Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
892
Views
3
Helpful
4
Replies

VLAN Explanation

rtwwpad
Level 1
Level 1

‎05-02-2004 06:14 AM - edited ‎03-02-2019 03:24 PM

Hi all

Been reading too much documentation and my brain has fried. Looking for clarification on VLANS.

As I understood them, VLANS allowed me to have for example 3 switches and 1 router. Normally each interface on the router has to be in a different IP subnet. Hence all 3 switches had to be in its own unique subnet. However with VLANS and VLAN aware switches I can have 3 subnets and distribute them over all 3 switches. I then place the relevant ports into the relevant vlan and hey presto the router sorts it all out for me.

What is confusing me is the DHCP aspects of this. If I assume that each person who connects into a port wants to be in the marketing VLAN, great, the broadcast is contained in VLAN M and the DHCP server in VLAN M responds with a IP address. What if its a sales user who wants to use the port though. How do I ensure I get them to the sales VLAN S? From what I am reading I can't if I am using DHCP. I would have to manually configure a MAC address with a VTP server to make sure that the user went to the right VLAN. (assume the port is in empty middle ground where exec's from sales and marketing just come in and plug in to start work)

Am I right in assuming that each VLAN has to have its own subnet range of addresses but that these ip addresses in the subnet can be arranged around the world. So I could have a user in UK on 10.10.10.2 and a user in France on 10.10.10.3 and they would be on teh same VLAN? Or is it that they stay on seperate IP sunets but the VLAN makes a new subnet?

advice, i thought i used to understand these but now I am not so sure. Too much reading seems to be bad for me.

None of the documentation makes reference to IP and VLANS in the same breath.

thanks

phil

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎05-02-2004 07:49 AM

Hello Phil,

I think you got it exactly right. A VLAN can be spread across different switches, which in turn can be in different (geographical) locations. A VLAN follows the same concept as a LAN, meaning that its address space is limited by a specific subnet. In your example, 10.10.10.2 and 10.10.10.3 hosts would be in the same VLAN.

If you want a user to be dynamically assigned to a specific VLAN, regardless of which port the user connects to, you can use a feature called VMPS (VLAN Membership Policy Server).

With VLAN Membership Policy Server (VMPS), you can assign switch ports to VLANs dynamically, based on the source MAC address of the device connected to the port. When you move a host from a port on one switch in the network to a port on another switch in the network, the switch dynamically assigns the new port to the proper VLAN for that host.

DHCP will indeed only get an address to the user from the address space assigned to the VLAN...

HTH,

Georg

rtwwpad
Level 1
Level 1
In response to Georg Pauwen

‎05-02-2004 09:32 AM

Hi George,

Thanks for the response. It seems to me that you are right, the only way to do what I asked is by VMPS or possibly URT.

Just having trouble with the concept. People talk about making a campus network conform to the ADC model and then talk about single VLAN's per floor and then putting the servers in their own VLANS elsewhere and it doesn't really seem to be right to me. Whats the point? Why not simply keep everything on seperate subnets if the servers are going to sit in a seperate vlan. (I'm talking about Ciscos CCIE Lan Switching book, Chapter 17 in particular.)

I can see the point of VLANS if the users in that VLAN need to access a server themselves and only for themselves but if they want to access general servers only then I do not see much point to it.

I need to go and have a think about it but I suppose by my reckoning, VLAN's are only important if you have resources which should be restricted to certain areas of the network. i.e. marketing and accounts both sit on 3rd floor. No-one but accounts can get to the payroll server. So put the payroll server and the accounts team in their own VLAN. If the accounts manager sits on floor 4 we can make him part of the same vlan as well. If there is no accounts server though then there is no need for the vlan. It just seems like pointless partioning.

Hmmmmm....need to go and have a good think. Any comments/pointers welcome.

phil

0 Helpful

notcreative
Level 1
Level 1
In response to rtwwpad

‎05-05-2004 11:51 AM

Phil,

Don't get too confused with VLANs v. LANs. Just think of them as one and the same. The V only comes in to play by letting us run seperate networks on the same devices. Some environments don't have a need for more than one LAN therefor VLANs aren't needed either. It's a good rule of thumb to segment off your servers from the general office population. you can use a seperate set of switches and run a seperate network that is connected via router/firewall to the users or you can use the same switch that is VLAN aware and use layer3 routing engines to get between them. I guess the point I'm trying to make is don't let the V in the VLAN get you stirred up. It's just another LAN so treat it as such. If your environment doesn't need multiple LAN's (small office for example) then you don't need VLAN either.

David

0 Helpful

nitemite
Level 1
Level 1
In response to notcreative

‎05-11-2004 10:40 AM

Hi Phil-

To elaborate on David's explanation.

You also mentioned that you had some confusion about DHCP being in the mix. Remember DHCP is handled by a SERVER on the network, and the IP addresses are given out from a pool or what is known as a DHCP SCOPE (range of available/assignable addresses). Without taking this post to subnetting /addressing reply, just remember that unless you had manually assigned addresses (Static IP Addresses) for your computers; then they will normally receive their IP address from a DHCP SERVER. Also, typically where ever your Servers reside there are either router(s) or some layer 3 switching[David mentioned already ;-)] that handles the gateway(passing of layer 3 information [packets]) between VLANS(virtually created networks that reside on a local area network[LAN]. In another example you seemed confused by the marketing vlan being able to communicate with sales. You can never talk to another vlan without being routed to it (a router handles this) or having the same VLAN TAG/ID (802.1q tag-meaning belonging to that VLAN). Lastly, "Let's say that you only wanted a user with address 10.0.16.45 to communicated directly with a user at address 10.0.17.50, their would need to be a gateway(Router) in order for that to happen and a access list created for them on the router or layer 3 switch!

Hope this helps as well as the other post ;-)

Have a great day!

Don Patterson

Network Analyst

dpatterson@verizonmail.com

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card