Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1061
Views
0
Helpful
2
Replies

VLAN interfering with another VLAN on same switch

zjl@hawaii.edu
Level 1
Level 1

‎03-06-2018 11:02 PM - edited ‎03-21-2019 11:22 AM

Hello,

I am trying to set up a switch to carry two different subnets (.10 and .20), with each on their own VLAN to avoid any contact between the two. Each VLAN is being carried in on its own ethernet cable, to ports 11 and 12, respectively. 

Individually, each VLAN works as intended - I can communicate with machines on the .10 or .20 subnets individually, but if I have both plugged in at the same time the .20 subnet stops working and I can no longer ping any machines connected to it via the switch. If I remove the cable bringing in the .10 subnet or turn its port off, .20 becomes available. 

What I want is a setup like the following (minimal) example:

VLAN               ports  

1                      13         (switch management)

2                       11, 23  (11 comes in from external switch, 23 connects to a computer)

3                       12, 24  (12 from ext switch, 24 connects to computer)

 

Is there any way to set up the configurations on the switch such that I can use both subnets simultaneously?

Thanks in advance. 

Labels:
0 Helpful
2 Replies 2

Aleksandra Dargiel
Cisco Employee
Cisco Employee

‎03-08-2018 04:27 AM

Hi,

 

If I understand correctly you might be looking at some settings which would keep isolation between VLAN but allow management access to both.

 

There are two ways to approach this problem:

1. at layer 3 - you may want to allow inter-vlan routing and setup IP ACL which would filter traffic between one subnet and the other subnet

2. at layer 2 - when the hosts are actually on the same subnet but isolated on port level - please refer to Private VLAN concept:

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/350xg/admin_guide/AG_Tesla_350_550.pdf

 

I hope this helps,

Aleksandra

 

0 Helpful

sbhadrav@cisco.com
Level 5
Level 5

‎07-31-2018 09:29 PM

you would need to create whats called a Switch Virtual Interface (SVI) on the layer 3 switch in order for the two devices to communicate. An SVI is a logical layer 3 interface on a multilayer switch that can provide Inter-VLAN routing ability. Now, just to mention here, you are using the same subnet on each VLAN. A VLAN essentially separates broadcast domains and logically divides up a network. You will need to change the IP address scheme on one of your VLANs. For example, on the switch

 ip routing

int vlan 50

ip addr 192.168.50.1 255.255.255.0

no sh

int vlan 1

ip addr 192.168.1.1 255.255.255.0

no sh

 int fa0/2

swi mode ac

sw ac vl 50

int fa0/1

swi mode ac

swi ac vl 1
then on the host on VLAN 50, change its IP to 192.168.50.100 and default gateway to 192.168.50.1
On the host on VLAN 1, change its default gateway to 192.168.1.1
You should now be able to ping between each host..

0 Helpful
Customers Also Viewed These Support Documents