Switching & VLANS Question

Hi, im abit confused about LAN switching, vlans and default gateways.. I'll try to explain beyond.

I have the toplogy you see above setup in a physical lab. The switch in the middel is the core, and the three others are access layer switches. On all four switches i have created the following vlans and named them:

VLAN 10 (GROUP10)
VLAN 20 (GROUP20)
VLAN 50 (SERVERS)

Now here is where i get confused.. I'm not really sure if every switch in my LAN segment needs to have an IP configured for all vlans. I use VLAN 1 for management, so the core has 192.168.1.1, and the other three switches 192.168.1.(2/3/4). On the access layer switches i set the ip default-gateway to 192.168.1.1 and boom it works perfect. I can now ping between all three switches. So i thought to myself, i wanna try and get the router to play along, so i created a new vlan 99 on the core switch and gave it the ip 10.1.1.2 /30 and assigned GigabitEthernet 0/1 to this vlan. Then i gave the GigabitEthernet0/1 interface on the router the ip address 10.1.1.1 /30 and made a static default route on the core switch like this: ip route 0.0.0.0 0.0.0.0 10.1.1.1 - Everything works smooth. I can now ping the router aswell. Here is where the chain falls.. Do i need to do the exact same thing with vlan 10,20 and 50? Lets say vlan 10 and 20 has the following ip address on the core switch 172.10.1.1 /24 and 172.20.1.1 /24 - Do i need to assign addresses in this range to all access layer switches?
I mean technically it should be able to function layer 2 wise, but how do the respective vlan know its default gateway? Vlan 10 172.10.1.5 won't be able to use the vlan 1 ip default-gateway of 192.168.1.1 which obviously makes sence..

So what i'm really asking is how do i seperate my LAN into different vlans to seperate the end users while they still need to be able to reach the rest of the network and the router?

topology.png

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

ram1101

no, the switches dont need an ip for each vlan as long as they have the vlan on their DB. But if you want the switches to talk to the router you will need an interface on the router for each vlan or use router on stick and trunking so that the router would be part of all athe vlans and can route as needed.
switches dont route traffic unless of course u have a L3 switch. Right now the router can only communicate with the vlan and subnet you assign for its interface.

nb-

What do people do in a real world scenario when you have different vlans with end users who all needs access to the internet? I know by fact that router on a stick is hardly ever used.. How would i route all traffic from all vlans to the router and out to the internet?

As an example imagine you're on a school. I want Administrative people on one vlan, and students on another vlan, but everyone sits on the same switch but in different ports obviously. Both vlans needs traffic to go to the core switch, and from the core switch to the router, and from the router to the internet.

How would i go about with that? Thats what i thought ip route 0.0.0.0 0.0.0.0 10.1.1.1 did.. Dosen't that mean route all traffic towards 10.1.1.1?

mikeybinec

nb- wrote: »

What do people do in a real world scenario when you have different vlans with end users who all needs access to the internet? I know by fact that router on a stick is hardly ever used.. How would i route all traffic from all vlans to the router and out to the internet?

As an example imagine you're on a school. I want Administrative people on one vlan, and students on another vlan, but everyone sits on the same switch but in different ports obviously. Both vlans needs traffic to go to the core switch, and from the core switch to the router, and from the router to the internet.

How would i go about with that? Thats what i thought ip route 0.0.0.0 0.0.0.0 10.1.1.1 did.. Dosen't that mean route all traffic towards 10.1.1.1?

ip default-gateway 10.1.1.1 x.x.x.x I didnt see your topology, but I assume this is the address on the router.. The default gateway goes on each switch

cpartin

I think you're getting confused by the fact your core switch is a L3 switch. This means it's capable of doing some routing, and can have ip addresses on multiple SVIs (int vlan XX). Whereas your access switches are pure L2 devices, they only care about mac addresses and vlan tags. They do have an IP address and default gateway assigned but that's intended for management traffic only. They act like an end host in that respect.

Thats what i thought ip route 0.0.0.0 0.0.0.0 10.1.1.1 did.. Dosen't that mean route all traffic towards 10.1.1.1?

Yes, but traffic takes the best route in the routing table. Traffic headed from vlan 10 to vlan 20 would not take your default route as there is a better route (same AD, but more specific) available. Below is what the routing table on your core switch would look like.

Gateway of last resort is 10.1.1.1 to network 0.0.0.0

     172.10.0.0/24 is subnetted, 1 subnets
C       172.10.1.0 is directly connected, Vlan10
     172.20.0.0/24 is subnetted, 1 subnets
C       172.20.1.0 is directly connected, Vlan20
     10.0.0.0/30 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, Vlan99
S*   0.0.0.0/0 [1/0] via 10.1.1.1