03-12-2018 02:43 AM - edited 03-05-2019 10:04 AM
Hi,
I was asked in an interview that two hosts connected through 2 cisco 2950 switches in different vlans should communicate each other without using layer 3 device and l3 switch. Is this possible?
Solved! Go to Solution.
03-12-2018 11:46 AM
VLAN hopping is not the only alternative that could allow two PCs to communicate even though they are connected in two different vlans. The key aspect of this is how the two switches are connected to each other. If we think about a topology like this:
PC1 is connected to SW1 on FastEther1/1 which is an access port in vlan 10
SW1 uses FastEther1/2 which is an access port in vlan 10 to connect to SW2
SW2 uses FastEther1/2 which is an access port in vlan 20 to connect to SW1
PC2 is connected to SW2 on FastEther1/1 which is an access port in vlan 20
So in this case PC1 can send an arp request, which is a broadcast, and it will be delivered to PC2. PC2 can respond to the arp request and the PCs will be able to communicate directly. Many people could argue that this is a mistake in configuration where the vlan mismatch occurs between the switches. I would agree that it is not normal and is not a good practice. But it does work. The important thing to understand is that when a switch sends a frame out an access port there is no vlan tagging. SW1 is sending a plain standard Ethernet frame to SW2. There is no way for SW2 to know that the frame originated in vlan 10. All SW2 knows is that it received a frame in vlan 20 and forwards the frame to a port in vlan 20.
If the switches had been connected by a trunk then frame tagging would occur and SW2 should know what was the originating vlan and could use that information in its forwarding decision. So when switches are connected by a trunk it should not be possible for the two PCs to communicate. (in a recent discussion one of my colleagues in the forum pointed out that if there is a mismatch in native vlan that it could still be possible for the two PCs to communicate when the switches are connected using trunk)
HTH
Rick
03-12-2018 02:44 AM
03-12-2018 02:53 AM
03-12-2018 02:52 AM
Hi,
If you ask this question as straightforward then my answer is no. But some articles as showing that it is possible but not tested in my lab.
Regards,
Deepak Kumar
03-12-2018 02:57 AM
03-12-2018 06:50 AM
I believe your security knowledge was being tested here. Communication between two VLAN's can occur via way of 'VLAN hopping', in that scenario.
Martin
03-12-2018 11:46 AM
VLAN hopping is not the only alternative that could allow two PCs to communicate even though they are connected in two different vlans. The key aspect of this is how the two switches are connected to each other. If we think about a topology like this:
PC1 is connected to SW1 on FastEther1/1 which is an access port in vlan 10
SW1 uses FastEther1/2 which is an access port in vlan 10 to connect to SW2
SW2 uses FastEther1/2 which is an access port in vlan 20 to connect to SW1
PC2 is connected to SW2 on FastEther1/1 which is an access port in vlan 20
So in this case PC1 can send an arp request, which is a broadcast, and it will be delivered to PC2. PC2 can respond to the arp request and the PCs will be able to communicate directly. Many people could argue that this is a mistake in configuration where the vlan mismatch occurs between the switches. I would agree that it is not normal and is not a good practice. But it does work. The important thing to understand is that when a switch sends a frame out an access port there is no vlan tagging. SW1 is sending a plain standard Ethernet frame to SW2. There is no way for SW2 to know that the frame originated in vlan 10. All SW2 knows is that it received a frame in vlan 20 and forwards the frame to a port in vlan 20.
If the switches had been connected by a trunk then frame tagging would occur and SW2 should know what was the originating vlan and could use that information in its forwarding decision. So when switches are connected by a trunk it should not be possible for the two PCs to communicate. (in a recent discussion one of my colleagues in the forum pointed out that if there is a mismatch in native vlan that it could still be possible for the two PCs to communicate when the switches are connected using trunk)
HTH
Rick
03-14-2018 12:21 AM
03-15-2018 08:29 AM
You are welcome. I am glad that you find our suggestions helpful. Thank you for marking this question as solved. This will help other readers in the forum to identify discussions that have helpful information. These forums are excellent places to ask questions and to learn more about networking. I hope to see you continue to be active in the forums.
HTH
Rick
09-07-2018 03:50 AM
Hi Richard,
thanks for the information.
I have a query on this, can you please let me know that what subnet you are using in vlan10 and vlan 20.
09-08-2018 09:33 AM
The IP addresses and subnets used are not particularly important in this issue. But if it helps you think about this with specific subnets then think of vlan 10 as 192.168.10.0 and vlan 20 as 192.168.20.0.
Rick
04-26-2020 11:53 PM - last edited on 04-16-2023 11:48 PM by Translator
But sir if I use
ip address:192.168.1.1 SM:255.255.245.0 in PC1 and ip add: 172.168.1.1 SM:255.255.0.0
in PC2 ie. Different subnet mask, communication between both PC's does not work. So how we can communicate both PC's in different subnet and different vlan in different L2 switches with each other without using any L3 device or L3 switch?
04-27-2020 07:24 AM - edited 04-27-2020 07:46 AM
The key element to get this to work is to manage to have PC1 arp for PC2. There are multiple ways you might that to happen and what works probably depends on the OS running the PCs. With the addresses and masks that you suggest it is certainly not possible to have them appear to be in the same supernet. So perhaps there is something that you could do with the gateway to get PC1 to arp for PC2.
Or perhaps the situation that you suggest is one in which the PCs are not able to communicate. I certainly did not say that always the PCs can communicate between different vlans. I said that in some circumstances it can work. And that what is important in getting it to work is more about how the PCs work than it is about how the switches would work.
[edit] Just so that it is clear let me make the point that normal behavior (in what we would consider to be "correct" configuration) the PCs are not able to communicate. What we are talking about would be exceptional circumstances. It requires mismatched vlans between switches (or mismatched native vlans on a trunk connection) and it requires some different behavior from the PCs.
08-02-2019 10:34 AM
Hi,
I tried on packet tracer but it does not work.
08-02-2019 12:31 PM
Hello Sanchita13,
do not configure SVI interfaces on SW1 Vlan 10 and SW2 vlan 20 use a single SHARED IP subnet on the two hosts.
PC1: 192.168.10.1/24 connected to SW1 on a port in access mode vlan 10
PC2: 192.168.10.2/24 connected to SW2 on a port in access mode vlan 20
Here the key is the inter switch link has to be either:
an access link with SW1 side in access vlan 10 and SW2 side in access vlan 20
or a trunk link with a mismatched native vlan vlan 10 on SW1 side and vlan 20 on SW2 side.
in this way you join two broadcast domains Vlan 10 and Vlan 20.
This is not inter vlan routing but rather inter vlan bridging.
This is a trick that can be used as a temporary fix for example for joining two Vlans for management of L2 only switch.
Don't look at last post by Richard but at the one flagged as solution where he well explains the way to join two broadcast domains as I reported briefly above.
Be aware that the first option (mismatch on access vlan on inter switch link ) works on all cases.
The mismatch on native vlan in some cases can lead to STP consistency errors (there was a recent thread of a user using two Catalyst 2960 and seeing this in case of native vlan mismatch on 802.1Q trunk).
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide