Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
393
Views
0
Helpful
3
Replies

Subnets within VLAN

Devildoc007
Level 4
Level 4

‎04-07-2005 05:20 PM - edited ‎03-02-2019 10:24 PM

Can anyone tell me if it is possible to subnet a VLAN? Is there such a thing as a subnetted VLAN?

Let say i have 10 vendors who need to have their presence on my network for my users. Each one of them have a direct link (T1 or Frame Relay) to my network. I don't want to set up one VLAN for each vendor because then i would have 10 different VLANs for all of them. Since each vendor only needs 2 or 3 ip addresses for their host devices (router and servers), is there a way to put them all in the same VLAN but at the same time subnet them apart from each other so that one vendor does not have access to other vendors. I also want to isolate each vendor's broadcasts so that broadcasts from one vendor do no show up in other vendor's subnet.

The only way i know how to do this is via VLANs. However, i don't want to create so many VLANs that i was just wondering if there is anther way to accomplish this task.

For example, if i create a VLAN with 24 bits (say 10.1.1.0 /24) and place all my vendors into that VLAN but subnet them out so that each vendor would have only 6 hosts for their subnets by creating 10 contiguous subnets of 29 bits and assigning each of them a subnet. In this way, broadcasts are contained within each subnet and my other VLANs can still communicate with these vendors hosts because to them, these hosts are just on one subnet.

Will this work? Does anyone know? Any answer is greatly appreciated. Thanks.

J.

Labels:
0 Helpful
3 Replies 3

sandjose
Cisco Employee
Cisco Employee

‎04-07-2005 11:31 PM

You can have a Glimpse on qand q tuneeling in which multiple 802.1q headers gets injected in the packet .

this may be a partial soloution to your problem .

-Sandeep

0 Helpful

Kevin Dorrell
Level 10
Level 10

‎04-08-2005 01:09 AM

It sounds like what you need is Private VLANs or protected ports. I've never used them yet myself, but here are some documents I found for you in the TAC:

http://www.cisco.com/en/US/tech/tk389/tk814/tk841/tsd_technology_support_sub-protocol_home.html

http://www.cisco.com/en/US/tech/tk389/tk814/tk840/tsd_technology_support_sub-protocol_home.html

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml

http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a00800e47e2.html

http://www.cisco.com/en/US/products/hw/switches/ps637/products_configuration_guide_chapter09186a008007f242.html

I think the idea is that if you define the access port of each of your vendors as a protected port, then they cannot get at each other, but they can get at promiscuous ports, and they can get routed through the inter-VLAN routing.

Sorry I'm a bit hazy on it, but you will have to do some digging to find out exactly how to do it.

Kevin Dorrell

Luxembourg

0 Helpful

ankurbhasin
Level 9
Level 9
In response to Kevin Dorrell

‎04-08-2005 05:09 AM

Hi,

Private vlan be the best option but as you are already having different subnets for different vendors than already the broadcast will not be propagated to any other vendor or no one will be able to talk to each other if you do not do the routing at your end.

So when you are alredy handling 10 different subnets in your network then no harm in having 10 vlans in your network. This is what I think otherwise the best option will be private vlan.

HTH

Ankur

0 Helpful
Customers Also Viewed These Support Documents