have the hosts seperated but still on the same subnet. Hope this helps.CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014
-
Optionsoutrunred Banned Posts: 30 ■■□□□□□□□□Hi.
Thanks for replying.
think I see your point.
But there'd still be a need for VLAN's as it would stop the broadcasts.
I get what you mean about the switch being able to do the switching of the tags...I guess you're right on that one...
I disagree about adding extra complexity...I mean keeping everything on one subnet is far easier to administer I would think
I'm just trying to get my head round that concept I guess.... going to have to look at work tomorrow see for sure what we do....funny thing is, I thought I was ok on the subject of VLANs
cheers -
Optionsnotgoing2fail Member Posts: 1,138Well there are more reasons for VLAN's than what's given to you at the ICND2 level.
One thing you hadn't brought up was broadcasts. That alone is one of the major reasons for subnetting your networks. Cisco's recommendation is about 500 hosts per network.
So you in a large enterprise environment, that would be killer for you if you had more than 500 hosts per subnet.
There's also security, you'll start to get into VLAN access maps as well which is different from PVLAN's.
Hope that helps somewhat??? -
Optionsoutrunred Banned Posts: 30 ■■□□□□□□□□Cheers everyone.......
ok - got it.... just got to the bit about the sub interfaces and the encapsulation...
think i've got it
and...I've just remembered the scenario at work....pretty sure they're on the same subnet, it's just not required to route between VLANS...but I'll check that.
ok, think it makes sense now....hmmm does it?...yeah, pretty sure
well unless there's a way to say to the router that the fa 0/0 int. for example was part of every VLAN? guess that's not possible.
ok...I'm done...
cheers again guys -
Optionsnotgoing2fail Member Posts: 1,138well unless there's a way to say to the router that the fa 0/0 int. for example was part of every VLAN? guess that's not possible.
That's a good question. Technically it is a trunk port so it does have access to all the vlan's.
It's your sub-interfaces that are applied to individual vlan's...
This is something I'd need to put a little more thought into.... -
Optionsoutrunred Banned Posts: 30 ■■□□□□□□□□haha....see, it's easy to throw yourself off isn't it....even with something you're certain you know fairly well.....
I mean as far as the exam goes, sure...even without understanding it I'd use the concept of seperate subnets...but that's not how I wanna pass...I want a perfect understanding of why...
so thanks again peeps....
guess it's STP next...something I'm supposed to be already familiar with....watch me ask a stupid question on this tomorrow
-
Optionsnetworker050184 Mod Posts: 11,962 ModWhen the switch sends the frames out of a trunk port they will have a VLAN tag. Unless the router is configured to process those tagged frames (with encapsulated sub interfaces) the router will not know what to do with them. The same thing would happen in the other direction. If the router didn't know which tag to put on them the switch will not be able to associate them with the correct VLAN.An expert is a man who has made all the mistakes which can be made.
-
Optionsphoeneous Member Posts: 2,333 ■■■■■■■□□□I disagree about adding extra complexity...I mean keeping everything on one subnet is far easier to administer I would think
How many hosts do you have on a /8 network compared to a /24? Which one do you think is easier to manage? Think broadcasts. -
Optionsnotgoing2fail Member Posts: 1,138haha....see, it's easy to throw yourself off isn't it....even with something you're certain you know fairly well.....
I mean as far as the exam goes, sure...even without understanding it I'd use the concept of seperate subnets...but that's not how I wanna pass...I want a perfect understanding of why...
so thanks again peeps....
guess it's STP next...something I'm supposed to be already familiar with....watch me ask a stupid question on this tomorrow
Well I've said it many times here, passing an exam doesn't really mean you know the topic and I've been honest about that with myself since the beginning.
All it does is means you were prepared to study the topics to what the exam covered.
You do not want to understand VLAN's 1000% if you are just starting out because there's way too much to understand.
What I do is study the topics well enough to pass the exams, and then find time to go back and go deeper into the topics.
There are BOOKS on STP alone...do yo want to read all of them before taking your CCNA?
-
Optionsbermovick Member Posts: 1,135 ■■■■□□□□□□This is what I like about these forums; really good conversations going on.
Regarding needing a router still even if the vlans are on the same subnet - would you really? I mean the router is dealing with the layer 3 packet, so it doesn't really know which vlan the data is for; only what IP address it needs to go out on. That doesn't seem necessary if both vlans are in the same subnet. I'm not even sure you can assign a subinterface to the same subnet as another (sub)interface.
R1(config-if)#int e0/0.99
R1(config-subif)#encapsulation dot1Q 99
R1(config-subif)#ip address 192.168.1.54 255.255.255.0
192.168.1.0 overlaps with Ethernet0/0
So I still think the switch itself would be the device responsible for removing the vlan tag and applying a new one if the 2 vlans were in the same subnet. I'm just not sure if switches are capable of doing such a thing.Latest Completed: CISSP
Current goal: Dunno -
Optionsnetworker050184 Mod Posts: 11,962 ModI mean the router is dealing with the layer 3 packet, so it doesn't really know which vlan the data is for; only what IP address it needs to go out on.
That is not true. The router needs to know the L2 information to send the frame back to the switch. If the router did not specifically tag the VLAN the switch would not know which VLAN the incoming frame belonged to.An expert is a man who has made all the mistakes which can be made. -
Optionsbermovick Member Posts: 1,135 ■■■■□□□□□□That's a good point; I even entered it in my example above with the 2nd line. I never thought that the router would alter the layer 2 information, but it would have to so the switch knows what the 'new' vlan is when it gets it back from the router.Latest Completed: CISSP
Current goal: Dunno -
Optionsnotgoing2fail Member Posts: 1,138I'm not even sure you can assign a subinterface to the same subnet as another (sub)interface.
I don't think you can.
The router will complain about ip addressing overlap....
Is that what you meant? -
Optionsphoeneous Member Posts: 2,333 ■■■■■■■□□□That's a good point; I even entered it in my example above with the 2nd line. I never thought that the router would alter the layer 2 information, but it would have to so the switch knows what the 'new' vlan is when it gets it back from the router.
Have you studied vtp yet? Just curious. -
Optionsbermovick Member Posts: 1,135 ■■■■□□□□□□I've done the CBTNuggets portion of it, but haven't done Odom's.
If I read Odom's first, it's just too much new information, and too in-depth for me to be able to grasp much if any of it. Watching CBTNuggets let's me get 'the gist of it', so that when I open up Odom's book I have some idea what he's talking about and am more comfortable with the material.Latest Completed: CISSP
Current goal: Dunno -
Optionsalan2308 Member Posts: 1,854 ■■■■■■■■□□networker050184 wrote: »That is not true. The router needs to know the L2 information to send the frame back to the switch. If the router did not specifically tag the VLAN the switch would not know which VLAN the incoming frame belonged to.
The native VLAN's frames are untagged. So the switch would have to assume EVERY incoming frame belongs to the native VLAN if the router wasn't tagging them. -
Optionsnotgoing2fail Member Posts: 1,138I've done the CBTNuggets portion of it, but haven't done Odom's.
If I read Odom's first, it's just too much new information, and too in-depth for me to be able to grasp much if any of it. Watching CBTNuggets let's me get 'the gist of it', so that when I open up Odom's book I have some idea what he's talking about and am more comfortable with the material.
That is a good idea. I try to go CBTNuggets as well. Wendell is the man, but he can really go in depth that you simply know won't be on the exam.
-
Optionsthehourman Member Posts: 723notgoing2fail wrote: »That is a good idea. I try to go CBTNuggets as well. Wendell is the man, but he can really go in depth that you simply know won't be on the exam.
The only complain that I have is sometimes it gets boring, and feels dry, but his books are awesome.
