10-04-2019 02:07 AM
This might be a very simple question but i really want to know the logical concept on how routers forward packets from vlan networks going to other regular notwork outside vlans.
While i do understand how two regular networks communicate via router, I unfortunately don't regarding vlan networks towards other regular networks.
Note: I am not talking about inter-vlan.
Solved! Go to Solution.
10-04-2019 03:42 AM
The first thing that should be clear is that the vlan works in layer 2, so the vlan tag does not pass through the routers.
Therefore, when working with router-on-a-stick(RoaS) it is necessary to encapsulate the packets in the subinterfaces with the corresponding vlan tag.
When packets leave the router to another network they do it without vlan tag.
So, packets reach other routers without vlan tag.
If the router's internal interface is encapsulated (RoaS), then the packet leaves the router with the vlan tag configured.
If it is not encapsulated (RoaS), then the packets comes out without vlan tag.
When this packet without a tag reaches a switch port in trunk mode, then the packet is taged with the tag of the native vlan.
If the packet reaches a switch port in access mode, then the packet is taged with the vlan tag configured on that port.
Regards
10-05-2019 01:54 AM
Hi,
I am not sure that I got your point correctly or not but trying to explain in simple words:
Your network is here:
VLAN1--(192.168.1.0/24)-----------
{ (Router GIG0/0) L3 Routing (Router GIG1/0 }----(Internet ISP)
VLAN 2--(192.168.2.0/24)----------
As here You want to access the Internet as 8.8.8.8 or 1.1.1.1 or www.google.com from the VLAN 1 and VLAN 2 then how will it work?
You are trying to PING 1.1.1.1 from the PC1 (VLAN 1) with IP 192.168.1.2 then here is a process:
1. As this destination address (1.1.1.1) is outside the subnet which is configured on the NIC so PC1 will check it's routing table and found a default gateway 192.168.1.1 (Router's IP) and will forward the packet to the 192.168.1.1.
2. The router receives the packet from the PC1 and remove Layer 2 header and also extract Layer 3 header and check for the Destination routing in the routing table:
3. The router didn't find any matching entry with 1.1.1.1 in the routing table then it will choose the default route to send a packet out.
4. Here, We know that For accessing the internet, we must receive a default route (You may also receive specific routes but I am talking on SMB connections where BGP is not given by ISP). from the ISP.
5. As we have to apply NAT form LAN to WAN because a Private IP address is not routable on the WAN.
6. Here, Router will Rewrite L3 and L2 header and forward it to the ISP (Default Gateway).
10-04-2019 02:37 AM
- They do that depending on their routing table and or forward packets to 'routing-gateways' ; they will in essence not have to bother with what happens to that packet when it has been forwarded to an appropriate gateway.
M.
10-04-2019 03:42 AM
The first thing that should be clear is that the vlan works in layer 2, so the vlan tag does not pass through the routers.
Therefore, when working with router-on-a-stick(RoaS) it is necessary to encapsulate the packets in the subinterfaces with the corresponding vlan tag.
When packets leave the router to another network they do it without vlan tag.
So, packets reach other routers without vlan tag.
If the router's internal interface is encapsulated (RoaS), then the packet leaves the router with the vlan tag configured.
If it is not encapsulated (RoaS), then the packets comes out without vlan tag.
When this packet without a tag reaches a switch port in trunk mode, then the packet is taged with the tag of the native vlan.
If the packet reaches a switch port in access mode, then the packet is taged with the vlan tag configured on that port.
Regards
10-04-2019 06:51 PM
Thank you so much, really appreciate this.
Yeah, i am fairly verse about the encapsulation.
for example, i have VLAN 10, 20 30, with an IP address of 172.16.10.1, 172.16.20.1, 172.16.30.1 respectively.
Then, i have an g0/0/1 internal interface from the router.
from encapsulation:
interface g0/0/1.10
encapsulation dot1q 10
ip address 172.16.10.1 255.255.255.0
.
.
.
interface g0/0/1.30
encapsulation dot1q 30
ip address 172.16.30.1 255.255.255.0
this is well and good, i can now access other vlans in the switch.
but my problem lies from what comes after that.
If i want to send packets outside of the vlan premises, how?
by assigning ip address on the g0/0/1 interface?
would that address be assign to the hosts as gateway to pass through the router?
pls bear with me and spare me some basic explanation as much as possible because more than the know-how, i really want to understand the thought of the process :(
10-05-2019 01:54 AM
Hi,
I am not sure that I got your point correctly or not but trying to explain in simple words:
Your network is here:
VLAN1--(192.168.1.0/24)-----------
{ (Router GIG0/0) L3 Routing (Router GIG1/0 }----(Internet ISP)
VLAN 2--(192.168.2.0/24)----------
As here You want to access the Internet as 8.8.8.8 or 1.1.1.1 or www.google.com from the VLAN 1 and VLAN 2 then how will it work?
You are trying to PING 1.1.1.1 from the PC1 (VLAN 1) with IP 192.168.1.2 then here is a process:
1. As this destination address (1.1.1.1) is outside the subnet which is configured on the NIC so PC1 will check it's routing table and found a default gateway 192.168.1.1 (Router's IP) and will forward the packet to the 192.168.1.1.
2. The router receives the packet from the PC1 and remove Layer 2 header and also extract Layer 3 header and check for the Destination routing in the routing table:
3. The router didn't find any matching entry with 1.1.1.1 in the routing table then it will choose the default route to send a packet out.
4. Here, We know that For accessing the internet, we must receive a default route (You may also receive specific routes but I am talking on SMB connections where BGP is not given by ISP). from the ISP.
5. As we have to apply NAT form LAN to WAN because a Private IP address is not routable on the WAN.
6. Here, Router will Rewrite L3 and L2 header and forward it to the ISP (Default Gateway).
10-11-2019 07:30 PM
Thank you very much and to all of you guys.
I now get it, I'm so dumb by over complicating it like someone mentioned above :(
I was just so confuse about the the term 'VLAN' that I'm treating it as something it isn't while all this time, it
is still a normal network that was separated logically.
So, what i did is that, from the switch, after creating a vlan, assigned a port to it and put an address to the interfaces, as well as making the port that link towards the router as trunk. I just assigned an IP from the router's interface that link towards the switch and made a sub interface to encapsulate the vlan addresses, which now allows InterVlan and for the vlans to be accessed from the outside and vice versa (Which was this all about).
I apologize for not really making sense :(
10-15-2019 09:52 AM
10-15-2019 05:06 PM
Can you tell me the major difference between L3 Switches & a Router and its advantages over the other. I'm well aware about these two, and as what I've read so far, Routing wise, router is still much much more capable than a L3 switch, although at some certain circumstances, L3 switch is so much more efficient because it can perform task from both L3 & L2.
10-18-2019 10:27 AM
10-05-2019 08:51 AM - edited 10-05-2019 08:56 AM
You are over complicating this.
Routers forward packets between subnets or to put it another way they forward packets between interfaces.
So there is fundamentally no difference between forwarding between what you call "regular" networks and "vlan" networks although as others have pointed out a vlan is a L2 concept not a L3 one ie. it is all just networks.
If you want to route packets to a remote destination then as long as your router has a route to that destination either a specific route or a default then it will work .
Jon
10-04-2019 09:05 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide