Solved: Trunk port, access port, VLAN

sts1983 · ‎04-22-2020

Hello, I have a question regarding VLANs. If I have connected two switches with VLANs through router, can I on router "see" data on other router port. Example, on Switch1 (VLAN10) is connected IP camera 1, on Switch2 (VLAN20) is connected IP camera 2. Through router are those two IP cameras connected. Can I on some other router port see both cameras?

paul driver · ‎04-23-2020

Hello

@sts1983 wrote:

thernet traffic on some radio links.

My question is, when traffic comes on Router trunk port G0/0 (from Switch 1, trunk port G0/0) with all VLANs from network, can I plug in PC (wit APP) in Router port G0/1 (I guess Access port) and see pictures from IP cameras? Would in that case traffic going out from port G0/1 with VLAN or without VLAN?

I am not sure if this can be done like that, that is why I am asking for help.

Yes you can, If you give that pc and router gig0/1 port a staitc ip adddress which doesnt relate to any of the routers vlan subinterfaces you will be able to reach the other vlans from that pc attached to gig0/1of the router

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Martin L · ‎04-22-2020

Yes, if the router allows such traffic to pass thru. The reason for Vlans is to keep traffic within vlan domain unless you want to cross over to other vlans or Hosts/Serves or Internet; PC1 in vlan 10 should be able to connect to others in same vlan without any help; just L2 switch or switches with access ports in vlan 10; You can use trunk line to connect another switch with vlan 10. For example, Traffic moves from PC1 in vlan 10 connected to sw1, then over trunk line to sw2 then ending at ServerX who is in vlan 10. But, PC2 in vlan 20 would not be able to communicate with ServerX in different vlan without a help. Such help can be in 2 forms: Router or L3 switch. Router will use sub-interfaces in so called Router-On-A-Stick to do routing between vlans; or L3 switches can be used with a help of SVI.

Another Idea (reason) for vlans is to limited Broadcast traffic. Normally, such traffic would stay inside a vlan x and not cross over to vlan y. Routers will stop B-cast traffic.

Regards, ML
**Please Rate All Helpful Responses **

sts1983 · ‎04-23-2020

Thank you for quick reply.

I am trying to find solutions for real system. In this system, there are 15 IP cameras and they are spread over wide area. Cameras are connected with radio links and just regular switches (without any logic) in between. Radio Links are mostly connected in chains. There are more end users who are watching those IP cameras, and some cameras are watched more than once and not on the sam place.

That is problem...I have divided IP cameras into different VLAN(arround 5 VLANs) by some logic. I would use switch L2 and router. I am asking how to when I bring IP traffic to the routers port(router on a stick) with for an example 3 VLANs, how to translate that traffic to another port on router where I can connect PC that has app for watching those cameras?

Georg Pauwen · ‎04-23-2020

Hello,

by default, if your use router-on-a-stick, all configured subinterfaces and all configured other interfaces on the router can communicate. So it does not really matter where the PC you use to monitor the IP camera traffc with is connected to. As long as there is IP connectivity, everything should be visible.

sts1983 · ‎04-23-2020

Thank you for reply.

So if I understood correctly, from SW1 comes VLAN 10 and from SW2 comes VLAN 20 to router port G0/0. I make router on a stick with

G0/0.10 and G0/0.20 and those VLAN are connected.

Can I connect on router port G0/1 PC that has app for watching IP cameras? Or where do I need to connect that PC with app?

Is traffic that goes out of the routers port G0/1 tagged?

Georg Pauwen · ‎04-23-2020

He

if you want to connect SW1 and SW2 to the same port on the router (GigabitEthernet0/0), you need another switch to connect these two switches to, as there (obviously) can only be one physical link.

If then you attach a PC to interface GigabitEthernet0/1, that PC can see all traffic on all Vlans by default. It doesn't matter which Vlan it is in.

Maybe you can post a schematic drawing of your topology ?

sts1983 · ‎04-23-2020

Hi Georg,

Can you please see my answer to paul driver.

Br

paul driver · ‎04-23-2020

Hello
You mention ip cameras and they are connected via radio links so how are the users seeing these cameras presently, is this a public network with public addressing or private, And what is the topology at this time that is linking all these cameras and users together?

As for the router /switch setup then as its been stated a router can be setup to accommodate the routing and intercommunication of multiple vlans from a switch.

The basic setup for this would be like example below which would provide inter-vlan communication and ip address allocation, Without the addition at this time of network translation (NAT) which would be required if you wish for the end node to be reachable publicly

Router
ip dhcp pool LAN
network 172.16.10.0 255.255.255.0
default-router 172.16.10.254
network 172.16.20.0 255.255.255.0 secondary
override default-router 172.16.20.254
dns-server 172.16.10.254
lease 0 8

interfaceX/X
description Link to Switch
no shut

interface X/X.5
description vlan 5 management
encapsulation dot1Q 5
ip address 172.16.5.254 255.255.255.0

interface X/X.10
description vlan 10
encapsulation dot1Q 10
ip address 172.16.10.254 255.255.255.0

interface X/X.20
vlan 20
encapsulation dot1Q 20
ip address 172.16.20.254 255.255.255.0

interface X/X.99
description vlan 99
encapsulation dot1Q 99 native
no ip address

ip route 0.0.0.0 0.0.0.0 2.2.2.2 < next hop router, if applicable

Switch
no ip routing

nt vlan 5
ip address 172.16.5.250 255.255.255.0
no shut

ip default-gateway 172.16.5.254

vlan 5,10,20,99
exit

interface X/X
description Link to router
switchport mode trunk
switchport trunk native vlan 99

interface X/X
description Link to camera
spanning-tree portfast
switchport mode access
switchport access vlan 10

interface X/X
description Link to camera
spanning-tree portfast
switchport mode access
switchport access vlan 20

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

sts1983 · ‎04-23-2020

Thank you for reply.

I have upload one drawing (done by hand), trying to explain what I need to set. I hope that you understand the draw. My filed is radio communication and I have limited knowledge of Cisco equipment.

Point is that I have IP cameras around wide land area and they are connected with radio links. This is a strictly private network without access to the internet, only dedicated end users can see those IP cameras. With VLANs I am trying to limit unnecessary traffic because radio links are limited with ethernet capacity.

My network is in real life much complicated and I am trying with settings of what can go on some trunk ports to limit ethernet traffic on some radio links.

My question is, when traffic comes on Router trunk port G0/0 (from Switch 1, trunk port G0/0) with all VLANs from network, can I plug in PC (wit APP) in Router port G0/1 (I guess Access port) and see pictures from IP cameras? Would in that case traffic going out from port G0/1 with VLAN or without VLAN?

I am not sure if this can be done like that, that is why I am asking for help.

Br

Jon Marshall · ‎04-23-2020

If you configure the PC port as an access port then you will only see pictures from IP cameras in the same vlan as you put the access port in.

If you wanted your PC to be able to see pictures from IP cameras in different vlans then you would need to make that port a trunk port as well.

Jon

paul driver · ‎04-23-2020

Hello

@sts1983 wrote:

thernet traffic on some radio links.

My question is, when traffic comes on Router trunk port G0/0 (from Switch 1, trunk port G0/0) with all VLANs from network, can I plug in PC (wit APP) in Router port G0/1 (I guess Access port) and see pictures from IP cameras? Would in that case traffic going out from port G0/1 with VLAN or without VLAN?

I am not sure if this can be done like that, that is why I am asking for help.

Yes you can, If you give that pc and router gig0/1 port a staitc ip adddress which doesnt relate to any of the routers vlan subinterfaces you will be able to reach the other vlans from that pc attached to gig0/1of the router

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

sts1983 · ‎04-23-2020

Hi,

Thank you Paul for your help, I have for now I have tested in Packet Tracer and it is working!

Best regards