I am glad that I bought his books. I also like Todd Lammle's Book because it is straight to the point. I am using Todd's book for review, but my main book is Odom's.Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold -
Optionsalan2308 Member Posts: 1,854 ■■■■■■■■□□thehourman wrote: »Yep, I am starting to like his books, because he always explain what exactly the things are. He wants us to understand the concept not just knowing it.
The only complain that I have is sometimes it gets boring, and feels dry, but his books are awesome.
I am glad that I bought his books. I also like Todd Lammle's Book because it is straight to the point. I am using Todd's book for review, but my main book is Odom's.
This is the same way that I did it. I had no illusion of taking Wendell's book all in the first time through, but after reading through them both, nothing that I have encountered was completely new.
I also really like Wendell's blog. He seems like a great guy who genuinely cares about people. Lammle's blog and forum seem more like a non-stop sales pitch. -
Optionsnotgoing2fail Member Posts: 1,138thehourman wrote: »Yep, I am starting to like his books, because he always explain what exactly the things are. He wants us to understand the concept not just knowing it.
The only complain that I have is sometimes it gets boring, and feels dry, but his books are awesome.
I am glad that I bought his books. I also like Todd Lammle's Book because it is straight to the point. I am using Todd's book for review, but my main book is Odom's.
He's good, but dry. But he's too good not to read his books, no matter how dry. He's just one of those guys that really knows his stuff and anything else like jokes or comic timing, just isn't his thing. And that's ok.This is the same way that I did it. I had no illusion of taking Wendell's book all in the first time through, but after reading through them both, nothing that I have encountered was completely new.
I also really like Wendell's blog. He seems like a great guy who genuinely cares about people. Lammle's blog and forum seem more like a non-stop sales pitch.
You know Lammle posted here awhile back, about a couple month's ago. And then never came back. I was curious if it was really him, it seemed like it was though.
I've never seen his blog site, I've enjoyed two of his books so he is pretty good but one thing that irks me the most are authors or individuals who have blogs but never communicate back with their own community. -
Optionsthehourman Member Posts: 723This is the same way that I did it. I had no illusion of taking Wendell's book all in the first time through, but after reading through them both, nothing that I have encountered was completely new.
I also really like Wendell's blog. He seems like a great guy who genuinely cares about people. Lammle's blog and forum seem more like a non-stop sales pitch.
I am following Odom's and Bryant's blog. These two look like they really do care about people. Chris Bryant has a youtube channel where he post some clips about Cisco, explain stuff, some short advice, and many good stuff.
Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold -
Optionsalan2308 Member Posts: 1,854 ■■■■■■■■□□notgoing2fail wrote: »
You know Lammle posted here awhile back, about a couple month's ago. And then never came back. I was curious if it was really him, it seemed like it was though.
Yea, he has 3 posts here, pitching his book and pitching his video. -
Optionsoutrunred Banned Posts: 30 ■■□□□□□□□□I need to get hold of Odems book.... I have only a few training resources....
But the CBT nuggets are the best ever.....does anyone ever listen them on 'fast' mode? I thought his voice was funny before, but on fast it's brilliant -
Optionsfly351 Member Posts: 360I need to get hold of Odems book.... I have only a few training resources....
But the CBT nuggets are the best ever.....does anyone ever listen them on 'fast' mode? I thought his voice was funny before, but on fast it's brilliant
Lol yes I have, simply because he rambles sometimes and goes a bit slow at other times. But also a 40 minute video on setting a basic router config is better in 20 minutes.CCNP :study: -
Optionsmegatran808 Member Posts: 53 ■■■□□□□□□□Hi.
I'm now studying for the second part - ICND2
and whilst the subject of VLANs is not unfamiliar to me, there is something I'd like to have cleared up if anyone can answer.
It is said that VLANs are like putting a machine onto a seperate subnet, yes, I get that....but in the CBT nuggets videos that I'm watching now it demonstrates configuring each VLAN client in it's own subnet. i.e. VLAN 10 devices might be on subnet 192.168.10.0 and VLAN 20 devices might be on subnet 192.168.20.0 etc.
