cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1793
Views
15
Helpful
9
Replies

Hi, I have a question about vlans

Eli Levi
Level 1
Level 1

 

Hi, I need to know if it is possible to have PC2 and PC5 in the same vlan?.

The switches are not directly connected but connected through the router as shown in the topology.

Someone, please help.

Thank you.

 

vlans.PNG

4 Accepted Solutions

Accepted Solutions

Hi @Eli Levi ,

 

Yes, but these parameters must be met:

-The port of the switch that connects the PCs must be associated with VLAN 10.

-The port that connects the switch to the router must be in trunk mode.

-The both  router port must have configured subinterface .10 and be encapsulated with tag 10.

-The networks configured in both subinterfaces must be different, even if they are tagging with the same VLAN.

 

Regards

View solution in original post

Hi @Eli Levi ,

 

Can you make it with ACLs

 

Try with this:

access-list 10 permit 192.168.1.0.0.0.0.255

access-list 20 permit 192.168.2.0.0.0.0.255

access-list 30 permit 192.168.3.0.0.0.0.255

 

interface fa1/0.10

ip access-group 10 out

interface fa1/0.20

ip access-group 20 out

interface fa1/0.30

ip access-group 30 out

 

Remember to mark the correct answers as solved, since that helps other users with similar doubts

 

Regards

 

View solution in original post

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

Yes, it is possible to keep VLAN 10 in both networks but as you are using a router then you can't assign the same subnet on both interfaces. 

 

Option 1:

Keep VLAN 10 in both networks and keep subnet different.

Option2:

Keep A L3 switch between both Networks and Extend VLAN 10 using the Switch only. Means It will treat as Single Network. Then you can keep single subnet and VLAN also. Means Switch will as Core and Router will work for Edge device.

Option3:

Make subinterfaces on the router and VLAN 10 subinterface keep in the Bridge Group. It will allow you to share the same subnet in both networks.

 

 

Regards,

Deepak Kumar

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

Joseph W. Doherty
Hall of Fame
Hall of Fame
You mean where PC2 and PC5 are truly in the same broadcast domain? If so, yes, if you "bridge" VLAN 10 through your router. Otherwise (and by default), no. (NB: BTW, I'm unsure current Cisco routers still support the bridging feature. An alternative would be to use an integral switching module within the router. Another alternative might be to use a L2 tunnel.)

If you mean where PC2 and PC5 are in VLAN 10 on their respective switches? If so, also yes, but although each PC would be in "a" VLAN 10, it's not the same physical VLAN. I.e. they would not be in the same broadcast domain. They could intercommunicate if each VLAN 10 was in a different network and the router and switches were configured correctly. (In this situation, the actual VLAN number being used doesn't matter.)

View solution in original post

9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

Yes VLAN are Locally Significant for that Brocast Domain / Network.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

would the end devices be able to communicate in this topology example? 

Hi @Eli Levi ,

 

Yes, but these parameters must be met:

-The port of the switch that connects the PCs must be associated with VLAN 10.

-The port that connects the switch to the router must be in trunk mode.

-The both  router port must have configured subinterface .10 and be encapsulated with tag 10.

-The networks configured in both subinterfaces must be different, even if they are tagging with the same VLAN.

 

Regards

Hi,

Every end device in the topology can ping every other end device but I want the PC's to be able to ping only if they are in the same VLAN. how can I do that?    G0/1 on both switches in trunk mode.

 

Please help. Thank you.

 

 

topo.PNG
S1 sh run.PNG
S1 sh v.PNGS2 sh run.PNGS2 sh vlan.PNGR0 sh run.PNG

Hi @Eli Levi ,

 

Can you make it with ACLs

 

Try with this:

access-list 10 permit 192.168.1.0.0.0.0.255

access-list 20 permit 192.168.2.0.0.0.0.255

access-list 30 permit 192.168.3.0.0.0.0.255

 

interface fa1/0.10

ip access-group 10 out

interface fa1/0.20

ip access-group 20 out

interface fa1/0.30

ip access-group 30 out

 

Remember to mark the correct answers as solved, since that helps other users with similar doubts

 

Regards

 

Hi,

This will depend on your configuration. You can have both devices in the same vlan 10 but the subnet for vlan 10 is different.

Vlan 10 on sw0 could be 192.168.1.0/24 and vlan 10 on sw1 could be 192.168.2.0/24. The router would then route between the two networks. The router in this case is segmenting vlan 10 into two networks.

 

 

Thanks

John

**Please rate posts you find helpful**

Would that end device in same vlan communicate each other ? yes, only if they are in different network range.

 

Is this real schenario or you testing the Lab ?

 

1. In real network, most of the L2 network extended across network to retain same network and same L2 domain, for that most case L2L vpn.

2. Another option in the same campus extend the same VLAN.

 

 

it would be nice to know us for your use case to understand better.

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

Yes, it is possible to keep VLAN 10 in both networks but as you are using a router then you can't assign the same subnet on both interfaces. 

 

Option 1:

Keep VLAN 10 in both networks and keep subnet different.

Option2:

Keep A L3 switch between both Networks and Extend VLAN 10 using the Switch only. Means It will treat as Single Network. Then you can keep single subnet and VLAN also. Means Switch will as Core and Router will work for Edge device.

Option3:

Make subinterfaces on the router and VLAN 10 subinterface keep in the Bridge Group. It will allow you to share the same subnet in both networks.

 

 

Regards,

Deepak Kumar

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Joseph W. Doherty
Hall of Fame
Hall of Fame
You mean where PC2 and PC5 are truly in the same broadcast domain? If so, yes, if you "bridge" VLAN 10 through your router. Otherwise (and by default), no. (NB: BTW, I'm unsure current Cisco routers still support the bridging feature. An alternative would be to use an integral switching module within the router. Another alternative might be to use a L2 tunnel.)

If you mean where PC2 and PC5 are in VLAN 10 on their respective switches? If so, also yes, but although each PC would be in "a" VLAN 10, it's not the same physical VLAN. I.e. they would not be in the same broadcast domain. They could intercommunicate if each VLAN 10 was in a different network and the router and switches were configured correctly. (In this situation, the actual VLAN number being used doesn't matter.)
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco