03-06-2018 11:02 PM - edited 03-21-2019 11:22 AM
Hello,
I am trying to set up a switch to carry two different subnets (.10 and .20), with each on their own VLAN to avoid any contact between the two. Each VLAN is being carried in on its own ethernet cable, to ports 11 and 12, respectively.
Individually, each VLAN works as intended - I can communicate with machines on the .10 or .20 subnets individually, but if I have both plugged in at the same time the .20 subnet stops working and I can no longer ping any machines connected to it via the switch. If I remove the cable bringing in the .10 subnet or turn its port off, .20 becomes available.
What I want is a setup like the following (minimal) example:
VLAN ports
1 13 (switch management)
2 11, 23 (11 comes in from external switch, 23 connects to a computer)
3 12, 24 (12 from ext switch, 24 connects to computer)
Is there any way to set up the configurations on the switch such that I can use both subnets simultaneously?
Thanks in advance.
03-08-2018 04:27 AM
Hi,
If I understand correctly you might be looking at some settings which would keep isolation between VLAN but allow management access to both.
There are two ways to approach this problem:
1. at layer 3 - you may want to allow inter-vlan routing and setup IP ACL which would filter traffic between one subnet and the other subnet
2. at layer 2 - when the hosts are actually on the same subnet but isolated on port level - please refer to Private VLAN concept:
https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/350xg/admin_guide/AG_Tesla_350_550.pdf
I hope this helps,
Aleksandra
07-31-2018 09:29 PM
you would need to create whats called a Switch Virtual Interface (SVI) on the layer 3 switch in order for the two devices to communicate. An SVI is a logical layer 3 interface on a multilayer switch that can provide Inter-VLAN routing ability. Now, just to mention here, you are using the same subnet on each VLAN. A VLAN essentially separates broadcast domains and logically divides up a network. You will need to change the IP address scheme on one of your VLANs. For example, on the switch
ip routing
int vlan 50
ip addr 192.168.50.1 255.255.255.0
no sh
int vlan 1
ip addr 192.168.1.1 255.255.255.0
no sh
int fa0/2
swi mode ac
sw ac vl 50
int fa0/1
swi mode ac
swi ac vl 1
then on the host on VLAN 50, change its IP to 192.168.50.100 and default gateway to 192.168.50.1
On the host on VLAN 1, change its default gateway to 192.168.1.1
You should now be able to ping between each host..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide