Solved: Hi, I have a question about vlans

Eli Levi · ‎03-17-2019

Hi, I need to know if it is possible to have PC2 and PC5 in the same vlan?.

The switches are not directly connected but connected through the router as shown in the topology.

Someone, please help.

Thank you.

luis_cordova · ‎03-17-2019

Hi @Eli Levi ,

Yes, but these parameters must be met:

-The port of the switch that connects the PCs must be associated with VLAN 10.

-The port that connects the switch to the router must be in trunk mode.

-The both router port must have configured subinterface .10 and be encapsulated with tag 10.

-The networks configured in both subinterfaces must be different, even if they are tagging with the same VLAN.

Regards

View solution in original post

luis_cordova · ‎03-17-2019

Hi @Eli Levi ,

Can you make it with ACLs

Try with this:

access-list 10 permit 192.168.1.0.0.0.0.255

access-list 20 permit 192.168.2.0.0.0.0.255

access-list 30 permit 192.168.3.0.0.0.0.255

interface fa1/0.10

ip access-group 10 out

interface fa1/0.20

ip access-group 20 out

interface fa1/0.30

ip access-group 30 out

Remember to mark the correct answers as solved, since that helps other users with similar doubts

Regards

View solution in original post

Deepak Kumar · ‎03-17-2019

Hi,

Yes, it is possible to keep VLAN 10 in both networks but as you are using a router then you can't assign the same subnet on both interfaces.

Option 1:

Keep VLAN 10 in both networks and keep subnet different.

Option2:

Keep A L3 switch between both Networks and Extend VLAN 10 using the Switch only. Means It will treat as Single Network. Then you can keep single subnet and VLAN also. Means Switch will as Core and Router will work for Edge device.

Option3:

Make subinterfaces on the router and VLAN 10 subinterface keep in the Bridge Group. It will allow you to share the same subnet in both networks.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

Joseph W. Doherty · ‎03-18-2019

You mean where PC2 and PC5 are truly in the same broadcast domain? If so, yes, if you "bridge" VLAN 10 through your router. Otherwise (and by default), no. (NB: BTW, I'm unsure current Cisco routers still support the bridging feature. An alternative would be to use an integral switching module within the router. Another alternative might be to use a L2 tunnel.)

If you mean where PC2 and PC5 are in VLAN 10 on their respective switches? If so, also yes, but although each PC would be in "a" VLAN 10, it's not the same physical VLAN. I.e. they would not be in the same broadcast domain. They could intercommunicate if each VLAN 10 was in a different network and the router and switches were configured correctly. (In this situation, the actual VLAN number being used doesn't matter.)

View solution in original post

balaji.bandi · ‎03-17-2019

Yes VLAN are Locally Significant for that Brocast Domain / Network.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Eli Levi · ‎03-17-2019

would the end devices be able to communicate in this topology example?

luis_cordova · ‎03-17-2019

Hi @Eli Levi ,

Yes, but these parameters must be met:

-The port of the switch that connects the PCs must be associated with VLAN 10.

-The port that connects the switch to the router must be in trunk mode.

-The both router port must have configured subinterface .10 and be encapsulated with tag 10.

-The networks configured in both subinterfaces must be different, even if they are tagging with the same VLAN.

Regards

Eli Levi · ‎03-17-2019

Hi,

Every end device in the topology can ping every other end device but I want the PC's to be able to ping only if they are in the same VLAN. how can I do that? G0/1 on both switches in trunk mode.

Please help. Thank you.

luis_cordova · ‎03-17-2019

Hi @Eli Levi ,

Can you make it with ACLs

Try with this:

access-list 10 permit 192.168.1.0.0.0.0.255

access-list 20 permit 192.168.2.0.0.0.0.255

access-list 30 permit 192.168.3.0.0.0.0.255

interface fa1/0.10

ip access-group 10 out

interface fa1/0.20

ip access-group 20 out

interface fa1/0.30

ip access-group 30 out

Remember to mark the correct answers as solved, since that helps other users with similar doubts

Regards

johnd2310 · ‎03-17-2019

Hi,

This will depend on your configuration. You can have both devices in the same vlan 10 but the subnet for vlan 10 is different.

Vlan 10 on sw0 could be 192.168.1.0/24 and vlan 10 on sw1 could be 192.168.2.0/24. The router would then route between the two networks. The router in this case is segmenting vlan 10 into two networks.

Thanks

John

**Please rate posts you find helpful**

balaji.bandi · ‎03-18-2019

Would that end device in same vlan communicate each other ? yes, only if they are in different network range.

Is this real schenario or you testing the Lab ?

1. In real network, most of the L2 network extended across network to retain same network and same L2 domain, for that most case L2L vpn.

2. Another option in the same campus extend the same VLAN.

it would be nice to know us for your use case to understand better.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Deepak Kumar · ‎03-17-2019

Hi,

Yes, it is possible to keep VLAN 10 in both networks but as you are using a router then you can't assign the same subnet on both interfaces.

Option 1:

Keep VLAN 10 in both networks and keep subnet different.

Option2:

Keep A L3 switch between both Networks and Extend VLAN 10 using the Switch only. Means It will treat as Single Network. Then you can keep single subnet and VLAN also. Means Switch will as Core and Router will work for Edge device.

Option3:

Make subinterfaces on the router and VLAN 10 subinterface keep in the Bridge Group. It will allow you to share the same subnet in both networks.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Joseph W. Doherty · ‎03-18-2019

You mean where PC2 and PC5 are truly in the same broadcast domain? If so, yes, if you "bridge" VLAN 10 through your router. Otherwise (and by default), no. (NB: BTW, I'm unsure current Cisco routers still support the bridging feature. An alternative would be to use an integral switching module within the router. Another alternative might be to use a L2 tunnel.)

If you mean where PC2 and PC5 are in VLAN 10 on their respective switches? If so, also yes, but although each PC would be in "a" VLAN 10, it's not the same physical VLAN. I.e. they would not be in the same broadcast domain. They could intercommunicate if each VLAN 10 was in a different network and the router and switches were configured correctly. (In this situation, the actual VLAN number being used doesn't matter.)