Can I ask, is it necessary to be on different subnets? the switch isn't acting at layer 3 so why would it matter what subnet a device is on. For example is it not possible to have all machines in any VLAN on the same subnet, i.e VLAN 10 and VLAN 20 devices all configured with subnet 192.168.1.0?????
If you're following the router on a stick method, so setting up a trunk from the switch to a router, you wouldn't even need to create sub interfaces on the router would you? because they're on the same subnet, wouldn't the router just tag traffic say from VLAN 10 device to VLAN 20 device with that VLAN ID?
Have I gone insane, I'm sure this is how the VLANs at work, work? we only have a handful in the whole organisation and I'm sure we don't have to place each VLAN on a seperate subnet.
sorry for long quesiton for something I'm sure can be cleared up in a few words.
cheers.
Different VLANs has to be on different subnets/networks.
Think of VLANs as splitting up the One Switch into 2 different switches, I'll just call it LAN 10 and LAN 20. Switch1 (LAN10) on the 192.168.10.0/24 network and Switch2 (LAN20) 192.168.20.0/24. Two separated LANs on two different physical switches. If you put everyone on a 192.168.1.0/24 network then it would have to be on the same LAN/Switch.
But with VLANs you can eliminate the need to on have 2 physical switches. Assign half the port on VLAN10 and the other on VLAN20 or however ports you need to be in each network.
Now back to the two different switches. To get LAN10 to talk to LAN20 you would need Router/Layer 3 device in between to allow you to talk to the different networks.
Lets say on Router we have Fastethernet Ports 1 and 2. You can assign LAN10 (192.168.10.1/24) to FastEther 1 and (192.168.20.1/24) to FastEther 2.
But to eliminate the waste of using 2 fast ether ports on the router. We can assign a Sub interface for FastEther1. That would take us into the topic of router on a stick.
I hope I didn't confuse you. This was the best way I could explain it in a nutshell."Love your Job, but never fall in love with your company....because you never know when your company stops loving you!" -
Optionsoutrunred Banned Posts: 30 ■■□□□□□□□□No Confusion, not at all.
I guess what I was struggling with, was the 'need' for the router to route VLANs...not the concept of them....I understood what was being said...but I think my main issue at time of post was why did it 'need' the router to do this, why did the VLANs have to be on seperate subnets....
But I get it now. If we're talking about a switch (being layer 2), of course if it could send traffic over to the other VLAN without going through a router then I guess it would also send broadcasts, completely defeating one of the main reasons for it's existance....something needs bridge the vlans together and a router does that, by routing....and of course they need to be on seperate subnets for this that's how routing works....and then of course it appends the little vlan tag as it routes out of it's sub interface....
It's all clear now.... but I'm sure many of you can understand that questioning why when VLANs are a layer 2 technology, does a router need to get involved....but to get out of it's VLAN onto another VLAN it needs Layer 3, which needs a router, which needs sub interfaces....all ties together beautifully.... -
Optionsnotgoing2fail Member Posts: 1,138No Confusion, not at all.
I guess what I was struggling with, was the 'need' for the router to route VLANs...not the concept of them....I understood what was being said...but I think my main issue at time of post was why did it 'need' the router to do this, why did the VLANs have to be on seperate subnets....
But I get it now. If we're talking about a switch (being layer 2), of course if it could send traffic over to the other VLAN without going through a router then I guess it would also send broadcasts, completely defeating one of the main reasons for it's existance....something needs bridge the vlans together and a router does that, by routing....and of course they need to be on seperate subnets for this that's how routing works....and then of course it appends the little vlan tag as it routes out of it's sub interface....
It's all clear now.... but I'm sure many of you can understand that questioning why when VLANs are a layer 2 technology, does a router need to get involved....but to get out of it's VLAN onto another VLAN it needs Layer 3, which needs a router, which needs sub interfaces....all ties together beautifully....
Unless you're a little mischievous and do some vlan hopping....but that's for another topic... -
Optionsoutrunred Banned Posts: 30 ■■□□□□□□□□oh man, don't be throwing that sort of stuff out there.......