Re: Non-Routed VLAN

bizsnatch · ‎01-03-2005

I have a couple of buildings located remotely that I am wanting to secure.

If I put the buildings in non-routed vlans, how will they access Internet resources?

There are servers in those buildings that people on the internet need access to, will putting them into non-routed VLANs make this impossible?

How will they talk to other networks?

thanks,

biz

Georg Pauwen · ‎01-03-2005

Hello,

for any external connection, you need layer 3 connectivity. Without a default gateway, the clients in the VLANs cannot talk to anything but devices in the same VLANs.

So I guess the simple answer to your question is that non-routed VLANs do not allow communication with other networks...

Regards,

GP

bizsnatch · ‎01-03-2005

If they have default gateways, then they are not "non routed VLANs" - correct?

The workstations would need to access servers in other states and resources on the Internet; some resources are ours and some are not.

The servers in the outlying buildings need to be accessed by the Internet community too.

So, they probably won't be a non routed VLAN, since they need outside connectivity. Correct?

thanks,

biz

Kevin Dorrell · ‎01-04-2005

That is correct. If a VLAN is not routed, then by definition it has no external connectivity. It is the router that can provide connectivity in and out of the VLAN.

Kevin Dorrell

Luxembourg

bizsnatch · ‎01-04-2005

If it is a non routed VLAN, how will a router provide connectivity in and out of the VLAN?

Doesn't it have to be a routed VLAN in order for the router to work?

paddyxdoyle · ‎01-04-2005

A non routed VLAN won't have a router interface that's a member of that VLAN i.e. has an IP address within the VLAN range. So basically a router won't provide connectivity into or out of the VLAN unless you configure it will a corresponding IP address from that VLAN.

Why not have a default gateway i.e. VLAN interface

Stick an access-list on the VLAN interface permiting only traffic from specific hosts access to the internet and the servers you mentioned and only allowing either established traffic back into the VLAN or perhaps you could look at using reflexive access-lists.

If you want to hide your VLAN addressing scheme from the rest of your network you could use NAT

HTH

PD

bizsnatch · ‎01-04-2005

So, if I have a non routed VLAN, will the workstations be able to access the Internet and will the Internet be able to access the servers on the non routed VLAN?

thanks,

biz

Kevin Dorrell · ‎01-04-2005

No.

lauranbowen · ‎01-04-2023

They will not talk to other networks, unless you connect a routable vlan to a server, router or switch that can do Layer 3 connectivity. A non routable vlan is basically a closed loop within your network.

Joseph W. Doherty · ‎01-05-2023

Already answered by others - but to recap . . .

"If I put the buildings in non-routed vlans, how will they access Internet resources?"

They cannot.

"There are servers in those buildings that people on the internet need access to, will putting them into non-routed VLANs make this impossible?"

Yes.

"How will they talk to other networks?"

They cannot.

"I have a couple of buildings located remotely that I am wanting to secure."

There are many way to "secure" a network, and creating a non-routable VLAN would be near the top of the list (but not the top - as VLANs, often, share a device with other VLANs/networks), so a non-routable VLAN is basically an all-or-nothing approach.

There are other ways to secure your network while providing "controlled" access, going to it and/or going from it.